krypted.com

Tiny Deathstars of Foulness

As an author of technical books, I’ve been very interested in the comings and goings of technical books for a long time. This new Instagram feed is an expedition into what once was and how quickly the times change. Feed is embedded into a page on krypted to make it easier to see. Curious how many of my books are now “Dead Tech Books”… Screen Shot 2015-01-31 at 7.11.24 PM

February 1st, 2015

Posted In: Articles and Books, public speaking

Tags: , , , , , , , ,

At this point, most Mac admins know to how to enable ntp on a Mac OS X Server and set clients to the server. Most Mac admins also know how to use managed preferences to set ntp as well. We all know that time is pretty important and most are using ntp at this point. Network time should, almost by definition, be continuous, which allows ntpd in Mac OS X can update clocks in small denominations. Thus, managing corrections with little overhead or impact to the system enables ntp to be an inexpensive method for managing clocks. But ntp is also built to keep things running smoothly even when there are a lot of corrections. When there are a lot of corrections made by ntp, these are tracked and can be seen using the ntpdc command. The ntpdc is used to view and set the state of the ntp daemon and is interactive. To enter the interactive environment, simply type ntpdc at a terminal prompt: ntpdc Once you are in the ntpdc interactive environment you will need to use one of the many verbs provided for ntpdc. One such verb is looping, used to “display loop filter information:” ntpdc> loopinfo offset: 0.017866 s frequency: -499.996 ppm poll adjust: 13 watchdog timer: 209 s The above output has four items of interest:
  • Offset: How far off the client is from the server (drift is natural, so all zeros in this category typically represent the server being offline).
  • Frequency: Frequency external signals can offset correction of the kernel clock
  • Poll adjust: Used to Increase or decrease the polling interval. The range is -30 to 30. 13 is an increase of 13 seconds whereas -30 would represent a decrease of 30 seconds.
  • Watchdog timer: The time since the last update to the system.
Note: To make it easier to parse, you can run looping with a online option, placing output into a single comma seperated line. There are other verbs as well, which allow you to add servers (addserver), show peers (showpeer), set a password to use for password requests (passed), see various statistics (sysstats, sysinfo, stats, instates, ctlstats, clockstat, iostats) and set encryption keys (keyid, trustedkey, untrustedkey, etc). There’s a pretty good bit you can with these verbs; just run help to see a full list of supported verbs (my favorite verb other than looping is fudge). You can also check ntp information on the fly using the ntpq command. Here, ntpq -p will show you the name, IP address and other information live: ntpq -p Returns: remote refid st t when poll reach delay offset jitter ============================================================================== *time.apple.com 17.72.133.55 2 u 181m 512 376 32.169 17.084 0.315 Windows clients using Active Directory domains automatically get time from domain controllers. If a client is part of an Open Directory or SMB-based domain, you can add a NTP server by clicking on the time in the system tray (bottom right corner of the Windows screen). Click on Internet Time. Click the check box for Automatically synchronize with an Internet time server. Enter the name or IP of the ntp server. Click the Update Now button. When finished, you’ll see a note that Your time has been successfully synchronized. For clients other than Windows, it makes little sense to set ntp settings with a GPO, given that systems not in Active Directory won’t really use them. And most environments that don’t have a directory service are pretty small. But this isn’t to say that you won’t want to deploy these settings en masse. Much as you can use the /etc/ntp.conf file or the systemsetup -setnetworktimeserver command to configure a time server in Mac OS X you can use the registry to do so in Windows. If you can use the registry to configure a setting you can then use regedit or regedit32 to set the keys programatically. But if you choose to, the keys are in HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeParameters (most notably is the NtpServer key) or you can use w32tm with the /config option. Once configured, reset the time to that of the time server to test. This can be tested with w32tm: w32tm /resync /rediscover Mac OS X and Windows can use an ntp-based server, but given that ntp is so widely used, what else? Using ntp with appliances can help with authentication protocols and also assist with triangulating issues from within log files. So, how about a Cisco IOS device. SSH into one and let’s get started. First off, run the enable command and then provide a password: enable Then, go into config mode: config t Now we’re going to use the ntp command and issue and update calendar to tell IOS to update the hardware clock from the software clock: ntp update-calendar Then we’ll specify our ntp server(s): ntp server 10.0.0.88 Note: Just run the ntp server command twice if you want to specify a second ntp server. Then exit config mode: exit And write your new settings into memory: wr mem

June 9th, 2011

Posted In: Mac OS X, Mac OS X Server, Mac Security, Ubuntu, Unix, Windows XP

Tags: , , , , , ,

The last book (far right, Enterprise Mac Managed Preferences) is fresh, exciting (to me at least) and unique in that it is the most comprehensive information regarding managed preferences you can find. Management en masse of Mac OS X is very lucky to have this compendium. If the chapter in our Enterprise Integration book left you wanting more information about managed preferences then this book is for you!

