The age of telemetry and online tracking.

Telemetry has been around for a while, Windows 7 had it, and I believe even Vista might have had it.

Having said this Microsoft did not previously sell this information to third parties not did it previously include personal information. When I say personal information I mean your age gender, approximate location, and online habits. Legally they can not give your name, address, and other details that would allow someone to pin point you in real life. So instead they are selling as much as they can about you without actually telling them who you really are. Mind you Micrrosoft is not the only company that uses telemetry data, recently Nvidia got caught with their hand in the cookie jar as well. Scary, right?

Windows:

Fret not where there is a will there is a way. If like me you spend a lot of time connected to the online world there should be a few applications that you need to explore.

For Windows 10 there are a couple of Telemetry applications that you can install that will kill the services and registry entries that allow Windows to send your data to big brother.

O&O Software has an Antispy-Tool for Windows 10. This is a free download. It’s called O&O ShutUp10. With this tool you can pick and choose in great detail what you want to block and what you want to allow.

03

The folks over at Safer Networking that brought us Spybot Search and Destroy have also built a similar tool. They call their Telemetry removal tool Spybot Anti-Beacon, the link can be found on their download page. This has a portable version so you can run it off a flash drive if you need to.

capture

The first time you run this it will show you what you have blocked and what is still tracking you. If you click the “Show Options” button it will show you the registry keys that will be changed. Click Immunize and restart your computer.

Besides these tools, I have also edited my hosts file and added a bunch of domain names that direct to 0.0.0.0, essentially to nowhere. Spybot also adds a couple hosts entries into the file.

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 ec.atdmt.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 ssw.live.com
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 http://www.msftncsi.com
0.0.0.0 apps.skype.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 m.hotmail.com
0.0.0.0 pricelist.skype.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 s0.2mdn.net
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 ui.skype.com
0.0.0.0 view.atdmt.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com

*Note not all of the above addresses belong to Microsoft. Most of those URLs preform some sort of tracking so probably a good idea to block them anyways.

Nvidia:

Recently it has been discovered that Nvidia included Telemetry in their driver software. Some believe it is only part of the GForce experience, but that is not the case, it is installed along side the driver.

In order to disable the Telemetry bundled with the Nvidia driver you need to download Autoruns from Sysinternals. Extract the package and run the executable as Administrator. Make sure the everything tab is selected and filter content with the keyword: nvidia. Then proceed to uncheck the following items and then just close the application, followed by a reboot.

capture2

Now Nvidia might not be tracking anything, but that is not the point. Also you will need to do this every time you reinstall the driver.

Web browser:

To hide yourself online, obviously the best technology is a VPN or a proxy server. However these can cost quite a bit of money.

My suggestion is use two of the better online extensions. Electronic Frontier Foundations Privacy badger and uBlockOrigin.

Privacy Badger can be installed right from the eff.org web page. To install uBlickOrigin go to your web browsers extension store to find plugin and install it. For Vivaldi go to the chrome store as it is based on Chromium and all chrome extensions are compatible with it.

Generate Cyclic Redundancy Check (CRC) Using CertUtil

A CRC is used to detect any changes to the original data/content, the most common reason being accidental data modification and corruption. CRCs are used to validate integrity, to ensure that the data sent is the data received.

It’s quite easy to create a CRC with tools built into the Windows operating system. Open a command prompt window, browse to the location of your file and run the following command:

CertUtil -hashfile <file_name> MD5

By default CertUtil uses SHA1 if the algorithm is not specified, for this example we’re using MD5. CertUtil supports many different algorithm types.

  • MD2
  • MD4
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

Once the command has completed successfully CertUtil will output a sequence of numbers and characters, this is the MD5 hash. We will use this hash to validate the integrity of the file once it’s transferred. Once the file is copied we will run the same command and compare the values. If they match the file is valid, if not we know the data was altered. To simplify this process I’ve written a small script in PowerShell that you can leverage.

if ( $(CertUtil -hashfile "<file_name>" MD5) -eq "<hash_from_certutil>" ) { 
  Write-Host "CRC File Integrity Check Passed." -ForegroundColor "Green"

  Write-Host "`nPress any key to exit..."
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  exit 0
}
else {
  Write-Host "CRC File Integrity Check Failed." -ForegroundColor "Red"
  Write-Host "Please re-download file and re-run CRC check."

