Various cool software and more

Are you using WinRar? well in that case you may want to update. A security flaw has been found in WinRar that could allow malicious code to execute just by opening a WinRar file (nasty)..

Read much more on Bleeping Computers . Com

https://www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/

https://www.rarlab.com/rarnew.htm

Download update here;

https://www.rarlab.com/download.htm

So I found myself having to add subtitles to a videofile, however there were a few kinks. I had the .SRT file that matched, BUT the videoclip already had subtitles burned in in another language, and the .SRT subtitles were just overlaid these burned in subtitles which made both unreadable. My thought were to raise the .SRT subtitle so it was above the burned in one, however this was easier said than done, Handbrake supports importing subtitles and allow for burn in – however it does not allow for placement or other adjustments.

After a bit of googling I came up with this;

This excellent software (free) will allow you to do all sorts of things with subtitle files.

https://aegisub.org/

and you likely already know the video conversion utility Handbrake (also free)

https://handbrake.fr/downloads.php

What I ended up doing was;

Importing the SRT file into Aegissub

Setting the vertical offset to 50 (just above the other subtitle)

Changing the font color and border blur

Saving as an .ASS file

Opening the video file in Handbrake

Switch to the subtitle tab (4)

Import the .ass file (5)

Selecting “burn in” to make it embed into the video file (6)

And then encode the file

Viola, done and perfect result.

USB-C is quite confusing, even though the connectors look similar, then functionality may be wastly different.

Recently I had to see if I could add an additional monitor to my work setup, well you can easily buy a cable that connects USB-C to an HDMI plug, but will it work – the cable is not expensive as such, but costly enough that it would be annoying to buy it just to discover that it didnt work.

Luckily I found this nice description on USB-C to HDMI, like if you need to have an additional screen connected to your laptop (or want to use your phone to connect to a monitor or tv). So what is important is that the USB-C port MUST support “DisplayPort alt mode” – and how do you know if it does? Well for phones and tablets you need to look it up, but for notebooks you may be lucky enough that the manufactor has put some nice icons on the port for you 🙂 (but only if you are lucky)..

Here is how they look;

And here is what they mean;

  • Is there a symbol of a lightning (Thunderbolt 3) next to the USB-C port? Then you can use this port to charge and to transfer video. That means, you can connect a monitor to the port. This port also supports DisplayPort alt mode.
  • Is there a symbol of a D (DisplayPort) next to the USB-C port? Then you can use this port to transfer a video signal. That means, you can connect a monitor. This port supports DisplayPort alt model.
  • Is there a symbol of a battery next to the USB-C port? Then you can use this port to charge your laptop. This port doesn’t support DisplayPort alt mode.

    So for me, sadly I had the latter and hence no dice this time. But at least now I know what those strange icons mean.

Credit where credit is due;

How do you check which type of USB-C port my laptop has? – Coolblue – anything for a smile

The ever so helpful Microsoft Corp has decided to assist you with yet another new feature, one or more icons in your searchbar (next to the start menu).

So maybe you are an old grumphy man like me that despice changes to the GUI and just want it gone, or maybe you are a sysadmin and wish for it to not bother your users. Like I don’t get it, stuff that enables strange slide-up menues are just not very smart in my book, in my last sysadmin position people worked with drawing applications and if their mouse just happened to strafe the bottom of the screen up came weather reports, news and now also previous search results – in my book a big no go, ok people should have the right to enable this, but default setting should be off.

So how to get rid of it.

Well, through the GUI, you do like this;

  1. right click the search menu
  2. move to “2” Search
  3. uncheck “Show search highlights” – This will remove the icon/icons in the search menu
    (ProTip: you can also opt for just unchecking “open on hover”, then the search menu will only expand if you click on it)

SysAdmin tip;

To get rid of it through registry

My suggestion is to make a GroupPolicy Preference deployment of that registry setting, and horray you and your users are again masters in your own OS.

Enjoy.

#DynamicSearchBox #Windows10 #ButWhyMicrosoft

Many people have a laptop, and many complain about battery life – but how do you actually KNOW the overall health of your battery?

Well, I came across a usefull command that can shed at least some light on the matter.

You run the command;

powercfg /batteryreport

this in turn will generate a HTML file:

C:\WINDOWS\system32\battery-report.html

and this file actually has some usefull info. You scroll down to “Battery capacity history”

you look at the top “Design capacity” and scroll down and look at “Full charge capacity”, this will give you some indication on the overall health.

There are other “indicators” like “Battery life estimates”, however personally I put more credibility on the “Battery capacity” as the below show is “estimates”. But all in all you should in this HTML report be able to ascertain at lease some indication as to the health of your battery.

The command “powercfg” has some additional parameters you may want to mess around with as well, I have not looked closely at those however.

Quad9 the free secure DNS service is in trouble and need our help.

Quad9 - Wikipedia

https://www.quad9.net/letter-of-support-for-quad9-and-freedom-of-dns-resolution/

Explainer

If you dont know what Quad9 is, then here is a short explainer. Quad9 is a free DNS services much like Googles well known 8.8.8.8 and 8.8.4.4, Quad9 (9.9.9.9 and 149.112.112.112) however add a very cool FREE security layer to the solution (a bit like Ciscos Umbrella, just not quite as customizable). If you use Quad9s DNS as your DNS service and you get infected by malware (eg. ransomware etc.) then chances are that the malware will try to “phone home” to its command and control server – Quad9 will blocks communication to known command and control DNS addresses thus disrupting many botnets or ransomware “providers”.

