blog.plee.me About software, technology and random things

14May/220

Windows Defender Firewall Inbound Rule for ICMPv6

Hi!

I'm getting more into IPv6 these days and found that ICMP is very important for IPv6 connectivity.

Windows Defender Firewall with Advanced Security (on Windows 10 at least) comes with some inbound ICMPv6 allow rules, but unfortunately they don't allow for quite enough.

I went ahead to create a rule by hand, but found out that you cannot set a group for the rule through the GUI, so instead I opted for creating a little PowerShell command.

You have to run it from a UAC-elevated PowerShell instance.

This rule is based on the existing default ICMPv6 rules.

Create the rule:

New-NetFirewallRule -DisplayName "Core Networking - CUSTOM - Allow Incoming ICMPv6" -Group "Core Networking" -Direction Inbound -Action Allow -Protocol ICMPv6 -Program System

Remove the rule again:

Remove-NetFirewallRule -DisplayName "Core Networking - CUSTOM - Allow Incoming ICMPv6"

Some people may want to exclude echo request for privacy or "security (through obscurity)" reasons, but I don't think it's that big of a deal.

Of course feel free to customize the command in general. The official documentation page (docs.microsoft.com) is very informative.

If you have any other firewalls between you and the sender, you may have to check their rules as well.

I tested the rules with a website like ipv6-test.com.

Thanks for reading!

3Apr/220

(Re)Setting Hyper-V Virtual Machine Client Zoom Level

Hi!

A couple of days ago I was playing around with Hyper-V virtual machines. At some point I set the "View" => "Zoom Level" to 25%.

Unfortunately, at 25% the window becomes so small that you cannot see the View menu in the menu bar any more because it gets cut off. And for some reason you cannot use the arrow keys on the keyboard to navigate the menus either.

This zoom level not only applies for a single virtual machine, but all of them, as it as a general Hyper-V client setting.

Trying to access the menu when the VM is shut down does not work because the "Zoom Level" submenu is disabled, and once the VM is booted up, the window resizes instantly.

The only reliable way to (re)set it appears to be editing the Hyper-V client configuration on the host file system:

  1. Close the Hyper-V client window (the one that opens when you connect to / double-click a VM)
  2. Open the file at %UserProfile%\AppData\Roaming\Microsoft\Windows\Hyper-V\Client\1.0\vmconnect.config and set the setting with ZoomLevel back to 100 (or something similarly usable):
    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
    <Microsoft.Virtualization.Client.InteractiveSession.InteractiveSessionConfigurationOptions>
    <setting name="ZoomLevel" type="System.UInt32">
    <value>100</value>
    </setting>
    [...]
    </Microsoft.Virtualization.Client.InteractiveSession.InteractiveSessionConfigurationOptions>
    </configuration>
  3. Save and close the file
  4. Connect to / double-click a VM again

I hope this was helpful to you.

Thanks for reading!

Source: How to restore auto zoom level in Hyper-V VM window (answers.microsoft.com) - Answer by Trond.R. on November 27, 2020 (Sorry, apparently you can't link to answers directly)

3May/200

Uploading a Snapshot to a Fresh Home Assistant OS Instance

Hi!

After finding that my previously running Home Assistant OS instance was no longer working let alone starting properly, I decided to wipe it and simply install from a fresh image today. In order to pick up where I left off, I wanted to restore from a snapshot that I made a short while ago.

Out of the box, Home Assistant OS does not seem to come with any way to upload snapshots (or any other kind of files) onto the instance. Usually, this would not be a problem, because I had previously used the Samba share add-on from the official add-on repository, but since updating it to the new repository website, the Samba share add-on seems to have disappeared.

My first alternate approach using the SSH access did not work either, as I could not use SFTP because it is not effectively using proper SSH/SFTP but an intermediate wrapper for the Home Assistant console.

The quickest way I found that had minimal impact on the system in terms of creating a mess was to use Docker and download my latest snapshot from a web server hosted somewhere else via cURL. In this case I was using a self-hosted Nextcloud instance with a shared file link, but your mileage may of course vary.

