CompileNix's Blog - Page 4

[Slow GTK App starts in i3-wm]

If you notice that GTK application starts take unusual long without resource utilisazion, it maybe because the current ENV of your i3-wm session is missing variables related to DBus.

Update your x11 session start script (i.e. ~/.xinitrc):

eval $(dbus-launch --sh-syntax) exec i3
[Switch the storage controller type of the Windows boot drive]
- Configure the VM with the "VirtIO SCSI" storage controller.
- Create a new small disk and connect it to the VM using SCSI.
- Switch the Windows boot disk connection to IDE.
- Start Windows and get you something to drink, because you have forgotten how slow IDE is 😉.
- Logon and install the VirtIO drivers, which you can download from fedorapeople.org.
- Run an elevated command prompt -> cmd.exe and enable safe mode. bcdedit /set {current} safeboot minimal
- Reboot
- When you arived in windows safe mode you try to find and initialize the previously created small disk.
  If you're unabe to find the disk try installing the "vioscsi" driver and retry.
- Run an elevated command prompt -> cmd.exe and disable safe mode. bcdedit /deletevalue {current} safeboot
- Shutdown the VM and switch the Windows boot disk connection from IDE to SCSI (using the VirtIO SCSI Controller).
- Reboot
- Profit!

Create a data URL from a file

function get-dataurl {
    local mimeType
    mimeType=$(file -b --mime-type "$1")
    if [[ $mimeType == text/* ]]; then
        mimeType="${mimeType};charset=utf-8"
    fi
    echo "data:${mimeType};base64,$(openssl base64 -in "$1" | tr -d '\n')"
}

Usage examples: get-dataurl /path/to/file.png | less get-dataurl /path/to/file.png | xclip -selection clipboard get-dataurl /path/to/file.png >file.txt

[Double Proxy (HTTP -> SOCKS)]

If you have a SOCKS proxy but you really need a HTTP proxy, you can just put a HTTP proxy on top of your existing SOCKS proxy.

In this example i'm using a SOCKS proxy provided by SSH and privoxy.

First create and test that the SOCKS proxy is working (superuser.com - How to check if a Socks5 proxy works)

Install privoxy: sudo apt get install privoxy

Configure privoxy to use your existing SOCKS proxy as the upstream by adding this to the end of the file of "/etc/privoxy/config":
listen-address 127.0.0.1:8118 max-client-connections 512 forward-socks5t / 127.0.0.1:8888 .
The default value of "max-client-connections" is 128, which might not be high enough.
[Nginx "try_files" does not work with "if" in a location]

Do not mix "try_files" and "if" in a "location" scope!
- the "if" directive have problems in location context
- Error if using proxy_pass with variable and limit_except
- limit_except causes 404
[Tree Tabs themes]

Firefox Tree Tabs Compilenix's themes
Tree Tabs extension
[Setup git to pull from upstream and push to another remote]

Pull "master" from https://git.compilenix.org/Compilenix/tls-tester.git
Push "gitlab/master" to https://gitlab.com/compilenix/tls-tester.git

Create an empty repo on the server for https://gitlab.com/compilenix/tls-tester.
Create the branch "gitlab/master" on the server for https://gitlab.com/compilenix/tls-tester
```
git clone https://git.compilenix.org/Compilenix/tls-tester.git
cd tls-tester
git remote add lab https://gitlab.com/compilenix/tls-tester.git
git config remote.pushdefault lab
git config push.default current
git fetch --all
git checkout gitlab/master
git branch --set-upstream-to=origin/master master
```
now when your current branch is "master" you can "git pull" and get the changes from https://git.compilenix.org/Compilenix/tls-tester.git
"git checkout gitlab/master" to switch to the fork
"git merge master" to merge the new changes into "gitlab/master"
do your thing to merge the new changes from upstream into your fork
"git push", while you are on the "gitlab/master" branch will push it automatically to https://gitlab.com/compilenix/tls-tester.git
[Code-Signing via Microsoft Team Foundation Server 2018 Build Agent using PowerShell]

Code-Signing via Microsoft Team Foundation Server 2018 Build Agent using PowerShell

Here is a brief overview

- There is a git repo on the tfs server.
- The project has a build definition which simply run's a powershell script from the project path
- This script handles the code-signing
- On the Build-Server there is a tfs build agent, running as the local service account "NETWORK SERVICE".
- The code-signing certificate is provided via the Windows Certificate Store

The tfs project build definition:

The PowerShell code to sign .ps1 files:
```
$Cert = (Get-ChildItem cert:\LocalMachine\My -CodeSigningCert | Where-Object { $_.Subject -eq "CN=Full Name, OU=User, OU=MyDomainUsersOU, DC=example, DC=com" })

Write-Host "Signing using: $($Cert.Thumbprint) / $($Cert.Subject)"
Get-ChildItem -Path "${DistDir}\" -Filter "*.ps1" -Recurse | ForEach-Object {
    $File = $_
    $Signature = (Get-AuthenticodeSignature -FilePath $File.FullName).Status

    If ($Signature -ne "Valid") {
        Set-AuthenticodeSignature -FilePath $File.FullName -Certificate $Cert -HashAlgorithm SHA256 -TimestampServer "http://timestamp.globalsign.com/?signature=sha2"
        #Set-AuthenticodeSignature -FilePath $File.FullName -Certificate $Cert -HashAlgorithm SHA256 | Out-Null
    }
}
```
The code-signing certificate at the Windows Certificate Store:

My code snippet above asumes the computer-wide personal certificate store, you may want to use the user certificate store of the build agent's execution context. To import you code-signing certificate you may use certuil.exe (docs.microsoft.com).
After the certificate is imported you need to allow the tfs build agent service user (in my case "NETWORK SERVICE") to read that certificate from the Windows certificate store.

