Saturday, May 31, 2014

In-Security news bits

Goodness. It just doesn’t ever stop does it?

I’ve finally stripped out Shockwave from all our home systems after reading these posts.

--Claus V.

TrueCrypt: A Perspective

OK. By now everyone who cares should already be familiar with the world getting turned upside down this past week regarding TrueCrypt.

Just in case, here is a collection of the best news I can find about the situation. Read up if this is news to you, listed in semi-breaking order.

Conspiracy theories aside, it appears (most likely) that the project developers decided to throw in the towel on the project.

This is the best full-summary page I can find on the whole thing; and archive downloads of the working version.

Last good “working” (meaning encrypting supporting) version? TrueCrypt 7.1a.

That’s actually the same version I have been running on my Win 7 laptop for some time now with no issues.

My use of TrueCrypt at home isn’t to keep my system locked down from any three-letter government agencies. If some theories are true and it was compromised/backdoored, then we all have bigger issues to worry about--well we have those already. What I mean to say is my use of full-disk-encryption is to protect the system if our home is broken into and it is lost due to common theft/burglary. TrueCrypt should be able to keep our data safe and minimize the impact of the system’s loss.

As such, I’ve seen nothing to believe that I should discontinue use of TrueCrypt at home in this protection and security scenario. I will continue to do so until new data comes to light that suggests a common, non-technical thief could easily bypass TrueCrypt.

However.

If I did want/need to go to a different whole-disk encryption solution here are the options I personally would be considering.

Microsoft Bitlocker?

This is what the TrueCrypt developers tossed their fans towards, cryptically.

Only I have Windows 7 Premium that doesn’t come with our support Bitlocker. Bummer for us sheeple.

I suppose I could just go ahead and do a Windows Anytime Upgrade to Ultimate or Enterprise, right? Would cost me some money but hey…not too shabby?

Umm, it looks like now that Win 8/8.1 is out, no more Anytime Upgrades to higher Win 7 editions. That sucks.

So, I could just pony up the money for a full Win 7 update OS upgrade.

But at those price-points, I probably would be considering just purchasing a commercial ($-$$) whole disk encryption solution for less.

BIOS based or Self Encrypting Drive locking?

So, rather than using an OS-based software solution, one could switch over to using the BIOS to lock down the hard-drive access. Some BIOS systems allow setting of a hard drive access password. This is similar to, but not always the same as, a Self Encrypting Drive (SED) solution.

These might be a pretty good solution on modern hardware; but may not work if the system is kept in a hibernate/sleep mode. It’s also hard to find a lot of hardware options to retrofit a SED drive. Price and formats are very limited in my searches for one.

That said, if your system does support it, you may already be able to go to an alternative whole disk encryption/access protection without any additional expense.

Freeware Whole Disk Encryption Alternatives

CE-Infosys : FREE CompuSec PC Security Suite - This is a German freeware product. I used it along time ago in testing against Kon Boot bypass technique. It worked great, was well documented, and remains free for personal usage.  My biggest concern is that it does not seem to support use with WinPE so that if some kind of failure occurred, I could not off-line authenticate to the encrypted contents. I must do a full disk-decryption.

TrueCrypt protected drives can be off-line accessed from a WinPE environment as long as you have the TrueCrypt drivers/application available.

DiskCryptor - This application seems to have continued to mature in the shadow of TrueCrypt. It is frequently updated and does support off-line access of a encrypted volume from a WinPE environment. LiveCD - DiskCryptor wiki. Bart and Winbuilder guides are available to assist with the process.  I suspect this project will get renewed support as TrueCrypt fans shift there attention here.

FreeOTFE - I’m not familiar with this product but it did get a bit of mention in some comment sections after TrueCrypt’s stage exit.

For the Truly Paranoid

Tails - Privacy for anyone anywhere

I guess the theory would go, run Tails from a boot media (CD/DVD/USB) on your system.  Keep the HDD itself zero’ed out, or use an encrypted volume on it, and then use an encrypted USB tool as well for file-storage…or keep your required files in a cloud store…that supports encryption as well.

That’s a bit extreme to me with the other solutions…but some people in some countries may very well need that level of protection.

I’m sure we will see some alternative free/Open Source solutions for whole disk encryption come in to fill the void left by TrueCrypt…if things bear out on the current trajectory.  In the meantime, alternatives do exist…including continued use of TrueCrypt 7.1a.

Cheers.

--Claus Valca

Firefox 29 notes…better late than not at all

Firefox release version 29 is out and has been for a while.

