Best Gear Oils for a Subaru WRX MY08

Gearbox / Centre Differential gear oil

Subaru Extra-S 75W-90 is a highly refined mineral gear oil. The gear oil is manufactured by a subsidiary of Shell in Japan and only sold in 25L drums. Extra-S is not only made to Subaru specs but is the factory full in the gearbox / centre diff and rear diff for the WRX. Whille Extra-S is not sold in Australia, I import it by the litre from U.S.A. The gearbox of the WRX is really fussy so don’t use a fully synthetic gear oil or you will differently get grind. Since this oil isn’t synthetic I would change it more frequently. Extra-S doesn’t like the cold so don’t use it is you live where is snows. I change this gear oil every 25,000 KM.

Rear Differential gear oil

Motul Gear 300 75W-90 is a fully synthetic ester (grade 5) gear oil. This oil works very well in the cold and hot temps. Gear 300 handles the heat really well which is important since the rear diff is small, only taking 0.8L or 1L for Australian models. Gear 300 lowers the noise of the rear diff compared to OEM Extra-S. Since this gear oil is designed for rally / track use I would change it more frequently. I change this gear oil every 25,000 KM. Subaru Extra-S gear oil 75W-90 and Motul Gear 300 gear oil 75w90

Best Engine Oils for a Subaru WRX MY08

Engine oil for Winter

Motul 8100 X-cess 5W-40 is a fully synthetic POE (grade 4) engine oil. I change this oil every 6,500-7,500 KM. Personally I be leave the oil change interval of 12,500 KM for a turbo charged Subaru is far to high. I use an engine oil with a 5W to help with the cold starts in the morning (4*C to 4*C). I’ve had good results with this engine oil and will continue to use it next winter. This fully synthetic engine oil with multiple manufacture approvals performs very well and I highly recommend it. I use an OEM Subaru oil filter.

Motul 8100 X-cess 5W-40 engine oil

Engine oil for Summer

Motul 8100 X-max 10W40 is a fully synthetic POE (grade 4) engine oil. I began using X-max to combat my thermal stress causing shearing issue I had when using X-cess during summer. With multi-grade SAE oils, the broader the SAE numbers the more viscosity improver needed. In a engine oil with a very broad multi-grade SAE such as 0W-40 or 5W-50, more viscosity improver is used. Viscosity improver (VI) is often the first component to degrade in fully synthetic oils, well before the base oil degrades. I use a 10W-40 SAE to to help with the hot summer days (28*C to 45*C with an average of 32*C). I change this oil every 8,000-9,000 KM. On paper this oil is very close to the specs of Shell Rotella 5W-40 full synthetic which has been raved about on most U.S Subaru forums but isn’t sold in Australia. I use an OEM Subaru oil filter.

Motul 8100 X-max 10W40 engine oil

Engine oil for Track Days

Motul 300V Chrono 10W-40 is a fully synthetic ester (grade 5) engine oil. This is a racing oil and should be used as such. I wouldn’t recommend using it for daily use as it lacks the amount of detergents normal engine oils would contain. Before a track day I would dump out the existing oil and fill it with 300V. I change this oil every 5,000 KM. The use of an ester base stock means the oil will be able to withstand high engine temps without shearing. I would recommend using a pink STI oil filter when using this oil. Motul 300V Chrono 10W-40 racing engine oil

Remove Symantec Endpoint Protection with CleanWipe

Within Department of Education and Early Childhood Development (DEECD) schools also known as Victorian Government schools we run Symantec Endpoint Protection (SEP) for our Anti-Virus program.

Our schools were recently informed to upgrade SEP 12.1 RU1 from SEP 11. I installed the upgrade onto one of my Windows 2008 R2 servers at work and found a bug which enables all network interfaces, including disabled ones at boot. This was rather annoying as some of my servers have up to 4 network interfaces of which not all are used and need to remain disabled. For more information on the bug visit the Symantec website http://www.symantec.com/business/support/index?page=content&id=TECH185646.

I was informed by a technician at DEECD that the bug was resolved in SEP 12.1 RU1 MP1. The 32bit version of the patch applied without issue but when I applied the 64bit patch I ran into mayor issues after reboot. I seemed that the patch failed to apply and now windows has SEP listed in the installed programs list twice. I was unable to remove either version of SEP.

I contacted Symantec and created a case where I requested CleanWipe. Less than 24 hours later I was contact by Symantec and provided with a username and password to download cleanwipe from https://fileshare.symantec.com.

