Friday, September 16, 2016

This week...

What have I learnt this week?

Wireless
Whilst 5GHz channels do not overlap, it all depends on how your access points are configured.  We found that setting up different APs on adjacent channels seemed good, but realised that the APs was broadcasting 80mhz wide and therefore caused overlap.


We reduced this down to 40Mhz which decreased the interference but it is also worth bearing in mind that narrowing this channel will slightly decrease total throughput.
I found this decent webpage which covers the above and other Enterprise WiFi considerations.

http://www.metageek.com/training/resources/design-dual-band-wifi.html

On this, I updated my WiFi logging powershell script.  It collects data every 2 seconds and includes channel being used which is useful for the above.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
While($a = 1)
{

Try
        {
        Sleep 2
    $time = Get-Date -Format T
    $ping = test-connection 8.8.8.8 -count 1 -ErrorAction Stop | foreach { $_.responsetime}
    $signal = (netsh wlan show interfaces) -Match '^\s+Signal' -Replace '^\s+Signal\s+:\s+',''
    $BSSID = (netsh wlan show interfaces) -Match '^\s+BSSID' -Replace '^\s+BSSID\s+:\s+',''
    $Channel = (netsh wlan show interfaces) -Match '^\s+Channel' -Replace '^\s+Channel\s+:\s+',''
    $Profile = (netsh wlan show interfaces) -Match '^\s+Profile' -Replace '^\s+Profile\s+:\s+',''
    $output = $time + "," +$ping + "," + $Signal + "," + $BSSID + "," + $Profile + "," + $channel
    Write-Host "Response Time is $Ping , $Signal , $BSSID , $Channel"
    
   Out-File -FilePath c:\temp\reportGoogle.csv -InputObject $output -append
   
        }
Catch
    {
    $ping = "Request Timed Out"
    write-host $ping
    $signal = (netsh wlan show interfaces) -Match '^\s+Signal' -Replace '^\s+Signal\s+:\s+',''
    $BSSID = (netsh wlan show interfaces) -Match '^\s+BSSID' -Replace '^\s+BSSID\s+:\s+',''
    $Profile = (netsh wlan show interfaces) -Match '^\s+Profile' -Replace '^\s+Profile\s+:\s+',''
      $Channel = (netsh wlan show interfaces) -Match '^\s+Channel' -Replace '^\s+Channel\s+:\s+',''
     $output = $time + "," +$ping + "," + $Signal + "," + $BSSID + "," + $Profile  + "," + $channel
    Out-File -FilePath c:\temp\reportGoogle.csv -InputObject $output -append
    Continue
    }
 
Finally{
 Out-File -FilePath c:\temp\reportGoogle.csv -InputObject $output -append}        } 

By the way, I use http://hilite.me/ to add this code to the blog.

CVV
I saw that Troy Hunt had verified another data breach, one with a huge amount of records that includes items like Card Verification Values (CVV).  This is that little 3-4 number code which is on the back of credit/debit cards (or front of AMEX). 

https://www.troyhunt.com/someone-just-lost-324k-payment-records-complete-with-cvvs/

Under PCI DSS rules, companies should not actually store this value on their systems.  This is why some web providers ask you for your CVV even though you have stored your main number and the expiry date.

But some retailers do not store this value and you can still make payments without any issue (Amazon one click anyone?).  Troy shares the following link in his article. 


http://security.stackexchange.com/questions/21168/how-does-amazon-bill-me-without-the-cvc-cvv-cvv2

So it looks like you don't actually require the CVV to make a payment, but companies are often provided a discount by their bank/payment processor for transactions with CVV.  This encourages its usage and decreases fraud.

Amazon have clearly taken the decision to ignore the CVV and pay a slightly higher fee per transaction.  They can keep fraud low by completing checks on all of the other information you need to provide for an account and tracking your history of purchases.  The money that Amazon makes because of the convenience one click must outweigh the costs of fraudulent purchases easily.

