Windows password - never expire

Windows passwords expire by default in 6 months. To prevent this, https://www.itechtics.com/set-windows-local-user-account-passwords-to-never-expire/

lusrmgr.msc --> Right-click relevant user --> Properties --> General tab --> (check) Password never expires

Windows brute-forcing on RDP ports

Noticed some events on one of our Windows servers -

4625(F) An account failed to log on. (Windows 10) - Windows security | Microsoft Docs

How solve Brute Force through IIS NTLM authentication scheme - Microsoft Q&A

Stopping the RDP service seems to stop it.

setting the path variable, installing ffmpeg on windows

From How to Install FFmpeg on Windows? - GeeksforGeeks

 https://ffmpeg.org/download.html

 setx /m PATH "C:\ffmpeg\bin;%PATH%"

and restart.

uptime equivalent on Windows

To find out how long a Windows machine has been on, the equivalent of uptime on Linux - https://devblogs.microsoft.com/scripting/powertip-get-the-last-boot-time-with-powershell/

Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime

Using this in a "Basic Task" with Task Scheduler did not work when not logged on. So, instead of creating a basic task, used "create task" and chose "run whether user is logged in or not." Also enabled run with highest privileges.

converting ppk to pem on Linux

I had some PuTTY private key in .ppk format which I wanted to use on a Linux machine. One way would have been to install putty on Linux. Another way was to convert the ppk to pem format, and then use the standard OpenSSH ssh command. 

https://protocoderspoint.com/ubuntu-ssh-login-using-pem-file/

The version of puttygen available via the ubuntu repos seemed to be too old - so, downloaded and installed via https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html as per

puttygen: error loading x.ppk: PuTTY key format too new – ServerOK

So, 

tar -xvf putty*.tar.gz

cd putty[version]

# from the README

cmake .

cmake --build .

sudo cp puttygen /usr/bin/

and then 

puttygen server.ppk -O private-openssh -o server.pem

restarting IIS from cmd prompt

Since we have some Windows servers to which we ssh, restarting IIS from the command prompt is useful - we don't have to start an RDP session etc etc. 

https://www.se.com/id/en/faqs/FA211981/

Just run

iisreset

Apparently iisreset is better than net start / stop etc, since it will also reset other related services like FTP, SNMP etc. 

https://social.msdn.microsoft.com/Forums/en-US/789ac636-717d-4ac4-ae2a-aacd3a11a89b/iisreset-vs-net-startstop-w3svc

scheduled reboot of Windows server

I was exploring various options for issues with one of our Windows servers. Running out of RAM etc. For Windows machines, rebooting usually solves most problems, so looking for solutions for scheduled reboot - Server Reboot - Microsoft Q&A

 (But it shows run only if my admin account is logged on. Will see how it goes.)

SSH server on Windows 2016 Server - documentation link dump - fix for vi blank page on Windows

A link dump below:

https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse

 

This doc above is only for server 2019 - ours is 2016, so must use the github link below.

https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config

stackoverflow.com/questions/41618766/powershell-invoke-webrequest-fails-with-ssl-tls-secure-channel

https://www.tutorialspoint.com/how-to-install-the-msi-file-using-powershell#

administrators_authorized_keys needs to be created.

in  https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config

https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH-Using-MSI

to add path, the above wiki has some pointers.

How to Edit Files with a Real PowerShell Text Editor (adamtheautomator.com)

Chocolatey Software | Installing Chocolatey

https://www.google.com/search?q=how+to+restart+powershell+to+start+using+choco

 

(

choco install nano -y
worked.

) 

For using vim instead

windows - Basic text editor in command prompt? - Stack Overflow

choco install vim 

 

The open command: start a session - PuTTY Documentation

psftp syntax

open username@host port
like open myusername@myservername 22

 

Use puttygen to convert from id-rsa to ppk, using "Load an existing private key" option,

 

vim c:\programdata\ssh\sshd_config

public key can be appended by 

type id_rsa.pub >> c:\programdata\ssh\administrators_authorized_keys

page becomes blank when page down in vim

vim blank line is red and disappears after changing the window size - Stack Overflow

Vim background color renders incorrectly · Issue #832 · microsoft/terminal · GitHub

did not help, but using pagedown instead of down arrow worked.

