How to create an open DNS resolver

In previous posts I mentioned how I set up Windows DNS to handle DNS for my internal dev environment. This was internal only, using 2 Windows servers which both host Active Directory and DNS. The next requirement was to handle external DNS queries because I wanted to expose some services, such as email & ADFS, to external clients.

I used a subdomain of our main domain as my internal name for Active Directory. Assume our live external name is example.co.uk and I chose devtest.example.co.uk for my dev environment’s Active Directory name. Internally my account names are fredsmith@devtest.example.co.uk.

I don’t actually want to use that externally so I got another domain from an ISP. Let’s call that anotherexample.com. I want mail.anotherexample.com to be available externally and to land on my internal mail server.

My first move is simple, but wrong. I added anotherexample.com as a forward lookup zone to my existing DNS, populated it with the external aliases, configured our ISP to forward DNS to our servers and then exposed my DNS servers to the internet!

While this works I’m guessing that someone with nslookup, for example, can start sending DNS queries to my server and ask it questions about my internal host names. Not ideal, but it’s a dev environment and making mistakes is allowed.

It turns out to be more serious though, as it allows the server to be used as part of a type of distributed attack against other hosts because I’ve created an Open DNS Resolver. In effect, any external DNS client can now ask my DNS servers to do lookups and the clients can spoof (fake) their IP address. My servers will then attempt to resolve those queries. If they are not answerable locally, then my servers will pass the query up the chain to the wider internet DNS. Eventually the answer(s) will return to the spoofed IP address. If lots of open resolvers are attacked at once using the same spoofed address then they will all start generating traffic back to the target spoofed IP. Or something like that.

Windows DNS, even in Windows Server 2012, can’t be configured to behave differently depending on whether the request originated from inside or outside my environment, so the next move here would be to spin up another pair of DNS servers and use those just for handling any requests for my external DNS zone (anotherexample.com). These can be configured such that they do not recursively resolve, so they will not be Open Resolvers – they will only answer for their configured domain and will do nothing else. You need a pair because most ISPs need you to provide a primary and secondary DNS server. My existing DNS servers can have the external DNS removed and external access removed and return to their original purpose of handling DNS for my internal clients.

In this case though, my external DNS needs are minimal so it’s not worth the effort. Instead I closed the DNS off again, deleted the anotherexample.com zone from my DNS servers, and added the handful of host entries from anotherexample.com directly into the ISP DNS, having also removed the forward to my DNS servers.

As for why Windows DNS can’t do this, I guess you’d have to ask who else, apart from someone messing about as I am, would want to do this? A proper DNS sysadmin wouldn’t even dream of mixing internal and external server roles on the same box in the first place and would have started out with two sets of servers in the first place anyway.

Surface RT, 1 year on

I bought an original Surface RT back when it launched, about a year ago: http://robaker.blogspot.co.uk/2012/11/surface.html.

I’ve got a desktop for real work and can check emails on my Windows 8 Phone when I’m on the move, but the Surface fits right in the middle: It’s useful for meetings where I might want to make some notes, or for travelling, or for browsing the internet and reading news via RSS from the couch at home. I played a few games from the store, but they’re pretty lame if you’re used to something like the Xbox.

I’ve used Handbrake to rip a few DVDs to MP4 so I’ve got stuff to watch on the handful of occasions I’m away from home.

Surface RT 2 and Surface Pro 2 have just come out, but I’m not sure what benefits, if any, these bring over the originals.

Windows 8.1 was released and was a free upgrade, so I’m now running that. Microsoft continue to fail to talk to their customers so I’ve no idea what benefits I should expect, but here’s a few things I’ve found since the upgrade.

The big news, for me, is that the SkyDrive client is built in to Windows 8.1 and it works on Surface RT so I now have all my files automatically synched to the Surface! The control interface is now through the Windows Store app which is built-in to Windows 8 & 8.1. Note that the earlier client will just vanish from a Windows 8 laptop when you upgrade to 8.1 as the upgrade tidies it away, which is nice, but a little heads-up would have been good. Given that email is a well-understood communications tool, and Windows has a client built-in, it could have sent me a little email or something to let me know.

