Restoring the Windows 10 Registry

I tend to back up everything, which not only helps in the event of the occasional catastrophic failure, but is also a godsend in the event of doing something stupid. The first step, of course, is taking backups of everything via BackupPC, so if you’ve landed here and haven’t done that … well, go do that. (If you’re in the unfortunate circumstance of having lost your registry without a backup, well, it’s something to remember for next time.)

What you’ll need: a USB stick with Windows 10 boot media. You can download this right from Microsoft. You’ll also need some way to retrieve your backed up files from your BackupPC installation, but that’s pretty easy.

Locate the hive files from the BackupPC host in question — you’ll find them under \windows\system32\config. You can be surgical about this if you know exactly which hives need restoring, or you can go for the nuclear option:

system
sam
security
software
default

You’ll need them on the USB stick; it’s simplest just to download a .zip file of what you need, then unpack it onto the USB drive. It doesn’t matter where, as long as you can find it later.

Boot from the USB drive (this may require tweaking the boot device in the BIOS) then go to Recover Windows, then go to a command prompt. If you’ve just booted, you probably have an abbreviated C: drive and an X: drive, neither of which is the hard drive you want to copy things to.

diskpart
list volume
(one of these is going to be your Windows drive, it shouldn’t be too hard to pick out)
select volume [number]
assign letter [unused drive letter]
exit

Now copy the registry files from the backups on the USB stick (probably mounted as C:) right over their counterparts on the drive you just mounted. You might want to make backups first, but that’s up to you.

Reboot, and your registry is back

Share

The Wonderful Lunacy of Cut-Resistant Gloves

I ran across these gloves, and the first thing I noticed was that the picture depicted somebody apparently trying to cut off their own finger.

Don’t try this at home

At first glance, it doesn’t say “these are cut resistant gloves” so much as “you’re going to need a new pair of gloves. Once you get back from the emergency room.”

Most sellers appear to make their point with the common, “you want to perform black magic? Not with these gloves” style of palm-cutting demonstration.

Imaginary blood brothers

Sure, that gets the point across, but what if you want to demonstrate that your gloves are really very cut-resistant? Then you attack your gloved hand with Paul Hogan ferocity:

You call that a knife?

These things are kind of awesome. But what if I want to artfully cut finger and wrist holes in a metal can, and jam my whole hand through it?

Metal can is not part of glove; if you’re creating a post-apocalyptic film, you’ll have to cut your own cans

At least it’s better than depicting that you might need a pair if you have trouble distinguishing one end of a knife from the other:

Hand me that knife, would you?
Just what exactly were you trying to do, here?

It makes me appreciate those sellers of safety gloves who get the point across — that these will help you avoid blade-and-hand related tragedies — by also illustrating that if you’re going to test the limits of your safety equipment, maybe not stake your fingers on the result of a successful experiment:

Okay, you can probably try this at home

Though it seems that something that might be as effective as all of these, is the graphic depiction of somebody who still has both their thumbs:

Delightfully labeled so you’re well aware there are two thumbs
Share

Terrible Drivers

It’s probably no surprise that Seattle drivers are objectively the worst drivers out of hundreds of cities.  In practice, bad driving ranges along a spectrum from merely irritating, like being behind somebody unwilling to make a turn until the road is completely devoid of traffic, to dangerous and stupid, like wandering into the opposing lanes or crossing a bike lane without looking.

To be fair, some of Seattle’s terrible driving is caused by inconsistent and incomprehensible road layouts.  The city is littered with intersections that require special attention, with bike lanes that could literally be anywhere, six-way blind intersections with no markings, left-hand merges, and right-of-way conflicts that take a keen legal mind to correctly ascertain.  Express lanes are usually the leftmost highway lane, proving an incentive (and legal reason) for driving slowly in the left lane without passing.

Given this high cognitive load, there seems to be a large segment of the driving population that gives up entirely, which only adds to the confusion.  To make things worse, the Seattle police don’t seem particularly interested in enforcing traffic laws.

I was recently impressed by a new way to be terrible, illustrated in this diagram:

How not to make a right turn

This is the intersection of 9th and Mercer, an often-busy intersection.  Cars traveling down Mercer are mostly headed to the highway, and it’s not uncommon for people to turn onto Mercer and get stuck in the intersection, blocking cross traffic.  The right lane on ninth is often occupied by people wanting to turn right, anyway.  The left lane on 9th only has a left arrow and markings indicating that it’s left-turn only for the entire block, but as the right lane moves slowly, there’s a fairly consistent group of people who get in the left lane to turn right.  When the left arrow is illuminated, they simply turn across the right lane, blocking both the left and right.  Naturally, this slows the right lane even further, encouraging those who wish to make right turns to follow suit and get in the left lane.  Of course, people who want to either go straight or follow traffic laws are pretty screwed.