You can download version 12.1.2015.2015 of CleanWipe from my web site if you wish, click HERE or HERE (Google Drive) to start Download. The password for the zip is symantec.

Filter YouTube with YouTube For Schools and squidGuard

Before we start

Your LAN must already run a production instance of squid running on a Linux operating system such as Ubuntu.

For this guide, I was using Ubuntu Server 12.04 LTS which ships with squid/3.1.19. The guide has been tested on both 32 & 64 bit builds.

Ensure the following top-level domains are not blocked

youtube.com
ytimg.com

Sign up for a YouTube for school account

Go to http://www.youtube.com/account_school and sign up for a YouTube For school Account. The sign up process should only take minutes.

Once you account is created go to http://www.youtube.com/account_school and under the Instrucations heading, Step 1, search for the following string X-YouTube-Edu-Filter: the random numbers and letters after that string are your account ID. The account ID is required for the redirection to work correctly. Please document your account ID.

ABCD1234567890abcdef

Install squidGuard

squidGuard is the URL rewrite program. To install use the following command

proxy:~$ sudo apt-get install squidguard

Edit squidGuard configuration

Lets backup the default squidGuard configuration as it has examples which as useful but none of which we require.
proxy:~$ sudo cp -v /etc/squid/squidGuard.conf /etc/squid/squidGuard.conf.original

So time to edit the squidGuard configuration and make it work for you.

proxy:~$ sudo vim /etc/squid/squidGuard.conf

Remove all the examples and paste in the new configuration from below. Please replace ABCD1234567890abcdef with your YouTube for Schools Account ID. Save and exit

#
# CONFIG FILE FOR SQUIDGUARD
#
# Caution: do NOT use comments inside { }
#
dbhome /var/lib/squidguard/db
logdir /var/log/squid
# ACL RULES:
#
rew youtube {
 s@(http://www.youtube.com/watch\?v=.*)@\1\&edufilter=ABCD1234567890abcdef@i
}
acl {
 default {
 pass any
 rewrite youtube
 }
}

Add squidGuard into your squid configuration

proxy:~$ sudo vim /etc/squid3/squid.conf

Search for url_rewrite_program and insert the following line. Save and exit.

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

Restart squid to enable squidGuard

To enable the config changes to the squid service.

proxy:~$ sudo service squid3 restart

YouTube for schools in now enabled

When you load http://www.youtube.com you be able to see all videos listed on the main page but when you attempt to watch these videos you will only be able to view content classified as educational by youtube or content that the has been added to the schools youtube account’s playlists.

While you can add staff into a list of teachers that can view all content, only the administrator (schools youtube account) can add content to be viewed by all students.

You may want to block access to youtube.com via HTTPS as squidGuard rewrite is unable to intercept SSL connections.

References

http://www.youtube.com/account_school

http://support.google.com/youtube/bin/static.py?hl=en&page=guide.cs&guide=2592683&topic=2592688

http://support.google.com/youtube/bin/static.py?hl=en&guide=2592683&topic=2592688&page=guide.cs&answer=2695317

http://squidguard.shalla.de/config/#Rewritegroups

https://help.ubuntu.com/community/SquidGuard

Configure HP Procurve Switch via Command Line Interface

After getting my eyes of a Cisco 2960 configured created by DEECD, I decided to replicate their config on our HP Procurve switches.

Connect to the switch via telnet or the serial console and enter config mode

switch# config

Set IP address gateway

ip default-gateway 10.136.236.1

Set hostname and contact details

switch(config)# hostname "2510_01"
2510_01(config)# snmp-server contact "tyrone.wyatt@gmail.com"
2510_01(config)# snmp-server location "Senior Campus, Server Room"

Set timezone and network time protocol details

2510_01(config)# timesync sntp
2510_01(config)# sntp server 10.10.20.69
2510_01(config)# sntp unicast

Set timezone offset from GMT in minutes

2510_01(config)# time timezone 600

Enable web management SSL and disable web management plaintext

2510_01(config)# crypto key generate cert 1024
2510_01(config)# crypto host-cert generate self-signed
Validity start date [10/21/2012]: 10/21/2012
Validity end date [10/21/2013]: 10/21/2018
Common name [0.0.0.0]: 10.136.236.68
Organizational unit [Dept Name]: ICT
Organization [Company Name]: XXXX College
City or location [City]: XXXX
State name [State]: VIC
Country code [US]: AU
2510_01(config)# web-management ssl
2510_01(config)# no web-management plaintext

Enable SSH and disable telnet

2510_01(config)# crypto key generate ssh
Installing new RSA key. If the key/entropy cache is depleted, this could take up to a minute.

Enable SSH version 2 if supported

2510_01(config)# ip ssh version 2

Enable SSH version 1 if version 2 isn’t supported

2510_01(config)# ip ssh
2510_01(config)# no telnet-server

Set username and passwords

2510_01(config)# password manager user-name admin
2510_01(config)# password operator user-name monitor

Set banner

2510_01(config)# banner motd %
#######################################################################
# Authorised Users Only #
# The information on this computer and network is the property of #
# <COMPANY NAME> and is protected by intellectual property #
# rights. You must be assigned an account on this computer to #
# access the information and are only allowed to access information as #
# defined by the System Administrator(s). Your activities are #
# monitored for security reasons. #
########################################################################
%

Set name for interface/s

interface B1-B6 name " "

Save and view the configuration

2510_01(config)# write memory
2510_01(config)# show run

References

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c01868095/c01868095.pdf
http://www.rienbroekstra.nl/?q=node/18
http://linuxman.wikispaces.com/HP+ProCurve+E-series+setup

Uptime Monitoring with Pingdom

The other day I signed up for uptime monitoring with Pingdom for my website. I decided to find out how much downtime my own site really has. The issue of down time was brought to light after some of the other websites I administrator for work having technical issues causing downtime

The things I like about Pingdon is that you can can monitor 1 site for free and they host a public report of your sites uptime. My uptime report can be found here http://status.cloudportal.org/

If you are interested in creating a stats page for your domain have a look here http://blog.pingdom.com/2011/04/01/public-status-pages-under-your-own-custom-domain/

WordPress Comments and Varnish

After along time searching for the answer to fix my issue of where users post a comment and the IP address in the comment is of my Varnish server not the clients IP address who made the comment. Well this issue is now resolved after finding this post! http://theterminaladmin.com/wordpress-comments-and-varnish/

Ironically I couldn’t post a comment of gratitude onto his word-press site as I got a submitting error.

Just in-case is website disipears his post was the following:

While setting up this site I ran into an issue where comments posted were reporting the IP address as 127.0.0.1. This looked to be coming from Varnish and luckily, is fixable by editing two WordPress files.

The first is $document_root/wp-includes/pluggable.php. Add the following lines anywhere in the file:

if ( !function_exists('get_user_real_ip') ) { function get_user_real_ip() { $userip = ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; return $userip; } }

The second is $document_root/wp-includes.comment.php:

Replace the following line:

 $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] );

With:

 $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',get_user_real_ip() );

A simple fix but it works. You may need to re-apply this if you update/re-install WordPress but that is trivial at this point considering how easy it is :)

Web Server Upgrade Time Baby!

After many years of having my website hosted on a generic home-made server I have  upgraded to a newer server.

The new server is a HP ProLiant DL360 G3 with the specs-
CPU x2: Intel Xeon 3.06GHz
RAM: 2.5Gb ECC
HDD: x2 146.6GB SCSI 10,000RPM in a RAID1

The old server was a Intel D845EWD entry-level server motherboard with the specs-
CPU: Intel Pentium 4 3.0GHz
RAM: 2Gb non ECC
HDD x2 80 IDE in a RAID 1, 3x 300Gb SATA1 in a RAID5 on a Adaptec PCI Hardware RAID controller
Case: Antec beige tower

The choice of which Linux distribution to use was a not a decision I look lightly. In the end Ubuntu 12.04 LTS won over Centos 6.2. Both operating systems offered an awesome Enterprise OS but I am familiar with Ubuntu and already use it on my desktop and other servers.

I upgraded my firewall server a few weeks ago and since then have performed some tweaks to varnish the reverse web proxy service and now my website should load quicker and almost be slashdot proof. I think only only issue now is my lack of upload bandwidth and my ADSL router is crappy.

YouTube HTML5 Vs Flash

This is the first time I’ve done and performance tests between HTML5 and Flash. Lets see how this goes.

Firstly the computer I’m running is

The web browser I’m running is Google Chrome Version 19.0.1084.46

I watched a YouTube video http://www.youtube.com/watch?NR=1&feature=endscreen&v=iMP3PsKmcyU in 720p HD full screen
 

 

 

 

 

I watched the video in Flash v11.2.202.235 and the system resources looks as like
 I went to the url http://www.youtube.com/html5 and enabled HTML5

Watched the same video again in HTML5 and the system resources looks as like
 I was pleased by the cpu load reduction but I was very impressed by the improved picture quality.