August 6th, 2010

Posted In: Network Infrastructure

Tags: , ,

I’ve been a fan of the Cisco ASA since it was introduced but always seemed to have a problem figuring out all the different models. Cisco now has a snappy little model comparison that can be found here. A little less helpful, but nice nonetheless is the comparison page for the 1000 Series Aggregation Service Routers. But then there’s the PIX and the Cisco IOS devices. It’s still a lot of different stuff to keep track of and while it’s a lengthy read this page may help with that as it goes through each one…

October 7th, 2009

Posted In: Network Infrastructure

Tags: , , , ,

I’m just guessing that there are smarter people than me at Cisco working on this type of stuff.  Cisco has purchased Postpath. If integrated with WebEx it gives them an interesting new perspective on collaboration, but I’m still not sure that the industry is ready to get away from Outlook, Entourage, etc and to get into using something fully in the cloud. I think for a company full of younglings it might make a lot of sense, given they’re already going to be used to this kind of thing, but then I’m also guessing they’re likely looking toward something like Google Apps. Having said this, the good people of Cisco have proven time and time again to give good strategy. So I trust their strategy with this acquisition will become more apparent as time goes on…

January 31st, 2009

Posted In: Business, Consulting

Tags: ,

If you have a number of Cisco devices you’d like to monitor you might want to check out Fireplotter. Fireplotter is a visualization tool that shows open connections, traffic loads and other pertinent information about your Cisco deployment. The graphs are cute, but not as informative as some other tools that we’ve grown to know and love like MRTG, etc. But, what Fireplotter lacks in intensity it more than makes up for in ease of use and deployment. Also, you can use it in conjunction with other monitoring tools if you just want quick and real-time visual monitoring of bandwidth.
FirePlotter

FirePlotter

December 27th, 2008

Posted In: Network Infrastructure

Tags: , ,

WAN Acceleration has been a hot topic for some time.  But over the past couple of years the cost of acceleration technology has dropped drastically due to its emergence as a full-blown market.  Riverbed has jumped to the top of the leaders circle for a number of reasons, with Juniper, Blue Coat, Cisco, Packeteer, etc in its wake.  For the most part, all WAN accelerators are going to have a few things in common.  There are a pair of appliances, each with a disk that can cache files going between two points.  To some degree, the purchase of accelerator appliances should be driven by the protocols to be used.  For example, if you’re a purely Citrix shop then why would you bother to purchase another appliance – just don’t do it unless there is a specific option that you’re looking for. With Riverbed, they fit nicely for environments where a specific protocol isn’t being looked for – but instead where all traffic is to be accelerated.  They will compress the data more than it would be compressed over a standard connection, but will then one-up the competition by not requiring you to have a pair of devices but instead allow you to install client software so you can accelerate all clients on the edge, including those in hotels and at home.  To me, this is why they get to go to the top of the Quadrant.  But look out, Packeteer has announced a competing product and the rumor mill has it that Silver Peak and Juniper will shortly. 

November 28th, 2007

Posted In: Consulting, Network Infrastructure

Tags: , , , , , , , , , , ,

No one ever got fired for buying Cisco.  But, I recently saw a shop where they went from Cisco to Enterasys (thanks for showing off your backbone Todd).  I must say that I really liked the Enterasys switches. I looked them up and they are about 1/2 the cost of Cisco.  They have great tech support and are very easy to configure, even though it’s a command line interface.  The only complaint I have about them is the web interface is good for reviewing your setup but inadequate  for configuration – but is good for looking at the switch configs. Maybe in time this will mature…  I don’t know if they can go to the 10,000+ environments though…  Oh, and it required zero config to do link aggregation, which was weird – but cool… Now, I have really been liking what Foundry is doing with their switches. And Juniper.  If you play your cards right you can even get free training with Juniper, which is pretty cool – and sometimes they give hard core sweetheart deals to larger shops that are switching over to their platform from Cisco. Of course there are hundreds of other switch manufacturers.  The only other ones I’ve seen in really large install bases are HP (which I hear mixed reviews on from Mac guys) and Extreme Networks (again mixed reviews for Mac) and some Allied Telesys Switch Blades (great review but only seen them once – 4000 series blades – with fiber to ring and ethernet to classrooms in the same chassis – it stuck out to me ’cause we used to sell a lot of allied switches and I didn’t know they made blades yet).

June 27th, 2007

Posted In: Network Infrastructure

Tags: , , , , ,

So I’ve been working on getting us into a bunch of new partner programs recently.  Some companies get it, others not so much.  Companies I rather like working with: Cisco, IBM, SonicWALL, CheckPoint, PGP

February 4th, 2007

Posted In: Business

Tags: , , , ,