Use DMARC to harden SPF and DKIM
article #1255, updated 2 days ago

As of Q4 2023, Google and Yahoo are requiring DMARC to be set on the sender side, for many emails to be delivered. Some Office 365 tenants have exhibited similar behavior.

The following TXT record contents:

v=DMARC1; p=reject; pct=100; adkim=s; aspf=s

indicate that both DKIM and SPF are checked, and any email not satisfying both entirely, will be rejected. There is a “relaxed” mode, =r, which allows subdomains. But if you have to allow for some email to be transmitted without DKIM, e.g. from a web site’s or application’s email generator, go with either this:

v=DMARC1; p=reject; pct=100; aspf=s

which does not look at DKIM; or if you must, this:

v=DMARC1; p=none

which is a kind of ‘null’ DMARC, it’s a placeholder such that DMARC exists, but doesn’t do anything. At least one cloud-application vendor is recommending this, but it’s far from clear how Google, Yahoo, and other machines will respond to it, either now or in the future.

To use the above, create a TXT record of name _dmarc with those contents.

Some more info is here:

www.dmarcanalyzer.com/how-to-create-a-dmarc-record/

Categories:      

==============

Automatically Resize Windows in Windows with AutoSizer
article #1583, updated 2 days ago

AutoSizer:

www.southbaypc.com/AutoSizer/

really works remarkably well. Rather helpful if you bring up ticket note windows or anything else over and over again which need resizing. It repositions and maximizes as desired too. By default it runs by window class (my own preference!) but can address windows by title as well. Sits in the Windows tray nice and quietly and does its job. Lovely!

Newly updated as of this writing, I’m running it on Windows 11.

Categories:      

==============

Fixing Windows / Azure / 365 User Connections with dsregcmd
article #1550, updated 6 days ago

Sometimes Windows’ relationship with 365, or a user’s profile, or just a user on a PC or terminal server, will not log into 365. This appears to be the result of corruption of cached credentials.

The most straightforward way is probably to nuke all User/Windows/Azure relationship and recreate. As written, this would probably be very bad on a terminal server, because it will nuke the relationship for all users and all profiles. So far, no per-user commands identified.:

Remove 365 accounts from “Access Work and School”, then run these:

dsregcmd /cleanupaccounts
dsregcmd /debug /leave

from administrative CMD, and also from SYSTEM (paexec or psexec can do this), then reboot, then remove from Access Work and School if still there, then set up user relationship(s) again.

But today we have a report that dsregcmd /status did something, unknown, which fixed one terminal server user. Not sure what. Next time I plan to run many tests with this info:

ss64.com/nt/dsregcmd.html

And if you see error CAA5021, do this:

Search for Manage user certificates in the search bar and open it from Best match. Then navigate to Current User\Personal\Certificates and make sure the MS-Organization-Access and MS-Organization-P2P-Access entries are deleted.

No reboot needed for that last.

Categories:      

==============

Download Microsoft Teams (newest)
article #1568, updated 7 days ago

Here’s the download page:

www.microsoft.com/en-us/microsoft-teams/download-app

This downloads an .MSIX, which one can usually double-click effectively. The link appears to be nicely static at this writing:

statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix

And some Powershell to do the download and the install:

cd $env:TEMP
curl.exe -O "https://statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix"
Add-AppxPackage -Path '.\MSTeams-x64.msix'
# placeholder for Enter

Categories:      

==============

Bypass Requirements for Windows 11
article #1582, updated 9 days ago

Very interesting:

www.tomshardware.com/how-to/bypass-windows-11-tpm-requirement

Categories:      

==============

Simple Smiley in HTML/Unicode
article #1581, updated 10 days ago

There are a lot of smileys out there now. But reliable display can be a question. The original is preserved:

 ☺

The code is:

&#263A;

Categories:      

==============

Cross-Platform Flowchart Application a la Visio
article #1150, updated 15 days ago

My favorite by far is draw.io. Online:

app.diagrams.net/

or cross-platform installable:

github.com/jgraph/drawio-desktop/releases/

Two more I have used:

http://www.yworks.com/products/yed

https://www.calligra.org/flow/

Categories:      

==============

Ion Injection into Internal Combustion Engines
article #1267, updated 17 days ago

As of March of 2024, there is clear success to report, and more to come. This is negatively ionized air, being sent into engine air intakes. Here it is:

ioninjection.ponderworthy.com

Categories:      

==============

Certificate Signing Request (CSR) Generator
article #1580, updated 22 days ago

Sometimes you need an SSL cert, but you don’t have a request generator. This works very well:

csrgenerator.com

Categories:      

==============

Windows PE / 10PE / LiveCD / Boot CD / USB for PC Repair and Hardware Testing
article #1013, updated 41 days ago

Many old friends, e.g. Hiren’s and UBCD4Win, are no longer in development, and do not boot on quite a lot of newer hardware; for a while there was no clear replacement. But there is Medicat, which is Linux-based:

gbatemp.net/threads/medicat-usb-a-multiboot-linux-usb-for-pc-repair.361577/

and there is a new Hiren’s renaissance:

www.hirensbootcd.org

Categories: