Archive

Archive for the ‘How To’ Category

Post XP SP3 Update problem

July 18, 2008 2 comments

Despite all the problems circulating the web about Windows XP Service Pack 3, I thought I would go ahead anyway on a new installation. The installation part went fine and the system restarted properly with no lock ups, stops or looping restarts. So far so good, unfortunately I celebrated my good fortune too soon – Windows Update stopped functioning. Whilst updates were being downloaded, Windows XP would fail to actually perform the update.

I did a bit of googling and whilst I didn’t find any accounts exactly matching my problem, I decided to follow the advice on this Microsoft KB article.

First of all, stop the automatic update service from the command prompt.

1. Open up Start Menu > Run

2. Type “cmd” and press Enter.

3. In the command box, type “net stop wuauserv”, should should get the following confirmation:

Now we need to reregister the DLL involved in the Windows Update process.

4. Type in “regsvr32 %windir%\system32\wups2.dll”. The following control box should pop up after a moment:

Now we need to start the update service and hopefully all should be well again.

5. Type “net start wuauserv” which should yield this confirmation:

Thats it, updates started working for me immediately afterwards. If this didn’t do the trick for you, follow the alternative methods on Microsoft’s KB article linked above.

Embedding Twitter into your WordPress Blog

June 23, 2008 18 comments

Update 07/02/10: Please note that there is now an official wordpress widget for twitter. As such, hosted wordpress accounts are no longer constrained by not being able to use third party addins described in my previous update.

Update 22/03/09: Please note this method describes integrating your twitter account / feed with your hosted wordpress blog. If you are hosting your wordpress CMS yourself, there are a number of plugins and / or widgets you can use (nice round up here) instead as you can change the templates and are also not bound by the ‘no scripting’ limitation of hosted wordpress blogs. I initially wrote it back in June 08 but the method still works well to this day. If you have any questions please feel free to ask me via email (on my about page) or on Twitter @KonradS.

Many of you will be familiar with Twitter, a short message microblogging platform used by the ‘technorati’. I wanted to utilise this platform in order to display my updates as a widget on my wordpress blog. Initially I encountered difficulties given that WordPress sanitises all scripting. As such, default twitter ‘badges’ are useless. I was about ready to give up, when I found out that Twitter has RSS feeds for every account.

Initially I hit a brick wall with this as well, the main RSS feed (http://twitter.com/statuses/friends_timeline/insertuseridhere.rss) was for your friend’s updates, not yours and required you to be logged in with Twitter. This clearly is not that useful. However, there is a second feed, a user_timeline feed which does not require you to be logged in and only shows your updates.

The URL for this is : http://twitter.com/statuses/user_timeline/14526317.rss (substitute 14526317 for your twitter user id.) It is a little tricky to find this URL and to be truthful – I did this a few weeks ago and have completely forgotten where I found it, but it is there somewhere.

To find your own twitter ID, the quickest way is to goto the RSS button on your Home page. This is found on the bottom left part of the feed section. This RSS feed is not the right one, but it contains your numerical ID number. By substituting your twitter ID into the user timeline in the above paragraph, you will save yourself some ferreting.

Anyway, combine your RSS feed with the WordPress RSS widget and hey presto – a customisable, configurable Twitter feed widget. :)

Changing the Vista (and Windows 7) RSS Gadget

June 13, 2008 1 comment

Its unusual to see such a user-unfriendly way of managing (or changing) the default settings in a program. Windows Vista ships with Vista Sidebar, a gadget/widget engine which brings limited but extensible functionality to Windows Vista.

The main criticism I had initially was with the RSS widget – there seemed to be no way of changing the default feeds that shipped with Vista from the default and fairly bland MSN rss feeds. Despite tinkering with the widget and sidebar program, I eventually conceded defeat and did a bit of digging.

It turns out, rather counter-intuitively that the way to change the RSS feeds is via Internet Explorer. Fire up  Internet Explorer and hit “Control+J“, this is the keyboard shortcut to bring up the feed window.

Once here, you can add / delete / modify the RSS feeds that Vista shows to your heart’s content. In doing so, you expose the greatest weakness of Vista’s default RSS widget, it does not scale very well. Whilst in “at-a-glance” RSS perusal for a few feeds works rather well, its over simplification is its greatest downfall.

