Re-subscribe to Let’s Encrypt Renewal Reminder Emails

Linux No Comments

Let’s Encrypt will automatically email expiration notices when your domain’s SSL certificate is coming up for renewal at 20 days, 10 days, and 1 day before the expiration date. (Recently, I received notices at 19 days and again at 10 days.)

I’ve found these renewal reminders very helpful because in the past, they’ve told me that the certificate auto-renewal process I had created (see Free SSL Certificate from Let’s Encrypt for Nginx) was broken. (Initially, I had attempted to setup the auto-renewal process to execute as a non-root user, but frequent updates requiring root access kept breaking it. I ended up configuring the auto-renewal to use root access.)

The renewal email body contains a link with the title “If you want to stop receiving all email from this address, click…” at the end. Unfortunately, the link is very long, taking up 3 to 4 lines of text (on my screen) and making it easy to click on by accident. More unfortunate, clicking on the link will disable the sending of expiration reminders to your email address for all domain certificates, not just the particular domain certificate in question. This change cannot be undone; you cannot re-register the same email address.

However, there is a re-registration workaround documented at Let’s Encrypt’s Expiration Emails page. The workaround takes advantage of how most email services will ignore the plus symbol and whatever follows it in an email address. For example, “myuser+1@mydomain.com” is treated the same as “myuser@mydomain.com”.

To re-subscribe your email address, run the command below in your certbot installation directory. (You will be prompted to input your sudo password if necessary.)

$ cd certbot
$ ./certbot-auto register --update-registration --email myuser+1@mydomain.com

Requesting to rerun ./certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'
d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N

IMPORTANT NOTES:
 - Your e-mail address was updated to myuser+1@mydomain.com.

The community support page, Accidentally Unsubscribed, mentions an alternative workaround using LetsMonitor.org. LetsMonitor.org appears to be an external website which periodically checks the expiration date on your domain’s SSL certificate. I haven’t tried it but I don’t see any reason why it wouldn’t work.

No Comments

Create Animated GIF With Photoshop

Audio Visual No Comments

Creating an animated GIF is pretty easy with Adobe Photoshop. I will show you how I created the animated eye that you see to the right, using instructions from Build Animated GIFs in Photoshop. The secret is to use Photoshop’s Animation window.

Note: I found other web instructions that recommend using a Timeline window, but I could not find such a feature in my Adobe Photoshop CS5 version.

Layers Galore

The first step is to create layers, one or more of which together will construct each animation frame. While I could construct each frame using just one layer each, I decided to separate out the static “Animate Me” eyebrow image into its own layer and to include that layer in every frame.

  1. Create a new Photoshop project.
  2. The project is created with a default background layer.
  3. Draw the eyebrow. In my case, I wrote the eyebrow text using the Typing Tool and then warped the text using the Arc style.

I drew the eye using an oval for the outer rim and a circle for the pupil. (I lost the original image so re-created it to the right below by horizontally flipping one of the partial eye image and combining. That’s why the lines look too thick.)

To animate the eye blinking, I subtracted and added arc lines as necessary.

  1. Create a new layer by using menu Layer, New, Layer…, and click Ok.
  2. Select the new layer.
  3. Draw the eye using a circle and an oval.
  4. Duplicate the eye layer using menu Layer, Duplicate Layer…, and click Ok.
  5. Edit the eye by subtracting and adding arc lines.
  6. Repeat the above to create additional eye layers as necessary.

Animation Frames

Open the Animation window by going to menu Window and selecting Animation. The Animation window will appear at the bottom and there will be one frame already existing.

  1. To create another frame, select the existing frame and then click on the page icon (“Duplicates selected frames”) to the left of the trash icon (“Deletes selected frames”) at the bottom of the Animation window.
  2. Repeat to create the number of frames you desire.
  3. Select each frame and then select the layer(s) you want to be visible in that frame.
  4. The number of second(s) under each frame indicates the delay before the animation moves to the next frame. Adjust those delay times accordingly.

Note: Selecting the frame determines what is visible on the screen (that is, whatever layers are selected as visible in that frame). Selecting the layer (in the Layer window) still determines which layer a graphical operation will affect. To avoid confusion, you might want to manually ensure that the layer you select is enabled for the frame selected.

Save that GIF

To save the project to an animated GIF file, use menu File, Save for Web & Devices…. I just accept the defaults and click Save.

Note: If you save using menu File, Save As…, and select Format as “CompuServe GIF (*.GIF)”, you will end up with a static GIF image (containing the layer selected in the frame selected), not an animated GIF.

To test the GIF file, open it in a browser. If you open it in the default image or photo viewer, you will only see the first frame and no animation.

For your reference, you can download my Photoshop project file, animate_me.psd, containing the eye animation above.

No Comments

Re-install MacPorts After MacOS Upgrade

Mac OS X No Comments

I upgraded from Mac OS X 10.10 Yosemite to macOS 10.12 Sierra. After that, any MacPorts command I ran returned the following error:

Error: Current platform "darwin 16" does not match expected platform "darwin 14"
Error: If you upgraded your OS, please follow the migration instructions: https://trac.macports.org/wiki/Migration
OS platform mismatch
    while executing
"mportinit ui_options global_options global_variations"
Error: /opt/local/bin/port: Failed to initialize MacPorts, OS platform mismatch

The problem is that MacPorts is specific to a Mac OS X platform. The best way to fix this problem is to follow the Migrating a MacPorts installation guide.

Totally Clean Slate

MacPorts migration provides a “restore_ports.tcl” script to restore all the ports (a.k.a. packages) once you have upgraded MacPorts. However, I decided to start from a clean slate and only install ports as I needed them.

# Save list of installed ports (FYI for myself)
port -qv installed > ~/ports_installed.txt

# Save list of ports you manually installed (exclude dependency ports)
port installed requested > ~/ports_requested.txt

# Uninstall all installed ports
sudo port -f uninstall installed

# Clean any partially-completed builds
# Remove leftover build files (this should be done automatically already)
sudo rm -rf /opt/local/var/macports/build/*

# Remove download files
sudo rm -rf /opt/local/var/macports/distfiles/*

Note: I noticed that executables like svn (from subversion port) were left behind in /usr/bin and could still be used.

Partially Clean Slate

If you decide to keep your existing ports and to use the “restore_ports.tcl” script, you might consider cleaning out inactive packages:

# Get list of inactive ports you likely no longer need
# Alternative command: port echo inactive
port installed inactive

# Remove all of the inactive ports
sudo port uninstall inactive

Install macOS-specific MacPorts

Install the latest MacPorts for your macOS version:

  1. Install or upgrade to the latest version of Xcode Developer Tools (free from the Mac’s App Store) and run it once.
  2. Install the latest Command Line Developer Tools by running this command in the Terminal app:
    xcode-select --install
  3. Download and install the MacPorts package matching your Mac OS X version. It will overwrite the existing MacPorts installation.

Update MacPorts Configuration

The new MacPorts installer won’t modify the existing configuration file so you will need to update it manually. The updated configuration file “macports.conf.default” is located in the “/opt/local/etc/macports” directory. The old configuration file “macports.conf” is also in the same location.

Before overwriting the old file with the new, I recommend doing a file comparison:

cd /opt/local/etc/macports/
diff macports.conf macports.conf.default

Note: If you prefer a nice graphical user interface, you can use the FileMerge application which comes with Xcode. Just run FileMerge and input the paths to the two files to compare them.

There wasn’t any significant difference between the two files (beyond comments), but I went ahead and overwrote the old one with the new.

cd /opt/local/etc/macports/
sudo cp macports.conf.default macports.conf

Note: There are two other MacPorts configuration files, “variants.conf” and “sources.conf”, which the migration guide doesn’t mention. I compared them anyways and the only significant difference I found was in the “sources.conf” where the “rsync” value was different. I overwrote the “sources.conf” with the latest to ensure that everything is updated.

If you didn’t do a totally clean slate, you will want to follow the migration instructions on how to run the “restore_ports.tcl” script.

Some info above derived from:

No Comments

iPhone Missing From Windows 10 File Explorer

Mobile Devices No Comments

Under Windows 7, whenever I connected my iPhone, I would see a device drive appear in the File Explorer, which allowed me to manually copy photos from the iPhone to my computer. Under Windows 10, the device drive no longer appeared. I found the solution to this problem at iPhone doesn’t show up in Windows 10 File Explorer [Solved].

On my system, the cause is Windows 10 neglecting to install the “MTP USB Device” driver. MTP stands for Media Transfer Protocol, which Microsoft uses to allow access to files (like photos and videos) on iOS and Android devices. Under my Windows 10 machine, when I connect my iPhone, Windows 10 only installs the “Apple Mobile Device USB Driver” which iTunes uses. It does not install the “MTP USB Device” driver which File Explorer requires.

The solution is to manually install the “MTP USB Device” driver. This fix also worked for my iPad and iPod Touch.

Note: You may also have this problem under Windows 7 or 8. Or with an Android device. The steps below should still work.

Install MTP USB Device

To manually install the “MTP USB Device” driver:

  1. Connect the iPhone, iPad, or iPod to the Windows computer. Trust the computer if prompted to (only need to do this once when you first connect a new device).
  2. On the computer, run the “Device Manager” application.
  3. Open the “Universal Serial Bus controllers” section.
  4. Right-click on the “Apple Mobile Device USB Driver” and select “Update driver”. A dialog window will appear.
  5. Select “Browse my computer for driver software” and then “Let me pick from a list of available drivers on my computer”.
  6. Select the “MTP USB Device” driver in the “Show compatible hardware” listbox. Click Next.
  7. Once done, you will get a “Windows has successfully updated your drivers” message. Click Close to quit the dialog window.
  8. In the “Device Manager”, if you open “Portable Devices”, you will now see a new “MTP USB Device” driver listed. However, the device still doesn’t appear in the File Explorer and worse, the “Apple Mobile Device USB Driver” is gone (iTunes won’t show the attached device icon any longer).
  9. Disconnect and reconnect the iOS device. Windows will now load both the “Apple Mobile Device USB Driver” and “MTP USB Device” driver.
  10. The iOS device should now appear in the File Explorer under “This PC” and “Devices and drives”.

Note: If you check “Portable Devices” under the “Device Manager” again, you will now see the “Apple iPhone”, “Apple iPad”, or “Apple iPod” driver listed. The “MTP USB Driver” is renamed to the specific device type.

You should only need to manually install the “MTP USB Device” driver once for each new iOS device. Windows 10 should automatically load the “MTP USB Device” driver on subsequent connections.

Re-install MTP USB Device

I have seen a behavior when on a subsequent connection, Windows 10 did not successfully load the “MTP USB Device” for my iPhone. When I checked “Portable Devices” in the “Device Manager”, I saw the “Apple iPhone” driver with a caution icon, meaning it was in error state.

To fix the issue, I just right-clicked on the “Apple iPhone” and selected the “Update driver” option. And then I followed the instructions above from step 5 onward.

Hopefully your Windows 10 system does not have this problem. If it does, I hope the steps above will resolve your issue.

No Comments

Factory Image Flash a Nexus 5 Android Phone

Mobile Devices No Comments

I needed to re-image a Google Nexus 5 Android GSM smartphone with its stock factory image. Because I haven’t done this in a long while, I thought I would document what I did.

The instructions below should also work for the Google Pixel phone. I did the re-image using my Windows 10 desktop, but you can also do it on a Mac.

Note: Please backup your data because a factory image flash will destroy everything!

Install ADB and Fastboot

We need to install the software tools necessary to flash an Android phone. These are the Android Debug Bridge (adb), used to communicate with an Android device, and fastboot, used for writing directly to a device’s flash memory.

Thankfully, Google has separated these tools from the Android SDK into a smaller “SDK Platform Tools” package.

  1. Download the SDK Platform Tools package; I downloaded “platform-tools-latest-windows.zip”.
  2. Unzip to a directory, say “C:\Program Files\platform-tools”.
  3. Add that directory to the %PATH% environment variable.
  4. Launch a Command Prompt window and run “adb version”. I got “Android Debug Bridge version 1.0.39” as the response.

Enable USB Debugging

Enable USB debugging so adb can talk to the phone:

  1. On the phone, go to Settings, “About phone”, and scroll to the bottom until you see “Build number”.
  2. Click on the “Build number” seven times. You’ll see popups telling you how many times more to press to enable “Developer options”. (Ex: “You are now 3 steps away from being a developer.”)
  3. Once done (you’ll see a “You are now a developer!” popup message), go back to Settings and you will see a new menu “Developer options”. Click to go into it.
  4. Near the top, you will see an option “USB debugging”. Enable it.
  5. Plug the phone into the computer and answer “OK” when prompted with “Allow USB debugging?”. (Windows 10 was able to automatically find and install the Nexus 5 driver. If your operating system fails to do so, you may need to find and install the driver for your phone manually.)
  6. Open a Command Prompt window and run “adb devices”. It should list one device.

Note: You can see the status of and control how the USB connection behaves. On the connected phone, drag from the top, and you will see a message relating to the USB connection. If USB debugging is enabled, you will see the “USB debugging connected, Touch to disable USB debugging” message. If you disable USB, you will see a new “USB for charging, Touch for more options” message. You can change USB options to “File transfers” if you wish to browse files (such as pictures) located on the phone.

Find Factory Image

The hardest part of this process was finding the correct factory image to download for the Nexus 5. There were so many listed without any helpful instructions as to which image to download.

Here’s what I did:

  1. Locate Google’s Factory Images for Nexus and Pixel Devices page.
  2. Find the factory images for the “Nexus 5”, which is code-named “hammerhead”. (The “Nexus 5X” has code-name “bullhead”.)
  3. Locate the last image, which is the latest and greatest version, “6.0.1 (M4B30Z, Dec 2016)”. (“M4B30Z” and similar are build labels, not model numbers, as I originally thought. So any of them should work with the Nexus 5, though an older Nexus 5 image would prompt you to update the latest.)
  4. Unzip the downloaded “hammerhead-m4b30z-factory-625c027b.zip” file to any location; I just left the unzipped “hammerhead-m4b30z” folder in the Downloads folder.

Flash Factory Image

This is the easiest step because Google has provided a script with the factory image that does all the work.

  1. Open a Command Prompt window and change directory to the unzipped factory image folder.
  2. Run the “flash-all.bat” script. It only took 125 seconds to complete, ending with the message “finished. total time: 125.757s”.

The Nexus 5 then rebooted.

Note: It is recommended to do a data reset after a factory image flash. To do so, go to Settings on the phone, “Backup & reset”, and “Factory data reset”.

Need To Know

For your reading pleasure, below is the output of the “flash-all.bat” script:

C:\Users\username\Downloads\hammerhead-m4b30z> flash-all.bat
target reported max download size of 1073741824 bytes
sending 'bootloader' (3124 KB)...
OKAY [  0.316s]
writing 'bootloader'...
OKAY [  0.543s]
finished. total time: 0.863s
rebooting into bootloader...
OKAY [  0.100s]
finished. total time: 0.101s
target reported max download size of 1073741824 bytes
sending 'radio' (45489 KB)...
OKAY [  1.748s]
writing 'radio'...
OKAY [  3.130s]
finished. total time: 4.881s
rebooting into bootloader...
OKAY [  0.100s]
finished. total time: 0.102s
extracting android-info.txt (0 MB) to RAM...
extracting boot.img (8 MB) to disk... took 0.033s
target reported max download size of 1073741824 bytes
archive does not contain 'boot.sig'
archive does not contain 'dtbo.img'
archive does not contain 'dt.img'
extracting recovery.img (9 MB) to disk... took 0.061s
archive does not contain 'recovery.sig'
extracting system.img (996 MB) to disk... took 6.279s
archive does not contain 'system.sig'
archive does not contain 'vbmeta.img'
archive does not contain 'vendor.img'
wiping userdata...
mke2fs 1.43.3 (04-Sep-2016)
Creating filesystem with 7137786 4k blocks and 1785856 inodes
Filesystem UUID: b6135b46-f5a1-11e7-9dd3-33ea8476e3c7
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

wiping cache...
mke2fs 1.43.3 (04-Sep-2016)
Creating filesystem with 179200 4k blocks and 44832 inodes
Filesystem UUID: b66edade-f5a1-11e7-be2f-2fbe1c3d8ae8
Superblock backups stored on blocks:
        32768, 98304, 163840

Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

--------------------------------------------
Bootloader Version...: HHZ20h
Baseband Version.....: M8974A-2.0.50.2.30
Serial Number........: 04a0b345437de8e6
--------------------------------------------
checking product...
OKAY [  0.100s]
checking version-bootloader...
OKAY [  0.098s]
checking version-baseband...
OKAY [  0.099s]
sending 'boot' (9156 KB)...
OKAY [  0.529s]
writing 'boot'...
OKAY [  0.780s]
sending 'recovery' (10014 KB)...
OKAY [  0.587s]
writing 'recovery'...
OKAY [  0.828s]
erasing 'system'...
OKAY [  0.988s]
sending 'system' (1020657 KB)...
OKAY [ 35.063s]
writing 'system'...
OKAY [ 69.580s]
erasing 'userdata'...
OKAY [ 14.754s]
sending 'userdata' (4416 KB)...
OKAY [  0.369s]
writing 'userdata'...
OKAY [  0.497s]
erasing 'cache'...
OKAY [  0.580s]
sending 'cache' (428 KB)...
OKAY [  0.229s]
writing 'cache'...
OKAY [  0.217s]
rebooting...

finished. total time: 125.757s
Press any key to exit...

For more details, I found this page, How to flash a factory image | Return to stock | Unroot your Nexus 5, very helpful.

No Comments

Make a Dumb TV Smart Using Roku and Plex

Audio Visual No Comments

My brother-in-law gave me his huge 65 inch LCD TV. Score! But it was a dumb TV with no Internet capability or apps support. And I didn’t have cable or a digital OTA (Over the Air) tuner. Fortunately, there were many ways to turn a dumb TV into a smart TV. I chose the Roku 2 XS 1080p Streaming Player. Why? Because someone was selling one for $20 on craigslist.

Once I owned the Roku 2 XS, I started to see why it was the best media player to purchase (mere-exposure effect or familiarity principle). You see, the Roku 2 XS has the best features of the Roku 3 (USB port, Bluetooth remote, SD card) while keeping the backward compatibility of supporting a composite AV (audio/video) output, in addition to HDMI. The USB port allows me to directly connect a USB flash drive or portable hard drive full of videos to the Roku. The Bluetooth remote means I can hide the Roku behind the TV and still be able to control it. Finally, I think the old TV only does 1080p, so the 1080p supported by Roku 2 XS is perfectly fine.

Though the Roku supported wireless Internet, I hooked it up using a wired LAN connection to avoid any possible lag in throughput (can’t hurt when streaming 1080p HD video). Once I finished attaching the Roku to the TV with a HDMI cable, it was time to power it on. Because I did a factory reset on the Roku, I had to pair the remote again by pressing the little purple button inside the remote’s battery compartment for 3 seconds. I created an account with Roku and added channels (Roku’s name for apps); for example, the YouTube, Netflix, and Amazon Video channels are the most popular if you have kids. (If you want to play videos from the SD card or USB port, you will need to install the Roku Media Player channel.)

The Roku has no off switch, so it is immediately ready to use (instead of booting up each time). I read that it will go to sleep after 30 minutes of inactivity. Make sure to always stop playing before turning off the TV though. Or just unplug the Roku.

Cast to Roku

Because Roku supports the DIAL (Discovery and Launch) protocol used by Chromecast, you can cast to it from YouTube on your Windows desktop, Macbook laptop, or smartphone. Just click on the cast icon in the YouTube player and select the Roku.

The YouTube cast function and YouTube Channel are both temperamental. Sometimes when I try to cast, I have to cast twice before the video would actually play on the Roku. Sometimes the YouTube player says it is casting but it isn’t, so I have to manually stop casting and redo the cast. Worse, sometimes the YouTube Channel crashes and I am knocked back to the Roku’s main home page.

On Windows, my YouTube player did not show the cast icon. The problem was caused by the new YouTube layout. To fix it, I had to go to back to the old layout by clicking on my YouTube user icon and selecting the “Restore old YouTube” option. The old layout correctly showed the cast icon. Strangely, when I switched back to the new layout (by browsing to YouTube.com/new), the new layout now showed the cast icon. I saw this behavior using the Chrome browser, so other browsers may not have this issue.

Plex Stream From Desktop

If you have kids, you might prefer to avoid swapping movie DVDs by ripping them all to video files (I recommend using the open source HandBrake utility). Putting the files on a portable USB hard drive and connecting it to the Roku will give you a library of entertainment to choose from.

In my case, I didn’t have a portable USB hard drive, so I decided to just stream the movies from my desktop. The Plex Media Server was the free and simple DIY solution. I downloaded it, install it, launch it, created an account, added a Movies library, and selected the folder where my movie files were. The Plex Media Server scanned the folder (and its sub-folders), added the movie files, and downloaded nice preview images and summaries for each movie. (If you add and remove movie files, you can tell Plex Media Server to rescan by clicking on the options “…” to the right of the Movies library and selecting the “Scan Library Files” command.)

The Plex Media Server runs as a local web server which your browser can connect to. The Plex Media Server’s user interface will appear in the browser when you double-click on the Plex icon in the Windows’ system tray or the Mac’s status menu. In addition, the local Plex Media Server integrates with the Plex website online to allow you to access your videos from anywhere. I didn’t see a need for global access and thought it was a security risk, so I disabled the “Remote Access” option under Settings.

On the Roku, I added the Plex Channel, and signed in. The Roku displayed a 4 character alphanumeric code and asked me to input it into the Plex Media Server’s Link Account page at plex.tv/link. Once that was accomplished, the Plex Channel listed my movies.

Note: When playing .mkv movie files, the Plex Channel may crash randomly. Plex Channel is solid when playing .mp4 or .avi files.

Subtitles For Plex

Plex supports subtitle files, such as .srt files. To see the subtitles on your TV, you will need to make two changes:

  • Configure the movie to use subtitles. On the Plex Media Server interface, click on the movie to see its details, and select the subtitle file to use.
  • Configure the Roku to display subtitles. On the Roku, go to main menu Settings, Captions, Captions mode, and select “On always” (the other choices are Off and “On replay”). This is a global setting affecting all movies. Unfortunately, there is no easy way to turn subtitles on and off while the movie is playing.

Strangely, the Plex Channel interface provides an option to delete the movie. If you select the delete command, the actual movie file on the desktop is deleted (the corresponding subtitle file is not deleted). Thankfully, if you delete by mistake, you can find the movie file in the the desktop’s Trash folder.

Automobile Roku

I thought about setting up the Roku in my sister’s minivan. Instead of dragging all the movie DVDs around and swapping them in and out, my sister could use the Roku and a portable USB hard drive. I could connect the Roku to the car’s composite AV input and power it from the provided outlet.

Unfortunately, I found that the Roku took 45-60 seconds to boot up and about 5-6 button clicks to play a movie file. When you have kids, you can’t afford to take a minute to load the movie. You just want to pop in the DVD, hit play, and start driving. Better yet, start driving and the DVD will automatically continue playing where it left off. The Roku did not have such a hands-off continue playing feature. So it was a no go.

