My Thoughts On IT…

Brian Lewis's Thoughts on all things Information Technology related

wordpress_logoAnyone using a WordPress website needs to be aware of this current security issue and take immediate action to ensure your website is secure. It has been found that a lot of Plugins and Themes are vulnerable to Cross-site Scripting (XSS) due to the misuse of two coding functions.
(the add_query_arg() and remove_query_arg() functions)

What should I do?

Well you could review the code and search for the two functions listed above. Then make sure it is properly escaped or you could just – Update, Update, Update, Patch, Patch, Patch… Smile

You should make sure your site is updated to WordPress 4.2.1 or later and make sure your plugins and themes are also up to date. I will go further and say I strongly recommend continuing to check for updates over the next few weeks.

More details are available via the following links:


I have been fascinated and a fan of encryption for years. The first encryption I used was PGP. The history of PGP encryption started back in 1991 and is interesting. I became more interested in February of 1993 when Phil Zimmermann became the formal target of a criminal investigation by the US Government for “munitions export without a license”. That’s right, encryption was classified as munitions. If you want more information on that story you will need to search the web or checkout the snipit in Wikipedia. If that story interests you, a more recent similar story is the Lavabit story…

I was a big fan of PGP desktop and PGP disk which let me add an encrypted container as a virtual disk. I used this until I found the open source TrueCrypt package which which worked similar to PGP disk. So I have been using TrueCrypt since some time in 2005. I have been very happy with the package and as far as I know my data has been secure.

On May 28th 2014, the TrueCrypt website announced that the project was no longer maintained and recommended users to find alternative solutions. It also had a cloak and dagger hidden message that TrueCrypt was no longer secure due to the NSA. For more on the TrueCrypt story you can read about it in Wikipedia here or see the current TrueCrypt page here. Since the developers of TrueCrypt are unknown we are not able to find out exactly what is going on here, but I now need to find a replacement.

Since the source code was available it is possible for others to continue where TrueCrypt left off and there are two projects that are looking to do just that. One is VeraCrypt headquartered in France and the other is Ciphershed headquarter in Switzerland.

VeraCrypt has had several releases and looks to be the most responsive. They have made several improvements to enhance encryption security and are now able to convert the old format to their new format. They are currently on version 1.0f-2 and this is the package that I am going to try. I will update this article on my experience with VeraCrypt. You can get the software and more information at the links below. If you run it let me know what you think. – Cheers.

I am on a plane returning to the Midwest from Redmond Washington and wanted share what an awesome experience I just had. I was just at a Microsoft sponsored Hackathon that was held at Microsoft’s “Garage”. The Garage is a magical place where you can learn new technical things and build new technical gadgets.


One of the best amazing things at the Garage is the “Makers Garage”. This is a space that makes anyone who has a workroom start to drool. It is a workroom on steroids that is basically a makers space with all kinds of tools and a few toys that people have built. There are hand tools, 3D printers, a laser cutter, a drill press, an Oscilloscope, and other tools. In addition to a vast array of tools there are all kinds of parts. From nuts and bolts to breadboards and electronic parts. There are bins of motors, servos, transistors, LEDs, timer ICs, resisters, and much more. All these parts are there for the taking for the project you are working on. Just like it is your own workroom! There were also some cool projects and toys people built sitting around the Garage. The photo of the robot below is one of the things just sitting around.

At this hackaton we were broken into three groups and worked on three different projects

  • GroupA – Build something with Azure HD Insight / Hadoop – a big data project
  • GroupB – Build something with WinJS
  • GroupC – Build and IoT Project

The groups built some really cool stuff – I was on the IoT team and it has me really interested in building out some IoT projects of my own. I am sure you will see these on this blog at a future date. I was especially impressed with what the big data group built with Azure HD insight – in just one day they had an awesome app that did a twitter DVR. It was really impressive, cool, and usable.

IMG_0343 IMG_0350 IMG_0352

P.S. A few of us stopped by Bungie while we were out in Redmond. The Master Chief wanted to take a photo with me as you can see below… We also played foosball until a large Security guard kicked us out. Microsoft doesn’t own Bungie anymore. Opps Smile



I just had the biggest technical pain that I have had in the past year. I download the update Windows8.1-KB3000850-x64 which is over 700meg.  I have attempted the install from both Windows update and from downloading it from here. It always would proceed fine and then need to reboot the machine. During the reboot it gets to 8% of install then it goes to another screen that states that, “Couldn’t Complete the Updates Undoing Changes.” After it backs out the changes it restarts fine.

Many other people have had problems with this patch. Some of them were able to fix it by running these two commands from an elevated command prompt.

Command Description
SFC.exe /Scannow Description of the System File Checker Tool (Sfc.exe)
DISM.exe /Online /Cleanup-image /Restorehealth Fix Windows corruption errors by using the DISM or System Update Readiness tool

This didn’t fix my system
My system still had the issue – it got to 8% and then failed. Turns out that my system was having issues because I have the Kodak Hero printer driver installed. If you have a Kodak Hero Printer and have this patch issue this is more than a coincidence. This is your problem with this patch, however; removing this printer does not fix the issue.

To Fix this issue
You need to create two folders and then place two files in these folders.
Create these two folders:
– C:\Windows\System32\DriverStore\FileRepository\wiaek002.inf_amd64_57f9361b96ceea4b
– C:\Windows\System32\DriverStore\FileRepository\prnekcl2.inf_amd64_59438dc7ce792b20

Copy these files into each folder created above
– C:\Windows\Inf\wiaek002.inf
– C:\Windows\Inf\prnekcl2.inf

You can cut and paste the commands below to do the work for you.

Execute these commands in an elevated PowerShell or CMD prompt 

mkdir C:\Windows\System32\DriverStore\FileRepository\wiaek002.inf_amd64_57f9361b96ceea4b
copy C:\Windows\Inf\wiaek002.inf C:\Windows\System32\DriverStore\FileRepository\wiaek002.inf_amd64_57f9361b96ceea4b

mkdir C:\Windows\System32\DriverStore\FileRepository\prnekcl2.inf_amd64_59438dc7ce792b20
copy prnekcl2.inf C:\Windows\System32\DriverStore\FileRepository\prnekcl2.inf_amd64_59438dc7ce792b20

All Done Smile

That should take care of it. Run the patch from either the download or Windows update.

– Brian


What to do if that doesn’t fix it?

That should take care of it for you. If that doesn’t take care of it then you will need to start over. Take a look at the logs.

  • C:\Windows\Logs\CBS\CBS log
  • C:\Windows\Logs\DISM\dism log

Read the threads like this one:


Microsoft has announced a new Surface 3! This is not the Surface 3 Pro, it is a newer Surface geared at a lower price point and better battery life. The consumer version list price starts at $499. It runs the new Intel Atom x7 processor that sips battery power while giving lots of computing power!

The Surface 3 is the thinnest, lightest Surface ever made to date, also coming soon with 4G LTE! Here are some specific details for you to ponder:

  • The thinnest and lightest Surface ever built! Only 0.34” thin and1.37 pounds!
  • Best camera ever on Surface! 8MP rear facing camera with auto focus (great for capturing images of documents and bar codes). 
  • Brightest Surface display ever. 10.8”, a 3:2 aspect ratio, 1920 x 1280 resolution and the brightest display we’ve ever made makes Surface 3 easier to see in sunlight.
  • Runs desktop applications. Runs full Windows 8.1. Powered by the latest Quad Core Intel® Atom™ x7 Z8700 processor – 80% as fast as the Surface Pro 3 i3.
  • Micro USB for charging.  Open up a new world of battery charging and back-up battery accessories. Charge your phone and your Surface with the same charger.
  • All day battery life. Up to10 hours of battery life allow you work through the day.
  • 4G LTE: Surface 3 will be available with LTE!


The Surface 3 is powerful and efficient, it comes with full Windows, and a one year subscription to Office 365 Personal while giving you all-day battery life.

Powered by the new quad-core Intel® Atom™ x7 processor, Surface 3 is quick and responsive but designed to maximize efficiency with up to 10 hours of battery life. A range of storage and memory configurations gives people choice in power and capacity. The beautiful 10.8-inch ClearType HD multi-touch display features a 3:2 aspect ratio with front facing stereo speakers with Dolby® enhanced audio.

It also has an optional Docking Station that enables you to go from tablet to desktop workstation. The docking station has a gigabit Ethernet port, a Mini DisplayPort for an external HD monitor and four USB ports.

The Surface 3 and new accessories are available for preorder starting at just $499 through, Microsoft stores and select partner retailers in our existing markets. Through those same retailers and resellers, customers can begin purchasing Surface 3 and accessories with availability in all existing markets by May 5.

ATM Route

I try to be safe and not use ATM machines in untrusted places but my bank is a trusted place, right? Well, after seeing the two devices below, I now have a new appreciation for the ability criminals have to fool me.

The Skimmer
First a criminal would need to get a copy of the magnetic strip on my ATM card and for that they use a skimmer. While that may be easy with some untrusted ATM in a shady bar, you would not think they could pull this off at a reputable bank. Especially your bank that you always go to. Look below at one of the skimmers a criminal attached to the outside of a normal ATM reader. When you insert your card it gets read twice. Once by the ATM and once by the skimmer. I may just tug on the next ATM card reader that I use just to make sure it doesn’t come off.

The Camera
Next they need your PIN. The easiest way to get your PIN is with a hidden camera. Watch out for mirrors that could have a camera behind it. Just like with the skimmer above you need to examine the ATM. If you look close at the photo below you can see the grey bar that looks like a piece of the ATM machine.  It’s not. It is a pin hole camera that someone placed on the ATM machine to steal customers PINs. That camera would capture your pin nicely and even when you use your body block twist motion so others can’t see. I would have never noticed it, would you?

Here is a look at the back of the camera after it was pulled down…


The moral of this story, don’t just watch out for criminals who will physically take your money at the ATM but also beware of the electronic tools thieves use at the ATM.

I was trying to add an Office plugin to my system but I needed to know if I was running the 32 bit or 64 bit version of Office 2013. I assumed I could just click on “help” and then “about” to get my answer. That was kinda the answer but it took me forever to find it and I didn’t find any good answers when I searched for it. So I created this post to hopefully save you time and aggravation!

How do I tell if I have 32bit or 64 bit office 2013 installed?

Click the series here:  File – Account – About Word.


That then brings up the window you need:


There is my answer! I am running 32 bit Office on my 64bit Windows 8.1 machine.

Cheers! –Brian

We all know that encryption is complicated but most people think that because they are using AES, Blowfish, IDEA, or some other advanced encryption then the data is secure. Well it’s more complicated than that. Not only do you have to look at the key size like 128 bit, 256 bit, etc., but another really important piece is the mode that the encryption uses. ECB mode has some serious problems because it is poor at hiding data patterns. There are a lot of software packages that offer strong AES encryption but use EBC mode and therefore aren’t that strong.

A standard example of the problem with EBC mode is shown below:

Original Original Securely Encrypted
Original ECB Mode Encrypted Securely Encrypted

It is very obvious above that when the original photo is encrypted with ECB mode you have changed the data but the pattern is still there. This is a very obvious example with a picture but the problem exists for text also.

Make sure to check your software because many applications that you think securely scramble your data with AES strong encryption use EBC mode. So when looking at your tools that use encryption, make sure they use Cipher-Block Chaining mode (CBC mode) or some other proven mode. You can find more on the encryption modes here:

This is part 13 of the Modernizing Your Infrastructure with Hybrid Cloud series. You can find find the rest of the series located here:

AzureVIPHopefully by now you have had a chance to use Microsoft Azure Virtual Machines and Websites. One of the things you might want for your server on the internet is an IP address that doesn’t change. You may want this to ensure your outbound traffic from your Azure server uses a predictable IP address. This will enable you to set a DNS record or a firewall rule with your dedicated IP address. Another benefit of reserving an address is that you keep your IP address even when you de-provision your virtual machine.

There are some important steps you need to pay attention to:

  • At this time, you can’t go back and apply a reservation to something that’s already been deployed, so you must reserve the IP address first, before deploying.
  • You reserve a Virtual IP and the VIP will stay with your cloud service.
  • There is a limit of 5 reserved IP addresses per standard subscription. Limit can be raised via a support request.
  • There is a limit of 100 reserved IP addresses per Enterprise Agreement subscription. Limit can be raised via a support request.
  • The first 5 actively used IP addresses are free. Otherwise IP addresses are about $4 a month.
    Pricing details here:
  • Reserved IP is supported only for Regional VNets. It is not supported for VNets that are associated with affinity groups. For more information about associating a VNet with a region or an affinity group, see About Regional VNets and Affinity Groups for Virtual Network.

Currently there is no way to reserve your IP address in the graphical web tools. That’s right you must use PowerShell. In the tables below are the commands that are available today to set IP addresses. The three main commands are:

Command Explanation
get-help *-AzureReservedIP* List all Azure reserved IP commands
Get-AzureReservedIP View all of your reserved IP addresses
New-AzureReservedIP Reserve a New IP address
Remove-AzureReservedIP Delete a Reservation


In the So lets take a look at using this on my Azure account:

Command Description
New-AzureReservedIP –ReservedIPName “MyServer1IP” –Label “Server1IP” –Location “West US”


Create a new reservation
This creates the reservation in the location specified. Once complete it is ready to use when creating a new VM.


List out my reserved IP addresses

Get-AzureReservedIP lists out the Azure Reserved IP addresses you have.

New-AzureQuickVM -Windows -ServiceName bjl3 -Name bjl3 -InstanceSize Small -ImageName “” -AdminUsername brian -Password Your$Random^Password#Here –ReservedIPName MyServer1IP –Location “West US”


Create a VM using the reservation

I used the quick create command-let to create my VM.

Get-AzureVMImage |  Select-Object -Property ImageName |  Out-GridView


Get the Platform Image Name

In the create command I used a platform Image but they keep getting updated and that name changes. So to get the current platform name I use the get-AzureImage command.
Once the Out-GridView window opened I set a filter of “windows-server-2012-r2” to narrow the list of images down. Then I used the image name in the Quick VM create command.



List out multiple addresses

Here I have two reserved IP addresses – the first is in use on a VM and the second is just reserved.

Remember you are charged for the unused IP address.

Remove-AzureReservedIP -ReservedIPName MyServer2IP


Remove a Reserved IP address

Removing a Reserved IP address is easy. Just give the reserved IP name and it’s gone.


Here are the commands from above that reserve your IP and then create your VM.

New-AzureReservedIP –ReservedIPName “MyServer1IP” –Label “Server1IP” –Location “West US”

New-AzureQuickVM -Windows -ServiceName bjl3 -Name bjl3 -InstanceSize Small -ImageName “” -AdminUsername brian -Password Your$Random^Password#Here –ReservedIPName MyServer1IP –Location “West US”


I hope that helps make it easy for you to reserve your IP address today for your Azure VMs!


For more details see the articles below:

powershell2-300x300My Father introduced me to computers when I was in high school and one of his favorite tools he would add to his workstation was a DOS tool called “whereis.exe”. The whereis name comes from a Unix command but that is not what I like about it. The executable my Dad  had was a great search tool in the old days, long before search was built into the OS and I want a tool like that.

I have looked for this tool and been disappointed with most things I have found. So, when I was brushing up on my PowerShell I looked for an equivalent way to search. I did find the PowerShell standard command for this – get-childitem, but it left me wanting more. Then I found this old article by Tim Bolton: It is about a PowerShell script called whereis.ps1 and it looked promising. It was very well written and commented by Bill Stewart.

I made some changes to the script to ignore errors and change the output to make it fit my wants better. I also made a few changes to the self help to give the syntax of more complicated commands. Now it is exactly what I was looking for! Let me know if you need help getting this to work for you!



