Sunday, June 17, 2012

Father’s Day Linkage - Tie Down Edition

cc image credit image by Fernando de Sousa on flickr

hu5lzpuq.q0o

Happy Father’s Day!

Here is a real varied collection of links. Enjoy!

Security Solids

Firefox Paisleys

In my last GSD post, I touched a bit on some issues I was having with Firefox 13 and Flash.  My issues may or may not have been related to these, however there are some serious headaches for Firefox 13 and Flash users.

Sysadmin Stripes

  • Malware Hunting with the Sysinternals Tools -  TechEd North America 2012 \ Channel 9 - A new presentation video from Mark Russinovich on using Sysinternals Tools to do some malware thumpin! Watch streaming or pick from one of two formats for direct downloading and viewing later. This presentation includes real-case reviews as well as a live analysis of a Stuxnet infection. Sweet!
  • Windows Exploratory Surgery with Process Hacker - SANS Windows Security Blog - Jason Fossen shares PDF version of his presentation primarily using the freeware tool "Process Hacker”.  It is a really great review of the different angles one can take with a limited tool-set.

    That got me thinking a bit. Process Hacker has matured quite a lot since I last downloaded a copy and the new one certainly has more polish on it. I went through my utility pile and offer below some other great freeware utility process-monitoring tools you may be interested in visiting again.
    • Process Explorer - Sysinternals - One ring to rule them all. Still the very first utility I place on my Windows systems and swap out the default Task-Manager with. It continues to be upgraded so if you haven’t got the latest version for a while, you are missing out!
    • System Explorer - This one also has grown up quite a bit from my last download a few years ago. I like the tabbed interface. The “Performance View” tab is very neat. Process Explorer’s graphs are still a bit more detailed looking but it doesn’t provide an all-in-one dashboard view like System Explorer offers.

      rr3vncbu.y40
    • Daphne - Not as GUI pretty as the others, but what it lacks in pretty it more than makes up in back-to-basics tightness.
    • Process Viewer for Windows - This project hasn’t been updated in a while but again, the “latest” update was still fresher than the one I’ve been carrying around for quite a while. This one is a bit more feature basic. If you aren’t ready for the power of some of these other process utility tools, but need more detail than the default Windows Task Manager (at least in XP) then this may be a friendly choice.
    • ProcessActivityView and  ProcessThreadsView - These two application from NirSoft compliment each other nicely.
    • NoVirusThanks EXE Radar Pro - Provides process monitoring and alerting as well as to kill processes on demand.
    • ESET SysInspector - This is a complex, single-file-executable. It provides detailed information on running processes as well heuristics reporting on items found. I find it particularly helpful in assessing a system. It may not tell me exactly what is going on, but it often will help be refine my focus a bit.
  • WHITEPAPER: Windows PowerShell 3.0 and Server Manager Quick Reference Guides - Kurt Shintaku's Blog

I learned this week about a “honeypot” project that attempts to capture USB-seeking virus/malware by creating a virtual USB-drive honeypot. This is a cool project and I hope it continues to see success in development.

More interesting tips for admins…

Network Knitted

  • ARP Scans - A Ping Alternative - LoveMyTool blog video presentation by Tony Fortunato.What’s really going on the wire with Colasoft MAC Scanner Free.
  • Script to resolve hostnames to IP address - Computer Security Forum. Recently I was presented with a massive list of Hostnames for PC’s on our network. The assignment was quite simple, provide the associated IP addresses.  No problem, I could manually ping each one by hostname, copy the result (if alive) and paste into my spreadsheet. Well, no. I wanted to go home to my family that night. Instead I found and ran this nice simple script against a cleaned up text-file of the Hostnames. My success ratio for IP grabs was over 90%. The other 10% required some manual followup (systems turned off, shelved, etc.) but it made quick work. I wasn’t able to find a good free GUI-based alternative, but this did the job wonderfully.
  • Extracting DNS queries - NETRESEC Blog - Either by Tshark or NetworkMiner.

Utility Dotted

Foresensically Checked

Cheers!

--Claus V.

