Setup Windows 10 with as little user information leak as possible

We need to embrace the future, at some point in life, so I decided to install and try out Windows 10 (64-bit) on my virtual machine, despite being happy using the now depreciated -by Microsoft standards- Windows 7 operating system, on my work laptop and other virtual machine on my Mac computer. Windows 10 is here and I need to find more how to get around it, as I had decided to skip Windows 8.x fooling around, altogether.

I heard many people and friends in IT telling me that Windows 10 is good enough and deep down resembles to previous Windows iterations, but the only serious drawback was the widely-publicized and criticized “leak” of user data and information, a very deterring issue for whoever wants to move across and take the… leap of faith. So I decided to read and collect articles and bits about the security of Windows 10 and how to enforce user-preferences for the least leaking possible.

Also, despite the numerous and detailed articles, I was also happy to encounter private efforts of people that put all those needed system changes and tweaks in one, concise tool, that would help speed-up the “securing” procedure and also make sure that no communication “hole” -based on up-to date knowledge- is left open.


There is a large number of interesting articles found on the Internet, providing step-by-step instructions on how to disable such “spying” by means of Control Panel settings. The most notable for me, are:

1) Windows 10 violates your privacy by default, here’s how you can protect yourself by (with screenshots of each window’s settings)

2) Fix Windows 10 privacy by (includes Windows 7 and 8 fixes, too, that I ignored until reading the article)

3) How to Configure Windows 10 Privacy Settings During Setup by

4) The Ultimate Windows 10 Security and Privacy Guide by (with explanations on each security switch that needs to be turned off)

It seems that even during setup of Windows 10 on any machine, choosing the correct privacy settings is equally critical, for starters.


Following the tips and steps that most of these -and similar- articles advise, I could not rest assured that the work was fully done. As usual with our modern world, suspicion crawled in and I felt that there was more to be done to secure my privacy.

This is lunacy, considering how much effort and time is spent on protecting my own data and related information or statistics, when such “leaks” from the new Windows OS could have not been included the first place! The IT world is definitely taking an unknown, darker path.

Thus, based on the original article by titled 6 free tools that stop Windows 10 from spying on everything you do -despite being written over a year ago- I was still happy to see that some of these tools have still been around and kept updated, making our life towards better privacy a little more easy.

Until today, a year after Windows 10 was released, there are 2 tools that really stand out of the crowd.


First to be considered is the tool called W10Privacy from a German developer (found here) now with English/French/German/Spanish menus -most likely due to its grown popularity- what started as a private own project.

With its simple, straight-forward interface, W10Privacy wins the power-user but may scare novices, a little. It includes a comprehensive list of security tweaks and checks, most of them not found anywhere near Control Panel. As the website mentions:

Microsoft generously enables everybody to change the concerning settings, but hides them in countless menus, where a normal user does not want to search for!

The program should therefore be a help, to display the available settings relatively clearly and to set the desired options if necessary.

Do not be overwhelmed by the many tabs; it’s just a logical split of tweaks instead of having them all-in-one list. It is intimidating -for sure- but the list seems quite exhaustive. The user or administrator is assisted with color-coding of each tweak, denoting severity and recommendation level. The developer also writes that the project is work-in-progress so we are bound to see more settings to be enabled or disabled with coming versions.

W10Privacy Main Window

Using W10Privacy relies on selecting the tweaks for each category, and then apply them. There is an option for creating a -many times needed- restore point, so the user can revert in case some functionality… well… get “screwed”.


Secondly, the tool DoNotSpy10 seems to rise to the occasion, too (found here). It also includes a long list of security tweaks, but the interface does not intimidate the user that much. Through its lighter design, running the tool checks for the fixes already present; color-coding warns the user of the severity of the fix, if applied.

DoNotSpy10 Main Screen

I can only trust the developer(s) of DoNotSpy10 tool that their list of fixes is full and nothing’s been left out (except those yet to be discovered?) as I don’t have the luxury of time to dig further into the matter of deeply enhancing my Windows 10 privacy experience. The only reported drawback of using the tool is found in the installation procedure: It seems to install the OpenCandy framework, as DoNotSpy10 is ad-supported. Per user quietman7 comments:

[DoNotSpy10] appears to be detected as a Potentially Unwanted Program (PUP) / Potentially Unsafe Application (PUA) most likely because it includes OpenCandy.

OpenCandy is an advertising application distributed by the OpenCandy Software Network which displays ads in other programs. The use of advertisement is a way to promote software packages and recover development costs. The OpenCandy FAQs answers many questions users may have about this product.

OpenCandy is technically not installed on a computer, does not collect personally identifiable information and in most cases allows the user to choose whether or not to install advertised software recommended by the vendor. Although no personal information is collected, the software does collect anonymous statistics about events and other data during installation. See What information does OpenCandy collect?

So just a word of precaution: although the developer(s) of DoNotSpy10 tool would like to seemingly obtain a small source of income to cover costs -and rightfully so- we are prompted to donate if we are happy with the tool, thus receiving the OpenCandy-free installer. In my honest opinion, OpenCandy doesn’t feel like a show-stopper and is seemingly harmless, definitely less important to deal with compared to all those privacy leaks of Windows 10.


