If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
I just had a radical idea
lonelydad wrote:
I know you explained what your were doing a while back on a similar thread, but could you repeat it for those of us who didn't save your answer that time? http://al.howardknight.net/msgid.cgi...nt-email.me%3E You use GPEDIT.msc and the Administration section of the top part. There are three settings. A setting to bypass DoSvc. Two settings for BITS max connections. The picture in that article, shows Delivery Optimization has been disabled by GPEDIT. At the top here, I sort by "State" in GPEDIT, so the settings I've modified, float to the top. https://i.postimg.cc/B6Kby0kS/thrott...GPEDIT-MSC.gif I'm not saying this is an "optimal" way to run Windows 10. It was merely an experiment to see if the abysmal round robin abuse of a router could be stopped or not. So you could actually use your Internet connection from a second machine, while Windows 10 is doing an Upgrade Install. Windows 10 considers it OK to do the "pre-load" portion of an Upgrade, during active hours. The active hours setting is only there when it comes time for a reboot to do the actual install, and they can then pester you outside of active hours to reboot. It means it's possible the downloading will happen during prime time. And the weird part is, the Win10 machine is a trifle less usable when the downloads are happening. Even though only one connection is open. Paul |
Ads |
#17
|
|||
|
|||
I just had a radical idea
Paul wrote:
VanguardLH wrote: Background Intelligent Transfer Service (BITS) will only use spare bandwidth. If it is using half of your bandwidth means that you were only using half and the other half would've been unused. The OS Upgrade no longer uses BITS. You can try the BITSADMIN utility (likely deprecated) and see what is going on. So, if I *disable* the BITS service, the OS upgrade still proceeds? |
#18
|
|||
|
|||
I just had a radical idea
On 2/23/19 6:51 AM, Keith Nuttle wrote:
2018: The year we learn to play the great game of Euchre I CAN'T learn it in 2018. My time machine's broken. |
#19
|
|||
|
|||
I just had a radical idea
Paul wrote in :
lonelydad wrote: I know you explained what your were doing a while back on a similar thread, but could you repeat it for those of us who didn't save your answer that time? http://al.howardknight.net/msgid.cgi...=%3Cq4r59a%24p fn%241%40dont-email.me%3E You use GPEDIT.msc and the Administration section of the top part. There are three settings. A setting to bypass DoSvc. Two settings for BITS max connections. The picture in that article, shows Delivery Optimization has been disabled by GPEDIT. At the top here, I sort by "State" in GPEDIT, so the settings I've modified, float to the top. https://i.postimg.cc/B6Kby0kS/thrott...ith-GPEDIT-MSC. gif Paul Thank you. It took me a little while to find the settings, but I have them set as per your example. Now we wait until the next Microsoft download. |
#20
|
|||
|
|||
I just had a radical idea
hah wrote:
On 2/23/19 6:51 AM, Keith Nuttle wrote: 2018: The year we learn to play the great game of Euchre I CAN'T learn it in 2018. My time machine's broken. Well, we all know how to play Euchre now. Because our year is up. 1) Unpack a brand new pack of cards. Remove jokers. 1a) Put the jokers back. The game apparently uses jokers. 2) Shuffle thoroughly. 3) Deal out cards. 4) ... 5) Profit! The subroutine for (4) is similar to Bridge. I tried to write a program to play Bridge once. That's when I learned that "programs need structure" and "60 lines of code aren't enough" :-) Any program I write today, can have no more than 60 lines in it, in memory of my "discovery". Paul |
#21
|
|||
|
|||
I just had a radical idea
VanguardLH wrote:
Paul wrote: VanguardLH wrote: Background Intelligent Transfer Service (BITS) will only use spare bandwidth. If it is using half of your bandwidth means that you were only using half and the other half would've been unused. The OS Upgrade no longer uses BITS. You can try the BITSADMIN utility (likely deprecated) and see what is going on. So, if I *disable* the BITS service, the OS upgrade still proceeds? It would depend as well, on the DoSvc Setting page settings. If you're not careful, you could turn it off there, as well as be able to turn it off in GPEDIT. The idea of doing it via GPEDIT, is so they can't "sneak some through that way". I was surprised that DoSvc had taken over from BITS. I can't remember what I was doing, but I had the BITSADMIN monitor running, the OS was "doing something", and none of the download activities involved BITS. I have to assume it was DoSvc running the show. https://docs.microsoft.com/en-us/win...ization-portal "Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. Delivery Optimization combines partial bits from local devices, with partial bits from Microsoft servers to update devices in the network environment. === In the form of a thousand signed packages The expected result is reduced bandwidth usage, === YES, by inspection and a faster update process. === NO, not even close " So the staff at Microsoft are temporally challenged. That's got to explain it. This scheme is "all about the gigabytes" and making customer machines do the transfers instead. The update process isn't faster. I think I used to be able to get some of the DVDs in around 25 minutes or so. When I tested the DoSvc Peer-to-Peer-LAN feature, it didn't work! Paul |
#22
|
|||
|
|||
I just had a radical idea
I see this troll is using OS X. The same troll that was/is in the
Apple group. Wasn't getting enough attention trolling there as an Apple fanboy, so it's trolling Windows users here... -- nospam nospam nospam.invalid wrote: Path: eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail From: nospam nospam nospam.invalid Newsgroups: alt.comp.os.windows-10 Subject: I just had a radical idea Date: Sat, 23 Feb 2019 08:04:29 -0500 Organization: A noiseless patient Spider Lines: 8 Message-ID: 230220190804293638%nospam nospam.invalid References: XnsA9FEEAEA532C3lonelydad58gmailcom 69.16.179.29 q4qnq9$m7p$1 dont-email.me q4r630$tt0$1 dont-email.me q4ratr$ofk$1 dont-email.me q4rbu5$tph$1 dont-email.me Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Injection-Info: reader02.eternal-september.org; posting-host="3da57bf4e7c8935aebc8070ae48abdbc"; logging-data="19903"; mail-complaints-to="abuse eternal-september.org"; posting-account="U2FsdGVkX1+PNJq59piaELaKh17kPhyl" User-Agent: Thoth/1.9.0 (Mac OS X) Cancel-Lock: sha1:3XmeduEFL6pM+rKxpsfFLx/vocg= Xref: reader01.eternal-september.org alt.comp.os.windows-10:89677 In article q4rbu5$tph$1 dont-email.me, Paul nospam needed.invalid wrote: And if the Win10 machine is aggressive enough, it can actually crash my router. then you have an incredibly ****ty router. |
#23
|
|||
|
|||
I just had a radical idea
This regular troll can't hold a candle to Paul...
-- nospam nospam nospam.invalid wrote: Path: eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail From: nospam nospam nospam.invalid Newsgroups: alt.comp.os.windows-10 Subject: I just had a radical idea Date: Sat, 23 Feb 2019 08:04:28 -0500 Organization: A noiseless patient Spider Lines: 13 Message-ID: 230220190804283561%nospam nospam.invalid References: XnsA9FEEAEA532C3lonelydad58gmailcom 69.16.179.29 q4qnq9$m7p$1 dont-email.me q4r630$tt0$1 dont-email.me Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Injection-Info: reader02.eternal-september.org; posting-host="3da57bf4e7c8935aebc8070ae48abdbc"; logging-data="19903"; mail-complaints-to="abuse eternal-september.org"; posting-account="U2FsdGVkX18eOcQFwdaauA2Du8vXHhZq" User-Agent: Thoth/1.9.0 (Mac OS X) Cancel-Lock: sha1HcXKSV+hu1ZaebnD8Lsruq4NJ8= Xref: reader01.eternal-september.org alt.comp.os.windows-10:89676 In article q4r630$tt0$1 dont-email.me, Paul nospam needed.invalid wrote: The problem is, home routers are sensitive to "connection count". When a Win10 machine opens 20 connections, it "hogs" the router. It squeezes out a machine which is just using its web browser. nonsense. home routers can handle many hundreds, if not many thousands of simultaneous connections. if 20 connections caused a problem, then all sorts of things wouldn't work properly, or at all. a single web page often has more than that, plus all the other stuff that's in use. |
#24
|
|||
|
|||
I just had a radical idea
Paul wrote:
VanguardLH wrote: Paul wrote: VanguardLH wrote: Background Intelligent Transfer Service (BITS) will only use spare bandwidth. If it is using half of your bandwidth means that you were only using half and the other half would've been unused. The OS Upgrade no longer uses BITS. You can try the BITSADMIN utility (likely deprecated) and see what is going on. So, if I *disable* the BITS service, the OS upgrade still proceeds? It would depend as well, on the DoSvc Setting page settings. If you're not careful, you could turn it off there, as well as be able to turn it off in GPEDIT. The idea of doing it via GPEDIT, is so they can't "sneak some through that way". I was surprised that DoSvc had taken over from BITS. I can't remember what I was doing, but I had the BITSADMIN monitor running, the OS was "doing something", and none of the download activities involved BITS. I have to assume it was DoSvc running the show. https://docs.microsoft.com/en-us/win...ization-portal "Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. Delivery Optimization combines partial bits from local devices, with partial bits from Microsoft servers to update devices in the network environment. === In the form of a thousand signed packages The expected result is reduced bandwidth usage, === YES, by inspection and a faster update process. === NO, not even close " So the