BEST IDEA EVAR!!!!one!!

I have had the Single Best Idea in the History of the Internet™.

I am going to buy this car, slam it into this office, and twitter™ the tinyURL™ of the flickr™ album and YouTube™ videos to my FaceBook™ friends.

Thereby causing the Internet™ to go so meta™ that it collapses the universe™.

I will accept the Nobel Prize for Brilliance whenever you find time to hand that out.

Surfing for Seniors

This is awesome. I’m going to be referring people to this all the time. Maybe as much as Gabe & Max.

Now it’s time for some REAL net surfing!

Optimizing Bandwidth for Sites

A typical internet radio station uses 128k of streaming bandwidth. Some use up to 256k.
Podcast downloads can take 100-200k, easily.
System & software updates can use even more.

A few people listening to low-quality internet radio stations is 512k (about 1/3rd) of a T1.
A few people downloading podcasts, is easily another 512k.
A few people downloading system or software updates, and your expensive T1 is all used up.

That’s zero bandwidth for employees clocking in and out, zero bandwidth for customers file transfers, and zero bandwidth for email in and out.

And ALL of those things can be going on at once for any computer or employee.

Call it a modern “tragedy of the commons“.

One thing that you can do if you have a good router/firewall is managing Quality of Service (or “QoS”). QoS is basically giving high priority to things that are important for business (like email, VOIP, incoming FTP, etc.), and low priority to things that are not important (software updates, YouTube, streaming radio, etc.).

This isn’t just for businesses, either. If you use Skype at home, you should make your Skype calls a higher priority than your internet browsing so that you don’t lose call quality while you (or someone you live with) is using the internet.

So, if you can configure QoS on your firewall, here are a few tips:

• Assign QoS by IP address block. Apple, for example, owns the Class A block 17.x.x.x. Unless you do business directly with Apple, you’re probably only ever accessing “17.” addresses for software updates, podcasts, iTunes Store, etc. – all low priority. Unless, of course, you’re using MobileMe.
• Assign QoS by DNS name. Chances are pretty good you’re not doing much business with youtube.com, doubleclick.com, msn.com, espn.com, npr.org, or a variety of other high-use, low-productivity sites.
• Assign by service. Not every firewall allows you to prioritize by service, but most will allow you to do it by port number. Things that should have high priority: VOIP (varies), SMTP (25), FTP (21).

Almost everything else will be fine if you leave it set to the default priority level. Your business (or home) may have other priorities (online gaming, for example), but these are a good starting place. Just make sure you save your router/firewall settings before you start and you’ll be able to undo anything you accidentally screw up.

“Why do we fall down, Bruce? So we can learn to pick ourselves up.”

The Dreamlife of Your Dreams

You should know how to use some internets and send your megabytes.

R.I.P., FSJ

Rest in peace, fakesteve.

Too clever for our time.

Too pointed for your own good.

Bringer of laughter, joy, and derision.

The suspension of disbelief was a pleasure.

Your claims, so grandiose.

What you truly created exceeds the iPod.

Larry Ellison trading races,

will never leave our minds.

Be they frigtard, freetard, Googletard, or Microtard.

You re-invented the friggin blog,

may future generations hear of it.

Load Balancing and Static NATs

<Heady tech. mumbo-jumbo>

CheckPoint’s Safe@Office firewalls don’t handle load balanced dual ISP configurations properly if you have external IPs static NAT’d to internal machines.

When you connect your first WAN link (WAN1) and set up static NATs for external addresses to reach internal machines, everything works fine. When you set up your second WAN link (WAN2), your internal machines with NAT’d addresses will not be able to use WAN2. If you’re using WAN2 for failover only, this is not a problem (well, until WAN1 fails), but if you’re trying to use load balancing, whenever the firewall routes a NAT’d machine to WAN2, the request will fail – DNS will time out, PINGs won’t come back, etc. You’ll be able to reach anything internal, and you’ll be able to ping the firewall just fine, but traffic beyond that will fail.