No Comments

Securing WordPress

Linux No Comments

Recently, I received a couple of “Password Reset” request emails from my blog. I surmised that someone had tried to log into my WordPress administrative account, was unsuccessfully, and had resorted to using the “Lost your password?” link on the login page. Disconcertingly, the email indicated that my admin username was being used. I checked my blog and thankfully, it looked like nothing was wrong.

It was time to make my WordPress installation more secured.

Disable Password Reset

I decided to remove the “Lost your password?” link on the WordPress login page. I doubted that I would forget my admin password and even if I did, I could always go directly to the MySQL database to change it. Because I didn’t need to support more than one user (my admin user), I decided to use the simpler manual method from How to Remove the Password Reset / Change option from WordPress, instead of the Plainview Protect Passwords plugin.

Here are the steps to globally disable the password reset option:

  1. Create a file named “disable-password-reset.php” with the following content:
    <?php
    /*
     * Plugin Name: Disable Password Reset
     * Description: Disable password reset functionality. Only users with administrator role will be able to change passwords from inside admin area.
     * Version: 1.0
     * Author: WPBeginner
     * Author URI: http://wpbeginner.com
     */

     
    class Password_Reset_Removed
    {
     
      function __construct()
      {
        add_filter( 'show_password_fields', array( $this, 'disable' ) );
        add_filter( 'allow_password_reset', array( $this, 'disable' ) );
        add_filter( 'gettext',              array( $this, 'remove' ) );
      }
     
      function disable()
      {
        if ( is_admin() ) {
          $userdata = wp_get_current_user();
          $user = new WP_User($userdata->ID);
          if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
            return true;
        }
        return false;
      }
     
      function remove($text)
      {
        return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') );
      }
    }
     
    $pass_reset_removed = new Password_Reset_Removed();
    ?>
  2. Upload this file to your server’s WordPress plugins directory (“/var/www/wordpress/wp-content/plugins”).
  3. Log into WordPress, go to Plugins, and activate the “Disable Password Reset” plugin. The password reset option will now be disabled for all users, including administrators.

As a precaution, I also changed the admin username because it had been compromised. This was accomplished by creating a new admin user in WordPress, logging into the new user, and then deleting the old user.

Force Login to Require Secure HTTPS

When I configured my VPS (Virtual Private Server), I allowed the WordPress login page and administrative areas to be accessible by unsecured HTTP. So anyone sniffing data packets on the Internet could see, in plain text, the info my browser was sending to my server. This may explain how my admin username was known to whomever was attempting to access my WordPress site.

To prevent the above, I decided to force the WordPress login and administration pages to require secure HTTPS access. I found the simplest method at WordPress SSL Settings and How to Resolve Mixed Content Warnings, which was to enable the “FORCE_SSL_ADMIN” WordPress option.

Edit the WordPress configuration file (“/var/www/wordpress/wp-config.php”) and add the text below before the “/* That’s all, stop editing! Happy blogging. */” statement at the bottom of the file:

/**
 * Secure (force HTTPS) entire wp-admin area
 * Note: Includes FORCE_SSL_LOGIN which secures login.php script
 */

define('FORCE_SSL_ADMIN', true);

/* That's all, stop editing! Happy blogging. */

After the change above, even if I were to access the login page using unsecured HTTP, it would automatically redirect me to the secure HTTPS login page.

Your Connection Is Not Fully Secure

Normally, when accessing a website using secure HTTPS, the browser would display a padlock next to the URL to indicate that the connection is secure. (Chrome shows a yellow padlock before the URL. Internet Explorer shows a grey padlock after the URL.) However, when I accessed my WordPress site using secure HTTPS, the padlock was not shown. Under Chrome, when I clicked on the info icon next to the URL, a message “Your connection to this site is not fully secure” was displayed.

I tested my site using Why No Padlock? and it found two issues:

  1. Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol.
  2. Number of insecure items: 15. (A.k.a. the mixed content issue. All 15 items were unsecured HTTP image links.)

The first issue can be resolved by disabling the SSL v3 protocol:

  1. Edit the Nginx server block file (“/etc/nginx/sites-available/default”). Locate and add/modify the “ssl_protocols” directive like below (the first line is commented out):
    #       ssl_protocols SSLv3 TLSv1;
            ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  2. Restart the Nginx service so the changes above will take effect:
    sudo service nginx restart

Note: When I restarted Nginx, I saw warnings in the Nginx error log (“/var/log/nginx/error.log”) that looked like the following:

2017/09/02 01:15:24 [warn] 20631#0: duplicate value "TLSv1.2" in /etc/nginx/sites-enabled/mydomain:128
2017/09/02 01:15:24 [warn] 20631#0: duplicate value "TLSv1.1" in /etc/nginx/sites-enabled/mydomain:128
2017/09/02 01:15:24 [warn] 20631#0: duplicate value "TLSv1" in /etc/nginx/sites-enabled/mydomain:128

I found that it was caused by having two “ssl_protocols” directives in the Nginx server block file. Once I removed the duplicate directive, the warnings disappeared.

If you have more than one domain (resulting in more than one Nginx server block file), you can add the “ssl_protocols” directive to the Nginx configuration file (“/etc/nginx/nginx.conf”), instead of to all the server block files. Directives in the Nginx configuration file will apply to all server block files.

The second issue, “insecure items” or mixed content, was caused by unsecured image link URLs in each blog post’s content. Fixing it would require editing all image links to use the secured URL instead. I plan to replace the unsecured image link URLs with secured URLs over time. Eventually, I hope to see the padlock on secured HTTPS access to my WordPress site. (By default, WordPress inserts an image link using an unsecured URL. So you will need to edit the pasted image link manually to use the secured URL.)

Note: I was concerned that browsers would not cache images downloaded by secure HTTPS. However, after some research, I found out that modern browsers (as of 2010) will cache HTTPS content by default.

WordPress Debug Mode

If you haven’t already done so, you might consider temporarily enabling the WordPress debug mode to see if there are issues with the theme or plugins. Setting debug mode will return a wealth of log messages (all errors, notices, and warnings) that might point out potential issues with your WordPress installation.

To set debug mode, edit the WordPress configuration file (“/var/www/wordpress/wp-config.php”) and add the following directives before the “/* That’s all, stop editing! Happy blogging. */” statement:

// Enable WP_DEBUG mode
define( 'WP_DEBUG', true );

// Enable Debug logging to the /wp-content/debug.log file
define( 'WP_DEBUG_LOG', true );

// Disable display of errors and warnings inside the page HTML
define( 'WP_DEBUG_DISPLAY', false );
@ini_set( 'display_errors', 0 );

// Use dev versions of core JS and CSS files (only if modifying them)
define( 'SCRIPT_DEBUG', true );

/* That's all, stop editing! Happy blogging. */

Once you are satisfied, don’t forget to disable the debug mode because it may adversely affect the performance of your WordPress site.

// Enable WP_DEBUG mode
define( 'WP_DEBUG', false );

I found only notices and PHP strict warnings concerning some plugins, but thankfully, no errors.

No Comments

How to Sell a Used Computer Like a Car Salesman

Hardware 2 Comments

A normal Craigslist transaction is quick. You establish your interest and confirm the price, place, and time to meet. You meet. The seller hands you the item. If it is electronics, you take a few minutes to test out the functions. You hand over the cash. Shake hands and then leave. 5-10 minutes maximum.

In early May, my sister asked me to buy a desktop computer for her. Her budget was $100, which is
totally doable for a used Core i5 desktop.

I found one, a Dell Optiplex 790 with Core i5, on craigslist advertised for $115. I negotiated it down to $100 by text messages. The ad didn’t say anything about a business so I figured it was a private seller.

The address I was given was mapped to the All Green Recycling Center in Tustin, CA. Some sellers do arrange meetings at their work location so I thought nothing of it. When I showed up, it turned out that the business was selling it.

The sales person who met me in the unoccupied reception area was Maria. She told me that someone showed up 5 minutes before me and purchased the computer I wanted. However, they did have another computer with the same specs, but with a 1TB hard drive instead of a 500GB one. The price was $150.