  Write-Host "`nPress any key to exit..."
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  exit 1
}

Home Media – Part 3 – The Rip

It’s been a while but finally I got around to completing and old series.

Part 1: The NAS build, can be found here. 

Part 2 The Setup can be found here.

The whole idea of this was so you could have your media at your finger tips. Your movies, your TV shows and your Music. If you’re like me you have shelves and shelves full of Movies and Television shows, and plastic bins full of CDs.

I’m not condoning piracy, and personally I think you should have control over the media that you own, as long as you don’t distribute it or broadcast it for the masses. Having said this you should probably check with your Country’s copyright laws. Either way it is nice to have it all at your finger tips.

I’m finding less and less compatibility between software and HD DVD movies these days, some titles I am unable to convert into a digital format form HD DVD. Also there is a draw back with HD DVDs, they only support Dolby Digital and DTS audio, where as newer Blu-Ray movies support lossless audio such as Dolby True HD and DTS Master Audio formats. There are a few new ones on the horizon as well, these would be Dolby Atmos, DTS:X and, Auro-3D.

Couple of good sites where you can find a lot of information on ripping and appending videos are http://www.videohelp.com/ and http://www.doom9.org/ .

To rip movies/tv you will require a few pieces of software. Besides the necessary codecs only two, Make MKV and Handbrake. Make MKV strips the copy protection and rips 1:1 video and puts them in MKV containers. Handbrake compresses the videos to specific formats and output devices. These are both free, if you want to pay for a single piece of software I would recommend DVDFab Blu-Ray ripper.

K-Lite Codec Pack is used to decode the material and the different formats for converting the material you will be ripping.

Capture5

MakeMKV can be used to strip the AACS and BD+ protections from discs, however this software goes a step further and can also convert your Blu-Ray movie to a MKV container. Mind you the movie will be large and there will be no compression, so the files can turn out to be 20GB, great if you want a lossless 1:1 copy of your movies. This software is free while in beta and for full functionality. You must input their beta key in to the software to make if functional, the key can be found here on their forum. This software also allows you to rip 3D Blu-Ray Titles. You can actually get away using only this software for ripping content.

Capture

HandBrake requires you to have the disc already ripped and stripped, generally using MakeMKV or Fab Decrypter. I really like using the batch processing mode in HandBrake, it’s very useful for TV shows. Also with handbrake you can create a custom template so it’s nice and easy to work with TV shows or repetitive content. HandBrake is also a converter so it can convert content for portable devices, it can make the file sizes smaller and change the resolution of the source, etc.

Capture4

DVDFab HD Decrypter is used to copy movies into a file and remove the encryption on the disc. This will remove AACS and BD+ protection. This software is free and usually the first step to digitizing your library, uless you are using MakeMKV. Be aware though, some software is not able to create Rips from these backups there is something specific to this software that sometimes does not play well with other applications.

DVDFab Blu-Ray Ripper (3D Plus), I use this software to rip my 3D Bly-Rays. This software allows the movies to be ripped into a 3D half side by side MKV or a 3D half over under MKV file. It’s paid software, but worth the money. Having said this there are other options for ripping 3D movies, MakeMKV can do it as well. Nice thing about this application is that you can compress the file and there is no need for a 1:1 copy.

Pavtube ByteCopy, I’ve actually never used this software but in my research I found that people have good things to say about the software.

BDtoAVCHD is another tool that came to my attention recently, If you ever want to create discs from your ripped content this is the tool to use.

So now that you have the necessary software where do you go from here?

Note that if you are looking for menus etc, this is not the guide for you. I don’t really care for the extra content and only want Audio track/Subtitle options. Mind you with Make MKV you are able to rip the special content as well, but I reiterate there is no menu system. Also I will only cover the Make MKV how to here, the DVDFab method is a paid method and kind of an all in one package that is simple to use, so no need to get into the details of that.

Download, install, and get the beta Make MKV key from the forum. The key changes with each Beta release, and even though MakeMKV is in version 1.x it is still free/considered beta.

Capture2

Once you install the software start up Make MKV and input the key in Help > Register. If you like the software and want to purchase it go to Help > Purchase. Untitled5

Insert the disc with the material you want to rip, make sure you have the right optical drive selected in the drop down list, then press the Open Disc icon in the left pane of the application window. The icon looks like a DVD drive with a disc inside. Alternatively you can go to File > Open Disc and select the appropriate optical drive where your disc is. Untitled2

 

The icon will start to look like it’s spinning and the software will take a minute to read and decrypt the disc in the drive. Once this process completes you will be presented with a list of valid Video sources on the disc. Generally the large ones are the content that you want.

Untitled3

Note that with this particular disc you have 4 episodes/Titles and that the 5th 7.0GB file is all of the episodes in one seamless Title. When I was converting this I generally skipped this one Title. Select the titles you wish to rip. Change the output folder on the right side of the window to where you want to save the converted files to. Then click the Make MKV button to the right of that. Depending on the processing prowess of your PC this can take a bit, it will also prompt you to create the folder if it does not exist. Untitled6

Once the process completes go into the folder and rename the files to something meaningful.

Once you have your MKV, you can start to compress and convert the formats.

To do this use Handbrake, it has several presets available for you to use. However if you wish you can create  your own and save it. This is where you can take 1080p content and convert it to 720p, having said this this will take a long time if you have a slower computer.

handbrake

You select your source which is either a file or a folder, and you can set your resolution in the Picture tab. Notice the output settings, you can change them to MKV or MP4 in this example. This is something to keep in mind.

handbrake2

In the Video tab you can change the codec that the encoder will use to recode your video in, H.265 is an option, select the Quality and you can even do 2-Pass Encoding. While 2-Pass encoding does improve the quality you will be looking at a really long encode unless you have lots of RAM and a really fast processor.

handbrake3

Then you have your Audio section where you can downmix to stereo or upmix to a different codec all together. Note that you can have multiple audio tracks.

Once you have selected your desired settings you can save them as to use at a later time, just click the ADD button on the bottom right. If you have multiple videos to encode add them to the queue and keep going, nice thing about Handbrake is that it does batch conversions.

 

How to Create a Dell Server Update Utility (SUU) ISO

In this example we are going to walk through the creation of a Dell SUU ISO for 64-bit Windows. The SUU is crucial if you are building out Dell servers as it updates firmware and drivers.

I find the Dell documentation isn’t overly helpful so I’ve put together this quick tutorial on how to create a customized Dell SUU ISO, keep in mind this tutorial creates a Windows based installation ISO.

1. Go and download the latest Dell Repository Manager if you do not have it installed already.
http://en.community.dell.com/techcenter/systems-management/w/wiki/1767.dell-openmanage-repository-manager

2. Once installed find the icon on your Desktop and launch it.
icon

3. Once launched, you should be prompted to update some plugins, go ahead and do so. If you are prompted to update the Dell Online catalog do so as well.

4. Once the application has loaded, go to the menu bar and select Source > View Dell Online Catalog.
view_dell_catalog

5. If you have not updated the Dell Online Catalog, you should now be prompted to update, click Yes.
sync_db

6. Under Dup Format check off Windows 64-bit to narrow down the bundles.filter_catalog

7. Check off your System Bundles based on the models you’d like the ISO to support.

8. Once these are all selected click Create Deployment Tools.deployment_tools

9. A wizard will appear, select Create Server Update Utility (SUU) > SUU to ISO. Select Next.
create_suu

10. Accept the defaults on the Select Plug-ins Select Next. You will be prompted for the SUU export location, select a folder and click OK.
create_suu_2

11. On the Summary and Finish page, review the Selected Bundles and confirm that all the appropriate models have been selected for export. Click Finish if everything looks okay. The job will be added to the Jobs Queue where the progress can be seen.
create_suu_3

How to Generalize a Linux VM Template

When building out an environment of any kind, you need to have a good starting base, a strong foundation and the same holds true for many things. It’s no different when building a virtual machine (VM) template to deploy in your environment in a repeatable fashion.

Recently I spent some time developing a generalized/sanitized VM template for Red Hat Enterprise Linux (RHEL) versions 6 and 7. This script should be run right before you shutdown the VM and template it for reuse.

