tinyapps.org / blog

Direct download of Boot Camp drivers #

  1. From within Windows (or OS X) via Timothy Sutton's Brigadier Python script
  2. From within OS X via Boot Camp Assistant > Action > Download Windows Support Software
  3. From within a browser (for Windows 7/Boot Camp 4 & 5.1) via this Apple page

/mac | Dec 10, 2016

Cloning 1TB MBR system HDD to 4TB GPT SSD #

  1. Install 4TB SSD
  2. Change boot mode to UEFI and SATA operation to AHCI.* For example, on a typical Dell system:
  3. Boot from Acronis True Image 2016 disc (be sure to select entry under UEFI BOOT, not LEGACY BOOT)
  4. Clone 1TB MBR HDD to 4TB GPT SSD. MBR will be converted to GPT automatically on destination disk

Received "Failed to write data to disk" error at end of cloning process followed shortly by "Cloning succeeded".

On reboot, the following message appeared:

 

Windows Boot Manager

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your Windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer."

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \EFI\Microsoft\Boot\BCD

Status: OxcOOOOOOf

Info: An error occurred while attempting to read the boot configuration data.

ENTER=Continue ESC=Exit

 

  1. Booted from Windows 7 install disc (again, be sure to select device under UEFI BOOT, not LEGACY BOOT)
  2. Next > Repair your computer
  3. "Windows found problems with your computer's startup options. Do you want to apply repairs and restart your computer?"
  4. Before clicking "Repair and restart", clicked "View details", which revealed:
        The following startup options will be added:
        Name: Windows 7 Professional (recovered)
        Path: Windows
        Windows Device: Partition=D: (3815116 MB)

Windows booted normally from 4TB SSD.

* IDE/ATA was required in this account, which uses a method similar to Xcopy Windows to a new hard drive, but with ntfsclone (careful with syntax - the target is specified before the source, as explained in the man page:
Clone NTFS on /dev/hda1 to /dev/hdc1:
ntfsclone --overwrite /dev/hdc1 /dev/hda1)
Destination disk is larger than 2 TB: If "My source disk is MBR and my OS supports UEFI" and "My system is UEFI-booted (Windows or Acronis Bootable Media)" then "partition style on your destination disk will be converted to GPT automatically. This disk may be used for booting in UEFI. Also, the entire disk space will be available."

/windows | Dec 03, 2016

Add fade to black transition to MP4 video #

3 methods, from least to most efficient. Original MP4 video clip ≈ 2.4MB.

Thanks to LordNeckbeard's tip and link to FFmpeg's fade filter documentation.

UPDATE:

Add fade in and fade out:

$ ffmpeg -i in.mp4 -vf "fade=in:0:10,fade=out:900:27" -acodec copy out.mp4

Concatenate MP4 files:

$ cat mp4s.txt 
file '/path/to/1.mp4'
file '/path/to/2.mp4'
file '/path/to/3.mp4'

$ ffmpeg -f concat -safe 0 -i mp4s.txt -c copy out.mp4

Added -safe 0 to resolve "Unsafe file name" error.

/mac | Nov 24, 2016

Mail.app: Cannot remove attachments from sent emails #

If Message > Remove Attachments is grayed out for sent messages:
  1. Select the affected mailbox (e.g., Sent)
  2. Mail > Preferences... > Rules > Add Rule
  3. Create a rule in which From is equal to your email address and Any attachment name contains "." (without quotes).
  4. Set the action to "Set Color"
  5. OK > "Do you want to apply your rules to messages in selected mailboxes" > Apply

Attachments can now be removed normally from affected messages. Tested in Mail 9.3 under OS X 10.11.6. Lion/Mountain Lion's Mail: Workaround for removing attachments from sent messages should have been in the top 10 Google results but wasn't, hence this recapitulation.

/mac | Nov 24, 2016

Compare / diff disk images and other large binary files #

with lfhex (Large File Hex Editor). Installation in Debian-based distros is as easy as apt install lfhex, but that version is sadly plagued with a long-standing bug which hides the (very handy) "Cursor Offset" selection box:
lfhex missing Cursor Offsetlfhex with Cursor Offset
lfhex missing cursor offsetlfhex with cursor offset

As Kalle Olavi Niemitalo explains in the aforementioned bug report, removing statusBar()->showMessage("Ready",2000); from hexGui.cpp before compiling works, but only if you have older versions of Qt, gcc, g++, etc. to compile with (or manage to resolve compatibility problems like this one).

After several false starts, I got a x64 binary compiled under Ubuntu 12.04, gcc 4.6.3, and Qt 4.8.1. Works fine under newer Debian-based distros as well.

See also wxHexEditor, a cross-platform (Linux, Windows, OS X), open source hex editor with support for very large files (up to 2EB) and raw disk access (under POSIX systems). The current version, 0.23 beta, is available via apt install wxhexeditor.

UPDATE 1: Just noticed this on the lfhex homepage under "Limitations": "Search/compare can be slow (compared to cmp or any other non-paged IO app)". Note that cmp -s is faster than just cmp and roughly equal to diff -q. More info. Tip: If you just need to know whether two large files differ, first check the file sizes. Only then if necessary run: diff --speed-large-files --brief --report-identical-files file1 file2.

UPDATE 2: To compare two files, run lfhex -c file1 file2 (there isn't a comparison option within the GUI, though the preceding command will launch the GUI in comparison mode).

/nix | Nov 05, 2016

Photos.app: "Nothing to import - None of these files can be imported into your Photos library." #

While clicking and dragging multiple folders containing JPGs into Photos.app, the following error appeared:

Nothing to import - None of these files can be imported into your Photos library.

Quitting and restarting Photos.app only worked for a few more files, then back to the same error message. File > Import... did not work either.

Happily, PowerPhotos was able to import everything (over 100GB worth), automatically skipping duplicates and providing a detailed report of the process via Library > Import Photos...

/mac | Oct 26, 2016

Interrupt PhotoRec recovery, change the destination, and resume #

During a PhotoRec session, if disk space on the destination starts running precariously low, you can interrupt the session, change the destination, and resume like so:
  1. Halt the session and exit PhotoRec: Stop > Y > Quit > Quit > Quit
  2. If desired, move recup_dir.* to new destination (while not required, you may wish to keep all of the recovered files together). In any case, do not move or edit photorec.ses, which is located in the current working directory)
  3. Launch PhotoRec again
  4. When "Continue previous session ? (Y/N)" prompt appears, press Y
  5. Browse to new destination directory then press C
  6. Recovery will resume where it left off

/nix | Oct 24, 2016

Combine an animated GIF with a static image while retaining the animation #

in Adobe ImageReady CS2:
  1. Open both images in ImageReady
  2. Rotate the animated GIF if desired (Image > Rotate Canvas > Arbitrary...)
  3. Make the animated GIF's canvas size larger than the static image's canvas size (Image > Canvas Size...)
  4. Copy and paste the static image as a layer into the animated GIF (Select > All > Edit > Copy > Edit > Paste)
  5. Using the Move Tool (V), drag the static image to the desired position, then use the Crop Tool (C) to crop it
  6. Set the static image as the background (Layer > New > Background From Layer)
  7. Check the delay timers and looping options in the Animation pane (Window > Animation)
  8. Save the new combined GIF (File > Save Optimized As...)

/misc | Oct 19, 2016

Building a triple-boot Mac: OS X 10.9, Linux Mint 18, Windows 7 #

This process was tested on a MacBook Pro (13-inch, Mid 2012)* and Samsung 830-Series MZ-7PC128B/WW 128GB Solid State Drive with OS X 10.9.5, Linux Mint Cinnamon 18 64-bit, and Windows 7 64-bit.

  1. Install SSD. Any existing data will be deleted.

  2. Boot from Mavericks installer

    1. Disk Utility > Partition (GUID), format (Mac OS Extended (Journaled)), and name (OSX) volume

    2. Install Mavericks to OSX normally

  3. Boot from SSD

    1. Boot Camp Assistant > allocate partition space as desired (keeping in mind that the Linux Mint partition will be carved out of the Windows partition)

    2. Install Windows normally

  4. Boot from Linux Mint 18 installer

    1. Install Mint normally, selecting "Install Linux Mint alongside them" and specifying the desired sizes of the Windows and Mint partitions

  5. When installation completes, boot to Startup Manager by holding the Option key. There are 3 options:

    1. OSX = Mavericks

    2. Recovery-10.9.5 = OS X Recovery

    3. Windows = GNU GRUB, from which Linux Mint 18 or Windows 7 can be booted (ignore the OS X 32-bit and 64-bit entries)

Notes:

/mac | Oct 18, 2016

Showing all programs in Windows 8.1 #

In lieu of a third-party Start menu replacement like Classic Shell (along with its attendant risks), you can create a taskbar toolbar to display all programs in Windows 8.1:
  1. Add %ProgramData%\Microsoft\Windows\Start Menu\Programs and %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs to a new Library called "Programs"
  2. Right click the taskbar then click Toolbars > New toolbar...
  3. Enter %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Libraries\Programs.library-ms into the Folder: path and click "Select Folder"

That's it; now you've got a list of all programs easily accessible from the taskbar.

References:

/windows | Oct 11, 2016

Mounting partitions from full disk images with guestfish #

Just added a long-overdue update to Mounting partitions from full disk images with guestfish, part of the inimitable libguestfs:
"libguestfs can access almost any disk image imaginable. It can do it securely — without needing root and with multiple layers of defence against rogue disk images. It can access disk images on remote machines or on CDs/USB sticks. It can access proprietary systems like VMware and Hyper-V."

/nix | Oct 02, 2016

Installing ddrescue in Debian, Ubuntu, Mint, et al. #

A few ddrescue install tips for Debian-based distros:

/nix | Sep 30, 2016

Virtualizing Snow Leopard #

Hot on the heels of our 2011 post, Mac OS X P2V, comes a new guide for those who just can't let go of OS X 10.6's superior speed, stability, or PowerPC emulation: Installing Snow Leopard into VMWare Fusion 8 on El Capitan. Enjoy!

/mac | Sep 11, 2016

Automatically prompt for elevated permissions when running a batch script #

Add the script below to the beginning of your batch scripts to automatically request elevated permissions when run. It was written by Matt, who credits for inspiration a post by NIronwolf, which credits OpenELEC, who apparently does not host the original script any longer (this may be it: create_installstick.bat). As Winhelponline points out, simply add your instructions under the "START" label. 

::::::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights V2
::::::::::::::::::::::::::::::::::::::::::::
@echo off
CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================

:init
setlocal DisableDelayedExpansion
set "batchPath=%~0"
for %%k in (%0) do set batchName=%%~nk
set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"
setlocal EnableDelayedExpansion

:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************

ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
ECHO args = "ELEV " >> "%vbsGetPrivileges%"
ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
ECHO args = args ^& strArg ^& " "  >> "%vbsGetPrivileges%"
ECHO Next >> "%vbsGetPrivileges%"
ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
"%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %*
exit /B

:gotPrivileges
setlocal & pushd .
cd /d %~dp0
if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul  &  shift /1)

::::::::::::::::::::::::::::
::START
::::::::::::::::::::::::::::
REM Run shell as admin (example) - put here code as you like
ECHO %batchName% Arguments: %1 %2 %3 %4 %5 %6 %7 %8 %9
cmd /k

/windows | Sep 04, 2016

Recover Windows product key from BIOS / UEFI #

while booted via Windows installation media, then determine which version of Windows corresponds to the recovered key:

  1. Boot via Windows installation media (DVD, USB flash drive, etc)

  2. When the "Windows Setup" window appears, press Shift + F10 to open a command prompt

  3. Launch one of these tools from the command prompt to retrieve product key from BIOS / UEFI:

    1. Windows OEM Product Key Tool 1.1 - Purpose-built app; simply returns the product key

    2. FirmwareTablesView - Displays list of firmware tables; look for "MSDM" under Signature column or "Microsoft Software Licensing Table" under Description column

    3. RWEverything - Digs deep for a plethora of hardware details; head to ACPI > MSDM > Data.

  4. To identify which version of Windows the recovered product key corresponds to:

    1. Ultimate PID Checker - Works with product keys from XP through 8 (not 8.1); runs inside the Windows installation environment.

    2. ShowKeyPlus - Works with product keys from Windows 7 through 10; does not run inside the Windows installation environment. (UPDATE: Users have flagged GPL violations (to which the author nesciently replied, "GPL does not mean open source - it's freeware only."), missing source code, and cloaked network activity.)

For OEM computers still shipping with Windows 7 or 8.1 (slated to end on October 31, 2016), the firmware-embedded product key likely differs from the product key on the hard drive. Recover the latter with ProduKey.

For more information on embedded product keys, see Windows 10 Embedded Product Key Tool and Where is my Windows product key, and how can I tell that my Windows installation is genuine?

/windows | Sep 04, 2016

Booting Dell Venue 10 Pro 5055 from USB device #

  1. With the Venue turned off, hold the volume button down.
  2. Turn on the Venue
  3. When the BIOS / UEFI screen appears, let go of the volume button
  4. Tap "Boot" > "Secure Boot" > "Disabled"
  5. Tap "File Browser Add Boot Option" > select .efi file on a bootable FAT32-formatted device (e.g., tap "USB: DataTraveler 2.0" > "Select Media File" menu appears > tap "efi" > "boot" > "bootia32.efi") > "Input File Name" menu appears > enter desired name (e.g., "USBFlash") > tap Return > Ok
  6. Change "Boot Option Priorities" if desired, or simply reboot while holding the volume button up for the "Boot Options" menu.

Sources:

/windows | Sep 04, 2016

Google Chrome: Reenable backspace to go back in OS X #

While there are a lot of extensions for restoring backspace (delete on Mac keyboards) to its former glory, why trust an extension when this simple command line argument works?

--enable-blink-features=BackspaceDefaultHandler --test-type

Under Windows, this is as simple as changing the shortcut Target from

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

to

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-blink-features=BackspaceDefaultHandler --test-type

Here are two methods for passing the argument to Chrome under OS X:

Bash: open -b com.google.Chrome --args --enable-blink-features=BackspaceDefaultHandler --test-type

AppleScript: do shell script "open -b com.google.Chrome --args --enable-blink-features=BackspaceDefaultHandler --test-type"

Save either command and run in lieu of Google Chrome.app to restore backspace functionality.

On a related note, here is how to find bundle identifiers / bundle IDs (CFBundleIdentifier):

/mac | Aug 28, 2016

Windows 7 install error: "A required CD/DVD drive device driver is missing" #

While attempting to install Windows 7 on a Dell Optiplex 3040 Micro, the following error appeared:

A required CD/DVD drive device driver is missing. If you have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.

Note: If the Windows installation media is in the CD/DVD drive, you can safely remove it for this step.

Browse | OK | Cancel

(As it turns out, the problem is caused by a missing USB 3.0 driver, so installing via USB floppy, CD/DVD, flash drive, etc was not possible.)

Browsing for a driver on the virtual X: drive returned:

No device drivers were found. Make sure that the installation media contains the correct drivers, and then click OK.

Reports online did not sound promising, e.g.: 'No device drivers were found' error when installing windows 7 on new computer "FINAL EDIT - If you're here for answers, while nothing here worked for me, that doesn't mean it won't work for you, so I suggest you try everything here if you can. What I ended up doing is giving up on windows 7 and instead installed windows 10.").

Coming up with a working solution took more time than anyone else should ever have to invest in this issue again. Here's what worked for me:

  1. Format a USB drive as NTFS. If necessary, use diskpart.exe:

    1. list disk

    2. select disk x, where x is the number assigned to your USB drive

    3. clean

    4. create partition primary

    5. select partition 1

    6. active

    7. format fs=ntfs quick

    8. assign

    9. exit

  2. Copy files and folders from Windows 7 ISO or DVD to USB drive

  3. Download Intel(R) USB 3.0 eXtensible Host Controller Driver and extract contents

  4. Download, install, and run NTLite

  5. Click "Add" > "Image folder" > select drive letter of USB drive (E: in the example that follows) > click "Select Folder"

  6. Under "Operating systems | install.wim", right click the version of Windows that corresponds to your license and then click "Load":

  7. Once loading has completed, click "Drivers" in the left-hand column:

  8. Click "Add" > "Folder with multiple drivers" > browse to the folder containing extracted driver(s) > click "Select Folder"

  9. Click "Apply" in left-hand column > click green "Process" button at top left > "Yes"

  10. When processing is complete, click "Source" in the left-hand column to return to the main window

  11. Repeat steps 6 through 10 for the two entries under "Boot/Setup | boot.wim" (in the screenshots above, they are "Microsoft Windows PE (x86)" and "Windows 7 Setup")

  12. If desired, make an ISO image of the USB drive (for burning to DVD-R, etc) by right clicking E: under "Image history" and then clicking "Create ISO"

  13. The USB drive or ISO image can now be used to install Windows 7 on the affected computer (see below for a list of all affected Dell models)

Notes

Updates

/windows | Aug 21, 2016

All empty boats #

If a man is crossing a river
and an empty boat
collides with his own boat,
he won’t get offended or angry,
however hot-tempered he may be.
But if the boat is manned,
he may flare up, shouting and cursing,
just because there’s a rower.

Realize that all boats are empty
as you cross the river of the world,
and nothing can possibly offend you.

From chapter 43 of Stephen Mitchell's The Second Book of the Tao

/misc | Jul 19, 2016

Missing photos after upgrading iPhoto 6 to iPhoto 9.6.1 or Photos 1.5 #

Issue

  1. Old Mac running OS X 10.6.8 with iPhoto 6 library containing 5,238 items

  2. Imported data, including iPhoto Library, to new Mac running OS X 10.11.5 and Photos 1.5. via Migration Assistant.

  3. Photos Library displayed only 1,794 photos (through September 2010), even though all photos were found in ~/Pictures/Photos Library.photoslibrary/Masters and ~/Pictures/Photos Library.photoslibrary/Previews.

  4. Deleted Photo Library and iPhoto Library, manually copied iPhoto Library from old Mac again, relaunched both iPhoto and Photos - same result.

  5. Attempting to run iPhoto Library Upgrader 1.1 (which "prepares libraries from iPhoto 7 or earlier so they can be upgraded with the current version of iPhoto") on yet another copy of the original iPhoto Library returned "Your library can open with the current version of iPhoto and does not need to be prepared with this tool."

  6. Rebuilding the iPhoto library on both the old and new Mac (by holding down Command and Option while starting iPhoto, etc) did not help.

  7. Opening yet another copy of the original iPhoto Library in iPhoto Library Manager showed only the same 1,794 photos and misidentified the library as an iPhoto 8 library.

Resolution

  1. Copied original iPhoto Library to a third Mac running OS X 10.6.8 and iPhoto 6 (all 5,238 items appeared in iPhoto).

  2. Installed iPhoto Library Manager 3.8.6 (for Mac OS X 10.5.8 and iPhoto 7.1.5 and earlier).

  3. iPhoto Library Manager.app > File > Rebuild Library. As Christoph Bartneck explains, "The software has a tool to recover corrupted libraries. But it works differently from Apple’s approach. It starts with a fresh clean library and imports all the photos, including their meta data, such as location, faces, date. It also manages to rebuild albums and folders."

  4. Copied rebuilt iPhoto Library to new Mac running OS X 10.11.5.

  5. Ran iPhoto Library Upgrader 1.1 (which now ran normally intead of returning "Your library can open with the current version of iPhoto and does not need to be prepared with this tool" as above).

  6. Opened the upgraded iPhoto Library in iPhoto 9.6.1, which reported "This photo library needs to be upgraded to work with this version of iPhoto." After the upgrade process, all 5,238 items (including albums, metadata, etc) appeared intact!

  7. Opened Photos.app which imported the entire iPhoto Library successfully.

Updates

/mac | Jul 18, 2016

Copy actual URLs from Google search results, not nested nonsense #

Redirects in Google search results are not only a privacy concern, but also a major pain when trying to simply copy and paste links: These two extensions/add-ons (via HackerNews) help reduce needless suffering:

/misc | Jul 10, 2016

Stop ransomware process and dump memory to extract key #

Anti Ransom v3 "creates a random decoy folder with many useless random documents (Excel, PDF) and then it monitors the folder waiting for changes. When a change is detected, AntiRansom tries to identify which process is the responsible of such change and then stops it and dump the memory process (hopefully the key or password that is being used by the ransomware is inside)".

/windows | Jul 09, 2016

Music of the gears #

Paweł Zadrożniak makes beautiful music with an orchestra of hard disks, floppy drives, and scanners:

/misc | Jul 08, 2016

Extract passwords and more from memory #

mimikittenz "is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes".

Basic usage:

  1. Run Windows PowerShell as administrator
  2. cd to directory containing Invoke-mimikittenz.ps1 (e.g., Downloads)
  3. PS C:\Users\user\Downloads> Set-ExecutionPolicy RemoteSigned
  4. PS C:\Users\user\Downloads> Import-Module $pwd\Invoke-mimikittenz.ps1
  5. PS C:\Users\user\Downloads> Invoke-mimikittenz

Sample result:

PatternName       PatternMatch
-----------       ------------
Gmail             &[email protected]&Passwd=PASSWORD_IN_PLAINTEXT&Persiste...

mimikittenz currently extracts the following credentials from memory:

See also:

/windows | Jul 08, 2016

Installing grepmail in OS X 10.11 #

grepmail is a search tool for mbox files, including those compressed with gzip, bzip2, lzip, or xz.
  1. If you do not have the Command Line Developer Tools installed, run $ xcode-select --install to install them.
  2. Install lzip and xz from source (1, 2), your favorite package manager (Homebrew, MacPorts, etc), or Rudix
  3. $ sudo perl -MCPAN -e shell
  4. cpan[1]> install grepmail
  5. cpan[2]> exit
  6. If, like me, you receive a "command not found" error when attempting to run grepmail, repeat steps 2-4 to resolve.
More:

/mac | Jul 06, 2016

Find the product version and build information of an OS X installer #

The hard way:

The easy way, thanks to Johann N. Löfflmann.

UPDATE: Johann has an updated version of his script on GitHub: osxapp_vers (local cache).

/mac | Jul 01, 2016

Cloning a failing hard drive to a smaller drive #

Faced with a rapidly-worsening hard drive (and after backing up critical data), I hoped to clone the Windows install to a smaller drive (the only one on hand). Kanguru's Mobile Clone HD One-To-One Duplicator (KCLONE-1HD-MBC) has gotten me out of similar binds before, but cloning to smaller drives is not currently supported.

Here are the boot discs I tried in order and their results (for a similar list, see Windows won't boot (or boots only once) after SSD upgrade):
  1. Paragon Drive Copy 15 Professional - crashed
  2. Acronis True Image 2016 - crashed
  3. HDClone 6.1.5 Advanced Edition - produced a non-working clone with missing partitions
  4. Image for Windows 2.99-00 - produced a working clone!
I was happily surprised astounded that my version 2 license from 2008 was still valid for the current version (2.99-00), which was released as recently as February 25, 2016. Many thanks to TeraByte for a great product and the super-long term support!

/windows | Jun 16, 2016

Check Windows for spurious certs #

In light of malware and OEM CA shenanigans ("Who’s your Verisign?" - Malware faking digital signatures, Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish), be sure to check certificates regularly, especially immediately following acquisition or malware cleanup.

While you could comb through Certificate Manager (certmgr.msc), Sigcheck from Sysinternals speeds things up considerably. The following example is from a system with Superfish and Fiddler certs installed: 
C:\>sigcheck.exe -tuv *

Sigcheck v2.51 - File version and signature viewer
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Listing valid certificates not rooted to the Microsoft Certificate Trust List:

User\MY:
   DO_NOT_TRUST_FiddlerRoot
        Cert Status:    Valid
        Valid Usage:    Server Auth
        Cert Issuer:    DO_NOT_TRUST_FiddlerRoot
        Serial Number:  99 77 7A 3E 64 63 19 9C 4D 6D 66 75 10 EF 0E B6
        Thumbprint:     31745D49A0C3386A1387A755217FD5C9701A9607
        Algorithm:      sha256RSA
        Valid from:     12:00 AM 6/14/2015
        Valid to:       11:59 PM 6/13/2026
User\Root:
   DO_NOT_TRUST_FiddlerRoot
        Cert Status:    Valid
        Valid Usage:    Server Auth
        Cert Issuer:    DO_NOT_TRUST_FiddlerRoot
        Serial Number:  99 77 7A 3E 64 63 19 9C 4D 6D 66 75 10 EF 0E B6
        Thumbprint:     31745D49A0C3386A1387A755217FD5C9701A9607
        Algorithm:      sha256RSA
        Valid from:     12:00 AM 6/14/2015
        Valid to:       11:59 PM 6/13/2026
   Superfish, Inc.
        Cert Status:    Valid
        Valid Usage:    All
        Cert Issuer:    Superfish, Inc.
        Serial Number:  00 D2 FC 13 87 A9 44 DC E7
        Thumbprint:     C864484869D41D2B0D32319C5A62F9315AAF2CBD
        Algorithm:      sha1RSA
        Valid from:     6:25 AM 5/12/2014
        Valid to:       6:25 AM 5/7/2034
   DO_NOT_TRUST_FiddlerRoot
        Cert Status:    Valid
        Valid Usage:    Server Auth
        Cert Issuer:    DO_NOT_TRUST_FiddlerRoot
        Serial Number:  99 77 7A 3E 64 63 19 9C 4D 6D 66 75 10 EF 0E B6
        Thumbprint:     31745D49A0C3386A1387A755217FD5C9701A9607
        Algorithm:      sha256RSA
        Valid from:     12:00 AM 6/14/2015
        Valid to:       11:59 PM 6/13/2026
From the documentation: 
 -t[u][v] Dump contents of specified certificate store ('*' for all stores).
          Specify -tu to query the user store (machine store is the default).
          Append '-v' to have Sigcheck download the trusted Microsoft
          root certificate list and only output valid certificates not rooted to
          a certificate on that list. If the site is not accessible,
          authrootstl.cab or authroot.stl in the current directory are
          used instead, if present.