Friday, June 15, 2012

RSS Feed Reader Upgrade - Hope through the storm (+more)

Over the last few weeks a perfect storm apparently conspired to take out productivity on my personal laptop.

First, I had woken up on a Saturday morning to find my smokin-hot laptop “Tatiana” would no longer boot. Four beeps of death and no BIOS boot screen. Coupled with that was a failing internet connection. Oh yeah, the cable-DVR box refused to output video signal.

Bad Things™ were afoot! Bad, man.

Between sporadic and brief periods of Nettage I was able to manage a download of Dell’s Studio 1558 Support doc with beep codes. Four beeps = RAM read/write failure. I breathed better after I had tried pulling out the two (new) Crucial 4GB Dimm sticks (total 8 GB RAM) and dropped back in the x2 2 GB OEM (Kingston) RAM that shipped with the system and it booted up normally again. Based on a super-kind investment from little-bro after I walked him through some dicey system issues a while back, I had upgraded Tatiana’s memory with two sweet 4 GB sticks of RAM from Crucial. With 8 GB on board, the system chews up the VM’s I’m running.

Through trial and error I was eventually able to locate which of the two Crucial sticks went bad. I left the good 4 GB Dimm stick in and supplemented it with a 2 GB Kingston stick to limp by with 6 GB.

Good news is that the Crucial gang have a generous warranty policy on their RAM and a week after I went through the RMA process, the replacement Dimm arrived today and is waiting installation. Yea Crucial! The entire process was a piece of cake and communications to me by Crucial were spot on! Customer service done right and one reason I return to them time-after-time for my RAM upgrades.

The spotty Intertubes issue was another thing. Due credit to my ISP help desk, they never gave me a hassle during the troubleshooting process (do you have lights on your modem?) and let me jump right to the gist when I identified myself as network dude (sure, let me do a signal test like you suggest and BTW here’s the packet data results we are seeing…). The first time I called they couldn’t test down to the router as their entire system was down also (bummer). The second time they reported lots of packet loss and sent an updated config file to it. That helped a bit, for a day. Then back to spotty connectivity. I had already done extensive troubleshooting on the Cat-6 hard-wiring between the cable modem and my WiFi modem; it was fine as was my WiFi modem connection itself. Another call, another confirmation of packet issues, another day of a working network before regular outages began. “Sir, do you have splitter in the modem’s line?” “Yes, your last tech put it there himself. We’ve been good for over two years since.”  They offered to send a line tech but I didn’t feel like taking a day off work just yet.

So last week after work I pulled my Dremel, put a wire polishing brush on the tip and from the outside of the house inward, unscrewed every coax connection, polished the threads and copper center wire, and reassembled…all the way back and including the cable modem box.  An hour or more later everything was bright/shiny and tight. And the connection was rock-solid again. Hurrah!

The DVR cable box was a surprising issue.  It is Cisco RNG200 HD-DVR box and I use an HDMI cable to output signal to the TV. First check was the cable itself. Attaching it to the (now working again) Tatiana resulted in great video signal display to the TV. Not the cable.

Maybe the box itself was failing?  For the past month we had noticed a trend where the video signal would go black suddenly for a few seconds before restoring again. Related perhaps?

After finally getting a cheery cable-tech on the line from our provider, he listened patiently as I explained all the troubleshooting work I had done already and the growing video output signal dropouts. Immediately he sent a major re-programming order to the system (not your normal box reauthorization signal mind you). About forty minutes later the software had been digested, applied, and assimilated. The box sprang to life and signal was restored again. And all our recorded shows were still on the drive! Since then, we haven’t had any issues with video dropout either. Not sure what happened, but I’m guessing the software/firmware refresh cleared it up.

Claus? What has this to do with RSS feeding?

I’m getting to that.

Amongst all this drama spread over a week or two getting resolved, Firefox 13 dropped, a significant Flash update dropped, and my Firefox/NewsFox combo for reading my almost 250 RSS feeds ground to a horrible stop.