Prerequisites / Assumptions

  1. You are using the Home Assistant OS official image on a device in headless mode, so you have a minimal system without neat tools like curl or wget pre-installed.
  2. You have uploaded the snapshot file to a web server that is accessible from the Home Assistant OS system (in terms of network connectivity).

Steps

  1. Enable SSH access by following the official documentation on how to enable SSH access to the host.
    • Update from 2020-05-21: They seem to have restructured the documentation and the original instructions are no longer on that page. It used to say:
      Use a USB drive formatted with FAT, ext4, or NTFS and name it CONFIG (case sensitive). Create an "authorized_keys" file (no extension) containing your public key, and place it in the root of the USB drive. File needs to be ANSI encoded (not UTF-8) and must have Unix line ends (LF), not Windows (CR LF). [...] From the UI, navigate to the Supervisor system page and choose "Import from USB". You can now access your device as root over SSH on port 22222. Alternatively, the file will be imported from the USB when the Home Assistant OS device is rebooted.
  2. Log into the Home Assistance OS instance via SSH.
  3. Type the command "login" to enter the actual shell.
  4. Use the following command to download the snapshot file:
    docker run --rm curlimages/curl https://my.server.local/a1b2c3d4.tar > /mnt/data/supervisor/backup/a1b2c3d4.tar
    (Change URL and file names of course. The destination directory should be fine.)
  5. You might want to check file integrity for the file via md5sum or sha512sum etc.
  6. If you want to be extra tidy, you can remove the cURL Docker image again by executing
    docker image rm curlimages/curl
  7. Close the SSH session and open a new one.
  8. Do not enter the actual shell but instead execute this command to get Home Assistant to notice the newly uploaded snapshot:
    snapshots reload
  9. Now log into the Home Assistant web interface or just keep using the console and restore what you need.
  10. Done!

I hope this saved you a bunch of research because I myself could not find anything quick and practical on this topic.

Thanks for reading!

24Oct/180

Disable Autoplay For Videos in Firefox 63

Hi!

Just after updating to Mozilla Firefox 63 (on Windows), I found that my setting to disable autoplaying media / videos was no longer effective - at least for HTML5 videos.

Apparently one of the changes for this release was to include an autoplay video blocker, but I could not find anything definitive about this in the settings.

I decided to disable autoplay for all videos (which is my preferred setting anyway) once again by doing the following:

  1. Open the config editor by entering about:config in the navigation bar.
  2. Enter the "autoplay" as a filter.
  3. Find the entry "media.autoplay.default", double-click it and set it to "1" to disable media autoplay browser-wide.

I just left the old setting "media.autoplay.enabled" as "false", even though it does not seem to be relevant any more.

After reloading the website with the video (in this case YouTube), once more it showed the play icon on top of the video instead automatically starting playback.

Source: https://www.linuxliteos.com/forums/on-topic/firefox-63-0-unable-to-stop-html5-videos-from-auto-playing-in-this-release/

I hope this was helpful.

Thanks for reading!

31May/180

Using Git Bash With Custom Installation Of GPG / GnuPG

Hi!

You have probably noticed that Git for Windows comes with MinGW64, which enables you to use programs (or to be more precise: Windows versions of these programs) that are usually only available to Linux users. One of the programs that MinGW64 / Git for Windows ships with is GPG / GnuPG. The current version of Git for Windows (2.17.1) for example comes with GPG version 1.4.22.

If you prefer using a custom installation of GPG / GnuPG by default, which is probably much more current than the one you installed manually (2.x), you can achieve this by doing the following:

  1. Install GPG as you normally would
  2. Make sure it is executable in the command line / PowerShell (as in: make sure the bin/ subdirectory of the GPG program directory is included in the PATH environment variable)
  3. Go to the Git for Windows program directory (e.g. C:\Program Files\Git\)
  4. Navigate to the usr/bin/ subdirectory and rename gpg.exe to something else (like gpg_disabled.exe)
  5. Close any open Git Bash instances and start a fresh one
  6. Check the GPG version via
    gpg --version

The way that Git Bash works is that is has its own set of directories which have a higher priority when looking for executable files than the ones in Windows' PATH environment variable. So in order to have your own GPG executable working as the "gpg" command, you have to get the included gpg.exe out of the way so it keeps looking in Windows' PATH environment variable.

You can still access the old GPG executable by using the new name (e.g. "gpg_disabled").

Unfortunately you have to do these steps every time you install or update Git for Windows, but at least now you know where to look!

The upside is that now Git (executed from the Git Bash) also uses your own version of GPG for its GPG-related operations.

I hope this was helpful.

Thanks for reading!

4Jan/180

Using OpenVPN For All Network Traffic Except For LAN

Hi!

Recently I noticed that my Android smartphone was not able to connect to YouTube via third-party apps. I narrowed it down to the issue with it being able to resolve hostnames to the correct IPv6 addresses but not being able to connect to them (somehow the IPv6 part of my internet connection is broken. A problem for a different time).

In order to work around the problem I am using an OpenVPN connection which automatically forces all outgoing connections to use IPv4, not IPv6. The only problem was that internal LAN connections did not work any more.

In the .ovpn configuration file I am using

redirect-gateway local def1

(because it is a WiFi connection), but I was also using

redirect-gateway def1

before that, which did not make any difference in that regard.

If add a route directive like the following one after the redirect-gateway directive, you can add a route to the routing table, directing all traffic for the specified route to the WiFi connection instead of the VPN connection:

redirect-gateway local def1
route 192.168.0.0 255.255.255.0 net_gateway

You will probably have to adjust the network address and maybe even the subnet mask to match your network.

The routing table is basically a prioritized table which lets the operating system decide which network adapter it should use for a specific connection. With the above entry you add a rule with a higher priority, overriding the generic one(s) from the OpenVPN connection configuration. These ones are added because of redirect-gateway def1 and tell the operating system to send all traffic via the virtual VPN network adapter, effectively sending it all over the VPN.

If you are configuring this from the OpenVPN server side, of course you can still use these directives, but in the context of the push directive. I am not doing that, however, so I saved both directives in the client configuration.

Now I can watch / listen to YouTube videos with third-party apps AND connect to LAN devices!

I hope this was helpful to you.

Thank you for reading!

18Oct/170

High DPI / Font Scaling Display Problem With LibreOffice

Hello!

When I installed LibreOffice on my Windows 10 notebook with 125% font scaling, I immediately noticed that the menu bar was somehow hiding behind the title bar and everything I clicked was recognized as clicked a couple dozen pixels above what I was actually pointing at.

This seems to be a known problem for LibreOffice with OpenGL and high DPI / high font scaling, maybe specifically in conjunction with my Intel HD Graphics / IGPU.

The fix is fairly easy but difficult to find out on your own:

  1. Make sure that no LibreOffice application is running.
  2. Open the LibreOffice OpenGL blacklist configuration file with a text editor, usually found at C:\Program Files\LibreOffice 5\share\opengl\opengl_blacklist_windows.xml.
  3. Inside the block enclosed by the <blacklist> tag, add the following block:
    <entry os="all" vendor="intel">
        <device id="all"/>
    </entry>
  4. Save and start a LibreOffice application to check.

This should do it!

Thanks for reading!

Source: https://ask.libreoffice.org/en/question/125453/libreoffice-dpi-is-off/

2Mar/170

Using Windows Photo Viewer in Windows 10

Hi!

If your Windows 10 system is an upgrade from a previous Windows version, you will not have encountered this problem.

This is only relevant for clean, non-upgrade Windows 10 installs.

I noticed that on my clean Windows 10 install the default application for viewing picture files like JPEG or PNG was the Microsoft Photos app. As I prefer the classic Windows Photo Viewer application for viewing images, I tried to select that as the default. Surprisingly enough, it was not in the list of options.