Here is the code:

# Whereis.ps1
# Origionally Written by Bill Stewart (
# Updated by Brian Lewis (
# Searches for files and/or directories.

param ($Name,
       [Switch] $OneLevel,
       [Switch] $Files,
       [Switch] $Dirs,
       [Switch] $Force,
       [Switch] $DefaultFormat,
       [Switch] $Help)

# Displays a usage message and ends the script.
function usage {
  $scriptname = $SCRIPT:MYINVOCATION.MyCommand.Name

  ”    $scriptname”
  ”    Searches for files and/or directories.”
  ”    $scriptname -name <String[]> [-path <String[]>]”
  ”    [-lastwritetimerange <DateTime[]> [-sizerange <UInt64[]> [-onelevel]”
  ”    [-files] [-dirs] [-force] [-defaultformat]”
  ”   set-alias whereis ./whereis.ps1      # if you set the alias you can just type ‘whereis’ instead of .\whereis.ps1 :)”
  ”             whereis blewis.txt”
  ”             whereis blewis.txt -path c:\users”
  ”             whereis blewis.txt c:\users -Force”
  ”             whereis *blewis* -path c:\users -SizeRange 55000,10000000″
  ”             whereis blewis* -path c:\users -LastWriteTimeRange 4/18/2014,6/18/2014″
  ”    -name <String[]>”
  ”        Searches for items that match the specified wildcard pattern(s).”
  ”    -path <String[]>”
  ”        Searches for items in the specified location(s). If not specified, the”
  ”        default is to search all local fixed drives.”
  ”    -lastwritetimerange <DateTime[]>”
  ”        Limits output to items matching a date range. A single value means”
  ”        “”items modified from the specified date and later.”” An array is”
  ”        interpreted as an inclusive date range where the first element is the”
  ”        earliest date and the second element is the latest date. A zero for the”
  ”        first element means “”no earliest date.”””
  ”    -sizerange <UInt64[]>”
  ”        Limits output to files matching a size range. A single value means”
  ”        “”files must be at least the specified size.”” An array is interpreted as”
  ”        an inclusive size range where the first element is the smallest size”
  ”        and the second element is the largest size.”
  ”    -onelevel”
  ”        This parameter limits searches to the specified path(s). Subdirectories”
  ”        are not searched.”
  ”    -files”
  ”        Searches for files. This is the default. To search for both files and”
  ”        directories, specify both -files and -dirs.”
  ”    -dirs”
  ”        Searches for directories. To search for both files and directories,”
  ”        specify both -files and -dirs.”
  ”    -force”
  ”        Expands the search to find items with hidden and system attributes.”
  ”    -defaultformat”
  ”        Outputs items using the default formatter instead of formatted”
  ”        strings.”


# Returns whether the specified value is numeric.
function isNumeric($value) {
  [Decimal], [Double], [Int32], [Int64],
  [Single], [UInt32], [UInt64] -contains $value.GetType()

# Outputs the specified file system item. With -defaultformat,
# output the item using the default formatter; otherwise, output a
# formatted string.
function writeItem($item) {
  if ($DefaultFormat) {
    “{0} {1:yyyy-MM-dd HH:mm} {2,15:N0} {3}” -f $item.Mode,
      $item.LastWriteTime, $item.Length, $item.FullName
  else {
   $item | Select-Object Name,Directory

function main {
  # If -help is present or the -name parameter is missing, output
  # the usage message.
  if (($Help) -or (-not $Name)) {

  # Convert $Name to an array. If any array element contains *,
  # change the array to $NULL. This is because
  #   get-childitem c:\* -include *
  # recurses to one level even if you don’t use -recurse.
  $Name = @($Name)
  for ($i = 0; $i -lt $Name.Length; $i++) {
    if ($Name[$i] -eq “*”) {
      $Name = $NULL

  # If no -path parameter, use WMI to collect a list of fixed drives.
  if (-not $Path) {
    $Path = get-wmiobject Win32_LogicalDisk -filter DriveType=3 | foreach-object {