There is no easy way to change between RSS feeds / groups (it has to be done via a menu each time) nor is there a way to dismiss headlines which have been read. This greatly limits the usefulness of this widget for any serious RSS subscriber.

I had a brief look, but I could not find a 3rd party, general purpose RSS feed widget on the Microsoft Live Widget site. Whilst this gadget is certainly of use, its limitations greatly diminish its usefulness.

UPDATE: Just a brief note to say this works in exactly the same way for Windows 7.

When the file extension… is not the file extension.

May 8, 2008 Leave a comment

I was bemused to read on bbc news earlier that a trivially simply ploy stung half a million file sharers. The concept is nothing new having been started a fair few years ago by virus / malware writers and adopted by Copyright enforcement agencies in recent years. Do the anatomy of a decentralised file sharing system, anyone can seed a file. Once this seeded file is made available to the peer-to-peer network it either becomes advertised to a localised central file distributor (referred to as a Super Node or Server) or is found during a spider search query run by another user logged into the peer to peer network. If these files are topical or sought after, they can be transferred onto a different node (client) rapidly. There they are stored in the second user’s ‘shared’ directory where more people can download it.

Once a seeded file has been downloaded and spread over a few tens of nodes the rate at which it can be downloaded by others increases almost exponentially with a cascade like effect. Other people of the peer to peer network are lured into downloading this file based on the number of people who have it therefore assuming it must be genuine and would be comparatively quick to obtain. Couple this with a topical or sought-after song / album or file aimed at the masses (who statistically would contain a fair percentage of PC-illiterate users and those with a penchance for agreeing to all the pop ups they come across) means these files explode across networks.

This malicious file in question appears to have masqueraded as a MP3 by Girls Aloud. Given the fact that on running the file pops up a message saying the computer requires a codec to play the song and tries to direct you to a website in order to download it, most computer users would stop and reexamine what they had just downloaded. People that brazenly proceeded and downloaded the malicious ‘codec’ package had spyware installed on their system which would ‘bombard’ users with pop ups. Also, the download file would spawn copies of itself within the User’s shared folder under different names to try to make itself attractive to a greater audience.

But what happened? How were people tricked into downloading an MP3 file but ended up running a malicuous program? The answer to this lies in the file type. Broadly speaking, there are two ways in which a file can be opened:

1) via script or binary execution (e.g. .exe, .com, .vbs, .java, .scr … and some others)

2) via program read from an external application (e.g. .txt, .doc, .wav, .mpg, .avi …. and MANY more.)

MP3 files (Moving Picture Experts Group version 1 audio layer 3) are the latter, upon execution, Windows searches through its list of known file extensions stored in the registry to see what it should do. It instantly finds the entry for MP3 and sees this type of file is handled by a media player like Windows Media Player, WinAMP, iTunes etc etc. Windows then executes the media player which, on loading, opens the MP3 file specified in the command line argument, decodes a block, fills its buffer and starts to play. Unless a clever trick like a buffer overflow is used, which have historically been responsible for security breaches in various Windows programs as well as console homebrew development, this renders all ‘program read’ type files harmless*. As such we have to look elsewhere for the source of this problem.

That brings us nicely to the point I wanted to raise in this post, file extensions and more specifically, security vulnerabilities in their implementation. Recent versions of Windows from XP (and possibly earlier, I can not remember) have automatically hidden the file extension by default leaving the user to distinguish between file types by iconographic representations. Whilst at times this is both cleaner looking and more functional, it does present an interesting security problem, what if there are two file extensions? Window will quite happily truncate the file .xxx from a file name leaving the first extension, despite the fact Windows ignores anything before the final .xxx . As a result, if you name a file SomethingInteresting.mp3.exe, in its default state, Windows will happily display the file as SomethingInteresting.mp3 but will execute the file as an EXE when double clicked. Obviously, if you quieried the file by right clicking on it and selecting properties you would be immediately told what type of file it is, but most people will take the file at face value.

Luckily there is a very simple way to gaurd against such black magic, in Windows XP and Vista** in the file browser, goto the Tools menu and select Folder Options.

In this dialog, uncheck ‘Hide extensions for known file types’ and click Apply followed by clicking Apply to all folders.

And that’s it! A simple check box and some common sense now separates you from being lured into downloading fake or malicious files.

