Analyze and optimize windows startup

Once in a while I’m getting my hands dirty with Windows fixing PC problems for friends & family.
While the old tool machinery with HihackThis, CCleaner, Spybot, etc still helps to analyze the windows operating system, the Microsoft provided toolset did get better. Especially when it comes to performance analysis in regards of low-end hardware running with fancy graphics provided with Win8.

The windows performance analyzer for Windows 8 seems pretty good, you’ll only need to download the Windows Software Development Kit. Once asked which component should be installed, only choose “Windows Performance Toolkit”.

In order to profile the system startup and logon procedure, it’s necessary to stop working, save all data and let Windows handle its own reboot. Using Windows 7, search for “cmd” in the start menu and rightclick on it “Start as administrator”. In Windows 8, this is more shortcut driven using “Win + X” and selecting the Command Prompt being run as administrator.

Now type the following to trace the boot time and save the results directly onto disk C: – Windows will reboot after a while.

xbootmgr -trace boot -resultpath C:

After logon, let the countdown reach zero and allow capturing to finish and store the result set on disk. Open C:\boot_BASE+CSWITCH_1.etl with the Windows Performance Analyzer.


While it’s not very satisfying to google processes lasting long, an alternative tool is needed. Some years ago, Microsoft bought the SysInternals Developers and created the “Windows Sysinternals” collection, featuring AutoRuns. Download and extract it somewhere, and then run autoruns.exe as administrator.

Select the “logon” tab, and kick everything related to update checks, system tray icons (CYberlink, ATI CCC are quite nasty). Make sure to keep the sidebar, Antivirus software and audio controlling, if required.


Icinga 2 release steps for 0.x.y

$ cd icinga2-release/
$ git checkout next
$ git checkout master
$ git fetch
$ git merge origin/next
$ git push
$ cd ..
$ rm -rf release/ ; mkdir release
$ cd release/
$ cmake ../icinga2-release -DCPACK_SOURCE_GENERATOR=TGZ -DCPACK_SOURCE_PACKAGE_FILE_NAME=icinga2-0.0.6
$ make package_source
$ tar ztf icinga2-0.0.6.tar.gz | less
$ tar zfx icinga2-0.0.6.tar.gz -C ../
$ cd ../icinga2-0.0.6/
$ icinga2_normal
$ sudo /usr/sbin/icinga2 --help
$ sudo /usr/sbin/icinga2 --version

list rpm repo gpg keys

[root@centos5 ~]# rpm -qa gpg-pubkey* --qf "%{version}-%{release} %{summary}n"
e8562897-459f07a4 gpg(CentOS-5 Key (CentOS 5 Official Signing Key) )
217521f6-45e8a532 gpg(Fedora EPEL )
6b8d79e6-3f49313d gpg(Dag Wieers (Dag Apt Repository v1.0) )

Now delete the repoforge gpg key (dag’s key).

[root@centos5 ~]# rpm -e gpg-pubkey-6b8d79e6-3f49313d --allmatches
[root@centos5 ~]# rpm -qa gpg-pubkey* --qf "%{version}-%{release} %{summary}n"
e8562897-459f07a4 gpg(CentOS-5 Key (CentOS 5 Official Signing Key) )
217521f6-45e8a532 gpg(Fedora EPEL )

cmake build variables

These build aliases are only handy for myself, and I’m pretty aware of what I’m doing (at least most of the time 😉 ).

Note: Use ‘-DCMAKE_CXX_FLAGS=-Wall’ to add additional compiler warnings.

$ cat ~/.bashrc

# icinga 2

alias icinga2_debug='rm -rf debug ; mkdir debug ; cd debug ; cmake $CMAKE_OPTS_DEBUG .. ; sudo make -j4 install ; cd ..'
alias icinga2_normal='rm -rf release ; mkdir release ; cd release ; cmake $CMAKE_OPTS_NORMAL .. ; sudo make -j4 install ; cd ..'

For builds without cmake runs, it’s tremendously easy with make too

$ sudo make -j8 install -C debug/

Error: passing xxx as this argument of yyy discards qualifiers

Lession learnt when calling a non-const function on a const object. The example below happened whilst refactoring the Icinga 2 Livestatus component code, and it took me a while to figure out its meaning.