  # Convert $Path into an array so we can iterate it.
  $Path = @($Path)

  # If a path ends with “\”, append “*”. Then, if it doesn’t end with
  # “\*”, append “\*” so each path in the array ends with “\*”.
  for ($i = 0; $i -lt $Path.Length; $i++) {
    if ($Path[$i].EndsWith(“\”)) {
      $Path[$i] += “*”
    if (-not $Path[$i].EndsWith(“\*”)) {
      $Path[$i] += “\*”

  # If no -LastWriteTimeRange parameter, assume all dates.
  if (-not $LastWriteTimeRange) {
    $LastWriteTimeRange = @([DateTime]::MinValue, [DateTime]::MaxValue)
  else {
    # Convert $LastWriteTimeRange to an array (if it’s not already).
    $LastWriteTimeRange = @($LastWriteTimeRange)
    # If only one element, add max date as second element.
    if ($LastWriteTimeRange.Length -eq 1) {
      $LastWriteTimeRange += [DateTime]::MaxValue
    # Zero for first element means [DateTime]::MinValue.
    if ($LastWriteTimeRange[0] -eq 0) {
      $LastWriteTimeRange[0] = [DateTime]::MinValue
    # Throw an error if [DateTime]::Parse() fails.
    trap [System.Management.Automation.MethodException] {
      throw “Error parsing date range. String not recognized as a valid DateTime.”
    # Parse the first two array elements as DateTimes.
    for ($i = 0; $i -lt 2; $i++) {
      $LastWriteTimeRange[$i] = [DateTime]::Parse($LastWriteTimeRange[$i])

  # Throw an error if the date range is invalid.
  if ($LastWriteTimeRange[0] -gt $LastWriteTimeRange[1]) {
    throw “Invalid date range. The first date is greater than the second.”

  # If no -sizerange parameter, assume all sizes.
  if (-not $SizeRange) {
    $SizeRange = @(0, [UInt64]::MaxValue)
  else {
    # Convert $SizeRange to an array (if it’s not already).
    $SizeRange = @($SizeRange)
    # If no second element, add max value as second element.
    if ($SizeRange.Length -eq 1) {
      $SizeRange += [UInt64]::MaxValue

  # Ensure the elements in the size range are numeric.
  for ($i = 0; $i -lt 2; $i++) {
    if (-not (isNumeric $SizeRange[$i])) {
      throw “Size range must contain numeric value(s).”

  # Throw an error if the size range is invalid.
  if ($SizeRange[0] -gt $SizeRange[1]) {
    throw “Invalid size range. The first size is greater than the second.”

  # If both -files and -dirs are missing, assume -files.
  if ((-not $Files) -and (-not $Dirs)) {
    $Files = $TRUE

  # Keep track of the number of files and their sizes.
  $count = $sizes = 0

  # Use the get-childitem cmdlet to search the file system, and use
  # the writeItem function to output matching items. For files, check
  # the date and size ranges. For directories, only the date range is
  # meaningful.
  get-childitem $Path -include $Name -ErrorAction SilentlyContinue -force: $Force -recurse: (-not $OneLevel) | foreach-object {
    if ($Files -and (-not $_.PsIsContainer)) {
      if (($_.LastWriteTime -ge $LastWriteTimeRange[0]) -and ($_.LastWriteTime -le $LastWriteTimeRange[1]) -and
          ($_.Length -ge $SizeRange[0]) -and ($_.Length -le $SizeRange[1])) {
        $sizes += $_.Length
        writeItem $_
    if ($Dirs -and ($_.PsIsContainer)) {
      if (($_.LastWriteTime -ge $LastWriteTimeRange[0]) -and ($_.LastWriteTime -le $LastWriteTimeRange[1])) {
        writeItem $_

  # Output statistics if not using -defaultformat.
  if (-not $DefaultFormat) {
    “Found {0:N0} item(s), {1:N0} byte(s)” -f $count, $sizes



More info on PowerShell can be found here:

Running Windows PowerShell Scripts


Keeping Aliases Around