Ok, so this like really sucks because it's a catch 22. Citrix web client by default disables caching of everything except for 8MB of RAM cache.
The fix is to go into your default.ica files and add these lines;
[WFClient]
PersistentCacheEnabled=On
PersistentCacheMinBitmap=2048
PersistentCacheSize=64424508
PersistentCachePath=%appdata%
Compress=On
MaximumCompression=On
OutBufCountHost=118
OutBufCountClient=118
OutBufLength=512
OutBufCountHost2=118
OutBufCountClient2=118
MouseTimer=200
KeyboardTimer=50
[Application]
PersistentCacheEnabled=On
PersistentCacheMinBitmap=2048
PersistentCacheSize=64424508
MaximumCompression=On
PersistentCachePath=%appdata%
Compress=On
The problem is that persistentcachepath does not allow variables such as %userprofile% until the 11.2 client, and users do not have access to the default paths.
If you don't specify PersistentPathCache, then PersistentCache is disabled. If you stick the cache in c:\temp and grant everyone full rights, it's a security issue.
The 11.2 client also removes PNAgent and program neighborhood. So it's a catch22. If you upgrade to 11.2, you can't connect to old farms. If you don't upgrade then Webclient bitmap caching doesn't work right.
If you have bandwidth detection enabled, then the ICA settings will be different. In our setup, we have only low bandwidth users. The low bandwidth ica is not combined with default.ica. Only settings in the specific ICA are used, they are not merged.
Tuesday, December 22, 2009
Thursday, June 4, 2009
Using IrfanView to make major image modifications.
This is posted mainly for my future reference, but it probably is helpful to others.
What I am doing is taking single page TIF Files of various sizes and DPI and creating a multi page PDF with proper formatting and aspect ratios. Below is the settings and code to do this using IrfranView. What I'm actually doing is much more complex than this, but this is enough of the code to figure it out without trial and error like I did. Ifranview has a lot more power than is documented.
The source files are single page TIF files of varying sizes at 200DPI. The destination is a PDF of same sized images which view and print nicely.
The INI file i_view32.ini has the following added to it to make these transitions;
[Batch]
AdvCrop=0
AdvCropX=0
AdvCropY=0
AdvCropW=0
AdvCropH=0
AdvCropC=0
AdvResize=0
AdvResizeOpt=0
AdvResizeW=966.00
AdvResizeH=1020.00
AdvResizeL=0.00
AdvResizeS=0.00
AdvResample=1
AdvResizePerc=0
AdvResizePercW=0
AdvResizePercH=0
AdvDPI=120
AdvResizeUnit=0
AdvResizeRatio=0
AdvNoEnlarge=0
AdvCanvas=1
AdvAddText=1
AdvUseBPP=0
AdvBPP=0
AdvUseFSDither=1
AdvAutoRGB=0
AdvHFlip=0
AdvVFlip=0
AdvRLeft=0
AdvRRight=0
AdvGray=0
AdvInvert=0
AdvSharpen=0
AdvGamma=0
AdvContrast=0
AdvBrightness=0
AdvSaturation=0
AdvColR=0
AdvColG=0
AdvColB=0
AdvSharpenVal=1
AdvGammaVal=0.00
AdvContrastVal=0
AdvBrightnessVal=0
AdvSaturationVal=0
AdvColRVal=0
AdvColGVal=0
AdvColBVal=0
AdvDelOrg=0
AdvOverwrite=1
AdvSubdirs=0
AdvSaveOldDate=0
AdvAllPages=1
AdvFineR=0
AdvFineRVal=0.00
AdvBlur=0
AdvBlurVal=1
AdvMedian=0
AdvMedianVal=3
AdvRbg=0
AdvBgr=0
AdvBrg=0
AdvGrb=0
AdvGbr=0
AdvAutoCrop=0
SaveExtension=tif
Work=0
RenamePattern=image###
UseAdvanced=1
OpenIndex=1
UseAdvanced=1
OpenIndex=1
[Effects]
UseResample=0
CanvB=1110
CanvW=1110
CanvColor=16777215
OilPaint=0
RotateDegrees=0
CanvL=0
CanvR=966
CanvT=0
[BatchText]
AddText=www.YourWebsite.com
TextCoord=830;1050;960;1100;
Corner=0
Orientation=2
TranspText=0
FontColor=0
TxtBgkr=16777215
FontParam=-13|0|0|0|400|0|0|0|0|3|2|1|34|
Font=Arial
The code below is VBScript for applications which makes this change.
This is a subsection of code.
for looper = 1 to cnt2
WriteInfo "mailfile:" & PDFFileName, TIFFilename
'Convert all the TIFs in the owerns folder to 120 DPI for printing to look right;
Shellto = "C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "\" & Cstr(looper) & ".tif" + chr(34) + " /advancedbatch /silent /dpi=(120,120) /crop=(0,0,966,1110) /append=" + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "aaaa.tif" + chr(34) & " /convert"
WriteInfo "Shellto:" & Shellto
Set oShell = CreateObject("WScript.Shell")
rc = oShell.Run(ShellTo,4,false)
'need to add code to wait until shell is complete
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='i_view32.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count 'it can be more than 1
Do While iniproc <> 0
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='i_view32.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count
Loop
set cproc=nothing
set svc=nothing
next
'Take the TIF
'Shellto = "C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + TIFFileName + chr(34) + " /silent /dpi=(120,120) /convert=" + chr(34) + PDFFileName + chr(34)
Shellto = "C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "aaaa.tif" + chr(34) + " /silent /dpi=(120,120) /convert=" + chr(34) + PDFFileName + chr(34) & " /convert"
WriteInfo "Shellto:" & Shellto
'Dim oShell
Set oShell = CreateObject("WScript.Shell")
rc = oShell.Run(ShellTo,4,false)
'need to add code to wait until shell is complete
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='i_view32.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count 'it can be more than 1
Do While iniproc <> 0
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='i_view32.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count
Loop
set cproc=nothing
set svc=nothing
Understanding it. The INI addes a white border to the right at bottom of the image. It is X and Y are the page width and lenght of the largest page. Think of it this way. If you get a TIF image which is 1x1 then this will add a border to make it a full page. If it's already a full page, you have a huge image. But that is ok at this point. I specify white for this border as this is a text image. This is the settings CanvR CanvW CanvH.
The INI also puts a watermark in an X Y position which in this case will be the lower right corner of the page. www.Yourwebsite.com.
i_view32.exe " + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "\" & Cstr(looper) & ".tif" + chr(34) + " /advancedbatch /silent /dpi=(120,120) /crop=(0,0,966,1110) /append=" + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "aaaa.tif" + chr(34) & " /convert"
So this says take a source TIF, run it through the advanced batch conversion settings explained above, do this silently if there is an error (don't stop), modify the print DPI to 120x120, then crop that result down to 966x1110 and append that to a multipage TIF. /convert at the end tells Irfanview to close after all of this is done.
C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + TIFFileName + chr(34) + " /silent /dpi=(120,120) /convert=" + chr(34) + PDFFileName + chr(34)
Shellto = "C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "aaaa.tif" + chr(34) + " /silent /dpi=(120,120) /convert=" + chr(34) + PDFFileName + chr(34) & " /convert"
This takes the resulting multipage TIF file and converts it to a multipage PDF using the Alternatif PDF Pluging (You have to have the addon plugins.)
This is the result of several weeks of discovery. Many of these features of Irfanview seem poorly documented. Once you discover the true power of the program, it is an amazing piece of software.
What I am doing is taking single page TIF Files of various sizes and DPI and creating a multi page PDF with proper formatting and aspect ratios. Below is the settings and code to do this using IrfranView. What I'm actually doing is much more complex than this, but this is enough of the code to figure it out without trial and error like I did. Ifranview has a lot more power than is documented.
The source files are single page TIF files of varying sizes at 200DPI. The destination is a PDF of same sized images which view and print nicely.