* Some files like some movies can have containers which direct the media player or operating system to web pages. It is not just media files which are vulnerable but this is a completely different topic.

** In Vista you may have to enable the classic menu

The Wow is here! (With some tweaking)

April 30, 2008 1 comment

I just came across a great site called MyVistaBoot.com . As the name suggests, it is dedicated to sprucing up that fairly boring Vista boot screen. Each new boot screen is packaged with an installer so it is trivial to get them on your system without resorting to the use of third party applications as was necessary with Windows XP. Take a look, there are some very elegant ones on there to suit every taste.

UPDATE: My mistake, the file downloaded replaces the winload.exe.mui file directly. It is not as simple as just replacing the Windows file but the instructions are clear and concise.

PC Recovery How-to

April 30, 2008 Leave a comment

This started off a reproduction of a leaflet I wrote for the company I work for. It basically attempts to answer the question : “How do I recover my computer” or “How do I run a system recovery” (and permutations there-of) in as few lines as possible. Because I am not constrained for space on here, I have expanded on it somewhat and will continue to do so, if you have any questions, feel free to comment and ask.

The reason for this procedure is simple – recovering your system to the ‘shipped’ or factory settings is the best way to clean your system. Over time Operating Systems (Windows is the worst for this) accumulate lots of rubbish. This can be in the form of zombie or orphan dependencies (e.g. .DLL or .OCX files in Windows that are no longer needed) miscellaneous and or useless configuration or drivers and even damaging or misinstalled components. Some retails can not take in laptops or computers for warranty repair unless a full system recovery has been performed first due to the high occurrence of non-supported software related problems being futily sent to manufacturers for hardware repair.

Please note, a full system recovery is NOT the same as a Windows Restore / System Restore point recovery or a partial system recovery. In some cases, Windows Recovery Environment (only on Windows Vista) can solve the issue although I mostly have found it time consuming and unhelpful.

Step 1: Back up all your data

When done correctly, a full system restore will completely wipe your computer. This means all your data (e.g. photos, documents, music) and settings (e.g. ISP / Internet, Web Passwords etc) will be removed. Please make sure you have a complete copy of all the data you wish to save on a external source (e.g. a USB Flash drive, USB Harddrive, CD/DVD, NAS etc) before you continue.

Step 2: Determining what recovery method your PC / Laptop uses.

Regardless whether the unit is a PC or a Laptop, it would have been shipped with a method for recovery. This can be in the form of backup CD/DVD(s) or preinstalled on the computer in a hidden ‘partition’ on the computer’s hard drive. You may have been required to create the recovery discs yourself when you first switched on the computer. If this was the case you normally would have been prompted. If you have not created recovery disks or something has happened to render your recovery partition useless, see troubleshooting #4.

Step 3a: Performing the Recovery with Recovery Discs

If your machine has (or came with discs) read on, if not, skip to the section 3b.

Put the (first if applicable) recovery disc into your machine and restart the computer. When the computer switches on, you may be presented with the option to ‘boot from Optical / CD / DVD / Media’, press enter (or the key specified) to do this.
The disc should now boot into the recovery mode. (If not, see troubleshooting #1.)

Follow the on screen instructions. When imaging / recovery is complete, your computer will restart. Remove the recovery disc from the drive when prompted.

Recovery should be complete, follow any remaining instructions on the screen.

Step 3b: Performing the Recovery from a Recovery Parition or Image.

If your machine has backup software installed on the hard drive, please read on.

The process is very similar to the one discussed in section 3a, except there will be a short time window where a certain key combination will need to be pressed BEFORE Windows XP / Vista starts to load. If you see Windows XP / Vista start to load, you have missed the window of opportunity and should restart and try again. A PC or laptop system will go through the following steps whilst booting:

1) Video card POST *

2) Main BIOS Post (CMOS and Ram check)

3) Secondary BIOS POST (for RAID cards or some legacy 13h network equipment) *

4) Cycle through boot device order. At this point you might see a small white icon flashing in the top left corner for a moment.

5) Transfer execution to boot sector (MBR) of specified harddrive.

6) Windows starts to boot.

* Only applicable to some systems.

