Glo Networks Technical Blog (Glo Blog)

If you’re not familiar with what IPv6 is, it’s the next generation Internet Protocol. In broad terms, if we don’t all start using it we’re heading for a world where communicating directly between devices gets a little trickier (if you want to know more, check out our (rather long) previous blog post entitled “The sky is falling on our heads; We’re running out of addresses“).

As you can probably imagine IPv6 is generally considered a Good Thing(TM), by many technical people. After all, we don’t want to make our lives harder, do we?

The problem is uptake has been slow. The first official specs were released in 1996, but work on defining the protocol is tracable back to 1992. That’s a long time ago in the computer industry. The main issue was a chicken and egg problem; why bother upgrading your network when no one uses it? And no one will use if it there’s no reason (read: content). The other problem has been sometimes you can get an IPv6 address without having an actual IPv6 network, and sometimes it won’t work. That’s the non-technical explanation.

These 2 issues are whats caused IPv6 to really stutter.

However last year, on June 8th 2011, major websites and services enabled IPv6 by default to gauge the impact. It turned out that most of the potential problems weren’t really problems for over 99.9% of their users.

So this year, on June 6th 2012, major players who rely on the Internet, and produce hardware and software to access the Internet, will be enabling IPv6 permanently including, but not limited to;

• Akamai
• AT&T
• Cisco (& Linksys)
• Comcast
• D-Link
• Facebook
• Free Telecom
• Google
• Internode
• KDDI
• Limelight
• Microsoft Bing
• Time Warner Cable
• XS4ALL
• Yahoo!

So where am I going with this?

Glo Networks are proud to announce that we are now able to provide native IPv6 accessible web hosting right now. We’re working on the rest of our services at the moment, but we feel this is an important first step. One of our website host boxes is happily server on IPv6 -
dig -t AAAA stem.glo-net.net

; <<>> DiG 9.7.3 <<>> -t AAAA stem.glo-net.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER< ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stem.glo-net.net. IN AAAA

;; ANSWER SECTION:
stem.glo-net.net. 3600 IN AAAA 2a01:4f8:121:2322::defa:ced

;; Query time: 44 msec
;; SERVER: 213.133.99.99#53(213.133.99.99)
;; WHEN: Wed Jan 18 16:13:07 2012
;; MSG SIZE rcvd: 62

If you already host your site with us and want access either open a support ticket on GloHelp or give us a ring.

If you don’t already host your site with us, feel free to give us a ring.

If you want to talk about IPv6 enabling your corporate office network, again feel free to get in touch.

Want to know more? Check out world www.worldipv6day.org, www.worldipv6launch.org.

Posted by Karl in Cool Stuff, Networking | No Comments »

For those of us Exchange admins who aren’t fully up to date with Exchange 2010 service packs (for whatever reason – don’t berate us) and have slowly been getting annoyed with an ever increasing amount of mailboxes that get automapped in Outlook 2007 and 2010 can rejoice. One of our staff spent 10 minutes reearching, understanding and writing a bit of Powershell to resolve the issue en-bulk.

Just run the following under a Powershell instance with the Exchange modules loaded (i.e. the Exchange Management Shell).

foreach ($u in $(Get-User)) { Write-Host "Clearing the msExchDelegateListLink for $($u.distinguishedname)"; $ad = [adsi]"LDAP://$($u.originatingserver)/$($u.distinguishedname)"; $ad.msExchDelegateListLink.Clear(); $ad.SetInfo(); }

Be aware that if you do this, all auto mappings for all users will get removed. This may not have the desired behaviour as some users may be relying on an automapped account. It should be feasible to alter this as required, as it’s pretty damn simple!

As with all things, do this at your own risk, we accept no liability, yadda yadda yadda.

If you’re curious (and lets face it, if you’re modifying the Active Directory en bulk, you should be!), basically what this does is loop over all users, and clear all values against their Active Directory account msExchDelegateListLink attribute. This attribute is where the automapping gets written to.

As an example imagine 2 users, Bob and Alice. Bob is an Exchange admin and at some point was granted full access (with permission, naturally) to diagnose a problem with Alice’s mailbox without having to disturb her too much directly. Bob will now be added to Alice’s msExchDelegateListLink attribute. It’s this entry that needs to be removed.

Apparently in SP2 there is the facility to disable automapping, at the time of adding the relevant permission; the shiny new “-AutoMapping” argument to Add-MailboxPermission. As with many things Exchange 2007 and newer, it’s just a facility available at the Powershell console, for now. And you know what? We’re ok with that.

Posted by Karl in Applications, Cool Stuff, Scripting, Servers | No Comments »

Tablet devices have become popular business tools in the last few years, they offer many of the benefits of laptops without some of the drawbacks. The iPad is currently the most popular tablet device and as such it’s prevalence in the business world cannot be underestimated.

One would assume that Apple, who are surely aware of the business application of their product, would ensure that its default settings are the most secure, with the option to lower the security for convinience sake if the owner should wish.

Alas this is not the case. In iOS5 at least (this is the only OS we’ve tested on) the setting which allows the new Smart Cover to unlock the iPad 2, which is enabled by default, can be exploited to enable access to the last app left open without entering the password!

The exploit is incredibly simple too:

• Lock the iPad 2 (make sure it’s passcode protected);
• Hold down the power button for 2 seconds until the “turn off” slider appears;
• Close the Smart Cover;
• Open the Smart Cover;
• Press Cancel.

