Author: gec

  • How do I know if I can trust the files I download online?

    How do I know if I can trust the files I download online?

    When you’re downloading a file off of the internet, like an installer for a program or even a full disc image for a version of Linux or Windows, it can be hard to know if the file is trustworthy, or if it may have been modified to contain a virus. So how do you know if something is safe to use?

    The best method is by using a “checksum” or a file-hash. These are often long strings of letters and numbers and are almost always provided by the site you’re downloading from. It’s like a fingerprint, unique to that file – which means if the version number of the program has changed, you can bet that the checksum has, too! So here’s a great little tutorial for learning how to use checksums.

    (more…)
  • Setting up Windows 11 without a Microsoft Account

    Setting up Windows 11 without a Microsoft Account

    Although I’m a big believer in the usefulness of a Microsoft account, there are times that I want to set up a new device with a LOCAL account first, and then add a Microsoft account, or maybe even join the machine to a domain for work purposes. So, what’s the easiest way to do that?

    (more…)
  • Windows 11 24H2: “insufficient system resources” trying to login

    I’ve talked about running a SAMBA Domain Controller before. It definitely has its ups and downs, but damn Microsoft loves being hostile to SAMBA.

    I have deployed multiple computers with Windows 11, including the latest 24H2 update, but we recently had a specific Device, a Microsoft Surface Pro 9 to be precise, which received the 24H2 update “naturally” via Windows Update.

    As soon as it rebooted, the user ran in to an issue.

    Upon trying to login, the user was greeted with the following error:
    “insufficient system resources exist to complete the requested service.”

    (more…)
  • Does Facebook store passwords insecurely?

    In 2017, I had stumbled on an issue with Facebook: while you are entering your password, adding a superfluous extra character at the end of the password would STILL allow you to login to https://Facebook.com.

    (more…)
  • Spy Craft of the 22nd century: Quantum Entanglement

    I’m not a I’m not a quantum physicist, nor a computer scientist. But Microsoft released this video a few months ago which sparked a thought.

    Microsoft & Photonic demonstrate distributed quantum entanglement

    While they were quick to point out the obvious benefits of “teleporting” the quantum state, i.e. the computational results, from one pair of entangled qubits to another.

    This quickly begged the question: given the hyper-advanced nature of supply chain attacks (see Israel planting explosives in the pagers of Hezbollah operatives, recently), could a nation-state simply take entangled qubits of an adversary’s quantum computer and see what it is they are working on at any given time? Further, could communications networks be compromised for real time ‘eavesdropping,’ so to speak? Perhaps not even internationally, but perhaps in an intelligence gathering platform akin to the NSA’s own PRISM program? If there is, according to some theories, no limit to the number of particles that share an entangled state, nobody would know if you simply “cloned” a few more, right?

    Am I understanding that well enough? Or would it not be the Qubits that become entangled, and only the ‘data’ that flows through them?

    I’m not the person to write the research paper on this topic. But I certainly hope someone out there will produce it – because I would love to read through it. Just an interesting thought I had with an eye on the future. Whether that future is 20 years, 50 years, or even further out is another question.

  • Ubuntu Linux CPU usage / CPU temperature high? Try this…

    We have an Ubuntu based mini computer at which serves as little more than a network switch. CPU and other resource utilization should be next to nothing, but frequently this computer would have CPU temperatures around 80 degrees Celsius, and when you would watch the resource monitor the CPU activity was all over the place. Despite the computer only really showing a few percent of CPU usage, if you went toe the Resources Tab of System Monitor, the per-core CPU activity was all over the place.

    As I mentioned, the computer in question is a simple network appliance that would never need to print, and upon closer inspection, it was the Linux “CUPS” Service. Once we disabled that, the CPU settled right down.

    (more…)
  • Cannot locate base snap core22 – easy fix

    A co-worker came to me recently because they had an Ubuntu Linux 22.04 computer on which restored a “Timeshift” backup, but suddenly Firefox wasn’t working. How or why it became corrupted was beyond me, but by the time I was ‘called in’ he had already tried several troubleshooting techniques, which had only seemed to make things worse. He had tried resetting, removing, and purging Firefox, and as other errors popped up they became things like cannot locate base snap core 22, or something about an inability to run certain hooks. I honestly didn’t even get a shot of the error message, but the good news was, that I had a fix.