The start button is back and appears bottom-left of the desktop, in the usual place. This button just brings up the start page, so isn’t useful to me as I’m now used to hitting the Windows key or whatever. I can see how it would have helped Windows 7 users transition though and I’m amazed it took this long for it to arrive.

Searching is slightly different. You can still just start typing on the start page and it flicks into search mode, but the categories are gone now. Instead it searches “everywhere” and gives a you results page which you can switch back to if you want to try different results without having to rekey your search. Handy. Also, when at the start screen you can now swipe down (or click the little down arrow) to find your list of all app that are installed – previously I was searching and clicking the Apps category.

Food and Health & Fitness apps have appeared. These are just additions to the existing built in news apps, such as the Sport and Finance apps. Not useful to me.

A Reading List app has also appeared. This lets you bookmark web pages to remind you to read them later. You do this via the Share charm, so from within IE you share to the Reading List app. Seems like they broke their own metaphor here, but not tried it enough to judge whether it works or not. The list will sync across desktops apparently. It didn’t work from desktop IE though – only the Windows Store IE

The Sims Freeplay

This is a free version of the The Sims which I am playing on my Nokia Lumia 920 which is a Windows Phone 8. It needs a phone with at least 1 GB of RAM and won’t show up in the Store if you have less.

Like many “fremium” games it is technically free, but every action in the game takes time to complete so if you are impatient you have to buy in game currency to speed them up. You don’t have to though – if you’re patient you can play for free.

There’s not much depth to the game though. You can create multiple people (Sims) and houses for them to live in and fill the houses with lots of stuff for the Sims to interact with, but left to their own devices they just find a chair to sit in. Buying the stuff requires in-game currency (Simoleons) and using the stuff takes time. You can easily earn Simoleons by growing plants and getting jobs, for example.

The best stuff, and some actions such as having a baby or advancing a Sim through to adulthood, requires a second in-game currency: Lifestyle Points (LPs). These are harder to earn, assuming you don’t want to pay real money. Initially you can earn them by increasing your overall level and increasing your town value. Doing any action (sleeping, eating, watching TV) generates XP which  increases your level. Longer actions usually provide more XP. Spending Simoleons on building new properties increases your town value. However, both these activities become slower to level up as you increase their levels, which means you run out of LPs, in my case by level 25.

However, there are other (legitimate) ways to earn LPs:

• Goals. The game keeps generating goals through weekly challenges which will earn LPs.
• Pets. You can buy pets at the town pet store, although these also cost LPs. I believe more expensive pets find better stuff. Shake Hands with a dog and he’ll dig something up for you. Usually Simoleons, but sometimes an LP. You can Praise the dog afterwards, but I’m not sure if it actually trains the dog to find extra LPs.
• Sims can win LPs at the town Competition Centre. One Sim can enter one event every 24 hours. Each event uses one of the various hobbies, so get your Sims to practice these.

 

Hobby	Stage	Compete	Practice Venue
Woodworking	Adult		Community Centre, first floor
Ghost hunter	Adult		Any home – buy items with the red ghost symbol on then use them to Search For Ghosts
Fishing	Adult	Yes	Town park – look for fishing rods on a wooden pier
Fashion	Adult		Buy the Fashion Studio item from the town’s Promotions R Us store and then add that to a house from your Inventory
Ballet	Pre-teen	Yes	Community Centre, ground floor
Karate	Pre-teen	Yes	Community Centre, ground floor
Skating	Adult		Snow park
Diving	Adult	Yes	Swimming Centre
Music	Adult	Yes	Teen Idol’s can’t compete in this event

Windows Server 2012–language & keyboard settings broken

Just installed Windows Server 2012 and selected United Kingdom for language and keyboard layout during the install, just like I have done for every other Windows install in the last 15 years.

Broken. The server comes up in a US timezone and with US keyboard layout.

How does this stuff even get out the door? It’s not released, so much as inflicted upon us.