staff at Microsoft are temporally challenged. That's got to explain it. This scheme is "all about the gigabytes" and making customer machines do the transfers instead. The update process isn't faster. I think I used to be able to get some of the DVDs in around 25 minutes or so. When I tested the DoSvc Peer-to-Peer-LAN feature, it didn't work! Paul Ah, the "steal partial downloads from non-Microsoft others". To reduce load on their own WSUS servers, they employ peer-to-peer incremental updates. https://docs.microsoft.com/en-us/win...y-optimization My property is not Microsoft's. I don't let Microsoft use my computer nor my bandwidth to incrementally deliver THEIR updates. My host is not theirs to [ab]use. Like MANY other configuration settings and services in Windows 10, Delivery Optimization was amongst those that I configure to keep Microsoft using my host as theirs. https://www.thewindowsclub.com/turn-...y-optimization For the same reason that I chose not to become covertly volunteered to assist Microsoft to deliver Microsoft's updates, I also will not abuse the hosts of other users to acquire those Microsoft updates. |
#25
|
|||
|
|||
I just had a radical idea
On Sat, 23 Feb 2019 19:10:01 -0600, VanguardLH wrote:
Paul wrote: VanguardLH wrote: Paul wrote: VanguardLH wrote: Background Intelligent Transfer Service (BITS) will only use spare bandwidth. If it is using half of your bandwidth means that you were only using half and the other half would've been unused. The OS Upgrade no longer uses BITS. You can try the BITSADMIN utility (likely deprecated) and see what is going on. So, if I *disable* the BITS service, the OS upgrade still proceeds? It would depend as well, on the DoSvc Setting page settings. If you're not careful, you could turn it off there, as well as be able to turn it off in GPEDIT. The idea of doing it via GPEDIT, is so they can't "sneak some through that way". I was surprised that DoSvc had taken over from BITS. I can't remember what I was doing, but I had the BITSADMIN monitor running, the OS was "doing something", and none of the download activities involved BITS. I have to assume it was DoSvc running the show. https://docs.microsoft.com/en-us/win...ization-portal "Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. Delivery Optimization combines partial bits from local devices, with partial bits from Microsoft servers to update devices in the network environment. === In the form of a thousand signed packages The expected result is reduced bandwidth usage, === YES, by inspection and a faster update process. === NO, not even close " So the staff at Microsoft are temporally challenged. That's got to explain it. This scheme is "all about the gigabytes" and making customer machines do the transfers instead. The update process isn't faster. I think I used to be able to get some of the DVDs in around 25 minutes or so. When I tested the DoSvc Peer-to-Peer-LAN feature, it didn't work! Paul Ah, the "steal partial downloads from non-Microsoft others". To reduce load on their own WSUS servers, they employ peer-to-peer incremental updates. https://docs.microsoft.com/en-us/win...y-optimization My property is not Microsoft's. I don't let Microsoft use my computer nor my bandwidth to incrementally deliver THEIR updates. My host is not theirs to [ab]use. Like MANY other configuration settings and services in Windows 10, Delivery Optimization was amongst those that I configure to keep Microsoft using my host as theirs. https://www.thewindowsclub.com/turn-...y-optimization For the same reason that I chose not to become covertly volunteered to assist Microsoft to deliver Microsoft's updates, I also will not abuse the hosts of other users to acquire those Microsoft updates. Do you feel the same way considering that one of the options is to send to or receive from only "PCs on my local network"? I totally agree about the "and PCs on the Internet" aspect of the feature, but within my LAN it seems somewhat reasonable. I currently have the feature enabled, but the sub-feature "PCs on my local network" is selected, rather than the second option that includes "and PCs on the Internet". Thoughts? |
#26
|
|||
|
|||
I just had a radical idea
Char Jackson wrote:
On Sat, 23 Feb 2019 19:10:01 -0600, VanguardLH wrote: For the same reason that I chose not to become covertly volunteered to assist Microsoft to deliver Microsoft's updates, I also will not abuse the hosts of other users to acquire those Microsoft updates. Do you feel the same way considering that one of the options is to send to or receive from only "PCs on my local network"? I totally agree about the "and PCs on the Internet" aspect of the feature, but within my LAN it seems somewhat reasonable. I currently have the feature enabled, but the sub-feature "PCs on my local network" is selected, rather than the second option that includes "and PCs on the Internet". Thoughts? When I attempted to test this, it didn't work, and one PC would not "take" updates from the second PC. I love features that have a mind of their own. "Dosvc: I'm not working because: Bad Mood" Paul |
