Search This Blog

Wednesday, December 20, 2017

how: make vmware virtual machine change boot order by editing the vmx file

Found myself struggling with a testing vmware virtual machine I wanted to re-setup by reinstalling. The machine ignored my gui-directed efforts telling it to take an iso file using the cdrom....

As I got tired, I searched the net for .vmx solutions to change the boot order, and discovered that all one needs to do is:
1)  edit the .vmx file
2) add at the beginning of the .vmx file the lines:
bios.bootOrder = "cdrom,hdd"

and when the machine is started, it will boot immediately using the cdrom...

p.s
1) as always, when toying with the .vmx file, just like any other important configuration file, it is highly recommended to back it up before changing it.
 2) remember to shutdown the machine before editing the .vmx file...



Wednesday, November 29, 2017

dual boot and clock changes between linux and windows

Found myself, once more, entangled in this different view of time between Linux and Windows. Linux uses UTC (Coordinated Universal Time, formerly Greenwich Mean Time), Windows uses Local Time, both have a long history with this stance, and arguably good reasons. However you view this, it seems that arguments are futile. Instead, Let's talk about what can you do to stop your clock changing because of a reboot.

ghacks.net has a complete solution - either to configure your Linux to use Local Time or to configure Windows to use Universal Time.  It would appear that the Linux solution is slightly less complicated whereas in the Windows solution you get the additional chore of having to watch time synchronisation for the O/S yourself (as you have to turn the w32time service off, lets it would reverse your changes....)

And yet, I decided to go for this solution. Not because it is smarter. But because seeing that in the near future I'd be using more of Windows as host with plenty of Linux guests, and this solution has the minimal work required:
1) Open Regedit as administrator
2) go to the registry key  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation :








3) Create a registry value with the name RealTimeIsUniversal, as dword, with the value of 1.
(right mouse button, new, and dword value, as shown in attached screen snap)

4) open cmd as administrator and run the following command:
sc config w32time start= disabled
That is all there is to it. Now, if you clock isn't set, set it. 

related:
if you prefer to change Linux's configuration, on any modern systemD Linux, execute:
sudo timedatectl set-local-rtc 1

Tuesday, October 24, 2017

How to tell if my ubuntu is protected against the KRACK attack ?

How can one make sure that one's ubuntu is protected against the infamous KRACK attack, that newly discovered WPA2 security flaw ? 

Well, according to USN-3455-1, the updates are available. All One needs to do is "After a standard system update you need to reboot your computer to make all the necessary changes."

And how can one be sure that everything is ok ?
After the: sudo apt-get update && sudo apt-get upgrade
and the following reboot-
1)check your version by cat /etc/lsb-release
2)check your installation history of wpasupplicant and hostapd  by-
sudo apt-get changelog wpasupplicant
sudo apt-get changelog hostapd

3) and if you are hysterical enough, verify the currently installed versions of hostapd and wpasupplicant by:
sudo apt-cache policy hostapd
sudo apt-cache policy wpasupplicant

(The USN details the relevant package version you wish to see at this stage). 

Further reading

Monday, October 2, 2017

איך להגדיל את גודל המקשים של מקלדת גוגל בסמארטפון אנדרואיד ?

אחרי תקופה יחסית ארוכה של חיים שלווים עם פלאפון פשוט, הוא אותת על כוונתו ללכת בדרך כל בשר וכל מכשיר  אלקטרוני  והביאני לרכוש סמארטפון של אמצע-הדרך, מאלה שמגלמים, לעניות דעתי, יחס עלות/תועלת ראוי מספיק.

למרבה הצער, השבועות הראשונים עם המכשיר החדש הם שילוב מעניין של תענוג וייסורים, ואחת ההסתגלויות הקשות יותר היא למקלדת של מסך המגע. מצאתי עצמי, בעקבות עוד הקלדה מייסרת רצופה תקלדות שואל את עצמי האם אין אפשרות להגדיל את המקשים במקלדת המסך הוירטואלית ?

התשובה היא - כמובן שכן. איך ?

לוחצים לחיצה ממושכת על הכפתור של הסמיילי -
תמונה של מקלדת מגע וירטואלית כשהאייקון של הסמיילי מוקף בעיגול


ובוחרים מבין האייקונים שמופיעים ומרחפים בעקבות הלחיצה את האייקון האוניברסלי של הגדרות. בעקבותיו
נפתח תפריט קטן של gboard, בו אפשר לבחור שפות או הגדרות מקלדת. הולכים על הגדרות מקלדת.
שם בוחרים העדפות.
מגלגלים מטה אל "גובה מקלדת" ושם בוחרים את הגובה הגבוה (יש מרחב אפשרויות בין נמוך, מעט נמוך, רגיל, מעט גבוה, גבוה). יוצאים לגמרי (כך שהמקלדת נסגרת) וכשפותחים שוב - המקלדת בגודל החדש.

