Window Subsystem Linux v2 (WSL2) is an iteration of the VM created by Microsoft, from Hyper-V to WSL and this the second generation of WSL. If it’s your first time accessing WSL2, it automatically provide you with the default setup which doesn’t provide any limits accessing your full workstation resources (CPU, RAM and other HDD). It means that if you have 8 cores cpu and 16Gb memory, it will use all that up. The problem with it is sometimes it affects your host computer and it gets slow. So to solve that problem we try to limit the resource consumption of WSL2.
Limit WSL Resource Consumption
On your profile directory %USERPROFILE% create a new file named .wslconfig. Set it’s content to the following:
Change the settings base on your workstation capability, and this is what works for me.
Next, open up a powershell terminal in administrator mode and restart the LxssManager as this manages WSL2.
Get-Service LxssManager | Restart-Service
You could also use the wsl --shutdown method to restart WSL. Check if the vmmem process still consumes beyond its limit.
If the changes still not reflecting, try to restart your machine and also restart Docker Desktop.
In Docker Desktop for Windows the WSL2 version, you don’t usually have options to increase memory and diskspace as it will be managed directly by Windows.
The Docker Desktop data can be found originally in this location %USERPROFILE%\AppData\Local\Docker\wsl\data.
🚚 Export Docker Data
In order to make this work, first shutdown Docker Desktop. This can be done by right-clicking the system tray icon of Docker then from the context menu Quit Docker Destop.
Next is open your command prompt and type the following:
wsl --list -v
On which, when run will return to you the state of all WSL images.
NAME STATE VERSION
* docker-desktop Stopped 2
docker-desktop-data Stopped 2
After that we export the docker-desktop-data into a tar archive. We will assume you are planning to move the docker data into D: drive, and within the drive you have already created a folder named Docker.
The ext4.vhdx will now reside in the D:\Docker folder. Start Docker Desktop and verify the changes.
If everything works out, you can now delete the tar archive you created earlier D:\docker-desktop-data.tar. Please don’t delete the ext4.vhdx, otherwise you would lose all your images and containers in docker.
In case docker icon turns red in Docker Desktop, clear the docker cache which can be found in Docker Desktop settings.
Remote work, is a blessing and sometimes nightmare depending in your line of work. I’ve been in a situation where I’m connected to a remote workstation but due to some technicalities I’m not allowed to disconnect the current SSH1 connection and or create a new one. And where it lies, I need to tunnel a service from the remote workstation to my local machine.
So here’s how I did it!
The real voyage of discovery consists not in seeking new landscapes, but in having new eyes.
— Marcel Proust.
So where do we start?
Once you have an existing SSH session opened using the default OpenSSH2 client, to open a tunnel simply type <enter>~C where <enter> is the key on your computer keyboard.
~ (tilde) is the SSH’s default EscapeChar. You press <enter> first to clear the buffer, the ~ escape char and any one of a number of options.
If all goes well it will bring up a new console associated with your local SSH client, that will accept SSH command flags, which includes -R and -L.
To map a server service to your local workstation you need to use -L flag. The arguments for that flag would be [bind_address:]port:host:hostport but normally the bind_address is optional.
Then if you want to map local service and tunnel it to remote server, you’ll need to use -R flag. This flag holds similar arguments to the -L.
For example, if I want to forward a remote server Nginx deployed website and access it locally (with local bind IP). What could I do is type <enter>~C then -L 80:localhost:8080<enter>, after that I will immediately gain access to that when I access the site using localhost:8080 on my local machine.
To get a full list of escape sequence that the OpenSSH client accepts, type <enter>~?:
Supported escape sequences:
~. - terminate connection (and any multiplexed sessions)
~B - send a BREAK to the remote system
~C - open a command line
~R - request rekey
~V/v - decrease/increase verbosity (LogLevel)
~^Z - suspend ssh
~# - list forwarded connections
~& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
That’s all guys. 🐲
Most of the command line tools have flags you probably haven’t explored. So try to explore each one to become proficient in the platform you are currently working on. Just like programming, you won’t memorize it on a day, but to truly know the tools capability you must use it in a very dire situation.