/home/michi/coding/icinga/icinga2/components/livestatus/logtable.cpp:365:37: error: passing ‘const icinga::String’ as ‘this’ argument of ‘bool icinga::String::Contains(const string&)’ discards qualifiers [-fpermissive]
  else if (type.Contains("HOST ALERT")) {

‘type’ is a const reference of the Icinga 2 String class.

Dictionary::Ptr LogTable::GetLogEntryAttributes(const String& type, const String& options)
	if (type.Contains("HOST ALERT")) {

‘Contains’ is a function member of the String class.

bool String::Contains(const String& str)
	return boost::algorithm::contains(m_Data, str);

By calling the non-const method ‘Contains’ on a const object ‘type’ the compiler requires the method not to modify the object in any way. Therefore the ‘Contains’ function of the String class requires the const qualifier.

bool String::Contains(const String& str) const
	return boost::algorithm::contains(m_Data, str);

Search for mails by size and age attributes in Gmail

I got my Gmail account during the early beta invite only phasis, and the mailbox size increased ever since (remember the fancy mb counter, eh? 😉 ). Drive and other cloud backup storage hadn’t been invented yet, and sometimes sending mails to yourself were the best backup ever. Other than that, it’s just the increasing size of documents, scans and images causing my mailbox to grow continously.

Once in a while, you may want to move/clean those files. Using the gmail web application, type the following to search for size greater equal 5 MB and older than 1 year.

size:5m older_than:1y


XMas – Time for malware removal

Spam filters may not filter xmas mails which offer something for free, click once and you’ll get your browser search toolbar & hijacker without any further notice. On Linux, most of that crap can be avoided (except the browser specific stuff which may still be hijacked). On Windows, this is truly hell.

Today I’ve learned that “Plus HD 2.x” isn’t really a helping tool to always download youtube videos in full hd, but some adware crap (“Crossrider”, Websearch using as tracking provider, someone said Redtube?) which injects your system with url tracking and redirects. Same goes for toolbars such as Ask, Babylon, etc mostly shipping with so-called “free software downloads”. Most prominent examples – Java, Avira Antivir or Daemon Tools.

While toolbars aren’t essentially that bad, tracking the user’s surfing behaviour imho is. My swiss army knives in this direction have been for now

  • Spybot Search & Destroy (cleans nearly everything, but is a bit slow)
  • Malwarebytes Anti-Malware (cleans what Spybot doesn’t detect)
  • CCleaner (for the generic cleaning of tracking cookies, temporary files, etc)
  • HiJackThis (for advanced users – there is no indication of good/evil, removal of registry keys for browser addons, startup entries, etc)

For heavy problems with rootkits and other malware surviving such cleanup orgies & reboots, I tend to use

That entire list can be extended with the following tools which have proven themselves very useful to clean the last chrome addon entry file and entirely removing that malware crap.

Essential tip for the future – do not install everything which pretends to be free, and keep your antivirus software signatures uptodate whilst running spybot and/or anti-malware every month.

logitech kernel driver problems with 3.10 – downgrade kernel

I recently had some issues with my Logitech K800 Wireless keyboard using the unifying connector in combination with Kernel 3.10 – basically the human interface device (hid) was recognized but no further action was accepted. Basically related to this bug. While it does not occur in newer kernel revisions, the procedure below describes how to downgrade to an older kernel (given that apt cache is not cleaned, otherwise you’ll have to fetch a .deb package manually).

# lsusb | grep Logitech
# dmesg | grep Logitech
# vim /usr/share/initramfs-tools/hook-functions
# modprobe -r hid_logitech_dj
# dpkg -l *linux-image*
# apt-get remove linux-image-3.10*
# apt-get install --reinstall linux-image-3.9-1-amd64
# update-initramfs -u
# update-grub
# reboot

Now that the default linux-image is gone too, no further kernel updates will rush into as well. Though all the dkms modules must be rebuilt for the remaining 3.9 kernel.

# dpkg -l *dkms* | grep ^ii
# apt-get install --reinstall nvidia-kernel-dkms
# apt-get install --reinstall virtualbox-dkms
# reboot

gnome 3 workspaces on a dual monitor setup

I’m using a dual monitor setup at work (one for code, one for manuals – or whatever they call it 😉 ) and had the strange issue with the workspaces only applied to the default left screen (the one with the panel).

