Category: Uncategorized

Background

Earlier this year, the time had come to upgrade my aging desktop machine. Given that I would be traveling 7000 miles back and forth between the US and Saudi Arabia, and that there wasn’t much more I could do with my rig to increase it’s performance, I decided to explore the idea of getting a laptop (read: mobile workstation) as a viable desktop replacement.

Since it would be sitting on a desk with the AC Adapter connected most of the time, I wasn’t concerned with battery life, weight or size – it just had to be portable enough to stuff in a backpack and take with me.

After a lot of research, I settled on the iBuyPower Valkyrie CZ-17 (re-branded MSI GT70) with the following configuration:

 

 

17.3″ Matte finish display
Intel Core i7 3630QM @ 2.4GHz (3.4GHz max turbo frequency)
32GB DDR3 @1600MHz
120GB SSD Primary HDD
1TB SATA Secondary HDD @ 7200 RPM
Intel HD 4000 integrated graphics card
Nvidia GTX 675MX, 4GB DDR5 discrete graphics card
Windows 8 Home Premium
Display outputs: 1 VGA, 1 HDMI

In the past, I hadn’t considered a laptop because a good one was very expensive compared to a DIY desktop rig, and upgrades were generally limited to just RAM and storage.

In this case, just about every component is upgradeable including the CPU, discrete graphics card, RAM, storage (2 drive bays), optical drive, and even the keyboard!

Multi-Monitor Support (or more to the point, lack thereof) 

Given that the laptop came equipped with two video cards and two outputs (VGA and HDMI), my assumption was that I could run two monitors in addition to my built-in laptop display. Well, I was wrong, and here’s why:

Coming from a desktop machine background, I’m used to being able to run my on-board graphics card and discrete graphics card concurrently, and using my discrete card as the display controller through whatever tool was included (i.e. Nvidia Control Panel, or ATI Catalyst Control Center).

In this case, my display tab on Nvidia control panel was missing, and my Intel HD 4000 would only recognize two displays at once (either my built-in display + one monitor, or both monitors, but not all three).

My first thought was to it might have been a driver issue, but upgrading both the Nvidia and Intel drivers to the latest editions didn’t solve the problem.

Next, I tried disabling the Intel HD 4000 with the idea of forcing the display settings to default to the Nvidia, bad idea!!!

 

This crashed the OS, requiring a rollback to a previous restore point.

The next question on my mind was, “Is the integrated card even capable of supporting more than two displays?”

The answer is yes*.

*Yes, however…research suggested that it could, but only if your built-in display used a eDP (embedded DisplayPort) instead of a LVDS (Low Voltage Differential Signaling). In my case, the laptop uses is a “CHIMEI Innolux N173HGE-L11” LCD Panel, which happens to use LVDS.

As a consequence, the controller the LVDS uses only supports two phase-locked loops (PPLs), which generate a pixel clock used to sync the timing between the GPU and displays (see Wikipedia article, http://en.wikipedia.org/wiki/Intel_HD_Graphics).

Since LVDS would require three PPL’s for three displays (whereas eDP only requires a single pixel clock for all connections), I was only able to use two displays when going out through the integrated graphics card.

Abandoning that route, I turned my attention to the Nvidia card. A few hours and a lot of reading later, I began to understand Nvidia’s new approach to power savings on Laptops called “Optimus”?

No, not that Optimus! This Optimus:

The way it works is to utilize the integrated graphics card for everyday activities, automatically switching to your discrete graphics card when additional performance needed for 3D graphics or other intensive [graphical] resources are needed.

The Nvidia Control Panel allows you to define the global default for applications or this can be manually assigned on an invidual basis.

Since this process is automatic, there’s no way to cut the integrated card out of the equation since it’s technically the ‘primary’ graphics card. This almost analogous to the old co-processors you could buy for your 486SX CPU to boost it from 33 MHz to 100 MHz, but in that scenario, the performance boost wasn’t subject to system demand.

In short, there’s no way to switch display control over to the Nvidia Control Panel (hence the missing ‘Display’ tab).

Options? Alternatives?

At this point, having exhausted all other possibilities, my only choice was to add an additional graphics card or cut out one of the three displays. Since I had my heart set on all three (and now I’m strongly considering a fourth…), I turned to external solutions.

In the past, I’ve had good experiences with the USB Video Adapters (UVA’s) StarTech.com manufacturers, but I couldn’t get my hands on one here in Riyadh. I could order one online have it shipped, but shipping would be as much or more to send it here from the ‘States and it would take anywhere from a few days to a week and a half to arrive.

What did find locally was a Matrox TripleHead2Go (Digital edition). These have been around for almost a decade in one iteration or another, and I’ve seen them used to multiplex 2 or more monitors, allowing them to behave as a single display (i.e. treats up to three 1920×1080 displays as a single 5760×1080 display).

While that wasn’t necessarily the capability I was after, I did already have the hardware to support it (although I’d only brought two of my three identical LCD monitors with me to Saudi).

They also had a Matrox DoubleHead2Go (supports up to two displays), but I decided to go for broke and opted for the Triple since I could always always add another display later, giving me a total of four (Laptop Display + 3 monitors)…or at least that’s how I’m rationalizing it :)…

So here’s the end result:

Just for kicks, I decided to fire up one of my games to see what 3840×1080 resolution looks like:

It works well, and surprisingly, I still get a nice frame rate! Still, having a black bezel in the middle makes it difficult, so me thinks this ought to work better with a third external monitor :).

Conclusions

If you’re an old die-hard like me, you might have a hard time with the idea of relying on automatic switching. The technology isn’t perfect, myself and others have run into problems where the switch wasn’t happening, regardless of manual designation.

That said, unless you’re dead set on a multi-display wrap-around, a UVA would work just fine (provided your laptop display isn’t equipped with eDP).

If you do decide to go with the Matrox solution, be sure to read the instructions and follow them exactly! Failure to do so will cause the display not work properly and will require a reboot to fix it.

I’m in the process of rolling out Office 2013 Professional Plus to replace Office 2010 and Lync 2010. One benefit is that I no longer have to install Office and Lync seperately (Lync 2013 comes bundled with Office now), and so setup is a little quicker.

I used to be able to manage employee photos at the client level, but that changed in Lync 2013. All photos are now pulled from Active Directory, and the only control the client gets is whether or not to display that picture.

While there are powershell cmdlets you can run to update photos, it was far easier for me to use CodeTwo’s Active Directory Photos product.

Active Directory Photos is extremely easy to install and use. The only caveat is that you’ll want to run it as a Domain Administrator to avoid any permissions issues.

The best part is that tool is absolutely free! No ads, no nagging, just provide them with your name and email and within a few minutes, you’ll receive a download link.

Disclaimer: I do not infer that this is the best, or even the only method for managing photos in an AD/Lync 2013 environment. Every organization is different, and some companies may have policies that forbid you from using third party tools.

Further, I am in no way affiliated with CodeTwo, nor am I being compensated for this article. As always, my sole intent is to pass along useful tools and information I come across in my day-to-day work. Thank you for reading!

I’ve been building, troubleshooting and supporting computer networks for close to two decades. I’ve encountered some very strange explanations for a hardware failure in that time, but this one topped them all!

I was in a meeting with my cloud services provider discussing availability strategies when I receive a notification that we were having trouble reaching our sites (how’s that for irony?). Within 2 or 3 minutes, the issue was alleviated barring a few stragglers here and there. When I returned to the meeting, I was told that failure resulted from a spontaneous router reboot (say that three times fast!). The service provider contacted Cisco to investigate, and the issue turned out to be parity error caused by…

 

A. Ninjas.

B. Agents of SPECTRE who proceeded to hold the offending bit ransom for…One MILLION Dollars!

C. The ghost of Colonial Sanders.

D. Cosmic Radiation.

E. All of the above.

F. None of the above.

While “F” seems to be the most reasonable, the answer provided by the Cisco Engineer was “D”, Cosmic Radiation. Yes, he really said Cosmic Radiation flipped a bit in the memory, causing a cache error and subsequent system halt.

I’ve never encountered this phenomenon, nor had I ever heard of this happening to anyone else (or at least the cause wasn’t cited as such). Nevertheless, there’s a Cisco support article that discusses this, and other sources to support the notion that this could happen!

What’s the most bizarre explanation some of you have gotten for unplanned downtime?

From time to time, you might find yourself in a position where you need to restart a service that’s stuck in a “starting” or “stopping” state. While this is happening, you won’t be able to interact with the service via the Services Management Console (services.msc).

Before you can kill the stuck process, you have to have know what the ID is. To do this, run sc queryex from the command prompt. Doing this can return a lot of results, so I like to pipe them into a text file for easy viewing/searching:

sc queryex > processes.txt

Once completed, open it in a text editor to find your process:

notepad processes.txt

Looking at the file, you’ll see a list of your services and what state their in. You should be able to locate the stuck service by name:

SERVICE_NAME: AppName

DISPLAY_NAME: Some Application Service Service

        TYPE               : 20  WIN32_SHARE_PROCESS

	STATE              : 4  RUNNING                                 
				(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)

	WIN32_EXIT_CODE    : 0  (0x0)

	SERVICE_EXIT_CODE  : 0  (0x0)

	CHECKPOINT         : 0x0

	WAIT_HINT          : 0x0

	PID                : 1527

	FLAGS              :

The specific fields to pay attention to are DISPLAY_NAME (friendly name of the service), STATE (running, stopped, starting, stopping etc.), and PID (Process ID).

The PID is especially important because we need it to determine what process to kill. In the example above, the PID is 1527, we’ll use this number in the next command, TASKKILL:

taskkill /PID 1527 /F

Just as the name implies, TASKKILL ends tasks or processes. You can find a more detailed explanation along with syntax and parameters on TechNet.

Legal Disclaimer:
The article below describes my attempts to understand the origin of a fraud attempt made against my organization this morning. The article is not meant to defame any legitimate businesses whose domains may have been spoofed by a third party.

This article is for information/entertainment purposes only, and is provided “as is” without warranty of any kind! Any links or references to external sites are publicly available and provided solely for the convenience of the reader.

All third party content in this article is property of its respective copyright holders. I am not affiliated with any of the sites linked, and make no guarantees or warranties pertaining to these sites or their contents.

It’s tax season again, and for information security professionals, it means a whole slew of new phishing and identity theft attempts!

This morning, “webmaster@irs.com” sent 13 emails to my organization to advise the recipients that our tax appeal was rejected. Of those attempts, 3 got through before the Bayesian spam filter kicked in and blocked the rest.

Dear business tax payer, 

Hereby you are informed that your Tax Return Appeal id#0565677 has been DECLINED.  If you believe the IRS did not properly assess your case due to a misunderstanding of the situation, be ready to clarify and support your position. You can access the rejection report and re-submit your appeal by using the following link Online Tax Appeal [link omitted].

Internal Revenue Service 

 

Telephone Assistance for Businesses:

Toll-Free, 1-800-XXX-XXXX
Hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).

Just for fun, I decided to see how far down the rabbit hole leads:

Source IP: 87.120.210.83 (Host in Bulgaria)

Domain Registrar Information for irs.com:

Registration Service Provided By:
DOTTED VENTURES
Contact: +1.4159629700
Website: http://www.dottedventures.com
Domain Name: IRS.COM

Registrant:
Banks.com
222 Kearny Street, Suite 550
San Francisco, CA, 94108
Tel. +415.9629700
Creation Date: 28-Jan-1999
Expiration Date: 04-Dec-2014

Domain servers in listed order:
ns10.dnsmadeeasy.com
ns11.dnsmadeeasy.com
ns12.dnsmadeeasy.com
ns13.dnsmadeeasy.com
ns14.dnsmadeeasy.com
ns15.dnsmadeeasy.com

Administrative Contact:
Banks.com
222 Kearny Street, Suite 550
San Francisco, CA, 94108
Tel. +415.9629700
Creation Date: 28-Jan-1999
Expiration Date: 04-Dec-2014

Billing Contact:
Banks.com
222 Kearny Street, Suite 550
San Francisco, CA, 94108
Tel. +415.9629700
Creation Date: 28-Jan-1999
Expiration Date: 04-Dec-2014

As it turns out, irs.com is an HTTP redirect to banks.com/taxes.

At the very bottom of the page, they made it a point to put in the following disclaimer:

“This site is in no way associated with or endorsed by the United States Treasury Department or the Internal Revenue Service.”

 

Instead of putting it in plain text, it was actually an image with the ALT text description, “Disclaimer.” The only reason I can think of that someone would want to do that is to omit it from search engine spidering, but I would be hard pressed to think of a legitimate reason why a business would try to obfuscate the contents of a disclaimer like that!

There’s also a Better Business Bureau logo at the bottom. I went to bbb.org expecting to find a slew of fraud complains. Instead, I found that they’ve actually got an A+ rating!

Questionable SEO choices notwithstanding, I won’t speculate further on the legitimacy of Banks.com, Inc, but I will contact the proper authorities (the IRS) and let them sort it out.

Next steps:

The best thing to do with an email claiming to be from the IRS is to forward it to phishing@irs.gov. The IRS’ information security team will review it and take further action from there.