A Small Large Network

Several years ago, I wrote a series of article about implementing a small network that has some “enterprise” network features. For the most part, these aren’t necessary, but I believe, as we deal with more mobile devices and IOT devices, we will want to isolate our networks into segments, and implement firewalls between the segments, even for small LANs. Fortunately, our phones are somewhat safe — Windows hacking over the LAN in the late 1990s taught everyone a lesson. That said, there are a lot of camera, sensors, and other devices that are on LANs, running with default passwords, and subject to sniffing.

The original articles are here.

WP’s Backbone-like Templating Language

In yesterday’s post, I talked about fixing up old PHP code to be safer.

There’s another anti-pattern common in old PHP code, and that’s mixing the display logic with the output logic. While some of this is inevitable, nowadays, the rule is to use a templating system like Twig to separate out even small bits of HTML code from the logic.

WordPress does this on the front end via Underscore templates, but configured to use Handlebars-like syntax.

This is a PHP class that does the same thing with PHP. I wrote it so I could use the same, or similar, templates on both the client and server side.
Continue reading WP’s Backbone-like Templating Language

The New Site

I’ve been doing a lot of WP hacking, but my website was on a very old copy of Drupal (version 6!) so I thought it best to transition to using WP for my personal blog.

The old site is here.

They’re both good platforms, but the WP market just seems to be dominating, especially for lower-cost sites.

WP’s core code is still a maze.

Every time I get a grip on one part of the codebase, I go into another part, and it’s completely different.  The code quality has improved, though, so, it’s pleasant.

w32tm reports the computer did not resync because no time data was available

I got the message “the computer did not resync because no time data was available” after running “w32tm /resync /force”.

I had followed the various howtos out there*, and checked them against each other : as expected, they differed slightly, but none of them worked for me. Well, it turned out that I needed to run the update command, below.

(I thought the problem was that the firewalls were blocking; though I never had such problems with ntp on Linux, or on XP or 7 which allow you to set the time server in a GUI. I opened up port 123 on each of the firewalls: on the local server, the VM host if it’s on a VM, and the firewall. Open them up inbound and outbound, UDP, port 123. I ended up port forwarding port 123 from the gateway to the DC, but maybe that’s not necessary. I thought an outgoing NTP packet would open up the incoming port. — After the configuration was operational, I tested, and the firewall configurations were not necessary.)

The value of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters key needs a value like this:
0.north-america.pool.ntp.org,0x1 1.north-america.pool.ntp.org,0x1

That’s a space-delimited list, with “,0x1” appended to each domain. Yes, it’s totally weird, and there are some howtos that don’t do it that way, but MS says to do that. They just don’t show you a concrete example.

The purpose of “,0x1” is that it specifies the server to use the SpecialPollInterval to query the timeservers; this value is 3,600 seconds (1 hour).

If you remove the “,0x1”, w32tm will set the poll interval dynamically, based on how accurate the computer seems to be. The upper and lower limits are defined by MaxPollInterval and MinPollInterval, which default to 1024 and 64 seconds respectively. So they’ll poll anywhere from approximately every minute to every 15 minutes, which is fairly frequent. It’s appropriate for a LAN, where you need systems to be in sync.

You need to force w32tm to reload its configuration from the registry:

w32tm /config /update

Check the config with:

w32tm /query /source

The result should be like this:


There are just a lot of “i”s to dot and “t”s to cross.

A quick fix for time drift in a DC running in a Virtual Machine

I have a DC running in a Hyper-V VM. The default configuration is to sync the VM from the VM host. Well, what I had was a VM host that was in the domain, and getting its time from the DC. This was creating a circular reference between the VM host and the DC (running in a VM on the VM host).

If you reset only one clock, it’ll quickly try to sync with it’s network reference time server, which has the wrong time.

In order to set the time, you need to turn off w32tm on both the VM host and the DC running in the VM. Then, set the clocks the same. Then, restart w32tm on each.

net stop w32time

— now set the time — I just use the GUI

net start w32time

Once you get the times synced, and close to whatever is at time.gov (in the USA), you can fix your DC by having it get time from ntp.org.

This circular reference between these two time servers is stupid. It probably causes time drifts to either cancel each other out, or amplify each other, depending on the direction of the drift in each instance of Windows. My system drifted several minutes in a couple months.


You might have some issues with booting, or warning messages, when you reboot VMs and the time’s changed. So watch them reboot and check their times.



I didn’t use this page, but it looks good:

This article linked to mine: