The age of telemetry and online tracking.

Telemetry has been around for a while, Windows 7 had it, and I believe even Vista might have had it.

Having said this Microsoft did not previously sell this information to third parties not did it previously include personal information. When I say personal information I mean your age gender, approximate location, and online habits. Legally they can not give your name, address, and other details that would allow someone to pin point you in real life. So instead they are selling as much as they can about you without actually telling them who you really are. Mind you Micrrosoft is not the only company that uses telemetry data, recently Nvidia got caught with their hand in the cookie jar as well. Scary, right?

Windows:

Fret not where there is a will there is a way. If like me you spend a lot of time connected to the online world there should be a few applications that you need to explore.

For Windows 10 there are a couple of Telemetry applications that you can install that will kill the services and registry entries that allow Windows to send your data to big brother.

O&O Software has an Antispy-Tool for Windows 10. This is a free download. It’s called O&O ShutUp10. With this tool you can pick and choose in great detail what you want to block and what you want to allow.

03

The folks over at Safer Networking that brought us Spybot Search and Destroy have also built a similar tool. They call their Telemetry removal tool Spybot Anti-Beacon, the link can be found on their download page. This has a portable version so you can run it off a flash drive if you need to.

capture

The first time you run this it will show you what you have blocked and what is still tracking you. If you click the “Show Options” button it will show you the registry keys that will be changed. Click Immunize and restart your computer.

Besides these tools, I have also edited my hosts file and added a bunch of domain names that direct to 0.0.0.0, essentially to nowhere. Spybot also adds a couple hosts entries into the file.

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 ec.atdmt.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 ssw.live.com
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 http://www.msftncsi.com
0.0.0.0 apps.skype.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 m.hotmail.com
0.0.0.0 pricelist.skype.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 s0.2mdn.net
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 ui.skype.com
0.0.0.0 view.atdmt.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com

*Note not all of the above addresses belong to Microsoft. Most of those URLs preform some sort of tracking so probably a good idea to block them anyways.

Nvidia:

Recently it has been discovered that Nvidia included Telemetry in their driver software. Some believe it is only part of the GForce experience, but that is not the case, it is installed along side the driver.

In order to disable the Telemetry bundled with the Nvidia driver you need to download Autoruns from Sysinternals. Extract the package and run the executable as Administrator. Make sure the everything tab is selected and filter content with the keyword: nvidia. Then proceed to uncheck the following items and then just close the application, followed by a reboot.

capture2

Now Nvidia might not be tracking anything, but that is not the point. Also you will need to do this every time you reinstall the driver.

Web browser:

To hide yourself online, obviously the best technology is a VPN or a proxy server. However these can cost quite a bit of money.

My suggestion is use two of the better online extensions. Electronic Frontier Foundations Privacy badger and uBlockOrigin.

Privacy Badger can be installed right from the eff.org web page. To install uBlickOrigin go to your web browsers extension store to find plugin and install it. For Vivaldi go to the chrome store as it is based on Chromium and all chrome extensions are compatible with it.

Generate Cyclic Redundancy Check (CRC) Using CertUtil

A CRC is used to detect any changes to the original data/content, the most common reason being accidental data modification and corruption. CRCs are used to validate integrity, to ensure that the data sent is the data received.

It’s quite easy to create a CRC with tools built into the Windows operating system. Open a command prompt window, browse to the location of your file and run the following command:

CertUtil -hashfile <file_name> MD5

By default CertUtil uses SHA1 if the algorithm is not specified, for this example we’re using MD5. CertUtil supports many different algorithm types.

  • MD2
  • MD4
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

Once the command has completed successfully CertUtil will output a sequence of numbers and characters, this is the MD5 hash. We will use this hash to validate the integrity of the file once it’s transferred. Once the file is copied we will run the same command and compare the values. If they match the file is valid, if not we know the data was altered. To simplify this process I’ve written a small script in PowerShell that you can leverage.

if ( $(CertUtil -hashfile "<file_name>" MD5) -eq "<hash_from_certutil>" ) { 
  Write-Host "CRC File Integrity Check Passed." -ForegroundColor "Green"

  Write-Host "`nPress any key to exit..."
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  exit 0
}
else {
  Write-Host "CRC File Integrity Check Failed." -ForegroundColor "Red"
  Write-Host "Please re-download file and re-run CRC check."

  Write-Host "`nPress any key to exit..."
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  exit 1
}

Home Media – Part 3 – The Rip

It’s been a while but finally I got around to completing and old series.

Part 1: The NAS build, can be found here. 

Part 2 The Setup can be found here.