This will open the app that was open when the device was locked! You are unable to use the home button to access the home screen and switch to other apps but this is quite a big security issue none the less. If you were to lock the device with the Mail app open then someone using this exploit could access all your emails,send emails as you etc.

We’ve done a bit of testing, if you lock when on the home screen and then use the exploit you are presented with the home screen and are able to scroll between pages of apps, and use the search function, but are unable to open any apps.

Disabling the Smart Cover unlocking setting (under General Settings) will prevent this exploit, at the cost of a small amount of convenience (adds another step to unlocking the device after opening the Smart Cover). This is not a stand alone incident however; the iPhone 4S, by default, has a setting enabled which allows access to Siri without unlocking the device. This in turn allows access to many security sensitive apps (Mail, Calendar, even sending texts and making calls)!

Posted by James in Cool Stuff, General, Mobile | No Comments »

There was an obvious air of disappointment when the new iPhone version was announced. The gadget loving people of the world held their breath in anticipation of the iPhone 5 and instead were presented with the iPhone 4S.

Although the 4S may not be what was expected the device is not without its improvements compared to the iPhone 4. Much attention has been given to the dual-core A5 chip, and just a much to the 8 megapixel, f/2.4 aperture camera.

The real show stealer was Siri, which, while still in the Beta stage, has been all over the media. Fans have claimed the voice controlled personal assistant application is a ‘smart and saucy pal’, while some (notably the Android boss Andy Rubin) seem to feel we shouldn’t be talking to our phones, rather we should be using them to talk to people, and that the novelty may wear off.

Although there has been so much talk in the media regards the new iPhone version there is one feature which the 4S can be proud of that hasn’t had a great deal of attention: the inclusion of Bluetooth 4 capabilities. While other smartphones have had just as powerful processors, better resolution camera’s and voice control the iPhone 4S can claim to be the first smartphone to use the new Bluetooth version.

The Bluetooth 4 specification was completed back in June 2010 and includes the Classic (regular) Bluetooth, Bluetooth High Speed and the new Bluetooth Low Energy protocols. The low energy protocol can use as little 0.01w and run on a single coin cell (watch style) battery. This allows it to be integrated into much smaller, low power devices. Although it’s not in many products at the moment there has been lots of speculation on various devices that could benefit from this, including medical monitoring and home automation and control devices.

Perhaps the lack of fanfare is due to the current lack of compatible devices, but it seems quite likely that Bluetooth 4 will soon become the standard, with other smart phone manufacturers playing catch up with Apple in that department at least. We’re keeping our eyes peeled for new and interesting uses of the technology and will be sure to share the news when we spot it!

Posted by James in Cool Stuff, General, Mobile | 1 Comment »

In our experience changing between anti-virus software can be more hassle than it first seems. Even if the new antivirus vendor will claim to remove the previous software sometimes it just can’t, and often if a small part of the former remains the new software will not install correctly.

To this end some anti-virus providers offer their own tools for removing, but recently we found we were having difficulties in removing a deployment of E-Trust anti-virus from our customers machines, the customer was locked out of the admin consoles, and we couldn’t see any suitable tools. So rather than walk up to each machine and manually remove, we did what us IT geeks love best and created a script to fit our needs:

@echo off
REM Stopping Services
net stop "eTrust Antivirus Realtime Service"
net stop "eTrust ITM Job Service"
net stop "eTrust ITM RPC Service"
net stop "iTechnology iGateway 4.2"
REM ITM Server
msiexec.exe /qn /X{4A2635AD-91E0-4758-BD1E-CA57C9294F1F}
REM ITM Agent
msiexec.exe /qn /X{85F88F9C-6EB2-426B-88AB-28DA4A3526B9}
REM iTechnology iGateway
msiexec.exe /qn /X{847501DF-07C0-4691-B04A-893929F108AE}

Bear in mind that this works for our customers specific version of E-Trust, and for different versions the Product Codes (those bits in parenthesis after “msiexec /qn /X”) may differ.

We ran this on all computers in the Active Directory using PSExec, DSQuery.

cmd.exe /v:on /c "for /F "delims=, tokens=1" %i in ('dsquery computer -limit 0') do set name=%i & set name=!name:~4! & psexec -u Administrator -p AdministratorPassword \\!name! \\server\share\path\to\script.bat"

Be aware that the result set for DSQuery is by default limited to 1000 rows. In the example above we’ve explicitly set it to 0, which is unlimited, and generally speaking a bad idea. We’ve included the limit argument just incase you try and use this verbatim and get confused.

This won’t be executed in parallel, so the more machines you have the longer it will take.

DSQuery is part of the RSAT (Remote Server Administration Tools), installed by default on Domain Controllers, and optionally on other machines. PSExec is available from Sysinternals.

We would recommend creating a one time special administrator account, or you could pass in the administrator password via an environment variable, or read in from a file. Not providing the account may result in funny results depending on the target.

We also found one at least one or two machines there was a problem with UAC, however there did not seem to be a pattern, and we didn’t take the time to investigate the cause.

Oh, and just one more thing. Alternatively you could assign the removal script as a start up script.

Posted by James in Cool Stuff, Desktops and Laptops, General, Scripting, Servers | No Comments »