WDS & Windows Embedded Standard 7

I just spent most of a day failing to get Windows Embedded Standard 7 deploying via Windows Deployment Services (WDS). We have some IBASE SI-08 PC’s nailed on to some flat screen monitors which we want to use for digital signage. They came pre-packaged with some truly awful management software running on Windows Embedded Standard 7. We’ve decided to dump the free software and use PADS 4 instead and now we’re thinking about deploying our own Windows Embedded image with PADS instead of the pre-installed image.

I already have WDS installed and running on Windows Server 2012 and have used that to deploy vanilla Windows 7, 8 and Server 2012 images over the network.

After downloading the Windows Embedded 7 Standard ISO from MSDN and adding the WIM file from the Sources folder we tried PXE booting the device and got in as usual (had to fiddle with the BIOS to enable network boot, but wasn’t hard to find). I approved the request on the server via the WDS UI as usual and the boot image then fails to load. 0x00000001. A device connected to the system isn't responding.

This turned out to be a network time out issue, probably caused by incompatible packet sizes. WDS 2012 has an auto-negotiate feature which can be switched off in the WDS server properties. In the TFTP tab clear Enable variable window extension.

This moves us along. The boot image now boots, and we get a Windows Setup GUI, but it errors out with: WdsClient: An error occurred while starting networking: a matching network card driver was not found in this image. Please have your administrator add the network driver for this machine to the Windows PE image on the Windows Deployment Services server.

According to the specs for SI-08 we need a RealTek network driver so we download and unzip that and add it to WDS and apply it to the boot image. Boot again and we get along a little more. We give the setup our locale (English: UK) and admin logon credentials and then get to choose an install image. Or we would except it won’t show us any. The event log on the server shows errors when enumerating the images. We reboot the server. Now the WDS service will not start. We have event ID 257 An error occurred while trying to start the Windows Deployment Server (0xC1020201) in the event log and An error occurred while refreshing the image cache.

I removed and re-added the WDS role, but got the same problem. I did it again and this time I deleted the c:\remoteinstall folder, trashing my handful of install images (the ISOs are still around so adding them back should be simple enough). The WDS service now starts OK. I add the Windows Embedded 7 Standard install image and the x86 boot images again and try to install on a test laptop. It gets through to the Windows Setup OK but can’t offer me an install image. The errors are back again on the WDS server and the service won’t restart again after a reboot.

There’s clearly something fishy about this WIM image file and a bit of googling around WDS and Windows Embedded Standard 7 reveals that the WIMs are not directly deployable via WDS.

It looks like WDS will let me add the WIM, but then breaks when asked to enumerate them for a client or when restarting the WDS service. This time I deleted just the Windows Embedded Standard 7 image via the WDS UI, which works even without the service running, and then the WDS service starts.

Portal 2

I loved the original Portal game and the sequel is just as good, but is now a full length game. The plot carries on from the original. The same excellent voice-acting and humour are there along with some backstory. It’s great to play a game that doesn’t simply rely on blasting things, unlike almost every other game on Xbox.

Portal 2 also adds an online or split screen multiplayer mode. I’ve only played the first few levels of this so far, but it’s good stuff. Just need to find someone to play online with. :-)

The Sarah Connor Chronicles

This is a TV series based on the Terminator films. It is set after Terminator 2 and focuses on Sarah’s struggle to bring John up to be the future leader of humanity and to keep him safe from SkyNet’s continuing efforts to kill him, while also attempting to prevent SkyNet’s invention by changing key events in the present. They are joined by a reprogrammed Terminator, called Cameron, played by Summer Glau.

They made two series, with a total of 31 40-minute episodes so there is plenty to watch. On the down side it doesn’t look like they will make any more, so the story just runs out without conclusion. On the up side, Summer Glau makes a fantastic Terminator. Throughout the series there are constant minor things that she does that indicate that her character is more than just a robot killing machine, such as taking up dancing and helping a cancer patient. It seems likely to me that the plot would develop until they came to the realisation that preventing SkyNet from being built isn’t going to work – the time travel thing makes it too simple to sidestep and even if you succeed, humanity would just redevelop something similar a little later. The real solution is to convince SkyNet (or some similar AI faction) that humanity can be co-existed with and doesn’t need to be exterminated. I think that this is where John & Cameron’s relationship would have gone if the series had continued.

