Status of OneNote compatibility Linux (wine/CrossOver)

While both wine and CrossOver have claimed support for Microsoft Office running on Linux, the reality is more mixed and depends on your definition of what is included in Office.

Yes, the core applications Microsoft Word, Excel and PowerPoint work. But in my interpretation, Microsoft OneNote is also definitely part of the Office suite. And support for OneNote is unfortunately still very limited. My experience with OneNote under Linux is as follows.

OneNote 2013 installation bug on wine.
OneNote 2016Broken     

It will install, but it will not run because it needs the “Desktop Experience” pack.
OneNote 2013BrokenIt will install, but it will not run because it needs the “Desktop Experience” pack.
OneNote 2010LimitedIt will install and run, but it will not allow you to use notebooks stored on SharePoint servers or on OneDrive. Collaboration is therefore limited and you can only use locally stored notebooks.

Transferring 4K video files from a Sony action cam (FDR-X3000) to an iPhone

When using Sony action cameras that are capable of recording in the XAVC-S format, especially in 4K, it is not immediately obvious how to transfer these files to an iPhone.

When using the Sony PlayMemories app, the option to transfer the files to the iPhone is grayed out:

The solution is to use a different app, namely the Sony “Action Cam” app. In this app, click “Import”:

Then you will find that if you select a file, it will now even import 4K:

Note: in this approach the downloaded file will be downscaled, and you won’t have the full 4K video on your iPhone. However, this downscaled video can be useful for sharing on social media.

If you want full quality 4K transferred to the iPhone, you have this remaining option (besides using a PC, of course), which is to use the Leef dongle that has a micro SD card reader for iPhone. (If you have a recent iPhone that supports 4K.)

Note that the Leef will also work for A7 cameras, but it only has a micro SD card slot, so you’ll need an adapter.

B-24 ‘Liberator’ bomber dive site, Togean Islands

One of the fascinating dive spots near the Togean Islands, Sulawesi, is the wreck of a B-24 ‘Liberator‘ bomber.
Photo’s of the full crash report can be found at Kadidiri Paradise. I’ve included them here for those that are interested in history:

The wreck lies roughly at a depth of 15 to 25 meters.
It had rained heavily the night before we dove and the visibility was poor. Nonetheless, it was a very interesting dive. The site is home to a lot of lion fishes, so be careful.

Org-mode and wide TaskJuggler HTML export

By default, when using the TaskJuggler exporting function in Org-mode, it will produce a web page that is too narrow by today’s standards:

(Notice the scrollbar underneath the GANTT plot.)

The solution is to put a tweak in your emacs init file that adds columns ... { width 1000 } to the TaskJuggler output.

(setq org-taskjuggler-default-reports
  '("textreport report "Plan" {
  formats html
  header '== %title =='
  center -8<-
    [#Plan Plan] | [#Resource_Allocation Resource Allocation]
    === Plan ===
    <[report id="
    === Resource Allocation ===
    <[report id="
# A traditional Gantt chart with a project overview.
taskreport plan "
" {
  headline "
Project Plan"
  columns bsi, name, start, end, effort, effortdone, effortleft, chart { width 1000 }
  loadunit shortauto
  hideresource 1
# A graph showing resource allocation. It identifies whether each
# resource is under- or over-allocated for.
resourcereport resourceGraph "
" {
  headline "
Resource Allocation Graph"
  columns no, name, effort, weekly { width 1000 }
  loadunit shortauto
  hidetask ~(isleaf() & isleaf_())
  sorttasks plan.start.up

Also, some other tweaks that I found useful:

(setq org-taskjuggler-default-project-duration 999)

(setq org-taskjuggler-valid-task-attributes
  '(account start note duration endbuffer endcredit end
            flags journalentry length limits maxend maxstart minend
            minstart period reference responsible scheduling
startbuffer startcredit statusnote chargeset charge booking))

The first sets the default project duration that I couldn’t seem to set in the org file itself. The second makes it possible to add booking clauses to tasks (so you can define those inside your org files).

Finally, I also found it useful to tweak the columns in the GANTT chart. I added the effortdone and effortleft fields, which are visible in the above screenshot.

Options for using Unity on Linux host

When using a Linux desktop, I often run into situations where I need Windows Office applications. While I am a fan of the Wine project, it does not support all the features that I need (for example: OneNote syncing with SharePoint/OneDrive).

As a result, using a Windows Virtual Machine is often unavoidable. The ideal situation is, however, that the virtualized Windows applications are integrated as much as possible within the Linux desktop environment. Recently I have been experimenting with the available options in this area.

Vmware Workstation 11 Unity (1) VirtualBox Seamless Virtual Machine + RDP (2) Wine (3)
HTML (formatted text) copy/paste No No Yes Yes
Image copy/paste Yes No Yes Yes
Guest windows in host taskbar Yes No Yes Yes
Stability Low (with Office 2016 a lot of glitches; unusable) High Low
(A lot of glitches. Also increased CPU load and lag)
(Glitches / crashes are common)

(1) I am listing explicitly Workstation 11 here. The unity feature was removed from VMWare Workstation for Linux per version 12.
(2) For the Virtual Machine + RDP solution I ran a Windows Server 2016 VM and used xfreerdp in my Linux host. The amount of glitches was quite high and every time your suspend/unsuspend your host system the xfreerdp needs to reconnect to your VM.
(3) Office in wine is not feature complete; for example OneNote does not have SharePoint/OneDrive sync.

With regards to performance:
Initially I thought that the VirtualBox approach would be faster than the VM+RDP due to the networking overhead. In reality, the responsiveness on a large screen (UHD resolution) was better with the VM+RDP than the native VirtualBox display. I haven’t compared the CPU loads, but I did get the impression that the VM+RDP is more expensive in CPU load.

Of all the options, the VM+RDP comes the closest to Linux integrated with a Windows desktop, if you can handle the glitches and increased CPU load. There currently is no perfect solution.

P.S.: this post does not cover the other way around: Windows 10 + WSL + X-server.

Split DNS when 53/udp is in use

Say that you’re doing a pentest/RT with one end of a device connected to 4G dongle and the other end connected to the target network via ethernet. In such cases you want the box to fetch updates via 4G and only use the ethernet for the security test. Split DNS tunneling is a solution. However, sometimes you may already have a process bound to port 53/udp that you don’t want to kill (e.g. a C&C server such as CS / MSF). Unfortunately /etc/resolv.conf does not allow you to specify a port on Linux (as far as I’m aware).

The following settings allow you to run dnsmasq on a different port but still work for a local resolver.

Dnsmasq step:

## vim /etc/dnsmasq.conf:

# Set the alternative port

# Ignore /etc/resolv.conf

# Upstream DNS for normal traffic

# Upstream DNS to resolve domain names for the security test

Local DNS resolver step:

## vim /etc/resolv.conf:

# Dummy nameserver. Will not be actually queried

Iptables step:

# Redirect the DNS queries towards the dummy server
# to go to the local dnsmasq instead
iptables -t nat -I OUTPUT --dst \
-p udp --dport 53 -j DNAT --to

PowerShell script to suspend Windows screensaver at specific locations

Say that you are working with two laptops side by side. You may not like the automatic screensaver kicking in on a laptop while you are momentarily working on the other, in particular if it requires a password to unlock. This may be especially true at certain locations that are trusted (e.g. home).

The following PowerShell script for Windows can be used for suspending the screensaver when you are connected to a specific Wi-Fi network.

$wsh = New-Object -ComObject WScript.Shell
# Idea to use WSH comes from:

while ($true) {
    $wifi = get-netconnectionprofile | Out-String -Stream | Select-String -Pattern "<NAME_OF_YOUR_WIFI_NETWORK>"
    if ($wifi) {
    Start-Sleep -Seconds 60

C2750D4I RMA in NL

I bought an ASRock C2750D4I motherboard for my NAS in October 2014. In March 2017, my board was struck by a firmware bug that involves the BMC flash storage being worn out too quickly because of a bug in the watchdog. This is a well-known issue.

Since my board died after more than two years, I was worried whether I could still get it RMA’ed. The shop where I bought the board stated I only had two years warranty.

Luckily, the folks at ASRock were very helpful. I discovered that (also) in The Netherlands you have three years warranty on the C2750D4I.

I received a replacement board from ASRock quickly. As of now, half a year later, the new board is still operating perfectly. I can only say that my RMA experience with ASRock has been positive.

Mapping Stuxnet on the ATT&CK framework

The MITRE ATT&CK framework is a great tool for blue teams.

As an exercise, I tried mapping the Stuxnet attack onto the ATT&CK framework. As a source, I used the excellent Symantec Stuxnet paper.


  • I tried cramming it all into one slide, sorry for that. Defense evasion is indeed that big.
  • There are multiple ways to do the mapping. There could also be mistakes (caveat emptor). I welcome any bugfixes.
  • The credential access row is empty, since from what I read it used the user’s credential token not their actual passwords. The exfiltration row is empty because the paper shows that this instance was primarily meant for infecting the SCADA systems. Of course, the malware was able (via its C&C connection) to have exfiltration modules, but these were not discussed.

PDF version: ATT&CK – Stuxnet.

Cleaning up broken snapshots (snapper + btrfs)

The combination of btrfs + snapper is a great solution for the Linux desktop. Perhaps even the best thing since sliced bread. Once properly set-up, you can rollback any file that you may accidentally damage at some point. I’ve found it invaluable during software upgrades/migrations (oops, are all your desktop panels gone after upgrading? don’t worry, just roll back) or when running into bugs (oops, the Digikam library got corrupted? don’t worry, just roll back).

Configuring snapper involves letting systemd activate it regularly using systemd timers. This works well, although you may end up having corrupt / incomplete snapshots if your computer crashes in the middle of a snapper operation.

Having broken snapshots will be made known to you in the journal with events such as:

:1: parser error : Document is empty

This message indicates that you have work to do to clean up broken snapshots. The following Bash oneliner may help you do this:

for x in $(grep -hr SUBVOLUME /etc/snapper/configs | cut -d '"' -f 2); do
for y in "$x/.snapshots/"*; do
if ! [ -s "$z" ]; then echo "***$y***"; ls -lah "$y";
read -p "Delete? (y/n)" R; if ! [ "$R" = "y" ]; then continue; fi;
set -x; btrfs subvol del "$y/snapshot"; rm -rf "$y"; set +x;
fi; done; done; unset IFS
  • I’ve broken the oneliner over multiple lines for this post, but just merge them together for use in a shell.
  • This is just a oneliner and not a real program. The way I do it here, is not the recommended way to loop in Bash though it should work fine for this use case (the alternative, using read + while, won’t work here due to a nested read). Refactoring would make it more complex, at which point I’d suggest to just make it a Python program.
  • It needs to run as root.
  • As always, have back-ups. Caveat emptor.

Lombok to Flores by boat (Indonesia)