Running XenServer at Home? Enable CPU Frequency Scaling to Save Energy

As of version 6.5, XenServer ships with the performance CPU governor selected by default. This governor, or power policy, runs the processor at its maximum frequency 100% of the time, no matter the load.

If you’re running XenServer at home or some other power-conscious environment, enabling Intel SpeedStep/AMD PowerNow! (known as frequency scaling in its brand-agnostic form) can lower processor power consumption by as much as 10-15 watts by throttling the clock speed when idle.

Continue reading Running XenServer at Home? Enable CPU Frequency Scaling to Save Energy

Surface Pro 3: Workaround for Post-Wakeup Wi-Fi Degradation

Like its predecessor, the Surface Pro 3 has been plagued by a number of Wi-Fi issues since its release. Microsoft has since released firmware and driver updates that have alleviated some of the problems (e.g. link speed maxing out at 72 Mbps on the 2.4 GHz band), but some issues remain.

Even with all patches installed as of this writing, the Wi-Fi on my Surface Pro 3 still degrades after resuming from connected standby. While the driver reports a normal link speed, actual throughput drops to a fraction of what it should be, and the connection is riddled with random stuttering and latency spikes, with pings to LAN hosts jumping from the normal 1-2 ms to anywhere from 400 to 2,000 ms. This problem is not obvious if one is merely browsing the Web, but attempting to stream, say, recorded TV on Windows Media Center results in an infuriating buffering mess.

Rumor has it that disabling connected standby (either via a registry setting or as a side effect of installing the Hyper-V hypervisor) resolves all Wi-Fi problems on the Surface Pro 3. However, this is hardly acceptable for those of us who want our Surface to behave like a tablet as opposed to a miniature desktop.

In my experience, resetting the Marvell AVASTAR wireless adapter fixes all issues until the Surface next goes to sleep. However, manually disabling and reenabling the adapter every time I woke up my Surface to stream video got old really quickly, so I figured out a way to automate this.

The Workaround

We can use the Task Scheduler to set up a task that automatically resets the Wi-Fi adapter whenever the Surface Pro 3 resumes from connected standby. Here’s how:

Continue reading Surface Pro 3: Workaround for Post-Wakeup Wi-Fi Degradation

Reverse-Engineering Credential Encryption, Encoding in an Android App

I’ve been a long-time user of a popular home automation software package. The product exposes its functionality in three ways:

  1. a web application running on an embedded web server,
  2. a mobile app for Android and iOS, and
  3. server-side plugins and an accompanying SDK.

Encouraged by the lack of competition, the product is quite expensive and has one of the ugliest, clunkiest UIs I’ve ever had to deal with. The web application gets the job done, but the mobile app is a trainwreck: it has a splash screen, a “loading configuration” dialog that takes over a second to go away, and a “loading devices” dialog that takes several seconds—or worse—depending on how many devices one has. And the device list is not cached, so one has to sit through this process every time the app loads. It’s often faster and less frustrating to stand up and physically turn on the lights.

Eventually, I decided that I’d had enough and it was time to write an aftermarket Android app for this thing. I had three options:

  1. Best: Write a server-side plugin using the supplied SDK for .NET, design my own communications protocol, and write an Android app that would talk to the server via the plugin. Pros: Clean and officially supported. Cons: Having to learn .NET, design a protocol, and code both the client mobile app and the server plugin.
  2. Worst: Write just an Android app that would talk to the server by scraping its web application. Pro: No entry barrier. Cons: Highly prone to breaking with updates; super ghetto.
  3. Decent: Reverse-engineer the protocol used by the official mobile app and implement it in my own. Pro: Relatively clean, client-only implementation. Cons: Slightly prone to breaking with updates to the protocol; having to reverse-engineer the protocol.

I settled for option #3, which seemed like a good compromise. A quick Google search revealed that the vendor wasn’t keen on giving out details on the protocol, which wasn’t surprising. I also found no third-party libraries or reverse engineering attempts by others, so I was on my own.

Continue reading Reverse-Engineering Credential Encryption, Encoding in an Android App

[PATCH] Fixes for mail/dspam-devel port on recent FreeBSD-STABLE

As of this writing, the mail/dspam-devel port will fail to build on a recent FreeBSD-STABLE due to changes in the port options infrastructure, as well as being removed from Perl. The following patches take care of these problems, and they also add a few web UI files that have been missing from the makefile for a long time.