/windows | Jun 14, 2016

Sufficient unto the day are the puzzles thereof #

/misc | Jun 14, 2016

Cross-platform CPU stress testing #

Prime95 is an open source program created by the GIMPS (Great Internet Mersenne Prime Search) project to find Mersenne prime numbers. It's also swell for stress testing CPUs:
"Prime95 has been a popular choice for stress / torture testing a CPU since it's introduction, especially with overclockers and system builders. Since the software makes heavy use of the processor's integer and floating point instructions, it feeds the processor a consistent and verifiable workload to test the stability of the CPU and the L1/L2/L3 processor cache. Additionally, it uses all of the cores of a multi-CPU / multi-core system to ensure a high-load stress test environment.

...

The Prime95 Wikipedia page has an excellent overview on using Prime95 to test your system and ensure it is working properly. The tips presented there should be helpful regarding how long to run the torture test and provide a solid guideline on how long to run the Prime95 stress test.

Performing a stress test is simple:
  1. Download the software and unzip the files to your desired location.
  2. Run the Prime95 executable and select "Just Stress Testing" when asked.
  3. The default options are sufficient to do a well balanced stress test on the system."
Source and binaries available for FreeBSD, Linux, OS X, and Windows 95-10.

/misc | Jun 14, 2016

Block a specific program from accessing the Internet #

  1. Open Windows Firewall with Advanced Security (wf.msc)
  2. Click "Outbound Rules"
  3. Click "New Rule…​"
  4. Click "Program" > "Next"
  5. Click "This program path" > "Browse" > select program to block > "Next"
  6. Click "Block the connection" > "Next"
  7. Leave Domain, Private, and Public checked > "Next"
  8. Type desired name for rule and click "Finish"
If that seems too tedious, check out OneClickFirewall. It adds a context menu item to "Block Internet Access" and another to "Restore Internet Access", leveraging outbound rules in Windows Firewall with Advanced Security.

UPDATE:

/windows | Jun 04, 2016

Tiny Unix Tools for Windows #

These tools have been littered around the blog for years; this is an attempt to put them all in one place. In order of appearance:

UPDATE:

/windows | Jun 04, 2016

Like having your very own Mangajin editor #

Back in the 90s, Mangajin revolutionized Japanese language studies by meticulously explaining comics, offering the original Japanese (kanji, hiragana, katakana), romanized Japanese, literal English meaning, idiomatic English meaning, politeness level (PL1-PL4), and loads of other details missing from textbooks:

Mangajin

(Some might argue that the co-worker's response should be labeled PL3 instead of PL2, since he uses 「でしょ」 instead of 「だろ」 or 「だろう」)

Long out of print, digitized archives of all 70 issues float around the Internet; one kind soul has been hosting the first 30 issues for ages.

However, these days, you can turn almost any Japanese source image into a Mangajin-like smorgasbord of information thanks to two open source, portable apps from Christopher Brochtrup:

Capture2Text "enables users to quickly OCR a portion of the screen using a keyboard shortcut. The resulting text will be saved to the clipboard by default. Supports 90+ languages including Chinese, English, French, German, Japanese, and Spanish. Portable and does not require installation. See http://capture2text.sourceforge.net for details."

capture2text

JGlossator "can create a gloss for Japanese text complete with de-inflected expressions, readings, audio pronunciation, example sentences, pitch accent, word frequency, kanji information, and grammar analysis. See http://jglossator.sourceforge.net/ for more information and screenshots. Inspired by Translation Aggregator, but aimed primarily at people learning Japanese."

jglossator

The two work seamlessly together; here is a video of them in action.

Update

See also Python-based manga-ocr:

Optical character recognition for Japanese text, with the main focus being Japanese manga. It uses a custom end-to-end model built with Transformers' Vision Encoder Decoder framework.

Manga OCR can be used as a general purpose printed Japanese OCR, but its main goal was to provide a high quality text recognition, robust against various scenarios specific to manga:

Unlike many OCR models, Manga OCR supports recognizing multi-line text in a single forward pass, so that text bubbles found in manga can be processed at once, without splitting them into lines.

/windows | May 28, 2016

Slipstreaming the Windows 7 SP1 convenience rollup #

This guide ended up being a little long for a blog post, so I've added it to the document vault: Slipstream Windows 7 SP1 convenience rollup into a universal x86/x64 installer

/windows | May 21, 2016

Synchronize, backup, or copy files and folders #

with SyncFolders. Features include: versioning (including auto cleanup of old versions), filtering, previewing, scheduling (via Windows' Task Scheduler), verifying (via CRC32, MD5, or SHA-1 hash), launching via command line, support for long file names and UNC paths, and more. Does not natively support VSS, but can be paired with ShadowSpawn to copy in-use files after configuring and saving job rules in the GUI; e.g.,

shadowspawn.exe C:\Users\foo Q: "C:\Program Files\SyncFolders\SyncFolders.exe" /background /synchronize C:\Users\foo\Documents\backup.rls /log:C:\logs\backuplog.txt

which:

  1. Runs ShadowSpawn.
  2. Mounts shadowed version of C:\Users\foo to Q:.
  3. Runs SyncFolders
  4. in the background,
  5. executing (rather than previewing)
  6. the backup.rls rule file,
  7. and logging results to backuplog.txt.