The INI file i_view32.ini has the following added to it to make these transitions;
[Batch]
AdvCrop=0
AdvCropX=0
AdvCropY=0
AdvCropW=0
AdvCropH=0
AdvCropC=0
AdvResize=0
AdvResizeOpt=0
AdvResizeW=966.00
AdvResizeH=1020.00
AdvResizeL=0.00
AdvResizeS=0.00
AdvResample=1
AdvResizePerc=0
AdvResizePercW=0
AdvResizePercH=0
AdvDPI=120
AdvResizeUnit=0
AdvResizeRatio=0
AdvNoEnlarge=0
AdvCanvas=1
AdvAddText=1
AdvUseBPP=0
AdvBPP=0
AdvUseFSDither=1
AdvAutoRGB=0
AdvHFlip=0
AdvVFlip=0
AdvRLeft=0
AdvRRight=0
AdvGray=0
AdvInvert=0
AdvSharpen=0
AdvGamma=0
AdvContrast=0
AdvBrightness=0
AdvSaturation=0
AdvColR=0
AdvColG=0
AdvColB=0
AdvSharpenVal=1
AdvGammaVal=0.00
AdvContrastVal=0
AdvBrightnessVal=0
AdvSaturationVal=0
AdvColRVal=0
AdvColGVal=0
AdvColBVal=0
AdvDelOrg=0
AdvOverwrite=1
AdvSubdirs=0
AdvSaveOldDate=0
AdvAllPages=1
AdvFineR=0
AdvFineRVal=0.00
AdvBlur=0
AdvBlurVal=1
AdvMedian=0
AdvMedianVal=3
AdvRbg=0
AdvBgr=0
AdvBrg=0
AdvGrb=0
AdvGbr=0
AdvAutoCrop=0
SaveExtension=tif
Work=0
RenamePattern=image###
UseAdvanced=1
OpenIndex=1
UseAdvanced=1
OpenIndex=1
[Effects]
UseResample=0
CanvB=1110
CanvW=1110
CanvColor=16777215
OilPaint=0
RotateDegrees=0
CanvL=0
CanvR=966
CanvT=0
[BatchText]
AddText=www.YourWebsite.com
TextCoord=830;1050;960;1100;
Corner=0
Orientation=2
TranspText=0
FontColor=0
TxtBgkr=16777215
FontParam=-13|0|0|0|400|0|0|0|0|3|2|1|34|
Font=Arial
The code below is VBScript for applications which makes this change.
This is a subsection of code.
for looper = 1 to cnt2
WriteInfo "mailfile:" & PDFFileName, TIFFilename
'Convert all the TIFs in the owerns folder to 120 DPI for printing to look right;
Shellto = "C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "\" & Cstr(looper) & ".tif" + chr(34) + " /advancedbatch /silent /dpi=(120,120) /crop=(0,0,966,1110) /append=" + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "aaaa.tif" + chr(34) & " /convert"
WriteInfo "Shellto:" & Shellto
Set oShell = CreateObject("WScript.Shell")
rc = oShell.Run(ShellTo,4,false)
'need to add code to wait until shell is complete
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='i_view32.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count 'it can be more than 1
Do While iniproc <> 0
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='i_view32.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count
Loop
set cproc=nothing
set svc=nothing
next
'Take the TIF
'Shellto = "C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + TIFFileName + chr(34) + " /silent /dpi=(120,120) /convert=" + chr(34) + PDFFileName + chr(34)
Shellto = "C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "aaaa.tif" + chr(34) + " /silent /dpi=(120,120) /convert=" + chr(34) + PDFFileName + chr(34) & " /convert"
WriteInfo "Shellto:" & Shellto
'Dim oShell
Set oShell = CreateObject("WScript.Shell")
rc = oShell.Run(ShellTo,4,false)
'need to add code to wait until shell is complete
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='i_view32.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count 'it can be more than 1
Do While iniproc <> 0
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='i_view32.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count
Loop
set cproc=nothing
set svc=nothing
Understanding it. The INI addes a white border to the right at bottom of the image. It is X and Y are the page width and lenght of the largest page. Think of it this way. If you get a TIF image which is 1x1 then this will add a border to make it a full page. If it's already a full page, you have a huge image. But that is ok at this point. I specify white for this border as this is a text image. This is the settings CanvR CanvW CanvH.
