Archive for the ‘Articles’ Category

Why Microsoft Will Not Extend Windows 7 End-Of-Life

Sunday, July 13th, 2014

[This is mostly a summary of a discussion on Google Plus, that you can find here]

Recap: The world (or at least clueless tech journalists) was surprised to learn (once they bothered to look it up) that Microsoft will not extends Windows 7 end of “mainstream support” – which is scheduled for January 2015 (about 6 months from now). This was all planned way in advance – Microsoft basically committed to end “mainstream support” in 2015 by not releasing any service pack for Windows 7 since the beginning of 2010, instead they want people to move to the next version of their software. In most normal software markets, this is a no-brainer – who have heard of a Macintosh user still clinging to Mac OS X 10.7? or an Adobe Photoshop user who refuses to upgrade past CS3? But instead you now hear calls for Microsoft to extends Windows 7 an artificial life line, like it did with XP.

And here’s why XP will never happen again:

(more…)

Microsoft vs. No-IP and the failure of the US legal system

Wednesday, July 9th, 2014

There is one thing that really troubled me about the Microsoft dynamic DNS fiasco that no one seems to talk about, which I really wanted to raise, but first here’s a short recap for those not in the know: Microsoft “cyber-security” department convinced a US federal court to issue an order to transfer 22 internet domains owned by the popular No-IP dynamic DNS service into their custody, in an attempt to remove specific hosts under those domains that are supposedly used as malware control centers.

The issue I have is very simple – under what conditions can it be possible for a private company, to ask a court to transfer ownership of a property from another private company? This sounds seriously like private policing and somehow it is endorsed by the judicial system ?!? Under what authority can something like this be allowed?

This situation is massively more grievous because the court order was given “ex-parte” – legalese for “without the other party appearing to defend itself”, but even if everything was over the table and in the clear, and the defending lawyer incredibly incompetent, what kind of argument a private entity can offer to get a court to simply transfer control of another private entity?(1).


  1. except obviously arguing that the property was stolen, which is clearly not the case []

Code Spaces break-in lessons: using your infrastructure provider for backup is a single point of failure

Monday, June 30th, 2014

Summary of the events of the Code Space break-in: Code Spaces was hosting their services on Amazon Web Services VPS infrastructure. An attacker managed to gain access to their AWS administration console account and after his demands for ransom were not answered, proceeded to delete all the data in the account.

The disaster recovery plan for Code Spaces was based on having machine images and data backups stored in AWS, everything was gone, and Code Spaces basically had to shutdown.

(more…)

What to do when your virtual private server is really slow

Sunday, June 8th, 2014

Ok, this is not a real solution for all types of problems – just a tip, that worked for me today, to try out if you can’t figure out what the problem is.

I’m running a VM on Amazon EC2, and looking at top, I saw that most of the CPU time was spent either in “steal/guest” or “IRQ“. Now steal/guest is kernel speak for “I wanted to allocate some CPU time for progams, but the hypervisor stole it” – which is not surprising on a a virtualization solution, but if it happens all the time then that means that your physical host is constantly loaded by other VMs that take as much CPU time as they can. The second item “IRQ” is time the kernel spends at handling interrupt requests from the hardware. This shouldn’t consume a significant amount of time unless the hardware has a problem – another good indication that you want to move your VPS to another physical host.

(more…)

Script day: upload files to Amazon S3 using Bash

Monday, May 26th, 2014

Here is a very simple Bash script that uploads a file to Amazon’s S3. I’ve looked for a simple explanation on how to do that without perl scripts or C# code, and could find none. So after a bit of experimentation and some reverse engineering, here’s the simple sample code:

(more…)

Script Day: SSH to a host behind a NAT

Sunday, April 27th, 2014

I use SSH daily to work with different remote services, and its always a very straight-forward process… unless the remote server you want to work with is on LAN somewhere behind NAT(1). When you need to access such an internal server, the only option is to SSH into the firewall(2), and then SSH again to your server of choice.

But there’s a better way, and you don’t even have to fiddle with the firewall server!

(more…)


  1. router that does Network Address Translation so the servers address is not accessible from outside the LAN []
  2. or some other server that has legs both inside and outside the LAN – I’m using a DNATed server, what most off-the-shelf routers incorrectly call “DMZ“ []

הקלות הבלתי נסבלת של מספר ת”ז באינטרנט

Friday, November 8th, 2013

באופן מעצבן יותר ויותר (ככל שהפילוט של המאגר הביומטרי נמשך ומאיים להביא עלינו אסון), כל מיני אתרי אינטרנט טריוויאלים לחלוטין דורשים מאיתנו האזרחים לספק להם את הזיהוי היחודי שלנו במאגר (הביומטרי וגם זה שלא) של הממשלה (הווה אומר “מספר תעודת הזהות”).

