Category: computers

Asus Eee Box 1501 Upgrades

Published October 5, 2012

I’ve been wanting to make the Asus Eee Box 1501 PC that I’ve got connected to the television perform a bit better, so having a spare SSD hanging around I decided to do some upgrading. Using the personal version of XXCLONE I was able to easily copy the old 250GB drive to the SSD, and the RAM was easy to upgrade once I purchased the right stuff. I’d initially made the mistake of thinking I had a 1501P model when mine was actually the plain 1501. This meant I’d accidentally acquired DDR3 RAM, only noticing my mistake when it didn’t fit into the slot. After another trip back to Micro Center (and a bunch of waiting^†)

As a result of these upgrades the machine feels much faster, and I hope that the problems I was having with Netflix will be gone. The issues seemed disk related, as things would slow down tremendously whenever there was a bit of disk activity occurring. Running diagnostic tools showed a correlation between slowness and disk busyness too. Since this could also have been caused by paging (I didn’t look at it in enough detail to say if it was or not) I also increased the RAM.

Total price for this upgrade was $63.57 ($59.99 for the RAM, plus sales tax), and was only this much because DDR2 is becoming rare and thus more expensive. The upgrade was done in anticipation of seriously reshuffling the video (broadcast TV, internet streaming, etc) setup around the house. That’ll all hopefully happen within the next week or so.

(The photo above shows the inside of the Asus Eee Box 1501. The disassembly was very easy, but I was strongly disappointed by the wireless antenna. While it looks detachable and has a knurled base, turning it broke the plastic off and revealed it to be nothing more than a snap-on antenna with coax that runs directly to the network card. While not completely broken the antenna is now a bit loose and floppy. Thankfully the RF connection is still intact.)

^† Exchanging the RAM involved waiting in a line to initiate the return, attempting to find the replacement RAM (which listed 5 pieces in stock, but couldn’t be found), locating a suitable alternate replacement, negotiating a price match to the product which couldn’t be found, waiting for the return to be processed, then waiting for the replacement RAM to be brought to the front of the store. This took a total of ~55 minutes.

5 Comments

External Intel 320 SSD

Published August 17, 2012

A couple weeks back, the Intel 320 SSD in my iMac failed, leaving the machine unbootable and the drive appearing as an 8MB volume. This drive was replaced with a new 256GB Crucial M4 SSD and the Intel drive was returned for warranty replacement.

Having no immediate need for another SSD but not wanting to have this one laying around I decided to put it in a Macally PHR-S250UAB external enclosure and use it as another piece of fast storage on my Mac. While the installation went well I’m not quite happy with the performance. Despite being connected via FireWire 800 (IEEE 1394b-2002) couple of benchmark tools report only around 80 MB/sec read and 65 MB/sec write while the spinning piece of rust inside the computer reports something like 105 MB/sec read and 107 MB/sec write. It’ll be much lower latency than a spinning disk, but I’m not sure it’ll provide improvement over the internal disk, especially for things I was hoping to do with it like running VMs.

Maybe I’ll give it a try on my work laptop for VMs there, or maybe I’ll see if it’d work out well in Danielle’s Macbook Pro.

The photo above shows the external enclosure with an Intel-provided case sticker applied to the top in place of Macally’s branding. Except for the residual curved blue logo pieces at the end that didn’t fall outside of the cutoff area, I think this worked pretty well. Here is a photo of it all being assembled.

Leave a Comment

That URL Won’t Work

Published June 26, 2012

The URL for the Norman Township Fire Department, as painted on their sign, won’t work.

Since their website is actually at www.normantownshipfire-ems.com this is probably a case of someone confusing slash with dash (of which hyphen is probably meant); an all too common mistake. Normally I only see it when telling people what to type in at command prompts, not enshrined on signs.

