Category Archives: Security

Seven to ten to seven

Seven to ten to seven

“Seven to ten to seven”

As you undoubtedly know, for now my recommendation about Windows 10 is: Stay put when you’re on 7, upgrade when you’re on 8/8.1. If you disagree, that’s fine: do what works for you. Of course, there is an “if”, namely, you’d better upgrade to 10 in order to secure the 10 upgrade for free before the promotion ends. As such, I’ve been a busy bee, taking Windows 7 machines, making an image of their disk, then upgrade and the revert to the 7 image.
Technically, you can upgrade to 10, ensure your machine is activated and then click the “revert to 7″ button in the “Upgrade” section somewhere. You have 30 days to do this. Now, personally, I prefer the “image-upgrade-restore” process because you do not know what Microsoft does when you click the rollback button. Is your machine hash flagged? Well, you get to say what you think of 10, but there is most likely not a human soul that will ever see these complaints.

Being more the Unix guy, I automated my work as far as possible. The automation consists of three parts: an imaging script and two windows scripts (reg and cmd). The first script is actually rather old and was originally written for other purposes: image newly bought PCs. It uses parted, so I assume that it should work on GPT partition layouts, but I have never tested this.

Now, to be entirely honest, you’re not going to manage to do the imagining without a little crash course on devices and the Linux command line. (Only tested on Ubuntu 14.04 LiveUSB. Dependencies are: ntfsclone, dd, dmidecode, hdparam and probably another few)
Basically, you’ll run it as following: sudo ./generate-image.sh /dev/sda
However, this assumes a few things: your working directory has my script, that in this working directory you have enough space to store the generated images and that the disk you want to image is /dev/sda (which it most likely will be, but I cannot say for sure). You also need to be sure that no partition of /dev/sda is not mounted. (Hey, now that’s something I could add to my script…)
When you run that script, it will create a directory based on your machines information, and will attempt to image the mbr (full and without partition table), and all partitions. For vfat it reverts to dd, for ntfs it reverts to ntfsclone and it generates a restore.sh script for your convenience for easy restoration. I’d say: cool, but you may think otherwise.

Nevertheless, I have decided to publish it here for the nerdier guys.

So, then you upgrade to 10, wait until it’s activated and that’s the last you’ll see from Windows 10.

Now, you boot back to your LiveUSB, go to the image directory the script created and run sudo ./restore and it will restore everything magically. If you want to use the backed up partition table, give any parameter (it’s a bit dumb, yes…).

When it’s all done… Reboot. You’re back to your Windows 7 machine as if nothing ever happened.

Now for the part any Windows user can do. The two scripts in the privacy.zip, are privacy.cmd and privacy.reg. The reg file you can just double-click, and it will essentially mark your machine as being “not interested in Windows 10, don’t bother me any more”. It disables GWX (the Windows 10 notification icon), disables the upgrade function, disables reservation and disables the fact that recommended updates are treated like important updates. This is important, because Microsoft used the “recommended” channels to push these -let’s just say “annoying”- patches to your computer.

The privacy.cmd script does something entirely different. If you haven’t been living under a rock the last months, you know that Microsoft pushed patches that adds a tracking services to your pristine Windows 7 installation. Now the script starts off with stopping that service, and then disabling it. I do this, because the uninstallation of the offending patches might fail for some reason. At least, then you’re sure the service is off. After it has done this, the script tries to uninstall the patches related to the Windows 10 upgrade and the tracking service.
Be advised, in order for the privacy.cmd script to work you need to run it as Administrator. Right click on it, then select “Run as Administrator”. It might take a while.
Congratulations, the nagging for the upgrade should stop, until Microsoft decides to push it as an important upgrade. After a reboot, you may want to manually mark these patches as hidden. Perhaps I should try to figure out, whether you can do that with a registry patch too.

What is your Facebook “username” any way?

My previous rant is wrong.  Well, not in the sense that I’m going to admit that “email-as-username” is the greatest idea on earth.  I still think it’s dumb, and some people I respect a lot disagree.  I’m still not convinced.

No, a little bird tweeted me the following:

@jawtheshark changing the email for facebook won’t help … you can use your actuall username to login, no need for email adress

— Pit Wenkin (@PitWenkin) August 13, 2014

Wait?!?  What?  That vanity URL, I took back in the day also counts as my username?  Hands up, who knew that?  I most certainly didn’t.  I tested it from within a Private Browser session, all the following worked:

  • My “jawtheshark” gmail.
  • My “jorg.willekens” gmail.
  • My work cellphone
  • My private cellphone
  • My facebook vanity url nickname and by extension my facebook email.