I told her that $150 was quite a stretch from $100 just for a bigger used hard drive. She said she would talk to her manager and disappeared behind the interior office door. 10 minutes later, she appeared. This initiated the trend where she would claim to need to do something and then disappear for 10-15 minutes at a time. Similar to how car salesmen would disappear for long stretches of time in order to wear the customer down.

Once Maria came back, she said that the lowest price they could do was $130… she paused for a few seconds and then said $120.

I’m not sure what that was about. Was she trying to anchor me at $130 so $120 would sound like a great deal? Or did her manager tell her to start at $130 and only go down to $120 at the lowest? Was she my best friend or my worst enemy?

All I heard was $120. I told her I didn’t really want the bigger hard drive, but $120 was doable if they would throw in the used wireless card that she had indicated were available in the text messages. She said she would ask her manager and disappeared once more.

10 minutes later, Maria appeared and said that they didn’t have a wireless card. I asked her if they could just change the hard drive to a smaller one. She replied that they didn’t do customization, so changing the hard drive was impossible. That the lowest price was $120 and that was it.

I told her, okay, let’s do it. She disappeared for 15 minutes and came back with the desktop. Then she said the price was $131 with tax. I gave her my credit card and ID and then she disappeared again. 10 minutes passed. I thought, how long does it take to charge a credit card and print a receipt? Was she 3D printing a copy of my credit card?

I had time to think and it occurred to me that I was overpaying. $131 was 30% above my sister’s $100 budget. I could have purchased the same desktop off of ebay for $100-$110 with free shipping, and not have had to deal with this very slow, horrible bait-n-switch experience.

I opened the interior office door, flagged down an employee, and asked him to tell Maria to abort the transaction. We didn’t want to buy after all.

I think Maria’s manager overheard because he came out of his office and asked what was going on. I told him that we had agreed by text on the price of $100, but that when I came, they didn’t have the computer I wanted. Instead they had another computer which was more expensive. And now, I decided not to do the deal after all. The manager was concerned and asked me to confirm twice that an agreement was reached before I showed up. He asked me to wait while he went to find Maria.

Within a couple of minutes, Maria appeared and said that they would swap out the 1TB hard drive for a 500GB drive and charge the originally agreed upon price of $100. Looks like you do do customization, I thought. She gave me my credit card and ID back. She promised it would only take a few minutes to swap the drive (which I doubted) and then took the desktop back in.

By this time, I had been there for almost an hour. I think the slow, horrible service is Maria. I don’t know what her deal is but she seems very incompetent at her job. Awfully slow for no apparent reason that I could see. The other employees seemed more friendly and competent because when they saw me waiter, they all immediately asked if I was being helped.

So I waited 15 minutes and still no Maria. Surely it wouldn’t take more than 5 minutes to swap a hard drive; were they also re-installing Windows 10 or something? Finally, another employee came and asked if I was being helped. I told him Maria was helping me, that I had come to buy a computer, and that it had been more than an hour. He looked surprised and said he would find Maria to see what was going on.

A couple of minutes later, Maria appeared with the desktop. Was she just hiding somewhere with the desktop and only came because a coworker found her? Like a golem.

She asked if I got an invoice? Ugh, I told her that I didn’t. I asked her if she had charged my card? She said no. I wanted to ask why she gave me back my credit card and than waited until after the hard drive was swapped before asking if she had given me an invoice. What if I had said yes and left without paying? At this point, I decided that she was not all together there. I asked her if she needed my credit card and ID, she said yes, and I gave them to her.

She left. I waited 10 minutes. Still no sign of Maria. Again, how long does it take to charge and print an invoice? Evidently for Maria, longer than 10 minutes. Finally, she appeared with the invoice.
Thankfully, the torture was over.

The business did not offer an option to boot up the desktop. However, they did offer a 90 day warranty. When I got to my sister’s, I tested the desktop. It booted up to Windows 10 fine. The only problem was the DVD drive didn’t open. Sighed. My sister said she would take it back for a drive replacement or repair. I warned her to avoid Maria; anyone else would be preferable.

That was a horrible experience. My subsequent craigslist transactions have involved filtering out all businesses. Even then, I needed to double-check because some businesses masqueraded as private sellers.

If you want to find out how buying a used computer can be as horrible as buying a used car, look up Maria.

2 Comments

Windows Explorer Has Stopped Working

Windows No Comments

My brother-in-law has a problem with his Windows 7 laptop. He continually sees the pop-up error message, “Windows Explorer has stopped working”, and the desktop would flicker (killing all file explorer windows) as Windows restarts the process. He cannot do anything productive with the malfunctioning machine. He asks me to take a look.

When diagnosing and fixing a misbehaving Windows system, I do the following:

  1. Clean virus or spyware (aka malware) infection. Virus and spyware could cause Windows to act strangely by damaging critical system files.
  2. Prevent strange programs from running on startup.
  3. Fix file system issues and check Windows file system integrity.
  4. Disable and delete unknown browser plugins. Reset the homepage to a blank tab.
  5. Resolve Windows registry inconsistencies.
  6. Pull the latest Windows updates.

Note: Most of the instructions below are applicable to Windows 8 and Windows 10 with some minor differences.

Death to Viruses and Spyware

Before running the virus and spyware scans, I recommend deleting temporary files to speed up the whole process by reducing the number of files to scan. Launch “Disk Cleanup”, select the primary drive, click on the “Clean up system files” option, select the primary drive again (if prompted to), check all temporary files found, and delete them.

Note: Under the Disk Cleanup’s “More Options” tab, you can delete “System Restore and Shadow Copies”. I don’t recommend deleting System Restore images because that will remove the ability to restore Windows to an earlier point in time. Only do so if your Windows computer is working without any problems and you really want to reduce the virus scan time. (Virus scanners doing a full, not quick, scan will take significantly more time to scan through the System Restore files.)

I run Microsoft Security Essentials (known as Windows Defender in most versions of Windows), update it, and start a quick scan. Updating it successfully is a good sign because some viruses will cripple virus scanners pre-emptively. Security Essentials find no infection. (If you don’t already have a virus scanner installed, I recommend downloading the free Windows Security Essentials.)

I then launch Malwarebytes Anti-Malware, update it, and initiate the scan. Malwarebytes finds and cleans several malware infections. I don’t know whether those infections are serious or not; I’m just glad they are gone. The worst is knowing that even if you successfully clean a virus or spyware infection, it may not solve all the problems because they tend to leave damage behind.

Note: Malwarebytes Anti-Malware is free and requires that you manually run it. The paid premium version provides real-time, constant surveillance.

Because I want to make certain that the laptop is clean, I also run ComboFix. ComboFix is a powerful spyware scanner which I’ve used successfully in the past with Windows XP. ComboFix should only be used at your own risk, because it could potentially damage Windows further. If you decide to use ComboFix, download it from bleepingcomputer.com, not from combofix.com or combofix.org. The latter will ironically give you a spyware-infected ComboFix version!

Thankfully, ComboFix completes running and does not destroy Windows 7. Unfortunately, the ComboFix log file is cryptic so while I’m fairly certain that it fixed something, I’m not exactly sure what.

The good news is that after a reboot, Windows no longer displays the “Windows Explorer has stopped working” popup message. So it looks very likely that spyware or malware caused the initial issue.

Say No to Startup Programs

Note: The System Configuration tool (msconfig) was removed from Windows 10. Its functions are incorporated into the Task Manager’s Startup and Services tabs.

Execute “msconfig” on Windows 7 to run the System Configuration tool and look for the Startup tab, which will list the programs launched at boot time. Google any program you don’t recognize. You may see remnant programs, with non-sensical names like “BDsad32Zm”, left by the virus or spyware — just uncheck them. (To reduce the startup time, I recommend unchecking any unnecessary programs like QuickTime and Adobe Reader. They supposedly speed up the launching of these programs, but at the cost of increasing startup time.)