See, I found that every time I attempted to use NewsFox to pull my RSS feeds, it would inevitably hit one that had some kind of Flash/Java/script something and lock Firefox up completely. I could get it going again by waiting forever for a “script stopped responding” dialog to appear which might eventually allow me to continue on. However I found just killing the plugin-container sub-process with Process Explorer did the trick faster. To compound issues, I wasn’t seeing the Flash Player sub-processes kick off underneath the "plugin-container”.

fkswe35k.x31

Something bad was happening and only by killing the plugin-container process could I get control back of Firefox.

I had previously experimented with dedicated client-based RSS feed readers, but have been a die-hard proponent of having my RSS feeds directly in my web-browser and NewsFox fit the need perfectly.

So I started the search to see if there was a client-based RSS feed reader that would allow me to break out of my browser for RSS feed reading in the meantime, but still be compatible with the process to support my blogging work.

After looking through the options on my (very) old post RSS Reader Roundup…Valca Style, checking out some newer apps, (including the slick new Mishra and Voyage readers) and picking though a ton of Google search results on the subject, I settled on two possible candidates; Feedreader and Omea Reader.

Feedreader was very nice and has become quite polished since I last toyed with it. I was able to import my sizeable OMPL list from NewsFox and with a few tweaks had a nicely sorted/displayed 3-column view. The text view is beautiful for the articles and the feed information and article link presented at the top of each displayed article header was stunningly perfect. Feed updating was fast and stable. It was almost a perfect match. Except that despite all my attempts, the process of getting the link out and into Firefox just didn’t quite work smoothly. Since I bookmark interesting links during the week until blogging time rolls around this was a real problem. I don’t use IE regularly, but still prefer to leave it as my default system browser. So clicking a link opened up IE, which I then had to copy the link and paste it into Firefox and then reload the page and then save my bookmark. The total package is beautiful and simple.

tymsuhoy.emm

Omea Reader was brilliant and I’m using it full time now for my RSS needs.  Out of the box (as I posted originally back in 2008) it is very over-the-top feature rich. I was able to turn off features/tabs for contact management, favorites, HTML plugin, News plugin, Notes plugin, and pictures plugin.  Once disabled, all that I left running was the RSS plugin. I easily imported my OPML file and it raced through the feed updating rocket-fast.  It supports complex feed-view filtering as well as categorizations. I can set a ton of special filters and highlighting based on key-words.  The article text-view is nice (though not quite as polished as Feedreader). Some feed/links that NewsFox had issue with were no issue for Omea. It doesn’t have a launch at startup option (nor launch minimized) that I can tell, however I set it to launch as a scheduled task 5 minutes after login and that seems OK.  While running it seems to kill my Windows screen saver. Haven’t figured that out yet. In fact, my only complaint seems to be that the RSS article feed link is displayed at the very bottom of each post, rather than up in the header section like Feedreader. (Omea Team? Any tips to get the article link displayed in the header section?)  This means sometimes I need to scroll to the very bottom to open the link in a browser. Speaking of that, Omea is cool in that if I have Firefox running in the background and click a RSS feed link to view the full article in the browser, it sends it to Firefox as a new tab. From there I just deposit the page in my bookmark sidebar. That’s a Texas two-step dance I can live with. Sweet!

iwnp00tc.ucd

I’ve not given up yet on NewsFox and may return to it since I (below) sorted out the Firefox lockup issue I was plagued with, but I’ve clearly reached the tipping point.  The speed and feature set that Omea Reader bring me as a full featured, and semi-autonomous RSS reader have convinced me this was a wise way to go. I can update my feeds in the background without locking up my Firefox browsing.

Now, soon after I had started getting used to Omea Reader, I had to turn my attention back to the constant lockup issues with Firefox. I was super close to jumping to Chrome full time. The only thing that saved me was the (continued) lack of a bookmarks sidebar in Chrome like Firefox has.

The lockup issue ended up not being NewsFox add-on extension specific. It directly hurt the most because NewsFox was always open in the background and it seemed that anytime it or me hit a feed that had something going on triggering the event, Firefox would lock up.