The whole idea of this was so you could have your media at your finger tips. Your movies, your TV shows and your Music. If you’re like me you have shelves and shelves full of Movies and Television shows, and plastic bins full of CDs.

I’m not condoning piracy, and personally I think you should have control over the media that you own, as long as you don’t distribute it or broadcast it for the masses. Having said this you should probably check with your Country’s copyright laws. Either way it is nice to have it all at your finger tips.

I’m finding less and less compatibility between software and HD DVD movies these days, some titles I am unable to convert into a digital format form HD DVD. Also there is a draw back with HD DVDs, they only support Dolby Digital and DTS audio, where as newer Blu-Ray movies support lossless audio such as Dolby True HD and DTS Master Audio formats. There are a few new ones on the horizon as well, these would be Dolby Atmos, DTS:X and, Auro-3D.

Couple of good sites where you can find a lot of information on ripping and appending videos are http://www.videohelp.com/ and http://www.doom9.org/ .

To rip movies/tv you will require a few pieces of software. Besides the necessary codecs only two, Make MKV and Handbrake. Make MKV strips the copy protection and rips 1:1 video and puts them in MKV containers. Handbrake compresses the videos to specific formats and output devices. These are both free, if you want to pay for a single piece of software I would recommend DVDFab Blu-Ray ripper.

K-Lite Codec Pack is used to decode the material and the different formats for converting the material you will be ripping.

Capture5

MakeMKV can be used to strip the AACS and BD+ protections from discs, however this software goes a step further and can also convert your Blu-Ray movie to a MKV container. Mind you the movie will be large and there will be no compression, so the files can turn out to be 20GB, great if you want a lossless 1:1 copy of your movies. This software is free while in beta and for full functionality. You must input their beta key in to the software to make if functional, the key can be found here on their forum. This software also allows you to rip 3D Blu-Ray Titles. You can actually get away using only this software for ripping content.

Capture

HandBrake requires you to have the disc already ripped and stripped, generally using MakeMKV or Fab Decrypter. I really like using the batch processing mode in HandBrake, it’s very useful for TV shows. Also with handbrake you can create a custom template so it’s nice and easy to work with TV shows or repetitive content. HandBrake is also a converter so it can convert content for portable devices, it can make the file sizes smaller and change the resolution of the source, etc.

Capture4

DVDFab HD Decrypter is used to copy movies into a file and remove the encryption on the disc. This will remove AACS and BD+ protection. This software is free and usually the first step to digitizing your library, uless you are using MakeMKV. Be aware though, some software is not able to create Rips from these backups there is something specific to this software that sometimes does not play well with other applications.

DVDFab Blu-Ray Ripper (3D Plus), I use this software to rip my 3D Bly-Rays. This software allows the movies to be ripped into a 3D half side by side MKV or a 3D half over under MKV file. It’s paid software, but worth the money. Having said this there are other options for ripping 3D movies, MakeMKV can do it as well. Nice thing about this application is that you can compress the file and there is no need for a 1:1 copy.

Pavtube ByteCopy, I’ve actually never used this software but in my research I found that people have good things to say about the software.

BDtoAVCHD is another tool that came to my attention recently, If you ever want to create discs from your ripped content this is the tool to use.

So now that you have the necessary software where do you go from here?

Note that if you are looking for menus etc, this is not the guide for you. I don’t really care for the extra content and only want Audio track/Subtitle options. Mind you with Make MKV you are able to rip the special content as well, but I reiterate there is no menu system. Also I will only cover the Make MKV how to here, the DVDFab method is a paid method and kind of an all in one package that is simple to use, so no need to get into the details of that.

Download, install, and get the beta Make MKV key from the forum. The key changes with each Beta release, and even though MakeMKV is in version 1.x it is still free/considered beta.

Capture2

Once you install the software start up Make MKV and input the key in Help > Register. If you like the software and want to purchase it go to Help > Purchase. Untitled5

Insert the disc with the material you want to rip, make sure you have the right optical drive selected in the drop down list, then press the Open Disc icon in the left pane of the application window. The icon looks like a DVD drive with a disc inside. Alternatively you can go to File > Open Disc and select the appropriate optical drive where your disc is. Untitled2

 

The icon will start to look like it’s spinning and the software will take a minute to read and decrypt the disc in the drive. Once this process completes you will be presented with a list of valid Video sources on the disc. Generally the large ones are the content that you want.

Untitled3

Note that with this particular disc you have 4 episodes/Titles and that the 5th 7.0GB file is all of the episodes in one seamless Title. When I was converting this I generally skipped this one Title. Select the titles you wish to rip. Change the output folder on the right side of the window to where you want to save the converted files to. Then click the Make MKV button to the right of that. Depending on the processing prowess of your PC this can take a bit, it will also prompt you to create the folder if it does not exist. Untitled6

Once the process completes go into the folder and rename the files to something meaningful.

Once you have your MKV, you can start to compress and convert the formats.

To do this use Handbrake, it has several presets available for you to use. However if you wish you can create  your own and save it. This is where you can take 1080p content and convert it to 720p, having said this this will take a long time if you have a slower computer.

handbrake

You select your source which is either a file or a folder, and you can set your resolution in the Picture tab. Notice the output settings, you can change them to MKV or MP4 in this example. This is something to keep in mind.

handbrake2

In the Video tab you can change the codec that the encoder will use to recode your video in, H.265 is an option, select the Quality and you can even do 2-Pass Encoding. While 2-Pass encoding does improve the quality you will be looking at a really long encode unless you have lots of RAM and a really fast processor.

handbrake3

Then you have your Audio section where you can downmix to stereo or upmix to a different codec all together. Note that you can have multiple audio tracks.

Once you have selected your desired settings you can save them as to use at a later time, just click the ADD button on the bottom right. If you have multiple videos to encode add them to the queue and keep going, nice thing about Handbrake is that it does batch conversions.

 

How to Create a Dell Server Update Utility (SUU) ISO

In this example we are going to walk through the creation of a Dell SUU ISO for 64-bit Windows. The SUU is crucial if you are building out Dell servers as it updates firmware and drivers.

I find the Dell documentation isn’t overly helpful so I’ve put together this quick tutorial on how to create a customized Dell SUU ISO, keep in mind this tutorial creates a Windows based installation ISO.

1. Go and download the latest Dell Repository Manager if you do not have it installed already.
http://en.community.dell.com/techcenter/systems-management/w/wiki/1767.dell-openmanage-repository-manager

2. Once installed find the icon on your Desktop and launch it.
icon

3. Once launched, you should be prompted to update some plugins, go ahead and do so. If you are prompted to update the Dell Online catalog do so as well.

4. Once the application has loaded, go to the menu bar and select Source > View Dell Online Catalog.
view_dell_catalog

5. If you have not updated the Dell Online Catalog, you should now be prompted to update, click Yes.
sync_db

6. Under Dup Format check off Windows 64-bit to narrow down the bundles.filter_catalog

7. Check off your System Bundles based on the models you’d like the ISO to support.

8. Once these are all selected click Create Deployment Tools.deployment_tools

9. A wizard will appear, select Create Server Update Utility (SUU) > SUU to ISO. Select Next.
create_suu

10. Accept the defaults on the Select Plug-ins Select Next. You will be prompted for the SUU export location, select a folder and click OK.
create_suu_2

11. On the Summary and Finish page, review the Selected Bundles and confirm that all the appropriate models have been selected for export. Click Finish if everything looks okay. The job will be added to the Jobs Queue where the progress can be seen.
create_suu_3

How to Generalize a Linux VM Template

When building out an environment of any kind, you need to have a good starting base, a strong foundation and the same holds true for many things. It’s no different when building a virtual machine (VM) template to deploy in your environment in a repeatable fashion.

Recently I spent some time developing a generalized/sanitized VM template for Red Hat Enterprise Linux (RHEL) versions 6 and 7. This script should be run right before you shutdown the VM and template it for reuse.

#!/bin/bash
echo "Generalize the template..."
echo "Remove RHN system ID..."
rm -f /etc/sysconfig/rhn/systemid

echo "Create sanitized ifcfg-eth0..."
echo -en 'DEVICE=eth0\nTYPE=Ethernet\nONBOOT=yes\nBOOTPROTO=dhcp\n' > /etc/sysconfig/network-scripts/ifcfg-eth0

echo "Clear /etc/sysconfig/network file..."
cat > /etc/sysconfig/network < /dev/null

echo "Remove SHH keys..."
rm -f /etc/ssh/ssh_host_*

echo "Remove udev rules..."
rm -f /etc/udev/rules.d/70-*

echo "Remove fixed hostname..."
rm -f /etc/hostname

echo "Clear Machine ID (SID)..."
> /etc/machine-id

echo "Remove all logs from /var/log..."
rm -rf /var/log/*

echo "Remove all logs from /root..."
rm -rf /root/*

Debian 8 Jessie sources.list, missing installation sources.

debian8_with_release_date

Each time I install Debian Jessie or Debian 8 I notice that I can not install any software packages afterwards. I’m not sure if it is me, or the installation media, but the sources.list is missing entries. Recently I tried installing xrdp, which allows Windows OS machines to RDP into Linux OS machines.