Anyhow, Sony has in Germany started a court case to force Quad9 to censor DNS resolution, Sony want Quad9 to block access to pages that Sony claim contain copyright protected content. In Denmark (where I live) we have a similar DNS blocking mandatory for national DNS services, it was originally introduced to block access to child phonography (something all of us could support) – but quickly the music industry and other rights owners/lobbyists saw this as a golden opportunity to block whatever they did not like and succeeded in convincing courts to add to the blocklist.

I support working against crime and child phonography however I do not think DNS blocking is the solution (perhaps against terrorism, pedophilia and violent crimes – but not for immaterial rights), experiences have shown, that what starts as a noble initiative quickly become a tool for lobbyists and huge enterprises to suppress whatever they dont like on the internet.

In general I think that more police, and more crossborder police collaboration is the way forth – not letting Sony and other dictate what is on the internet.

I supported the DNS blocking back in the days when the goal was to protect children against misuse, but now when it is a tool for mega companies and lobbyists my respect is gone.

Did you know:

Quad 9 offers free DNS services with malware filtering – to use just set your DNS (and or DNS servers) to query 9.9.9.9 and 149.112.112.112, then block all other DNS traffic outbound and presto you added a free additional security layer to your setup (company or personal). It is important to add the blocking for other DNS queries in your firewall as malware otherwise could easily bypass your protection. Read more here: https://www.quad9.net/service/service-addresses-and-features

Backblaze has something similar – here you use 1.1.1.2 (blocks malware like Quad9) and 1.1.1.3 (blocks both malware and pornography).
Read more here; https://blog.cloudflare.com/introducing-1-1-1-1-for-families/


To whom it may concern:
We believe that the act of recursive DNS resolution is not within the justifiable legal boundaries of control by rightsholders during infringement litigation. In order for the DNS to remain a stable, secure, and trusted platform, we would urge policymakers and regulators to clarify and reiterate the long-standing understanding that recursive resolution is a neutral technical function that should not be subject to blocking demands imposed by private parties based on data that has not been ruled upon by a suitable and fair court process.

Further, we believe that systems that are designed for providing cybersecurity (be they DNS-based or otherwise) should not be made available to be repurposed for other goals against the interest and intent of the service operator or the end user. This type of corruption of core internet infrastructure risks eroding the trust in both the operators and a technology that is core to the continued well-being of the internet and that of the citizens who use it.

We support Quad9 in their objection to the ruling of the Hamburg Court of (Case 310 O 99/21), and hope that the court finds in favor of the defendant.

So, you recieve this text from someone which they for some reason or other has written in ALL CAPS – *sigh*, what to do – well if it is just a few words then its easy enough, just rewrite the darn thing. But what if it is several pages :-O

Well, there likely is some function in word or notepad++ I dont know about, but there is ALSO a site (there is almost always a site)..

https://convertcase.net/

I mean, who would not LOVE to get their text back in “Morse Code” 😉

Enjoy

#BlockAutoUpgradeToWindows11

So, at long last someone did something smart with Winwows 10 update.. Not exactly breaking news as it happened a year or so ago, but hey -now I needed it…

Anyhow, it is now possible to freeze a Windows 10 build – you COULD (to some degree) do this before also, but it was anything but trivial.

Anyhow, what you need to do is to upgrade your ADMX (Group policy templates) to 21H1, you do this by downloading them from here;

https://www.microsoft.com/en-us/download/details.aspx?id=103124

after unpacking (installing) them, copy them to your DC (most likely here);
c:\Windows\SYSVOL\domain\Policies\PolicyDefinitions

And now we are ready to rock’n roll.

Open: “Group Policy Management Editor”.

Navigate to: Computer Configuration – Policies – Administrative Templates – Windows Components – Windows Update – Windows Update for Business

Here you select: “Select the target Feature Update version”

Now you can set the “Target Version”:

I would expect this to freeze Windows 10 at the 21H1 version and hopefully block automatic upgrades to Windows 11 – but after the Windows 10 bonanza, who knows.

The above settings will trigger these registry settings on the target machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

I am not quite sure how these new settings work with existing Windows Update (and or wsus) settings, as you may see we have some WSUS settings below.

One question you may ask yourself, with Windows 11 comming why bother? Well, there is a reason I am looking at this now, and that is precisely Windows 11 – as you may have heard Windows 11 is about to hit-the-fan around October 2021, and we DONT want company machines going berserk upgrading left and right.. So looking for ways to combat automatic upgrades (you may remember the horrific Windows 10 upgrade circus – where Microsoft did anything but to put a gun to your face to trick you into clicking upgrade-now). The above policy ought to help block this (if Microsoft is true to the spirit of the policies).

So what does these new settings mean?

TargetReleaseVersion DWORD

Well the “TargetReleaseVersion” is more or less a toggle switch that tell Windows you wish to control the Windows Version/build. Whereas the “TargetReleaseVersionInfo” tell Windows WHICH version you are aiming at.

TargetReleaseVersionInfo STRING

If you enter a “TargetReleaseVersionInfo” that is higher than the currently installed build, windows will attempt to upgrade to this build. If you set a version number that is NOT the latest, Windows will attempt to upgrade to this and will stay there at least until “end of service” – it is unclear if Windows will autoupgrade to a later build after “end of service” is reached, but I would not suspect so.

Where can I read about Windows builds available and their status (end of service dates)?

aka.ms/ReleaseInformationPage

or this link: https://docs.microsoft.com/en-us/windows/release-health/release-information

Anyhow, dont take my word for it alone, here are links to a few other sites on the subject..
https://www.ghacks.net/2020/06/27/you-can-now-set-the-target-windows-10-release-in-professional-versions

https://www.tenforums.com/tutorials/159624-how-specify-target-feature-update-version-windows-10-a.html