Windows Update error code 0x80070643 (for KB5034441)

Ran Windows Update and got this:

There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)

A Bing search on that code (because it’s a Microsoft thing, I find Bing works well) suggested all kinds of stuff around resizing partitions and what not.

However, the problem had been around for 6 months, and it seemed to me that by now Micro$oft ought to have dealt with it a bit better than expecting users to run PARTMAN, so they may have silently amended their troubleshooters to deal with it…so…

…instead, ran the Windows Update troubleshooter.

Settings > Update & Security > Troubleshoot > Additional troubleshooters > Windows Update

Went off and had a cup of tea. Eventually, it said it had found errors and made changes to my system.

I then reran Windows update.

All seems to be well.

I have seen some much more serious advice for this issue; for example: https://answers.microsoft.com/en-us/windows/forum/all/windows-10-update-error0x80070643/e6473fa4-f2d4-42c3-b4be-266b43454306 and links therein. There may be times when this is needed, but I’d try this first!

The troubleshooter failed on another machine, so hardly a silver bullet but worth a try. A good place to start!

 

wakeonlan plus suspending the remote machine when done

Wake a remote computer (on the LAN), use it, put it back to sleep. Using  command line tools.

First, I installed wakeonlan (running on Debian):

$ apt search wakeonlan
Sorting... Done
Full Text Search... Done
gwakeonlan/stable 0.8.5-1 all
wakes up your machines using Wake on LAN

wakeonlan/stable 0.41-12.1 all
Sends 'magic packets' to wake-on-LAN enabled ethernet adapters

$ sudo apt install wakeonlan

Sends 'magic packets' to wake-on-LAN enabled ethernet adapters With this package you can remotely wake up and power on machines which have motherboards or network cards that support 'Wake-on-Lan' packets. OK, I know the IP and MAC of the target computer. Also, last time I logged in on it locally, I ran this:

$ ip link show

which game me the name of the Ethernet device and its MAC address. Let’s say the Ethernet card is called enp0s2. Then:

$ sudo ethtool enp0s2

If this includes:

Wake-on: g

Then it’s ready to work.

If it says:

Wake-on: d

Then wake on LAN needs to be enabled. This can also be done using ethtool; something like (on the target computer):

$ sudo ethtool enp0s2 wol g

will do it. You may need to experiment to see if it is retained after reboot…

Back on my local machine, and with the target computer suspended, I can try to wake it up.

$ wakeonlan dd:88:66:99:22:88
Sending magic packet to 255.255.255.255:9 with dd:88:66:99:22:88

Well, I still cannot see that MAC address in my router’s management interface, so… hmm… Tried a slightly different command. Let’s say the router is on 192.168.1.1 and is allocating addresses of the form 192.168.1.X where X is unique to each machine.

$ wakeonlan -i 192.168.1.255 dd:88:66:99:22:88

And this seemed to work! The computer showed up in my router’s management interface. I could log into it (it is running sshd), and see my files.

If I suspend it by running this on the remote computer:

$ sudo systemctl suspend

Then I now have ‘no route to host’ if I run ssh. So that seems to work. May not be the best way…?

This is of interest:

https://askubuntu.com/questions/893056/logout-of-ssh-and-then-suspend-machine

Essentially, I can wake the machine, log in, do the bidness, then log out then use ssh to send the suspend command. Let’s see if that works…

  1. wake it
  2. log in
  3. log out
  4. send this:
$ ssh -t username@boxname sudo systemctl suspend
(username@boxname) Password: 
[sudo] password for root: 
Connection to boxname closed.

And that seemed to work and is neater than just killing the terminal after running suspend and losing the connection. The same askUbuntu link explains how to allow your user to suspend without sudo privileges. That could be useful, but I’m not going to implement that. I am just going to have 2 scripts in my local ~/bin folder. wakeboxname and suspendboxname.

Good.

 

 

 

OpenWRT — blocking computers from using the LAN

Note to self.

So … there’s a computer on your LAN that you don’t want connecting to the internet for whatever reason. Maybe you have finite data allowance and the user is wasting it, maybe they’re simply not authorised.

This is a simple kind of thing that many people will already know how to do, but I’m recording it here for my own future reference.

First, I logged into my router. This needed a little trick itself, because OpenWRT was using a deprecated key exchange algorithm. Let’s say the router is on 192.168.1.1

$ ssh root@192.168.1.1
Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa

Usually, this can be fixed like this:

$ ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.1.1

I prefer this solution over permanently enabling the deprecated key in my ssh config, because it is deprecated for a reason. Now, you can enable keys on a hosy-by-host basis, so I guess I could modify the config. But this works.

Router login screen: $ ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.1.1 root@192.168.1.1's password: BusyBox v1.28.4 () built-in shell (ash) ☼ ☼ ☼ OUTDOOR ROUTER ❅ ❅ ❅ --------------------------------------- root@CellularRouter:~# date Tue Jul 16 23:27:15 UTC 2024

Once logged into the router (as root):

# vim /etc/config/firewall

Then, I added lines like these to the end of the file:

config rule
   option name 'Computer reject 1'
   option src 'lan'
   option dest 'wan'
   option start_time '11:00:00'
   option stop_time '23.00:00'
   option utc_time '1'
   option target 'REJECT'
   option proto 'tcp udp' 
   option src_mac 'AA.BB.CC.DD.EE.FF'
   option enabled '1'

So let’s unpack this:

config rule — what follows is a new rule
option name ‘Computer reject 1’ — the name of the rule
option src ‘lan’ — for this rule, our source of requests is the LAN
option dest ‘wan’ — and the destination is the wider network (WAN)
option start_time ’11:00:00′ — the rule kicks in (turns on) a 11:00:00
option stop_time ‘23.00:00’ — the rule turns off at 23:00:00
option utc_time ‘1’ — set to ‘1’ means ‘yes’ — use UTC time
option target ‘REJECT’ — when the rule is on, reject connections from the source
option proto ‘tcp udp’ — reject these protocols
option src_mac ‘AA.BB.CC.DD.EE.FF’ — this is the MAC address of the source (which is how to identify it to block it)
option enabled ‘1’ — enable this rule

Once the firewall config file is saved, we restart the firewall:

# /etc/init.d/firewall reload

And it seems to work. I ran ‘date’ on the router to make sure it was using UTC time, and it is.

Now, this is for blocking  desktop computer with a fixed MAC address. This is not always the case for a network device. You can ID a computer using its IP address instead. But software MACs and DHCP mean that a user may be able to workaround this reasonably readily, depending on the device.

This is effectively a blacklist. It switches out the specified machines. It would be better to do the reverse and use a whitelist than only allows specific machines at specific times. But for now this will do what I want, and it means I don’t have to have an entry for every device on the LAN, just the ones I want to excommunicate.

 

Fuji Xerox P115w on Windows 10

https://support-fb.fujifilm.com/processDriverForm.do?ctry_code=SG&lang_code=en&d_lang=en&corp_pid=DPP115w&rts=null&model=DocuPrint+P115+w&type_id=2&oslist=Windows+10+64bit&lang_list=en

Download it.

Unzip it. Have a look in the folder.

Run the thing called ‘Start’. I chose USB connection for simplicity.

Well, it showed up in the printer list.

And there’s the test page. OK! (Scanned with Doxie.)

Pi stuff

I am looking at using a pi as an adjunct to a FreeDOS retrocomputing box. Put simply, FreeDOS versions of things like SSH are limited, so now and again I want to get to the wider world the best thing is to go via an intermediary machine. A pi has low power usage, and I have an old one (a 1B, I think it is) that is of limited use. But ‘of course it runs NetBSD’, so …

Logged into it from a Linux desktop. It is running NetBSD 9.2. Installed a while ago.

Check I can still recall the root password … that would be yes. OK!

pkgin update
pkgin upgrade

Do a few tests. Can I log into tilde.club from Debian. Yes, that works. Can I log in from the pi? Copy the key over and:

ssh -i ~/.ssh/id-rsa-tilde LOGIN@tilde.club

OK! All good. Now, can we log into the pi remotely — we already know it is yes from Linux; can we log in from FreeDOS? Check the pi’s version of sshd… 8.0. OK.

Yes, can log into pi from FreeDOS using Antti Takala’s modified ssh, then go out to the wider net.

OK, that works. Now, if we want to log into the pi from a machine with an X server, we can edit the ssh server config on the pi:

vim /etc/ssh/sshd_config

and allow X11 forwarding (note; I am not being super secure here):

X11Forwarding yes

Then restart it:

service sshd restart

And log in using ssh -Y. (From the Linux box.)

See here: https://raymii.org/s/articles/Remote_desktop_on_NetBSD_with_Xnest_no_VNC.html. The advice on using Xnest also works well, and as noted has the advantage of encapsulating the whole window manager environment in a single terminal window. Very neat!

Now, DOS has a VNC client. So what about VNC?

pkgin search x11vnc

Hmm…

rpi# pkgin search x11vnc
processing remote summary (https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/earmv6hf/9.2/All)...
pkg_summary.bz2 100% 3169KB 6.1KB/s 08:40 
x11vnc-0.9.16nb13 VNC server for real X displays

=: package is installed and up-to-date
<: package is installed but newer version is available
>: installed package has a greater version than available package

OK, add it.

pkgin install x11vnc

And then run it. But not today.

