Windows 10 Insider Preview: Moved Data Folder

I wanted to try the recently announced Windows 10 Bash prompt aka Windows Subsystem for Linux.

To do this I changed my Windows Update settings to the Fast Ring and next day I received a pretty big Windows Update. I was then able to enable Windows Subsystem for Linux from Windows Features section. However the next day when I went to start VMware Workstation it complained that my VMs were gone. To my horror my C:\Data\Virtual Machines folder was missing, and in its place was something called SharedData which contained some empty sub-folders..

I noticed a Windows.old in my folder and sure enough, my original C:\Data folder along with all sub-folders including Virtual Machines was in there. I moved it back to C:\Data but it will be interesting to see if Windows decides to allow it to stay there. I’ll be sure to back it up regularly.

Installing CyanogenMod 12 (Lollipop) on My Samsung Galaxy S5

This was surprisingly easy to do:

1. Root the Phone

This was made simple thanks to Towel Root. Please see https://towelroot.com/ for this easy to use utility. Afterwards you can confirm that your phone is properly rooted using Root Checker.

2. Install a Custom Recovery

Once rooted this was too easy. Install TWRP Manager making sure to install BusyBox if required. TWRP Manager will manage everything so just follow the instructions and you’ll be good to go. If you get any BusyBox errors fret not, install the supported Stericson BusyBox.

3. Backups!

There’s no tool like Titanium Backup. Install it, buy the Pro key, and back up your user apps and data. Later in Restore Apps & Data you will be able to quickly restore your apps and their config data saving you countless hours of tedious effort. It will also back up and restore your Hangouts/SMS messages.

But possibly more important than backing up your apps & data is making a nandroid backup of your original system. This will allow you to restore your phone to its pre-CyanogenMod state, Samsung’s infamous KNOX warranty bit notwithstanding. Simply reboot to recovery by powering down your phone then powering it up by holding down the power button, home screen button, AND volume up at the same time until the Samsung logo appears. Then select Backup and select what you want to back up. I recommend Boot, System, Data, EFS, and Modem. Once the backup is complete, make sure you copy the files off your phone onto a PC.

Important: both of these backups should go to the SD card so they can be restored later if need be.

I also recommend connecting your phone to your PC and manually backing up photos, videos, etc. These are NOT captured in the above backups. Note that your external SD card will not be affected by the upcoming erase and flash operations unless you do something really goofy.

4. Download the Files

The latest CyanogenMod 12 files are located here. Select the latest Nightly build but understand the risks in doing so. As of this writing there is nothing more stable than Nightly builds but eventually there should be something better.

You will also need the Google Apps package which will allow you to use the Play Store etc.

These two ZIP files should be saved to your external SD card. I use a folder called ROMs for anything I might want to flash.

Flash the Phone

Now that you’re all backed up and no longer afraid to lose anything on your phone, it’s time to leave TouchWiz. Boot into recovery. From here you should do a Wipe/Factory Reset, then select Install. Navigate to your ZIP files and first add the CM12 file followed by the Google Apps file, then flash them. This shouldn’t take very long and once it’s finished, clear the Dalvik cache when you get the chance. Then reboot into CyanogenMod and configure your new phone.

Warning: make sure you have a fully charged battery. The last thing you want is for the battery to exhaust itself in the middle of a flash…

Restore Apps & Data

If you choose to allow it when initially setting up your new phone OS, CM12 will start re-installing your apps. If Titanium Backup was not installed then install it. After launching it you can select Restore and select which apps and/or data to restore. If your apps were automatically re-installed for you then you only need to restore their data.

This restore process works very nicely and allows you to quickly restore your applications’ states without having to manually reconfigure them one by one.

Active Directory FSMO Errors

Today while trying to demote a domain controller I received an error:

The directory services is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

Running dcdiag /v yielded an error like the following:

Ownership of the following FSMO role is set to a server which is deleted or does not exist. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=mydomain,DC=local FSMO Server DN: CN=NTDS SettingsADEL:464a6261-2c82-4ac1-b2b2-144d2e5e1b74,CN=SOMEOLDSERVERADEL:27fa192a-1f79-4a62-9557-d14ce99406d9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local User Action: 1. Determine which server should hold the role in question. 2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately. 3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. 4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully. 