This OpenSSH2 escape sequence is really helpful for DevOps and software engineers (for software development).
Let me know in the comments if you have questions or queries, you can also DM me directly.
Follow me for similar article, tips, and tricks ❤.
Recently, I’ve been using more the Powershell1 prompt rather than the old command prompt2. Both command consoles can still be run on Windows 10, but on recent occasion I prefer the Powershell as you can use it to create more complex shell scripts on Windows and access some C# modules.
A chain is only as strong as its weakest link.
On my previous recent post about moving ProgramData to another drive, I’ve use the mklink utility to create junction directory to-and-from. So here are the equivalent commands:
Command Prompt Syntax
Powershell Equivalent Syntax
mklink Link Target
New-Item -ItemType SymbolicLink -Name Link -Target Target
mklink /D Link Target
New-Item -ItemType SymbolicLink -Name Link -Target Target
mklink /H Link Target
New-Item -ItemType HardLink -Name Link -Target Target
mklink /J Link Target
New-Item -ItemType Junction -Name Link -Target Target
The New-Item command is also analogous to Unix touch command tool. Check the definition first of those commands before running on your system. That’s all guys!
Leave a comment if you have questions and queries. Also you can DM me on twitter 😉.
The name refers to its executable filename. It is also commonly referred to as cmd or the Command Prompt, referring to the default window title on Windows. The implementations differ on the various systems but the behavior and basic set of commands is generally consistent. cmd.exe is the counterpart of COMMAND.COM in DOS and Windows 9x systems, and analogous to the Unix shells used on Unix-like systems. ↩︎
This specific modifications allows Identity Server 4 to send and receive large header data which is needed to store and sort out JWT (JSON Web Token) identifiers. You can check this sample setup on my test ingress config map YAML (Yet Another Markup Language):
This specific custom middleware specifically converts all incoming calls to secured HTTP scheme. The TLS ingress specifically does is redirect the calls from your RS (Resource Server) to AS (Authorization Server) which is Identity Server 4 but TLS needs consistent HTTP secured scheme. If you look into your openid-configuration it will return http:// only endpoints and that is the problem, and that’s why we are modifying it internally using a custom middleware.
After all is done, restart the service and test every knick and knacks. That’s all guys!
It’s not just a simple clone image and deploy setup in k8s especially if you’re trying to deploy a c# app, sometimes you need to optimize some config in order for it to run smoothly /and or work well. Check the recommended deployment guide in Microsoft docs.
Let me know in the comments if you have questions or queries, you can also DM me directly.
Follow me for similar article, tips, and tricks ❤.
IdentityServer is an OpenID Connect provider – it implements the OpenID Connect and OAuth 2.0 protocols. ↩︎
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols are widely used in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers. ↩︎
You could also use this other command flags, this command is non-destructive unlike the mirror flag. The mirror flag deletes the file at destination while this just overwrites and retain if missing in source.
After everything’s done copying, you start creating junction links and symlinks3 from your spare drive (for me its the D: drive). The %~NA tells the batch command it will only get the base folder name, and the %~A gets the whole absolute path. The command below will only create directory junctions to begin with:
FOR /D %A IN ("D:\ProgramData\*") DO (MKLINK /J "C:\ProgramData\%~NA" "%~A")
This next command, specifically create symbolic links to file from source to destination.
FOR %A IN ("D:\ProgramData\*") DO (MKLINK "C:\ProgramData\%~NXA" "%~A")
Then after that restart your machine, and ensure everything’s working fine. I think some folders like Microsoft and Packages should be excluded in copying and making junctions.
That’s all guys. If you have any question DM me or comment in this post.
An access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. ↩︎
A symbolic link (also symlink or soft link) is a term for any file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution. ↩︎
It is not the monsters we should be afraid of; it is the people that don’t recognize the same monsters inside of themselves.
— Shannon L. Alder.
If you’re a network IT (Information Technology) engineer or cybersecurity professional for sure you’d know about the tool nmap.
The tool nmap which stands for network mapper 1 is an open source tool for network discovery and is mostly use for security auditing. Been using this tool for many years and this are my favorite command line flags:
Skip reverse DNS call
This is a helpful flag specially if you don’t want that additional millisecond of fetching records from a DNS server. Or you have a specific case scenario that involves using only internal cached host file.
nmap -n scanme.nmap.org
Stop ping checks
The -PN flag specifically tells nmap that the host is online, skipping check if its alive through ping2. This is particularly useful in situation where you know the target is blocking all ICMP (Internet Control Message Protocol)3 in firewall.
nmap -PN scanme.nmap.org
This -sV flag is useful specially in network auditing and determining if there are any ports available. The command will probe the target machine ports availability and guess the service (including the service version) that is running.
nmap -sV scanme.nmap.org
Finding live host
This command is specifically useful for network engineers to know if there are any alive host on the network. The notation below tells to scan the specific subnet4 using ICMP protocol and return the list of host that responded.
nmap -sP 192.168.1.1/24
Scan using specified network interface
If you have multiple NIC’s (Network Interface Controller)5 and you want to route the scan to a specific NIC, then this is the solution. Normally nmap or any other tool that utilize the computer network would use the OS designated network route (normally determined by network table and preferred gateway). The -e flag tells nmap to use that specific network controller to perform/resolve the scan.
nmap -e eth0 scanme.nmap.org
SYN ping scans
The SYN scan specifically tries to send request packets to target machine and check if it accepts the request packets. Mostly this is one of the default alternative ways of checking if the host is alive.
nmap -sP -PS scanme.nmap.org
ACK ping scans
The ACK scan is the opposite of SYN. In which this particular scan sends and ACK or (acknowledge) packet to the target machine if it will respond. Most modern firewalls block this if its not associated in a three way handshake.
nmap -sP -PA scanme.nmap.org
UDP port scans
This UDP6 port/ping scan is helpful when you know the target machine only blocks TCP packets. This specific flag sends a UDP packet to ports available on the machine and check’s if the target machine responds.
nmap -sP -PU scanme.nmap.org
IP (Internet Protocol) ping scans
Actually, this particular scan is special as its send IP packets to the specified IP protocol number in their IP header. It’s kinda special in a sense that if you didn’t supply a protocol type it will send multi-packets ICMP, IGMP, and IP-in-IP packet.
nmap -sP -PO scanme.nmap.org
ARP ping scans
This particular scan is mostly useful in LAN scenario. As you send an ARP packet it will return specific address or addresses that consumed the broadcast request.
nmap -sP -PR scanme.nmap.org
Mostly, that’s all. I’ve used other flags but this are my most used command flags for nmap.
Ping measures the round-trip time for messages sent from the originating host to a destination computer that are echoed back to the source. The name comes from active sonar terminology that sends a pulse of sound and listens for the echo to detect objects under water. ↩︎
The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached. ↩︎
A subnetwork or subnet is a logical subdivision of an IP network. ↩︎
A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter or physical network interface, and by similar terms) is a computer hardware component that connects a computer to a computer network. ↩︎
A musician must make music, an artist must paint, a poet must write, if he is to be ultimately at peace with himself. What a man can be, he must be
— Abraham Maslow.
Hey guys, ever been in a situation you need to query your public WAN IP without any browser. Glad you came to the right post.
dig – Dig stands for (Domain Information Groper) is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups and displays the answers that are returned from the name server that were queried.
curl – cURL is a computer software project providing a library and command-line tool for transferring data using various network protocols. The name stands for “Client URL”, which was first released in 1997.
wget – GNU Wget is a computer program that retrieves content from web servers. It is part of the GNU Project. Its name derives from World Wide Web and get. It supports downloading via HTTP, HTTPS, and FTP. Its features include recursive download, conversion of links for offline viewing of local HTML, and support for proxies.
