Updates failed - Advanced Micro Devices, Inc - System - Error 0x80070002
A subtle but deeply gratifying feature is how ScreenToGIF displays the current frame when highlighting a range of frames in the timeline (rather than statically displaying the first selected frame).
Additionally, it's:
/windows | May 21, 2018
These steps dumb down security advances made in later Windows versions in order to accommodate XP. Do not use them unless absolutely necessary; even then, do so at your own risk (and joy).
On Windows 10 PC:
AllowInsecureGuestAuth and set its value data to 1.C:\Windows\System32\OptionalFeatures.exe → check "SMB 1.0/CIFS File Sharing Support" → OK → reboot when promptedOn Windows XP PC:
You should now be able to map a network drive normally.
If you have trouble with "Reconnect at login" or "Connect using a different user name", consider a batch script in the Startup folder, e.g.,
ping 127.0.0.1 -n 11 >NUL & REM delay execution for 10 seconds
net use * /delete /yes & REM clear any existing mapped drives
net use x: \\WIN10PC\shared
If the Windows 10 and XP usernames and passwords match, you're done!
If they differ, you can simply store the Windows 10 username and password in Windows XP's Stored User Names and Passwords (aka Credential Manager); access via rundll32.exe keymgr.dll, KRShowKeyMgr.
Otherwise, you could specify the username in the script, prompting the user for the password each time (e.g., net use x: \\WIN10PC\shared /user:xpuser *), or you could store both the username and the password in the script (security-wise, not a great idea, but hey, you're still running Windows XP, so... net use x: \\WIN10PC\shared /user:xpuser password).
Sources and more information:
/windows | May 17, 2018
Updates failed - Advanced Micro Devices, Inc - System - Error 0x80070002
Attempting to automatically update the driver in Device Manager returned:
AmdAS4 Device: The system cannot find the file specified.
HP's Software and Driver Downloads page for this laptop inexplicably does not include chipset drivers. However, thanks to Paul_Tikkanen's answer in Missing unknown driver ACPI\ASD0001\2&DABA3FF&2 (which took longer than a few seconds to find, hence this post), the error was resolved by downloading and installing the AMD Chipset Drivers (revision 18.10.0418, released 4/18/2018) directly from AMD.
/windows | May 13, 2018
(Note: This post is not about Windows 10's new Timeline feature (but don't miss Windows 10 Timeline Forensic Artefacts and WxTCmd, a parser for the Windows 10 Timeline database.))
Replay / rewind Windows events and actions to:
Unlike the lengthy forensic and incident response tools listed below, Nir Sofer's LastActiviyView runs on a live system within seconds, reporting:
In 2014, Thomas Weller combined LastActiviyView with a host of additional Nirsoft utilities to create Live System Timeline Builder, which builds a super timeline of a running Windows machine in seconds. The unified view includes results from:
While Live System Timeline Builder comes packaged as an installer, the resulting folder (%PROGRAMFILES(X86)%\WelliSolutions\LiveSystemTimeLineBuilder\) is completely portable; you just need LiveSystemTimelineBuilder.exe, EPPlus.dll, and the Providers subdirectory.
You can even update the Nirsoft apps in Providers as well (the latest RegDllView, 1.60, does not appear compatible, so stick with the included 1.58).
If you have more time to dig, there are a number of exhaustive (and time-consuming) timeline tools focused on forensics and incident response:
Autopsy "is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer." Includes detailed timeline analysis.
Crowd Response "is a lightweight Windows console application designed to aid in the gathering of system information for incident response and security engagements."
FastIR Collector "collects different artefacts on live Windows and records the results in csv or json files."
Forensafe Timeline Analyzer "will take physical and logical disks, image files and RAM as input to recover artifacts." (Project status unclear, but calimelo's reply in this thread includes a link to a password-protected RAR archive.)
ir-rescue - "A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response."
KeyChain KeySpace "utilizes digital forensic techniques for cyber criminal investigations, internal audits, and industrial confidential disclosures. It is a solution that supports automatic analysis easily and conveniently. Analyze file formats and raw data for professional analysis." (via Google Translate)
plaso log2timeline - "Super timeline all the things" How to use log2timeline! includes an Excel color template. Results can also be parsed using Timeline Explorer.