I tend to hate that default behaviour because it’s really irritating and annoying when you organize your workspaces over multiple monitors and expect the right monitor to switch to the current workspace application layer as well (as known from KDE 4).

Luckily there’s an option to be set as described here (run as the current user in your terminal):

$ gsettings set workspaces-only-on-primary false

use gdm3 as default display manager

Somehow my workstation migration from kde to gnome didn’t went that well as the notebook’s transition at work. While the latter did change the default display manager to gdm3, my workstation is still stuck at kdm.

But it’s easy:

# apt-get install gdm3
# dpkg-reconfigure gdm3

… and select ‘gdm3’ when asked.

Shortcuts in gnome

Well known from the windows world (the windows key), shortcuts make life easier. Never found it really useful with KDE (only ALT+F2 for running programs) but since gnome introduces are more cleaned up interface without any nasty menus taking care of some listing, shortcuts will help a lot. The documentation is pretty easy to understand and learn though 🙂

enable date in panel in gnome 3

I always tend to modify some parts of the desktop, but I won’t customize it that much given the reason that I work on many desktops (at work and at customers) and would like to stay familiar with each of them the most.

One of those habits is looking for the current date next to the current time. Gnome 3 doesn’t show that by default, and right clicking for options didn’t show an option either.

By calling ‘gnome-tweak-tool’ I finally jumped into the right place, allowing me to set the day, date and time (no seconds, I hate animation disturbing my concentration).


Add copyright header to specific file type

If you want to prepend your copyright header from a given file to a specific file type, use the following voodoo 🙂

$ find -type f -name '*.cpp' -exec sh -c "cat contrib/GPLHeader > {}.out ; cat {} >> {}.out ; rm {} ; mv {}.out {}" ;

ksnapshot for kde, shutter for gnome

While writing documentation and howtos, i prefer to take screenshots for every tasks where words are just too much. Sometimes i’ll edit them with gimp, but for the most common scenario a simple tool will to do the trick.

Press ‘Print’ or ‘Alt + Print’ for the current window using gnome-screenshot. For the more advanced solution, install shutter.

# apt-get install shutter

You may then select areas and edit the taken screenshots before saving them elsewhere.

Move from KDE to GNOME

On Debian Testing, don’t use ‘apt-get install gnome’ which may lead into broken dependencies.

imagine ~ # apt-get install aptitude tasksel
imagine ~ # tasksel install gnome-desktop --new-install

Logout and login to gnome using your default window manager (you may just keep kdm).

-fPIC and x64 shared libs

If your linker throws cryptic errors like this

Linking CXX shared library
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../lib/libboost_thread.a(thread.o): relocation R_X86_64_32 against `.text' can not be used when making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../lib/libboost_thread.a: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
make[2]: *** [lib/base/] Fehler 1
make[1]: *** [lib/base/CMakeFiles/base.dir/all] Fehler 2
make: *** [all] Fehler 2

it’s time to read this great article.

KDE lock screen CTRL+ALT-L not working

There seems to be a long lasting bug in KDE not allowing CTRL+ALT+L to lock the screen. Actually it’s pretty annoying that nothing happens when pressing that short cut. Reading the bug history unveils that this may have been fucked up during a recent upgrade.

The solution is simple – fix the configuration and revoke the short from kscreenlocker.

Navigate to “System Settings – Global Shortcuts”. Select “kscreenlocker” and within the “File” dropdown, choose “Remove component”.


Once the shortcut has been removed, choose “kde session manager” as kde component.



Select “Lock Session” and assign the default “CTRL+ALT+L” shortcut to it again.



Hit “Apply” and have fun again 🙂


resize lvm filesystem in virtualbox vm

One of my CentOS Test VMs is a standard install with / living on a LVM. Re-assigning the VMs hard disk a larger size in virtualbox is easy (on the cli ofc).

michi@imagine ~ $ VBoxManage list hdds
michi@imagine ~ $ VBoxManage modifyhd /media/stuff/vms/centos6.vdi --resize 15000

Though, the magic boot-resize2fs-done does not apply here 😉

First, use fdisk to recreate the partition using all cylinders.

  • p … list all partitions (note: 1912 cylinders)
  • d – 2 … delete secondary partition
  • n – p – 2 … create new primary partition
  • 64 – 1912 … old start, new end (noted from above, and auto-selected)
  • t – 8e … set type to Linux LVM
  • p … verify new partition layout
  • w … write changes to disk

Then reboot the vm.

