system.reflecti0n.net

I set out last week to upgrade my router. My current one, a D-Link 524 does work as advertised. In fact it works well enough. I would not even consider replacing it except that the D-Link 524 resets itself every time I make a configuration change. This, for me, discourages experimentation and so I'm reluctant to find out the ifs and whys of operating a NAT router.

Linksys WRT54G

I went to the local gadget store and picked up a Linksys WRT54G router as they were on special and I had good memories of my first router, the BEFSR-41 which was all I ever needed until I got a wireless enabled laptop. The initial setup went well. Configuring wireless was easier than ever now that the router wasn't resetting itself with every setting change. Opening port 80 for my dev website worked fine although I thought the website was laggy on the new router it was plenty fine for testing and demonstrating. It wasn't until Monday morning when I could not connect to a client's office VPN that I found out what a dud this router is.

Don't get me wrong, Linksys has made perfectly workable versions of this router in the past. However, rev. 5 and rev. 6 of this router do not have PPTP passthough. Yes, the box says they do. There's even VPN settings on the router to enable or disable PPTP passthough. But you can't do PPTP passthough. Manually opening port 1735 for VPN access helped, but it wasn't the complete solution as there is no way to tell the WRT54G router to allow protocol GRE 47 to pass through. Even manually opening port 1735 seems like a cop-out because I don't need to do that with my DI-524. Nonetheless, Linksys has refused to acknowledge the problem and has yet to release a firmware update for rev 5 and rev 6 and these complaints have been ongoing since the spring and maybe longer.

Check Google for "VPN WRT54G rev 6" to find more anecdotal evidence, including accounts of Linksys customer support discontinuing conversations instead of acknowledging the problem.

If you need VPN access, the newest Linksys WRT54G router is not for you.

Netgear WGR614v6

So after returning the Linksys, I still considered it possible to find a good replacement router. Linksys was off the list, and I had no expectation that D-Link had changed their newer routers to avoid automatic resetting, so I went in search of Netgear.

I should have taken it as a warning that all the chain stores nearby had stopped carrying this dud. But I kept looking anyway. Eventually I found one and for $35.00 i thought I was on to something good.

Most odd about this device is that the first time you turn it on and browse to 192.168.1.1 it directs you to a wizard that refuses to continue if you don't have it connected to your broadband connection. The first time around there is simply no way to continue using the router until you plug it in. Not my favorite choice since I don't know how their router comes configured out of the box, I could be exposing my home network to all sorts of security risks because Netgear won't let me examine the router settings until I complete their obstinate wizard. After the running of this wizard, this demand is never made again, even after resetting back to factory defaults.

Even that there was a firmware upgrade available led to another strike on this router: all settings are lost when you flash the upgrade. Netgear even suggests copying your settings with pen and paper instead of using their built-in "save-settings-to-a-file" feature. It was also impossible to tell if or when the firmware upgrade finished. Luckily I proceeded with caution and waited an extra 10 minutes before resetting the router. I'm happy to say that the upgrade did not brick the Netgear router.

After the experience of the WRT54G, I immediately tested VPN connection. For the second time I had to manually set port 1735 to get VPN access, but this time I was able to authenticate and actually dial in to my client's VPN.

In spite of that minor success the final straw appeared quickly enough when I couldn't configure the WGR614 for any inbound access on port 80. So long dev website. Even slow access would have been better than none at all.

So back to the store with this one. I should point out that while unplugging this router to return it I noticed that the router itself was VERY hot to the touch. The actual router, not just the power adapter. Seriously I'm starting to understand why you can't find this brand in the stores anymore.

Conclusion

I've returned to using my trusty old DI-524. It may have inconvenient resets and no QoS support, but it actually does everything that D-Link printed on the side of the box, where the newest Linksys and Netgear routers do not.

I see now that the Pre-N Draft spec wireless routers support up to 300Mbps which may be a good enough reason to keep looking, except this would mean buying a brand new wireless card for my laptops and forgo the built-in wireless. This seems like a waste to me. Especially since these Pre-N devices could be completely incompatible when the real 802.11n spec is finalized next year. Again, I have no reason to believe that a firmware upgrade will bring Pre-N stuff up to final draft 802.11n so it seems like throwing good money after bad to buy a device that is certainly going to be incompatible with equipment that I buy next year. But that's another story.

Tags: home networking, linksys, netgear, dlink, internet

Ever seen this message:

Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.

or this one, perhaps?

SqlException (0x80131904): Cannot open user default database. Login failed.

Then it would by my guess that you've just moved all your development work to a new server, one probably running IIS 6.0 on Win2003 or WinXP-x64 and you're really really stuck as to WHY this bastard of a message is stopping you from deploying your website. Let's start with the obvious...

"NETWORK SERVICE" is a built-in Windows login. A key use of NETWORK SERVICE is to run the ASP.Net worker process for IIS 6.0 but it can have many more uses and generally it is used by Windows for all Windows services that require network access of any description. This makes it different from "LOCAL SERVICE" which has no built-in rights to access any network API. Both logins are less privileged than "SYSTEM" and are meant to be, as a means of mitigating security risk.