Restart a Windows service from the command line - Super User

recommended using 

powershell -command "Restart-Service sshd -Force"

Putty's tunnels saved in session, so we need to use

PuTTY Configuration Tips and Tricks | HFC Portal (hfcc.edu)

to save reg file to export if we want to send a Putty configuration to someone else.

 

Unfortunately, this does not work on some machines, since the registry entries like path etc may be different. They would need to manually recreate the tunnels, I guess.

 

 

general troubleshooting of server outages

Copy-pasting from an email exchange:

Is the web app also facing issues or is the issue only with not being to log on to the server with remote desktop for admin tasks? If the app is also facing issues, we need to look into that also.

Maybe we can follow a process of elimination, mitigating the most obvious issues first, and then checking for deeper hidden issues.

The most common attacks for web-based apps which display forms to the user are brute force attacks which try to submit the forms automatically with all sorts of junk and try to compromise the server. Our app and the web interface do some user authentication using certain pages/forms, right? Those forms/pages must be hardened as the first step of defense. That is, they should not accept more than x number of characters, and should not accept special characters (other than those which are needed.)

Like https://www.google.com/search?q=user+input+sanitization+for+dot+net+app

If user input sanitization is taken care, then if still problems persist, next we have to look into the app logs if available and see if particular user behaviour crashes the app. Or whether there is any issue with multiple users logging in etc. We had done a test of this several months ago, but some code changes might have changed things. 

etc. etc. etc.

how to create a Windows 11 boot USB

On Windows, the easiest way to create a bootable Windows installation on a USB drive would be via Rufus. On Linux, the manual way is described at

https://www.addictivetips.com/ubuntu-linux-tips/how-to-create-a-bootable-windows-11-usb-on-linux/

either woeusb via python or manually with gparted creation of two partitions.

Method 1. sudo apt install git p7zip-full python3-pip python3-wxgtk4.0

sudo pip3 install WoeUSB-ng

Method 2. (a) Using GParted, repartition the USB drive as GPT from the menu - Device - Create Partition Table - GPT

(b) create two partitions - the first one FAT32, 128 MB or so labelled as BOOT (all caps), the next one NTFS with the rest of the space.

(c) mount the Win11 iso, copy over the files to the NTFS partition. 

(d) copy the files from all the folders except the sources folder to the BOOT partition, and the sources folder to the NTFS partition - according to https://www.elevenforum.com/t/create-windows-11-bootable-usb-installation-media.750/. 

 

(In a Rufus created USB Windows-to-go, only the BOOT and EFI folders as well as the files in the root folder are seen inside the BOOT partition. So, maybe it would be a good idea to copy all the files to both partitions - except the sources folder, which is too big, and can only be copied to the NTFS partition.)  

removing an app which auto starts in Windows

I'd purchased a refurbished laptop from Amazon for A, and the seller rentopc had put a registration app to start whenever Windows logs in the user. Checked if there was anything in the startup folder, no

https://support.microsoft.com/en-us/windows/add-an-app-to-run-automatically-at-startup-in-windows-10-150da165-dcd9-7230-517b-cf3c295d89dd

Then, found it in Start -> Settings -> Apps -> Startup

https://support.microsoft.com/en-us/windows/change-which-apps-run-automatically-at-startup-in-windows-9115d841-735e-488d-e749-9ba301d441e6#ID0EBD=Windows_10

DKIM with PhpMailer

I generally prefer to send emails via Google Workspace, if necessary using sSMTP, but in case someone needs to use phpmailer and send out emails, phpmailer also makes DKIM signing relatively easy.

https://www.stechies.com/spf-dkim-verify-your-emails-using-phpmailer/

https://github.com/PHPMailer/PHPMailer/blob/master/examples/DKIM_sign.phps

$mail->DKIM_domain = 'ourdomain.com';
$mail->DKIM_private = 'path/to/private.key>';
$mail->DKIM_selector = 'whatever';
$mail->DKIM_passphrase = '';
$mail->DKIM_identity = $mail->From;

troubleshooting email delivery issues

Copy-pasting from an email exchange:

1. SPF

You have to log on to the DNS control panel at

https://domain.nettigritty.com/servlet/CustomerIndexServlet

and change the SPF in the TXT record for thedomain.org from the current value of

v=spf1 include:_spf.google.com ~all

to

v=spf1 ip4:<ip of server sending the emails> include:_spf.google.com ~all

2. DKIM

Then, you can send me a screenshot of the dkim record, and I can tell you what to change it to.