The SOMEOLDSERVER reference in the above was indeed an old server that died long ago. Since I thought I followed all the proper instructions for removing a dead domain controller I was surprised to see this was lurking in the metadata after all these years. Much research identified excellent posts and discussions including http://goo.gl/yXSbe3 and http://goo.gl/WEgj8o, the latter of which pointed me to a VB script in http://support.microsoft.com/kb/949257/en-us that when run against DC=DomainDnsZones,DC=mydomain,DC=local (from the output above) corrected the error and subsequently allowed the DCPROMO to run successfully. I hope this post helps save someone the couple of hours of struggling I went through.

Windows Installation from USB Key

I was installing Windows 7 to a fresh hard disk from a bootable USB. When selecting the disk/partition onto which it should be installed I was met with an error about not being able to find a system partition. I followed several guides to no avail but eventually found the following instructions which worked perfectly:

  • Boot Windows installation from USB drive
  • Press Shift+F10
  • In console type diskpart.exe and press enter. In this program execute the following commands:
    • select disk=0
    • create partition primary
    • select partition=1
    • active
    • format fs=ntfs quick
    • assign drive=c
    • exit
  • Navigate to USB flash drive, in my case type: e: (could also be d: e.g. if you don’t have an optical drive)
  • xcopy e: c: /e /h /k
  • cd boot
  • bootsect /nt60 c:

Remove USB drive from computer and restart.
Install Windows as usual.

To remove the unnecessary menu item from the boot screen:

  • Run cmd.exe as Administrator
  • See boot menu list bcdedit
  • Find Windows Setup and copy identifier
  • Run bcdedit /delete {identifier}

Thanks to http://goo.gl/BXw5qR for their great guide!

VMware Workstation VMs Shutting Down Slowly?

I recently noticed that several of my VMware Workstation 10 VMs would take several minutes to power off after their OSes had shut down. The screen would go black until power was finally turned off to the VM.

I finally decided to search for suggestions and found this article which suggested adding the following entries to either individual .vmx files or (for Windows 7) the global config file located at C:ProgramDataVMwareVMware Workstationconfig.ini

prefvmx.minVmMemPct = "100"
mainMem.useNamedFile = "FALSE"
mainMem.partialLazySave = "FALSE"
mainMem.partialLazyRestore = "FALSE"

After restarting Workstation I can confirm that this change works! Thanks to the original author for posting this.

Using permanent_records Gem with ActiveRecord Session Store

I spent a couple hours pulling out hair when, after switching my Rails app from using the Cookie session store to the ActiveRecord session store, I could no longer log in without an arcane exception RecordNotSaved.

Searches on the web revealed no correlation between using the ActiveRecord session store with the permanent_records gem but stepping through the libraries with pry strongly suggested that calls to loaded? in a couple of Session callbacks should have returned true but didn’t because the record had been deleted thanks to permanent_record.

In the end the following quick monkey patch was all that was needed. Place this in config/initializers/session.rb and enjoy.

https://gist.github.com/slamotte/5589389

Enable Extra Mouse Buttons in Linux Guest VM (VMware)

It’s long bugged me that I was not able to use the extra mouse buttons (e.g. back) in my Linux VMs under VMware Workstation. Apparently it’s bugged a lot of others too because today after finally reaching my breaking point I did a quick search and found that manually adding a single line to your VM’s .vmx file will enable this missing functionality. Here’s the line, simply append it to your vmx file when your VM is powered down and restart:

mouse.vusb.enable = "TRUE"

I wish I’d hit my breaking point long ago and fixed this… Now my Kensington Expert Mouse is a first class Linux citizen in VMware.

Source of solution: http://goo.gl/zCYj6

Private Internet Access and pfSense

I’ve long been interested in using a VPN to access out-of-country content as well as to secure whatever nefarious activities that I may be up to. Not that I have anything to hide but it’s no one’s business what I do.

I’d toyed with Tor back when I installed Google Voice. It works but is dog slow. My interest in this subject was recently rekindled when I read this article. I found myself drawn to Private Internet Access (PIA) and it’s promises of low cost and unlimited bandwidth coupled with no throttling. I signed up for a monthly plan with the intention of either canceling it if I didn’t like it or switching to a full-year subscription if I did.

Signing up with PIA was easy enough. You can download client software that runs on your individual machines if you wish, but since I have a pfSense firewall, I knew I should be able to channel all traffic through PIA over VPN so I wouldn’t have to install any additional software. Here are the config steps for pfSense 2.0.1.

To start with though, make note of your current IP address as evidenced by http://ipchicken.com. We want to confirm that your IP actually changes when we’re all done.

pfSense Config Files

SSH to your pfSense server and cd to /etc. Create a file “openvpn-password.txt” with two lines, one for your PIA userid, the other for your password.