Firefox release version 30 is coming soon.

I’ve had no issues with the transition to v29, and aside from some GUI differences, I have been able to work just fine.

Here are a series of tips and tricks -- belated -- that might help anyone still looking.

Special hat-tip over towards the Firefox Extension Guru who is always on top of the best trends and tricks with all things Mozilla.

More Firefox Stuff

Download Status Bar :: Add-ons for Firefox - I was running this before v29 and it still works great. I’d be lost without it as I am a power-downloader of all the utilities I use and keep updated.

What is Seer, and how to disable it in Firefox - Firefox Extension Guru's Blog tip to --> What is Seer, and how to disable it in Firefox via gHacks Technology News posting.

It was present but already set to “disabled” (false) on my Firefox build.

Is AdBlock Plus killing the web? Massive memory usage is dragging Firefox down - BetaNews.

Cheers.

--Claus Valca.

Lavie Struggles with Dreamweaver CS 5.5

One of Lavie’s new job duties in the land of re-employment is to maintain the website of her employer.

They use Dreamweaver CS 5.5 as their page development software.

So now that it is Lavie’s job, they had her enroll in an on-line Dreamweaver CS 5.5 continuing education class through the local community college. Great!

Only you really can’t buy Dreamweaver CS 5.5 any longer (well maybe you can but the pricing is either crazy high or questionably low) and the only installed copy was on another staff member’s system (who couldn’t leave for the few hours every few days Lavie would need to work on it) and the install disks have gone AWOL.

I was able to find a legitimate 30-day trial download for CS 5.5 available buried deep in the Adobe FTP site’s archives. That (and a VM) were able to get Lavie though the class successfully.

However, that is not a valid long-term solution. So unless the original CS 5.5 install disks turn up at her workplace allowing for the transfer of the license/software from the current worker’s system to Lavie’s, then we may have an issue.  There is no desire on anyone’s part to purchase the latest subscription based CS version model to just get Dreamweaver.

So I started looking for a Dreamweaver alternative that might closely match the foundational learning that Lavie has gone through.

I found two.

Microsoft Expression Web 4 (Free Version) - Official Microsoft Download Center - This product is 100% (just no support) and while professional web page developers have some valid points about the way it handles certain page-coding methods, as long as you know the basics of page code to clean things up to your liking, it seems to be a pretty good alternative. Lavie things the application workspace can be tweaked to appear very similar to the layout she became accustomed to in Dreamweaver.

openElement - Web Design & Authoring Software - The interface for this product is radically different from Dreamweaver and Microsoft Expression Web. However, it is being actively updated and once you get your project going, the interface becomes very navigable. Lavie actually liked the way this one seemed to operate over the more familiar Dreamweaver when she looked at it.

These other web articles provide some additional background on the above applications, as well as other alternatives that might meet other needs better.

Of course, all of these WYSWYG web page editors are no replacement for familiarity with web page code itself. There are lots of great resources to hone your skills. Here a just a few I myself find helpful.

Cheers.

--Claus Valca

Modern.IE Tester VM Update

It’s been almost a year since I posted information about the free Internet Explorer | modern.IE VMs.

I’ve found them very helpful to have around.  The latest versions are updated through April 2014 so less patching to bring up to state if you refresh them.

Anyway, here are some new observations I’ve made recently.

A new Win 8.1 version is available.

The Win 8.1 version cannot be rearmed…however it is good for the same previous timeframe (in total) as you used to get original state + 2 rearms under Win 7; 90 days. Also, it actually provides a countdown indicator on the desktop letting you know how many days are remaining…so you can plan accordingly. That is a nice touch.

They are still offering a Windows XP version; even though the mainstream OS is “retired”.

Per my previous post and other documentation on the web, (for Win 7) you would simply open a command prompt (with admin-level privileges) and then type in “slmgr –rearm”.

Only when I tried that on a system, it kept tossing errors about it not being valid.

After a lot of trial and error I had to type it in as “slmgr /rearm” and then it took with the argument variable needing a “/” rather than a “-“.

I confess I’m stumped a bit as when I tried it on a different VM from the same build set, it worked just fine with the “-“.

This Technet guide Slmgr.vbs Options for Volume Activation does show usage with a “/” so the mystery remains. So if you have trouble with the “-rearm” working, try the “/rearm” pattern instead.