Have a good time with Windows 10, privacy-leak-free, everyone.

Replacing with silent fan on Icy Box IB-3620U3 enclosure

I have recently purchased the well-built Icy Box IB-3620U3 dual hard-disk (3.5″) enclosure by Raidsonic, featuring an aluminum chassis and USB v3.0 connectivity, making it ideal for local backups, even side-storage for more demanding work.

Despite the build quality and rather compact size, the embedded stock cooling fan (rear) that came with the Icy Box was more noisy than expected, despite being a relatively decent brand (Yong Lin Tech Co. Ltd.) from Asia.

Following a couple of excellent articles (by Pavel Rojtberg and Robin Jakobsson) that show how to remove the stock fan and replace with a newer, silent one, I decided to take a slightly different approach and replace mine with an equally slim fan, but silent (still more expensive than average fans of 10mm or 15mm thickness).

The stock fan is model DFS601012M and features a brushless blade, 60mm diameter with thickness 11mm approximately, powered with 12V by just 2 wires (i.e. constant speed at 4200rpm with an air-flow of 17.74CFM and acoustic level of 31.6dB, according to its specifications). After constant searching for a closest alternative, I eventually ended up buying a Xilence replacement fan, as it was the only fan that featured low-noise and was available -rather fast- in the local market (buying it from the local market would most likely secure it as an original Xilence unit, instead of some knock-up on eBay, as it’s hard to detect them).

Stock Fan Specs

The closest Xilence model found is COO-XPF60S.W at the same 60mm diameter, almost same thickness (it’s 12mm) and quieter operation (12V with speed of 2100rpm at an approximate 12CFM air-flow and 22dB noise level).

Fan Comparison

Thanks to the two other articles for the Icy Box units, the removal of the rear cover (fan and enclosure) seemed rather easy, but then I realized that I had the wrong power-plug for the fan. The Xilence comes with 3-pin Molex connector but the stock Yong Lin Tech fan had 2-pin power and smaller (2.0mm) plug! (apparently found on VGA-cooling fans) Instead of cutting and soldering, I decided to dig the internet and find a low-cost adaptor from Asia, thus making the fan replacement rather simple. The needed pin-adapter was eventually found, with the title “3 pin to 2 pin adapter, fan cable, 12V cooler fan, VGA cooling fan 2 pin, mini 2 pin, 2.0mm” on; few days later, I received it and confirmed that it was spot-on choice.

2-Pin / 3-Pin Molex Adapter

The procedure is simple but needs some caution, as with all such parts being replaced; the use of a long, thin Phillips screwdriver is advised.

Screws Location

1. Unscrew the 6 screws that hold the rear cover first; remove it carefully. Be sure to not strain the fan’s 2-pin power cable; then, remove the fan’s plug from the small circuit board. Now the cover is totally free.

Rear Panel & Cable Removal

2. With the rear cover free, remove the 4 screws that hold the fan protection cover, thus freeing the stock fan itself.

Rear Fan & Protection Removed

3. Plug the 2-pin/3-pin adapter cable onto the circuit board; this adapter cable should normally be quite short.

Cable Adapter Plugged

4. Make sure that the 3-pin Molex (female) plug is visible through the fan opening on the rear cover; put the cover back in place and screw it (6 screws in total).

Rear Cover Screwed Back

5. Plug the new fan onto the adapter cable that’s hanging through the fan opening; if needed, wrap the fan cable with some cable-tie, as it’s longer than we need, but be sure there’s some slack i.e. freedom of cable movement.

New Fan Plugged

6. Carefully place the new fan in position, making sure that the excess cable is pushed on the top-side (there’s a visible metal bracket that covers the internal HDDs) so that it doesn’t get damaged in any way (even if ever re-opened); once the fan is set, put the fan protection cover back, and screw it (4 screws in total).

New Fan Put In Place

That’s it. Now, you can power-on the enclosure and witness the lack of noise🙂

The resulting noise (or lack thereof) is pleasing to the ear, and the 1mm extra thickness of the new Xilence fan is barely noticeable (thankfully, the screws of the fan protection cover are quite long). With both 1.5TB WD Green drives running, the enclosure is not getting warmer to my experience (i.e. due to the lesser RPM and CFM) but that’s just my own environment and room temperature.

New Fan Protrudes

A couple of things to note:

1. Be wary of the new fan orientation, when placing it on the rear cover. Pay attention to the blades of the stock fan (when removing it) and be sure that you respect the (outward) air-flow, as both fan(s) are too thin to mention air-direction on the side (like on most thicker 20-25mm PC fans, denoted by some arrow).

2. Also be careful of the fan power-cable position; the assembly at factory had the cable going down towards the right corner. Be sure that when you place the new fan back in, the cable is not obstructing air-flow.

3. You may need to add some small, thin foamy pads (as stickers) on a couple sides of the new fan, as the stock fan already has 4 of them (i.e. on each side). I am not sure where one can find such pads, but they seem to minimize the vibration of the fan itself, as well as keep it firm inside the rear panel.