Commands such as…

apt-get update
apt-get upgrade
apt-get install package_name

… yielded no results. When I navigate to /etc/apt/sources.list I noticed there were only 3 entries in the file.

deb cdrom:[Debian GNU/Linux....

deb http://security.debian.org/ jessie/updates main contrib
deb-src http://security.debian.org/ jessie/updates main contrib

However the Debian Wiki specifies two additional sources.

deb http://httpredir.debian.org/debian jessie main
deb-src http://httpredir.debian.org/debian jessie main

deb http://httpredir.debian.org/debian jessie-updates main
deb-src http://httpredir.debian.org/debian jessie-updates main

Once you add these to your sources list and run the above commands the
packages should update, and you can proceed with installing XRDP.

Run Mac OS X on Windows 10 Using VMware

I’ve never been a Mac fan, but I do have to say that our family does have several Apple products in our home, 2 iPads and an iPhone… for the kids and my wife. Whether I like to admit it or not they do make a highly polished quality product.

It had been an interest of mine recently to run Mac OS X on my powerhouse PC at home, but I wanted it to run as virtual machine. I raked over some sites that stated it was not possible, I found that rather funny I mean how is it not possible doesn’t Mac run on Intel hardware nowadays anyhow? Then I stumbled on this video.

It does a good job at showing the basic steps, however it doesn’t explain much along the way, I figured it would be good to break this down and explain it.

  1. Download this file (approx. 6 GB), within this file is a file called Yosemite 10.10 Retail VMware.rar, this needs to be extracted to a location of your choice, preferably onto a SSD. This rar file contains VMware prepped OS X files (vmx, vmdk) for use with VMware products.
  2. Install VMware Workstation or VMware Player, I chose the Workstation route since I already had it installed.
  3. Confirm VMware Workstation or VMware Player is installed correctly, and close the program.
  4. Download the latest OS X Unlocker, at the time of writing it is version 2.0.8.
  5. Extract the contents of OS X Unlocker onto your computer. OS X Unlocker essentially patches the installed VMware product so Mac OS X can be installed. It does this modifying some core VMware system files.
  6. Browse to the folder where you extracted OS X Unlocker and Run the following files As Administrator (win-install.cmd and win-update-tools.cmd)os_x_unlocker
    Note: if something goes wrong or you’d like to restore the original files for your VMware application you can run win-uninstall.cmd.
  7. Run VMware Workstation or VMware Player and select Open a Virtual Machine.vmware_open_a_vm
  8. Select the Mac OS X 10.9.vmx file and select Open.vmware_open_vmx
  9. Go to Edit virtual machine settings. Either by right clicking on the Mac OS X 10.9 object on the left side panel or via the tabbed window.vmware_edit_vm
  10. You can keep the default resources if you prefer or bump them up, I personally bumped them up to 8 GB and 2 vCPU. The important option here is Version which is on the Options tab. This needs to be set to Mac OS X 10.7. This option is not available by default, the OS X Unlocker we ran earlier has exposed this option. If for some reason you don’t see this option, look at re-running the OS X Unlocker steps, it needs to be Run as Administrator.vmware_mac_os_x
  11. Now power on the Virtual Machine using Power on this virtual machine or by right clicking and going to Power > Start Up Guest.
  12. The machine will boot up and take you through the OS X setup process, it’s very quick and painless. Once complete it’s now time to install the latest VMware Tools onto the newly created OS X VM. You may have picked up on it when we ran win-update-tools.cmd for OS X Unlocker… it pulled down the latest and greatest for us to mount and install.
  13. Right click on the Mac OS X 10.9 VM on the left side and go to Settings.
  14. Go to CD/DVD and go to Browse and mount the darwin.iso file. Make sure Connected is checked!
    mount_vmware_tools_darwinbrowse_vmware_tools_darwin
  15. The VMware Tools installer should pop right up, just click Install VMware Tools and then reboot upon completion.os_x_vmware_tools
  16. If you want to take it a step further to improve the VM performance there is tool called BeamOff which is included in this file we downloaded in step 1. This tool disables beam synchronization which in turn improves OS X VM performance.
    • Mount the Beamoff Tool.iso similarly to VMware Tools in the step previous. Alternately you can download BeamOff zip and do this yourself if you prefer.
    • Extract the BeamOff application to somewhere on your VM.
    • Go to System Preferences.
      os_x_system_pref
    • Go to Users & Groups.os_x_users_and_groups
    • Click on your User account and select Login Items, click the + and browse and select beamoff.os_x_login_beamoff
  17. At the time of this writing OS X El Capitan is now available, if you want to apply it, go fetch the update from the App Store and install it!os_x_el_capitan

Hopefully you found this informative, I found it interesting and thought I should share my experience.