    The simple fix for this is to have your core runtime environment (the Core 22 base snap, or Core 20, or any other core you may be having this issue with) switch over to the beta branch, and then immediately switch it back to the production / stable branch. Two quick commands will take care of this:

    sudo snap refresh --beta core22
    sudo snap refresh --stable core22

    Once finished, you can simply reinstall your problem snap: sudo snap install firefox – and then it began redownloading and reinstalling correctly.

  • Generating a self-signed certificate PFX file with Powershell

    Sometimes you need a self-signed SSL certificate for an internal project, but perhaps you’re restricted from using a 3rd party tool such as OpenSSL. Maybe this is for security reasons, a lack of external internet connectivity, or maybe you’re just working on something small and you need a quick solution. Well, Microsoft has you covered, as the ability to self-sign a certificate in Windows is quite simple.

    Open a Powershell Command Line as an Administrator, then enter the following command (changing “computerhostname” to the hostname of the server the file will reside on, using the FQDN (ex. computername.local) if you can):
    New-SelfSignedCertificate -DnsName “computerhostname” -CertStoreLocation “cert:\LocalMachine\My”

    Then, Windows Key+R to open the run menu, type certlm.msc and press enter or click OK. This will open the Certificate Manager for the Local Machine.

    To export the public and private certificate and key as a Private Information Exchange or PFX file (a Personal Information Exchange public/private key combo file) follow these steps:

    1. On the left side of Certificate Manager, expand “Personal” then click Certificates.
    2. Right click the certificate you just created, then click All Tasks, then Export.
    3. Next > YES > Next > leave the defaults (Personal Information Exchange, with “Include…” and “Enabled…” checked) > Next > Password (enter your desired password, which you will need later to use the PFX file), change the Encryption to AES256-SHA256 > Next > Browse and give the PFX file a destination and a name (demo.pfx) > Next > Finish > OK.
  • How to create PEM and PFX Certificates and Keys with OpenSSL

    OpenSSL has become THE standard for generating certificates for casual needs. Here’s how quickly you can create your own self-signed certificate and and a cert/key. Whether you need a .PEM, .CER, .Key, or .PFX, this article has you covered.

    1. Open an elevated command prompt as Administrator.
    2. Browse to C:\Program Files\OpenSSL-Win64\bin or C:\Program Files (x86)\OpenSSL-Win32\bin (or wherever you installed OpenSSL).
    3. openssl genrsa -aes256 -out demo.key 4096
    4. openssl rsa -in demo.key -out demo.key
    5. openssl req -new -x509 -nodes -sha512 -key demo.key -out demo.crt -days 3650

    In step 3, you can use 2048 bits on slower machines, or 4096 bits for higher security. These days most anything can handle higher bit encryption, so I just stick with 4096. In the screenshot you’ll see I used SHA1 in step 5, but you can use SHA512 for additional security as it is fully supported nearly anywhere you’re going to use these certificates in 2024 and beyond.

    In Step 5, you can replace “.key” and “.crt” with “.pem” if you prefer, the file will still be compatible.

    Also in step 5, you can specify a number of days – since this certificate is self-signed it can be anything you want. 365 for one year, 3650 for 10 years, or even 36500 for a 100 year certificate!

    After you press enter, it will ask a series of questions that should be simple to answer. When it asks for server name or FQDN, it’s best to enter the local machine name you’ll be using the certificate on (ex. computername.local).

    The result will be a pair of files in the “bin” folder from step 2! You should be able to upload these and use them wherever you need them!

    But what about PFX files?

    If you also need a PFX file (a Personal Information Exchange public/private key combo file which can be more easily shared) you can generate one with one, simple additional command:
    Step 6: openssl pkcs12 -export -out demo.pfx -inkey demo.key -in demo.crt

    This will prompt you for a password that you will need to remember in order to use the PFX file in its final place.

  • Robo & Kala 2 in 1 Laptop Review

    Robo & Kala 2 in 1 Laptop Review

    Back in September, I purchased the Robo & Kala 2 in 1 Laptop. I was looking for tablet that specifically ran Windows. Unfortunately, Windows tablets are few and far between, and those that exist are quite underpowered. That’s not to say that this device is a powerhouse, and we’ll talk about that more in a moment. But I was about to travel internationally for the first time in many years, and I was looking for a laptop that met two important requirements: battery life, and lightweight.

