Medo's Home Page

Telling Windows 10 Build From ISO File

If you download Windows 10 ISO files regularly it is more likely than not you cannot really tell for sure which build is which. However, determining the build number is fairly easy.

The first step is to mount the Windows .iso file which can be done by double-clicking it (or using VHD Attach). That will assign a drive letter to image so you can access it.

Second (and last) step is to right-click on setup.exe on newly created drive and select Properties. Inside Properties window we are interested into Details tab and its File Version field. It is this field that will tell you build number as third part of version.

For example, if File Version is 10.0.15063.0, that .iso belongs to Windows 10 build 15063.

File Hash Next to Every Download

Those downloading files over unreliable Internet connection are familiar with the curse of partially or badly downloaded file. For detecting such transmission errors, hash or CRC codes come in really handy. While none will fix your file, they will allow you to check whether bytes you received are the same bytes the server was sending.

I wanted to have SHA-256 hash codes available on my site too but I hated the idea of manually calculating them every time I upload something new. I wanted to have something that would work without any change to my usual workflow.

Solution ended up being a two separate parts. First part was generating SHA-256 hash. For this I simply created bash script to go over the every file in download and download/runtime directories:

for file in ~/www/{download,download/runtime}/*; do
    ...
    #calculate SHA
    fileBase=$file
    fileHash="$fileBase.sha256"
    fileBaseSum=`sha256sum $fileBase | cut --delimiter=' ' -f 1`
    if [ -e "$fileHash" ]; then
        fileHashSum=`cat $fileHash`
        if [ "$fileBaseSum" == "$fileHashSum" ]; then
            echo "  $fileBase"
        else
            echo "X $fileBase"
            echo "$fileBaseSum" > "$fileHash"
        fi
    else
        echo "+ $fileBase"
        echo "$fileBaseSum" > "$fileHash"
    fi
    ...
done

This script I added as a cron job to simply run every day. A new file with .sha256 extension gets magically created after execution is done.

Second part was creating a WordPress plugin. For this I wanted to keep it simple and just make it work as a short-code. Its full duty would be, whenever it finds downhash short code to create a link and, if .sha256 file exists, to set SHA-256 as its title. In practice this means SHA-256 hash would appear as a tooltip when mouse gets over the link. Visible for those who want it, but unobtrusive for normal people. :)

And yes, the code does include a bit of hard-coded styling. In my defense, I don’t plan to publish this as an official plugin and it does simplify the code quite a bit:

add_shortcode('downhash', 'snippet_downhash_shortcode_callback');

function snippet_downhash_shortcode_callback($atts, $content = null) {
    ...

    $file = $_SERVER['DOCUMENT_ROOT'] . $content . '.sha256';
    if (file_exists($file)) {
        $hash = chunk_split(file_get_contents($file), 8, ' ');
    }

    $html = '<div style="clear:both; font-size:120%; text-align:center;">';
    $html .= '&bull; <a href="' . $content . '"';
    if (isset($hash)) { $html .= ' title="SHA-256: ' . $hash . '"'; }
    $html .= '>' . $title . '</a> &bull;</div>';

    return $html;
}

To use this in code, just use downhash shortcode. For example, for my](’ . $content . ') Bimil I used:

\[downhash\]/download/bimil170.exe\[/downhash\]

This will result in the following line: [downhash]/download/bimil170.exe[/downhash]

As always, you can download and check code yourself.

PS: And yes, SHA-1 would also be ok for this particular purpose despite it being broken.

Using Mikrotik DHCP to Disable NetBIOS Over TCP/IP

If your network is a bit too chatty and you decide to go without NetBIOS, that is easy to do if you have Windows Server. A click or two will get you there. Fortunately, if you have your DHCP server on Mikrotik, it is not much more difficult.

First we need to create Microsoft Disable NetBIOS Option itself:

/ip dhcp-server option
add code=43 name=microsoft-disable-netbios-option value=0x010400000002

And then we simply assign it to given DHCP network:

/ip dhcp-server network
set 1 dhcp-option=microsoft-disable-netbios-option

To verify, simply use ipconfig on windows computer:

ipconfig /all
 …
   NetBIOS over Tcpip. . . . . . . . : Disabled

PS: Do note that really old client computers (e.g. Windows 2000) will have issues with network browsing.

AMD Excitement

I use laptop as my main computer for a while now. Generally I am happy with this setup and I rarely miss the desktop computer. Ok, that is a bit of a lie. I do occasionally miss tinkering. And I do miss excitement of the upgrades. Especially now that AMD Ryzen is out.

There is an excellent AnandTech article about AMD Ryzen where they go really deep into details of the architecture and I won’t reiterate much here. Suffice to say that AMD seems to have created something as significant as Athlon when it comes to innovation.

Nobody is sure if AMD is going to succeed with the whole Zen architecture despite good first impressions. Let’s not forget its main architect left and that definitely wasn’t painless. We also have no idea how Intel will react and whether it will simply strangle AMD in price war.

However it does seem that, at least in the short term, AMD has actually given Intel something to think about. And that will breed innovation on both sides. If we are lucky we might even see a repeat of the whole Pentium-Athlon fight. Regardless of AMD ultimately losing, that was a renaissance of computer architecture.

It is an exciting time to be a desktop owner - may it last.

PS: If you are interested in processor design and all the craziness that goes with it, check Computer Architecture course. While it really covers only older generation processor design, it has more than enough information to get your head spinning.

Whitelisting on CAPsMAN

I love Mikrotik’s CAPsMAN. A beautiful way to control and automatically provision wireless interfaces over multiple Mikrotik routers.

It is not perfect - one of the more annoying absences is the default channel list (albeit you can create your own channels) and lack of the whitelisting for the AP clients. Unlike with the standard Mikrotik interface, you cannot simply make configuration where registrations would be disabled by default.

However, there is one nice trick you can do. Under CAPsMAN → Configurations adjust VLAN Mode to use tags and set VLAN ID to some unused number (my favorite is 4094). This will cause all wireless traffic using that configuration to be tagged with otherwise unconfigured number. In effect we are blackholing all the traffic with that VLAN ID.

Now under CAPsMAN → Access List you can add any allowed client with VLAN Mode set to “no tag” (or, if you are using VLANs, to a configured VLAN ID). This will override setting from the configuration and thus only devices explicitly listed will have their packets processed.

I admit, it is not as flexible as rejecting registration but absence of any communication is usually a good signal that one needs to move to another network.

PS: Whitelisting AP clients doesn’t necessarily improve your security. Do not rely on it as a security feature.

1 … 98 99 100 101 102 … 268