#27
|
|||
|
|||
I just had a radical idea
On 3/16/2019 2:08 PM, Paul wrote:
Char Jackson wrote: On Sat, 23 Feb 2019 19:10:01 -0600, VanguardLH wrote: For the same reason that I chose not to become covertly volunteered to assist Microsoft to deliver Microsoft's updates, I also will not abuse the hosts of other users to acquire those Microsoft updates. Do you feel the same way considering that one of the options is to send to or receive from only "PCs on my local network"? I totally agree about the "and PCs on the Internet" aspect of the feature, but within my LAN it seems somewhat reasonable. I currently have the feature enabled, but the sub-feature "PCs on my local network" is selected, rather than the second option that includes "and PCs on the Internet". Thoughts? When I attempted to test this, it didn't work, and one PC would not "take" updates from the second PC. I love features that have a mind of their own. Â*Â*Â* "Dosvc: I'm not working because: Bad Mood" Â*Â* Paul I had the same problem. I read a blog a while back that stated it was microsoft's decision. You could prevent them using your machines, but their decision TO use your network for your machines was not encouraged when you allowed it. I wouldn't be surprised to learn that the use of update managers and the unknown state of other machines and our penchant to delete update sources to save space rendered that ineffective. |
#28
|
|||
|
|||
I just had a radical idea
Char Jackson wrote:
On Sat, 23 Feb 2019 19:10:01 -0600, VanguardLH wrote: Paul wrote: VanguardLH wrote: Paul wrote: VanguardLH wrote: Background Intelligent Transfer Service (BITS) will only use spare bandwidth. If it is using half of your bandwidth means that you were only using half and the other half would've been unused. The OS Upgrade no longer uses BITS. You can try the BITSADMIN utility (likely deprecated) and see what is going on. So, if I *disable* the BITS service, the OS upgrade still proceeds? It would depend as well, on the DoSvc Setting page settings. If you're not careful, you could turn it off there, as well as be able to turn it off in GPEDIT. The idea of doing it via GPEDIT, is so they can't "sneak some through that way". I was surprised that DoSvc had taken over from BITS. I can't remember what I was doing, but I had the BITSADMIN monitor running, the OS was "doing something", and none of the download activities involved BITS. I have to assume it was DoSvc running the show. https://docs.microsoft.com/en-us/win...ization-portal "Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. Delivery Optimization combines partial bits from local devices, with partial bits from Microsoft servers to update devices in the network environment. === In the form of a thousand signed packages The expected result is reduced bandwidth usage, === YES, by inspection and a faster update process. === NO, not even close " So the staff at Microsoft are temporally challenged. That's got to explain it. This scheme is "all about the gigabytes" and making customer machines do the transfers instead. The update process isn't faster. I think I used to be able to get some of the DVDs in around 25 minutes or so. When I tested the DoSvc Peer-to-Peer-LAN feature, it didn't work! Paul Ah, the "steal partial downloads from non-Microsoft others". To reduce load on their own WSUS servers, they employ peer-to-peer incremental updates. https://docs.microsoft.com/en-us/win...y-optimization My property is not Microsoft's. I don't let Microsoft use my computer nor my bandwidth to incrementally deliver THEIR updates. My host is not theirs to [ab]use. Like MANY other configuration settings and services in Windows 10, Delivery Optimization was amongst those that I configure to keep Microsoft using my host as theirs. https://www.thewindowsclub.com/turn-...y-optimization For the same reason that I chose not to become covertly volunteered to assist Microsoft to deliver Microsoft's updates, I also will not abuse the hosts of other users to acquire those Microsoft updates. Do you feel the same way considering that one of the options is to send to or receive from only "PCs on my local network"? I totally agree about the "and PCs on the Internet" aspect of the feature, but within my LAN it seems somewhat reasonable. I currently have the feature enabled, but the sub-feature "PCs on my local network" is selected, rather than the second option that includes "and PCs on the Internet". Thoughts? For a multi-host intranet setup, I would use a server version of Windows on one of them and use WSUS. However, in your setup, you are distributing the effect of WSUS over multiple hosts to eliminate having to pay more to get a server edition of Windows. Hopefully whomever is using one of your intranet hosts decides to not include the updates in their local cleanup. See: https://www.thewindowsclub.com/can-i...y-disk-cleanup I have to wonder what happens for a download of an update that is corrupted or otherwise refuses to install. Instead of some hosts gets updated, they get it from the host that has a bad copy of the update, so all hosts fail to update. I've never had to troubleshoot why an update fails when using delivery optimization since, after all, how would you know on which intranet host was where is the bad update? If it were local, you delete the Software Distribution folder and redo the WU client to rebuild the local catalog to re-retrieve the failed update. Delivery optimization is a self-organizing distributed cache of updates. I haven't investigated to know if a cached update must exist in its entirety one one host or if it may get split. Seems a means for malware to manage to infect one host with a corrupted or substitute update and then have Microsoft's delivery optimization to distribute the malware to all the other hosts. You might be the only user of all your intranet hosts but that's not the typical scenario under which delivery optimization gets used. https://tools.cisco.com/security/cen...?alertId=55567 https://www.rapid7.com/db/vulnerabil...cve-2017-11829 That one was found and hopefully fixed. Finding one doesn't mean finding all vulnerabilities. This is another broadcasting protocal that can affect multiple hosts. Windows 10 had been released in mid-2015 and it was more than 2 years later that the above vulnerability was exposed. For home users, yeah, WUDO (Windows Update Delivery Optimization) might have some advantages -- but how slow is the Internet connection on these home PCs to connect to Microsoft's own WSUS server? Yes, BITS (Background Intelligent Transfer Service) is slow to get updates because it was designed to be that way: not use much bandwidth or CPU cycles so as not to impact responsiveness of the host to the user. However, users can use the online catalog to download the updates (and then share with their other hosts) or use WSUSoffline to build a local cache (that could also be shared amongst your other hosts). Dial-up users are going to suffer whether they use WUDO or not. I would think Microsoft doing full-bandwidth transfers of update files, especially the big ones, would impact the available bandwidth of the intranet hosts to communicate with other or for Internet traffic. I suspect BITS is still employed by WUDO to distribute the updates from the local caches on each host to the other hosts, so the transfer remains throttled. Well, that's what I would expect from Microsoft. However, users have been complaining that WUDO was choking their network making web surfing very slow or impossible. They had the default of WUDO getting updates from other Intranet hosts. That means WUDO is not using BITS to keep the update traffic in the background. So what happens when you connect a new host that has to get all the updates from wherever they are cached on the local/intranet hosts? Seems it will flood the network with all those update transfers and at full speed, much like an FTP transfer. Getting information on how WUDO exactly works has been rather fruitless. However, to be fair, I disabled it, so I haven't been motivated to dig into how it works. It has choked users networks when getting updates from web hosts, so how would that not also happen for getting the updates from local hosts? It has been vulnerable, but is anyone actually digging into it to find more, if any, vulnerabilities? How much faster is "faster" when using a distributed cache in an intranet? There are tons of performance tweaks that may boost performance but often the change is so miniscule that users will never notice a change. While you have multiple hosts in your intranet, I doubt that constitutes the vast majority of home PC setups, and one home PC can't take advantage of a local cache of updates since that cache would be on the only host in the home network which already has a cache of updates in the Software Distribution folder. Personally I don't trust the other hosts in my intranet because my family aren't as safe as I and they often commit actions that result in their hosts getting infected. So, in my case, I configure the router to isolate the other intranet hosts: all get Internet access but they cannot access each other. I'll fix their hosts but I'm not letting them touch mine. It's the same idea that a drowning man takes down the rescuer, so lifeguards tote a buoy on a rope to toss to the drowning person. If you don't save yourself first, you cannot save someone else. I've read reports from users that claim the WU client shows zero updates