## Friday, April 22, 2016

### Microsoft Action Pack Subscription Promo Codes

Does anyone need to renew their MAPS (Microsoft Action Pack Subscription)? If so, when you go to pay, use the Promo Code "WELCOME2ACTIONPACK" for a 50% discount and then once you have entered this one, enter "GROWYOURBIZWITHMAPS" for a further 50% discount - that brought it from $490 ex tax down to$134.20 inc tax! :)

Regards,

The Outspoken Wookie

## Thursday, March 03, 2016

### Mar 2016 Update to .NET Redistributables

I have just updated my http://hiltont.blogspot.com.au/2008/01/net-redistributables.html post with links to the latest redistributables for dotNET 4.6 and 4.6.1.  :)

Regards,

The Outspoken Wookie

## Thursday, August 20, 2015

### Accessing O365 Shared Mailboxes With Android

Microsoft's official position is that you cannot access Shared Mailboxes in an Office 365 tenancy from an Android device.  Here's how to do it by configuring a new IMAP account with the following settings:

Incoming Settings
1. Email Address = SharedMailbox@Domain.com
2. Username = O365Account@Domain.com\SharedMailbox
4. IMAP Server = outlook.office365.com
5. Security Type = SSL
6. Port = 993
7. IMAP path prefix = Optional

Outgoing Settings
1. SMTP Server = smtp.office365.com
2. Security Type = TLS
3. Port = 587
5. Username = O365Account@Domain.com

You should be able to have this work also on iOS and Android (and maybe even Mac OSX) devices by setting an account up in a similar fashion.

Regards,

The Outspoken Wookie

## Wednesday, January 14, 2015

### Windows 7 Reaches Its First EOL Step

Windows 7, the operating system that Microsoft simply can't kill off, has reached the first major step in its End Of Life cycle - the end of mainstream support was yesterday (13 Jan, 2015).  As can be seen on Microsoft's Product Support Lifecycle page for Windows 7, this date has now been reached and we're now in the Extended Support phase.  This is just like when Voyager 1 passed out of our Solar System in August 2012 and into interstellar space.

What this means is that the product will now only receive security updates - no non-security updates will be made available for Windows 7 based products (unless you have a Premier Support Agreement for Windows 7 Enterprise, which I can guarantee no small business has).  This is not a nail in the coffin of Windows 7, but it does mean that the product is entering its final years of functionality.  Paid support is still available for Windows 7 on a per-incident basis.

On the 14th of January, 2020 we'll have another milestone - the last day of extended (security update) support.  That will be the last nail in the coffin of Windows 7 - this is what happened to Windows XP back on 8th April, 2014.

So, right now there's nothing to worry about if you're still running Windows 7 on your computers - currently computer manufacturers are still allowed to supply computers with Windows 7 pre-installed if the manufacturer still has old stock of Windows 7 licenses.  But with Windows 8 and also Windows 8.1 already out and Windows 10 on the horizon, it may be time to think about the steps needed to move up to the current/next version of Windows.

Regards,

The Outspoken Wookie

### Outright theft and plagiarism

It was brought to my attention yesterday that the author (sic) Pomiraja from the http://www.AskMeBoy.com site was plagiarising my blog posts.  I'd like to thank the anonymous person who brought this to my attention.

AskMeBoy have so far, through Pomiraja's plagiarism, republished 26 of my blog posts (as of right now) as Pomiraja's own work without giving any credit to me.  To see exactly how stupid this plagiarist is, they have even left my signature on all of the posts they have stolen!

If you would like to see a list of the plagiarised posts, have a look at https://askmeboy.com/?s=outspoken+wookie or the screen captures I took below - as I said, there are 26 at this point in time.  I don't know if this will encourage the owners of the website to axe Pomiraja for this plagiarism, axe the stolen and mis-credited posts, or have the site publish a written apology.  Their contact page is broken so I could not contact them directly about this, forcing me to make this public complaint about their plagiarism.