What are the ways to find my IP?
Here are ways to find your own public IP from the terminal.
First is using OpenDNS servers. The OpenDNS servers are always free and a toolkit for a network engineer.
The second is using curl or wget which is more common on many distro’s without installing any other packages. While this is much slower in resolving, the tools used is much more common.
For wget command just replace the curl word above.
I haven’t listed all the ways, as there are many ways to achieve this. But all this commands have been tested and used by me several times, it always save my ass when there’s a problem. If you have additional command that you want to share DM me at @ffimnsr.
Success is neither magical nor mysterious. Success is the natural consequence of consistently applying basic fundamentals.
— E. James Rohn.
Just recently on my Windows workstation a bug occurred on which the Recycle Bin doesn’t refresh its icon on desktop. I know for a fact that I’ve recently deleted some file so there should be contents inside the bin.
Let’s jump in!
What are the steps to reset explorer?
Here are the steps I’ve created for when I do not need to restart the PC to reset overall explorer settings or when its has flaw.
Open the “Run command” window by pressing WIN+R. (i.e. hold down the Windows key and then press R.)
Type cmd at the prompt, and press Enter.
Wait for the command prompt to open. (It will be a flashing cursor block.)
At the command prompt, type this: taskkill /IM explorer.exe /F You should notice these all vanish: Start Menu, Taskbar, any open File Explorer windows.
Type this at the command prompt explorer.exe. Now those components should all load back in.
Close the command prompt and try the Start Menu or Desktop. Hopefully it should have refreshed.
That’s it all done!
If there is a bug, there is always a workaround. Anyways, I’ve already reported the bug Microsoft feedback.
Follow me for similar tips and tricks at @ffimnsr.
If you give a hacker a new toy, the first thing he’ll do is take it apart to figure out how it works.
— Jamie Zawinski.
DNS or Domain Name System sometimes called the phonebook of the internet is one way for us to easily access our favorite website, it translates and redirect human readable domain names (e.g. yahoo.com, google.com) to their respective IP address. Finding the good DNS provider is vital in accessing information that is sometimes censored by our government, ISP and the likes. This are my top three good DNS (Domain Name System) providers that are really fast, secure and reliable that can be use in Southeast Asia.
Cloudflare Public DNS (IPv4)
Cloudflare Public DNS (IPv6)
So why Cloudflare1? Choose Cloudflare if you want less than <1ms of domain name resolution. Seriously, they have the fastest name resolution on the internet.
Google Public DNS (IPv4)
Google Public DNS (IPv6)
So why Google2? You will use this if you need an old but still good reliable DNS server. Its been used as a primary name resolution on big companies as well as local workstation. Its much more better than your ISP (Internet Service Provider) provided DNS.
Yandex DNS (IPv4)
Yandex DNS (IPv6)
So why Yandex3? You’ll choose this if you’re a webmaster due to super fast name resolution propagation. This is the fastest DNS for name resolution propagation, on which ever region you are currently.
These three are mostly corporate but they do provide fast speed TLD name resolution. And if you really still feel they can be manipulated, feel free to enable DNSSEC. For example on CloudFlare, a single domain would resolve at less than <1ms.
So guys, what are your top DNS providers?
Cloudflare, Inc. is an American web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services. Wikipedia↩︎
Google LLC is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, search engine, cloud computing, software, and hardware. It is considered one of the Big Four technology companies, alongside Amazon, Apple, and Facebook. Wikipedia↩︎
Yandex is a technology company that builds intelligent products and services powered by machine learning. Our goal is to help consumers and businesses better navigate the online and offline world. Since 1997, we have delivered world-class, locally relevant search and information services. ↩︎