    (more…)
  • FIXED: pfSense Missing APPLY CHANGES Button

    A few weeks ago I was making changes to a firewall rule in a pfSense+ 23.05.1-RELEASE version firewall. But after I clicked the “save” button – there was no way to “Apply Changes” – the green banner that would normally appear at the top of the page was simply not appearing.

    (more…)
  • Gen1 Hyper-V Virtual Machines to Gen2 by converting boot drives from MBR to GPT

    While I consider myself a long way from being an absolute master, I think I have more experience with Microsoft Hyper-V Virtual Machines than your average Joe. I have had to convert a few virtual machines If you have an existing Generation 1 virtual machine, converting it to a Generation 2 and, these days, it can be remarkably simple. At least if the computer already has Windows 10 or 11 installed.

    (more…)
  • Windows 22H2 repeatedly says “wrong username and password” trying to login Active Directory user

    I recently had to troubleshoot an issue where a new Surface Pro 9 for an employee of an existing company. IT staff unboxed the device and began the initial set up, including Windows 11 22H2 Pro. Initially, the machine joined to the domain, but upon reboot, after joining the domain, absolutely nothing would let us log in to the domain. We tried normal users, domain Administrators, and in the end we had to go back to local users to continue troubleshooting.

    We didn’t believe there was a problem with the Domain Controller because all of the other computers in the building are behaving fine. Why just this one brand new computer? In the end, we realized it was because Windows 22H2 (Windows 10 or 11) doesn’t like a Linux-based SAMBA Active Directory server.

    (more…)
  • Gaining Command Prompt access on a Windows Computer that has never been set up

    Gaining Command Prompt access on a Windows Computer that has never been set up

    I sometimes work in an environment that has reasonably tight security requirements. One of those requirements as that a device’s MAC Address / Hardware Address be entered into a table on the router before it can be assigned an IP address.

    I recently showed up on site with a brand new in box Surface Pro 9, but I had no idea how to get the MAC Address of the device because I could not log in and open a command prompt. Or so I thought.

    I got to the wifi screen telling me to create a connection, then pressed “Control+Alt+Escape” which brings up Task Manager. Although it did not appear on my screen, I suspected it was running behind the overlay locked to the forefront of my screen. I pressed “Alt+Tab” and was able to confirm my suspicion. I then used the keyboard combination of “Alt+F” to open the file menu, pressed Enter knowing that “Run” was highlighted, typed “cmd” and pressed enter to open a Command Prompt window. All of this was happening behind the “Let’s Connect You to a Network” screen, but as veteran of the keyboard era of Windows, all of this was second nature to me.

    From there I was able to run the familiar ipconfig /all command, then, with the help of my phone’s camera, I could take a photo of the output of the command prompt and see the MAC Address that I was looking for.

    This was convenient enough, but the thought of just being connected to wifi without ever logging in to the machine and then being able to take advantage of this “defaultuser0” account to open a terminal, and then utilize wget to download and execute potential malware before the computer has ever even been set up… fascinating. I’m sure this isn’t “breaking news” to anyone, infact the feature is probably left in, intentionally, for cases just like my original issue! But it does force me to take pause and think of what I can do with this.

  • How to disable “notifications” from all major browsers

    People often get a lot of annoying pop ups down by their clocks in Windows 10 and 11, and what they don’t realize is that they have accidentally allowed “notifications” to come from advertising driven websites that are sending them notifications even when they aren’t visiting that website!

    In my opinion, the “notification” feature was the worst thing ever added to modern web browsers, but they all have it: Chrome, Edge, and Firefox all include this ability and with more and more browsers being powered by Chrome (Brave, Opera, etc…) this feature doesn’t look like it’s going away anytime soon. So here’s how to disable it!

    (more…)
  • I Love What I Do

    Originally published on Reddit in the /r/Sysadmin subreddit which was often filled with negativity and frustration, I shared this:

    I’m probably the very last of a generation.

    I wasn’t part of the earliest days of silicon valley. I grew up watching them, wishing I was just 10 years older.

    My first computer was a Commodore 64. Then I had a Packard Bell w/ an Intel 486DX4 80Mhz, Windows 3.11, 8MB of RAM, and a 600MB HDD. We upgraded the HDD to a whopping 4.2 GB, added another 16GB of RAM, and eventually upgraded to Windows 95. My first modem was 19.2Kbps. I watched the first “dot com” bubble burst. I was an unabashed geek who loved learning things, but I could never wrap my head around math skills. I was told there was no way I could make it in “computers” because of my weak mathematics.