Regards,

The Outspoken Wookie

## Sunday, December 07, 2014

### Does A 6Gbps SATA Interface Actually Matter

As we've been told all our lives, bigger is better.  But as we also know, what we've always been told isn't necessarily right any more (and often wasn't ever right).  So, with that in mind, I present the 6Gbps SATA Interface!

First, for those who get confused by the nomenclature and numbering used in computing, a Byte (B) is a collection of 8 bits (b), a Kilobyte (KB) is 1,000 Bytes, a Megabyte (MB) is 1,000,000 Bytes (or 1,000 KB) and a Gigabyte (GB) is 1,000,000,000 Bytes (or 1,000 MB or 1 million KB).(1)

So, with that information at hand, we can do a few calculations to see what 6Gbps really means.  An added complication is the way that the data is encoded across the SATA interface using something called 8b/10b Encoding (and here's a link for the nerdy types) which results in a slight loss in data throughput across the SATA.  The end result of this data encoding means that a SATA 1.5Gbps (187.50MB/s) interface will deliver a total of 1.2Gbps (150MBps) of data.

 SATA Revision Interface Speed Gbps Interface Speed MBps Data Throughput Gbps Data Throughput MBps 1.0 1.5Gbps 187.5MBps 1.2Gbps 150MBps 2.0 3.0Gbps 375.0MBps 2.4 Gbps 300MBps 3.0 6.0Gbps 750.0MBps 4.8Gbps 600MBps 3.1 6.0Gbps 750.0MBps 4.8Gbps 600MBps 3.2 16.0Gbps 2000.0MBps 12.8Gbps 1600MBps

Right, now that we know the actual maximum data throughput of a bunch of different SATA standards, what we need to do is to look for drives that we can attach to these SATA interfaces and see how fast they can go compares to the data throughput speed of the SATA interfaces.

 Drive Manuf Drive Model Drive Capacity Max/Sustained Read MBps Seagate Desktop SSHD ST4000DX001 4TB 146MBps (from all zones) Seagate Desktop SSHD ST4000DX001 4TB 190MBps (from NAND) Seagate Desktop NAS HDD ST4000VN000 4TB 180MBps Seagate Laptop SSHD ST1000LM014 1TB 100MBps Samsung SSD Pro 840 MZ-7PD512 500GB 540/520MBps (Read/Write) Samsung SSD 840 Evo MZ-7TE1T0 1TB 540/520MBps (Read/Write) Samsung XP941 Gen 2 X4 M.2 SSD 512GB 1170/950MBps (Read/Write) Plextor M6E Gen 2 X2 M.2 SSD 512GB 705/638MBps (Read/Write)

As you can quite clearly see, all of the regular Hard Drives (and even the Hybrid SSD/HDDs) are pretty much around the same maximum or sustained transfer rate of somewhere under 200Mbps, which means that plugging one into anything faster than a SATA 3.0Gbps controller will give no performance improvement whatsoever.

This changes when we start to look at SSDs.  The regular Samsung SSDs will deliver up to 540MBps of read performance which is well in excess of the throughput of a 3.0Gbps SATA interface - to get the full performance from any modern SSD you will need to have a SATA 3.0 (6.0Gbps) to connect it to.  This goes for many current SSDs that all deliver up to around 550MBps from Samsung, Intel, Crucial, Transcend and others.

Things, however, start to really get interesting when we look at the newer M.2 (SATA Rev 3.2) devices.  These can deliver data across an older SATA 3.0 interface, or a PCIEx2 or PCIEx4 interface, depending on the configuration of the drive (and socket).  Currently, the Asrock Z97 Extreme6 is the only motherboard to support the X4 transfer rates, however more boards are sure to hit the market soon.  The Plextor M6E drive delivers just under 50% faster transfers using its PCIEx2 interface than can be achieved using the SATA specification, and impressively the Samsung XP941 512GB M.2 drive on an Asrock Z97 Extreme6 delivers over 1GBps in read performance!