 

Or you can send me an email from the domain's email id, and I can check the DKIM record if it exists etc. from the headers of the email.

problem with not booting Linux Mint after kernel update

A couple of days ago, when I attempted to shut down Linux Mint 20.3 on the Macbook, there was no shut-down button visible on the usual shut-down dialog box. I thought this was some problem with the latest update, and thought that a restart would fix things. (That was a mistake, as you can see below). But after doing a sudo reboot from a terminal, the system would not boot up - it complained of a kernel panic, no working init found, and suggested trying to remove the init options. After googling some no working init found forum posts etc, thought I might need to check the disk for errors, but 

badblocks /dev/sda3

found no errors. Then I thought I would just try booting with another kernel - pressed F2 (more options) from reFind, booted with an older kernel 5.4.0-121-generic. Booted up with no issues. Tried doing 

sudo apt update
sudo apt upgrade

Then found the real culprit.

E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem. $ sudo dpkg --configure -a
Setting up linux-image-5.15.0-41-generic (5.15.0-41.44~20.04.1) ...

Ah - so I was the culprit - Mint was not showing the shutdown button because the update was still in progress - I had somehow interrupted it. Anyway - running dpkg manually with the command above fixed the issue, and the system boots fine now with the 5.15.0-41-generic kernel too.

HTML audio loop attribute

There were some audio streams specifically made for the official app, which were just loopable content. Exploring the possibility of using just a link to the loopable file instead of an icecast stream, the way to implement a looping audio seems to be in code - javascript or html - like the html example below,

https://www.w3schools.com/tags/att_audio_loop.asp

In the app, similar code can be executed based on which Java widget they have used.

preventing ssh time-outs

In addition to my earlier ssh keep alive post, some more way to keep ssh from timing out - on the client side, 

https://stackoverflow.com/questions/25084288/keep-ssh-session-alive

and

on the server side, 

https://www.tecmint.com/increase-ssh-connection-timeout/

On the client side on Linux etc, editing or creating the file $HOME/.ssh/config , giving it appropriate permissions, 

chmod 600 $HOME/.ssh/config

and adding the lines below - 

Host *

    ServerAliveInterval 240

On Putty, Connection -> seconds between keepalives - set it to 100 or something like that if timing out. 

web server port forwarding and workaround

There seemed to be some issues like Chrome and Edge (on Windows) not connecting to localhost, as mentioned at https://stackoverflow.com/questions/43889497/chrome-cannot-connect-to-http-localhost8080-but-http-127-0-0-18080-works

So, I just changed the SSH tunnel to port 8080, and used the url like http://127.0.0.1:8080/restOfURL for it to work.

 

redo Income tax work on a different PC

Since the income tax dept in India has dropped Java (Linux) support for their offline utility and has only Windows/Mac versions, I tried out various methods to do the IT filing. When an 8 GB Win11 machine became available, I thought I would do the filing on that machine, and wanted to know where the data was saved on the old 4 GB Lenovo machine to copy it over. 

Where ITD e-filing utility data is saved? - Income Tax (caclubindia.com)

The above page talks about "import draft ITR filled in online mode", what I did was to export the json from the old machine and import it on the new machine. Probably I could have uploaded it to the online filing site, and then downloaded the json from there to import into the new machine also. 

interesting post about Legacy to UEFI in-place migration

 https://www.redhat.com/sysadmin/bios-uefi

- says "Move your Linux from legacy BIOS to UEFI in place with minimal downtime"

checking MD5 sum on a windows machine

On Linux, we do

md5sum filename

On Windows? https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000LWYqSAO

certutil -hashfile filename MD5

Dell Latitude 3410 audio issues

Ac purchased a brand new Dell laptop pre-loaded with Ubuntu, Dell Latitude 3410. After he booted it up and finished the setup with his login, when he tried the headphone jack, it did not work. The sound stopped coming out of the speakers, but no sound from the headphones. 