Also, my earlier post mentioned that if you want to use a “custom” user account, you can. Again, you just need to disable the “auto-login” feature for the accounts. Again, I’m sure all my dear readers know how to do that but if not…Tip: Auto-Login Your Windows 7 User Account | Cool Stuff | Channel 9 except in this case after first running “control userpasswords2”, for step 4 you want to “Check the option “User must enter a user name and password to use this computer.”

One other thing I noticed is that Microsoft is using the great Sysinternals tool BgInfo to generate system information and customize the wallpaper. You can manually personalize the wallpaper setting but once you reboot it is back to BgInfo.

I thought that running “Autoruns” would point out where the call was coming from at startup so I could disable it, but alas it didn’t quickly help.

It took a bit more exploring but here is the solution if you want to easily disable that behavior…at least in the Win 7 VM.

  • Go to C: and look for the “Wallpaper” folder.
  • Open it up and then find the “autologon” batch file.
  • Right click and select “Edit”.
  • You should see a single line there.
  • Add “REM: ” to the front of the existing line. That will keep it from executing when the batch file is called.
  • Save the file.
  • Now any custom wallpaper settings you make will be kept…at least until you have to rearm the temporary activation period. In that case you will get a black wallpaper, but you won’t have to redo the steps above again…just reset your wallpaper personalization settings.

If you really want to know where the actual “autorun” file call to the c:\wallpaper\autologon.bat file is coming from at boot, here you go.

It is in the Registry under the following location:

“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logon\0\0”

Look for a key in that location called “Script” that has a value of “C:\Wallpaper\autologon.bat”

I suppose you could remove the string value as well in this Registry location as an alternative solution…REM’ing out the BAT file line seemed less dramatic and worked so I just went that solution.

Cheers!

--Claus Valca

Notes on EasyWorship and a Blue Yeti

Disclaimer: Please be aware that a Yeti has not been spotted in our church house. Nor does using EasyWorship presentation software in any way guarantee that you might attract a Yeti to your services.

This post is more of a collection of miscellaneous tips and paths traveled recently…for future reference.

We have been having sundry issues from time to time while playing video files through the Windows PC rig we use for media presentation in our church sanctuary.  Some of the issues involve

  • Frame-rate playback issues,
  • Frame dropout,
  • Loss of synchronization between video stream and audio track,
  • BSOD’s

We are using a pretty new Dell enterprise-class tower workstation (Dell Precision T1500) with an Intel i7 processor, 16 GB Crucial RAM (up from 4 GB), two video cards (Matrox M9120 PCIe x16 & Nvidea Quadro NVS 295 PCIe x1). The two cards allow us to drive a total of 4 video outputs (3 for monitors on the desk + 1 output to our video mixing board for projection of content to the (mirrored) video projectors behind the worship platform.  We are using the stock sound card and that gets sent into our sound mixing board. It is running Window7 Professional x64 bit. It is on a Microsoft domain.

We run EasyWorship 2009 presentation software.

We also concurrently use it to run Lightworks software with DMX controls via USB dongle to handle our lighting system.

Overall it has operated very smoothly and is pretty reliable and beefy. However, I have a few unresolved issues with the system I continue to explore and troubleshoot.

  • Despite all my best attempts (so far) I have been unable to get Internet Explorer upgraded to IE 11. It remains on IE 8.  For some reason it continues to fail with a “prerequisite” missing error. I’ve got all kinds of logs so lots to process though.
  • Random BSOD’s happen. I’ve not pulled the logs yet to do an analysis--probably a driver issue.
  • The video cards are a bit loose in their slots--extra weight from the attached cables--we’ve popped a card out of slot seating while running (not recommended!) by bumping the cables. Luckily no harm done.
  • Videos coded at a HiDef quality seem to cause the most issue with playback…so I often have to recode to standard def video quality. That seems to help a lot.
  • I don’t really like have two “mis-matched” video cards in the system…that’s a whole lot more video drivers to deal with. I’m on the lookout for a decent PCIe x16 quad-ouput card that can handle the thing. So far the best I’ve found is the Nvidea Quadro NVS 420.

Tip #1 - No sound when playing video files through EasyWorship.

A few Sunday’s ago, it was my “off” day and my counterpart was running the system for the service.  While getting things put into the system, they encountered an issue playing back video media though Easy Worship.

Video would play just fine, but no audio.  They tried at least two codec formats for the video file but nothing.

So they called me.

I was able to remote-attach to the system and begin troubleshooting.

EasyWorship would take (import) the files but no audio playback.