So, basically, if you have any form of spinning metal disk, be it a hybrid or not, there's no need to upgrade to a 6Gbps SATA controller, though if you have one on your motherboard, it won't hurt to use it.  If, however, you have one of the current fast crop of SSD drives, then you will need to connect this to a 6Gbps SATA port to realise the full speed of the device.

If speed is your bag, baby, then a 6Gbps SATA port is not enough and you'll need to look at the newer M.2 X4 devices on a controller that will allow it to run at full speed and right now, the only onboard controller that will handle this is on the Asrock Z97 Extreme6 motherboard.  Plug in adapters that will support this spec include the BPlus M2P4S and the PEX16X-LTSSD-ADP adapter.  There may be others out there and Google may well help locate them! :)

Regards,

The Outspoken Wookie

## Wednesday, December 03, 2014

### BEASTly POODLEs

There have been a number of vulnerabilities detected in various security protocols over the past year or two including BEAST Attack, Heartbleed Bug and POODLE Attack.  At least 2/3 of these have names that give some indication of their severity and the remaining 1/3 leaves you with a rather interesting visual image.  But be ye not distracted by the names - they are all things that need to be addressed in various ways.

Information about the Browser Exploit Against SSL/TLS (BEAST) Attack was released in September 2011 and involved attacking the lack of security in particular implementations of TLS 1.0 traffic.  This vulnerability has been pretty much mitigated today (Dec, 2014), however there are still some older, non-updated systems out there that are vulnerable to this attack.  The table below lists the earliest version of the products that have mitigated the BEAST Attack (and yes, Apple took an inordinately long time to patch for this vulnerability):

 Apple iOS iOS 7.0 Apple OS-X OS-X 10.9 (Mavericks) Google Chrome Version 16 Microsoft Windows MS12-006 on Windows 7/Server 2008 R2 and older Mozilla Firefox Version 10

Following on from the BEAST Attack were the CRIME and BREACH attacks which, too, have been mitigated in current browsers and are a low-grade threat at worst these days.

The Heartbleed bug, publicly announced in April, 2014, affected anything running OpenSSL.  The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.  Yup, it is pretty nasty but this, too, is pretty much completely mitigated by the various vendors using this code.

For an easy to understand explanation of the Heartbleed bug, have a read of this XKCD comic.  To see if your website is affected by the Heartbleed bug, have a look at https://lastpass.com/heartbleed/ (Heartbleed bug only) and https://www.ssllabs.com/ssltest/index.html (Heartbleed and more).  Any site that you go to that uses the "https" protocol can be checked to ensure it is running a version of OpenSSL that is not vulnerable to this attack.  If the site *still* has not been updated, I'd suggest speaking with the vendor, outing them in social media and removing your account and changing any passwords and/or information that was stored in that site.

And now we come to what at first glance may be the fluffiest of all these vulnerabilities - the POODLE Attack.  Basically, there's the ability in browsers to request a lower level of security from the server if the browser doesn't support the version the server prefers.  This is called a security renegotation.  The POODLE Attack uses a recently discovered flaw in the now obsoleted and in the process of fast becoming deprecated SSL 3.0 protocol mixed with a renegotiation attack (forcing the server to drop from TLS 1.x to SSL 3.0).  The simple fix is to disable SSL 3.0 on all your web servers, however there are still some applications that use SSL 3.0 (again, speak with the vendor, expose in social media and seriously question your continued trusting of a vendor using 18 year old technology that's been superseded 3 times).

To read more on the POODLE Attack and how to ensure you're doing everything you can to protect against it, have a read of https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/ and then go to https://www.poodlescan.com/ and https://www.ssllabs.com/ssltest/index.html to confirm your server mitigations have been invoked.  There's also a funky little tool from Nartac Software called IISCrypto that can help you properly configure your Windows IIS to mitigate against POODLE and other vulnerabilities.