At first, I wondered if it was a hardware fault. Then found that this is a known problem with these laptops as seen on Dell's help forum -
https://www.dell.com/community/Latitude/Latitude-3410-and-3510-Audio-Jack-Problem/td-p/7659856

Since the above solution, of installing the Dell Optimizer app, is for Windows, googling for help on Linux, found these two posts.

https://askubuntu.com/questions/1291829/no-audio-on-dell-latitude-3410-with-ubuntu-20

https://forums.linuxmint.com/viewtopic.php?t=335242&start=40

This second one worked - the solution was to comment out the line which automatically suspends "sinks/sources that become idle for too long"
in /etc/pulse/default.pa

### Automatically suspend sinks/sources that become idle for too long
#load-module module-suspend-on-idle

And then reboot. After the reboot, manually choosing the audio as headset and manually disabling the speakers output using the pulseaudio sound control app gives us the desired outcome.

Income tax filing notes

After the Income Tax department (India) have changed to their new income tax e-filing portal last year, there were some teething troubles, but this year things seem to go smoothly. Or perhaps it is because I have learnt last year's lesson and did the first submission using the offline utility instead of online, since last year the offline utility was more stable than the online software. Or maybe because their documentation, help and faq sections are pretty good. Some notes, in no particular order.

1. For e-verifying returns using Canara bank, if you don't want to use the ATM method, the way is to choose to e-verify "using bank account details" - that directly sends an SMS with the verification code (EVC) to the linked mobile phone, and we can enter the EVC to e-verify. Probably the easiest way to e-verify would be using the Aadhaar-linked OTP, in case the Aadhaar is linked to a mobile number.
   
2. For filling up the csv in the Long Term Capital Gains, which is Schedule 112A in ITR2, there is an explanatory pdf linked from the button labelled "Need help ?" on the top right. NOT the Help menu item right at the top. Reading those instructions would be essential for correctly filling up the csv template. I got the required data from CAMS and KFin profit/loss statements for mutual fund gains and the old as well as new sale deeds for house sale proceeds.
3. Filling up this 112A does not automatically fill up the quarterly gain/loss in the schedules BYLA etc - we need to fill them manually.
   
4. When filling up ITR2, deduction for Interest income up to Rs. 10,000, (section 80TTA) comes under schedule VI-A, where we have to choose to expand "Part C, CA and D".
5. After paying tax, we have to again go back to "Computation of Taxes" schedule, enter the Challan serial number and other details of the tax we have paid, and again compute till the tax to be paid is zero.
6. The donations for which I usually get a 100% and 50% exemption without any qualifying limit were not accepted - the verification step failed with the error "same pan cannot be entered for different donation type", it would only accept it if entered as 100% and 50% "subject to qualifying limit", and the limit seems to be 10% of adjusted gross total income.
    

FAQ about uploading an Android app to Google's Play store

These were some questions which I was asked about uploading an app to Google's Play store. I'm also testing out How To Toggle Between Hiding And Showing an Element or How To Create a Hoverable Side Navigation. Since adding CSS using SPAN tags in blogger is a bit clunky, I'm not doing the hoverable style for this post. The links are plain anchor links to div ids.

1. What software readiness is required?  (This may or may not work.)
2. Any documentation to be completed?   
   When we upload the app, there are some mandatory requirements. There needs to be a privacy page for the app, we need to provide the content rating (whether it is suitable for children and so on), and we have to choose in which regions of the world our app would be available.
   https://orangesoft.co/blog/how-to-publish-an-android-app-on-google-play-store
   (In the above link, we have already got the developer account etc, as mentioned above.)
   After we submit the app, it would go for review by the google team, and would be available once it passes the review, which would take a few hours or a week.
3. We are currently on version 1.3.6 which is distributed as a link on Google drive. The way it works is that if someone has 1.3.5 on their device, 1.3.6 understands that and overwrites 1.3.5 while installing 1.3.6. Now, if we place either 1.3.6 or the later version in Google PlayStore, will it automatically detect the version installed using a Google drive link?
4. Some releases will be mandatory, and we would like the app to force update (for critical errors) and some releases may not be mandatory. Is this possible?
5. Can our developer team place it in Google PlayStore or will it be placed by you?