The rest of the cast are also excellent and there are many mini-plots with flashbacks to the future war providing additional depth to the main story. Religion gets the usual free ride, as ex-FBI agent Ellison “teaches” a young AI, called John Henry, about the value of human life, although there were hints that this wasn’t necessarily being accepted uncritically and this could have developed had the show continued. There was also a tendency to present Cameron as sexy-Terminator, which was disappointing. As an AI combat chassis specialising in infiltration there was plenty of scope for playing down the sexy and many fashion-is-bullshit-anyway gags.

Windows Multi-boot cliff

My laptop has a legacy Windows 7 boot image on it that I want to preserve, but I want to also install Windows 8 and set that up as a development box so I can work on the move if necessary.

I used the built in Disk Management to shrink my Windows 7 partition and create ~200 GB free space, which I left unallocated.

I boot the Windows 8 install disk, create a 128 GB partition and install Windows and some dev tools. Ok so far – I can boot back to Windows 7 whenever I want to.

Next I decide to create another partition for data, so in future I can reinstall Windows without worrying about rebuilding source code repositories’ working folders, etc. I use Disk Management in Windows 8 (WinKey+X to access a handy cheat popup of tools). It warns me that to do this it will need to convert the drive to Dynamic Disks or something. Hmm.

Cancel and reboot to Windows 7. Same thing. Oh well. I can’t be the first person in the world to want more than 3 partitions. I accept the warning and watch as the partitions change from Basic to Dynamic.

I reboot. Windows 8 goes into repair mode and starts fixing things. After a few minutes it lets me login, but I’m worried I didn’t get asked whether I wanted Windows 7 or Windows 8. I reboot. Straight back to Windows 8 – no way to boot to Windows 7.

Disk Management in Windows 8 shows my Windows 8 partition and my new Data partition as both being Basic again. The other partitions are gone – just showing as Unallocated space. Oopsy. Not the end of the world and I intended to rebuild my Windows 7 at some point, just not right now.

Wikipedia has some good info on basic disk partitioning. It seems that there really is a cliff after 3/4 partitions. My laptop already had a small FAT32 partition and a recovery partition that were factory installed, so adding my 5th partition triggered some pretty drastic changes (and a warning I, um, ignored, *ahem*).

TestDisk is a free utility that I ran from within Windows 8 which showed my my old partitions and let me undelete them.

Then I booted from a Windows 7 Repair disk I made ages ago and lobbed into a desk drawer. This auto-detected boot problems and fixed them. Now the pretty Windows 8 boot loader shows me two options: “Windows 8 Enterprise” & “Windows 7 Professional (recovered)” both of which boot.

APC Smart-UPS 1500

Frequent power cuts have caused my dev workstation to restart unexpectedly a few times recently. This isn’t really a problem for individual desktops, but as this machine runs Hyper-V and hosts 20+ virtual machines there’s some small risk that sudden power failure might leave one or more boxes in an inconsistent state leading to some work to repair them once power is restored. Seems like a no-brainer: stick an uninterruptable power supply (UPS) on and do a clean shutdown before the juice runs out.

I’ve not bought a UPS before so was not really sure what to go for. This Dell Precision T7600 chassis is rated for 1300W, but I’ve no idea what it actually consumes or how variable that might be. In the end I got an APC Smart-UPS 1500 for around £500, which reports my current load, for the workstation and one monitor, as around 20% loading giving 80 minutes of battery time.

Windows Server 2008 R2 detected the battery automatically when I connected the UPS to the server via a USB lead and integrates it with power options just like with a Windows laptop. I configured a new power plan and set the critical level to 50% and the action to Shutdown, which is the only one available, expecting this to initiate the same shutdown you get from Start > Shut Down.

I switched the power to the UPS off and the battery took over. After 30 minutes it got to 50% remaining. A crash message window appeared briefly before the server was dropped. It wasn’t a nice Windows shutdown – it just gutted itself!