Note: To reduce the startup time further, you can look at the Services tab and uncheck any unnecessary services, like “Distributed Link Tracking Client” (useful only if you link shared files across the network). Alternatively, instead of using “msconfig”, you could launch “services.msc” and disable the service or modify it to start manually, instead of automatically. Windows will start a manual service if necessary; for example, if an automatic service depends on it.

I do not find any strange startup programs on my brother-in-law’s laptop. Malwarebytes or ComboFix may have gotten rid of them already.

System Integrity Or Else

Corrupted files on the hard drive may cause Windows or programs to behave strangely. Thankfully, Windows provides two tools to diagnose this issue: a Check Disk tool (chkdsk) to fix general file system problems and a System File Checker (sfc) to verify Windows system files. (For more info on the System File Checker, see Use the System File Checker tool to repair missing or corrupted system files.)

To use the Check Disk tool:

  1. Click on the Windows start menu icon, input “cmd”, right-click on the “cmd.exe” or “Command Prompt” result, and select “Run as administrator” to launch the command prompt window with administrative privileges.
  2. Execute the following command (first line without the “>”):
    > chkdsk /f

    The type of the file system is NTFS.
    Cannot lock current drive.

    Chkdsk cannot run because the volume is in use by another
    process.  Would you like to schedule this volume to be
    checked the next time the system restarts? (Y/N)
  3. Input “Y” for Yes and reboot the laptop. The startup process will scan the hard drive for errors before running Windows.

Note: If you have a second hard drive, you can check it without rebooting; for example, by running the command “chkdsk /f d:” if you have a “D:\” drive.

To use the System File Checker:

  1. Run a “Command Prompt” as administrator (same steps as above).
  2. Execute this command:
    > sfc /scannow

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.
    Windows Resource Protection found corrupt files but was unable to fix some of them.
    Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
    C:\Windows\Logs\CBS\CBS.log

The Check Disk tool finds some file inconsistencies and fixes them. Unfortunately, though the System File Checker finds issues, it is not able to repair them all. This means that my brother-in-law’s laptop has some Windows system file corruption, which is bad.

The “CBS.log” file is large and dense. Microsoft recommends filtering it by running this command:

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

The resulting “sfcdetails.txt” is not too helpful; it doesn’t show the filenames. Here is an excerpt:

2017-05-08 15:15:49, Info                  CSI    00000578 [SR] Verifying 100 (0x00000064) components
2017-05-08 15:15:49, Info                  CSI    00000579 [SR] Beginning Verify and Repair transaction
2017-05-08 15:15:49, Info                  CSI    0000057b [SR] Verify complete
2017-05-08 15:15:49, Info                  CSI    0000057c [SR] Verifying 100 (0x00000064) components
2017-05-08 15:15:49, Info                  CSI    0000057d [SR] Beginning Verify and Repair transaction
2017-05-08 15:15:49, Info                  CSI    00000580 [SR] Cannot verify component files for a3ba03adb219630fa0874057b9609115, Version = 6.1.7601.23418, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (TRUE)
2017-05-08 15:15:49, Info                  CSI    00000582 [SR] Verify complete

Note: Unfortunately, I had used the Disk Cleanup tool to delete the System Restore images earlier. As a result, I am unable to revert to earlier Windows 7 versions which might not have had the system file corruption. I’m not sure, but the System File Checker might have been able to use files from the System Restore images to correct the issues above. Duh.

I’m hopeful that the Windows Update, which we will do later, will fix these corrupted files.

System File Checker To The Max

You may consider running the System File Checker in Windows safe mode. On boot up, hold the F8 key until you see the Advanced Boot Options menu and then select the “Safe Mode with Command Prompt” option. Doing so may allow the System File Checker to repair files that might be in use during a normal boot up.

Additionally, before running System File Checker, you may wish to ensure that temporary files belonging to it (under “PendingRenames” and “PendingDeletes”) are deleted. Those files are protected so you’ll also need to take ownership before you can delete them. Run the Command Prompt as administrator and issue these commands:

cd %windir%\winsxs\Temp\PendingRenames

# Take ownership of files
takeown /f *.*

# Grant file permissions to administrators (assuming you are one)
icacls *.* /GRANT ADMINISTRATORS:F

# Delete the files
del *.*

# Repeat to delete files under PendingDeletes (which is a hidden directory)
cd %windir%\winsxs\Temp\PendingRenames

Note: The Advanced Boot Options menu also has a “Repair Your Computer” item; however, when I select it, I get an error, “The boot selection failed because a required device is inaccessible”. I try inserting both a Windows 7 installation DVD and USB flash drive, but they are not accepted. I think this option depends on having a special repair partition, which is missing from the laptop.

Browser Plugins Be Gone

As a general matter of computer hygiene, I check both the Internet Explorer and Chrome browsers on the laptop. Specifically, I am looking for plugins, extensions, or add-ons that shouldn’t be there. When I find them, I disable and delete/uninstall them.

I also double-check that the default search provider and homepage have not been overwritten. For example, the unwanted SmartSearch plugin loves to set the search provider to Yahoo and the homepage location to its own search website.

I do not locate any unwanted browser plugins on the laptop.

Windows Registry Be Consistent

I install the free CCleaner tool, select the Registry tool, scan for issues, and fix them all. I recommend choosing the option to backup the registry before making changes. That way if it goes horribly wrong (but Windows still works), you’ll have a way to undo the action. Always reboot afterwards to check that the registry changes are okay.

The Windows registry serves as Window’s memory bank. Inconsistencies in it will cause Windows to misbehave. Corruption in it could cause Windows to stop running. As with ComboFix, use CCleaner at your own risk.

Note: CCleaner also offers a tool to find and delete temporary and unnecessary files. I usually use it in addition to the Window’s “Disk Cleanup” tool.

To The Latest And Greatest

I launch “Windows Update”, see that some updates are pending, and start their installation. Then I wait and wait. The progress bar shows zero progress. When I hover the mouse over the Windows Update icon in the system tray, the tooltip message “Windows is downloading updates (0% complete)” keeps appearing. I give up after 30 minutes.

After some research, I find that Microsoft had significantly changed how Windows Update worked on October 11, 2016. If the Windows Update is unable to update itself, then the “0% complete” issue could occur. I download and install the KB3172605 package according to Windows 7 Update solution.

I re-run the Windows Update and this time, the updates download and install successfully, except for one. The single failed update is the “2017-05 Security Monthly Quality Rollup for Windows 7 for x86-based System (KB4019264)” package. The error code is 80073712, which means that the Windows component store is corrupt.

Unfortunately, Windows Update couldn’t repair the corrupt Windows system files.

Ready To Repair

I find suggestions that the standalone System Update Readiness tool could be used to repair corrupt Windows system files. I download the version for 32-bit Windows 7 and run it. It is able to repair some files, but not all.

Note: Windows 7 comes with a built-in DISM (Deployment Image Servicing and Management) tool which contains some of the System Update Readiness tool’s functions. Though the Windows 7 DISM is not as powerful as the Windows 8 or 10 version, you can run it with “DISM /Online /Cleanup-Image /Scanhealth” (more powerful parameters like “/Restorehealth” will not work under Windows 7). I still decid to use the standalone System Update Readiness tool instead.

Thankfully, the System Update Readiness tool’s log file, “%windir%\Logs\CheckSUR.log”, is very readable and lists the un-repairable files at the end.