    I went off to college, got a degree in English because I thought I was going to be a school teacher. Couldn’t find a job as a journalist, teaching jobs required years of being a substitute before you could find something good, so I fell back on my geeky skill set. I found a place that was willing to take a chance on me in an entry level help desk. I think I’m the very last of a generation that was able to get into this line of work without a formal background or degree or even certificates.

    I then worked from one position to another… technician’s jobs at small companies where a title was more of career stepping stone than the work I did while I was there… another help desk, a “Director” title at a job where I was the only IT guy… now I’ve pivoted to a place where I’m the “IT Administrator” but I’m doing all kinds of things I never thought I would do.

    I never learned programming languages… after all, I am still pretty bad at math. The company I work for is small enough that I can work directly with end-users and see that I still make a difference when I solve their problems. I’ve always loved that feeling. But I have zero formal training, and I’ve made a pretty great career out of “I don’t know everything, but I know that I can figure it out.” My attitude is always if there’s a problem, there’s a solution.

    Last night I spent two hours troubleshooting an Ubuntu Linux server because I’ve spent the last 35+ years of my life being a “Windows Guy” and only the last 14 months or so learning about Linux. I called a friend of mine when I took this job (full time RHEL admin) and he basically had nothing but encouraging things to say! ‘You’ve spent your whole life figuring things out, this is just something new to figure out!’

    ARE there times when an end user tries to throw the IT Department under the bus? Sure. Bring your receipts, show your logs where the email was delivered to their inbox, and it’s not that it wasn’t delivered, it’s just that they didn’t see it. ARE there times when an end user frustrates me? Sure, but there are days when those same people make me laugh. It’s all “water off a duck’s ass” as my dad used to say; it’s very rare that you have to completely avoid someone for the sake of your own sanity, and even when there are people like that, you learn which ones. ARE there times when I wish the biggest decision I had to make today was which font to use on a graphic or on which date I need to ship something out to make sure it doesn’t arrive too early or too late for an event? Absolutely. ARE there times when I’m overcome with existential dread that if I my backups don’t work correctly the whole company is sunk and dozens of people are out of a job and all I want to do is vomit at the mere thought of how much weight rests on my shoulders? Occasionally.

    But DAMN I love what I do. I love knowing that I fixed a problem and made a difference that day. I love the tangible nature of puzzle solving. I love that I always get to tinker with something new. Even in small dead end IT jobs where the work is repetitive – make a project up for yourself! Download something new and tinker with it! I love that just because I don’t have any credentials that require “Continuing Education” credits doesn’t mean that I should ever just STOP learning new things!

    What gets YOU excited these days? What got you excited when you first STARTED this career? Let’s have a thread that’s different from all of the rants!

  • How to fix Pending Update of Snap-Store, Close the App to Avoid Disruption

    I have a Virtual Machine running Ubuntu Linux that I use for testing purposes, but it recently started popping up this message saying “Pending Update of Snap-Store, Close the App to Avoid Disruption.”

    No matter what I thought I closed correctly or how many times I rebooted the VM, the error message still came back.

    (more…)
  • What’s the big deal with REBOOTING my computer, anyway?

    In my personal life, I regularly have people come up to me and ask “Why does my IT guy always tell me to reboot before calling him?” My reply, often times, is simply: because it works.

    Just SOME of the tasks your computer is running at any given moment
    (more…)
  • Windows 10 / 11 HEIC / HEIF Image Extensions for Free

    These days, many phones, in particular iPhones, will shoot photographs in raw or in High Efficiency Image File formats. But when those files are emailed to Windows computers, sometimes they just can’t be easily opened.

    Installing this free extension from Microsoft should allow your computer to open these files natively in the Windows “Photos” app.

    This goes hand-in-hand with the Free HEVC extension for playing videos.

  • Windows 10 / 11 HEVC Video Extension for Free

    Microsoft offers the HEVC Video Extension necessary to play videos from iPhone users on their store, but they often try to charge a dollar for it. Just $0.99, in fact! In many cases, I don’t mind spending a dollar, and I encourage others to do the same. But sometimes you’re just in a pinch and you don’t have your credit card on file, or you aren’t logged in to your normal Microsoft account and it’s just a pain.

    Have no fear! Microsoft also provides a link in the Microsoft store where you can download the HEVC Video Extension completely free of charge.

    Why are there two, and why does this link exist?

    (more…)