This key combination changes depending on the model and manufacturer but will be something along the lines of [alt]+[shift]+[F10] (for Acer PCs) or [F12] (for some Toshiba and HP models) etc. More confusingly, different manufacturers check for this key combination in different places. Acer tend to check for the keypress predominantly during stage 3 to 4 although some models exist which check for the key combination during BIOS POST (stage 2), HP base units normally check during stage 2 whilst their laptops wait until stage 3 to 4. The general rule is start pressing the keys when the BIOS shows up and keep pressing them until you get to the recovery partition. If your operating system starts to boot, simply restart and try again. CHECK with your manufacturer the key combination your system looks for.

When done correctly, it will take you to the recovery section of your computer. Follow the on screen instructions selecting, if asked, the full system recovery option. If this fails, please see troubleshooting #3.

Recovery should be complete, follow any remaining instructions on the screen.

Troubleshooting
For more detailed information relating to your specific model, please consult the manufacturer’s website or helpline.

#1 - Can’t Boot from Recovery Discs
If you are trying to run a recovery from a CD/DVD but it is not loading (booting) from the disc, you will need to make sure the CD/DVD drive is checked before the hard drive (containing the software issue) is read by the BIOS.

You will need to go into the BIOS by pressing a button almost immediately after the computer is turned on. This can be [F2], [F8], [F10] or [Del] depending on the specific model you have.

CAUTION, do not touch anything other than what is directed here.

When inside the BIOS, check the ‘boot order’ to make sure the CD/DVD drive is booted first. These drives can be called a number of different things, when in doubt consult the manufacturer. When you have changed the boot order, save the configuration into the CMOS and let the computer reboot.

#2 - I have lost my recovery discs / I didn’t back up my recovery software
Some manufacturers have a facility to send you replacement discs if you have failed to keep or create your recovery software. There may be a charge related to this service, please contact the manufacturer. (See #4)

#3 - Can’t Boot from Recovery Partition / Recovery from recovery partition fails
Some software problems (e.g. malware / viruses) can corrupt the built in software recovery. If this has happened, there will be no way to complete the software recovery and you should contact the manufacturer for further instructions. (See #4)

#4- Recovery partition destroyed / useless or no recovery option.
There is a more advanced way to perform a system recovery than using the built in recovery method. I would only reccommend this for more advanced users as it involves manually installing and setting up Windows (XP or Vista) and installing drivers by hand. You may also need to be comfortable manually partitioning your hard drive. This method will give you a better, more responsive system free of crapware / bloatware preinstalled be the manufacturers as well as potentially utilise wasted hard drive space.

With almost all Vista PCs (I will cover XP in a moment) you will receive a Vista Installation DVD. This DVD contains every version of Windows Vista and you can use it to wipe your computer and reinstall Windows Vista. The process to using the disk is the same as is outlined in Section 3a substituting the recovery discs for the Vista disc. Simply select the version of Windows Vista that came with your machine (you can install any edition of Vista e.g. Home Premium / Basic, Business or Ultimate but it will be limited to a 30 day demo) if you are unsure which version you have, check the side of your PC (or under side of your laptop) for your Microsoft Certificate of Authenticity (sometimes called CoA.) This brightly coloured certificate will not only have the version of Windows you are entitled to use written on it, but your Product Serial key as well – this will be important as it proves you are entitled to run the particular version of Windows and will be required during the installation.

Alternatively, if you are using Windows XP (or another Operating System like 98/95, NT, 2000, Server etc) you may need to obtain a Windows CD. I am not sure of the legality of this, but if you find a download somewhere online for a Windows CD image (I won’t provide a link) and install it using the Product Serial key provided on your certificate of authenticity, strictly speaking you are not committing piracy as you are entited to run that operating system on that machine. Because I am not a lawer, I do not know if such a proceedure would be legal and as such can not recommend it. You can always buy a new CD (OEM version) or go directly to the manufacturer for a replacement.

Once Windows Vista/XP (etc) has installed, you will have the basic framework for your PC / laptop. What will still be missing is the drivers and software. Drivers can be downloaded from the manufacturers website and should be done prior to reformating your computer. Some operating systems (XP and prior although to a lesser extent Vista as well) will need security software loaded onto them before you allow the computer to be exposed to the Internet. There are a number of free alternatives as well as commercial options.
Useful Contact Numbers (for the UK)

Sony 0870 240 2408
Acer 0870 853 1002
HP 0870 010 4320
Toshiba 0870 220 2202
Fujitsu Siemens 0870 243 4390

Ubuntu 8.04: Hardy Heron on the Amilo 1650

April 25, 2008 15 comments

After using Hardy Heron for about twelve hours now (at least eight of those tweaking and fiddling) I must say I am impressed although, it sometimes feels a bit more clunky than previous releases. This release builds greatly on the previous release 7.10 and feels more feature complete and compatible as well. This is largely due to native inclusion of the b43 driver over the depreciated bcm43xx driver for the wireless as well as an improved restricted driver manager.

Here is an overview of how things work with my Fujitsu Siemens A1650 Amilo laptop:

CPU: Works perfectly (including frequency scaling and power management)

WiFi (Broadcom 4318 ) : Works *! (After the install of Acer_acpi tools and a bit of tweaking)

Graphics (Ati x200m) : Works perfectly! (With Ati Non-Free driver)

Flash (in Firefox) : Works perfectly (I had lots of problems with this in 7.10 Gutsy Gibbon.)

Memory Card Reader : Not tested.

PCMCIA : Works perfectly (tested with IDE > CF converter and tried a CF memory card)

Hot Keys : Can be made to work, but I have not got around to this yet.

* Although it picks up and connects to wireless networks, I need to do a bit of testing before I am 100% sure all the problems have been sorted. Bloody Broadcom….

I had do install a few extra packages to get it all working however and I am going to detail this now.

To get the wireless working we need to install the firmware (not shipped with Ubuntu) via the new firmware cutter b43-fwcutter. In a terminal window, type:

sudo su

sudo apt-get update

sudo apt-get install bc43-fwcutter

Once that is done, follow these instructions to obtain and load the correct firmware module.

Now we need to install the Acer_acpi packages. Do not follow the instructions on the project website relating to acer_acpi as you will end up trying to install the depreciated version of b43 (bcm43xx.)

We need to add the following line to the package manager to enable the repository containing the acer_acpi code:

deb http://www.mumblyworld.info/ubuntu gutsy main

Once that is done, open a console window.

Sudo Su

wget http://www.mumblyworld.info/ubuntu/depot.key -O- | sudo apt-key add -

apt-get update

apt-get install aceracpi-source

m-a prepare

m-a a-i aceracpi-source

This first downloads the repository public signing key and then gets the acer_acpi source package. In the process you will likely be asked to install other dependancies, agree to this as these will be required during the compiling process. Once the above commands have completed, you will need to activate the module:

modprobe acer_acpi

The wireless light on the A1650 will now light up showing the wireless module has been activated. For future reference, it can be activated and deactivated with the following commands:

Sudo su

echo 1 > /proc/acpi/acer/wireless  (to activate)

echo 0 > /proc/acpi/acer/wireless (to deactivate)

Restart and your wireless should be operational :) For reference, I followed parts of the guide found here. I would not recommend you do the same, as you will end up trying to install the depreciate version of the b43 driver, bcm43xx.

Another thing which I installed was the Compiz manager as well as emerald. Compiz has a lot of options, but window decoration is still one I prefer to use Emerald for. These are installed in much the same way as they were in 7.10 with a few key exceptions.

sudo apt-get install compizconfig-settings-manager compiz-fusion-plugins-main compiz-fusion-plugins-extra compiz-gnome compiz-plugins libcompizconfig-backend-gconf libcompizconfig0

Then install emerald:

sudo apt-get install emerald

Once these packages (and their dependancies) have installed, you will find two new options under System > Preferences gnome menu. One will give you complete control over the effects Compiz uses and the other will let you load/tweak and create Emerald themes. However, as per default metacity is the window decorator. In the Compiz “Advanced Desktop Effects Settings” find the window decoration option and replace the command field with “Emerald –replace”

Save and restart if required.

Categories: F/OSS, How To, Linux, News Tags: , , , , ,

GIMP Basics – Screenshots

April 21, 2008 1 comment

One of the main programs I use is Photoshop, I use it mostly for simple image editing / cropping and resizing for my blog. I am trying to move over from Windows to Linux for blogging and as such, I decided to finally get to grips with the Gnu Image Manipulation Program (The GIMP) which is the GNU photoshop equivalent for GNU Linux. Whilst the Wine project have made great leaps forward in recent years to the point where Photoshop can be run inside Wine, it is still not an ideal solution.