Unavailable repair files:
    winsxs\manifests\x86_a3ba03adb219630fa0874057b9609115_31bf3856ad364e35_6.1.7601.23418_none_c3113e25b89565d3.manifest
    winsxs\manifests\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.23375_none_cce17c0fae9f1772.manifest
    winsxs\manifests\x86_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17501_none_4942df405f80bb4b.manifest
    winsxs\manifests\x86_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.1.7601.23572_none_7811a73e66577d81.manifest
    servicing\packages\Package_37_for_KB3138612~31bf3856ad364e35~x86~~6.1.1.1.mum
    servicing\packages\Package_7_for_KB3138612~31bf3856ad364e35~x86~~6.1.1.1.mum
    servicing\packages\Package_for_KB3138612_SP1~31bf3856ad364e35~x86~~6.1.1.1.mum
    servicing\packages\Package_for_KB3156017~31bf3856ad364e35~x86~~6.1.1.0.mum
    servicing\packages\Package_37_for_KB3138612~31bf3856ad364e35~x86~~6.1.1.1.cat
    servicing\packages\Package_for_KB3138612_SP1~31bf3856ad364e35~x86~~6.1.1.1.cat
    servicing\packages\Package_for_KB3156017~31bf3856ad364e35~x86~~6.1.1.0.cat

Following instructions from How to fix errors found in the CheckSUR.log, I download the packages for KB3138612 (Windows6.1-KB3138612-x86.msu) and KB3156017 (Windows6.1-KB3156017-x86.msu), and place them in the newly-created “%WinDir%\Temp\CheckSUR\Packages” folder.

I re-run the System Update Readiness tool. It repairs the corrupted files belonging to those packages. The resulting log now only shows the corrupted manifest files:

Unavailable repair files:
    winsxs\manifests\x86_a3ba03adb219630fa0874057b9609115_31bf3856ad364e35_6.1.7601.23418_none_c3113e25b89565d3.manifest
    winsxs\manifests\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.1.7601.23375_none_cce17c0fae9f1772.manifest
    winsxs\manifests\x86_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17501_none_4942df405f80bb4b.manifest
    winsxs\manifests\x86_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.1.7601.23572_none_7811a73e66577d81.manifest

Unfortunately, I am unable to find a source for the manifest files online or otherwise. My friend has a Windows 7 desktop, but his installation is 64-bit and I need the 32-bit versions.

Upgrade To Windows 7 For The Win

When the System File Checker failed, I was afraid I would have to do it. I fought it, but in the end, it looks like I need to do an in-place upgrade of Windows 7. Effectively, re-install Windows 7 on top of itself. This “upgrade” should replace the corrupted files, while preserving everything else.

Note: I thought that I might avoid re-installing Windows 7 by just re-installing the Service Pack 1 (in the hope that it would be sufficient to replace the corrupted files). Unfortunately, when I attempt to install the Service Pack 1, it fails with a cryptic zero file termination error.

To perform an in-place upgrade, do the following:

  1. Make sure you have the Windows 7 product key!
  2. Run Windows 7 as normal. Log in with an administrator account.
  3. Disable any virus or spyware scanner. To disable Microsoft Security Essentials, go to Settings, Real-time protection, uncheck the “Turn on real-time protection (recommended)” option, and click on the “Save changes” button.
  4. Insert a bootable USB flash drive containing the Windows 7 Professional with SP1 32-bit installer (see instructions on how to create one). Or if you prefer, insert the Windows 7 install DVD.
  5. Run the “setup.exe” on the USB flash drive (or DVD) and click on the “Install now” button.
  6. Select the “Go online to get the latest updates for installation (recommended)” option. (If you don’t have Internet access, you’ll need to choose the second option, “Do not get the latest updates for installation”.)
  7. Accept the license terms and select the “Upgrade” option.
  8. Sit back, relax, and wait. My brother-in-law’s laptop takes almost an hour to do the in-place upgrade. I observed the following: 20 minutes, reboot, 20 minutes, reboot, 5 minutes, reboot, chkdsk, and reboot.
  9. After the final reboot, you will be prompted to enter the Windows 7 product key. Input the product key.
  10. Select the recommended defaults in the following two screens. You’ll then see the normal Windows 7 login screen.
  11. Log in, activate the Windows 7 product key, and re-enable the virus scanner.

After the “upgrade”, I run “Windows Update”. After a couple of minutes, it says “133 important updates are available”. I was afraid of that — looks like I need to install all the updates since Service Pack 1. Two hours later (after 133 updates, reboot, 59 updates, reboot, 3 updates, reboot, 1 update, and reboot), all the updates are installed successfully.

Back to the Past

Over the next hour, two more updates are found and installed. Then an “Internet Explorer 11 for Windows 7” update appears which fails to install. What?!

I run the Check Disk (chkdsk) tool. Unexpectedly, it finds some file index errors and correct them all. I run the System Update Readiness tool. It finds some issues and fixes them all. I run the System File Checker (sfc). It finds problems and complains “Windows Resource Protection found corrupt files but was unable to fix some of them”. Uh oh, it’s the same problem.

I filter the System File Checker’s log file and one log statement says that the “mvc80JPN.dll” file is corrupt. That file belongs to Microsoft Visual Studio 2005. I download and install the Microsoft Visual Studio 2005 runtime, but it does not correct the file. I am not able to find another source online. I am stuck at the same dead end.

Having no choice, I hide the “Internet Explorer 11” update. The “Internet Explorer 10” update appears, it fails to install, and I hide it also. Looks like all Internet Explorer versions depend on the corrupt “mvc80JPN.dll” file.

Over the next day, two dozen updates show up, including the “2017-05 Security Monthly Quality Rollup for Windows 7 for x86-based System (KB4019264)” update. All of them download and install successfully. Eventually, no new updates appear.

For now, my brother-in-law can live without the latest Windows Explorer version. He can use the existing Internet Explorer 8 or the latest Chrome browser. If he uses Internet Explorer 8, he should be okay if he avoids Japanese websites; he doesn’t read Japanese so I don’t think that it will be a problem.

Note: If and when my brother-in-law next encounters a major issue with his Windows 7 laptop, I will probably just do a fresh installation of Windows 10 on it.

And we are done. I hope the above will help you to solve your “Windows Explorer has stopped working” error or other Windows problems.

No Comments

Install macOS Sierra Using Bootable USB Flash Drive

Mac OS X No Comments

To perform a clean installation of macOS Sierra (basically, Mac OS X 10.12), I recommend using a bootable USB flash drive containing the macOS Sierra installer. Below are the steps I took to create the bootable USB flash drive and how I used it to install macOS Sierra.

Note: The macOS Sierra Disk Utility and installer appears to be more buggy and much slower than previous versions. The best advice for installing macOS Sierra is to try again and be very patient (if you expect an operation to complete in 5 minutes, then give it at least 50 minutes).

Download macOS Sierra Installer

The macOS Sierra installer is available from the Mac App Store. Run the “App Store” application, search for “macOS Sierra”, and download it. It will save the installer as an “/Applications/Install macOS Sierra.app” file (about 4.97GB in size).

Note: If you run the macOS Sierra installer to upgrade your Mac, the downloaded file will be deleted automatically after the upgrade is completed. To keep that file, you will want to move it out of the Applications folder so it won’t be deleted after an upgrade. Launch the “Terminal” application and run this command to move the downloaded installer to your user’s “Downloads” folder:

sudo mv /Applications/Install\ macOS\ Sierra.app/ ~/Downloads/

If you are paranoid (doesn’t hurt), you can verify that the installer file was downloaded correctly by verify its checksum. Run the “Terminal” application and this command:

hdiutil verify /Applications/Install\ macOS\ Sierra.app/Contents/SharedSupport/InstallESD.dmg

# If successful, the last output line should read:
# hdiutil: verify: checksum of "/Applications/Install macOS Sierra.app/Contents/SharedSupport/InstallESD.dmg" is VALID

Format USB Flash Drive

The macOS Sierra installer takes up 5.1GB of space on the USB flash drive, so you will need a flash drive with a capacity of 8GB or greater.

Note: If the flash drive is mounted under “/Volumes” successfully when you plug it in, you can skip the following steps to reformat the flash drive. This is because the script we run to create the bootable drive will reformat the flash drive as an initial step. Because I am paranoid, I recommend reformatting the USB flash drive manually anyhow.