If you want to see it in full effect, just disable WAN1 for a moment. Anything that doesn’t have a static NAT will work just fine, but any machine with a static NAT will lose it’s internet connection.

The solution is to set up a static route from any machine with a static NAT. So here’s how to properly set it up:

1. Connect both WAN links and make sure they’re working the way they should – including load balancing the traffic. That’s pretty easy.
2. Now add a network object for the machine you want accessible from outside. If you can find it in your list of computers (Reports > My Computers), just click the “Add” link next to it. You’re adding a single computer; It’s going to have a fixed IP address and you’re going to Perform Static NAT. I gave mine an external IP address from the pool connected to WAN2, but I don’t think it matters. Then just give it a descriptive name.
3. Now click Network > Network Objects and make sure it appears in that list with the correct Static NAT address.
4. Now click Routes at the top and hit the New Route button. For Source, select Specified Network, the network will be the IP address of the Network Object you just created and the Netmask will be 255.255.255.255. Destination is “ANY” and Service is “ANY“. In the next window, for Next Hop IP, choose the WAN link that includes the external IP address that you selected in step 2. Metric doesn’t really matter for something this simple, you can leave the default.
5. Now just test it. Make sure that you have internet access from the Network Object created in step 2. Disable one connection, test again, enable it, disable the other one, test again, etc.

Obviously, you can make it much more complex than this, but this is important information for getting load balancing and static NATs working.

</Heady tech. mumbo-jumbo>

IT Everywhere

This is way too cool (read: nerdy) not to share.

IT Everywhere

DNS is a Pain

I went to MacWorld this year and attended a session called “Lucid Systems Administration“. It was a pretty good, though basic, overview of how to maintain sanity as a SysAdmin. A lot of it was pretty common sense stuff – use an organizer, don’t try to memorize everything, devote time to specific goals, prioritize, etc.

I say “common sense” knowing that there are a lot of people in my profession for whom “common sense” is elusive. They’re on “the spectrum,” the saying goes.

So I could see it being helpful for some of them…Lots of them, actually.

One thing that stuck with me was her final “tip”: Check DNS.

For any readers who don’t know what DNS is, it’s the service that translates human-readable domain names (like google.com) to machine readable (number) addresses. It’s easily one of the most critical pieces of the internet. When it fails, nothing works.

So, because it’s so critical, there are a few pieces of it that are designed to provide speed and reliability.

But when you’re troubleshooting DNS problems, those pieces become a huge headache. Primarily the one where changes don’t show up immediately. Sometimes they don’t show up for days. Literally. Fixing a problem is really frustrating when you don’t know if the change you just made has had any effect until the next day.

You know when you’re on an old computer or a slow connection and the text doesn’t show up until a second or two after you’ve typed it? Imagine that delay is 24 hours.

So instead of making a change, and immediately checking to see if it worked, you read and plan and re-read and come up with a plan B, and then consult some experts, and then make the change. Then you wait a day, see if it worked, and start reading again.

I’m not an expert on DNS, but I might be soon if this keeps up.

The Internets Are Annoying!

Holy crap.

I just tried browsing the web without AdBlock on and I don’t know how anyone does it!

I’ve been using either Firefox or Camino since ad blocking became available, so I haven’t been subjected to what an annoying, distracting, ugly place the internet has become. It’s like watching network TV! (Hint: Miro.)

Seriously, do yourself a favor. If you’re on a PC, go install Firefox. Once you have that up and running, go install AdBlock Plus. If you’re on a Mac, you can also install Firefox and AdBlock Plus, or you can install Camino, Firefox’s lesser-known cousin and turn of advertisements in the preferences.

You’ll be amazed at how much less the internet sucks when it’s not CONSTANTLY trying to get you to punch a monkey, enter a contest, or watch more ads on network television. As an added bonus, your browsing will be much faster, too, since you won’t be downloading all those flash ads, banners, etc. I promise you won’t regret it.