28 July 2019

Windows 10 mouse pointer pause/stutter and audio crackling issue.


The mouse stops responding for 0.5 seconds or thereabouts, then starts to operate normally then stutters again and so on. (rinse and repeat)
Audio is also clicking and crackling intermittently when playing any audio source, web based, or mp3, ogg, or flac files, as well as playing CD/DVD's.
Things tried so far in the order done, and their result.
1) Searches indicate that it can be fixed by un-ticking "Enhance pointer precision" in the "Motion" section of the "Pointer Options" tab of "Mouse Properties" in the original version of "Control Panel".
This appears to work so far, the clicking audio also appears to have disappeared with this one change.
I'm still not convinced, and I'll update this after a day of use.

To do this, click "Search" on the task bar, and type "control panel" in the search box, then click on the result to open up "Control Panel". Click on "Mouse" in "Control Panel", and then click on the "Pointer Options" tab now you will see the tick box for "Enhanced pointer precision" just under the pointer speed slider. Remove the tick from the box and click "OK" at the bottom of the window.
Now do the things that used to make the mouse stutter and see if the issue still exists.

It appears that this is a fix that must be repeated if the issue returns. By that I mean to say that recently the audio clicks and mouse pauses returned, after having no problems for some months, like the "cat in the hat" in Dr Seuss's book, it came back. The trigger to cause it to reoccur is unknown, possibly a windows update. However I reread this post and confirmed that the "Enhanced pointer precision" box was still not ticked. It was not ticked. So I tried the old trick of turning it on, saving the setting as turned on, turning it off, and again saving the setting as turned off. Weirdly enough that appears to have stopped both the mouse pointer stutter, and the clicks in the audio.

06 July 2019

A short how-to and information about nmap-nc which is the preferred replacement for netcat in Linux and *nix like operating systems.

nmap-nc is the name of the tool.

The command typed to invoke the improved version is either nc or ncat.

Examples were assembled from various pages on various sites on the Internet/Interweb, some are listed below. (more to come as I find them)
https://www.linuxtechi.com/nc-ncat-command-examples-linux-systems/



Examples :-

Listen on a given port (in this case port 8080) for incoming traffic.

ncat -l 8080

Connect to a remote system. (IP-address 10.30.40.56 and port 80)

ncat 10.30.40.56 80

A connection will now be made to port 80 on the server with an IP address of 192.168.1.100 .  We can now send instructions to the server.


Connecting to UDP ports
By default, the nc utility makes connections only to TCP ports. However using the -u option, we can also listen on UDP ports.

ncat -l -u 1234

Our system will start listening on udp port ‘1234’, we can verify this using the below netstat or ss command. (as netstat is now deprecated on Linux systems)
netstat -tunlp | grep 1234
or
ss -tunlp | grep 1234

Let’s assume we want to send or test UDP port connectivity to a specific remote host. We would then use the following command.

ncat -v -u host-ip udp-port
ncat -v -u 192.168.105.150 53

The -v can be removed as all it does is show the version of ncat you are using.


NC as a chat tool

NC can also be used as a chat tool, we can configure the server to listen to a port & then we can make a connection to this server from a remote machine & start sending a message. 
On the server side, run.

ncat -l 8080

On the client machine run
.
ncat 192.168.1.100 8080

Now start sending messages & they will be displayed on the remote server's terminal.


NC as a proxy

NC can also be used as a proxy with a simple command. Let’s take an example,

ncat -l 8080 | ncat 192.168.1.200 80

Now all the connections coming to our server on port 8080 will be automatically redirected to the 192.168.1.200 server on port 80. But since we are using a pipe, data can only be transferred to the 192.168.1.200 server.
In order to receive the data it sends back, we need to create a two way pipe. Use the following commands to do so

mkfifo 2way
ncat -l 8080 0<2way 192.168.1.200="" 1="" 80="" ncat="">2way

Now you will be able to send and receive data over the nc proxy.


Copying Files using nc/ncat
NC can also be used to copy the files from one system to another, though it is not recommended & mostly all systems have ssh/scp installed by default. But none the less if you have come across a system with no ssh/scp, you can also use nc as last ditch effort.


Start with machine on which data is to be received & start nc in listen mode and redirect the nc output to a file.

ncat -l  8080 > file.txt

Now on the machine from which the data is to be sent, run the following command

ncat 192.168.1.100 8080 --send-only < data.txt

Here, data.txt is the file that is to be sent. The --send-only option will close the connection once the file has been copied. If you do not use this option, then we will have to press ctrl+c to close the connection manually. We can also copy entire disk partitions using this method, but it should be done with caution, as there is no recovery option. If the transfer is interrupted, it must start again from scratch.
In this case ncat is "cat-ing" a file across a TCP connection to another server where the transferred data is redirected to a file name.


Create a backdoor via nc/ncat

The NC command can also be used to create a backdoor in your system. This technique is a method actually used by hackers. We should know how it works in order to secure our system. To create a backdoor, the command is.

ncat -l 10000 -e /bin/bash

The -e flag attaches a bash shell to port 10000.  Now a client can connect to port 10000 on the server at IP address 192.168.1.100 and they will have complete access to the system through the bash shell when they run the following command.

ncat 192.168.1.100 1000


Port forwarding via nc/ncat

We can also use NC for port forwarding with the help of option -c .  The syntax for accomplishing port forwarding is

ncat -u -l  80 -c  'ncat -u -l 8080'

Now all the connections for port 80 will be forwarded to port 8080.


Set Connection timeouts

Listener mode in ncat will continue to run & would have to be terminated manually. But we can configure timeouts with option -w

ncat -w 10 192.168.1.100 8080

This will cause the connection to be terminated in 10 seconds, but it can only be used on the client side & not on the server side.


Force the server to stay up using the -k option in ncat
When the client disconnects from the server, after sometime the server also stops listening. However we can force the server to stay connected & continue listening to the port with the option -k . Run the following command


ncat -l -k 8080

Now the server will stay up, even if the connection from the client is broken.

13 March 2019

How to run logrotate for a specific log file

An extract from the web page http://www.thecave.info/execute-logrotate-command-manually/

Execute Logrotate Command Manually

I needed to rotate a log file that was filled with duplicate lines, and had filled the / directory. The syslog file was now 180GB in size. (a nouveau issue in Linux lite 4 caused this)   I knew that the compressed log file would be very small as the gigabytes of duplicate lines in syslog would compress to nothing. (eventually it was 11MB after compression)
The following extract/example is forcing the apache2 log file to rotate. I needed the syslog file to be rotated. The first job was to free up as much space as possible in order to allow the log rotate action to take place. This involved moving, or deleting all large files in my home directory, and deleting any archived log files that were large enough to make a difference.
I used the following command for syslog


  1. logrotate -vf /etc/logrotate.d/rsyslog

The extract from the previously mentioned web page where his problem is the apache log follows:-

Since most of my disk space was consumed by apache, I decided to execute logrotate command manually in linux and pass it the config of the logrotate apache . To do so, I used the following command:
  1. logrotate -vf /etc/logrotate.d/apache2.conf
The flags ‘-vf’ passed to the command are as follows:
  • -v verbose shows more information. useful to try detect any errors there may be with logrotate
  • -f force the rotation to occur even if it is not necessarily needed
And /etc/logrotate.d/apache2.conf is the location of my config file of for the apache2

11 October 2015

How to fix keyring password problems in CentOS with Gnome desktop. (and maybe other distributions using Gnome as well?)

Snip ------
You can always wipe out your current keyrings by removing the file ~/.gnome2/login.keyring, but you should try resetting the password with the 'seahorse' program. Reinstalling gnome would do nothing, since it's all in your homedir.
 Unsnip ------

This was part of an exchange in the fedora forums, and was easily overlooked as it was part of a larger issue that was, thankfully,  solved.

Another part of this exchange was the following information regarding autologin, and how to disable it.

Snip -------
It sounds like you have auto-login enabled. Not sure how you managed that (is this a LiveCD?), but you can disable that by editing /etc/gdm/custom.conf and removing the lines between the [daemon] line and the [security] line.
Unsnip -------

I hope this helps someone else as much as it has helped me. :-)

The first fix regarding gnome keyring was the issue I experienced, and the second part regarding autologin was something that caught my eye as being useful in the future

Bye for now.

Have fun everyone!

08 October 2015

What to do when running "service named status" gives an rndc communication error?

 Do this and it should fix it.
I've had this issue with CentOS 5.x and 6.x at various times.
This will generate a new rndc key, and automatically configure rndc for you.

Thanks to the Serverfault.com and Linuxquestions.org websites for the answer.

rndc-confgen -a -r /dev/urandom
If you're using bind-chroot, add :
rndc-confgen -a -r /dev/urandom -t /var/named/chroot
The result should be:
wrote key file "/etc/rndc.key"
wrote key file "/var/named/chroot/etc/rndc.key"

04 June 2014

Exchange Anywhere - basic explanation of how it works and how Outlook needs to be configured to work with it.

Here's something I am having issues with at one site. Some users, while operating remotely outside the LAN,  can connect to Exchange (using Outlook Anywhere) without using the VPN, while other users have to activate the VPN before a connection to Exchange can be established.

http://office.microsoft.com/en-us/outlook-help/use-outlook-anywhere-to-connect-to-your-exchange-server-without-a-vpn-HP010355551.aspx

The link above at least confirms that the settings are correct in Outlook, and the issue somehow revolves around individual laptop and/or individual user configurations. Possibly related to Security Certificates in some way. I suspect the SBS 2008 server that is running Exchange has, in the past, been administered as if it were a standard 2008 server, since the WSUS configuration was broken by micro configuration changes not suitable for SBS 2008. Whatever the issue, it is not obvious, or consistent across users or versions of Outlook in use. Two users, one with the issue and one without will be using the same versions of Outlook, with the same configuration visible in the Options
I will make a post here as soon as I have some sort of resolution to this issue, and have at least a small party to celebrate as well.

13 June 2013

This is an old post that never progressed from a draft version.
A great rock station - "Absolute Classic Rock" very good on GMT +10 local time from 'bout 8:30pm ish untill 10:37pm 2011-04-15 ... good music.
This an extract from the Samba forum regarding how to disable printing in samba to avoid log errors.

_________________________

>How can I disable printing in samba ???

in /etc/samba/smb.conf

printcap name = /etc/printcap
load printers = no
printing =

is what is used with great success for your exact problem.
__________________________

It worked for me, I'm happy to say.

I hate telnet sessions that time out to HP switches - especially when they are caused by Procurve Manager!

A site I work with as a consultant and also assist the system administrators has a large number of HP switches. This site uses Procurve Manager to monitor their network. For some strange reason Procurve Manager had decided (with no known changes to cause it) to leave open telnet sessions on all the switches. This eventually results in a locked out situation due to all the available telnet sessions on each switch timing out. After searching HP forums and the wider Internet for a solution that did not involve travelling to every switch and connecting to the serial port, I discovered that, once again, Linux came to the rescue. This time providing the help through SNMP tools such as snmpwalk and snmpset. What at first looked like a week of work was transformed into 5 or 6 hours for two people. (there are more than 120 switches around a 24x7 "no downtime" site 5Km by 1.5Km in size) First job was to clear the telnet sessions. This involved using snmpwalk to identify the telnet sessions we needed to delete/kill. Then using snmpset to tell the telnet sessions to close. Then connecting to each switch and setting a timeout period for the telnet sessions.
The command we used to find the sessions is this one.

snmpwalk -v2c -c public 10.20.5.10 iso.3.6.1.2.1.6.13.1.1 |grep established

10.20.5.10 is the IP address of the switch.
10.20.2.198 is the IP address of the Procurve Manager server.
(we use version 2c of SNMP, version 1 may work for you)
An example of the output of this command is.

 TCP-MIB::tcpConnState.10.20.5.10.23.10.20.2.198.17420 = INTEGER: established(5)
TCP-MIB::tcpConnState.10.20.5.10.23.10.20.2.198.28093 = INTEGER: established(5)
TCP-MIB::tcpConnState.10.20.5.10.23.10.20.2.198.55296 = INTEGER: established(5)

We are only interested in the numbers in the above results, since they define the telnet sessions.
The command we used to close the telnet sessions is as follows.

snmpset -v2c -c public 10.20.5.10 iso.3.6.1.2.1.6.13.1.1.10.20.5.10.23.10.20.2.198.55296 i 12

The result from this command was as follows.

TCP-MIB::tcpConnState.10.20.5.10.23.10.20.2.198.55296 = INTEGER: deleteTCB(12)

**NOTE** all the commands and results have been "word wrapped" and should be read as being on a single line.
All the above may well be munged and mangled by blog site formatting daemons. I will attempt to find a way of presenting it that displays it in a realistic way if that happens.
I have used the "public" SNMP community, in these examples, you may need to use a different one.
This is as much to help me recall how to do this as it is to help others, but I firmly believe that sharing solutions to problems will always be a part of my life. I constantly work on abundance thinking rather than scarcity thinking. It just makes life more enjoyable, and much less stressful.


Another post on the HP forums gave a different MIB to query, however after testing it, we ended up with the same result, just by a slightly different method.

13 July 2011

After installing Fedora 15, and enjoying playing with Gnome 3, I was confronted by a disk warning at the bottom of the screen. After opening Disk-Utility it looked like my OCZ Vertex 2 120GB SSD was dying. However after some research, churning through the internet with Google riding shotgun with me, I discovered that the S.M.A.R.T. system on disk drives is not very smart at all!
Every manufacturer appears to have their own opinion on how it should work.
It reminds me of my friend Andy's favourite saying "You have to love standards in the IT world, after all there are so many to choose from that you can always find one that suits your purpose"
An article by Google (who possibly have more "vanilla" disk drives in use than any other one organisation) indicated that 56% of their drive failures were not predicted by monitoring the S.M.A.R.T. counters. http://labs.google.com/papers/disk_failures.pdf

I also discovered that in the Disk-Utility program there is a lovely little tick box available (that I missed the first half dozen times) that allows you to tell it to stop popping up warning messages for a particular drive. A wonderful option if it is annoying you, and like me, you believe it is getting the prediction wrong. (but maybe update that month old backup anyway, just in case)

Have a read of this http://forums.fedoraforum.org/showthread.php?p=1494778 forum page paying particular attention to the post by stevea. It is third up from the bottom, and explains a great deal about the subject.

23 April 2011

Listening to "That's Not My Name" by "The Ting Tings" on Rhythmbox on Scientific Linux 6.
After setting up a central storage NAS using RAID 1+0 and ext4, also using Scientific Linux 6 It's nice to enjoy the products of your toil by drinking a beer or two and listening to good music with good friends. :-)

28 July 2010

Here's a simple description of how to align the start of a windows partition with the start of the physical boundaries of the disk. This is expecially important when using striping with raid 5, 6, 50 and 60. It also does no harm at all with a normal disk partition. This _may_ assist in data recovery if damage occurs, because you now know exactly where the beginning of the partition is located.
Note ** this example is for an additional disk or raid disk added to an existing installed operating system.
To do this on the OS disk itself (C drive) you need to connect the disk to a working Windows OS (possibly using a USB adapter) and create the partition before installing it in your server, then begin the installation and use the created partition to hold the OS.

This is copied from a reply to an article in Techrepublic by user neilb and all credit goes to him.


Well, it's pretty straightforward
Windows reserves and hides the first 31 or 63 sectors at the beginning of the first partition of a disk and puts the master boot record in there. It's not completely Microsoft's fault but it's taken them a HELL of a long time to fix it! This results in misalignment with stripe units, disk controllers, and cache segment lines as the reserved sectors do not coincide with physical boundaries. The obvious result is that single clusters of user data are written across multiple stripe units of the RAID. Every nth operation is affected in that two reads are required to get one allocation unit. 'n', of course, depends on allocation unit size and stripe unit size but every part of the disk system is affected.

To get around this in Server 2003, partition alignment must be explicitly performed using Microsoft DISKPART. Now, you can get realy lairy and calculate the correct offset depending on disk sector size but the easiest way is to start the first partition on a 1MB boundary and that nails it for just about any combination. That's 2048 sectors.

Diskpart is a command line tool so...

Diskpart [enter]
List Disk [enter] will display the disks
Select Disk n [enter] (where n is the disk in which you wish to create the partition)
create partition primary align=1024 [enter]
exit [enter]

Then go on and format the parttiion in the GUI

happy

This is absolutely mandatory for anything with a database running on RAID - Exchange, SQL, Oracle, whatever.

http://support.microsoft.com/kb/929491

13 July 2010

VMware - Fixing Time Keeping Problems with the Guest OS
Here is an option that worked for us when the Linux guest on the Linux host was running fast. (gaining about 10 seconds every two minutes)
This problem occurs because current VMware for Linux products do not have complete support for host power management features (such as Intel SpeedStep, or AMD PowerNow or Cool'n'Quiet) that vary the processor speed. To work around this problem, specify the correct maximum CPU speed in your global configuration file. This can be done on either a Windows host server or a Linux host server.

On a Windows host server:

1.
Find the speed of your host's CPU. For example, in Windows XP, right click My Computer, then choose Properties. This path may be different, depending on the version of Windows you use.

2.

Look for config.ini in one of the following locations:
*

C:\Documents and Settings\All Users\Application Data\VMware\VMware Workstation\config.ini
*

C:\Documents and Settings\All Users\Application Data\VMware\VMware GSX Server\config.ini
*
C:\Documents and Settings\All Users\Application Data\VMware\VMware Server\config.ini

*
C:\ProgramData\VMware\VMware Workstation or
C:\Program Files\VMware\VMware Workstation
(on a Windows Vista host running Workstation 6.0)


3.

Edit config.ini, adding the lines described below.

host.cpukHz = "X" where "X" equals the maximum speed in KHz of your host machine. That is, its speed in MHz times 1000 or its speed in GHz times 1000000. A 3GHz machine would be 3000000.
host.noTSC = "TRUE"
ptsc.noTSC = "TRUE"

The second and third lines enable a mechanism that tries to keep the guest clock accurate even when the time stamp counter (TSC) is slow.
Note: On Windows, you can use Notepad, but be careful when you save the file that Notepad does not add an extra .txt extension to the filename. You can do that by selecting All files instead of Text files in the Save dialog box.

4.

In addition, check the VMware Tools control panel in the guest operating system. On the Options tab, ensure that Time synchronization between the virtual machine and the host operating system is selected.

On a Linux host server:

To prevent guest clocks from running too quickly, specify the correct maximum host CPU speed in your global configuration file, /etc/vmware/config. If this file exists, edit it with a text editor, adding the lines described below. The file may not exist. If it does not exist, create it as a plain text file.

Add the following lines to your global configuration file:

host.cpukHz = "X" where "X" equals the maximum speed in KHz of your host machine. That is, its speed in MHz times 1000 or its speed in GHz times 1000000. A 3GHz machine would be 3000000.
host.noTSC = TRUE
ptsc.noTSC = TRUE

To periodically correct the time (once per minute) when a guest clock runs slowly, VMware Tools must be installed in the guest. On the Options tab of VMware Tools in the guest, verify that Time synchronization between the virtual machine and the host operating system is selected.

I found this post after much searching, and with the dynamic nature of the internet didn't want to lose it's information, so I have copied it here.

All thanks and Kudos to the following Gentlemen who is the original poster.
Published Friday, August 24, 2007 8:25 PM by David Marshall
Filed under: General News (in vmblog.com)

09 April 2010

Command Line Scanner - Wilders Security Forums

Command Line Scanner - Wilders Security Forums
At the bottom of this page is a post that explains how to set ESET command line scanner (ecls.exe) to work with winrar as it's internal virus scanner.

08 April 2010

Index of /pub/samba/3.3/centos/5/i386

Here's a possible answer to connecting Windows 7 workstations to a centos 5 domain controller.
It is the sernet rpm repository.
The CentOS 5 forums or wiki will be able to help you regarding using 3rd party yum repositories . I will put it to the test soon and report on the result. That post may be a week or so in the future. Which may be the next post, considering how often I update this blog. :-)

Update 28-04-2010
Total success using the sernet rpm's. Method was to backup the /etc/samba and the /var/spool/samba directories into .tgz archives, using tar with --preserve to keep all file permissions. (just in case!)
Next I downloaded the necessary rpm files from sernet into an empty directory, and manually found the required dependencies by doing an rpm -Uvh *.rpm --test and then downloading the extra files from the sernet repository and doing rpm -Uvh *.rpm --test until no errors were shown.
I was uncertian if an upgrade (rpm -Uvh *.rpm) would be successful. However serching the internet for others who also upgraded their samba this way indicated an upgrade was the way to go. So having considered the actions required to restore the system to the present status, and knowing I had the tools and the data to achieve this. I did the rpm -Uvh *.rpm in the sernet rpm directory.
the upgrade proceeded with no errors. I needed to do a "service samba start" to get things rolling. Also required was "chkconfig --add samba" and "chkconfig samba on" to bring things back to where they were with samba auto starting at boot-up.
Testing with Windows 7 workstations joining the domain showed it was indeed doing what was expected. the workstations now conencted to the domain.
A happy ending to the CentOS 5 Server and Windows 7 Workstation saga.
You could simply enable the sernet repository and do "yum upgrade samba", however I chose this method so I knew exactly what was going to happen, rather than hope yum got it right. (which it mostly does)

05 December 2009

This made using the old version of Copernic Desktop Search much less painful.
This is extracted from the second last post in a forum at.
http://forum.oldversion.com/programs-support/5261-copernic-2-a.html

http://depositfiles.com/en/files/6936586 contained a copy of the version mentioned at this time.

I've got Copernic running perfectly now!
The best free version they ever made - version 2.30 - build 30.
Got it from the link on this forum.

No ADS
Find the ApplicationConfig.ini file at
C:\Program Files\Copernic Desktop Search 2\FileRepository\50

and change the first line AdEnabled="True"
to AdEnabled="False"

No update nag
Just put your clock forward a few years, open Copernic, click Cancel to the update, then put your clock back to today.
I didn't need to mess with the registry (as above).

This program was by far the best desktop search, and with these changes it's perfect!

01 December 2009

SysAdminHell: "Proxy PAC Files, How to Use With Laptops and Local Bypass"

Sorting out Proxy PAC files has been one of my pet hates since I spent hours trying to make sense out of a dozen different how-to's each with their own typos and errors built in to them.
This one helps you stay sane while (possibly) fixing your Proxy PAC problems.

14 October 2009

Logon Script To Attach To A Server Based On IP Address

Logon Script To Attach To A Server Based On IP Address

Info on both Kix and batch file commands to do things based on the IP address of the client.
Examples in case they get lost.
Kix:-
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;Establishes $location variable, determined by subnet
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
:IPCHECK
$address = @IPADDRESS0
$subnet = SubStr($address,9,3)
$subnet1 = SubStr($address,13,3)
Select
Case $subnet = "xxx" And $subnet1 >= "xxx" And $subnet1 <= "xxx"
$location = servername-1
"net use d: \\" & $location &"\" & @username &" /persistent"
Case (($subnet = "xxx" And $subnet1 >= "xxx" And $subnet1 <= "xxx") $location = servername2
"net use d: \\" & $location &"\" & @username & " /persistent"
EndSelect
or something to that effect...

Normal batch commands:-

@ECHO OFF
IF EXIST Z: NET USE Z: /DELETE > NUL
IPCONFIG | FIND "10.76.128." > NUL
IF ERRORLEVEL 1 GOTO NotInNet1
NET USE Z: \\server1\%username% > NUL
:NotInNet1
IPCONFIG | FIND "10.76.129." > NUL
IF ERRORLEVEL 1 GOTO NotInNet2
NET USE Z: \\server2\%username% > NUL
:NotInNet2
Original page is on http://www.adminscripteditor.com in the forums.
Thanks to bphilhower for the kix version and Witto for the batch commands.

25 September 2009

Cybersecurity: It's our problem | IT Security | TechRepublic.com

Cybersecurity: It's our problem | IT Security | TechRepublic.com: "Cybersecurity: It's our problem"
An interesting idea on what future options exist for cyber law enforcement.

02 September 2009

How to reduce spam: Writing Rules for SpamAssassin to Avoid Spam, a Primer

How to reduce spam: Writing Rules for SpamAssassin to Avoid Spam, a Primer: "A Guide to Writing your own Add-On Rules for SpamAssassin"

This is a very good introduction to writing rules for SpamAssassin. Especially simple ones to target short term SPAM patterns that may not spread to other geographic areas, or other businesses.