Basically, pretty much anything that could identify me can now be used as a username to be logged into Facebook.  I am not really sure if that is a good idea.  So, I didn’t fix Flirty’s problem, since her “attacker” could use any of the above if he knows about the existence of them and they’re pretty much public.

Tomorrow Windows XP dies, long live Windows XP!

designed for windows xpTomorrow is Tuesday 8 April 2014.  The date that Microsoft kills XP support forever.  I know there are many people who want to see it die.  I don’t because it kills off mature software.  Software that has been tried and trusted, where the bugs are known and can be worked around with a well known graphical user interface.

I know, I hear you: Security!  Boooo!  Hisss.  Scare, scare, scare!  I know, as a matter of fact that it is totally possible to run XP safely.  The rules are rather simple: don’t use any other Microsoft software, use a reasonable anti-virus, don’t install stuff you don’t actually need, and…. apply the Unix principles.  You run as standard user, and do administrative tasks as the Administrative user.  That works, and illustrates that a XP machine can be safe.  Sure, the way XP does it is a bit more cumbersome than more modern systems but that does have its advantages (Oh, I’ll click “Allow”, how bad can it be… Aaargh!).  On the other hand, with “Run As” you could get a long way.

The only other reason, I see, is support for more than 4GB RAM.  Ok, fine, I’ll grant you that.  At the risk of sounding like the 640kB is enough for everyone quote, I can assure you that a normal office desktop for the typical worker bee can live with “just” 4GB RAM.  Heck, I write this on an Ultrabook with a mere 4GB RAM.  Ubuntu tells me that I only have 1GB in use right now.

Regardless.  XP dying is a shame.  The normal worker bee gets nothing out of Vista/7/8, neither does the normal home user.  At best they hobble along and cope with the unneeded changes, at worst they get very frustrated (at which point I send the people I want to help to Linux, and those I don’t want to help to Mac OS  X).

So, I declare the 8th April “Install Windows XP day”.  Dust off that old XP machine you have lying around and don’t use.  Write down the OEM key, then grab the ISO and install it in a Virtual Machine (For easy to start VM software: VirtualBox).  Let it update as fully as it allows you to.  Then pink away a tear, in reminiscence of all the hours you wasted reinstalling XP in the first place, but also a tear for the death of mature software.

That’s what I’ll do tomorrow.  Of course, discard the VM afterwards, after all, installing an OEM license on non-original-equipment is filthy piracy.

On shared computer accounts.

“I read your email” used to be a popular system administrators t-shirt. It probably still is.  Ever since I started playing system administrator, for home systems, it was one of the things I didn’t do.  It’s user data, you don’t touch user data and it’s the way it should be.

Way back in those days, the typical home computers did not have significant user accounts.  Stuff was shared, and I do remember one occasion of one of my family member going through our Eudora account and being angry at something I wrote.  I don’t even remember what it was, it must have been quite petty.  It is then that we separated everything for everyone: everyone got his/hers account,  password protected, preferably with the screen saver locking out access.  All this even got better when we switched to Windows NT 4.0 and later (the best operating system coming from Redmond, ever) Windows 2000.

It brought fun stuff like, having your own colour scheme, your own wallpaper and you could organize your data as you wanted.  The downside was having to log out and the log in when another user wanted to use the machine.  I mean, I am talking pre-Windows XP, here.  When we did switch over to XP (rather late, SP2 was just released), the “Fast User Switching” feature was one of the biggest arguments.  That, and the superior wireless handling.

Why, do I write this?  It’s 2014, and I just found out, by reading into the context, that a certain branch of my family uses a shared computer account.  Today, around 20 years after we started separating our accounts.  They don’t even have the technological hurdles, we used to have!  When I pointed them out that this was not a good idea, I got the typical “we have nothing to hide to each other”.  Well, neither do I… Not really, at least, but you might need the occasional brain bleach if you do go meddling in my data.  For me this is about respect:  I respect your part of the computer and you respect mine.  Just as I respect your sock drawer and you respect mine.  I can look in it, but I won’t.  Because I respect you.  It’s the same reason, my wife won’t ever take my phone without asking me, and I won’t do that with hers either.

In that sense, it’s about trust: I trust you enough to give you your privacy.  I expect the same from you.  Let’s say it a bit differently: You may have nothing to hide, but you should still value your privacy.  Even from loved ones.

As you see, I don’t even touch on global spying, where the NSA and other governments try to track your every move and violate your privacy continuously.  That’s the big picture, but really, you won’t get the big picture if you fail to see the issues within your own four walls with your loved ones.