available and a poll at the catalog store also shows zero updates available for the visiting client yet WUDO is consuming a large portion of the network bandwidth. That hints that WUDO is retrieving updates that are NOT for your host but for any host. Other hosts that need the update could get it from the local distributed cache but your host doesn't need the update. Your host is updating the local distributed cache with updates your host doesn't need just to have them available for other hosts that may need them. In effect, WUDO is acting like a local WSUS server to accumulate a range of updates whether they apply to your hosts, your other hosts, or none of your hosts. Fully updated hosts still experienced traffic due to WUDO. Disabling WUDO eliminated the sometimes excessive traffic which was unnecessary for an already fully updated host. The option to share updates only on local hosts might eliminate the above network choking. If just one of the local hosts had the update already then share it with the other hosts. The users reporting the choking (high bandwidth usage) did not mention if they were sharing the updates only locally or with web hosts. BITS was designed to minimize impact on the updating host. WUDO does not. WUDO isn't just for updates but also for Store apps. Since I have WUDO disabled, I don't have a local distributed cache to look at. Are the apps simply stored in a cache folder or are they protected against tampering? Distributing apps to other hosts where the apps could be modified by one of the hosts involved in the distributed cache could mean other users don't get the app they expect to get. I'd have to dig more into WUDO to determine how the updates and apps are protected against tampering and just how the receiving hosts qualify that the update or app is what Microsoft's WSUS server would've delivered. To be honest, I don't think Microsoft came up with WUDO to help users get their updates more quickly and safely but instead to relieve some of the load on their own WSUS servers. Co-opting users isn't a new concept. There was/is a peer-to-peer VPN (I think it was Hola) where the free users where actually sharing a portion of their bandwidth with the paid users. That is, freeloaders got the service for free albeit a bit slower while sacrificing a portion of their bandwidth as a shared node used by paid users. Not wanting to share a portion of your bandwidth with other peers meant having to pay for that "privilege". Bet you're sorry you asked. |
#29
|
|||
|
|||
I just had a radical idea
On Sat, 16 Mar 2019 17:08:06 -0400, Paul wrote:
Char Jackson wrote: On Sat, 23 Feb 2019 19:10:01 -0600, VanguardLH wrote: For the same reason that I chose not to become covertly volunteered to assist Microsoft to deliver Microsoft's updates, I also will not abuse the hosts of other users to acquire those Microsoft updates. Do you feel the same way considering that one of the options is to send to or receive from only "PCs on my local network"? I totally agree about the "and PCs on the Internet" aspect of the feature, but within my LAN it seems somewhat reasonable. I currently have the feature enabled, but the sub-feature "PCs on my local network" is selected, rather than the second option that includes "and PCs on the Internet". Thoughts? When I attempted to test this, it didn't work, and one PC would not "take" updates from the second PC. I love features that have a mind of their own. "Dosvc: I'm not working because: Bad Mood" Well, the concept seemed OK but I guess the implementation was never given legs. Thanks. |
#30
|
|||
|
|||
I just had a radical idea
On Sat, 16 Mar 2019 17:13:17 -0500, VanguardLH wrote:
Char Jackson wrote: On Sat, 23 Feb 2019 19:10:01 -0600, VanguardLH wrote: Paul wrote: VanguardLH wrote: Paul wrote: VanguardLH wrote: Background Intelligent Transfer Service (BITS) will only use spare bandwidth. If it is using half of your bandwidth means that you were only using half and the other half would've been unused. The OS Upgrade no longer uses BITS. You can try the BITSADMIN utility (likely deprecated) and see what is going on. So, if I *disable* the BITS service, the OS upgrade still proceeds? It would depend as well, on the DoSvc Setting page settings. If you're not careful, you could turn it off there, as well as be able to turn it off in GPEDIT. The idea of doing it via GPEDIT, is so they can't "sneak some through that way". I was surprised that DoSvc had taken over from BITS. I can't remember what I was doing, but I had the BITSADMIN monitor running, the OS was "doing something", and none of the download activities involved BITS. I have to assume it was DoSvc running the show. https://docs.microsoft.com/en-us/win...ization-portal "Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. Delivery Optimization combines partial bits from local devices, with