Categories
Computing Hardware Science and Technology windows

Enabling Windows Core Isolation With Driver Incompatibilities

[tl;dr — if you’re reading this and just want the fix, click here. However, I’d recommend reading the short preamble — the reasons why Windows presents this error are interesting.]

The Backstory

You’ve seen it, if you’re reading this — the new option in your Windows Settings to enable “Core Isolation”:

A screenshot of the Windows Core Isolation/Memory Integrity option in Windows 10.

Basically, it separates the way windows processes run on your system so that they’re running in fully virtualized environments, utterly isolated from each other — neat, huh? This may be wrong, but I kind of think of it like a “containerization” for your normal windows processes.

Well, if you’re like me, when you tried to turn this on, your computer reported that it could not turn this on due to “driver incompatibilities”.

Example of the error windows shows you when you have incompatible drivers that are preventing Core Isolation from being enabled.

At this point… you may be stuck. Like I was, for weeks. This is a tough problem to get past. The error message that Windows presents at this point is not helpful, and the link to microsoft.com tells you little more than what the error message is already telling you… it’s frustrating.

You may be thinking to yourself, “Okay… so I’ve got drivers that are incompatible with this new feature. Um, turn them off? Don’t use them?”

I’m guessing Windows does not offer anymore help here because mucking around with drivers on Windows can lead to some major problems (for example, while trying to enable this feature, I rendered my entire Windows partition unbootable. Plus, booting into safe mode to try to fix it was impossible, because I have bitlocker turned on, and I lost my recovery key! Fun!).

So, at this point, Windows just leaves you high and dry. You may try to search the Internet for answers, but: be careful. There are several sites out there that offer “solutions” for this by offering a way you can download a registry key and force-enable this option (I won’t link to them here so their visibility in search engines won’t improve). Trust me; just don’t do this. Just don’t. This will possibly render your system unbootable, and depending on your situation, there is no way to revert it, short of a complete re-imaging/reinstallation. (I spent all day doing this one time because of this!)

Anyway — here’s what did work for me.

The Fix

  1. First things first — keep the Settings window showing the list of “incompatible” drivers open — you’ll need that in a moment.
  2. Second — download a copy of Microsoft’s SysInternals. If you’re not already using these for Windows system management, you just found one of your new favorite groups of utilities. Released by Microsoft, this is a suite of tools that are so essential, you’ll wonder why they’re not included in default Windows installations (I wonder about this every time I use them).
  1. In these tools, look for a tool called “Autoruns64.exe” — run it. (It goes without saying that everything here you need to do with Administrator privileges.)
  2. You’ll be presented with a list of processes, drivers, etc, that run on Windows boot. Click on the tab for “Drivers”.
  3. Now, for each item in the list of “incompatible drivers” that Windows presented you, type part of its name into the “Filter” field, and de-select its checkbox (if you don’t find it in your list in Autoruns64.exe — skip it and we’ll apply a different fix in a moment):
Image showing AutoRuns64.exe interface
  1. Now, open a Powershell window, in Administrator mode. For each driver that you de-selected in Autoruns64.exe, just do “Remove-Item <path to driver>”.
  2. Restart, and try to enable core isolation again!

Fix for Drivers that Don’t Show Up in Autoruns64.exe

Okay — you’ve done the steps up above, and for some strange reason, you have an incompatible driver that’s not showing up in Autoruns64.exe (its “Published Name” probably starts with “oem”, doesn’t it?). The exact reason for this is something that still eludes me, but basically, it’s a very naughty driver that’s going to need a special trick to remove it.

For this, we’ll be using a tool called “pnputil” in Windows, which is just another one those utilities that’s included with Windows that you’ve never encountered before today (if you have, my condolences!).

For this type of driver (with a published name that, like I said, probably looks like “oem30.inf”), do the following command in a Powershell window running in Administrator mode:

pnputil -f -d oem30.inf 

(for example; change "oem30.inf" to whatever is the "published name" of the driver you're having trouble with)

In Conclusion

That should be it, and Core Isolation should work now. If it doesn’t, then you’ve encountered a weird issue that isn’t covered here — but don’t fret too much! If you’re kind of person to try to troubleshoot this issue this far, your Windows installation is already very secure, even without this feature.

Keep trying, and then, when you figure out your solution, make sure and write about it so it can help others!

Categories
Life Rants and Raves Science and Technology

American Business During the Early 2020s

American businesses two years ago: “We just don’t think remote work is feasible. Just wouldn’t work. Reasons.”

American businesses one year ago: “Wow, look at how quickly we converted into full remote-work! Aren’t we amazing??”

American businesses one month ago: “Okay, everyone come back into the office. If we can’t see butts in seats, how can we be sure you’re even working?”

American businesses, this week: “okay… you can work at home a little longer”

(Context: May 12 2021 was the week of pipeline attacks and gas shortages in the US. One year before this? Lockdowns and COVID.)

Categories
Android Hacking Hardware Linux Science and Technology

How My Love Affair with Google Ended When I Decided to Stop Being their Unpaid Beta Tester

(This blog post was originally started back in 2016 when I decided to give up on Android for good. I never got around to posting it, even though it’s basically finished, and I still agree with it today! You can pretty much just replace any mention of “Nexus phones” in your head with “Pixel phones” and the argument still works.

With Google seemingly losing interest with Pixel phones in mid-2020, the post is just as relevant today as it was nearly five years ago.)

Logo for Android Version 4.4

The Passion of the Android

Spend a little while on any site that focuses on anything Android, whether it’s phones or apps, and you’ll quickly realize that the Nexus phones produced by Google are held in esteem above all others.

Their specs are lauded.  Their problems glossed over.  Their ability to “always have the latest OS version” (an ability iPhone owners take for granted) unlike phones you get directly from cell phone companies (think AT&T and Verizon), is held in the highest regard, especially.

To the visitors and commenters on these sites, the ability of a Nexus phone bought from Google, to have the newest version of Android before all other phones in the massive Android universe is more important than anything else, be it a sacrifice of 1) speed (because of the higher memory usage of newer software versions), 2) reliability (because of the presence of hidden bugs inherent in all new software), or 3) compatibility (because of app makers not always being able to get new versions of apps release in time to support new versions of Android, if something has broken the app).

All sorts of reasons are brought up for why this is best.  “The phone companies don’t want to upgrade the Android versions on their phones in a timely fashion because they’re lazy and don’t care.“  “The phone makers (also called OEM’s) don’t want to upgrade the Android versions on their phones in a timely fashion because they want you to buy a new phone.

Since version 2.3 of Android, the version of Android running on your phone has been far less important because of Google Play Services

While there are very important reasons that upgraded software on your phone is important (like security fixes, patches, etc), the insane concern for the version number on your phone always being the latest defies all understanding.  Since back in the Android 2.3 days, the Android team at Google even moved most of the important parts of Android (the fun parts that get updated) into a standalone app called “Google Play Services” a few years ago to combat the problem of OEM’s and cell phone companies not updating the Android versions of their phones.

If you have an Android phone, you can go into the full list of apps installed in your settings and see “Google Play Services” there — you can’t stop it from updating, and no one, including the cell phone companies and OEM’s, can stop it either.  This way, even older phones running older versions of Android can still have compatibility and quite a bit of neat new features that newer versions of Android get (like the Android Device Manager, Android’s answer to the iPhone’s “Find My Phone” feature).  The changes to this hidden service layer are subtle, well tested, and ensured to not cause any problems in the massive universe of different Android phone types.

Getting a fully new version of Android is less important in this way, but still offers some benefits here and there (like encryption being a default setting in Android 6.0).  Still, cell phone companies and OEM’s only release full new versions of Android for their phones after months, sometimes a year or more, of testing.  Why is this important?

Yo, do you even test, dude

When you’re a company like HTC (my favorite Android phone maker), or a cell phone company like Sprint, you live and die by your core product. If you work at HTC and your phones suck when it comes to reliability or user experience (or UX), you’re toast.  If you work at Sprint and your service is slow and the phones people buy from your stores don’t work (even though you don’t make them), people stop buying your phones and recommending your service to their friends.

The iPhone/iOS team at Apple does this behind the scenes for months with their products, both phones and operating systems.  Car companies do it for their car software.  Your microwave uses software that was tested for years to make sure the buttons always worked when you pressed them, and to ensure that it didn’t set your food on fire.

Why I bring this up is because I’m reasonably certain, after years of using Nexus phones, that the Nexus team at Google either doesn’t do this type of UX testing, or does it very, very little.

And why would they?

Google doesn’t make money selling phones.  It’s a B2B (business-to-business) company that makes 90% of its profits selling ad space to commercial entities (I went through the work of looking through its investor documents, found here (page 32): https://abc.xyz/investor/pdf/20160331_alphabet_10Q.pdf)  Everything else Google does is minor, and whatever minuscule amount of profit it makes from selling Nexus phones is an even smaller part of that.

Google doesn’t make money selling phones.  It’s a B2B (business-to-business) company that makes 90% of its profits selling ad space to commercial entities

…and there’s nothing wrong with that.  The employees of Google are very good at what they do.  They should focus on their core business, and put the bulk of their resources into effectively selling ads.



		
Categories
Programming Server Ubuntu

Getting PHP 7.2 to work with NGINX (UBUNTU)

This took a while. I’m much, much more familiar with running apache. I really like how fast and light nginx is, though, and was going to start using it, no matter what.

In the end, it was a combination of all of these things:

  • When I upgrade to nginx 1.17, there is a new “include” line in the nginx.conf file, and suddenly nginx was looking for site config files in this directory (/etc/nginx/conf.d/) instead of the usual one (/etc/nginx/sites-enabled). Had to change that first thing.
  • The nginx process was trying to run under the “nginx” user, instead of “www-data”. Basically, the “user” config in both your php conf files and your nginx conf files must match, or the php-fpm process ignores the requests from nginx.
  • Most tutorials I’ve found on the internet want you to insert specific php-related config into your nginx site config that points php to a certain port, like this:
    • "fastcgi_pass 127.0.0.1:9000;:".
  • However, my php-fpm was configured to run under a unix socket only (you find this via the “listen” param in your php config). So, I had to add the following line to my nginx site config instead in the php section:
    • "fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;"
  • I had to include the following line in my php-specific config in my site conf file for nginx. Even the nginx example conf file is not explicit about this:
    • include snippets/fastcgi-php.conf;
Categories
Programming Science and Technology

Converting ghost cms output to csv for wordpress import

If you’re just coming here for the solution, and don’t want to read the backstory about how I came up with the solution, I understand. :)

Click here to skip to the solution.

The Problem

Recently I helped convert someone’s main blog from Ghost, back to WordPress.

While WordPress makes it easy to export in any format (so that you can easily import your entries into another blog engine), Ghost… does not.

While Ghost certainly does have an “export” tool, it exports in JSON format. JSON format is definitely preferable to XML, but no matter what, I could not find a way to import these entries into WordPress.

I searched through the plugin library–nothing was devoted to allowing an import through Ghost.

I furiously Googled–weirdly enough, any entries I could find about converting Ghost’s output to something that WordPress could import were all years old (and thus none of the solutions presented worked anymore, because I imagine Ghost’s export format had slightly changed.)

So, I decided to make my own.

The Solution

The solution is on Gitlab — just download the Powershell script (the .ps1 file) and run it on the command-line, passing one parameter of “jsonFile”, which is the path to the Ghost export.

Then, you’ll need a plugin to import the new CSV file to WordPress — I used the “WP All-Import” plugin. It seemed to be well maintained, and unlike many other plugins, it didn’t require you to pay for it.

That’s it! I built it in Powershell, because A) I can make quick scripts very quickly in Powershell, and I was frustrated by this point, B) Powershell has very good native CSV and file format conversion abilities, and C) Powershell can now run on any platform (Linux and MacOS included).

If you’re running this script on Windows, you already have Powershell installed, but if you’re running it on any other system, the link to install Powershell will also be below.

Future Enhancements

I only had posts with single tags to test against, so my script is only designed to get one tag for each post for the new CSV-formatted entries.

Ghost’s JSON format for tags was… bad. I don’t know why it was the way that it was. With every other type of metadata you’d need associated with a post, their JSON has that data in the “post” object, but with tags, they’re in a completely different other place, and only associated to posts through a series of IDs. It’s weird.

Either way, if you come up with a solution to that, feel free to fork the project! (Or just suggest a pull request.)

Also, I’d like to eventually re-code this into Python, just because more computers probably use it by now!

Sources

Categories
Defense Life

Dear Mr. LaPierre and the NRA

(Sent today.)

Dear Mr. LaPierre and the NRA,

I have been a member of the NRA for many years.

I renewed my membership after the Virginia Tech shooting, in which a deranged man killed 30+ classmates at a college. He never should’ve been able to purchase firearms, but your organization didn’t agree.

I renewed my membership after the Aurora, CO theater shooting. The killer in that shooting never should’ve been able to buy a drum magazine — it has no purpose being owned by an ordinary American. Soldiers in the military aren’t even issued them individually.

I renewed my membership after the Newtown, CT shooting, and that one was tough. You would think 20 small children being gunned down would cause your organization to at least soften its stance on the issue — to sound a little less combative — but no. Your organization came out after the event as angry as ever.

But the Las Vegas shooting is too much. There has to be limits to the 2nd amendment. Even if the stated goal of your organization is to help protect the right for citizens to arm themselves in the event of armed insurrection.

No one needs 50+ firearms. A common sense argument for your organization would be to say, if the goal of the 2nd amendment is to protect liberty, you only need one rifle and one handgun.

No one needs thousands and thousands of rounds of ammunition. A common sense argument for your organization would be to say, if the goal of the 2nd amendment is to protect liberty, you only need to be able to buy enough ammo that you could carry on your person in the event of a “SHTF” event. (One could purchase more ammunition for target practice at places like ranges and gun stores, but the ammunition should not be allowed to leave the premises.)

And no one, I mean no one, needs “slide fire” modifications to allow a semi-auto rifle to shoot fully automatic. Your organization could come out today and join the call for such devices to be banned, but you probably won’t.

I am a gun owner, and will remain one. I own one rifle, and one handgun. However, as of today, I will no longer renew my membership in the NRA. Also, I resign as a member of the NRA, said resignation to be effective immediately. Please remove my name from your membership lists.

Categories
Blogging Computing Distraction Internet Life Politic Rants and Raves

Why “Social Media” Should be Renamed “Social Masturbation”

We have hundreds of friends on Facebook. We follow hundreds of people on Twitter. We interact with dozens a people a day, spread across an equal number of timezones or even countries.

We follow funny blogs, meme-generators, and news sites on both of these services, and they deliver dozens of posts that we like and re-share to all of our friends, so they can see that we like them.

We feel like we’re making such a difference in the world! It’s so amazing! A collective consciousness if forming, almost — who can stop it? Who can fight it?

Disadvantaged groups are in control of such power! They now have a voice in the world so that everyone can hear of their struggles, thanks to the Internet! Social behavior that would’ve been illegal 50 years ago, and just an enormous faux pas even 25 years ago is now completely normal and accepted… isn’t it?

I mean, that’s what all my friends think. And I’m sure yours largely do too, if you’re probably reading this.

The reality in the rest of America, however, as we just learned, is very different.


Stages of Grief

We’re still not even in the postmortem stage from the Trump election win in 2016, but we’re close. Right now, people don’t know who to blame, mostly because the final results were such a surprise. Nobody saw the coming — not even FiveThirtyEight, who haven’t predicted an election wrong before this one.

And why would they? Why would any of us?

How many Trump supporters are you close to, on a daily basis? How many do you talk to daily, as a friend? Not bickering with online, but in person — where you’re more than just text making them angry on a website, but a living, breathing person in front of them, that they can see, and hear.

If the answer is zero, honestly I don’t blame you. Trump supporters aren’t usually… let’s just say it’s hard to have a conversation with someone who’s starting position is “Ban the Muslims/Mexicans, Build The Wall, Lock Her Up!” There’s not much gray area — not much room for common ground.

Even I only had about half a dozen, and they were all online. Mostly family members who survived earlier Facebook purges and friends from high school who stayed behind in the small town area where I grew up, and never left.

After this past week, of course, I’m no longer friends with them. Not because of anything they did or said, of course — most of them were fairly well-behaved — but because I realized, after the election, that we’re not really friends.

I didn’t talk to them in person. I couldn’t affect their lives in any meaningful way. In any discussion, there was never any meeting of the minds — no give and take. Every conversation could stop immediately when the aggrieved party wanted it to, by just walking away. There was never any reconciliation attempted, because there was no need to.

Our interaction was limited to them sharing their funny conservative memes from ridiculous websites and fake news sources, while I would groan inwardly and put up with them, because I was being “open-minded.”

They were certainly never going to change my mind about Hillary Clinton by posting some link about a “child sex ring in Macedonia run by the Clintons” (all false, of course), and I was never going to change their mind about voting for ol’ Agent Orange himself by telling them about his six bankruptcies, piggish attitudes about women, or the ridiculousness of building a “90 foot wall on the border of Mexico.”

So, why keep up the charade of pretending like we’re friends?


Fair and Balanced

However, I didn’t stop there. How many like-minded people are you friends with on Facebook, that you also don’t see in person? A dozen? Ten dozen? A thousand? How many do you follow on Twitter?

Do you think these relationships are healthy? Do you think you’re making a difference in their lives? That by liking their posts, and replying to their comments on yours that you’re doing something nice for them?

Maybe — just maybe these interactions are robbing you of the desire to make actual relationships, with those people around you.

Now — before you get outraged — I’m not saying you can’t have a meaningful relationship with someone in a purely online fashion. I met my partner online, so I of all people am not saying that.

I’m just saying you can’t have a dozen simultaneously. Or ten dozen. You’re not Scarlet Johansson’s character from the movie Her. And you certainly can’t have 1,456 real “friends” on Facebook, no matter how much you like seeing the number.

These interactions you are having on Facebook, or Twitter, with people you rarely ever see in person, are having a negative influence on your life, and you may not even know it.

They momentarily quench the desire to have real connections, out there, in the real world. Friends you can visit in the hospital if they’re in a car accident. Friends with who you can move a couch. Friends you can go to a party with, or to the park.

And most importantly, friends who, if they don’t think exactly the same as you, may come around to your way of thinking when it’s voting time.


Beating Us at Our Own Game

Because you see, like it or not, this is something “the other side” has the non-Trump-voter beat in, wholly — real life social engagement.

They have churches, where they see the same people regularly, every week.

They go to tailgate parties. Constantly.

They go to real parties, out in the woods, where cell phone connections are spotty and where you’re forced to, you know, talk to people.

And when it comes to voting time, they’re the ones telling their real-life connections, in person, who to vote for.

Yes, they have huge social media presence online, mostly — the recent trouble with fake conservative news being spread like wildfire across Facebook being an example of that — but it’s not their only, or even their most major form of social engagement.

Human beings are social creatures — it’s coded into our DNA. You may think you can survive without a tribe, or a group, but you can’t — that’s just our pleasant, safe, modern world fooling you.

When we human beings were first coming down from the trees and learning to walk on just two legs, the tribes we formed required people to work together to achieve goals — you had to know like-minded people (or in this case, hominids), or you didn’t survive. Human beings weren’t the fastest, or the strongest; we didn’t have sharp fangs or claws or sticky webs to trap pray in; but what we had was cooperation.

And those that could work together with others had their genes propagated to the next generation.


Say “Hi”

So what can you do? If you’re not going to delete your Facebook account in protest of their out-of-control “sharing” feature (I’m still considering it), start by unfriending everybody you don’t see on a daily basis.

Make a few exceptions for those two or three people who, no matter what the geographic distance, you’re still soul mates with. It won’t hurt.

Make an exception for close family that aren’t racist.

But that’s it.

Stop spending time talking to people who you can’t make a meaningful difference in their lives. It’ll hurt at first; I know. But soon that desire will turn into actual action that may help those that are close by to you right now, especially if you live in an area that’s a bit more heterogeneous. (You know, like those “swing” states that Hillary all lost.)

And that is where the culture war will be won. Not by posting rebuttals or Snopes articles on Facebook and Twitter. But by showing people who look and think slightly differently than you how you’re not a caricature.

And maybe, must maybe, they won’t vote next time for a man who thinks that women’s bodies are up for grabs, if you have enough money, or that it’s okay to mock the disabled, or that all illegal immigrants are murderers and drug-dealers.


Caveat

Now, please don’t misunderstand me — I’m not talking about possibly changing the minds of any Trump voters — you should know that’s not possible by now. You’re talking about a kind of person who believes in fake news, without any facts, and when confronted with facts to the contrary, simply chooses not to believe in them. You can’t change that kind of person’s mind, so don’t try.

I’m talking about possibly convincing someone who doesn’t vote, or who is undecided, that they might want to try voting. Those are the changes you can make. And they can be made.

Categories
Computing Linux Science and Technology Ubuntu

rsync to AWS using .PEM key

Took me a little while to figure this out, but it’s a pretty standard implementation of the rsync command — you use the “-e” command and then specify an entire ssh command to use, like below:

function amazonrsync {
rsync -rave “ssh -i ~/.ssh/AWS_key.pem” $1 $2
}

That’s an entire shell function, by the way, that makes the whole thing easier to use.  Feel free to put it in your shell alias file.

Source: Rsync to AWS EC2 Using .PEM key – AnthonyChambers.co.uk Blog

Categories
Computing Hacking Internet Linux Programming Science and Technology Ubuntu

OpenVPN One-Command Server Install Script

I have been looking for a script like this for about a year now:

https://github.com/Nyr/openvpn-install

For some reason that I never understood, installing and setting up an OpenVPN has always been a pain in the ass.  I’ve had one I’ve been using for about a year, but it’s on Amazon’s AWS as was installed through an appliance install, and I really wanted to learn how it worked myself.

Every tutorial I saw either didn’t make sense, or the steps didn’t work.  I set about to try and create a one-script install myself, and then thought, “No — somebody has to have done this before.”

And lo and behold — that’s where I found the above github repo.  It’s amazing, and it works.  I’m going to donate to this person, because they saved me a good bit of work.

 

Categories
Computing Hardware Linux Ubuntu

GeekBench for Linux ARM?

Just got a Rasberry Pi and you’re wanting to benchmark it against other computers that you’ve benchmarked with GeekBench?

It’s not possible, for the most part — no release version of GeekBench for the ARM platform exists, but the creator of GeekBench did release a one-time build of GeekBench 2 a while back:

Source: GeekBench for Linux ARM? / Geekbench / Discussion Area – Primate Labs Support