The table below lists the earliest version of the products that have mitigated the POODLE Attack:

 Apple iOS iOS 8.1 Apple OS-X OS-X Security Update 2014-005 (Mavericks & Mountain Lion) Google Android Chrome - still waiting Google Android Samsung Browser - still waiting Google Chrome Version 39 Microsoft Windows Temporary Fix it released, also shows Group Policy fix Mozilla Firefox Version 34

If you want to see if your client (browser) is susceptible to the POODLE Attack, go to https://www.poodletest.com/.  If your browser is vulnerable, don't trust it to keep your data secure.

Regards,

The Outspoken Wookie

## Monday, November 10, 2014

### Azure Needs To Be Introduced To 2012

I'd *REALLY* like to know how, if Microsoft is pumping so much time and energy into Azure, it cannot handle the VHDX format, let alone Generation 2 Virtual Machines from Hyper-V 2012?  I mean, we're now in 2014 and have the Windows Server 10 Technical Preview available to us and Microsoft still can't handle .VHDX files in their Azure virtual machines!

This is slack.  Really slack.  It means that even though we who use on-premises Hyper-V Servers can use the current Microsoft technologies for all of our current-release guests, we cannot do it using their Azure platform.  It means that we cannot even upload our virtual machines nor use SCVMM and replicate our Gen 2 VMs into Azure.

Come on Microsoft - bring the Azure infrastructure up to your current generation before you get severely left behind yourself! :(

Regards,

The Outspoken Wookie

## Wednesday, November 05, 2014

### Medical Woo-Woo Shits Me

Anyone who knows me knows that I'm not a fan of medical woo-woo.  So, to help people understand what these quasi-medical woo-woo terms mean, here's a Patient's Guide to Magical Medicine.

And in case someone is looking for the other common term for these practices, it is "SCAM" as in Supplements, Complementary and Alternative Medicine.

Regards,

The Outspoken Wookie

## Tuesday, October 07, 2014

### Windows 8.x Wireless Networking Issues

One of the more useful features of Windows 7 that has been completely removed from Windows 8.x for no apparently decent reason is the "Manage Wireless Networks" Control Panel applet.  It provided you with a wealth of knowledge and gave you the ability to, as its name suggests, manage wireless networks.

So, with the demise of this useful feature, along came the Kerkia group with their WinFi application to return the functionality of this tool in a nice, usable interface.  It allows you to re-order, delete, import and export network profiles and it also allows you to change a network profile between Current User and All Users.  All User profiles will connect before any user has logged in to the computer.

In addition to this, there are some "netsh" commands you may well find useful if you like doing things via the command-line:

Showing Wireless Profiles

netsh wlan show profile

- output will be something like:

Profiles on interface Wi-Fi:

Group policy profiles (read only)
---------------------------------
None
User profiles
-------------
All User Profile : SSID1
All User Profile : SSID2
Current User Profile : SSID3

Deleting Wireless Profiles

netsh wlan delete profile SSID2

- output will be something like:

Profile "SSID2" is deleted from interface "Wi-Fi".

Exporting Wireless Profiles

To back up all Wireless Profiles
netsh wlan export profile folder="%UserProfile%\Desktop"

To back up all Wireless Profiles on a particular interface
netsh wlan export profile interface="interface name" folder="%UserProfile%\Desktop"

To back up a specific Wireless Profile on all interfaces
netsh wlan export profile "profile name" folder="%UserProfile%\Desktop"

To back up a specific Wireless Profile on a specific interface
netsh wlan export profile "profile name" interface="interface name"
folder="%UserProfile%\Desktop"

Note:
• Substitute profile name (SSID) in the command with the actual SSID network profile name that you want to export as a backup.
• Substitute interface name in the command with the actual name of the interface that the wireless network is on that you want to export as a backup.
• If you want to back up the Wireless Key (password), add "key=clear" after the profile "profile name" section in each of the above commands (needs administrator rights)
For example:
netsh wlan export profile "SSID1" interface="Wi-Fi" folder="%UserProfile%\Desktop"

Exporting Wireless Profiles

To restore a Wireless Profile for the Current User only
netsh wlan add profile filename="\path\to\file.xml" user=current

To restore a Wireless Profile for All Users
netsh wlan add profile filename="\path\to\file.xml" user=all

Regards,

The Outspoken Wookie

## Thursday, September 11, 2014

### Microsoft's Broken Store Upgrade to 8.1

After spending well over 8 hours trying to work through this issue, including a reasonable amount of Google searching, it seems to me that Microsoft has royally fucked up the Microsoft Store Windows 8.1 Upgrade for Windows 8.0 users.  And now, I'll explain it in a little more depth...