The INI also puts a watermark in an X Y position which in this case will be the lower right corner of the page. www.Yourwebsite.com.
i_view32.exe " + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "\" & Cstr(looper) & ".tif" + chr(34) + " /advancedbatch /silent /dpi=(120,120) /crop=(0,0,966,1110) /append=" + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "aaaa.tif" + chr(34) & " /convert"
So this says take a source TIF, run it through the advanced batch conversion settings explained above, do this silently if there is an error (don't stop), modify the print DPI to 120x120, then crop that result down to 966x1110 and append that to a multipage TIF. /convert at the end tells Irfanview to close after all of this is done.
C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + TIFFileName + chr(34) + " /silent /dpi=(120,120) /convert=" + chr(34) + PDFFileName + chr(34)
Shellto = "C:\Progra~1\IrfanView\i_view32.exe " + chr(34) + "c:\temp\stm\" & OWNERCLEAN & "aaaa.tif" + chr(34) + " /silent /dpi=(120,120) /convert=" + chr(34) + PDFFileName + chr(34) & " /convert"
This takes the resulting multipage TIF file and converts it to a multipage PDF using the Alternatif PDF Pluging (You have to have the addon plugins.)
This is the result of several weeks of discovery. Many of these features of Irfanview seem poorly documented. Once you discover the true power of the program, it is an amazing piece of software.
Monday, April 20, 2009
DL320 G3 drivers for non 2000/2003
The IDE is a Mega Raid IDE 100 from LSI; http://www.lsi.com/obsolete/megaraid_ide_100_2567.html?remote=1&locale=EN
The NICs are Broadcom nc7761 which are BCM5704. Find the BCM57xx series NIC drivers and you are set.
The NICs are Broadcom nc7761 which are BCM5704. Find the BCM57xx series NIC drivers and you are set.
Friday, January 2, 2009
Bypassing P2P restrictions by utilizing SMTP/POP3
I'm on the other end of the blocking side here. I actively try to block and or rate limit P2P traffic on my company LANs. We pay for bandwidth and it is many thousands of dollars extra a month to allow this, as we have over 100Mb/s worth of connectivity to the Internet.
I see the battles being played out. First it's a port range, now it can be any port. Then we were able to detect based on signatures in the unencrypted traffic so p2p was switched to SSL. Then we found out we could rate limit anything on a port other than 443 that was SSL but had an invalid certificate (with some exceptions.) So protocol obfuscation was added so we can't tell what protocol it is. But that has a pattern too. Some use bursting limits to detect this, some use packet counts to remote IP's.
There is a thought that this can be moved to UDP to bypass these restrictions due to the lack of SYN control. Plus with UDP and a remote "server", one can poke holes into any firewall and bypass inbound restrictions. But this counts on UDP being opened up outbound. While serving DNS from a local server, we could easily block UDP with a few exception sites.
My idea is to use SMTP and POP3 as additional protocols, not replacement. Using a dedicated real e-mail address for this. If I detect a very tight network such as what I have (eMule gets 1kb/s, Gnutella about 10kb/s on the open network, completely blocked on the closed network) then send my "p2p" e-mail address out to peers, and ask for theirs.
Do an initial exchange setup verify. A remote peer sends my e-mail address an e-mail to verify it can talk to me, and I send one to it. If the software verifies connectivity then packets are sent out via SMTP and downloaded via POP3. This can been over SSL if needed. This is done to prevent some innocent from getting bombarded with these mails.
The e-mails would have nothing in the headers to do pattern matching against. They would generate a very basic envelope. The subject would be completely random set of words. The body would also include a random set of words or phrases. The math behind this would be ever changing to prevent Bayesian filtering. The e-mail body (not attachment) would contain the “packet” to be transferred in lines that are between 5 and 70 characters in length. These lines would be SMTP RFC character set compliant. Each e-mail would be no more than 1Mbit in size. This would be data that is encrypted using something like AES or TwoFish and then mime encoded.
The peer I am requesting data from would send this to it's SMTP server, which would end up making it to my POP3 server. My P2P client would download the e-mail and decode it. I would send back an ACK to the peers e-mail address and await the next packet via POP3.
This would place a huge load on ISP mail servers. Most ISPs block outbound port 25, mandating the use of their SMTP servers though. If we used any other port, then packet shaping would work again.