Redline - "Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history."
Timesketch - "Collaborative forensic timeline analysis"
Virtual machine appliances:
* Unlikely that they erased all (if any) traces.
/windows | May 11, 2018
Footnotes:
/mac | May 09, 2018
For years, I used Stomp for resizing videos under OS X. However, in addition to recently being retired, it has had trouble processing a number of formats of late, either hanging altogether or displaying lengthy time estimates (e.g., ~6 hours to scale a 6 minute video by half).
Happily, ffmpeg makes quick work of scaling video while preserving the aspect ratio, e.g.,
$ ffmpeg -i in.mp4 -vf scale=640:-2 out.mp4
/mac | Apr 28, 2018
Shangri-La?
I stepped outside and again I was struck by the magnificent view: a full circle of peaks surrounded the flat sea of the central plain dotted with its villages, refuges in a world unfit for man. If ever there lay a valley cut off from the world, a hidden, secret land, it was Zanskar. I could hardly believe that only recently I had left a world which is polluted and over-populated. Everything in Zanskar I found near to perfection: nothing, so it seemed, was out of place or unnatural. ... There was nothing here to tarnish the harmony of nature in which man has his natural place blending with the earth...
Fleas in Heaven
Finally I retired to a nocturnal safari against the terrible fleas. Someone, alas, had forgotten to explain to them the deadly effects of DDT, for they completely ignored the floods of insecticide with which I had covered my body. Leeches in the lower, damp southern Himalayas and fleas in the north are responsible for the real hardships of Himalayan travel. My parasites and I awoke early the next day.
At last I lay down to what I thought was well-earned sleep only to appreciate I had overlooked the fleas for which Kargil is famous. As I sat scratching myself I thought of all those travellers who had passed sleepless nights at this ancient crossroads of caravans heading for Tibet, Afghanistan, China and Sinkiang.
I must admit I needed self-control not to kill the fleas I caught in the chapel. Instead, with traditional respect for life, I placed the offenders on the ground without squashing them, thus leaving them free to start a new career on someone else.
For the night I was offered a small room in a large house that seemed neat and reasonably clean. Little could I then foresee that this was to result in severe wounds, much frustration and eight full days of furious scratching. 'To bite a flea is hardly food for the stomach but how nourishing for the soul,' goes a Tibetan proverb. I had to agree as, forgetting all taboos about respecting life, and in spite of the difference in size and the Geneva convention, I killed all prisoners!
Belief
Usually it takes me a week to get rid of the habits of my rational Western self, to stop querying every fact and figure and searching for an explanation to every phenomenon. This period over, I began to believe in witches and ghosts, gods and demons, good and evil spirits and endless other characters that in the West I liked to consider imaginary—in the same manner that Lobsang would consider unreal and laugh at all the dreary statistics in which we believe, such as the height in feet of our tallest buildings, or the exact distance in miles between the earth and the moon, the facts and figures which mould our lives and command respect in our figure-mad world. But what do figures mean, or spirits, if one docs not believe in them? The answer is nothing, for it is Faith that counts. Often we would be at a loss to check many of the facts we believe in; we accept them with that same blind faith with which I now accepted the presence of demons and the miracle of the [imprint in rock of a] footprint [said to be Padma Sambhava's].
/misc | Apr 19, 2018
This post is for the scattered few who still sync calendars between their Mac and iOS device via USB, and find deleted calendars appearing in iTunes, despite those calendars not appearing in iCal / Calendar. Backup before proceeding. The iOS calendar(s) will be overwritten.
Similar reports:
Related:
defaults delete com.apple.SyncServer SyncServicesResetWorldRunOnce and reboot/System/Library/Frameworks/SyncServices.framework/Versions/A/Resources/resetsync.pl full/System/Library/Frameworks/SyncServices.framework/Versions/A/Resources/resetsync.pl fullcd ~/Library/Application\ Support/SyncServices/rm -r Local.*cd Localmv conflicts _conflicts_/mac | Apr 08, 2018
After 14 years of calendar events (>17,000, but still well within the recommended limit of 50,000), Calendar.app finally started acting up; a month-long period refused to sync via iTunes from an iPhone to a Mac, despite desultory remedial efforts1.