[Windows: Lock AND turn off monitor]

Windows: Lock AND turn off monitor using Windows API, C#, PowerShell and a HotKey.


Add-Type -TypeDefinition '
using System;
using System.Runtime.InteropServices;

namespace Utilities {
    public static class Display {
        [DllImport("user32.dll", CharSet = CharSet.Auto)]
        private static extern IntPtr SendMessage(
            IntPtr hWnd,
            UInt32 Msg,
            IntPtr wParam,
            IntPtr lParam
        );
        [DllImport("user32.dll", EntryPoint = "LockWorkStation")]
        private static extern IntPtr LockWorkStation();

        public static void PowerOff() {
            SendMessage(
                (IntPtr)0xffff, // HWND_BROADCAST
                0x0112,         // WM_SYSCOMMAND
                (IntPtr)0xf170, // SC_MONITORPOWER
                (IntPtr)0x0002  // POWER_OFF
            );
        }

        public static void Lock() {
            LockWorkStation();
        }
    }
}
'
[Utilities.Display]::PowerOff()
[Utilities.Display]::Lock()

Stiched together with:
- github.com -> Hexalon/Lock-Computer.ps1
- www.powershellmagazine.com -> #PSTip How to switch off display with PowerShell
- superuser.com -> How can I bind a keyboard shortcut to start a specific application in Windows 7?

[RDP: An internal error has occured]

RDP Stops working after you re-join a windows computer to a domain

- During a windows rdp client connect you get the error message: "An internal error has occured."
- During a xfreerdp client connect you get something like this:

[12:03:22:170] [9681:9682] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 104: Connection reset by peer
[12:03:22:170] [9681:9682] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[12:03:22:170] [9681:9682] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[12:03:22:170] [9681:9682] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure

- On the remote you find an error in the windows event log:

Log Name:      System
Source:        Schannel
Date:          22.03.2018 10:28:28
Event ID:      36870
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      x.example.com
Description:
A fatal error occurred when attempting to access the TLS server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36870</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-22T09:28:28.200269700Z" />
    <EventRecordID>5650</EventRecordID>
    <Correlation ActivityID="{83D525D6-C14E-0002-D725-D5834EC1D301}" />
    <Execution ProcessID="920" ThreadID="3772" />
    <Channel>System</Channel>
    <Computer>x.example.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Type">server</Data>
    <Data Name="ErrorCode">0x8009030d</Data>
    <Data Name="ErrorStatus">10001</Data>
  </EventData>
</Event>

Here is what worked for me.
- Look for an existing valid computer account certificate and / or create a new valid certificate using a PKI, which is trusted by the domain controller/s.
- Set the thumbprint of that valid certificate to be used by the terminal server service

Get info about the current certificates installed:

Get-ChildItem -Path cert:/LocalMachine/My

And the current certificates dedicated for Terminal Services:

Get-ChildItem -Path "cert:/LocalMachine/Remote Desktop"

Set a new certificate to be used by the Terminal Server Service:

$TSpath = (Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path Set-WmiInstance -Path $TSpath -Argument @{SSLCertificateSHA1Hash="2B27D3B9C14AF0FBBADFACC271AFE0DDE21B7B74"}

[alias get-hpkp-pin]

Generate HPKP-Pin from a PEM file or any shell piped content.


alias get-hpkp-pin='openssl x509 -pubkey -noout | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -binary | openssl enc -base64'

Usage example: cat cert.pem | get-hpkp-pin

[Opsi Java 8u144]

Opsi Java package update from me (java_1.8.0.144-4.2.5) @opsi-wiki
[It's fine]

That looks totally fine to me xD
[alias tmuxa]

Either start a new tmux session or re-attach to a existing one, without the need for manual checking.
```
alias tmuxa='tmux list-sessions 2>/dev/null 1>&2 && tmux a || tmux'
```
[Win DNS Server Memory usage]

If you have a Windows domain controller and want to save on memory of the DNS server service, here are two things to consider:
- Set DNS server socket pool size (serverfault.com)
- Set DNS server cache size (technet.microsoft.com)
[NETGEAR Open Source Code for Programmers (GPL)]

NETGEAR Open Source Code for Programmers (GPL)
[Add Screeps api declaration and docs to vscode]

Add autocomple and api documentation for Screeps to Visual Studio Code (vscode).

Install typings
```
npm install typings --global
```
Install screeps api declarations
```
npm install screeps-typescript-declarations --save
```
Add or update "typings.json" in your project directory with:
```
{
    "globalDependencies": {
        "screeps": "github:screepers/Screeps-Typescript-Declarations/dist/screeps.d.ts#master"
    }
}
```
And here is my ".eslintrc" for screeps: compilenix.org/cdn/screeps.eslintrc.json
[Manual iRacing Software download]

In case you are not able to download the required iRacing Software from the Quick Start Guide because the download selection is broken...
Open up the Browser Dev-Tools (usually Control+I), navigate to the JavaScript console and execute following function call:
```
processInstallDownload("win", 0);
```
Install the, hopefully downloaded, Software.

Profit!

[Manual updating a vmware ESXi 6.0 via esxcli]


esxcli software profile update -p ESXi-6.0.0-20160302001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

The argument to '-p' comes from esxi-patches.v-front.de.

[Shakespear qoute of the day]

Newer <-> Older