Continue reading [PATCH] Fixes for mail/dspam-devel port on recent FreeBSD-STABLE

Sending E-mail Programmatically via Verizon’s SMTP Server

When I signed up for Verizon FiOS after enjoying complete port freedom with Time Warner Cable, I was pleasantly surprised to find out that Verizon had finally dropped its annoying habit of blocking inbound port 80 (HTTP) on residential accounts. Some obligatory follow-up testing revealed inbound traffic to port 25 (SMTP), among others, was also being allowed.

Unfortunately, Verizon is still blocking outbound port 25 as of this writing. This means that, unless you have access to an external SMTP relay listening on a non-standard port somewhere on the Internet, you will only be able to send mail by funneling it through Verizon’s SMTP server.

The Problems

  1. You cannot deliver mail directly to anybody. Considering that many of Verizon’s residential IP address blocks are blacklisted as spam sources anyway, this is, for practical purposes, a moot point.
  2. Verizon’s SMTP server is sluggish—and there is no way around this unless you have access to an external relay running on a non-standard port as mentioned above.
  3. The Verizon relay requires both authentication and TLS/SSL encryption. While this helps prevent spam by holding Verizon customers accountable for the mail they send, it’s not daemon-friendly—most software that sends e-mail programmatically does not support authentication, let alone secure connections. A good example of this is the Intel Rapid Storage Technology (RST) driver package, which has the ability to send e-mail alerts when problems are detected on a storage volume or RAID array.

Continue reading Sending E-mail Programmatically via Verizon’s SMTP Server

Samsung SSD Secure Erase Utility v3.2: Download the Bootable ISO Image

I recently picked up two Samsung 830 Series SSDs. In the process of building a new server and trying out different operating systems, I encountered the need to secure-erase the SSD in between installs. It was then that I realized Samsung does not provide a bootable ISO, USB, or floppy disk image to do this; rather, you need to use SSD Magician, which only runs on Windows.

Once SSD Magician is installed, however, it does provide the option to create a bootable CD or USB drive that you can use to secure-erase an SSD from outside of the operating system—a must if Windows is running on the drive you’re trying to erase. Unfortunately, SSD Magician requires physical media to create a bootable CD or USB drive. Since I was trying to get this done remotely over KVM on a machine without an optical drive or a flash drive plugged in, I needed a way to trick SSD Magician into writing the image to a file instead.

Continue reading Samsung SSD Secure Erase Utility v3.2: Download the Bootable ISO Image

[PATCH] Prevent mod_proxy_http from adding X-Forwarded-* headers

When used as a reverse proxy via the ProxyPass directive, Apache’s mod_proxy_http module sneakily inserts the following headers into the request sent to the remote server:

  • X-Forwarded-For: The IP address of the client.
  • X-Forwarded-Host: The original host requested by the client in the Host HTTP request header.
  • X-Forwarded-Server: The hostname of the proxy server.

This behavior may be undesirable if we don’t want the remote server to know the request is coming from a proxy. Unfortunately, mod_proxy_http provides no mechanism to turn off the injection of these headers.

The following patch implements support for a new proxy-noxforwardedheaders environment variable. If this variable is set (see SetEnv), mod_proxy_http won’t add any X-Forwarded-* headers to the request.

Continue reading [PATCH] Prevent mod_proxy_http from adding X-Forwarded-* headers

[PATCH] Add support for Dovecot to mod_auth_imap2

I’ve been using mod_auth_imap for authenticating against IMAP for several years. When I recently switched to Dovecot from Courier IMAP, mod_auth_imap2 stopped working.

In browsing through the source code for mod_auth_imap2, I came to two realizations:

  1. mod_auth_imap2 doesn’t expect the IMAP server to send an untagged response in reply to a LOGIN command, and
  2. there’s a bug in the code that skips untagged responses, so inserting it in the right spot wouldn’t have worked without fixing it first.

The following patch, which I sent to the author and went unanswered, corrects these problems. It’s not very pretty, but hey, neither is the original code.

UPDATE: My patch eventually made it into the www/mod_auth_imap2 FreeBSD port.

Continue reading [PATCH] Add support for Dovecot to mod_auth_imap2

[PATCH] Add mod_substitute to www/apache22 in FreeBSD

For some reason, the www/apache22 FreeBSD port does not support the mod_substitute module even though it’s bundled standard with Apache. The following patch enables building of this useful module, which compiles and works just fine out of the box.

UPDATE: After e-mailing the maintainer, this patch has been officially merged into the port as of March 29, 2011.

Continue reading [PATCH] Add mod_substitute to www/apache22 in FreeBSD