tinyapps.org / blog

Yandex suddenly the default search engine in Safari on Mac OS X #

While browsing in Safari with 30-40 tabs open, I opened a new tab and performed a search. Instead of receiving Google results, I landed on a Russian Yandex page.

After switching the default search engine back to Google and performing the obligatory malware scan, Safari reset, etc, a quick search turned up Yandex becomes Safari search option in Russia, Ukraine and Turkey, which seemingly pointed to a DNS or language issue, as I was not located in or near those countries.

Switching between several trusted DNS servers did not remove the Yandex search engine option, but removing the Unicode Hex Input from System Preferences > Keyboard > Input Sources did. Screenshot

/mac | Apr 27, 2016

Microsoft Error Reporting for Mac 2.2.9 Update #

The past few days, the following error has appeared when attempting to update new installs of Microsoft Office 2011 and 2016 for Mac:
An unexpected error occurred.
These applications were not updated:
Microsoft Error Reporting
All other updates would install, but "Microsoft Error Reporting for Mac 2.2.9 Update" remained.

MacUpdate's listing pointed to MERP_229.dmg hosted on Microsoft.com, but the resulting dmg file turned out to be simply an HTML file containing a 404 message. The original Microsoft Error Reporting for Mac 2.2.9 Update webpage at Microsoft had also vanished; Google has a cached copy.

Happily, I stumbled onto TJ Luoma's large repository of Mac apps, including the missing MERP_229.dmg. Installing it resolved the update error. Thank you TJ!

/mac | Apr 24, 2016

Change msconfig boot options from command prompt via boot disc #

During a malware cleanup, msconfig was used to change the boot method to Safe Mode with Networking (msconfig > Boot > Boot options > check Safe boot > check Network). On reboot, Windows would not load. Reverting the changes and returning to Normal Mode was done like so:
  1. Boot from Windows install disc and open command prompt (Shift+F10)

  2. Check the current boot mode:

    Windows Boot Loader
    identifier {default}
    nx OptIn
    safeboot Network

  3. Remove the Safe Mode with Networking option:

    X:\>bcdedit /deletevalue {default} safeboot
    The operation completed successfully.

  4. Check boot mode again:

    Windows Boot Loader
    identifier {default}
    nx OptIn

BCDEdit can be used on offline drives via the "store" command (the help documentation oddly refers to it as a command instead of a flag or switch), e.g., bcdedit /store E:\Boot\BCD /deletevalue {default} safeboot. (Found this handy for editing BCD on a DiskCryptor-encrypted drive mounted inside of a Windows PE session.)


/windows | Apr 17, 2016

A better Problem Steps Recorder #

Windows' Problem Steps Recorder makes it easy to create step-by-step screenshots for troubleshooting, documentation, etc. However, annotation and output options are severely limited.

Searching for a Windows program similar to MacSnapper1 or Explainer2, I stumbled upon Wink, a freeware, cross-platform screen capture tool that allows you to "[C]apture screenshots, add explanations boxes, buttons, titles, etc and generate a highly effective tutorial for your users." Additional features include audio recording, importing BMP/JPG/PNG/TIFF/GIF files, and exporting to PDF, PostScript, HTML, Flash, EXE, and the aforementioned image formats.
  1. "Create lesson webpages and PDFs from snapshots and images"
  2. "A screenshot app for those of us who explain 'computer stuff' to other people"

/windows | Apr 14, 2016

Paragon's rich collection of freeware #

Paragon Software Group has a surprisingly large collection of powerful freeware offerings. Here is, to my mind, a better organized catalog:


Windows XP




/misc | Apr 11, 2016

Windows Update stuck "Checking for updates..." / Error 0x80070005 #

TL;DR: WSUS Offline Update solved the problem.