אני לא בטוח בכלל מה הזכות של חברות מסחריות אקראיות לדרוש מאיתנו את הפרט הזה, אבל אני די בטוח שאני לא חייב לספק אותו, וזה ממש מעצבן שהם דורשים את הזהות שלי כתנאי למכירה של כרטיס קולנוע, או שאר דברים טריוויאלים.

בגלל שאני בטוח שגם אותכן זה מעצבן, ובגלל שאני חושב שכל הפרקטיקה מטופשת (אפילו אם היא חוקית, ויש חשד קל שהיא לא), הנה לשרותכם – מחשב מספרי תעודות זהות ישראלית:

לשם הנוחות העמוד הנ”ל ידידותי לטלפונים חכמים והכתובת הישירה אליו היא: http://geek.co.il/articles/israeli-id.html

עוד נקודה: הוצע לי ששימוש במספר ת”ז לא שלכן באתר של ספק שרות זה עבירה על החוק – סוג של גניבת זהות. אני לא חושב שזה המצב – ואני אשמח לדעתכן בנושא, אבל לשם הזהירות:

  1. אין בבנית התוכנה הנ”ל משום המלצה להציג מספרי זהות שאינם שלכם לספקי שרות ואחרים. אם אתם בוחרים לעשות זאת זה על אחריותכם בלבד.
  2. אם אתם בכל זאת בוחרים להציג מספרי זהות כך, אני ממליץ לבחור מספרים שלא סביר שנמצאים בשימוש, כמו מספרים שמתחילים בשלוש פעמים אפס או שלוש פעמים תשע

Recovering InnoDB Tables In MySQL 5

Saturday, April 27th, 2013

The following procedure can be used to recover InnoDB database tables from a backup of a MySQL server that had the “innodb_file_per_table” setting but all the metadata (in the “ibdata*” files) was lost – for example due to a server crash.

The process involves two steps:

  1. Recover the table structure from the .frm files
  2. Recover the data from the .ibd files (InnoDB tablespace)

There is a lot of copying the backed up files over and over to the MySQL datadir, so its useful to have the backup available on the database server machine. In my setup the backup for the databases was copied to the directory “backup” under the database’s datadir, so – for example – for the table somedb.sometable there exist files somedb/backup/sometable.frm and somedb/backup/sometable.ibd.

Additionally the process for recovering the table structures creates a lot of superfluous metadata in the InnoDB data files, so after the first stage I’m going to destroy the InnoDB data files and let the InnoDB engine re-generate them – as a result any existing InnoDB tables will be destroyed. This is important so I’ll iterate: using the procedure detailed here will destroy any existing and working InnoDB databases! So this procedure is useful to recover a destroyed database server to a new server or as a temporary measure on a temporary server to be able to dump the data to SQL files that will later be loaded into an existing server.

There likely a way to do this which is less heavy handed – for example, check out this article from Percona’s MySQL blog, but for my purpose this is enough.

(more…)

How to fix “No bootable device” after Ubuntu installation

Monday, April 22nd, 2013

When installing Ubuntu on a disk partitioned with a GUID partition table (GPT), the Ubuntu installer doesn’t set the boot flag correctly on the partitions, and on computers with older bioses (like my Intel ICH9 board), the BIOS will not recognize the disk as bootable and will refuse to start the boot loader, claiming that “No bootable device found”.

The solution is to set the boot flag on the boot partition (the real one in the GPT) as well as on the “protective MBR partition”:

  1. Start your computer with the Ubuntu live CD again, and select “try Ubuntu before installing”
  2. When the Ubuntu desktop loads, open the dash and start “gparted”
  3. When gparted starts, select your boot drive and from that select your boot partition – usually the first Linux partition on the drive, and right click it and select “flags” in the menu. In the flags dialog check “boot”.
  4. Open the dash again and start “terminal”
  5. In the terminal type “sudo fdisk /dev/sda” (or whatever your boot drive is). You’d get a bunch of warning about the disk using a GPT scheme – ignore them. type “a” to set the bootable flag and choose partition “1″. Finally type “w” to write out your changes.

Now its safe to reboot and your old computer should have no problem starting the boot loader now.

Script Day: Automatically backup your EC2 instance using snapshots

Thursday, December 27th, 2012

The following script I install as a cron job on Amazon AWS virtual machines I deploy, to allow them to backup themselves automatically. The script uses the EC2 management utilities that are normally available on “Amazon Linux” installations (and can be easily installed on other Linux distributions) to create EBS snapshots of the current mounted root EBS volume(1).
(more…)


  1. I don’t expect this script to work for instances that have an instance-stored root device, but I don’t expect to encounter these any more []