partial bits from Microsoft servers to update devices in the network environment. === In the form of a thousand signed packages The expected result is reduced bandwidth usage, === YES, by inspection and a faster update process. === NO, not even close " So the staff at Microsoft are temporally challenged. That's got to explain it. This scheme is "all about the gigabytes" and making customer machines do the transfers instead. The update process isn't faster. I think I used to be able to get some of the DVDs in around 25 minutes or so. When I tested the DoSvc Peer-to-Peer-LAN feature, it didn't work! Paul Ah, the "steal partial downloads from non-Microsoft others". To reduce load on their own WSUS servers, they employ peer-to-peer incremental updates. https://docs.microsoft.com/en-us/win...y-optimization My property is not Microsoft's. I don't let Microsoft use my computer nor my bandwidth to incrementally deliver THEIR updates. My host is not theirs to [ab]use. Like MANY other configuration settings and services in Windows 10, Delivery Optimization was amongst those that I configure to keep Microsoft using my host as theirs. https://www.thewindowsclub.com/turn-...y-optimization For the same reason that I chose not to become covertly volunteered to assist Microsoft to deliver Microsoft's updates, I also will not abuse the hosts of other users to acquire those Microsoft updates. Do you feel the same way considering that one of the options is to send to or receive from only "PCs on my local network"? I totally agree about the "and PCs on the Internet" aspect of the feature, but within my LAN it seems somewhat reasonable. I currently have the feature enabled, but the sub-feature "PCs on my local network" is selected, rather than the second option that includes "and PCs on the Internet". Thoughts? For a multi-host intranet setup, I would use a server version of Windows on one of them and use WSUS. However, in your setup, you are distributing the effect of WSUS over multiple hosts to eliminate having to pay more to get a server edition of Windows. Hopefully whomever is using one of your intranet hosts decides to not include the updates in their local cleanup. See: https://www.thewindowsclub.com/can-i...y-disk-cleanup I have to wonder what happens for a download of an update that is corrupted or otherwise refuses to install. Instead of some hosts gets updated, they get it from the host that has a bad copy of the update, so all hosts fail to update. I've never had to troubleshoot why an update fails when using delivery optimization since, after all, how would you know on which intranet host was where is the bad update? If it were local, you delete the Software Distribution folder and redo the WU client to rebuild the local catalog to re-retrieve the failed update. Delivery optimization is a self-organizing distributed cache of updates. I haven't investigated to know if a cached update must exist in its entirety one one host or if it may get split. Seems a means for malware to manage to infect one host with a corrupted or substitute update and then have Microsoft's delivery optimization to distribute the malware to all the other hosts. You might be the only user of all your intranet hosts but that's not the typical scenario under which delivery optimization gets used. https://tools.cisco.com/security/cen...?alertId=55567 https://www.rapid7.com/db/vulnerabil...cve-2017-11829 That one was found and hopefully fixed. Finding one doesn't mean finding all vulnerabilities. This is another broadcasting protocal that can affect multiple hosts. Windows 10 had been released in mid-2015 and it was more than 2 years later that the above vulnerability was exposed. For home users, yeah, WUDO (Windows Update Delivery Optimization) might have some advantages -- but how slow is the Internet connection on these home PCs to connect to Microsoft's own WSUS server? Yes, BITS (Background Intelligent Transfer Service) is slow to get updates because it was designed to be that way: not use much bandwidth or CPU cycles so as not to impact responsiveness of the host to the user. However, users can use the online catalog to download the updates (and then share with their other hosts) or use WSUSoffline to build a local cache (that could also be shared amongst your other hosts). Dial-up users are going to suffer whether they use WUDO or not. I would think Microsoft doing full-bandwidth transfers of update files, especially the big ones, would impact the available bandwidth of the intranet hosts to communicate with other or for Internet traffic. I suspect BITS is still employed by WUDO to distribute the updates from the local caches on each host to the other hosts, so the transfer remains throttled. Well, that's what I would expect from Microsoft. However, users have been complaining that WUDO was choking their network making