Speed up your website with TCP BBR

Written on Wed, 30 August 2017

Google has come up with a new way of handling network congestion, by pretending there is no congestion. OK, maybe exaggerated, but who can blame me when they outrightly state that "1980s-era algorithm assumes that packet loss means network congestion".

BBR stands for Bottleneck Bandwidth and Round-trip propagation time. According to Google, YouTube network throughput improved by 4 percent on average globally. Wordpress also experience massive improvements of up to 2700 times better than the previous best loss-based congestion control.

Sounds impressive? Why not let's give it a try.

Warning

Back up your server before proceeding. You're likely going to need to change Linux Kernal and other system level changes.

Updating Linux Kernel

Check the Linux Kernel Version

uname -mrs

If it's any version less than 4.9, you need to upgrade it. Otherwise, you can skip ahead to the next section.

Search for the latest linux kernal in the repository.

apt search linux-generic

At the time of writing, the latest version is linux-image-4.11.0-14-generic. TCP BBR is only introduced in 4.9 and higher, so choose any version 4.9 or higher and install.

apt install linux-image-4.11.0-14-generic

You need to reboot the server after this.

reboot

Enable TCP BBR

Enable it at sysctl.conf

nano /etc/sysctl.conf

Append the following lines

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

Apply the settings

sysctl --system

Verify the new settings

sysctl net.core.default_qdisc
sysctl net.ipv4.tcp_congestion_control

You should see the output as what you typed in the sysctl.conf

Test it

Does it work? Maybe. When I did a speed test before and after implementing TCP BBR, there was hardly any noticable improvement in speedtest.

Speeding up CakePHP3

Written on Sun, 23 July 2017

Googled up how to speed up CakePHP and I noticed how little articles have reference to CakePHP3. While there are other articles written on how to speed up CakePHP2, there's none on CakePHP3 that I found. So I'm going to share about my experience trying to speed up CakePHP3.

Note that this article is specifically about CakePHP3 and not PHP in general. Google up on speeding up PHP for more ways to speed up your web application. Also, unless you are experience a lot of traffic on your website or you have some heavy-duty processing, this optimisation won't give you significant speed.

The Beauty and Curse of Automagic

One of the beautiful things about CakePHP3 is that it does a lot of automagic things for the developer so that you can rapidly prototype an application. The downside of it is that it uses a lot of processing power and a big lot of memory. I'm going to show you how you reduce CPU cycles and memory. Why memory? Simply because you wouldn't want your application start using swap space, which will drastically reduce your application speed.

Use Database Select

When we do a data retrieval, we would normally do this:

$this->Articles->find("all");

With CakePHP's automagic, we would get every single column. This adds to processing time, both on the database and CakePHP. You see, CakePHP will process all the columns according to the type, especially if it is a date or a datetime field. On top of that, it will be stored as an array. Learn more about how big PHP arrays really are and you will know why it storing huge datasets in array is a bad idea.

So what we should do is to select very specific columns that you really need in your application by:

$this->Articles->find("all", ["fields" => ["id", "title"]]);

or

$this->Articles->find("all")->select(["id", "title"]);

With this trick, you use less processing power from the database and PHP. You will certainly reduce memory usage by a significant factor, especially if your query returns a huge dataset.

My first DOS attack

Written on Mon, 17 July 2017

I got DOS attacked. Why? I'm just a little unknown website. Took me a long while to figure out that I was attacked, partly because I don't expect my tiny little website would get DOS. Or maybe someone is doing a Penetration Test by trying all sorts of tricks rapidly. Tough luck bro!

So for the past 24 hours, I noticed that my tiny little unknown blog just got DOS attack by a somewhat single IP address. And this attacker was attacking direct to my server instead of going through cloudflare. That got me thinking.

If the attacker knows my server's IP address, they could access it directly instead of going through cloudflare, which is capable of mitigating attacks like these. Why not I block all direct access accept through CloudFlare only? Thankfully, it is possible. I just set the firewall on Amazon to the list of IP address from CloudFlare and I got no more downtimes.

Well, my uptime 99.xx% instead of the previous 100%. Oh well, I guess this is the price to pay for a big learning lesson. Honestly, a small price to pay. It's my own website anyway.

Arc Touch Bluetooth Mouse not working after Creators Update?

Written on Tue, 4 April 2017

Being an insider, I got the creators update sooner than I hope it to come. Not a bad thing actually. Due to this insider update, I am able to encounter a problem and share with you how to fix it.

So I use an Arc Touch Bluetooth mouse. When the update came, I didn't expect my mouse to stop working. So all of a sudden, it failed and I tried so hard to figure out where went wrong. I thought it might be my bluetooth driver went busted or something. But turned out that after a reinstall, my mouse still ain't working. Strange thing is that my mouse is still connected to my computer via bluetooth. I reboot countless times over, reconnected countless times over, searched around forums, still could not get any answers. I was almost at the brink of reformating my computer just so I can get my favourite mouse to work.

Bingo, I got it to work. So here's how you get it to work after you install Creators Update.

1. Go to Windows store and search for Arc Touch Bluetooth Mouse.
2. Install the app.
3. Launch the app.
4. Configure your preferred settings or choose default settings.
5. Close the app.
6. Reboot computer if it's still not working.

You might need to get another working USB mouse while you fix this issue.

Ransomware: Pay up or Die!

Written on Sat, 25 March 2017

It's 5pm on the clock. Finally, you can knock off from your work and get home for a nice dinner prepared by your wife. Gladly, you hopped on your car and drive out of the parking lot.

As you approach the highway, it just struck you that everybody else is getting home too. Thankfully, the traffic is still flowing very smoothly. You drive steadily at 70 Kilometres per hour on the highway.