Good job sucking, blue car.  You are both a terrible driver and a terrible person.

Share

BackupPC and Bare Metal Restore of Windows 7+

It has been five years since I posted BackupPC and Bare Metal Restore of Windows XP, which has been surprisingly popular.  However, Windows XP has been out of official support for quite a while now, and the same techniques, although they can be made to function with newer versions of Windows, are no longer ideal.  On the plus side, there are better options for bare metal recovery now.

First, it’s worth mentioning that BackupPC is a system designed to back up files, not images, so recovery is going to be slightly imperfect.  While the files themselves can be completely recovered, the ability to recover file permissions is limited, so that it may not be suitable for a server with complex file permissions or where security of the data is paramount.  File based backups are particularly good for the case where files are lost or damaged (often through user error) but not well suited to complete system recovery — and catastrophic media failure is often an opportunity to clean out the debris that tends to accumulate over time with computer use.

So, while the ideal vehicle may have been a different backup method, such as an image backup, it’s still quite possible to recover with just the files, as I outline here.  To complete this task, you’ll need a little more than twice as much space as the system to be recovered — it can be in two different places, and that isn’t a bad idea for performance — installation media for the system to be recovered, access to either HyperV or a VirtualBox virtual machine (VirtualBox is free), and the drivers necessary for the system to be recovered to reach the storage.  For example, if it’s on a network share, network drivers may be necessary (even if they’re built in to Windows 7.)

Step 1:  Build a local tar file using BackupPC_tarCreate

This is probably familar as being the exact same step one as before; I note that using gzip to save space or I/O appears to slow things down.  At any rate, this is best accomplished from the command line, as the backuppc user:

BackupPC_tarCreate -t -n -1 -h borkstation -s C / > borkstation.tar

“borkstation” is the name of the host to recover, “-n -1″ means the latest backup, and you’ll obviously need to have enough space where the tar file is going to store the entire backup, which will not be compressed.  Note the space between the “C”, which represents the share to restore, and the “/”, which represents the directory to restore.

Step 2: Prepare base media

The point of this step is to get the drives partitioned the way you want, and as before, it will just be wiped out, so it doesn’t make sense to worry about much except the partition scheme and whether or not it’s bootable, so a base installation will do.  You’ll want it to be able to access the network (or whatever media is being used) as well.

So, in a nutshell, you install an operating system similar to the one you’re recovering. It doesn’t need to be identical, so you can, for example, use a 32-bit version to recover a 64-bit version, or what have you.  You just need a basic, running, system.

Step 3: Back up the system

Yes, the idea is to create a system image of the base system you just installed.  The data will be discarded.  This can be done from Control Panel->System and Security->Backup and Restore->Create a System Image.  This image either needs to be placed somewhere the VM can get to it, or moved there.

Step 4: Mount and erase the drive image

The backup image created in Step 3 is a directory called “WindowsImageBackup” that contains a folder for the PC, along with a lot of metadata and one or more VHD files.  These VHD files are virtual hard drives that can be directly mounted in supported VMs.  You’ll need a VM image that’s capable of understanding the filesystem, but it doesn’t need to match the operating system being recovered.  For VirtualBox, the VHD file can be added to the Storage tree anywhere; it can be left in place, but it will grow to the size of the total of all files to be recovered, so plan accordingly.

For Windows 7, it’s probably easiest to clean it out by right-clicking on the drive (that maps to the VHD) and performing a quick format.  While it’s possible to leave the operating system and other files in place, this usually causes all kinds of permission issues recovering matching files and can result in a corrupted image, so it’s simplest just to clean it out.

Step 5: Extract backup files to the drive image

This step requires that Cygwin be installed on the VM.  A stock install of Cygwin is all that’s really needed, but there’s an important change to make to fstab:

none /cygdrive cygdrive binary,noacl,posix=0,user 0 0

This is necessary because tar’s attempt to restore acl’s to directories doesn’t quite match the way Windows expects things to be done, and without adding “noacl” to fstab as above, tar will create files and directories which it doesn’t have access to, and will experience failures trying to restore subdirectories.

After making the change and completely closing all Cygwin windows, open a Cygwin window, navigate to the destination drive, and run tar on the archive created in step one.  (A shared drive will make it accessible to the VM.)

tar -xvf /cygdrive/z/borkstation.tar

“Z” in this case is the Windows drive which is mapped to the location of the archive; the path simply needs to point to the correct file.  This part takes a while, and since the virtual image needs to expand on its host disk, there will be a lot of I/O.  It helps to have the source archive and the destination VHD on different media.

If permission restrictions aren’t important to you, now’s the time to right-click the destination drive within the VM, and grant full rights to “Authenticated Users.”  This should be sufficient to prevent any lingering permission side-effects.

At this point, the VM should be shut down so the VHD is released.  (It’s a bad idea for more than one owner to access a VHD at the same time.)

Step 6:  Clean up

Aside from the files themselves, there are a number of things stored outside the files that need to be cleaned up.  The “hidden” and “system” attributes, for example, have not been preserved.  For most files, this doesn’t matter much, but Windows has “desktop.ini” files sprinkled all over the filesystem that become visible and useless unless corrected.  This is easy to do from the command line:

cd \
attrib +h +s /s desktop.ini

The mapping of “read only” attributes is unfortunately, somewhat imperfect, and the “read only” bit in Windows may be set for directories for which the backup user did not have full access.  Notably, this can cause the Event service not to function properly, so its directories need to have their read-only bit unset:

attrib -r /s windows/system32/logfiles

attrib -r /s windows/system32/rtbackup

Though it doesn’t seem to cause issues to just unset the read-only bit on the entire system:

attrib -r /s *.*

One ugly thing that’s stored in the NTFS system but not in any files is the short names that are generated to provide an 8.3 file name for files with longer names in Windows.  These are generated on-the-fly as directories or files are added, which means that the short file names generated as files are recovered may not match short file names as they were originally generated.  For the most part, short file names aren’t used, but they may appear in the registry as references for COM objects or DLL’s, and the system won’t function properly if it cannot locate these files.

The simplest way to track these down is to load the registry editor (“regedit,”) select a key, then use File->Load Hive to load the recovered registry from windows\system32\config on the drive image.  Then, searching for “~2” “~3” and so on will yield any potential conflicts between generated short names.  While the registry can simply be updated, it’s usually easier to update the generated short name, which can be done from the command line:

fsutil file setshortname "Long File Name" shortn~1

Note that switching the short names of two files or directories takes three steps, but since short names can be anything at all, this is relatively straightforward.

The last piece to do is file ownership/permissions and ACL’s.  Since none of this is preserved in a file backup, I find it easiest to right click on the recovered image and give full control to “authenticated users,” to prevent problems accessing files.  Your mileage and security concerns may vary.

Step 7:  Recover the image

The simplest way to do this is to boot the system to be recovered to the vanilla operating system installed to produce the image, and use the same Control Panel to select Recovery, then Advanced Recovery Methods, then “Use a system image you created earlier to recover your computer.”

This can also be accomplished from installation media, which is handy if anything goes wrong.  Rather than installing a new operating system, selecting “Repair your computer,” then moving on to Advanced Recovery Methods, should also be able to restore the image.  If you use this method, it may be necessary to manually load network drivers before being able to access shares.

Note:  after the image is restored, the system may complain about not being able to load drivers, and claim that the restore failed.  I’m not sure why this occurs, but it doesn’t seem to matter.  Reboot, and the system should be mostly back-to-normal.

Share

I Hate You, Ventra

tempChicago’s transit system has had a few farecard systems:  over the past decade, a magnetic stripe system has coexisted with the Chicago Card (and Chicago Card Plus) contactless smart card system, an RFID system for electronically paying for bus and train fares.  The Chicago Card system is actually quite a decent design, where a rider can tap the card against a touchpad on a bus or turnstile, and set it up to automatically reload itself at set low balances.

This is being replaced by Ventra, which is also an RFID card, but with several important additional features designed by the criminally insane.  First, you’ll notice the debit Mastercard logo which appears on the Ventra card — this has two important implications.  The first is that instead of using a Ventra card at all, you can instead pay for your ride with any regular debit or credit card with an RFID chip, right?  That’s got to be handy.

Well, sort of.  Since most regular debit or credit cards won’t record, or more importantly, notify a turnstile about a transfer you just took, you’ll be paying full fare for any bus-to-train or train-to-bus or any other permutations of transfers for which you’d normally be entitled to a discount.  So consider yourself screwed there.

In addition, one of the popular uses of RFID technologies is to leave the devices in one’s wallet/purse/etc and wave it at the reader.  This is, shall we say, a really bad idea if every card in your wallet is going to pay for your train ride every time you walk through a turnstile.  Since a Ventra card is doing what an RFID Mastercard would be doing plus exchanging data about transfers, it’s actually a bit slower — perceptably so, if I may judge from the number of people giving themselves the Heimlich on the turnstiles while attempting to use their Ventra card.