Time to archive and cleanup:
Backup calendar(s) to both ICS and ICBU formats; print to PDF for good measure
Recover recalcitrant events from iPhone using iExplorer
Install icalBuddy2 version 1.8.10 via Homebrew3:brew install ical-buddy
Export all events from 2003 through 2017 using a for loop4:$ for i in {2003..2017}; do icalBuddy --separateByDate --noCalendarNames eventsFrom:$i-01-01 to:$i-12-31 > $i.txt; done
Combine all 2003–2017 txt files into one:awk 'FNR==1{print ""}1' *.txt > events.txt
Check for duplicates:uniq -d events.txt
and remove:uniq events.txt > events_deduped.txt
Remove auto-generated URLs for events created via iMessage or Mail:sed '/^ url:/d' events_deduped.txt > events_urls_removed.txt
Delete 2003–2017 events from Calendar via Automator5: Find Calendar Events > Date ending > is before > 1/1/2018 > Delete Calendar Events
Footnotes:
1 namely (and mainly from How To Reset Calendar, iTunes USB Sync):
~/Library/Calendars/Calendar Cache* and ~/Library/Caches/com.apple.iCal)~/Library/Preferences/com.apple.iCal.plist and ~/Library/Preferences/com.apple.iCal.helper.plist)$ /System/Library/Frameworks/SyncServices.framework/Versions/A/Resources/resetsync.pl full)2 Display iCal events on the command line or as Rich Text
3 to avoid a bug in the officially-hosted version (1.8.8) under OS X 10.10+.
4 Exporting all events from 2003 through 2017 like so: $ icalBuddy --separateByDate --noCalendarNames eventsFrom:'jan 1, 2003' to:'december 31, 2017' completed without error, but stopped in 2006, hence the for loop.
5 Calendar, Automator, and AppleScript were so recalcitrant under macOS Sierra that an OS X Mountain Lion virtual machine had to be employed for the cleanup process. More on deleting old events:
Failed attempts:
The Calendar Exporter), but it only exports to ICS (which Calendar.app does already). Further, it only exported a few hundred events before stopping.
/mac | Apr 01, 2018
Scenario:
You are running Windows 8.1
You have an existing local Windows user account named Alice that you'd like to rename to Bob, including the associated user profile folder
There is no (nor ever has been a) user named Bob on your machine
You have an existing admin account named Eve
Steps:
Backup, backup, backup (and know how to restore if things go wrong)
Log in to Windows as Eve (if Fast User Switching is enabled, make sure Alice is logged out completely)
Control Panel\All Control Panel Items\User Accounts > Manage another account > Alice > Change the account name > Bob > Change Name
Rename C:\Users\Alice to C:\Users\Bob
Do a batch search and replace in the registry1 of C:\Users\Alice to C:\Users\Bob with a tool like Advanced Regedit (win32)2,3
Create a symbolic link5,6 to maintain compatibility with hard-coded references to C:\Users\Alice7:
C:>mklink /d C:\Users\Alice C:\Users\Bob
Footnotes:
Most guides, including Microsoft's own Renaming a User Account Does Not Automatically Change the Profile Path, only mention updating the value data for ProfileImagePath in the corresponding S-1-5... subkey of HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList:
However, there are invariably many more references to the old path which need updating, especially since most guides (including Microsoft's) also fail to include step 6 above (symbolic links).
Or with a batch file or PowerShell script: Registry: find and replace part of a path in a batch file / PowerShell Registry Find and Replace
On a crufty, heavily-used system, removing all occurrences of C:\Users\Alice from the registry required using two additional batch search and replace tools, Registry Toolkit and Registry Replacer.
For longer usernames (e.g., AliceSmith), values containing the short path name (C:\Users\ALICES~1) may also be present and require updating.
If you ever decide to delete the symbolic link, be very careful: "If you have a symbolic link that is a directory (made with mklink /d) then using del will delete all of the files in the target directory (the directory that the link points to), rather than just the link. SOLUTION: rmdir on the other hand will only delete the directory link, not what the link points to."
From a comment by GuitarPicker: "[T]here may be some other programs which store the paths elsewhere, such as an .INI file, .XML file or a database."
Sources & more:
How To Move The Windows Users Profile Folders describes another method, employing a new user account and xcopy.
/windows | Mar 22, 2018