(To prevent "You do not have write access to folder Q:." when using this procedure, uncheck "Use local database to track file changes" in the Advanced tab for the rule.)

SyncFolders is unrestricted freeware and requires the .NET Framework.

/windows | May 17, 2016

Virtual electronics education kit #

Poking around for something like a virtualized Elenco EP130 130-in-1 Electronics Playground ("Learn basic principles of electricity, electronics, physics and magnetism!"):

Elenco_130-in-1-small

I stumbled onto Winston Wolff's Electropocalypse for iOS, OS X, and Windows:

electropocalypse-small.

He credits The Incredible Machine and Rocky's Boots as inspirations, but far surpasses them for learning about electricity, covering "switches, current and voltage, resistors, using voltmeters and ammeters, series vs. parallel circuits, polarity, and Ohms law."

The only downside is that an Internet connection is required, since the circuit analyzer (SPICE) is hosted online instead of being embedded in the game.

I asked Winston via email what would happen if Electropocalypse was abandoned; he kindly replied that the game would probably be open sourced at that point.

After completing Electropocalypse, check out 5Spice for Windows (free for non-commercial use) or MacSpice (free) for OS X.

/misc | May 16, 2016

Yandex suddenly the default search engine in Safari on Mac OS X #

While browsing in Safari with 30-40 tabs open, I opened a new tab and performed a search. Instead of receiving Google results, I landed on a Russian Yandex page.

After switching the default search engine back to Google and performing the obligatory malware scan, Safari reset, etc, a quick search turned up Yandex becomes Safari search option in Russia, Ukraine and Turkey, which seemingly pointed to a DNS or language issue, as I was not located in or near those countries.

Switching between several trusted DNS servers did not remove the Yandex search engine option, but removing the Unicode Hex Input from System Preferences > Keyboard > Input Sources did. 📺

/mac | Apr 27, 2016

Microsoft Error Reporting for Mac 2.2.9 Update #

The past few days, the following error has appeared when attempting to update new installs of Microsoft Office 2011 and 2016 for Mac:
An unexpected error occurred.
These applications were not updated:
Microsoft Error Reporting
All other updates would install, but "Microsoft Error Reporting for Mac 2.2.9 Update" remained.

MacUpdate's listing pointed to MERP_229.dmg hosted on Microsoft.com, but the resulting dmg file turned out to be simply an HTML file containing a 404 message. The original Microsoft Error Reporting for Mac 2.2.9 Update webpage at Microsoft had also vanished; Google has a cached copy.

Happily, I stumbled onto TJ Luoma's large repository of Mac apps, including the missing MERP_229.dmg. Installing it resolved the update error. Thank you TJ!

/mac | Apr 24, 2016

Change msconfig boot options from command prompt via boot disc #

During a malware cleanup, msconfig was used to change the boot method to Safe Mode with Networking (msconfig > Boot > Boot options > check Safe boot > check Network). On reboot, Windows would not load. Reverting the changes and returning to Normal Mode was done like so:

  1. Boot from Windows install disc and open command prompt (Shift+F10)

  2. Check the current boot mode:

    X:\>bcdedit
    ...
    Windows Boot Loader
    -------------------
    identifier {default}
    ...
    nx OptIn
    safeboot Network

  3. Remove the Safe Mode with Networking option:

    X:\>bcdedit /deletevalue {default} safeboot
    The operation completed successfully.

  4. Check boot mode again:

    X:\>bcdedit
    ...
    Windows Boot Loader
    -------------------
    identifier {default}
    ...
    nx OptIn

BCDEdit can be used on offline drives via the "store" command (the help documentation oddly refers to it as a command instead of a flag or switch), e.g., bcdedit /store E:\Boot\BCD /deletevalue {default} safeboot. (Found this handy for editing BCD on a DiskCryptor-encrypted drive mounted inside of a Windows PE session.)

Sources:

/windows | Apr 17, 2016

A better Problem Steps Recorder #

Windows' Problem Steps Recorder makes it easy to create step-by-step screenshots for troubleshooting, documentation, etc. However, annotation and output options are severely limited (see UPDATE 2 below).

Searching for a Windows program similar to MacSnapper1 or Explainer2, I stumbled upon Wink, a freeware, cross-platform screen capture tool that allows you to "[C]apture screenshots, add explanations boxes, buttons, titles, etc and generate a highly effective tutorial for your users." Additional features include audio recording, importing BMP/JPG/PNG/TIFF/GIF files, and exporting to PDF, PostScript, HTML, Flash, EXE, and the aforementioned image formats.

1 "Create lesson webpages and PDFs from snapshots and images"
2 "A screenshot app for those of us who explain 'computer stuff' to other people"

UPDATE 1: A few more macOS step recorder apps for creating manuals, documentation, guides, etc.:

UPDATE 2: On a recent documentation projection, I discovered that Microsoft Word can edit and export Problem Steps Recorder-generated MHT files quite robustly. Besides editing text, annotations like rectangles, arrows, callouts, and freehand drawings can be added to images (along with optional effects like transparency, shadows, etc) via Insert → Shapes. If you need still more, images can be exported via "Save as Picture...", edited/annotated in FastStone Capture or similar, then reimported via "Change Picture" → "From a File..." (the context menu's "Edit Picture" command apparently hasn't worked for ages on bitmap images).

