Jakub Anderwald

Apart from the well-known authentication methods available in IIS:

• Anonymous
• Basic
• Digest
• Integrated Windows

you can enable Client Certificate mapping, to map users holding a specific certificate to a pre-defines user account. For some reason, this method is not alway mentioned in IIS documentation under “authentication” topic. It is, however, very useful for authenticating users across companies, or to grant access to applications – it’s hard to expect a service to type in its username and password.

You can enable all the authentication methods (including certificate mapping) independently. As you probably know, anonymous authentication “always wins” – if you enable it and any other authentication scheme, user will always come as anonymous.

The reason for that is how HTTP authentication is implemented. If an HTTP client, e.g. a web browser, requests a page that is part of a protected realm, the server responds with a 401 Unauthorized status code and includes a WWW-Authenticate header field in his response. This header field must contain at least one authentication challenge applicable to the requested page. Next, the client makes another request, this time including an Authentication header field which contains the client’s credentials applicable to the server’s authentication challenge. If the server accepts the credentials, it returns the requested page. Otherwise, it returns another 401 Unauthorized response to inform the client the authentication has failed.

If you enable anonymous authentication, client is not replied with 401 HTTP code, it gets the content instead – so it has no chance to provide the authentication information.

How does that relate to certificate client mapping? It’s different. Client certificate is sent by the browser with first request, without being asked for. This means – if you enable any “regular” authentication scheme and client certificate mapping, client certificate always wins. The first request will come with the certificate – so the web server will not responds with HTTP 401 and the WWW-Authenticate header.

If you want to do some tests, I recommend, as usual, the small but powerful WFetch tool. It can send any “generic” certificate to the web server or use a certificate you already have installed.

We had a weird case some time ago on one of our Windows 2003 server. After we made changes to IIS configuration, more specifically – one virtual folder – the whole IIS stopped. This of course caused outage for some applications, some were switched over to secondary server by load balancer.

User making the change said he didn’t do a thing to whole IIS, only made changes in one virtual folder and recycled its application pool. Moreover, he checked other applications’ accessibility after making this change. All was fine.

What we cound find in the logs was:

Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: None
Event ID: 1023
Date: Date
Time: Time
User: N/A
Computer: Web server name
Description:
Restarting W3SVC

That directed us to the following Microsoft KB article: If you make some changes to the ASP.NET 2.0 Web site properties and you click the ASP.NET tab in IIS Manager, the W3SVC service may be restarted unexpectedly. It turns out that if you make changes to a virtual folder, and click the ASP.NET tab, IIS can restart itself. What’s more, it does it not immediately, but after some short amount of time.

And in our case, IIS did not restart. It stopped and then couldn’t start for some reason. Simple iisreset /start did the job, but the idea of webserver stopping itself when it wants is hillarious.

Due to recent Starcraft 2 beta release, I started playing 3D games more often (almost daily, I must say). However, one problem appeared: my graphics card was overheating. I measured the temperature and it was going up to 110 degrees, then the game was slowing down making it hard to play.

I did some research on the GeForce 8800 GTS I am using and it turned out that:
1/ I am running those cards way too hot, even when idling.
2/ They tend to overheat, especially when they don’t have enough airflow.

As I have quite a dense environment with two GPUs, the overheating was understandable.

After some gooling, I found a custom cooler ZEROtherm Hurricane HC92 Cu 8800 to provide the best cooling results, but it was quite loud. I read some reviews of other 3rd-party coolers and they weren’t that effective, so I got the Zerotherm. Just notice, it will consume 2 additional PCI slots below you GPU, be prepared for that.

It came in a nice box, with installation manual (with miniature images, so I downloaded the PDF version to see them better) and all the required stuff. Unfortunately, I also got a dried-out thermal grease, so had to buy a new one in a nearby store.

The whole operation took around 1 hour. Here’s the toolset (thanks to my girlfriend for having the nail polish remover)

First step is to remove the OEM cooler from the card. There’s a lot of screws for that, also at the end you have to detach it from the GPU with some force Once you feel it moves on the GPU surface freely, it means it’s kept only by the thermal grease and you can pull it off safely. Then you get some alcohol- or acetone-based fluid and clean off the old grease from card. The results should look like this:

Then you stick all the small heatsinks onto memory chips, NVIO (with extra help from two plastic mounting legs) and FETs. The manual says here

Do not apply excessive force until the adhesive tape of the memory heat sink is completely attached.

which got me a bit confused, whether shall I apply excessive force after it’s attached or not. I decided not to try braking my card in half, but left the heatsinks movable a bit. They didn’t fall off, so I guess it’s OK.

Then you mount the central module with heat pipes and fan. Just remember to remove the transparent sticky tape from the copper base. I forgot to do it and had to remove the module again and add some more thermal grease. At least I realized before starting the card up!

Then you just need to mount the card back into your PC, find some space around it and you’re done!

There’s also a wired fan speed controller, which you need to place somewhere. I put it on top of my DVD recorder, so it’s accessible without opening the case, and not spoiling the looks.

So, how does it work?

Idle temperature fell down from around 75 degrees to 60. During gaming it’s between 75 (on maximum fan speed) and 90 (on lowest fan speed).

However, what’s more important – the binary result is “it worked”. I can now play games at maximum details and the card doesn’t overheat. I don’t really care if it’s 5 degrees higher or lower, I do care if I can use my card at full performance. Yes, I can – so this was a good investment.

As you can see, I joined Flattr beta.

If you don’t know it yet, have a look. It’s a flat rate (hence the name) donation system, where you pay some flat amount of money every month and it’s distributed to authors of things you “flatter” that month. To flatter a thing, click the orange / green button underneath each blog post.

Let’s see how it developes, but it might be “the way”.

I never liked Quicktime. The Windows player for it was always incompatible, slow, hanging. It also used it’s own chrome, so it never looked like Windows software. Since some time, due to fancy Apple Software update, it was trying to push some other Apple software (Safari and iTunes mostly) to your system with every update.

Because of that I never wanted to install the Quicktime player on my machines. I tried using Quicktime alternative codecs, or avoided having videos in Quicktime, but there’s always a situation when you get a quicktime video and have to see it, at least once.

Recently, I found a solution to that. I just upload the quicktime video to YouTube as private, and then decide if it’s worth keeping or not. I know it’s a twisted way, very slow and error-prone, but I am so happy I don’t need to install the player that I can spare those 10 minutes of my time.

This made me think: how far can you go in hating a product? I mean, the player is just a player, but I feel so much discomfort when I have to install it, that I will do a lot to avoid it. I felt the same way about Java applications, and luckily, they’re gone. It should be some kind of a warning sign for the seoftware vendor: if people hate you enough to use their time and resources (bandwidth in this case) just to avoid using it, you should rethink your strategy. Seriously.