In this post, I just want to very briefly explain how to do something simple : take a screenshot, crop it, shrink it and compress it using the GIF interlaced format.

1 ) Download and install GIMP. On Windows this is done via a download from the GIMP site, on GNU Linux it is done via the distribution specific package manager.

2 ) Once it is installed, lets assume we have a screen we want to capture. Fire up the program and goto “File>Acquire>Screen Shot”. This will bring up the WinSnap dialog which will allow you to take a screenshot of the entire screen (after a defined pause) or a specific window. The specific window feature didn’t work particularly well so I recommend taking a snapshot of the entire screen. (If you have pressed the Print Screen button, you can instead use the “Past as new image” option.

3) Now we have the entire desktop, we need to use the select tool to highlight the area we want to capture.

4) Next we goto the menu, select “Image > Crop to Selection”

5 ) Finally, I tend to scale the image to 80%, this is achieved by going to the menu “Image > Scale Image” and selecting 80% width and 80% height. If you constrain the proportions of the image (the chain icon) then selecting a 80% width will automatically select 80% height.

6 ) Now simply goto “File > Save As..” and append “.gif” to the end of the filename. This will launch the GIF exporter.

7 ) You will be told that the GIF exporter can only handle Greyscale or indexed images. Select “Convert to Indexed” and click “Export”.

8 ) Check “Interlaced” and uncheck the “GIF Comment” field and click “Save”.

And thats it! :) When I get some time to play with GIMP’s more advanced features I will write more on the subject.

Bypassing Acer Security

April 16, 2008 21 comments

Today I came across an ACER PC (M1610) at work that needed restored back to the manufacturer’s settings. Acer ship their desktop systems with part of the hard drive hidden in a recovery partition that can range in size from 6 Gb to 20 Gb depending on the specific PC model. The problem was the customer who owned the PC had set a password on the recovery interface and had promptly forgotten it. I had a chat with Acer who were naturally very happy to take the PC and charge the customer to reformat and re-image the entire drive. Unfortunately I spoke with a rather arrogant technician at Acer who claimed there was no way to get around this password, those that know me will know this is like mixing firecrackers with a kid with matches. I decided to fix the issue myself.

What you will need:

1 – A bootable CD with some live or preinstalled environment (e.g. WinPE/BartPE CD or any Linux live CD with NTFS 3G although I would recommend the former given the flakiness of Linux NTFS drivers.)

2 – About ten minutes.

Recovery tools are glorified branded imaging/cloning tools (like Ghost or Acronis True Image.) They have three main components, the program binaries (i.e. the GUI/UI and low level formatting/writing tools), the configuration files and the backed up / imaged data itself inside an image file. This image file can be one large multi gigabyte file or lots of smaller chunks and it contains not only all the files and folders, but NTFS file table system/ bootloader and MBR information. This means the entire image can be written onto a hard disk (or hard disk partition) and after reboot, the user could be presented with a fully functional system. Its for this simplicity that companies like Acer do their recovery in this manner.

I booted using a WinPE XP cd (but you can use anything mentioned above) and took a look at the partitions on the hard drive finding the following:

C: NTFS 69.5Gb (Formatted total)

D: NTFS (although reported as unformatted) 69.8Gb (Formatted total)

Hidden (Not mounted by default) NTFS 9.8Gb (Formatted total)

4Gb Unallocated space. (Wasted)

I mounted the hidden partition and eventually after some trial and error, found the file containing the password and password hint details. This was the file called “aimdrs.dat” (found on the root of the recovery partition) and could be opened in notepad (although I used and would recommend a good hex editor) and showed a very simple file layout as shown below:

[MyData]..PD=12345..HT=abcd efgh..

Where “12345″ is the password, encapsulated between the equals and two full stops. “abcd efgh” was the hint. This was literally the entire file.

Changing either of these simple strings is very easy and after a reboot into the recovery software (via [Alt] and [F10] during BIOS POST) you will once again be able to access the recovery software. I would recommend you do not change anything else in this hidden partition unless you know exactly what you are doing.
I hope this helps someone stuck in a similar position and is likely applicable to many more systems than just Acer PCs.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: