Medo's Home Page

Using Mikrotik DHCP to Disable NetBIOS Over TCP/IP

If your network is a bit too chatty and you decide to go without NetBIOS, that is easy to do if you have Windows Server. A click or two will get you there. Fortunately, if you have your DHCP server on Mikrotik, it is not much more difficult.

First we need to create Microsoft Disable NetBIOS Option itself:

/ip dhcp-server option
add code=43 name=microsoft-disable-netbios-option value=0x010400000002

And then we simply assign it to given DHCP network:

/ip dhcp-server network
set 1 dhcp-option=microsoft-disable-netbios-option

To verify, simply use ipconfig on windows computer:

ipconfig /all
 …
   NetBIOS over Tcpip. . . . . . . . : Disabled

PS: Do note that really old client computers (e.g. Windows 2000) will have issues with network browsing.

AMD Excitement

I use laptop as my main computer for a while now. Generally I am happy with this setup and I rarely miss the desktop computer. Ok, that is a bit of a lie. I do occasionally miss tinkering. And I do miss excitement of the upgrades. Especially now that AMD Ryzen is out.

There is an excellent AnandTech article about AMD Ryzen where they go really deep into details of the architecture and I won’t reiterate much here. Suffice to say that AMD seems to have created something as significant as Athlon when it comes to innovation.

Nobody is sure if AMD is going to succeed with the whole Zen architecture despite good first impressions. Let’s not forget its main architect left and that definitely wasn’t painless. We also have no idea how Intel will react and whether it will simply strangle AMD in price war.

However it does seem that, at least in the short term, AMD has actually given Intel something to think about. And that will breed innovation on both sides. If we are lucky we might even see a repeat of the whole Pentium-Athlon fight. Regardless of AMD ultimately losing, that was a renaissance of computer architecture.

It is an exciting time to be a desktop owner - may it last.

PS: If you are interested in processor design and all the craziness that goes with it, check Computer Architecture course. While it really covers only older generation processor design, it has more than enough information to get your head spinning.

Whitelisting on CAPsMAN

I love Mikrotik’s CAPsMAN. A beautiful way to control and automatically provision wireless interfaces over multiple Mikrotik routers.

It is not perfect - one of the more annoying absences is the default channel list (albeit you can create your own channels) and lack of the whitelisting for the AP clients. Unlike with the standard Mikrotik interface, you cannot simply make configuration where registrations would be disabled by default.

However, there is one nice trick you can do. Under CAPsMAN → Configurations adjust VLAN Mode to use tags and set VLAN ID to some unused number (my favorite is 4094). This will cause all wireless traffic using that configuration to be tagged with otherwise unconfigured number. In effect we are blackholing all the traffic with that VLAN ID.

Now under CAPsMAN → Access List you can add any allowed client with VLAN Mode set to “no tag” (or, if you are using VLANs, to a configured VLAN ID). This will override setting from the configuration and thus only devices explicitly listed will have their packets processed.

I admit, it is not as flexible as rejecting registration but absence of any communication is usually a good signal that one needs to move to another network.

PS: Whitelisting AP clients doesn’t necessarily improve your security. Do not rely on it as a security feature.

Micro CA

If you decide to handle your own certificate authority for the purposes of internal certificates, you will be annoyed by all the house keeping tasks involved. This will ring especially true if you need a new certificate just few times a year and having a separate, always-ready machine is way too much overhead to handle.

As pretty much all above applies to me, I decided to create a helper script to ensure I setup stuff the same every time and I kept it really close to how I would do it manually.

First action is to create root CA certificate (will be saved in ca.cer/ca.key):

./microca.sh -r

Then we can give out, for example, TLS client and server certificates or just something for testing:

./microca.sh -u Client myclient
./microca.sh -u Server myserver
./microca.sh mytest

It is even possible to create an intermediate CA and use it to create other certificates:

./microca.sh -a intermediate
./microca.sh -c intermediate -u Client myclient
./microca.sh -c intermediate -u Server myserver
./microca.sh -c intermediate mytest

You can download script from GitHub alongside with brief documentation and it works on both Linux and Windows (via Git Bash).

[2017-03-17: Setting subjectAltName is also supported.] [2018-12-16: MicroCA has its own page now.]

Allowing Paste Linux Files Into a TextBox

If you are playing a lot with Linux, sooner or later you will see that pasting files produced by it will usually yield weird results on Windows as far as line ending goes.

You see, Linux uses Line Feed character (LF, ASCII 10) to signal the end of line. Windows uses a combination of Carriage Return and Line Feed (CRLF, ASCII 13+10). When Windows sees CRLF it will go to the next row. If it sees just LF, it will ignore it and you will see all in the same line unless application is a bit smarter. Unfortunately many are not.

Well, not much you can do about other people applications. However, you can ensure your application supports both CRLF and LF as a line ending. The only trick is to split text being pasted by CRLF, LF, and CR and to recombine it using CRLF (on Windows).

To catch paste, we can simply inherit existing TextBox control and override handling of WM_PASTE message:

internal class TextBoxEx : TextBox {
    protected override void WndProc(ref Message m) {
        if (m.Msg == NativeMethods.WM_PASTE) {
            if (Clipboard.ContainsText()) {
                var lines = Clipboard.GetText().Split(new string[] { "\r\n", "\n", "\r" }, StringSplitOptions.None);
                this.SelectedText = string.Join(Environment.NewLine, lines);
            }
        } else {
            base.WndProc(ref m);
        }
    }


    private static class NativeMethods {
        internal const Int32 WM_PASTE = 0x0302;
    }
}

Whenever you use TextBoxEx instead of TextBox, you will have your multiline paste working whether line ends in CRLF, LF, or even long-forgotten CR.

1 … 99 100 101 102 103 … 269