I disabled NoScript. I disabled AdBlock. No fix. Eventually I was able to find some web-pages (outside of NewsFox) that would cause the page load to lock up Firefox but not IE or Chrome. I had material to work with and it was clearly outside of being just a NewsFox problem

Long story short, I eventually found through lengthy troubleshooting that the issue (in my case) was the Flash/Adobe/Shockwave plugins I had in my portable Firefox plugin folder; Mozilla Firefox, Portable Edition Support | Installing Plugins. Basically, Firefox Portable (which I use) has a FirefoxPortable\Data\plugins directory where you can keep your plugin files if you run the app on a system that lacks them.

These here:

m0zm2qw0.u1d

+ This

fkswe35k.x31

= Firefox lockups and no Flash sub-process execution!

Instead:

Nothing here:

nfdd0c40.tfk

+ This

lyxzhyj3.t0x

= No Firefox lockup and the expected Flash sub-process executions!

Firefox 13 tamed.

Go figure.

Despite the fact that the files I had in here were the same ones from where they are also “installed” on my system, emptying out the files in this folder solved the lockup issue I was experiencing. 

Don’t know why that was an issue, but it was. With the portable plugin repository empty again, no more lockups since and Firefox seems just fine finding the appropriate browser plugins from their main installation location on my system.

So it was with interest today that I found the following in my RSS feeds.

A further option for remedying the problem is to deactivate Protected Mode. Under Windows 7 or Vista, this requires the addition of the line ProtectedMode=0 to the configuration file mms.cfg. Since Protected Mode is not used under Windows XP, this step is not necessary on that platform. In 64-bit editions of Windows 7 and Vista, mms.cfg is located in <%windir%\syswow64\macromed\flash>; in 32-bit versions the file is located in <%windir%\system32\macromed\flash>. Administrator privileges are required to modify these files. Detailed instructions can be found in Adobe's Protected Mode FAQ.

Some users have traced some of their crashes back to the fact that Firefox's out-of-process plugin protection has been disabled. A support article on the Mozilla web site explains how to reverse this change.

Adobe has gone even further and released instructions for downgrading Flash Player to a previous version. Users should on no account downgrade to build 11.2, however, as it is known to contain critical security vulnerabilities which are currently being actively exploited. Instead, users should install Flash Player 10.3, in which the vulnerabilities in question have been fixed in a similar way to version 11.3 since Adobe is continuing to supply enterprise customers with security patches for Flash 10.

I had considered that the new sandboxing features might have been causing the issue, but since I had been able to replicate the issue in a parallel run of Firefox 12 I ruled the Firefox version 13 itself as being the source of my particular issue.

I’m now turning my attention to picking through this detailed technical post in hopes it might help be understand what was going on:

All is well in my case, and having weathered a perfect storm of technology problems, I’m pleased to say Firefox 13 is running strong, I have a new “high-end” RSS feed reader that is increasing both my performance and feed consuming hunger brilliantly, the cable box video output is good as new, and thanks to Crucial, I’m back to 8 GB system RAM on my notebook again.

There is peace and harmony in the Valca home again.

Hopefully somewhere, something in all these travails and victories might help someone.

Cheers!

--Claus V.

Windows 8 Linkage: “Metro at Nightfall” edition

cc image credit image by echiner1 on flickr

qzvu25cg.c2e

OK.  I’ve now been spending a considerable amount of time using a virtualized installation of Windows 8 Release Preview. I have also come to an critical conclusion.

Until Microsoft (or the Windows tweaking community) comes up with a solid and reliable way to disable and/or prevent The Nuisance™ that is the Windows 8 Metro start page from running AND brings back a more realistic semblance of the classic “start menu” format, Windows 7 will be for us what XP has and remains for most of the enterprise world.

Seriously Microsoft. What are your focus groups thinking?

The game changer?  Dear Alvis.

Allow me to explain.