Windows Update was stuck overnight "Checking for updates..." on a virtually brand new, clean Windows 7 install. Tried the following:

  1. Reset Windows Update Agent - "This Script allow reset the Windows Update Agent resolving issues with Windows Update." Runs under XP - 10. Last updated Feb 29, 2016. Did not resolve issue.
  2. Fix Microsoft Windows Update Issues - "This troubleshooter will detect and solve Windows update issues automatically." Did not resolve issue, but reported an unresolved "error 0x80070005".
  3. Error 0x80070005 in Windows Update when you try to install updates - Uses a batch script and SubInACL to repair file and registry permissions. More information. Did not resolve issue.
  4. 0x80070005 – Fix for Windows - Several suggestions, none of which resolved the issue.
  5. Repair or reinstall Windows Update - Massive collection of potential fixes, including WSUS Offline Update, which resolved the issue and fixed Windows Update.

Wish I had found this first - exact same issue and resolution: Windows 7: How I Solved the Infinite 'Checking for Updates' Hell.... More suggestions: Windows 7 SP1 Windows Update stuck checking for updates

/windows | Apr 06, 2016

A lickable Linux distro #

Apricity OS is an Arch-based Linux distribution with a simple, beautiful, and consistent UI:

Apricity OS

According to the developers, "Apricity OS idles at around 500 megabytes of memory usage, as opposed to other popular operating systems that idle at up to several gigabytes. This also helps bring boot times down to just a few seconds." I found it fast and responsive running in a VM with just 2GB of RAM. Love the little coffee cup icon in the menu bar which functions much like OS X's caffeinate, though it has the added benefit of disabling the screensaver as well.

(via Hacker News)

/nix | Apr 03, 2016

Restoring Windows 7 Dell Factory Image After Windows 10 Upgrade #

Restoring a Dell factory image is usually performed by pressing F8 during boot to open the Advanced Boot Options menu and then navigating to "Repair Your Computer" > "Dell Factory Image Restore".

Upgrading to Windows 10 breaks this functionality. Here is an alternate method for restoring the factory image; unlike the usual method, a current Windows username and password is not required:
  1. Backup, backup, backup! This process will erase the entire contents of the OS partition.
  2. Boot from Windows 7 DVD
  3. Press Shift+F10 at language selection screen to launch cmd.exe
  4. Check drive letter assignments carefully; they may well differ from the ones shown here (in my case, the RECOVERY partition was assigned C: while the OS partition (which is assigned C: when booted normally) was assigned D:)
  5. Copy imagex.exe (or imagex64.exe for 64-bit boot discs) to the RECOVERY partition (C: in this example)
  6. Check the factory image:
    C:\>imagex.exe /dir C:\Dell\Image\Factory.wim 1
  7. Format the OS partition
  8. Restore the factory image to the OS partition:
    C:\>imagex.exe /apply C:\Dell\Image\Factory.wim 1 D:
Notes & Updates References

/windows | Mar 30, 2016

Extracting interesting data from disks and disk images #

bulk_extractor is a beautifully-documented forensic tool for extracting all sorts of potentially useful information. From the user manual:
"bulk_extractor is a program that extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence media. It is a useful forensic investigation tool for many tasks such as malware and intrusion investigations, identity investigations and cyber investigations, as well as analyzing imagery and password cracking. The program provides several unusual capabilities including: bulk_extractor operates on disk images, files or a directory of files and extracts useful information without parsing the file system or file system structures. The input is split into pages and processed by one or more scanners. The results are stored in feature files that can be easily inspected, parsed, or processed with other automated tools. bulk_extractor also creates histograms of features that it finds. This is useful because features such as email addresses and internet search terms that are more common tend to be important."

Via Top 20 Free Digital Forensic Investigation Tools for SysAdmins, which offers this handy tip: "You will also see a decimal value in the first column of the text file that, when converted to hex, can be used as the pointer on disk where the entry was found (i.e. if you were analyzing the disk manually using a hex editor for example, you would jump to this hexadecimal value to view the data)."

/misc | Feb 29, 2016

Random harvest #

/misc | Feb 26, 2016

Subscribe or visit the archives