#!/bin/bash
echo "Generalize the template..."
echo "Remove RHN system ID..."
rm -f /etc/sysconfig/rhn/systemid

echo "Create sanitized ifcfg-eth0..."
echo -en 'DEVICE=eth0\nTYPE=Ethernet\nONBOOT=yes\nBOOTPROTO=dhcp\n' > /etc/sysconfig/network-scripts/ifcfg-eth0

echo "Clear /etc/sysconfig/network file..."
cat > /etc/sysconfig/network < /dev/null

echo "Remove SHH keys..."
rm -f /etc/ssh/ssh_host_*

echo "Remove udev rules..."
rm -f /etc/udev/rules.d/70-*

echo "Remove fixed hostname..."
rm -f /etc/hostname

echo "Clear Machine ID (SID)..."
> /etc/machine-id

echo "Remove all logs from /var/log..."
rm -rf /var/log/*

echo "Remove all logs from /root..."
rm -rf /root/*

Fix and Repair a Dead Hard Drive

Everyone’s got a story about losing important data one way or another, whether it’s from the accidental deletion of some files, a stolen computer, or more commonly a failed hard drive.

To be honest I’ve never been a casualty to lost data, I always kept backups… probably too many backups… like backups of backups. To others it’s “a lot of work”, probably because they don’t have a good process/mechanism in place or they are “limited” technologically and that’s fair.

It’s never fun thinking about what you can’t get back when your hard drive goes belly up… but what if you could get it back and fairly painlessly. Well if your hard drive is dead, toast, caput, it just might be salvageable as I found out this week when a friend of my sister’s dropped off their hard drive to me to see if their life memories could be retrieved.

The hard drive is a Seagate, model ST31000528AS, it’s a 1 TB SATA 3.0Gb/s.IMG_20160422_125811

It would not power on at all, my first inclination was obviously something on the PCB (Printed Circuit Board) has gone awry. First things first, let’s remove the PCB so we can take a look at it. This may require a torx screw driver, most techies will have this on hand.IMG_20160422_195902
IMG_20160422_100855

Now the first place to check is the two diodes on the PCB. You want to check the resistance of each diode, if the resistance on either is very low then there is a good chance that removing the diode will resurrect your hard drive. The diodes act as a circuit protector (similar to a fuse), when there is a power surge it “takes one for the team”
to prevent damage to other circuitry.
IMG_20160422_102131

Notice when I test the first diode, the resistance is fairly high, it’s measuring approx 48K. This diode is OK.IMG_20160422_103230
IMG_20160422_103222

However, when I measure the 2nd diode the resistance is almost nil. This diode is bad.IMG_20160422_102258
IMG_20160422_103205

Simply desolder this diode, reassemble the PCB to the hard drive, cross your fingers and power it up.
IMG_20160422_105846

If it worked, great! Remember though, going forward you no longer have the circuit protection unless you replace the diode you removed. If for whatever reason there is another power surge you probably won’t be so lucky.

Now go and backup that hard drive so next time this happens you can get a good night’s sleep!

 

Debian 8 Jessie sources.list, missing installation sources.

debian8_with_release_date

Each time I install Debian Jessie or Debian 8 I notice that I can not install any software packages afterwards. I’m not sure if it is me, or the installation media, but the sources.list is missing entries. Recently I tried installing xrdp, which allows Windows OS machines to RDP into Linux OS machines.

Commands such as…

apt-get update
apt-get upgrade
apt-get install package_name

… yielded no results. When I navigate to /etc/apt/sources.list I noticed there were only 3 entries in the file.

deb cdrom:[Debian GNU/Linux....

deb http://security.debian.org/ jessie/updates main contrib
deb-src http://security.debian.org/ jessie/updates main contrib

However the Debian Wiki specifies two additional sources.

deb http://httpredir.debian.org/debian jessie main
deb-src http://httpredir.debian.org/debian jessie main

deb http://httpredir.debian.org/debian jessie-updates main
deb-src http://httpredir.debian.org/debian jessie-updates main

Once you add these to your sources list and run the above commands the
packages should update, and you can proceed with installing XRDP.