All of a sudden, your car accelerates to 90 Km/h on its own. You stepped on your brakes but it didn't respond as you had expected it to. You hear the sound of the locks on your door. Your state of confusion is only mixed with your state of panick as you are forced to navigate through the traffic.

Are you held hostage by your car? Did all the warnings of ransomware finally coming to pass? Your infotainment screen couldn't be more wrong: Pay $5 000 to regain control of car; Increase speed to 100Km/h in 4 minutes 36 seconds!

You want to blame yourself for not heeding those warnings, but there is no time for that now. Your life is on the line!

What is ransomware?

Merriam-webster defines ransom as:

a consideration paid or demanded for the release of somone or something from captivity

Ransomware is a type of malware that holds a victim's files, computer system or mobile device ransom, restricting access until a ransom is paid. In most likely cases, things that you hold value.

The biggest myth: I have nothing valuable

Seriously, you have not thought this through. Would you protest if you bought a computer for $1 000 only to be told that you can only use it if you paid $100 to me? Your physical machine has value on its own. I'm quite sure you will use your computer to quite a good extent if your computer cost more than $1 000.

If getting ransomware while you're driving is not enough to get your attention, you're hopeless. As our society gets increasingly connected and us relying more on technology, we best do everything it takes to

Another myth: I have firewall, anti-virus, King Leonidas, and whole of spartan army

There used to be a saying, China built the Great Wall to prevent invaders from entering. So how did its enemies invade China? By walking through the front gate.

Don't expect to rely on all the security measures in place to stop a hacker from planting ransomeware in your organisation. All it takes is a misinformed user in your organisation to accidentally allow a hacker into your network.

Yet Another myth: It's only limited to computers

Oh so you think you can just shut down the computer and never use it again? Seriously, you need to think about your life being in the line.

How about this, you are driving along the road. And suddenly, your brakes stop working, your hear the door locking, and the car just accelerates beyond your comfortable speed. Your in-entertainment screen prompts this: Pay $5 000 to regain control of your car. What are you going to do?

What does ransomware do?

They prevent you from using your computer or enterprise network normally by asking you to do something before you can use it again.

Typically, ransomware:

• prevents you from accessing Windows.
• encrypts files so you can't use them.
• Stop certain apps from running, like your web browser.

What it holds ransom may not be something that is in your computer. In my example of the car ransom, your life is being held as hostage.

Even if you pay the ransom or doing what the ransomware tells you to do, there is no guarantee that it will give access to your computer or file again. Reinfection is also a real possibility, called milking the victim.

How does ransomware gain access?

Many ransomware gain access through misinformed users. There could be websites that disguise themselves as some form of authority, such as legal personnel or professional personnel, to gain users trust to download and run certain programmes on the targeted machine.

Other entries include downloading files from suspicious websites claim to give users certain benefits like free movies, musics, and softwares. Running these infected files will give hackers the backdoor access it needs.

How do I prevent ransomware?

Backup your data, maybe even OS

I am a big advocate of data backup, ever since I have lost so much data in the past.

One of my most popular tool for data backup is Clonezilla. It does hard disk clone. This is a particularly good remedy when the ransomware locks up your entire computer. You start off with cloning a clean slate of your computer, free from any infection. Then periodically, do up more clones. The downside of this method is that each clone usually takes up huge amount of space. But the upside is that, you can store these clones offline, only to dust it off when you need the data again. Offline storage is a very effective method to prevent hackers from deleting backup copies of your data.

The other alternative is to use duplicati for data backups. My most favourite feature is its strong encryption, using AES-256. When encryption, I could store the data in the cloud, such as OneDrive. The footprint of these backups are low, with incremental backup, compression, and deduplication. The easiest part of making this work, is the scheduler. I set the backups once, and forget it.

Keep your antivirus updated

First, if you don't have an antivirus running on your computer, shame on you! Windows 10 comes by default with Windows Defender. If you deliberately turn it off, face palm right now!

Windows Defender is a very decent piece of antivirus. I'm not here to argue what's the best antivirus. I'm here to tell you to at least get protected. The best thing about Windows Defender is that it comes default on Windows 10, and it's free. You have no excuse.

Now, of course, that is not enough. Make sure you keep it updated with the latest virus signatures.

If you're managing an enterprise system, you best get yourself a hardware firewall on your network. You can built your own firewall with Untangle or PFSense. It comes with open source antivirus, clamwin.

Keep everything else on the computer updated

• Keep your Windows 10 updated
• Keep your Ubuntu updated
• Keep your Centos updated
• Keep Microsoft Office suite updated
• Keep Libreoffice update
• Keep Chrome updated
• Keep Firefox updated

Do I need to say more?

Get educated

Seriously, your users need to know that if the screen prompts them to download something because somebody says you need to download it, doesn't mean they should. Don't download anything from anywhere that is not trusted.

What should I do if I'm infected with ransomware?

That's a tough question. If your life is on the line, I guess you are out of options but to pay the ransom fee.

These hackers make a living out of getting paid from these ransoms. By paying these ransoms, you are effectively funding their operations for more ransoms. It goes without saying that we should not be paying, but it may not be the best course of action. When you are dealing with patient's data in a hospital, it could be a matter of life and death.

All these makes prevention all the more important. The more valuable the subject is, the more measure you should have in place to prevent it.

If you are infected by Crilock family of ransomware, there is a lot of hope. FireEye and Fox-IT tool can help you recover your encrypted files.

I have backups, what should I do?

If you have done your backups accordingly and have enough measure to protect the backup, you have a safeguard. The very first thing you should do is the prevent the infection from spreading. Followed by getting rid of possible entries of re-infection, so that when your restoration effort don't get wasted, or worst, backups get ransomed too.