You also need to download this file from PIA and extract its ca.crt to /etc.

Set 0600 permissions on both of these files e.g. “chmod 0600 /etc/ca.crt”. You can exit SSH at this point.

Certificates

In pfSense’s webConfigurator, go to System and select Cert Manager. Add a new CA, call it something like “Internal CA” using method “Create an internal Certificate Authority”. Fill in the Distinguished Name pieces below as you see fit.

Now click on Certificates and add a new certificate using “Create an internal certificate”. Call it something like “OpenVPN” and select type “Certificate Authority”.

OpenVPN Service

Go to VPN, select OpenVPN and click the Client tab. Add a new client. Leave all defaults except the following:

  • Server host or address: enter your desired PIA host e.g. us-texas.privateinternetaccess.com
  • Check “Infinitely resolve server”
  • Give it a meaningful name e.g. “Private Internet Access OpenVPN”
  • Clear “TLS Authentication” check box
  • Make sure the CA and Cert you created are selected
  • Select “BF-CBC (128-bit)” for the encryption algorithm
  • Check “Compress tunnel packets using the LZO algorithm”
  • Enter the following for Advanced at the bottom:
auth-user-pass /etc/openvpn-password.txt
ca /etc/ca.crt

Click Save to write your config and the OpenVPN service should start. You can click the blue “S” just under the Help menu to confirm that its status is “up”. Also check the log (blue “L”) to make sure there aren’t any errors.

Enable Interface

Go to Interfaces and select (assign). Click the add button. A new entry called OPTn should appear with “ovpnc1” as the port. Click Save. Now you can enable your new interface. Go to Interfaces and select OPTn. Simply click Enable and Save. Note that you can rename the interface if you want to something like “VPN” but it’s not necessary.

Restart the OpenVPN service so everything is in sync. Go to Status and select Services, then click the restart button beside the OpenVPN service. Ensure that the OPTn gateway has an IP. Go to System: Routing and make sure the Gateway has an IP address.

Firewall Config

At this point the OpenVPN service is running but you aren’t using it. You may not even be able to access the Internet in this state. While there’s a lot you can do to tailor your firewall access, here’s a quick way to route all your outgoing traffic through your new VPN connection.

Go to Firewall and select NAT, then click the Outbound tab. Select any existing rules and delete them. Select the “Automatic” option at the top and click Save, then select “Manual” and click Save. You should see a new set of rules which you can activate by clicking Apply Changes.

There’s lots more that could be done to pfSense to tighten up your security but this is a starting point.

Defining Exceptions

One client of mine requires me to log in to their Cisco VPN. Unfortunately this does not work through the VPN connection I just set up. It’s easy to force connections to their VPN server over the WAN interface, bypassing our VPN, by defining a new route as follows:

  • Go to System and select Routing. Click Routes and create a new route.
  • Enter the IP address of the remote host, in this case my client’s VPN IP address. Make sure the WAN gateway is selected and enter an appropriate name.
  • Click Save then Apply Changes.

Attempts to connect to this IP address from any device on your network will bypass the VPN and go directly to that IP address. Too easy!

Test

At this point you should have all your traffic going through the PIA VPN. You can confirm this by refreshing your ipchicken screen which should now show a different IP address.

Final Thoughts

The biggest concern I had with using a VPN like this was the performance penalty. I used http://speedtest.net before and after and there’s certainly a considerable penalty to be paid, but it’s not as bad as I had feared. I have 100-megabit service and without the VPN connection realize a max throughput of about 93 Mbps. Running the same test WITH the VPN enabled cut that in half. Fortunately, 40+ Mbps is still plenty fast for most of my needs. I have to wonder if the fact that my pfSense is running as a virtual machine plays much of a role here since there’s a whole lot of encryption going on. Perhaps I’d be better off using dedicated hardware, but that’s an experiment for another day.

I may give a few other services a try to see if they offer improved throughput. So far though I am impressed with Private Internet Access.

NOTE: These instructions are for pfSense 1.2.3. For 2.X versions, please see the additional requirements in this article, specifically relating to a bug in older versions of pfSense. Please see the first quote there for more information.

Using Google Voice in Canada

I’ve wanted to use Google Voice for a long time now. Being in Canada however it’s not available. While certainly not supported or as full-featured as using it in the USA, there are straightforward ways to get it working if you’re in Canada. Here’s how I did it.

Get a US-Based Phone Number

When you sign up with Google Voice in the next step, it verifies you in part by calling a phone number and having you enter a verification code. I used a Skype Online Number to do this which costs $20 for three months or $70 for an entire year. I signed up for a three-month plan which I may make use of  for an upcoming trip to the USA (or not!) In any case, I got the US-based phone number that I needed.

Note that it may be possible to get an Alberta 403 area code using an alternate service such as TellFi. While I have not verified or exploited this, there appears to be a loophole in Google’s US number verification service that allows a 403 number to be used.

Sign Up for Google Voice

Unless you happen to be in the US at the time or know how to set up a proxy service so you appear to be calling from the US, I suggest downloading and running the Tor Browser. This nifty little tool makes you appear to be browsing from the US. Once you have it running, navigate to http://google.com/voice and sign up. It’s straightforward enough. Make sure you enter your US-based phone number when prompted. Google Voice will automatically be set to forward calls to this number, but that’s not especially useful so you can uncheck it or even delete it altogether in Google Voice’s settings.

At this point you have a Google Voice phone number for the state/area that you selected. If you call it you’ll get sent to voice mail. Voice Mail messages will be transcribed and emailed to you for playback.

Install the Google Voice App

Receiving email is nice, but the Google Voice app provides a much nicer integration. Even when using a proxy, the Play Store will not allow you to install this app to your Canadian devices. No problem, simply browse to http://goo.gl/SUsuc and use a QR Code reader to download the latest version to your phone. Once it’s downloaded, go to your Downloads app and install the APK by clicking on it. There’s a quick setup procedure, then you’re in business. Now you have Visual Voice Mail on your Android phone!

Limitations

Based on my limited experience with Google Voice, it really doesn’t do much for us Canadians right now. There’s no integration with your existing phone numbers which sucks. What it does do is give you a US-based number at which you can be reached, though since you can’t forward THAT to a Canadian number, it’s of limited use. You can forward your existing phone to your Google Voice number (instead of to your carrier’s voice mail) to effectively give you Visual Voice Mail, but modern voice mail is pretty simple to use and in the case of Rogers (and possibly others) I’m quickly sent a transcribed version of my messages over SMS which usually precludes any need to call in to hear messages anyway. You can’t make or receive calls while you’re in Canada, but if you’re travelling in the US and have access to WiFi, it would probably work great.

If there’s anything I’ve missed that makes Google Voice can do, please let me know and I’ll update this guide.

Why Isn’t Google Voice Available in Canada?

This has bothered a lot of people for a long time now. What I don’t get is why a US-based company like TellFi can set up a similar service in Canada but a behemoth like Google can not. Surely it can’t have anything to do with Big Telecom trying to keep them out, could it? Imagine how things would change (for the better) if we didn’t have to pay for North American long distance because we used Google Voice…

Disclaimer

Follow this guide at your own risk. I’m not responsible for any charges that you may incur as a result of your experimentation.

Credits/References:

Instructions from other blogs: http://goo.gl/84Ho3, http://goo.gl/B1n1S

Tor Project Browser: http://goo.gl/ihTV

Skype Online Number: http://goo.gl/EPmC

TellFi: http://goo.gl/z25my

Phoenix 2011 Day 4

Spent the day checking out condo units at the north end of the city. Saw a total of 13 units between yesterday and today, and they are becoming a bit of a blur so I created a spreadsheet to record their details, including pros and cons. No clear winner has emerged…

Went for lupper at TGI Fridays around 4pm, then drove downtown to the US Airways Center to watch the Suns squeak one out over the evil Spurs. The row 10 seats right behind the goal (Suns’ end) were awesome! The two meth-heads (speculation) sitting to my right were the only downer. They screamed at the top of their lungs all games for the Spurs, but during halftime, everyone around us decided to make the second half miserable for them. This was a lot of fun actually, and they actually got into arguments with several fans. At one point the guy beside me freaked out because I was clapping those irritating noise sticks too close to his face or something. I almost felt bad for them because people were clapping them right over their heads (from behind), in their faces (from in front), and on either side. We’re just happy the Suns hung on. Very entertaining game nonetheless. Barb spied the two of us on the scoreboard cheering during one of those “make noise!” rallies, but I didn’t see it. I bought a game jersey which I wore proudly. I figure over 50% of fans has Suns jerseys on, and probably 90% of them were Steve Nash #13 like mine.

Plan to relax by the pool tomorrow and discuss the candidate condos. Still pretty sore today from golfing, so I will probably wait until Friday to play again.