Upon power restore we get asked the “unexplained shutdown” question and the VMs are “Off” when I was expecting them to be “Saved”. Not good. More Microsoft stuff that doesn’t work out of the box. Worse is that it all looks OK, until you try it.

Fortunately the UPS comes with its own monitoring system, APC PowerChute, which monitors the battery and does do a proper shutdown. It’s just a shame I have to install some vendor-specific crapware to achieve something that Windows can clearly handle itself (if only it were not bugged).

Borderlands 2

Borderlands 2 is very similar to the original. It keeps the 4-player co-op, cartoon-like graphics, dark humour and extreme violence. I stopped playing the original after the first play though, not realising that things would be more challenging on the second attempt and consistently difficult on the third having capped at level 50. I aim to keep this sequel and keep going back to it.

Elemental damage modifiers

Borderlands 2 has damage modifiers similar to the first, which I’ve summarised below. Using the right weapon against the right enemy is important and some enemies are resistant to some effects (Crystalisks are immune to incendiary, shock and corrosive, for example – punching their legs is effective), so I generally keep an incendiary (up), shock (left) and corrosive (right) weapon equipped with an unmodified, slagged or explosive in the fourth slot (down). Below are the modifiers for the second play-through (True Vault Hunter mode) – the first play through has similar bonuses and penalties, but much reduced.

	Flesh	Shields	Armour
Incendiary	175%	75%	75%
Shock	100%	150%	100%
Corrosive	60%	40%	175%
Explosive	200%	160%	200%
Slagg	Other weapons do double damage (200%)

Incendiary and Corrosive are strong against flesh and armour respectively, but weak against the others, so you have to switch around. Electricity is strong against shields, but neutral against the rest, but you are still losing out by missing the bonus you would have if you swapped, although the Mecromancer’s skills can focus on electricity making a single-damage build possible.

Explosive does its normal damage, plus the same in splash damage, so can hit multiple enemies at once and does both (so double damage) if you hit. This doesn’t apply to critical hits though and doesn’t latch an elemental effect, so the other elemental types still seem stronger to me. Also, the splash area seems quite small.

A slagged enemy takes double damage, but it doesn’t last long and you have to swap weapons to take advantage of it so it can be a pain if soloing. It can also be applied by grenades and some of the character skills.

Endgame

Half way through your second play through your character will cap at level 50 and the environment will also cap at that level, but with badasses being a level or two higher as usual, so the game stabilises. Any golden keys used will yield rare level 50 items so save them up until you hit the cap. Moxii also gives 2 items if you tip her, but I’m not sure if they follow the cap as well or whether they are preset to lower levels.

I’ve not finished True Vault Hunter mode yet. It seems the impending update will add a 6th character, a third play through and raise the cap to 61.

Hints & Tips

• Use the appropriate elemental damage type – keep one of each in your weapon slots.
• Get used to weapon-switching with the Y button, rather than the D-pad. It’s a bit trickier to get the weapon you want, but can be used while dodging.
• Equip a selection of weapon types, to spread out ammo use and to provide weapons at the right distance to the target.
• The Law & Order item combo is pretty good – does high melee damage and steals health. Especially good with the Assassin, for example.
• The Mecromancer’s Anarchy skill increases damage but reduces accuracy so you end up using sniper rifles at close range and have no hope of hitting at medium or long range. Artifacts, relics and special weapons can increase the accuracy a bit and you can always consume the stack to reduce the penalty. The 9th Bullet and Close Enough skills add a heat-seeking ability to some bullets, and there are other skills to increase accuracy. So a good build, but needs care.

SharePoint 2010 Workflows broken OOTB

I just setup a Disposition Approval workflow in SharePoint 2010 on a wiki site. More SharePoint functionality that is broken out-of-the-box (OOTB).

What I’d like to do is get reminders to review wiki content periodically so we can tidy up stale information – seems simple enough.

SharePoint 2010 appears to offer this through it’s Disposition Approval (who names these things?) workflow. This turns out to be fairly complicated to configure. There’s an Information Management Policy Settings link to find on the library settings page which kicks off the workflow, and a timer job that only runs once a week by default.