To add the Windows Photo Viewer back to the list of applications for pictures, you have to import missing registry entries. This is due to the fact that Windows Photo Viewer does not come as an executable but as a DLL.

The following explains the process for the whole system (not just the current user). The source article contains an alternative method for just the current user as well as a "sort order fix" solution that takes into account the order in which the files were sorted inside the directory.

  1. Download the "Restore_Windows_Photo_Viewer_ALL_USERS.reg" file from the source article or create a new text file with a ".reg" extension and the following contents:
    Windows Registry Editor Version 5.00
    
    ; Created by: Shawn Brink
    ; Created on: August 8th 2015
    ; Tutorial: http://www.tenforums.com/tutorials/14312-windows-photo-viewer-restore-windows-10-a.html
    
    
    [HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open]
    "MuiVerb"="@photoviewer.dll,-3043"
    
    [HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
      6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
      00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
      25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
      00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
      6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
      00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
      5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
      00,31,00,00,00
    
    [HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\DropTarget]
    "Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap]
    "ImageOptionFlags"=dword:00000001
    "FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
      00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
      77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
      00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
      65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,36,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\DefaultIcon]
    @="%SystemRoot%\\System32\\imageres.dll,-70"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
      6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
      00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
      25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
      00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
      6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
      00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
      5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
      00,31,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\DropTarget]
    "Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF]
    "EditFlags"=dword:00010000
    "ImageOptionFlags"=dword:00000001
    "FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
      00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
      77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
      00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
      65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\DefaultIcon]
    @="%SystemRoot%\\System32\\imageres.dll,-72"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open]
    "MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
      69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
      00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
      72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
      00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
      6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
      00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
      25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
      00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
      6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
      00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
      5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
      00,31,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\DropTarget]
    "Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg]
    "EditFlags"=dword:00010000
    "ImageOptionFlags"=dword:00000001
    "FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
      00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
      77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
      00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
      65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\DefaultIcon]
    @="%SystemRoot%\\System32\\imageres.dll,-72"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open]
    "MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
      69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
      00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
      72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
      00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
      6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
      00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
      25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
      00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
      6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
      00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
      5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
      00,31,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\DropTarget]
    "Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif]
    "ImageOptionFlags"=dword:00000001
    "FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
      00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
      77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
      00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
      65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\DefaultIcon]
    @="%SystemRoot%\\System32\\imageres.dll,-83"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
      6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
      00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
      25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
      00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
      6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
      00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
      5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
      00,31,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\DropTarget]
    "Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png]
    "ImageOptionFlags"=dword:00000001
    "FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
      00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
      77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
      00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
      65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
      00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\DefaultIcon]
    @="%SystemRoot%\\System32\\imageres.dll,-71"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
      6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
      00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
      25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
      00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
      6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
      00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
      5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
      00,31,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\DropTarget]
    "Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp]
    "EditFlags"=dword:00010000
    "ImageOptionFlags"=dword:00000001
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\DefaultIcon]
    @="%SystemRoot%\\System32\\wmphoto.dll,-400"
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open]
    "MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
      69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
      00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
      72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
      00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\command]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
      00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
      6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
      00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
      25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
      00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
      6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
      00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
      5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
      00,31,00,00,00
    
    [HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\DropTarget]
    "Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities]
    "ApplicationDescription"="@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3069"
    "ApplicationName"="@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3009"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
    ".jpg"="PhotoViewer.FileAssoc.Jpeg"
    ".wdp"="PhotoViewer.FileAssoc.Wdp"
    ".jfif"="PhotoViewer.FileAssoc.JFIF"
    ".dib"="PhotoViewer.FileAssoc.Bitmap"
    ".png"="PhotoViewer.FileAssoc.Png"
    ".jxr"="PhotoViewer.FileAssoc.Wdp"
    ".bmp"="PhotoViewer.FileAssoc.Bitmap"
    ".jpe"="PhotoViewer.FileAssoc.Jpeg"
    ".jpeg"="PhotoViewer.FileAssoc.Jpeg"
    ".gif"="PhotoViewer.FileAssoc.Gif"
    ".tif"="PhotoViewer.FileAssoc.Tiff"
    ".tiff"="PhotoViewer.FileAssoc.Tiff"
  2. If you created the file by hand, it should use Windows line endings (CRLF).
    Also, the original file has UCS-2 LE BOM encoding, but I am not positive if that makes any difference as opposed to standard UTF-8 encoding without a BOM. I checked this with Notepad++.
  3. Run the .reg file.
  4. This should be it! You can now delete the .reg file and try selecting Windows Photo Viewer once again.