Leave a Comment

Down the OpenStreetMap Rabbit Hole

Published May 25, 2012

I’ve been interested in making mountain bike trail maps for a while now, resulting in my drawing the official River Bends and Addison Oaks maps. Stony Creek Metropark has some great trails as well, but it’s MTB trail map is unfortunately lacking. It is missing some segments used during races, has some one-way markings that don’t match what’s actually signed on the trail, and isn’t geographically accurate enough to be used for trail planning.

My original intention was to record all of the trail segments at Stony Creek myself using a GPS then draw a map similar to the ones for Addison Oaks and River Bends, but after looking on OpenStreetMap (OSM) I found that most of the trails at Stony Creek were already mapped. Thus if I am willing to license my map in an appropriately open manner I can use this data, saving myself a bunch of time.

Since a few small connectors that I wished to include were missing I headed out to Stony Creek this evening and recorded GPS data for only the missing segments. Most of these were connectors used primarily during races, but as they are passable throughout most of the year I wanted to include them. I then brought the GPX into JOSM, edited the map, and submitted the changes. This is a pretty easy task if one is familiar with basic CAD tools.

While the changes aren’t yet reflected in the main online map, the changes have been submitted and it does show when new data is manually downloaded, so I imagine it’s only a matter of time before it’s visible to the public. I will then use this OSM to make my MTB-specific map, complete with markers for things such as log piles, rock gardens, etc.

I suspect that this ease of editing is going to change my mapping workflow in the future. There’s a very good chance that any new maps which I do will first go into OSM, then this data will be pulled out to generate the actual map. Barring any license constraints, of course.

Looking further it appears that River Bends’ trails aren’t yet on OSM. Looks like I’ve got some work to do there as well…

1 Comment

Moving CiviCRM on Joomla to WordPress

Published May 11, 2012

With recent work done on the MMBA website I’ve had to move the CiviCRM instance from an older copy hosted on Joomla to a new one hosted on WordPress. The general suggestion for doing this is to export and import the data, but this is both a bit frustrating to do (because of a need to specify which columns contain which fields) and PHP kept running out of memory when exporting, even after I moved it up to 256MB per process.

This copy of CiviCRM wasn’t really used, but it did have a lengthy set of contacts that I could not afford to lose. Thus, I looked into what was necessary to move the tables themselves instead of just exporting/importing the data.

I ended up using these steps to get the contact data moved over and it seemed to work well for me. This may not be the best way to do it, and it may introduce some problems down the line, but this did work for me and seems fine thus far, so I wanted to document the steps here:

1) Install WordPress and the CiviCRM plugin with the new installation of CiviCRM going to a different database or table prefix than the current.

2) Ensure that the WordPress CiviCRM plugin works, only going as far as the first screen which prompts to set up an organization name, email addresses, etc.

3) Using phpMyAdmin export all CiviCRM tables to a .sql file except for:

civicrm_acl_cache
civicrm_acl_contact_cache
civicrm_domain
civicrm_cache
civicrm_group_contact_cache

With the option: Add DROP TABLE / VIEW / PROCEDURE / FUNCTION / EVENT statement.

4) To avoid issues with Foreign Key Constraints add this line to the top of the .sql file:

SET foreign_key_checks = 0;

And this to the bottom:

SET foreign_key_checks = 1;

5) If the new set of tables has a different prefix than the old, search/replace in the .sql to change each table name to the prefix used by the WordPress-based CiviCRM instance.

6) Import the .sql into the WordPress-based CiviCRM database using the MySQL command line utility:

mysql -u username -p databasename < civicrm_export.sql

7) Enter the CiviCRM plugin in WordPress and confirm that all the contacts have been moved over.

These steps were performed on the following configuration:

- Apache/2.2.22 (FreeBSD) mod_ssl/2.2.22 OpenSSL/0.9.8q mod_fastcgi/2.4.6
- MySQL 5.5.22 (from FreeBSD Ports)
- WordPress 3.3.2 w/ CiviCRM 4.1.0
- Joomla 1.5.24 w/ CiviCRM 3.4.7

2 Comments

Now With IPv6 and SSL (but no SPDY)

Published May 8, 2012

Since moving to a new server running Apache for hosting websites I’ve been able to make quite a few changes that just weren’t quite possible with lighttpd. One major change is the use of IPv6. Ever since the move I’ve set up all hosted sites with AAAA records and made them available via IPv6, and it’s been working great. While I don’t see much traffic on this yet, I’m happy to know that the sites are all able to be reached this way. For reference:

;; ANSWER SECTION:
nuxx.net. 300 IN AAAA 2607:f4b8:5:2:e611:5bff:feac:3a60

I’ve also been wanting to move my personal site, nuxx.net, to be HTTPS-only. While not particularly important for most public content, this does protect session cookies for various admin functions that I may host under this domain, along with keeping any private content from prying eyes. Thanks to an SSL certificate from the new-to-me registrar gandi.net it was pretty easy to get this set up. I was then able to take the old non-HTTPS vhost and permanently redirect it over to the secure one, and all content simply moved over to the secure side:

<VirtualHost *:80>
    ServerName nuxx.net
    ServerAlias www.nuxx.net
    ServerAdmin c0nsumer@nuxx.net
    Redirect permanent / https://nuxx.net/
</VirtualHost>

The browser test screenshot seen above from Qualys SSL Labs SSL Server Test (live results here) shows that HTTPS is pretty well set up on nuxx.net. I’m sure it could be better, but for now I think it’s pretty good.

Thanks to the magic of this bit of SQL I was able to update all http://nuxx.net links in nuxx.net blog posts to https://nuxx.net, allowing most pages to validate as fully secure. I’ll have to do something similar on the other apps to bring them up to snuff:

UPDATE wp_posts SET post_content = REPLACE(post_content, 'http://nuxx.net', 'https://nuxx.net');

Amusingly, the use of HTTPS seems to dramatically cut down on automated SPAM. Perhaps some of the link spamming tools don’t want to deal with the overhead (or cert validation?) of HTTPS? I’d figure they could just ignore them, though…

Anyway, with all of this in place, I got to thinking about SPDY, Google’s shiny new protocol. An Apache module for implementing it, mod-spdy has been released and there is a FreeBSD Port for it, so I decided to give it a go. While the installation worked and Chrome showed it working (as seen via chrome://net-internals/#spdy). Unfortunately, I ran into a couple bugs. Most notable was that a number of httpd processes failed, and I ran into documented issues #36 and #39 which left me with an odd taste for this module. I’ve since disabled it, but once a new version is released I’ll probably try it again.

Leave a Comment

Timeouts with PHP as FastCGI, phpBB + reCAPTCHA + DNSBL, Apache 2.2, mod_fcgi, and FastCgiExternalServer

Published April 16, 2012

Sunday evening after migrating the MMBA Forum to a new webserver I received email from a user claiming that they were unable to sign up for the forum, receiving an 500 Internal Server Error some time after clicking submit. The problem ended up being the signup page taking longer than expected to run and timing out and was resolved by increasing the timeout by adding -idle-timeout 60 to the FastCgiExternalServer line in the vhost’s config.

More specifically, I’d just moved from an older server running lighttpd to a new one using the venerable Apache HTTP Server v2.2. Both setups had per-vhost FastCGI setups pointing to PHP instances running as the user who owned the vhost, which helps ensure that compromised PHP apps affect only files/sites owned by that the user^†.

For example, lighttpd would be set up something like this:

fastcgi.server = ( ".php" =>
  ( "socket" => "/var/run/php-fastcgi/username/username-php-fastcgi.sock",
    "check-local" => "disable",
    "broken-scriptfilename" => "enable"
  )
)

Apache uses something like this:

FastCgiExternalServer /var/run/php-fastcgi/vhosts/example.com -socket /var/run/php-fastcgi/users/username/username-php-fastcgi.sock
AddHandler php-fastcgi .php
Action php-fastcgi /php-fastcgi
Alias /php-fastcgi /var/run/php-fastcgi/vhosts/example.com