On to the second implication of that Debit MasterCard logo:  the Ventra card can also be used as a debit MasterCard — not that the same debit balance used to pay for the train might also be used to buy a sandwich, or even that you can link the card somehow to your own bank account, but that you can set up a new, separate, prepaid debit account, because apparently you’re a raving lunatic who would rather spend hundreds of dollars on fees than carry around two cards, one for riding the train, and another one for buying sandwiches.  If you truly can only lift one card and have no need of extra money, you’re probably still better off with just a regular credit card.

In August, I got an email that I’m being transitioned from my working Chicago Card Plus to Ventra, along with a note that the balance from my Chicago Card would be moved to my Ventra card “as soon as” my Ventra card was activated.  In September, I received a Ventra card, with a letter referring to an email that supposedly had an access code that I’d need to activate it.

If I were a sociopath designing a card activation, I don’t think I could do better than online activation that makes you type in a lot of information in order to ultimately direct you to a help line, where the help line makes you type in your card number and other identifying information, places you on hold for a while, before announcing that the lines are all busy and maybe you should try activating online.

Over the course of several days, I took a spin through this circle of sadistic incompetence, but was rescued when I finally did get an activation email.  Well, rescued from the phone, anyway — it turns out the psychotic web designers spent a lot of time making a fairly pretty graphic of a spinning thing for you to look at for ten minutes before the web site tells you there’s some kind of error, and it can’t make the mandatory changes it requires you to make before allowing you to continue.

So the “immediate” balance transfer from my Chicago Card has been at least two weeks, and despite my customer service inquiry to the sociopaths at Ventra, there has been no response.  Not that I’m in any kind of hurry.

Share

PC Repair and Sunk Cost Fallacies

We have a Gateway Profile 5.5 that we bought used at a Hamfest.  While not the latest or greatest, it was at least a solid workhorse of a machine, until it suddenly switched itself off.  When it came back on, the screen presented only this:

This system's cooling fan is not operating properly. Please check fan operation. 
Your system has been halted.

It probably wasn’t worth a lot of money to fix, so I made the natural assumption that one of the fans had either failed or was clogged with dust.  I thoroughly cleaned the interior, checked the fan bearings, cleaned the heatsinks and replaced the heat sink compound.  It worked for about a day before I got the same message, from which it absolutely refused to recover.

One of the fans was a relatively expensive squirrel cage fan, but fine, if it took new fans to make all this worthwhile, then I’d buy brand new fans.  The PC booted all the way, but wouldn’t run a full burn in test without shutting itself down.

The other possibility was that the sensors on the motherboard were defective.  Motherboards for the system were available, but at a premium relative to their capabilities due to their proprietary nature.  Fine.

As of this moment, to fix this problem, I have gone through:

  • 4 motherboards (2 refused to boot, 2 with the same fan message)
  • 2 sets of fans
  • 2 power supplies
  • An I/O board
  • A hard drive
  • A CPU
  • Two sets of RAM

In a very literal way, there is nothing left of the original PC except the LCD screen and a plastic shell, leading me with several possibilities:

  • This is a common problem due to a failure of a component on the motherboard
  • Through some relationship bordering on magical, the problem is caused by the LCD (or even more unlikely, by the case itself, somehow.)
  • I am exceedingly unlucky, and have experienced the same type of failure on multiple components within the same short period of time (or I manage to keep buying defective parts.)

The worst part is, even though I’m well aware of the sunk cost fallacy and that any further attempt to repair this PC is likely to result in nothing more than a time consuming way to dispose of money, the pile of parts which should be a functional PC instill an overwhelming desire in me to fix this PC, and once and for all find out what’s really wrong with it.

Probably ghosts.

Share

Kindle Lending Library List

I’m fond of the Kindle Lending Library, but it can be somewhat awkward to use — both returning books and locating books isn’t as simple as one would hope, the process generally being “search for a book and then see if it happens to have a lendable Kindle edition.”  While this is great if I know what book I want, sometimes, I just prefer something free to plow through.  Without further ado and for future reference, this link will show all Kindle Lending Library books and allow the results to be searched through in a sane way:

http://www.amazon.com/s/ref=sr_ex_n_1?rh=n%3A283155%2Cp_n_feature_browse-bin%3A618073011%2Cp_85%3A2470955011&bbn=283155&ie=UTF8&qid=1350657130

Share

[not over] Packing for Travel

I recently stood in the airport security line, watching the passenger in front of me struggle with wangling his things into five bins, awkwardly shoving those plus a rollerboard and duffel bag down the belt.  “How long are you going for?” I asked.