Export Public Folders
Someone asked me this week how to export some contact information from Public Folders, specifically the titles for a huge contact list.  My mind immediately went to Powershell on the server side, but after a little searching around it appeared there wasn't an obvious cmdlet for it.

Quick Google later and I came across the following stack overflow page

http://stackoverflow.com/questions/13350783/exchange-powershell-contacts-from-public-folder

Using Powershell on a client computer with Outlook installed can be used to get at all of the information in all of your folders.  I adapted the example provided in the link above for my example.


1
2
3
4
5
6
7
8
$Outlook       = New-Object -com Outlook.Application 
$Namespace     = $outlook.GetNamespace("MAPI") 
$PublicFolder  = $Namespace.Folders.Item("Public Folders – name@email.com")
$PublicFolders = $PublicFolder.Folders.Item("All Public Folders")
$Sublevel1 = $PublicFolders.Folders.Item("Sublevel1")
$ContactsList   = $Sublevel1.Folders.Item("ContactList")
$Contacts = $ContactsList.Items
$contact | select title

The output is what we needed for this data migration exercise. 


It needs some cleansing obviously!

Wednesday, September 07, 2016

What have I learnt..in the last few days

I had planned on completing one of these blog posts each day, but it became apparent on Friday that this was clearly a step too far.

Work has been crazy busy at the moment and when I get home I would rather spend time with the family than make blogging my number 1 priority!

Anywho, the plan is to make these a little less regular, maybe once a week.

So what have I learnt this week?

Amazon Dash

Ariel Dash Button
Amazon released the Amazon Dash button in the UK last week.  The idea is that you put a branded button in certain locations around your home.  When you run out of a specific item (e.g. washing powder) you press the Ariel Amazon Dash button on your washing machine.  This will contact Amazon and get your Ariel product delivered the next day.

Neat idea, slightly overkill I think, but neat!

But how does it work?  How long do they last?

Well I came across this pretty decent teardown blog post from Matthew Petroff.

https://mpetroff.net/2015/05/amazon-dash-button-teardown/

The button only uses a single AAA battery which is soldered in.  The way the button works means it only uses minimal energy.  The button should easily last longer than the button will be useful.

Interestingly, if you pair the button with an Android device, it will use WiFi.  But if you have an iOS device, it uses Ultrasound.  That is cool.

Single Cell WiFi

A large part of last week was spent troubleshooting WiFi issues in one of main offices.  We use a system from a company called Meru (recently purchased by Fortinet).  Their offering utilises a Single Cell architecture.

This means that all Access Points broadcast their SSIDs on the same channel.  This can be really useful to easily provision sites as there is less need to do site surveys and plan your channel layout when provisioning a new office.  In my experience, office moves usually involve IT being left way down the list people with advance notice, so having something which can be rolled out relatively quickly and require less physical resource is a thumbs up.

But, there is some concerns around throughput which this blog post goes into.

https://community.spiceworks.com/topic/989074-why-zero-hand-off-aka-single-cell-architecture-does-not-work-very-well

Our issue wasn't throughput related, but congestion related and the sheer amount of people in our tiny office.  We are running a programme of work to implement an ERP system which involves many people from the business, system integrators and third parties.

In the last week, the WiFi performance has gone off a cliff.  Lots of dropped packets between laptops and APs.  We used spectrum analyser to see if there was any external interference, but nothing.

We then took a new AP and published a different SSID on a different 5GHZ channel.  This worked perfectly.  If I moved this SSID onto the 5GHZ channel used by our other APs, the performance was also terrible.  This also tallies up with an increase of people who are working in the office on a permanent basis.

So it seems that if you have Single Cell Architecture, be really careful of the density of devices in small offices.  Someone suggested more APs, but I think this would just contribute to the problem more than anything.

Our current plan is to change half of the APs to one channel and the other half to something else to try and ease the congestion in the air.