For anyone who needs/wants to reinstall their Windows 8 (RTM), then activate with their license key, then install the updates needed (KB2871389 and KB2917499) to get the Windows 8.1 upgrade from the Microsoft Store and upgrade to Windows 8.1, you're in for a bit of a shock if you need to run applications that need the .NET Framework 3.5 (or 3.0 or 2.0) Feature that's normally installable via either the Control Panel or a particular invocation of the DISM command.

If you try and install via Windows Update, you'll be presented with the following error message:

Windows couldn't connect to the Internet to download necessary files. Error code: 0x800F0906 (which, of course, is bullshit if you've got a functional Internet connection - this is an erroneous error message)

If instead you try the DISM way, you'll see either the above error code or the following:

•0x800F081F: The changes could not be completed.

As mentioned in that answers.microsoft.com thread, if these have been installed as part of the regular Microsoft Update regime before .NET 3.5 is even installed, it is a simple enough task to uninstall them, install .NET 3.5 and then reinstall these updates.  This is not the case with the slipstreamed Windows 8.1 Upgrade from the Microsoft Store as these updates seem to have been slipstreamed into the installer, meaning that they don't show as updates that can be uninstalled, therefore they can't be uninstalled, therefore you CANNOT install .NET 3.5 on this system - that leaves a lot of software that won't install nor run properly.

Out of interest, this thread also details issues with these updates - so it isn't just on Microsoft's own site that this issue has been discussed.

I have found - as expected - that even if you install .Net 3.5 in Windows 8.0 before performing the Microsoft Store upgrade to Windows 8.1, Windows 8.1 is installed with .Net 3.5 uninstalled.  As I said, I expected this behaviour and would have been rather surprised if this had actually worked.

It seems to me that the easiest fix for this is to re-release both of these HotFixes with better pre-requisite detection and also rebuild the Microsoft Store upgrade image so that these two HotFixes are not included, or alternatively, fix the Windows Update site so that if a Windows 8.1 system with these updates already installed, but .Net 3.5 not yet installed, goes out looking for the .Net 3.5 installation files, it provides a working set of files that will install the .Net 3.5 Feature.

Until then, good luck if you need to get the .Net 3.5 Feature installed on a Windows 8.1 system recently upgraded from Windows 8.0 through the Microsoft Store.

Regards,

The Outspoken Wookie

## Friday, August 15, 2014

### Companyweb on SBS 2003 stopping

We've all had those sites where, for some reason, Companyweb just stops, needs restarting then runs fine for a while and then stops again.  Gotta love it...

Well, I have a site we're in the process of migrating from SBS 2003 to Essentials 2012 R2 + Office 365 where this started happening a few days ago, so I decided to sort out a scheduled script to take care of this for me.

@Echo Off
if exist default.aspx del default.aspx

"C:\Program Files\GnuWin32\bin\wget.exe" --user=administrator --password="Seriously, you think I'd post that on my blog?" --timeout=30 --tries=1 http://CompanyWeb/default.aspx

find /C "SharePoint Team Web Site" default.aspx

IF ERRORLEVEL 1 cscript C:\WINDOWS\system32\iisweb.vbs /start companyweb

I'm running this script every 5 minutes which places bugger all extra load on the server, but means that it isn't long after the Companyweb site stops that it is restarted.

Oh, and run it as "nt authority\system" so it doesn't pop up a command prompt window on the user's desktop (ie, the administrator's desktop).

Regards,

The Outspoken Wookie

## Wednesday, July 30, 2014

### APNs

OK, so I'm sick and tired of visiting various sites to find the APNs for the carious 3G/4G providers our clients use at work and at home, so here's my own list...