The idea is that this would be just one of many ways to transfer data. The P2P client would try and figure out which was was the fastest by trying each method. If it finds one method is much faster than another, then it would prefer that for a period of time. If the ISP has their bandwidth shaping between the Internet and their own networks it is possible that this could bypass those filters. If you are on ISP#1 and 20 other peers are too, and you are using their mail servers, all such transfers are local and would not pass by such a bandwidth filter.
An example of an exchange;
From:
To:
Subject: One was fast not enough more time
Date: Tue, 22 Apr 2008 00:53:11 -0700
Message-ID: <12394@ru.dot>
MIME-Version: 1.0
Importance: normal
Priority: normal
This time once fast was enough blow down sky tonight. Lost ever more not as such. Could be nice review this.
ADSK3K39VK2KJN3LKC0A9DFLKJ23LKNL2K3N4K3909DFALDFK
ASLKFJ2LK3J4L2K3L2K3J490GBLAK1JH2LH509BUASDLKFJASED
9A99DLKD988323JHLKBN2LK3HJLKB09ASDFL23KHL5908GKLAA
I see the battles being played out. First it's a port range, now it can be any port. Then we were able to detect based on signatures in the unencrypted traffic so p2p was switched to SSL. Then we found out we could rate limit anything on a port other than 443 that was SSL but had an invalid certificate (with some exceptions.) So protocol obfuscation was added so we can't tell what protocol it is. But that has a pattern too. Some use bursting limits to detect this, some use packet counts to remote IP's.
There is a thought that this can be moved to UDP to bypass these restrictions due to the lack of SYN control. Plus with UDP and a remote "server", one can poke holes into any firewall and bypass inbound restrictions. But this counts on UDP being opened up outbound. While serving DNS from a local server, we could easily block UDP with a few exception sites.
My idea is to use SMTP and POP3 as additional protocols, not replacement. Using a dedicated real e-mail address for this. If I detect a very tight network such as what I have (eMule gets 1kb/s, Gnutella about 10kb/s on the open network, completely blocked on the closed network) then send my "p2p" e-mail address out to peers, and ask for theirs.
Do an initial exchange setup verify. A remote peer sends my e-mail address an e-mail to verify it can talk to me, and I send one to it. If the software verifies connectivity then packets are sent out via SMTP and downloaded via POP3. This can been over SSL if needed. This is done to prevent some innocent from getting bombarded with these mails.
The e-mails would have nothing in the headers to do pattern matching against. They would generate a very basic envelope. The subject would be completely random set of words. The body would also include a random set of words or phrases. The math behind this would be ever changing to prevent Bayesian filtering. The e-mail body (not attachment) would contain the “packet” to be transferred in lines that are between 5 and 70 characters in length. These lines would be SMTP RFC character set compliant. Each e-mail would be no more than 1Mbit in size. This would be data that is encrypted using something like AES or TwoFish and then mime encoded.
The peer I am requesting data from would send this to it's SMTP server, which would end up making it to my POP3 server. My P2P client would download the e-mail and decode it. I would send back an ACK to the peers e-mail address and await the next packet via POP3.
This would place a huge load on ISP mail servers. Most ISPs block outbound port 25, mandating the use of their SMTP servers though. If we used any other port, then packet shaping would work again.
The idea is that this would be just one of many ways to transfer data. The P2P client would try and figure out which was was the fastest by trying each method. If it finds one method is much faster than another, then it would prefer that for a period of time. If the ISP has their bandwidth shaping between the Internet and their own networks it is possible that this could bypass those filters. If you are on ISP#1 and 20 other peers are too, and you are using their mail servers, all such transfers are local and would not pass by such a bandwidth filter.
An example of an exchange;
From:
To:
Subject: One was fast not enough more time
Date: Tue, 22 Apr 2008 00:53:11 -0700
Message-ID: <12394@ru.dot>
MIME-Version: 1.0
Importance: normal
Priority: normal
This time once fast was enough blow down sky tonight. Lost ever more not as such. Could be nice review this.
ADSK3K39VK2KJN3LKC0A9DFLKJ23LKNL2K3N4K3909DFALDFK
ASLKFJ2LK3J4L2K3L2K3J490GBLAK1JH2LH509BUASDLKFJASED
9A99DLKD988323JHLKBN2LK3HJLKB09ASDFL23KHL5908GKLAA
Subscribe to:
Posts (Atom)