I think it is a bit weird that Microsoft would choose to omit these settings for a clean Windows 10 install, but I am happy that I can still use it with just this little tweak.

Source with more information, alternative ways to do this and instructions to revert these changes: https://www.tenforums.com/tutorials/14312-windows-photo-viewer-restore-windows-10-a.html

Thanks for reading!

23Feb/170

Getting a Let’s Encrypt Certificate Through DNS Challenge With Cloudflare

Hi!

A couple of days ago one of my subdomains' SSL certificates expired.

Instead of paying for a renewal, I decided to have a first look at getting a free certificate from the Let's Encrypt Certificate Authority.

The ideal way would have been to set up a mechanism that would allow for an automatic certificate renewal, so I would not have to do it myself every 3 months. That is the maximum amount of time Let's Encrypt's certificates are valid for. However, in this case this was more easily said than done. The service I intend to use the certificate with is running on a shared IP and listening on a non-standard HTTPS port because the standard ports for HTTP and HTTPS are already used for something else. This prevented me from utilizing all HTTP / HTTPS based challenges to verify the hostname ownership which is an essential part of the Let's Encrypt certificate signing process.

After some searching I found a great solution that would enable me to do a somewhat half-automated, half-manual approach:

lukas2511's dehydrated ACME client in conjunction with kappataumu's Let's Encrypt Cloudflare hook.

This Shell-based ACME client allows the user to get a Let's Encrypt certificate using the dns-01 challenge. That way, you only have to create a DNS record (containing a generated value) in order to verify your ownership of the hostname instead of uploading content to the webserver. The DNS record can be created and deleted automatically through the Cloudflare hook if that is what you are using for your DNS record management.

The instructions for both the ACME client as well as the hook are pretty straightforward, so I recommend reading those if you are interested in trying this approach.

These are the changes I made in the config file (just as an example):

  • Set "http-01" as the CHALLENGETYPE (explanation below):
    CHALLENGETYPE="http-01"
  • Set "rsa" as the KEY_ALGO:
    KEY_ALGO=rsa
  • Add environment variables with config for the Cloudflare hook script at the end:
    export CF_EMAIL='[email protected]'
    export CF_KEY='1234567890abcdef1234567890abcdef'
    export CF_DEBUG=true

When attempting to execute dehydrated for the first time, it asks you to accept the terms. You can do that by simply entering this command:

$ ./dehydrated --register --accept-terms

Now you might have wondered why I set the CHALLENGETYPE to "http-01" instead of "dns-01"? So that we could accept the terms without any problems; "dns-01" gave me the following error: "ERROR: Challenge type dns-01 needs a hook script for deployment... can not continue."

The command I used to generate the certificates specified the challenge type "dns-01" explicitly anyway:

$ ./dehydrated -c -d hostname.example.org -t dns-01 -k hooks/cloudflare/hook.py

The first challenge attempt failed for me, but the execution went on to retry and ultimately finished successfully.

Afterwards, you can find the certificate files in the subdirectory "certs/hostname.example.org/".

I installed and executed the software in a local Linux virtual machine without any problems and then copied the certificate files over to the destination server manually. Technically I could have just done this on the production system as well, but I did not feel like saving my Cloudflare API credentials on it. It will be interesting to see how annoying the steps are going to get after a couple of repetitions. Maybe in time some other solution will have come around.

Hopefully this was a helpful recommendation for you.

Thanks for reading!