The workflow is defined on the wiki site’s page library, but relocating the workflow once it is created is a pain as not all “workflow settings” buttons go to the same place. The tasks, however, get created in another list under the wiki site, so are a sibling to the wiki pages.

The whole feature looks like it’s bolted together out of pre-existing parts that don’t really fit.

However, after running that gauntlet I find the following 3 total fails that make the whole feature more trouble that it’s worth:

1. The tasks created by the workflow don’t get assigned to anyone. It expects you to come and look for them. Setting up an alert on the task list gets around this.
2. The bulk workflow tool from 2007 is missing or hidden or something in 2010 so you have to open each task individually, which makes the whole thing too much effort to bother with.
3. There’s a stupid bug which means all my existing wiki pages throw an error when I try to open them for editing. Chasing down the correlation id in the logs (blech) and googling the stack trace leads me to some mumbo-jumbo about some missing Data Association XML or some-such.

In the end I just switched off the retention approval again and deleted the workflow. Too much pain for a crap little feature.

UPDATE: Now when we try to create a page in the wiki we get an Article Page instead of an Enterprise Wiki Page. I deactivated the SharePoint Server Publishing feature from Site Settings, but this didn’t fix it and also caused this error when I tried to save an existing wiki page after editing it:

System.ArgumentException: Invalid SPListItem. The SPListItem provided is not compatible with a Publishing Page

I activated the feature again and can now edit existing wiki pages without error. Eventually I found Site Settings > Page Layouts and Site Templates > New Page Default Settings. This was “Inherit Default Page Layout From Parent Site”. Changed to “Select The Default Page Layout > (Enterprise Wiki Page) Basic Page” and now new pages are wiki pages again.

Added secondary AD & DNS

I just installed a second Active Directory server into my test domain. Dead easy – just install the role on Windows Server 2008 R2 SP1 and follow the prompts. I chose to install DNS at the same time (the AD setup wizard defaults to ticking this so don’t need to change anything).

At the end it synched my AD domain from the original server. It brought over all my DNS zones automatically, including: both the AD forward lookup zone and a manual forward lookup zone; my reverse lookup zone and DNS settings such as my forwarder IP addresses (which the server uses to resolve external DNS names on behalf of clients).

More details here.

Now I have two DNS servers I can point my clients (including the DNS servers themselves) at both of them and should have basic networking (AD logons & DNS) even if one server goes down.

I also added the new DNS server to the DHCP Server Options so the new DNS server should get offered to DHCP clients automatically. My Windows 7 client picked this up without needing a DHCP release/renew which makes me suspect it got the new DNS server IP from somewhere else. I removed the new DNS server IP from the DHCP Server Options again and will check to see if clients are finding it on their own somehow.

AMD FirePro V7900 & RemoteFX

I’ve been playing with my Dell Precision T7600 for a few months now. I’ve got it running Windows Server 2008 R2 SP1 with Hyper-V enabled. The whole box is a dedicated VM host for my development environment. I’ve been trying to use RemoteFX to get advanced graphics running in Windows 7 & Windows 8, but not having much luck.

My first problem is that the Dell website doesn’t list Windows Server 2008 drivers at all. I’ve been using the Windows 7 drivers. They *seem* to work, but when problems start it’s always a worry.

My graphics card is an AMD FirePro V7900 and it’s not clear whether this supports RemoteFX or not. The AMD FirePro range appears to, but this specific card is not actually listed, although the unified driver does list it. Once I found these I swapped over to using them as they at least offer a Windows Server 2008 R2 version.

However, performance in a Windows 7 Ultimate guest seems poor. There’s a noticeable lag when scrolling in IE 9 or when switching between applications, and sometimes the screen doesn’t repaint at all. Occasionally the guest graphics driver fails completely, the screen freezes then refreshes and a little pop-up tells me that Windows recovered (presumably by just starting another copy of the driver). It’s so bad I gave up after a couple of days and removed the RemoteFX driver from the VM.

Windows 8 Enterprise won’t accept it at all. The driver (Microsoft RemoteFX Graphics Driver – WDDM) has “stopped working because it reported problems (code43)”.

An email to AMD customer support has not been especially useful. They claim that “the AMD GPU is not virtualized within the RemoteFX desktop. It is used to assist with compression and accelerating 3D calls”. This appears to be the opposite of what the AMD FirePro blurb says: “AMD FirePro professional graphics combined with Microsoft RemoteFX enables full GPU virtualisation”.

AMD also implied that things might be better under Windows Server 2012, but that they don’t have any supported drivers (that is, WHQL tested) as yet. So not really very useful there either. I asked them when they expected the drivers to be available and was told “our next driver release will most likely support Server 2012”. So no date then.

I must admit, I’m not really sure whether Windows 8 is supported by RemoteFX on Windows Server 2008 R2 SP1 – maybe Windows Server 2012 is required for Windows 8 RemoteFX?

Secure Cloud Storage

SkyDrive is great for synchronising my documents between my home and work PCs, but I don’t trust it (or anything else) enough to hold my passwords, bank account details, etc without some additional encryption.

I first tried using the Encrypting File System (EFS) that is built in to Windows 7, for example, but it encrypts at the volume level – the data are decrypted when Windows applications access them. The SkyDrive client is a Windows application, so it sees the decrypted files and pushes them to the cloud. Not what I wanted.

TrueCrypt is an open source encryption system. It can, amongst other things, create an encrypted container (such as a file) and present this to Windows as another volume. I created one of these and put it into my SkyDrive folder so it synchronises the encrypted file up to the cloud.

First I needed to unset Settings > Preferences > “Preserve modification timestamp of file contents”, which is on by default. The SkyDrive client uses these timestamps to tell if things have changed so if TrueCrypt doesn’t change the timestamp SkyDrive won’t sync it.

Also, SkyDrive isn’t yet clever enough to only detect partial file changes, so any change to my encrypted files causes the entire container file to resync once it is dismounted. I initially tried a 1 GB container, but this takes ages to sync. I abandoned that and used a smaller one (10 MB) instead. I’m told that DropBox only syncs changes, so would be a better choice here. Hopefully SkyDrive will catch up soon.

The obvious down-side to this is that you need TrueCrypt installed to decrypt the data before accessing it, which means you can’t access the files from Surface, Windows Phone 7.5 or skydrive.live.com.

At the time of writing I was using SkyDrive 2012 (build 17.0.2003.112) and TrueCrypt 7.1a (7 Feb 2012).

Samsung TV

Some friends recently bought themselves a nice new TV, a Samsung 46ES6800: http://www.amazon.co.uk/Samsung-46-inch-UE46ES6800-Widescreen-Processor/dp/B007JURIDQ

They previously had a Sky decoder and satellite dish, but had stopped subscribing to Sky. They had connected the satellite to the TV, which has its own built-in decoders, so no longer using the Sky decoder, and were getting 300+ channels, but almost all of them were scrambled. Channel 5 was missing entirely and the channel numbers were all over the place – they wanted BBC1 on channel 1, BBC2 on 2, etc.

The TV has an auto-tune feature with 4 input settings:

• Air is for old-style aerials, which can still pick-up old analogue channels as well as the new digital Freeview ones (depending on where you live in the UK), but they don’t have one of these.
• Satellite is for the satellite dish and is what they were using which gave the results described above. Freesat (below) turns out to be the better choice.
• Cable would be for a cable service such as Virgin Media, but this isn’t widely available in the UK and was not relevant.
• Freesat turns out to be the one they wanted. After selecting this and letting it auto-tune they now have 50+ free channels, including Channel 5, all nicely ordered.

The TV remote has some recording buttons near the bottom. Pressing these brought up some warnings about USB devices being missing. The printed user manual doesn’t mention this feature, but the TV has a built-in user manual. A bit of digging implies that the TV can record to hard disk (HDD) via USB to provide video recording (PVR) functionality and recommends a minimum of a 5,400 RPM drive. These are quite common now and can be had from Amazon. Here’s an example: http://www.amazon.co.uk/Samsung-Slimline-Portable-Hard-Drive/dp/B008PABFX8/

Not tried it yet though.