Windows logins use the built-in Windows Security Identifier (SID) which is just a GUID that gets created with every login. Because its a GUID, the SID for every login is different, even if the user name, password, etc is completely identical. You have no control over this, get used to it.

SQL Server, at least all versions from 7.0 and on, identify all Windows logins through their SID, as you can see when you view all the configured logins in the system table, master.sys.syslogins and within each database the login-user mapping table sys.sysusers.

Now then, when you move a copy of your SQL Server databases from one computer to another by detaching, copy file and re-attaching, any SID for NETWORK SERVICE will be different from the one on your development computer. This means any SID recorded within the copied SQL database's sys.sysusers will not match the SIDs found in Windows' local security database.

To make matters worse, SQL Server Management Studio (and its predecessor, SQL Server Enterprise Manager) never shows you logins for SIDs it doesn't recognize. So now that you've deployed a copy of your database on the new server yet it is completely misconfigured for use on that server.

The good news is its easily fixable. You can open up the copied database in Management Stidio and add the correct NETWORK SERVICE back into the database, just like you would for any other login. Conversely, you could detach and delete the copied database, return to the original database on your development machine and script the entire database and use the script to deploy the database on your new server. This works because you can script the security and user access for the database as an option in Management Studio and this refers to NETWORK SERVICE by name, not SID so SQL Server on a different computer can easily relate the security settings to their own context.

The last gotcha, just for ASP.Net 2.0/SQL Express 2005, is that its easy to overlook the same problem in your websites that use ASP.Net + SQL Express as the website's security provider. This means you have a detached database lounging around in your website's App_Data folder going unconfigured. To get this one setup right you need to:

1.  Edit the file-level permissions on the ASPNETDB.mdf and aspnetdb_log.ldf files so NETWORK SERVICE has at least Read and Write access to this file. Otherwise you get errors about the log file being full, among other things;


2. Reset the security information within the database itself. Not as easy because this file isn't automatically visible from Management Studio because its detached from the running instance of SQL Express. The easy way is to use Management Studio to attach the copied ASPNETDB.mdf file to the instance of SQL Express running on the same server that is hosting the ASP.Net website, then detach again before you try to use the website itself.

For detached databses there is no need to set the NETWORK SERVICE access permissions within the datbase this time, SQL Express/ADO.Net don't seem to care what's inside of the database's files sys.sysusers table once you return to "attach as file"...I haven't found out why yet but I think ADO.Net prefers to handle security of detached database files based on the file-level permissions instead, but don't quote me on that.

So there's the long answer on how to fix a relatively simple but perplexing problem when deploying your work to new servers. Hope that helps. Sorry its so long, I just find it easier for me to remember for my own sake by going into extra detail.

Tags: windows, web design, security, permissions, errors, installation, sql server

I've been certain since my free trial of Y!Unlimited ended that this was not the service for me.

Sure, they have more songs than just about anybody else (1.5 million+) and it worked just fine with my old Creative Zen player, but damn, how slow of a service. Yes you've got access to a decent sized library of music to subscribe to, but getting to it was an entirely different matter. Why would anyone believe that they can sell an Internet-based service yet provide content at dialup speed?

That's not to say the music downloads were slow. No, that part worked just fine, it was the content portal that just dragged on-and-on. There were times when I forgot what music to look for while waiting for that godawful home page to load. Trying to use the search box before the home page loaded would not work and you'd be stuck in some no-results-but-now-the-client-won't-answer-any-new-requests purgatory. Just awful.

To pile on insult to injury, Y!Unlimited no longer lets me download music as they insist I've installed they crappy software on too many computers when in fact I've never installed it on more than 3 computers the entire time I had the service, although they seem to think otherwise. An email to Yahoo's alleged customer support afforded no reply to my plight.

Not that I can install Yahoo Music Player on my Win2003 server, where I do most of my work. Nor can I access their service through an alternate music player like Winamp or Windows Media Player.

I've come to the conclusion that Yahoo just offers so many services they just don't care what the quality of the service, the software or the whole users experience. On average, they appear to be accumulating income so who cares, right? After all, "a fool and his money are easily parted".

Well, I'm not the fool anymore. Good-bye Y!Unlimited, may I never hear your name or catch sight of your last-rate music services.

However, I still like the subscription model because you get so much for relatively little and being able to walk away with it in my mp3 player of choice is just fine by me. I'd long known about Napster and even had friends who tried it and liked it. If only they had tried other music services they could have pointed out to me how fast Napster is over Yahoo. The difference is night and day, yet they offer content in the same manner, an embedded browser in a proprietary app. Just better provisioning of resources, I'd guess. So what if some of my favourite albums aren't in Napster, at least I can search for 3 or 4 alternatives in the same amount of time it takes to find one album on Yahoo.

Pile onto that that I don't even need their standalone app, I've already loaded the Napster plugin to Windows Media Player on my Win200 server and I'm read and raring to take it for a test drive.

Now if only there was a place for me to find out reliable information about all the online services instead of having to waste my time and money with places that are only serving the bottom line instead of their customers!

Tags: music, drm, yahoo, napster

Can anybody tell me why my "Low Battery" alarm on my cellphone invariably goes off in the middle of the night? Technology? BAH. I'd rather have my cellphone go to sleep for six hours and inform me at a more decent hour.

Tags: criticism