ככה זה נראה -
תמונה של הודעת טקסט עם מקלדת פתוחה מתחתיה בה נאמר "אני חושב שזה יותר טוב אבל עדיין צריך לעקוב אחרי המצב החדש...עם זאת נדמה לי שכמות השגיאות שלי ירדה בחצי..."
וכפי שאפשר להבין מהטקסט שהקלדתי שם במהירות, ההתרשמות הראשונית שלי היתה טובה, וההתרשמות שלי אחרי התנסות נוספת היתה כל-כך טובה, עד כי בחרתי להשעות זמנית את החיפוש שלי אחרי מקלדות bluetooth ובמקום זה לבחון האם בכלל אצטרך אותן, נוכח האפשרות להקליד טקסט במהירות על מקלדת מגע וירטואלית ללא תקלדות !

אז במקום חיפוש - פוסט נלהב !



Friday, September 29, 2017

Can't logon because the logon method you are using is not allowed on this computer?

Can't logon because "the logon method you are using is not allowed on this computer" ?
(this howto is for people making first steps in windows  domain configuration)


  1. this is a result of group policies.
     when working with domain, you need to edit group policy, not local policy (if you run the editor [gpedit.msc] it won't help, cause all helpful bits would be greyed out).
    hence, do not start group policy management editor but start instead the group policy management console gpmc.msc
  2.  how to edit group policies?
       once the group policy management screen is open,   go into the relevant forest, into domain controllers, to the "default domain controllers policy",
     there choose the "settings" tab,
     there,right click the Computer Configuration\policies\ windows settings\Security Settings\Local Policies\user rights assignment
    and choose edit (if your edit is greyed out, go to item 3 in this post)
    and lo and behold - the group policy management editor (similar to the one you know from a non-domain windows) will open but with editing working properly.
    now, go to Computer Configuration\policies\ windows settings\Security Settings\Local Policies\user rights assignment
    ( make sure you are editing the right place)
    and there you need to edit two items:
    a) allow log on locally - make sure everything relevant be included (but don't be too generous. remember, this is the domain controller!)
    b) deny log on locally - make sure this one does not include the ones you wish to be able to logon locally....

    Now you need to wait. It takes about 15 minutes for changes to propagate and become active, even if we are talking about a single Domain Controller. If I learn how to initate propagationI'll update this post.
  3. why can't my user edit group policies ?!? (why is my edit greyed out?)
    if your admin user cannot edit policies  try administrator. assuming he can, it is a matter of the groups included in the delegation of the group policy management. add the relevant group or the relevant user.
    Now you need to wait about 15 minutes for propagation. 
  4. what to do if I get an internet explorer security message when I open the group policy management ?
    when you first open the group policy management, you will get a message that tells that "content within this application coming from the website listed below is being blocked by internet explorer enhanced security configuration".
    error message: "content within this application coming from the website listed below is being blocked by internet explorer enhanced security configuration"
    What to do ? Add the site to the trusted sites zone
    (logical considering that this is our own local machine, no? )
    two add and one close actions later, you will see the contents of the default domain policy. 

some shortcuts: 

  • to run the group policy management, type gpmc.msc 
  • to run the active directory users and computers, type dsa.msc    

Wednesday, September 20, 2017

a quick and dirty solution for running power shell scripts

Found myself trying to execute my first power shell script and unable to run it because of Power Shell's restrictive execution policy. Found a quick and dirty solution for running power shell scripts
which is not too horrible for develop or test environments, as long as we assume they are properly secure and are willing to ignore all the lectures regarding the need to stop the negligence in which
security is handled in development and testing environments... which I am , at 00:06 at night, wishing
to see the fruits of my labor and being quite frustrated with Microsoft's annoying approach regarding self certificates in older windows environments (I'm working on an older Power Shell version and the recommended solution for this version has been deprecated....)

So, with no further introductions, the quick and dirty solution:

1) run power shall as admin
2) see current execution policy by
    Get-ExecutionPolicy
3) enable running locally developed scripts by:
    Set-ExecutionPolicy RemoteSigned
4) remember at end of session
    Set-ExecutionPolicy Restricted
(so we'll get back to maximum security)

source:
WindowsITPro - running powershell scripts 

Tuesday, September 19, 2017

vmware cannot load vmmon on ubuntu 16 host?

As I've wrote perviously, after years living with Virtual Box,
I'm experimenting with vmware.

After a period of having a wonderfully stable network for testing and learning on my ubuntu host
all of a sudden it happened: The guest machines wouldn't start with vmware producing the dreaded error message informing that vmmon cannot be loaded.

My searchs for an answer on the internet brought me to discussions that mostly suggested -
either turning off safe boot or
reconfiguring vmware drivers (sudo vmware-modconfig --console --install-all )
(I think that this vmmon not loading thread on askubuntu sums up the common wisdom.

But safe boot was already off, because of other considerations (I verified, just to be on the safe side) and there have been no kernel updates, so  after scratching my head, i decided to try something simpler first:
1) apt-get update
2) apt-get upgrade

It seemed logical that before doing anything else, this should be performed.
And indeed -  that solved the problem.

(
p.s
why did that work ?
I have to admit, ashamed, that at the moment, I have no idea.
But sometimes, as the late Douglas Adams once wrote, if you delve
too deep seeking an answer, the question might be taken from you,
and in my case, there are other issues I wish to pursue
which interest me more...
but if I found out, I'll update this post with another p.s)


Thursday, August 31, 2017

Install a more recent wireshark version on ubuntu 16.04

The wireshark that comes with ubuntu's repositories is a little old. If you wish to get a stable version you can do the following, using wireshark's stable ppa:


  1. sudo add-apt-repository ppa:wireshark-dev/stable
  2. sudo apt-get update
  3. sudo apt-get install wireshark
    (if you wanna make sure which version will be installed, you can check using:
    sudo apt-cache policy wireshark;
    during installation, you will be asked if to enable non-root users, make the decision according to accepted practices in your organization; I prefer to enable non-root users to use wireshark for capturing network traffic and not just for analysis (when dumpcap is used for capturing ))
  4. now edit /etc/group and add your desired non-root users to the wireshark group.
    (pay attention: if you added a logged in user, he should logout and login again for this addition to take effect). 

Thursday, June 29, 2017

can you do anything to protect your home computer against ransomware threats?

Many security experts claim that the most recent security threat, the worm called "petya", already described as "the next step in ransomware evolution" could have been easily stopped.
How? by constantly applying important security patches. In this case, a patch for Microsoft Windows SMB Server (4013389) that has been published back in March 2017(!)

But what to do now ? Assuming you are a still unharmed windows user, don't wait - go to control panel/windows update and apply the recommended updates. On your day to day update routine, pay special heed to security updates and updates that are classified as important.

The second step you should take is make sure you have an AntiVirus software installed, make sure it is updated, and develop a routine of using it to scan you computer, at least on a weekly basis (preferably on a nightly basis). Some would also advise installing an anti ransomware software. I have provided a link (below, at the "useful links" section, but personally, I prefer a more general security solution.

A step that might specifically help with the "petya" threat"suggested by Israeli security expert Amit Serper, is creating an empty file with the name "perfc" without an extension, under your Windows folder (in most computers it is  located at the C:\ drive). It is important to note that this solution will most likely cease to work if and when the creators of the ransomware update it, but I guess it can't hurt for the time being.

And last two steps that will most assuredly help in keeping you out of  harm's away, if you adopt them:
1) Take care with the materials you allow into your digital world. Don't open documents, don't click links, don't install software, don't view movies, don't listen to music, don't view photos - unless you know their source and have a good reason to believe they are what they appear to be.
2) Backup everything that is important to you. I wrote about backup principles a long time ago on this blog, but the three most basic principles are: a) backup your crucial data often b) keep a relatively recent copy of your backup away. c) periodically verify that your backup is actually useful.

And may god help us all in this new age of evolutionary harmful software.

Useful links



Thursday, June 22, 2017

How to find who locks a file on Windows - and how to release it if a service is the locker

There used to be a time in which finding who locks a file on a windows system was simple. you typed "net files" (or "net file") and found the culprit. releasing the file was just as simple - "net file ID /close" would do the trick. But that , as the song says, was yesterday.  For some reason, a certain folder is locked in one of the family's computer, and net files claims no file is locked.

Searching the net, I came across this lovely thread on the superuser/stackexchange forum dealing with finding the lockers of locked files on windows, and the wonderful solution I learned about is Microsoft/Sysinternals "Process Explorer".

It is as simple as one could ask: you go to Find handle or Dll, type the path in question, and get a list of the locking programs.

But releasing the lock, at least in the case of services, is another thing. It turned out that my specific locking software was the notorious Windows Media Player Network Sharing Service (better known around the net as wmpnetwk.exe - with little enthusiasm and a lot of criticism).
Process Explorer suggests the possibility of releasing the lock himself. I tried doing that by going to the Handle menu, and there chose "close handle", confirmed killing wmpnetwk, and expected that the lock would be released - to no avail.

There was no alternative than to going to services (fastest way I know these days is to run Taskman - choose services - and press the services button), then go over the services till I reached "Windows Media Player Network Sharing Service" and stopped him. And then, finally, my locked folder was released !




Sunday, May 28, 2017

Once more, UEFI difficulties with my HP Laptop... regarding windows...

Well, sometimes life makes you go down a path you didn't think you'll visit again.
I'm supposed to start very soon a course that will deal with many intriguing issues
but will begin with aspects of Windows.... so I found myself reinstalling windows 10
on my laptop, and running to the old UEFI issues of incompatibility of my HP Pavilion 14...
Neither Windows 10 or 8.1 nor Linux mint or Fedora were able to solve the problem this time...
and thus I found myself trying again and again, using various solutions I and software tools
I found on the net... nothing worked, and frequently it seemed that a certain inconsistency
of the laptop would drive my mad - it would not able booting into anything, unless legacy mode
enabled, but when legacy mode was enabled, no solution to fix the lacking EFI data on disk worked....
at the end, I was able to boot into a USB based windows installation (made with the RUFUS tool) and use a set of commands I found on superuser.com regarding UEFI & windows booting difficulties to form my own solution for my problem:
diskpart
sel disk 0
list partition
[do what it takes to make an EFI partition. 
search "create partition efi" if you don't find it elsewhere, on the link below ] 
list volumes
select volume XX
assign letter=b:
exit
bootrec /fixboot
[ make sure to verify what goes on in your b: drive; mine was empty, and therefore did not need to backup, and could immeditely:  ]
bcdboot XX:\Windows /l en-gb /s b: /f ALL
(i think the f ALL did the trick in my case) 

reboot... and the computer is booting into windows 10... next step (which I hope will not be that horrid now),
is to make it into a dual boot machine... keeping my fingers crossed this will not turn into an all-nighter...




Wednesday, May 3, 2017

If you happen to experience an occasional performance issue on your computer ever since you've installed that android emulator...

The family salon computer was hanging. A relatively powerful windows 7 machine.
I could not access "my computer". But I had access to drives.
I checked the processes. 
A process called "HD-PLUS" something was hogging the cpu.

I tried searching the net, and hopa!
Turns out it is a process of the Bluestacks emulator

Yes.... i am one of those who have installed it. Because of the kid. He wanted to play some Android game, and it seemed logic to try and see how is life with android emulators. Bluestacks wasn't fast enough, so we moved on to NOX (which is, at least for now, as far as performance and ease of use go, amazing). But as there was no obvious reason to remove bluestacks, I left it to be. 

After all, if it isn't running, assuming the software in itself is safe, why not leave it for trials when time allows?

But there you go.
Even though it was officially not running, it was hogging the system... 
so I removed the software. and everything returned back to normal.

Conclusion: if you have a performance issue on your computer ever since you've installed that android emulator...

Wednesday, April 19, 2017

Some facebook groups administration questions

Just found myself assisting in some facebook group management issues, and as these things tend to be asked again, and I have no wish to allocate precious memory cells for such stuff, it seemed best to log it somewhere... so here are some few answers to basic how to questions:

How to send an invite to a facebook group?
The problem: In a perfect world, there would have been two options: Add and Invite. But Facebook has this annoying pattern, of providing only one option. In this context -  that of ADDING people to a group. The outcome?  Ann innocent group admin adds a Facebook friend, wishing him/her involved in this certain activity, and instead of gratitude or joy, that poor admin gets a protest - why did you add me ? I want to make up my mind alone about which group I'm member of...
The solution: Instead of using the Facebook friend name, add that person via his/hers EMAIL. Then Facebook sends them an Invite.

How to make a group member into an admin or a moderator?
Go to the members list. Near each member there is a small cog-wheel icon,  a near universal symbol, nowadays, for the settings. Click that, and one of the options is to make that member into an admin or a moderator.

What is the difference between a moderator and the admin? 
The admin can do everything about the group,the members and about the contents - the messages. The moderator can handle members and contents. On the following link, you can see a nice table Facebook prepared detailing the difference.
(some may find this intuitive, but as the person who asked obviously did not, it seems worthwhile to document)

How to delete a group ?
A group is deleted once it no longer has members. Using the members list,  use each member's setting to remove that member from the group. Once you are the last member of that group, select "Leave Group" near your name. 



BTW, according to Facebook, "Admins can't delete a group they didn't create unless the original creator chooses to leave it." Remember that if you are an admin, instead of deleting a group, you can Archive it.