/windows | Apr 14, 2016

Paragon's rich collection of freeware #

Paragon Software Group has a surprisingly large collection of powerful freeware offerings. Here is, to my mind, a better organized catalog:

Windows

Windows XP

Mac

Linux

Android

/misc | Apr 11, 2016

Windows Update stuck "Checking for updates..." / Error 0x80070005 #

TL;DR: WSUS Offline Update solved the problem*.

Windows Update was stuck overnight "Checking for updates..." on a virtually brand new, clean Windows 7 install. Tried the following:

  1. Reset Windows Update Agent - "This Script allow reset the Windows Update Agent resolving issues with Windows Update." Runs under XP - 10. Last updated Feb 29, 2016. Did not resolve issue.
  2. Fix Microsoft Windows Update Issues - "This troubleshooter will detect and solve Windows update issues automatically." Did not resolve issue, but reported an unresolved "error 0x80070005".
  3. Error 0x80070005 in Windows Update when you try to install updates - Uses a batch script and SubInACL to repair file and registry permissions. More information. Did not resolve issue.
  4. 0x80070005 – Fix for Windows - Several suggestions, none of which resolved the issue.
  5. Repair or reinstall Windows Update - Massive collection of potential fixes, including WSUS Offline Update, which resolved the issue and fixed Windows Update.

Wish I had found this first - exact same issue and resolution: Windows 7: How I Solved the Infinite 'Checking for Updates' Hell.... More suggestions: Windows 7 SP1 Windows Update stuck checking for updates.

* If WSUS Offline Update gets stuck at Listing ids of missing updates (please be patient, this will take a while)..., open a second elevated command prompt and run net stop wuauserv.

UPDATE: Here is another protocol reported by good1dave to work reliably as of January 2017:

  1. Set Windows Update to "Never check for updates (not recommended)" then restart
  2. Install KB3020369 then restart
  3. Install KB3125574 then restart (If using an image from around May 2016 or later for the install, you may skip KB3125574.)
  4. Install KB3138612 then restart
  5. Install KB3145739 then restart
  6. Install the latest cumulative monthly rollup (e.g., January 2017 (KB3212646)) then restart
  7. Optionally, run WSUS Offline Updater until no new updates are found.
  8. Check for updates through Windows Update normally

Don't forget to reenable automatic Windows Update checks.

/windows | Apr 06, 2016

A lickable Linux distro #

Apricity OS is an Arch-based Linux distribution with a simple, beautiful, and consistent UI:

Apricity OS

According to the developers, "Apricity OS idles at around 500 megabytes of memory usage, as opposed to other popular operating systems that idle at up to several gigabytes. This also helps bring boot times down to just a few seconds." I found it fast and responsive running in a VM with just 2GB of RAM. Love the little coffee cup icon in the menu bar which functions much like OS X's caffeinate, though it has the added benefit of disabling the screensaver as well.

(via Hacker News)

/nix | Apr 03, 2016

Restoring Windows 7 Dell Factory Image After Windows 10 Upgrade #

Restoring a Dell factory image is usually performed by pressing F8 during boot to open the Advanced Boot Options menu and then navigating to "Repair Your Computer" > "Dell Factory Image Restore".

Upgrading to Windows 10 breaks this functionality. Here is an alternate method for restoring the factory image; unlike the usual method, a current Windows username and password is not required:
  1. Backup, backup, backup! This process will erase the entire contents of the OS partition.
  2. Boot from Windows 7 DVD
  3. Press Shift+F10 at language selection screen to launch cmd.exe
  4. Check drive letter assignments carefully; they may well differ from the ones shown here (in my case, the RECOVERY partition was assigned C: while the OS partition (which is assigned C: when booted normally) was assigned D:)
  5. Copy imagex.exe (or imagex64.exe for 64-bit boot discs) to the RECOVERY partition (C: in this example)
  6. Check the factory image:
    C:\>imagex.exe /dir C:\Dell\Image\Factory.wim 1
  7. Format the OS partition
  8. Restore the factory image to the OS partition:
    C:\>imagex.exe /apply C:\Dell\Image\Factory.wim 1 D:
Notes & Updates References

/windows | Mar 30, 2016

Extracting interesting data from disks and disk images #

bulk_extractor is a beautifully-documented forensic tool for extracting all sorts of potentially useful information. From the user manual:
"bulk_extractor is a program that extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence media. It is a useful forensic investigation tool for many tasks such as malware and intrusion investigations, identity investigations and cyber investigations, as well as analyzing imagery and password cracking. The program provides several unusual capabilities including: bulk_extractor operates on disk images, files or a directory of files and extracts useful information without parsing the file system or file system structures. The input is split into pages and processed by one or more scanners. The results are stored in feature files that can be easily inspected, parsed, or processed with other automated tools. bulk_extractor also creates histograms of features that it finds. This is useful because features such as email addresses and internet search terms that are more common tend to be important."

Via Top 20 Free Digital Forensic Investigation Tools for SysAdmins, which offers this handy tip: "You will also see a decimal value in the first column of the text file that, when converted to hex, can be used as the pointer on disk where the entry was found (i.e. if you were analyzing the disk manually using a hex editor for example, you would jump to this hexadecimal value to view the data)."

/misc | Feb 29, 2016

Random harvest #

/misc | Feb 26, 2016

Subscribe or visit the archives.