[root@localhost coding]# fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Befehl (m für Hilfe): p

Platte /dev/sda: 15.7 GByte, 15728640000 Byte
255 Köpfe, 63 Sektoren/Spur, 1912 Zylinder
Einheiten = Zylinder von 16065 × 512 = 8225280 Bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000051ef

   Gerät  boot.     Anfang        Ende     Blöcke   Id  System
/dev/sda1   *           1          64      512000   83  Linux
Partition 1 endet nicht an einer Zylindergrenze.
/dev/sda2              64        1045     7875584   8e  Linux LVM

Befehl (m für Hilfe): d
Partitionsnummer (1-4): 2

Befehl (m für Hilfe): n
Befehl  Aktion
   e      Erweiterte
   p      Primäre Partition (1-4)
Partitionsnummer (1-4): 2
Erster Zylinder (64-1912, Vorgabe: 64): 64
Last Zylinder, +Zylinder or +size{K,M,G} (64-1912, Vorgabe: 1912): 1912

Befehl (m für Hilfe): t
Partitionsnummer (1-4): 2
Hex code (L um eine Liste anzuzeigen): L

Hex code (L um eine Liste anzuzeigen): 8e
Der Dateisystemtyp der Partition 2 ist nun 8e (Linux LVM)

Befehl (m für Hilfe): p

Platte /dev/sda: 15.7 GByte, 15728640000 Byte
255 Köpfe, 63 Sektoren/Spur, 1912 Zylinder
Einheiten = Zylinder von 16065 × 512 = 8225280 Bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000051ef

   Gerät  boot.     Anfang        Ende     Blöcke   Id  System
/dev/sda1   *           1          64      512000   83  Linux
Partition 1 endet nicht an einer Zylindergrenze.
/dev/sda2              64        1912    14845116   8e  Linux LVM

Befehl (m für Hilfe): w
Die Partitionstabelle wurde verändert!

Rufe ioctl() um Partitionstabelle neu einzulesen.

WARNING: Re-reading the partition table failed with error 16: Das Gerät oder die Ressource ist belegt.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Synchronisiere Platten.
[root@localhost coding]# reboot

Having the partition layout modified, we can now extend the phyiscal volume to the new size.

[root@localhost ~]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               VolGroup
  PV Size               7,51 GiB / not usable 3,00 MiB
  Allocatable           yes (but full)
  PE Size               4,00 MiB
  Total PE              1922
  Free PE               0
  Allocated PE          1922
  PV UUID               JAWtzB-1vwT-t0w3-KjD1-tVFV-TVI7-51pInW

[root@localhost ~]# pvresize /dev/sda2
  Physical volume "/dev/sda2" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized

[root@localhost ~]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               VolGroup
  PV Size               14,16 GiB / not usable 836,00 KiB
  Allocatable           yes
  PE Size               4,00 MiB
  Total PE              3624
  Free PE               1702
  Allocated PE          1922
  PV UUID               JAWtzB-1vwT-t0w3-KjD1-tVFV-TVI7-51pInW

Now check the volume groups and the available cylinders (Note the Free PE 1702)

[root@localhost ~]# vgdisplay
  --- Volume group ---
  VG Name               VolGroup
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  4
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               2
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               14,16 GiB
  PE Size               4,00 MiB
  Total PE              3624
  Alloc PE / Size       1922 / 7,51 GiB
  Free  PE / Size       1702 / 6,65 GiB
  VG UUID               5eot8g-GTdh-C1pD-V1SQ-VDHt-hV4M-ved3yq

Check the logical volumes and resize the root volume with the additional free PE 1702.

[root@localhost ~]# lvdisplay
  --- Logical volume ---
  LV Path                /dev/VolGroup/lv_root
  LV Name                lv_root
  VG Name                VolGroup
  LV UUID                8K1Uvp-G5nN-DU08-7f3r-ql1T-iPSp-qNLTcv
  LV Write Access        read/write
  LV Creation host, time localhost.localdomain, 2013-02-14 20:40:06 +0100
  LV Status              available
  # open                 1
  LV Size                6,54 GiB
  Current LE             1674
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:0

[root@localhost ~]# lvextend -l +1702 /dev/VolGroup/lv_root
  Extending logical volume lv_root to 13,19 GiB
  Logical volume lv_root successfully resized

Once done, resize the root filesystem online (another reboot does not hurt afterwards).

[root@localhost ~]# resize2fs /dev/VolGroup/lv_root
resize2fs 1.41.12 (17-May-2010)
Das Dateisystem auf /dev/VolGroup/lv_root ist auf / eingehängt; Online-Grössenveränderung nötig
old desc_blocks = 1, new_desc_blocks = 1
Führe eine Online-Grössenänderung von /dev/VolGroup/lv_root auf 3457024 (4k) Blöcke durch.
Das Dateisystem auf /dev/VolGroup/lv_root ist nun 3457024 Blöcke groß.

Verify the new size, and have fun!

[root@localhost ~]# df -h
Dateisystem           Size  Used Avail Use% Eingehängt auf
                       13G  3,2G  9,3G  26% /

resize btrfs filesystem

btrfs is funny – there is no resize2fs equivalent, but you need to

1) recreate the partitions with e.g. cfdisk

# cfdisk
- select partition
- delete partion
- create new partition on free space
- write (partition table)
- q (cannot re-read partition table)
# reboot
# df -h
/dev/sda3       4,2G  3,6G   63M  99% /

2) tell btrfs to use the partition’s space

# btrfs filesystem resize max /
# df -h
/dev/sda3       9,2G  3,6G  5,1G  42% /

This was a test vm for icinga package builds used locally only – I would not recommend doing that on production systems (nor use btrfs in production).

debug apache2 child segfaults

It’s sometimes reasonable to debug the php modules in apache itsself, but it’s not trivial tracking the right process executing the php handler. Therefore reduce the number of forked childs to 1 and restart apache2.

# vim /etc/apache2/apache2.conf

StartServers 1
MinSpareServers 1
MaxSpareServers 1

# service apache2 restart

Look for the child process and attach your gdb to it.

ps aux | grep apache2


Continue the process and go play in your web browser, triggering the segfault.

(gdb) c

Program received signal SIGSEGV, Segmentation fault.
0x00007fb78804e3e0 in gc_remove_zval_from_buffer () from /usr/lib/apache2/modules/
(gdb) bt
#0  0x00007fb78804e3e0 in gc_remove_zval_from_buffer () from /usr/lib/apache2/modules/
#1  0x00007fb7880a8308 in ?? () from /usr/lib/apache2/modules/
#2  0x00007fb788059678 in execute_ex () from /usr/lib/apache2/modules/
#3  0x00007fb7880314b0 in zend_execute_scripts () from /usr/lib/apache2/modules/
#4  0x00007fb787fd17e5 in php_execute_script () from /usr/lib/apache2/modules/
#5  0x00007fb7880e161a in ?? () from /usr/lib/apache2/modules/
#6  0x00007fb78c783350 in ap_run_handler ()
#7  0x00007fb78c7838a9 in ap_invoke_handler ()
#8  0x00007fb78c7986fa in ap_process_async_request ()
#9  0x00007fb78c7989e4 in ap_process_request ()
#10 0x00007fb78c795492 in ?? ()
#11 0x00007fb78c78c420 in ap_run_process_connection ()
#12 0x00007fb7889c2767 in ?? () from /usr/lib/apache2/modules/
#13 0x00007fb7889c29a6 in ?? () from /usr/lib/apache2/modules/
#14 0x00007fb7889c2a06 in ?? () from /usr/lib/apache2/modules/
#15 0x00007fb7889c36f0 in ?? () from /usr/lib/apache2/modules/
#16 0x00007fb78c76a5ee in ap_run_mpm ()
#17 0x00007fb78c763df6 in main ()

In short, I’ve had triggered that bug on my Debian Jessie system with PHP 5.5 while executing Icinga Web (stable or dev version, does not matter). A recent php update fixed the issue. I could’ve gone more into detail with unstripped binaries but who got time for that anyways 😉

fix php suhosin missing after dist-upgrade to Debian wheezy

PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/' - /usr/lib/php5/20100525/ cannot open shared object file: No such file or directory in Unknown on line 0

Solution is simple, following this bug – the suhosin module was removed in wheezy, but not its configuration.

# dpkg -P php5-suhosin