1. What software readiness is required?

For adding an app to the Google Play store, it needs to be signed by the appropriate developer. If you wish the app to be seen under the developer id of our organisation, like

https://play.google.com/store/apps/developer?id=Sri+Sathya+Sai+Vidya+Vahini

then the app apk has to be built again, using the developer key which we have, for our organisation. This takes between 5 minutes and half an hour, depending on how much RAM the development machine has. Then, the apk has to be uploaded using the ID which we have used for the earlier apps, for which we have the password. I had done it for the LMS app, and had documented it at

https://hnsws.blogspot.com/2021/04/updating-app-on-googles-app-store.html

If you wish to add the app under a different developer id, then the process, starting with creating a developer id, is mentioned at many places like

Registering an account - https://support.google.com/googleplay/android-developer/answer/6112435?hl=en

Adding the app - https://support.google.com/googleplay/android-developer/answer/9859152?hl=en

2. Any documentation to be completed?

When we upload the app, there are some mandatory requirements. There needs to be a privacy page for the app, we need to provide the content rating (whether it is suitable for children and so on), and we have to choose in which regions of the world our app would be available.

https://orangesoft.co/blog/how-to-publish-an-android-app-on-google-play-store

(In the above link, we have already got the developer account etc, as mentioned above.)

After we submit the app, it would go for review by the google team, and would be available once it passes the review, which would take a few hours or a week.

3. We are currently on version 1.3.6 which is distributed as a link on Google drive. The way it works is that if someone has 1.3.5 on their device, 1.3.6 understands that and overwrites 1.3.5 while installing 1.3.6. Now, if we place either 1.3.6 or the later version in Google PlayStore, will it automatically detect the version installed using a Google drive link?

If the new version of the app is built with the same app id as the old version of the app,

(which is a string like org.sssvv.sssvvmobile, which is the app id of our LMS app,

https://play.google.com/store/apps/details?id=org.sssvv.sssvvmobile )

then the old version will be overwritten with the new version. Otherwise not.

4. Some releases will be mandatory, and we would like the app to force update (for critical errors) and some releases may not be mandatory. Is this possible?

This behaviour is not default behaviour, it does not happen automatically. This needs code to be written in the app to periodically check for new versions, and if mandatory upgrade, not allow the user to use it till (s)he upgrades. One way of implementing this is using in-app upgrades, for example

https://medium.com/android-news/implement-in-app-update-in-android-68892bd11e35

5. Can our development team place it in Google PlayStore or will it be placed by you?

This is up to the management team. If you wish me to give the developer key + developer id password to the development team, I can do that, and they can place it in the Google Play Store. Or if the devel team give me the code, I can build the app and place it in the Google Play Store. In either case, it would be good if the management team provides

(a) Privacy page draft (or if the LMS app privacy page is enough, we would need to change the wording a little bit)

(b) Description for the app which comes in the "About this app" paragraph

(c) Logos and artwork as required. (this may be already available).

You could take a look at the LMS app for ideas,

https://play.google.com/store/apps/details?id=org.sssvv.sssvvmobile

iframe contents resizing

We had an iframe with a blogspot blog being displayed on the website. But the iframe content was too wide, there were horizontal scroll-bars on the iframe. Looking for solutions to resize the content, this answer scales it by half, and this answer has support for more browsers. I used the latter, but without the pos. So,

....

<head>

....

<link rel="stylesheet" type="text/css" href="../../css/iframe-for-blog.css" />

....

</head>

and in the iframe-for-blog css file,

iframe {

/* Set the width of the iframe the size you want to transform it FROM */

width: 1108px;

height: 710px;

/* apply the transform */

-webkit-transform:scale(0.75);

-moz-transform:scale(0.75);

-o-transform:scale(0.75);

transform:scale(0.75);

/* position it, as if it was the original size

position: absolute; - we're not using this.

left: -400px;

top: -200px; */

}