To try and help troubleshoot this, I used the following Powershell script.  This would ping Google's DNS servers every 2 seconds and if the response time is greater than 200ms (or timed out) it would add the response time, signal strength, the station connected to and SSID to a csv file.  If 5 of these occur in a row, it would add something to the CSV to this affect.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
$errornumber = 0
$outputreport = "c:\temp\reportgoogle.csv"
While($a = 1)
{
Try
        {
        Sleep 2
    $time = Get-Date -Format T
    $ping = test-connection 8.8.8.8 -count 1 -ErrorAction Stop | foreach { $_.responsetime}
    $signal = (netsh wlan show interfaces) -Match '^\s+Signal' -Replace '^\s+Signal\s+:\s+',''
    $BSSID = (netsh wlan show interfaces) -Match '^\s+BSSID' -Replace '^\s+BSSID\s+:\s+',''
    $Profile = (netsh wlan show interfaces) -Match '^\s+Profile' -Replace '^\s+Profile\s+:\s+',''
    Write-Host "Response Time is $ping"
    $output = $time + "," +$ping + "," + $Signal + "," + $BSSID + "," + $Profile
   
If ($ping -gt 200)  {
   Out-File -FilePath $outputreport -InputObject $output -append
   $errornumber +=1
   }
Else{$errornumber = 0}
        }
Catch
    {
    $ping = "Request Timed Out"
    $errornumber +=1
    write-host $ping
    $signal = (netsh wlan show interfaces) -Match '^\s+Signal' -Replace '^\s+Signal\s+:\s+',''
    $BSSID = (netsh wlan show interfaces) -Match '^\s+BSSID' -Replace '^\s+BSSID\s+:\s+',''
    $Profile = (netsh wlan show interfaces) -Match '^\s+Profile' -Replace '^\s+Profile\s+:\s+',''
     $output = $time + "," +$ping + "," + $Signal + "," + $BSSID + "," + $Profile
    Out-File -FilePath $outputreport -InputObject $output -append
    Continue
    }

Finally{
 $output = "SLOW OVER LAST TEN SECONDS"
 If ($errornumber -gt 5){Out-File -FilePath $outputreport -InputObject $output -append}
        }
}

And Finally

HIIT (High Intesity Interval Training) has been discussed as a shortcut to exercise for years.  Last week, the BBC ran the following article which is also part of the TV series "Trust Me I'm a Doctor".

http://www.bbc.co.uk/news/magazine-37249021

They ran tests to help prove or disprove HIIT as a credible alternative to the standard mantra of 150 minutes of moderate exercise a week.

The Results were pretty impressive.  The group who completed 15 minutes of HIIT across three sessions a week actually had a 17% greater VO2 max than the group who did 150 minutes of moderate exercise.

Pretty impressive, I might make my next run based on Tabata

Sam

Thursday, September 01, 2016

WHILT

Azure AD domains
So you may remember that a couple of days ago I blogged that it was only possible to have one domain associated with an Azure AD tenant.  Well this is kind of true, but not entirely.

In fact, in Azure AD you can add the same domain name to different AD tenants without any error message whatsoever.  It is only at the point where you verify the domain that it pops up with this error.



Windows programs on Chromebooks

I saw this tweet earlier today




There is a piece of software called Crossover which is currently in preview.  It will allow you to run Windows applications on Intel based Chromebooks.  I wrote a blogpost a while back which explained why I wouldn't buy a Chromebook.  This piece of software will potentially eliminate these type of concerns.


I am currently looking at purchasing a cheap laptop to replace my Asus UL20a which is pretty old now.  The laptop is fine, but the battery is fairly knackered (2 hours max).  I was looking at HP Streams, Lenovo 100s ideapads and the like, but a Chromebook could be a good option now!

You can find more information here

https://www.codeweavers.com/products/crossover-android

And Finally

Here are some Chromebooks for sale....Shall I?

https://www.amazon.co.uk/Lenovo-11-6-Inch-Chromebook-Laptop-Black/dp/B01GCNZ79C/
https://www.amazon.co.uk/ASUS-Chromebook-C201PA-FD0011-11-6-Inch-Notebook/dp/B01AWHN3AY/