Aldi Mobile3Gmdata.net.auPersonalNo business use - see 1.4.1.d here.Aldi Mobile
Amaysim3GinternetAmaysim
ApexN3GOptus based plansApexN
BoostMobile3Gtelstra.internet
Mainly personal use - see 1.1 here.BoostMobile
Exetel4GyesinternetNew Optus 4G plans
Internode3Ginternode
Optus3Ginternet
Best optionOptus
Optus3Gyesinternet
Use if "internet" doesn't workOptus
Optus4GyesinternetOptus
Pacnet3GinternetStatic IPOptus infrastructurePacnet
Pacnet3GpacnetStatic IPOptus infrastructurePacnet
Telstra3G/4Gtelstra.internetBusiness accountThis is the Telstra 10. private NATted network. Code is "GPTCOMB3".
Telstra3G/4Gtelstra.iphAny account typeThis is their "iPhone" APN. Call and ask for the "GPDWLES3" code to be added to your account.Whirlpool
Telstra3G/4Gtelstra.extranetBusiness account (10 digits)This gives you a real, usable dynamic IP. Call and ask for the "GPTEXB3" code to be added to your account.
Telstra3G/4Gtelstra.corpBusiness account (10 digits)This is for Telstra Wireless IP WAN users. Call and ask for the "GPCORPB3" code to be added to your account.
Vodafone3G/4Glive.vodafone.comThis is NATted on the 10.0.0.0/8 networkVodafone
Vodafone3G/4Gvfinternet.auThis gives you a real, usable dynamic IP.  Or so it appears.  But it is NATted through 10.64.64.64 still.  Ggrrrr...
Voicetalk3Gsplns357Try getting any sense out of VoiceTalk!

There are some other sites out there with useful collections of APN configuration information:
Whirlpool APN - Access Point Name

Regards,

The Outspoken Wookie

## Friday, July 18, 2014

### Samsung Galaxy Note 2 Factory Mode

OK, after trying everything I could find on the 'Net (unsuccessfully, obviously) I decided to do one final search before buying a new handset and came across http://www.444android.com/showthread.php?p=86539 which is the only thing I found that worked - my Samsung Galaxy Note 2 no longer continually boots into factory mode, which means that it is no longer as useful as a 80.5 x 151.1 x 9.4 mm, 182.5g brick!

Having then found this, I followed another too many hours and too many links to eventually get the LiquidSmooth 4.4.4 ROM installed (basically involving needing to use the TWRP Recovery environment to reset permissions and reformat the entire device (http://teamw.in/project/twrp2/115) and then the ClockworkMod recovery environment from https://www.clockworkmod.com/rommanager to load the LiquidSmooth 4.4.4 ROM (http://galaxynote2root.com/sprint-galaxy-note-2-roms/liquidsmooth-rom-for-galaxy-note-2-android-4-4-4/)), I found that the phone still had no signal at all.  It looks like the phone chip really has died.  Oh, well - here comes a Note 3! :)

Regards,

The Outspoken Wookie

## Tuesday, June 24, 2014

### Embedded "Security" with IPMI and UPnP

First, let me say that I've been outspoken about UPnP on gateway devices since UPnP was first released - it is simply a Bad IdeaTM.

Recently released information on an IPMI vulnerability involving UPnP on server motherboards has been published by Cari.net here.  Basically, it details how the BMC authentication details of almost 32,000 servers are available online, easily, in plain text - from the servers themselves.  Add to this the older Linux kernel versions some BMCs were running (any old version of any operating system will contain unpatched vulnerabilities that can be exploited for nefarious purposes) and you have a great recipe for easy and effective hacking of servers.

Not good.  Not good at all.

So, again, can I ask that people administering systems actually do their jobs properly and keep up to date with patches and updates and - particularly - disable vulnerable services from gateway devices and implement decent firewall rules to limit access to systems that are supposed to be protected behind these firewalls.

Regards,

The Outspoken Wookie