Last week, in a show of appreciation and support for dear daughter Alvis, Lavie and I picked up a new 17.3” i3-core, 4 GB RAM, Windows 7 Home Premium x64 bit laptop for her.  She has been soldiering on with her hand-me-down Gateway MT6451 laptop. I’ve long since upgraded the RAM to the max the system could support, dropped a larger HDD in it, upgraded it to Win 7 (x32) and it has been a real workhorse. It survived a DC input socket failure and repair, and at least two complete tear-downs by me. However, over the past several months the DC plug began to fail again leading to a flicking screen as it switched from AC to battery and back again. I considered picking up a new system-board. However at around $100 it didn’t make much sense for such an old system when I could pick up a newer and more powerful system for her for a few hundred more. So now she’s running a beautiful HP Pavilion g7 notebook and is beside herself with joy. Next comes picking out a lid “skin” and a bag to fit the behemoth.

Anyway, being such a new purchase it is possible it will qualify for a low-cost OS upgrade to Windows 8.  Alvis is a hip kid and is no slouch when it comes to technology and PC operation. So I showed her the Windows 8 Release Preview I’ve been working in.

Feedback was (basically) “gross, stupid, where’s the start menu on the desktop? Don’t you dare put that on my new laptop. I don’t want a Windows Phone on my laptop! I don’t get it.”

I was shocked. Really. If any demographic might be open to the Windows 8 Metro/Start Page interface I figured it would be a hip, younger kid who would appreciate the tiles and the Metro apps, etc. and doesn’t bring much baggage with them from the Windows-in-Enterprise world a-la XP and “Classic” mode. Nope. To her is is nothing more than Windows Phone on a PC. Period.

In fairness coming to my own conclusion, I loaded up a number of Metro Apps onto my Windows system to test out the experience.

  • I have to sign in with a Microsoft ID to download and install them? Seriously? Pass.
  • The news apps and photo-feed apps are quite beautiful. However when I’m looking for news give me the news…I felt I was reading the Parade Magazine using them.
  • The weather application tile was pretty cool.  But do I really want or need all that eye candy to figure out what the temperature and forecast is for the day? Nope. My NeXus dock bar has a superhandy icon that I can access to get almost all that same information for just a hover.
  • For the life of me I still can’t figure out how to surf successfully in the IE 10 Metro tile app.
  • Closing running Windows Metro tile applications is possible but still non-intuitive to me.
  • I can swap back and forth between the Start Page and the Desktop. However I prefer to just stay in the desktop, and find the Classic Shell tweak a must-have.
  • Performance is great and I love all the under the hood OS tweaks and changes. I want them. I want them really badly.
  • I don’t mind the “flat” windows and removal of many of the Areo/transparency styling's from Vista/Win7. That’s all cool and actually pulled off quite nicely.

But at the end of the day the Metro Start Page environment and the lack of a OEM start menu system for the Desktop really is just killing the deal for me.  Sure, I can and am using Classic Shell coupled with this cool trick How To Switch to Desktop Automatically in Windows 8 via Windows7hacker to auto-jump to the desktop after login (after a brief pause at the Start Page), but I shouldn’t have to!

Note: if you use that trick (and it is a nice/easy one) there is an error on the path location to save the file as listed in the post. Rather than using %appdate% it should be placed in the following location:

%appdata%\microsoft\windows\start menu\programs\startup

Nope. Windows 7 runs super smooth, has all the core features I need and require, that I cannot reasonably make the call to upgrade any of our systems to Windows 8 in its current iteration. We are still running Windows XP Pro at work and only now are there the initial rumblings of vetting Windows 7 for deployment across our enterprise. Windows 8 with the Start Page in corporate-land? Doubtful anytime soon.

So to be clear, I’m lovin the technical changes and features Windows 8 brings. I’m definitely not feeling the love for the new GUI. And it’s annoying enough to seriously keep me from upgrading our systems anytime soon.

Pass for now.

That said, here are a bunch-load of new links regarding Windows 8 goings-on for future reference.

Win8 (Release Preview) - Start Here - Get It

Win8 - Related Betas

Win8 - Install It

Win8 - Under the Hood

Win8 - To Go

Win8 - Tweaks

Win8 - Deeper Insights

Win8 - DaRT

  • nothing new in this area these past weeks…

Win8 - Usage Tips

Win8 - Miscellanea & Rumors

Windows 8 - GSD Previously Posted

Cheers.

--Claus V.