Format the USB flash drive using these steps:

  1. Plug in the USB flash drive to your Mac.
  2. Launch the “Disk Utility” application.
  3. On the left-hand pane, select the USB drive (not the partition under it, if any).
  4. Click on the “Erase” tab (or button at the top).
    1. Input a name like “Sierra” (this name will be overwritten later).
    2. Select “Mac OS Extended (Journaled)” for “Format”.
    3. Select “Master Boot Record” for “Scheme”.
    4. Click the “Erase…” button at the bottom. Click the “Erase” button in the warning popup dialog if you get one.
      • The format operation may take several minutes to complete. (USB 2.0 and large capacity drives will take longer.) After the format completes, the partition will be mounted under “/Volumes/Sierra” (or whatever name you selected above).
      • Note: Under macOS Sierra, the Erase function will fail if the USB drive’s partition is mounted. You can manually unmount the partition before running Erase. Or you can run Erase twice; the first time will unmount the partition and fail, and the second time will actually do the format (which will succeed).
  5. Close the “Disk Utility” application.

Create Bootable USB Flash Drive Installer

To create the bootable USB macOS Sierra installer, run the “Terminal” application and this command:

# The --volume value is the mounted USB flash drive partition; in this case, named /Volumes/Sierra

sudo /Applications/Install\ macOS\ Sierra.app/Contents/Resources/createinstallmedia --volume /Volumes/Sierra --applicationpath /Applications/Install\ macOS\ Sierra.app --nointeraction

# You will be prompted for your user's administrative password.

The “createinstallmedia” program will erase the USB flash drive, create a new partition named “Install macOS Sierra”, and copy the installation files to that partition. The output will look like:

Erasing Disk: 0%... 10%... 20%... 30%...100%...
Copying installer files to disk...
Copy complete.
Making disk bootable...
Copying boot files...
Copy complete.
Done.

The program will pause at the “Copying installer files to disk…” output line above. This step took 20-30 minutes with my Kingston 16GB USB 2.0 flash drive. Yours may take a shorter or longer time. I recommend giving it at least an hour, maybe two, before giving up.

Note: Mac hardware is very finicky about USB flash drives. Initially, I used a Corsair 32GB USB 3.0 drive; however, when I held down the Option key to try to boot with it, the Mac would freeze with a black startup screen. The Kingston 16GB USB 2.0 drive did not have this problem. So if you enounter issues (when erasing and copying) or weirdness (when booting), consider changing to another brand of USB flash drive. If you don’t have another drive, consider at least testing the flash drive to make sure it is not bad or corrupted (“First Aid” in “Disk Utility” is the minimum; google for more powerful tools).

Boot With USB Flash Drive

Note: I recommending connecting the Mac to its AC power adapter before beginning the macOS Sierra installation. The installation may take a long time (an hour or more) and you don’t want the battery to die in the middle.

To boot a Mac with the USB flash drive:

  1. Shutdown the Mac.
  2. Insert the USB flash drive.
  3. While holding the “option/alt” key down, turn on the Mac to display the boot Startup Manager.
  4. You should see one or more icons, one of which should be called “Install macOS Sierra” for the USB flash drive. (The internal hard drive may not be visible if it does not have a valid, bootable partition installed.)
    • Note: If you don’t see the USB flash drive’s “Install macOS Sierra”, try removing and re-inserting the USB flash drive while viewing the Startup Manager screen. The USB flash drive should then appear after a few seconds.
  5. Select the “Install macOS Sierra” (with left/right arrow keys) and hit the “return/enter” key to boot from the USB flash drive.

It may take 5-10 minutes or longer to load the installer from the USB flash drive. Sometimes the progress bar may appear to be frozen… just be patient. I would give it at least 30-60 minutes to load before giving up.

Format the Hard Drive

When the installer finishes loading, you will see a “macOS Utilities” window appear. Do the following to format the internal hard drive:

  1. Click on the “Disk Utility” option and click the “Continue” button on the bottom to launch the “Disk Utility” application.
  2. On the left-hand pane, select the hard drive (not the partition under it, if any).
  3. Click on the “Erase” button at the top.
    1. Input a name like “macOS”.
    2. Select “Mac OS Extended (Journaled)” for “Format”.
    3. Select “GUID Partition Map” for “Scheme”.
    4. Click the “Erase…” button at the bottom.
      • For SSD (Solid State Drive), the format operation may take less than a minute to complete. For mechanical hard drive, it may several minutes to hours, depending upon the size, speed, and condition of your hard drive.
      • Note: Again, the Erase function will fail if the hard drive’s partition is mounted. You can manually unmount the partition before running Erase. Or you can run Erase twice; the first time will unmount the partition and fail, and the second time will actually do the format (which will succeed).
  4. Close the “Disk Utility” application.

Note: Now and then, I noticed the output of the Erase seems to erroneously double the size of the hard drive. For a 128GB hard drive, the graph shows 120.88GB macOS (in blue) and 120.37 GB Unformatted (in red). I think it is just a user interface bug because when I close Disk Utility and re-open it, the graph then only shows the 120.88GB macOS (in blue).

Install macOS Sierra

Back at the “macOS Utilities” window, do the following to begin the macOS Sierra installation process:

  1. Click on the “Install macOS” option and click the “Continue” button.
  2. The “macOS Sierra” installer’s splash screen will appear. Click the “Continue” button.
  3. Click on the “Agree” button to agree to the license. A popup confirmation window will appear; click on the popup’s “Agree” button.
  4. Select the hard drive and click the “Install” button.

Note: You may encounter strange hardware behavior. On my 13 inch Macbook Pro Retina, the macOS Sierra installer turned the fan on to maximum for the whole duration of the installation. Thankfully, once it finished and rebooted, the fan turned off and stayed off.

The macOS Sierra installer tries to be helpful by telling you how long it will take. Unfortunately, it lies. You should take whatever remaining time it tells you and multiple by 10 (for minutes) or 100 (for seconds). If it says “6 minutes remaining”, that could mean 60 minutes or one hour remaining. Worse, if it says “6 seconds remaining”, you may be staring at that message for 600 seconds or one hour.

The best solution is to be patient. Go grab a bite to eat and watch a movie. Take a long nap or better yet, sleep your 8 hours. I would wait at least 4 hours before giving up.

Note: You can display the installer’s log window (using the menu or pressing Cmd+L). I didn’t find this helpful at all. Even for a successful install, numerous errors are logged; I don’t know what is a critical or non-critical error. And often, you won’t see a progress/status log output for a long time, easily 20-30 minutes. Not seeing any new log statements does not mean that the installer froze. So the logs didn’t do anything for me.

What Does Giving Up Mean?

Giving up means you have accepted defeat. The next step is to retreat and try again. Some suggestions on how to proceed:

  • Reset your Mac by doing the following:
    1. Reset the SMC (see step 3 under the “Reset the SMC on Mac notebook computers” section).
    2. Reset the NVRAM (aka PRAM).
    3. Run the Apple Hardware Diagnostic or Test to make sure you don’t have a hardware failure.
    4. Finally, retry the macOS Sierra install.
  • Use a different USB port on the Mac.
  • Use another brand of USB flash drive.
  • Delete and re-download the macOS Sierra installer (especially if you downloaded it a long while ago). Even if the checksum is okay, you may want to re-download in case there is a newer version of the installer with a bug fix for your very problem.
  • Download an older Mac OS X version, say Mac OS X 10.11 El Capitan, install that, and then upgrade to macOS Sierra. If you know the Mac OS X version which came with your Mac originally, consider downloading (if you still have access) and installing that version first.
  • Use the Mac Recovery System to download and install the original OS version that came with your Mac. Then upgrade from that to macOS Sierra.
  • Buy a more recent model Mac (at most a couple of years old). It may be that your current Mac is too old or slow to support macOS Sierra. It’s okay to keep running an old Mac OS version. (For example, if I had a Core 2 Duo Mac, I would not run anything later than Mac OS X 10.9 Mavericks on it.)

Hopefully, this post will help you to do a fresh installation of macOS Sierra.

Some info above taken from:

No Comments

« Previous Entries