EasyWorship is a bit limited, out of the box, with supported video codec formats so I used some of the video recoding software I have on it to generate new versions. The issue remained the same if it was coded in WMV, MOV, MP4, etc. Video playback was fine. No audio.

Why was I focusing on EasyWorship as the issue? Well, because for a counterpoint test, I would replay the videos through VideoLAN on the system and the sound would play fine along with the video.

We had been troubleshooting for over an hour at this point and time was running out before the services were to kick off.

I started checking the EasyWorship forum and found the solution just like that. Doh!

EasyWorship Support Forum • View topic - No Audio

Yep. Seems “someone” had enabled the Mute button on the live playback window, causing the video to play but no audio output.

Simply clicking that icon enabled the audio again and all was well.  See below.

Mute “Activated” - You will get no audio output on Live display although video will play.

nhyj52kh.0vx

Mute “Off” - You will now get audio output on Live display along with video playback.

hdv3s4em.qak

Tip #2 - Not Enough Video Codec options in stock EasyWorship.

By default, EasyWorship 2009 supports only MPG1 and WMV video formats.

That generally should be “good enough” and most media houses (such as The Skit Guys) offer product download in WMV format.

However, sometimes you may want a bit more flexibility and don’t want to jump though the hoops of converting your other video file format into WMV. Or maybe you want to convert the video into another format for better video playback rendering on your own rig limitations.

Luckily, it is pretty easy to follow this official EasyWorship KB guide to get the K-Lite Codec pack loaded into EasyWorship.

That will allow you to play back MOV, MP4 and FLV files natively in EasyWorship.

It was a piece of cake to do…but please do read the instructions carefully as they do require some semi-technical tweaking for best performance.

K-Lite Codec Pack: Play MOV, MP4 and FLV Files In EasyWorship

Also, you will have to select “All Files (*.*)” from Windows Explorer filter selection at the bottom to see them as the default way file-open works in EasyWorship, it will “hide” them from your media library.

I followed these instructions quite a while ago and haven’t encountered any issues or playback problems (besides those already present that is).

Tip #3 - New EasyWorship version in works.

The EasyWorship team has a forum thread open with periodic news updates on a new version to be released in the near future.

EasyWorship Support Forum • View topic - New Version Weekly Update - EasyWorship 2013 news

EasyWorship Church Presentation Software / Whats-next - A few videos on the new EasyWorship 2013 product. Looks interesting. Especially support for layers with slide backgrounds.

Now about that Yeti

I’m asked periodically to do special audio recordings for the various church members,

I’ve been progressively capturing the sound “better” into my laptop using different microphones.

The first was a Logitech USB headphone set with microphone. That was pretty good but sound quality was pretty “hot” and the foam wind-cover left a lot to be desired.

From there I updated to a stick-style Logitech USB desktop microphone. It was much better quality and allowed me more control to deal with “breathiness” sounds.

However, none of these had the depth of quality that I was looking for. And since I have enough requests for help, I decided to jump into the semi-pro quality of microphones.

So two weeks ago I purchased a Blue Microphones | Yeti (black housing)

Price was in the $100 range. I’ve been watching tons of YouTube videos and online reviews and was very confident it would provide the quality of pickup that I was looking for.

I’m not disappointed!

Random thoughts & observations:

  • It is really heavy!
  • I liked the black body housing style better than the silver or platinum options…that’s just me.
  • It has a threaded stand mount so I could use it with the various mic stands we have for better positioning.
  • It has four different mic pickup patterns.
  • It is super big.
  • Playing around quality demonstrates it is way above the “toy” mics I had been using.
  • No “custom” drivers exist for it, Windows 7 eventually found and installed them…though it took longer than expected.
  • The device icon Windows used didn’t help me identify it from others on my system. However I was able to find a stand microphone device icon (ICO) on the Web that I liked better and swap it out.

fwsbpbwe.bz5

Next I need to see if I can get it working with my iPad (Gen4) and GarageBand for times I don’t want to haul my laptop out.

From what I have seen in Web reviews and YouTube videos, it does work just fine, although it seems a powered USB hub is the trick.

You will also need to find a USB-to-Lightning adapter.

There are even “teases” on the Web that indicate if you connect it a particular way and while the iPad is still powered off, you can sometimes get it to connect even without a powered USB hub.

I’ll let you know what I eventually am able to accomplish. And please, if you have any tips or feedback regarding EasyWorship or the Blue Yeti mic, I’d love to hear from you in the comments.

Cheers!

--Claus V.