“Oh, just the one night,” he said, noticing my one backpack and one bin (for the laptop. ) “Did you check your bags?”

“Heavens no, I’m only going for four days.”

As one who travels frequently, and has for a while, I make it a rule not to carry more than one bag unless I really need to, and with rare exceptions, I never do.  I realize some people may have medical conditions that force them to travel with special shampoo or dozens of shoes, or can’t lift enough to carry around a bag without wheels, but in my observation, people carry around a lot more than they actually need to.

I recently went through my travel kits and shed about a pound of stuff that is becoming less necessary:  an ethernet cable, a VGA cable, a few audio cables.  I’ve added a DVI cable to what I carry — it seems that hotel televisions will either accept this input (sometimes with a little fiddling) or be so antiquated or locked down that no connection is possible.

I do follow a few simple rules to keep things efficient:

  • Every cable is retractable.  This eliminates tangles and clutter, making packing quicker as well as reducing bulk
  • Everything but clothes in kits.  This serves a few purposes:  it’s easy to find things and tell if something’s missing in a small kit, and each kit serves a specific purpose.  So if I know I’m going to a country with non-US power, I can grab that kit, and I can leave the airplane power kit at home if I know the airplane doesn’t have power outlets (or it’s a short flight.)  It also keeps all the stuff from rubbing on each other.  I use colorful Guatemalan bags for each group of things.Kits
  • Check the weather.  While no forecast is perfectly accurate, it’s senseless to pack everything from a short-sleeved shirt to a parka “just in case.”
  • Stop carrying anything you don’t use.  I periodically go through everything I carry, and if it went on a trip with me and I didn’t use it, it’s probably not going next time.  (There are a few things that are handy to have and compact, like a lens cleaning cloth, that survive the purge, but not many.)
  • Clothes get rolled or bundled.
  • Don’t carry things the hotel has.  If there’s any doubt, it’s worth confirming, but carrying around a hair dryer or iron is pretty ridiculous for most destinations.  I’m usually fine with hotel soaps and shampoos, and carry a small amount of paper shampoo just in case.
  • As few devices as possible.  This is getting easier and easier, as one smart phone can eliminate almost everything else, but I still see people traveling with phones, mp3 players, laptops, DVD players, e-readers, tablets, hand held games, those massive Bose headphones, piles of media and god knows what else.
  • Devices that are as small as possible.  I’ll bring up the massive Bose headphones again — don’t get me wrong, they’re very nice, but they’re a lot to carry around.  Personally I take noise-canceling earbuds, which fit in a shirt pocket.  Laptops are a touchy subject, but there’s little reason to lug around a huge screen if you can plug it into one when you need it, and I’ve seen more than one person struggle with a laptop so large it couldn’t reasonably be opened in the space allowed by a plane seat.
  • Both hands empty.  This has a lot of implications, but essentially, if you have to carry something in your hands, it’s something you have to put down to use your hands, or learn to juggle.  If you’ve ever seen somebody carrying a bag in each hand take a phone call, you know exactly what I mean.  It’s one of the many reasons I prefer a backpack to a bag with rollers.
  • Use the “three things” rule.  People can generally keep track of a grand total of three things at a time, so (for example) it’s best not to have more than three things at a time out from your bag on the plane.  Kits are helpful here, since remembering three kits is three things, and you can check to make sure your kits contain the items they should without losing track of a long list of things.  (My memory is quite good, but I have better things to expend mental effort on than keeping track of a larger number of things.)
Share

The breach that keeps on giving

In what should be old news by now, back in June, LinkedIn‘s servers were breached, leaking around 6.5 million user names and passwords.  Hackers were then able to determine (for the most part) what passwords were associated with the hashes and accounts.  While this may have compromised LinkedIn accounts, the greater problem is with any other accounts that happen to use the same username and password.

In my case, the only such pair was LinkedIn and Stamps.com, which was a bit sloppy on my part, but since I’m not in the habit of re-using passwords at all, it hadn’t occurred to me, nor had it occurred to me that this would present a problem until somebody managed to send an express package from the Ukraine, charging my account for it, to the tune of $60 or so.

While I’m kicking myself for this, it could have been a lot worse, even if I were to use the same password for email, which would then have allowed hackers to intercept “lost password” requests for all the accounts I have which don’t use the same passwords.

The lesson I take away is that even accounts I consider “unimportant” because they’re not linked to credit cards or can be used to make purchases should be given random passwords rather than common, disposable passwords.  And, of course, chaining accounts is bad.

 

 

Share