awayfromevernote | the broadcast

Enable ESXi-Host as VNC-Server to access a vSphere-VM remotely

By: ron

On: 2021-11-25

I prefer accessing VMs using SSH or RDP directly. Sometimes, the IP-Address of the VM isn’t reachable, or protocols for remoteaccess need to be disabled for security reasons. In these cases, if an IP-connection to the ESXi-Server is available this could be an option to use the ESXi hypervisor as VNC-Server to provide access to VM keyboard, video, mouse… Three VM advanced Configuration Parameters need to be set: „password“ is optional, but mRemoteNG as VNC-Client doesn’t work without password set.Read More →

Get your Web-Browser under control: Remove PopUp-Windows

By: ron

On: 2021-10-11

In: awayfromevernote, client

With: 0 Comments

No „do you really want to leave“ windows any more, how nice is that!? https://romanisthere.github.io Read More →

Windows CCM Cache eats diskspace

By: ron

On: 2021-09-23

In: awayfromevernote, client, Windows

With: 0 Comments

Don’t delete the content of „c:\windows\ccmcache\“ manually with the File-Explorer: it is managed by „Windows System Center Configuration Manager (SCCM)“. You need „local Administrator“ access to your computer. Let SCCM to cleanup it’s cache for you: 1) open the „Control Panel“ 2) select „Configuration Manager“ 3) go to „Cache“-Tab 4) click „Delete Files“ Wait a second and the CCM-Cache is empty.Read More →

ESXi 6.7u2 and later – SCAv2 (Side Channel aware Scheduler v2)

By: ron

On: 2021-09-21

In: awayfromevernote

With: 0 Comments

While the „old“ SCAv1 built a virtual fence around all virtual processors („Intra VM Security Boundary“), SCAv2 lets processors of one virtual machine (VM) to run within a „common fence“ („Inter VM Security Boundary“) which balances security and performance for most workloads. See https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/performance/scheduler-options-vsphere67u2-perf.pdf for performance analysis. Configure Verify Configure SCAv1Read More →

Atom Texteditor: Highlight Comments

By: ron

On: 2021-09-14

In: awayfromevernote

With: 0 Comments

Comments are greyed out by default, nobody should read them 😉 I don’t want to think about the comment-quality of the Atom-Sourcecode, just kidding 😉 To change the comment-colour to a fresh and visible green: open the file (as administrator) c:\>notepad c:\Users\<username>\.atom\styles.less atom-text-editor::shadow { .punctuation.comment, .comment, .link.hyperlink { color: #88ff88; } }Read More →

Pi-Hole DHCP-Server: Offer static ip-routes

By: ron

On: 2021-05-22

In: awayfromevernote

With: 0 Comments

Background My WIFI is bound to my Internet-Router and it is seperated from my home-office by an routed stateful-firewall. Some WIFI devices (for example my printer) need access to this home-office ip-range. Pi-Hole DHCP Service The DHCP-Service of my pi-hole server usually offers just dhcp-option #3 – the default-gateway. Disable DHCP-Option 3 (Default Gatway) The pi-hole Web-GUI doesn’t allow to specify additional dhcp-options, so first disable offering the default-gateway-option: which is not allowed (my opinion: a bug since this is no feature) Stop here and use another dhcp-service? Use the „Router-Option“ as fallback for „old“ clients Fortunately RFC3442 („The Classless Static Route Option for DynamicRead More →

Firefox: Allow Restricted TCP-Ports

By: ron

On: 2021-05-03

In: awayfromevernote, stupid defaults

With: 0 Comments

Disclaimer I don’t think, „hiding“ a webserver behind a non-standard TCP-Port is a security feature („security by obscurity“) but on the other hand restricting access to non-standard Ports seems to not increase the personal security measure, it just wastes time of anybody who needs to access such a service – and – it’s absolutely allowed to run a web-server on any port which isn’t used by another service 😉 Solution (if you (think, you) know what you’re doing) As always Add as „String“ if it’s missing: Add the Service you want to acccessRead More →

OTP (One-Time-Passwords) and KeePass: no Plugins required

By: ron

On: 2021-03-28

In: awayfromevernote

With: 0 Comments

Plugins might bring additional features or ease the usage. But if someone is happy with „Auto-Type“ or „copy&paste“-Passwords from KeePass into a VPN-Client-GUI for example: works out of the box no need to add anything to KeePass Entry.Password: {TIMEOTP} Placeholder just place the String {TIMEOTP} before or behind – like the VPN-Server is configured – your (fixed) User-Password. {TIMEOTP} acts as a placeholder it will get replaced by your constantly changing (in my setup 6-digit) token. Advanced The generator needs some parameters to calculate the correct values, of course Advanced: String Fields Add a String Field: Field Name: TimeOtp-Secret-Base32 seems to be the most commonRead More →

Firefox: „Certificate Viewer“ – How to disable

By: ron

On: 2021-02-03

In: awayfromevernote, stupid defaults

With: 0 Comments

Firefox 70 added a new „Certificate Viewer“ feature which moves the „Window“-based GUI to a „Web-Page“-View. different look no new features missing features Export Certificate So this is no „new feature“ but a „modification of an existing feature“ – with less features. Reenable the former full featuresetRead More →

Firefox: Don’t ignore the Windows Enterprise-CA Store

By: ron

On: 2021-02-02

In: awayfromevernote, stupid defaults

With: 0 Comments

Not a new Feature for Windows, to use an enterprise CA to create server certificates. And Firefox added the possibility to trust those certificates ages ago – but still you’ll get an TLS-error-message (in German „Kein Verbindungsversuch unternommen: Mögliches Sicherheitsproblem“). This is no Security-Problem, it’s just a problem of using stupid defaults causing people to waste their time and providing no little level of security, since a CA operated on my own is much more trustworthy than public CAs which firefox trusts blindly. Solution Open about:config and changeRead More →