Adobe Flash 11.2 Background Updates from an Internal Server

One major problem with Adobe Flash Player is that the software often has vulnerability which allow code to take control of a users system. The issue is gets worse by the fact most enterprise environments wont allow their users to have Administrator user rights to reduce the amount of viruses, malware and spyware installed thus not allowing the same users to install the latest version of Adobe Flash Player and leaving them with outdated versions which are vulnerable.

After GOOGLING to try and find a workable restitution I found http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html which talked about a new option in Adobe Flash Player called SilentAutoUpdate. This new option allows System administrators to push settings to Adobe Flash Player by creating a text file called mms.cfg in the users C:\Windows\System32\Macromed\Flash for Windows 32bit or C:\Windows\SysWOW64\Macromed\Flash for Windows 64bit. I’m not going to go into to much detail but I at my work I could use Group Policy to copy this file I’ve created to all my users computer to allow SilentAutoUpdate. SilentAutoUpdate works by a task in the systems Task Scheduler being created and running once a day. This task starts a service called  AdobeFlashPlayerUpdateSvc. The service program is located in the same location as the mms.cfg file called FlashPlayerUpdateService.exe. The FlashPlayerUpdateService.exe reads the mms.cfg file. To enable the SilentAutoUpdate option to log add SilentAutoUpdateVerboseLogging=1 into the mms.cfg file.

The only issue I have with the SilentAutoUpdate option is that the software must have direct access to the internet via ports 443 and 80. In some enterprise environments such as mine must access the internet via a proxy which causes the SilentAutoUpdate to fail to update.

1 way around the SilentAutoUpdate not working via a web proxy is to create an internal mirror. This can be done by following the instructions on the http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_11_2_admin_guide.pdf pages 17-19. Once creating a local mirror you can add the option SilentAutoUpdateServerDomain=server.domain.com to your mms.cfg file which tells your FlashPlayerUpdateService access the update files via your web server rather than the internet directly.

My MMS.CFG file for testing looks like this but once working I would remove the VerboseLoging option to reduce the log file size. The settings below turn off gui updates and enable silent updates:

AutoUpdateDisable=0
SilentAutoUpdateEnable=1
SilentAutoUpdateServerDomain=firewall.cloudportal.local
SilentAutoUpdateVerboseLogging=1

Then my other issue was how to I keep my mirror synced with Adobes so I created a Shell Script to do it for me in a daily cron job. The script creates the folder structure, uses wget to download the files and logs everything it does. Save the text below as adobe-flash-background-updates.sh and ensure the paths are correct before running. To run the script run the command sudo sh ./adobe-flash-background-updates.sh once you know to the script is working for you add it to cron.

#!/bin/sh

########## INTOMATION ABOUT SCRIPT ##########

# This Script Titled adobe-flash-background-updates and was written by Tyrone Wyatt of www.cloudportal.org.
# This Script is open to use by everyone and is not under any licence.
# See flash_player_11_2_admin_guide.pdf for more infomation on how this script is required to function.

########## SCRIPT CONFIG ##########

# The TITLE option is the scripts name
TITLE=adobe-flash-background-updates

# The LOG option is the log file.
LOG=/var/log/$TITLE.log

# The SOURCE option is the mirror on which you would like to download the flash files from.
SOURCE=http://fpdownload2.macromedia.com

# The DESTINATION option is where you would like your downloaded files to go so they are accessable by your web service.
DESTINATION=/var/www

# The VERSION option is the current major version of Flash Player (for Flash Player 11.2, the major version is 11).
VERSION=11

########## SCRIPT CORE ##########

touch $LOG

echo “Welcome to $TITLE Script!”
echo “=O====== $(date) ========” >> $LOG 2>&1

if [ -d $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml ];
then
echo ‘Skipping destination folder structure creation.’
else
echo ‘Creating destination folder structure.’
sudo mkdir -v $DESTINATION/pub/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/ >> $LOG 2>&1
fi

echo ‘Downloading files…’
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z >> $LOG 2>&1

echo “Script complete! See log file for more infomation $LOG”
echo “=X====== $(date) ========” >> $LOG 2>&1

echo ‘ ‘ >> $LOG 2>&1

########## END OF SCRIPT ##########

I have been testing the script and am pleased to see it works well. The log file that the script creates looks much like the flashinstall.log for ease of reading.

If you require more infomation as I sometimes cut corners on documenting then you should read these other usful pages