web surfing very slow or impossible. They had the default of WUDO getting updates from other Intranet hosts. That means WUDO is not using BITS to keep the update traffic in the background. So what happens when you connect a new host that has to get all the updates from wherever they are cached on the local/intranet hosts? Seems it will flood the network with all those update transfers and at full speed, much like an FTP transfer. Getting information on how WUDO exactly works has been rather fruitless. However, to be fair, I disabled it, so I haven't been motivated to dig into how it works. It has choked users networks when getting updates from web hosts, so how would that not also happen for getting the updates from local hosts? It has been vulnerable, but is anyone actually digging into it to find more, if any, vulnerabilities? How much faster is "faster" when using a distributed cache in an intranet? There are tons of performance tweaks that may boost performance but often the change is so miniscule that users will never notice a change. While you have multiple hosts in your intranet, I doubt that constitutes the vast majority of home PC setups, and one home PC can't take advantage of a local cache of updates since that cache would be on the only host in the home network which already has a cache of updates in the Software Distribution folder. Personally I don't trust the other hosts in my intranet because my family aren't as safe as I and they often commit actions that result in their hosts getting infected. So, in my case, I configure the router to isolate the other intranet hosts: all get Internet access but they cannot access each other. I'll fix their hosts but I'm not letting them touch mine. It's the same idea that a drowning man takes down the rescuer, so lifeguards tote a buoy on a rope to toss to the drowning person. If you don't save yourself first, you cannot save someone else. I've read reports from users that claim the WU client shows zero updates available and a poll at the catalog store also shows zero updates available for the visiting client yet WUDO is consuming a large portion of the network bandwidth. That hints that WUDO is retrieving updates that are NOT for your host but for any host. Other hosts that need the update could get it from the local distributed cache but your host doesn't need the update. Your host is updating the local distributed cache with updates your host doesn't need just to have them available for other hosts that may need them. In effect, WUDO is acting like a local WSUS server to accumulate a range of updates whether they apply to your hosts, your other hosts, or none of your hosts. Fully updated hosts still experienced traffic due to WUDO. Disabling WUDO eliminated the sometimes excessive traffic which was unnecessary for an already fully updated host. The option to share updates only on local hosts might eliminate the above network choking. If just one of the local hosts had the update already then share it with the other hosts. The users reporting the choking (high bandwidth usage) did not mention if they were sharing the updates only locally or with web hosts. BITS was designed to minimize impact on the updating host. WUDO does not. WUDO isn't just for updates but also for Store apps. Since I have WUDO disabled, I don't have a local distributed cache to look at. Are the apps simply stored in a cache folder or are they protected against tampering? Distributing apps to other hosts where the apps could be modified by one of the hosts involved in the distributed cache could mean other users don't get the app they expect to get. I'd have to dig more into WUDO to determine how the updates and apps are protected against tampering and just how the receiving hosts qualify that the update or app is what Microsoft's WSUS server would've delivered. To be honest, I don't think Microsoft came up with WUDO to help users get their updates more quickly and safely but instead to relieve some of the load on their own WSUS servers. Co-opting users isn't a new concept. There was/is a peer-to-peer VPN (I think it was Hola) where the free users where actually sharing a portion of their bandwidth with the paid users. That is, freeloaders got the service for free albeit a bit slower while sacrificing a portion of their bandwidth as a shared node used by paid users. Not wanting to share a portion of your bandwidth with other peers meant having to pay for that "privilege". Bet you're sorry you asked. Thanks for the detailed reply. As for the possibility of corrupt updates being shared within the LAN, I assume each update package is signed so that a host knows if it can be trusted. However, if MS isn't taking advantage of the other hosts on the LAN in this way, then I might as well just disable the whole thing. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|