During the forum signup, to help cut down on the number of spammy accounts created, there are both reCAPTCHA and DNS Blacklist checks that occur before the account creation actually happens. These were taking longer than the default 30 second timeout, causing the FastCGI interface to time out and close the connection, resulting in log entries such as this:

[Sun Apr 15 20:00:09 2012] [error] [client 192.168.0.2] FastCGI: comm with server "/var/run/php-fastcgi/vhosts/mmba.org" aborted: idle timeout (30 sec)

This led me to increase the FastCgiExternalServer timeout in mod_fastcgi by adding -idle-timeout 60, doubling it from its default, as follows:

FastCgiExternalServer /var/run/php-fastcgi/vhosts/example.com -socket /var/run/php-fastcgi/users/username/username-php-fastcgi.sock -idle-timeout 60
AddHandler php-fastcgi .php
Action php-fastcgi /php-fastcgi
Alias /php-fastcgi /var/run/php-fastcgi/vhosts/example.com

The problem then went away.

I’m not exactly sure why this cropped up with the move to Apache, but I suspect that on lighttpd there was a considerably longer default timeout. This can be set in the lighttpd config by setting idle-timeout, but I wasn’t able to easily figure out what the default is. It’s possible I’ll have to further tune this further in the future, but at least I now know why the problem was occurring.

^† Yes, I know this isn’t a perfect solution, but it’s been proven to work when sites are compromised by automatic tools that attempt to change/delete all they can. In each case that I’ve experienced the damage has typically been limited to content in that user’s home directory. This would not be good mitigation against something which attempted privilege escalation once on the box, went after the httpd itself, etc.

1 Comment

MMBA Forum Posts during 2012 Iceman Registration

Published March 1, 2012

The image above (click to embiggen) shows the one hour moving average statistics for posts (replies) and topics (new threads) on the MMBA Forum. This morning registration for Iceman opened on USA Cycling‘s website and as a result of the site collapsing under the load many people visited the forum to complain, commiserate, and generally discuss the situation. Most of the traffic seemed to be in this thread, although I don’t keep per-thread statistics beyond what’s already exposed to the end users.

Leave a Comment

Android Phone as BitLocker Recovery Key

Published February 28, 2012

I recently ran into an issue where I needed my BitLocker recovery key, but found that I’d left it at home. This locked me out of my machine for a few hours and was a bit of a hassle. It got me wondering if maybe I should instead keep said key on my phone instead, as it does a pretty good job serving as a USB mass storage device.

It turns out that this is not such a keen idea, as it doesn’t work out very well. On my Nexus One (and presumably other Android phones), when connected to a computer they prompt the user to switch the microSD storage over to USB Mass Storage. Once selected this takes a few seconds. Whenever the phone is disconnected from the USB host it automatically presents the card back to the phone, and only prompts the user once a host is detected.

With BitLocker, one becomes aware of needing this key when the boot is interrupted and the user is prompted to insert a USB mass storage device with the key present. The computer is then rebooted, finds the key, and continues to boot. With an Android device as the USB mass storage device this reboot resets the phone. I’ve found that it’s typically not possible to get the phone into mass storage mode between POST and OS load, particularly as the machines I’ve tried it on seem to reset USB after POST.

I think I’ll just have to stick with a USB flash drive for this.

Leave a Comment

Shattered Hard Drive Platter

Published February 24, 2012

To collect neodymium magnets for rebuilding the not-currently-great drip tray to kegerator / kegged beer cooler I started disassembling more old hard drives, attempting to salvage the magnets. When disassembling one drive I decided it’d be fun to bend the platter, but I (stupidly) didn’t pay attention to the platter material before doing so. The result? Tiny bits of broken glass and amazingly thin foil spraying all over the basement floor. Whoops.

At least it was easy to clean up.

I had little luck collecting useful magnets from the drives because some were too small, some drives only had one, and many of them shattered as I removed them. Instead I’ll just buy a bunch of tiny ones on eBay or Amazon and epoxy them on instead. It’ll be a lot easier.

1 Comment