 

CellularRouter OpenWrt and LuCI — updating firmware

EZR23 model. In browser, go to the router server address, eg 192.168.30.1, and log in.

System > Backup/Flash > Generate archive

Check new version

It downloads new version to the router itself. Open another tab in browser and go to router interface again and

System > Terminal

Log in to the terminal and check the MD5 sum:

cd /tmpmd5sum firmware.img

compare with the checksum provided; also SHA256 if you like.

After the download, the page with the checksums on (headed Flash firmware verify ) has a button saying Proceed, but it also says configuration files will be erased.

Back on the System > Backup/Flash page, there’s a Flash new firmware image section, where there’s a check box to keep settings. So I went to here and browsed for the image in /tmp. Except it browsed my desktop not the router.

So back in the router terminal I try to use scp to get the image onto my local box, but no matching host key type found. Solution was to run scp on my desktop box by adding the required extra protocol. So when I ran the copy command from my desktop box, I got:

scp root@192.168.30.1:/tmp/firmware.img .
Unable to negotiate with 192.168.30.1 port 22: no matching host key type found. Their offer: ssh-rsa
scp: Connection closed

So I can see I need to add ssh-rsa, so:

scp -oHostKeyAlgorithms=+ssh-rsa root@192.168.30.1:/tmp/firmware.img .

And that works. So now I can update the firmware from the graphical interface while keeping my configuration, I hope. First, I run MD5 on my desktop box to make sure it came across OK. Then I select the file in the LuCI interface and…

Cross fingers and click Flash image… it gives me the page with Flash firmware verify at the top, but now it says configuration files will be kept, which is good.

Then I walk away.

Then the router login page comes up and all seems well. Clicked Reaquire. Can ping 8.8.8.8 from the router’s terminal and from my desktop. OK.

Handy Word shortcut for managing track changes

Note to self:

Working on a huge document (500+ pages, many thousands of edits). Its on SharePoint, and Word is struggling with rendering the file and writing it to the server and so on. I am finding I am often waiting for the interface to be ‘live’, and it is radically slowing down the edit. Also, many pages need major surgery, and are very cluttered with edits.

Now, I can switch to ‘Simple Mark-up’, but as you may know, this tends to result in Word randomly opening the dreaded Revisions Pane, and in a document this big that is a major cause of headaches.

I found that the best thing to allow me to work reasonably quickly was to turn off displaying insertions and deletions, but leave the ‘All Markup’ setting on. Having this on convinces Word to not open the dreaded Revisions Pane, but turning off insertions and deletions (I am already not tracking formatting) lessens the load on Word while still tracking what I need.

The only downside is that if I turn off tracking of changes, it might not be obvious, and I can sometimes do some editing before I realise it’s off.

One way to expedite all this is to make a shortcut key. The menu option is:

Review > Show Markup > uncheck insertions and deletions.

I made a key combination to turn viewing of insertions and deletions. on and off (note — this does not mean they are not tracked, they are, but they are not shown on screen). I settled on Ctrl+Shift+/, because … ummm … anyway, it is handy.

 

 

Shared slides not updating in Teams

If bandwidth is limited, and you’re in a Teams meeting, you may find that the slides being presented by someone else do not update because Teams is prioritising the audio and video streams.

I found that going to View and selecting Focus on content maximised the slides, removed the taking heads from view and then the slides updated in good time.

More options under View also allows you to turn off incoming video. This helps save bandwidth when slides are not being shared.

kCharSelect

I have tried the Windows character map, the one that comes with MATE desktop, which is I think essentially Gnome’s one, and kCharSelect from the KDE suite.

kCharSelect is (for me) far and away the best one. I find that its interface is really simple, its search function does a great job of finding the symbols I want (which is where it seems a lot better than the alternatives, at least in my experience) and the extra features, like being able to bookmark obscure symbols for future use, actually do add value.

Also, I find that running it on Windows via Cygwin’s X server gives excellent results. I can search, click a symbol, copy to clipboard and use it in Windows applications (like Word, which as an editor is my main work tool; please don’t judge my editing by my blog posts!) seamlessly.

With so many symbols now in the seemingly infinite Unicode space, a tool like this is invaluable. If you find your existing options annoy you, have a go at this one. It takes a bit of setting up if you are on Windows. On Linux, of course, it is trivial. For example, on Debian:

$ sudo apt update
$ sudo apt install kcharselect

However, if you don’t already have the KDE infrastructure installed, it will pull in a lot of dependencies!

 

select

Design a site like this with WordPress.com
Get started