Foamy Pads Suggestion

Turn off IPv6 due to VPN client on Mac OS X 10.10 or newer

I recently purchased a VPN account, so I can get first-hand experience on using such technology, and decided to give NordVPN a try, as their service seemed to be affordable for my educational budget. After downloading and installing their client, I noticed that I could still not be “protected” so I decided to contact their Customer Service via chat.

A nice representative told me that their service currently does not support IPv6 (for whatever reasons that I didn’t ask) and that I should disable IPv6 on my active network interface, for the VPN connection (to their network) to work properly.

The first guide that I consulted after a quick web-search pointed to an “Off” option in the TCP/IP tab of the network interfaces, which seems unavailable for my Yosemite 10.10.5 installation. I was puzzled as I had seen screenshots of that option being there, on other websites.

No IPv6 Off Option

Apparently, this missing “Off” option is the case for fresh El Capitan 10.11 installations, too.

Upon further search, I stumbled across an older article on OS X Daily that shows how to directly switch IPv6 feature off, via a special Terminal command.

I studied the command and realized that the article had reference to the generic interface(s) of Mac OS X, but on my machine these weren’t valid. This action thus requires some more attention if you wish to disable IPv6 via Terminal, namely to type the exact name of the interface to be disabled. In my case, I had a different name — and this exact name, as it appears in the list of “Network” settings, should be copied across.

Rather using the generic interface names, such as:

networksetup -setv6off Ethernet
networksetup -setv6off Wi-Fi

…I had to use my own, custom-named interface instead (with quotes):

networksetup -setv6off "Ethernet (en1)"

This command prompts the user to enter his/her administrator password, and immediately applies the setting that results to an “Off” being now available as an option.

IPv6 Off Option Set

Reverting to “normal” is equally easy; either select “Automatically” in the TCP/IP tab of the network interface in question (and apply) or use the corresponding command in Terminal:

networksetup -setv6automatic Wi-Fi
networksetup -setv6automatic Ethernet

Now we can use the VPN services… Hopefully, a future update (to the NordVPN client, that is) will render such action obsolete.

Setting up MSI Z97i-AC motherboard (for running OS X)

Following my failed attempt to setup a stable haxie with my previously purchased Gigabyte GA-Z87N-WIFI motherboard and my fast Haswell CPU, despite other users not having any reported issues (per my search results on the net), I decided to ditch it and go for something different. The price point and budget allowed me to choose between an ASUS and MSI branded mATX motherboard, so I went for the MSI Z97i-AC board, as it was offering DisplayPort that I really want to checkout. Please note, it’s not the “Gaming” variant, which costs more (for some reason).

I installed the Intel Core i7-4790K processor (4.0 GHz), hence still in need of a Z97 chipset that can support such unlocked CPU. Additionally, I used again my 2 Corsair Vengeance (Low Profile) memory modules (1600MHz CL9), totalling 16GB of dual-channel RAM (they support Intel XMP v1.3, too). No dedicated graphics card, since I planned to use the embedded Intel HD Graphics 4600 of the CPU (more like a Mac Mini). The cooling is performed by a Skythe Ashura, for really silent computing (and some over-clocking, too).

After assembly, I booted the computer and went straight to the BIOS update menu, flashed it with latest v4.9 firmware (as found on MSI’s own website). With some parallel research on my favourite forums, the seemingly typical BIOS settings are really minimal, summarized below:

  1. Update to the latest available BIOS from manufacturer!
  2. Load “Optimized” Defaults;
  3. Disable “Intel VT-d Technology” completely (otherwise, OS X won’t boot);
  4. Disable “CFG Lock” completely (very critical, won’t boot either);
  5. Enable “Extreme Memory Profile (XMP)” to boost performance.
  6. Optionally:

  7. Disable “Serial (COM) Port” completely (not really needed, but it’s just me);
  8. Disable “Full Screen Logo” option (there’s a good reason for it, I will explain);
  9. Set to “IGD” as the graphics adapter to initialize (if only using HD Graphics);
  10. Check that “Intel C-State” is enabled (check with your CPU specifications);
  11. Finally, check that “C1E Support” is enabled (check with your CPU specifications).

After this handful of changes, go to the main screen and opt to “Save And Reboot” the computer. You are done!


Since I need to keep a record of this for my own reference, too, here is the visual guide of minimal BIOS settings to run OS X via Chameleon or Clover.


Welcome to the main BIOS screen of this motherboard, freshly updated to latest v4.9 firmware. Click on “Settings” button (left, top) to start.

1. Load Optimized Defaults

MSI Restore Defaults Select

MSI Load Defaults

We need to be sure to start from “scratch” so loading the defaults is the first step to every successful Hackintosh.

2. Important “CPU Features” to disable!

MSI CPU Features Select

I wasn’t aware of these two settings and how critical they are, for recent generations of motherboards, especially “CFG Lock”. I had read somewhere that it’s preferrable to disable Intel’s “VT-d” feature in BIOS (if your CPU supports it) as there doesn’t seem to be any Mac OS X applications that use it. Most of the times, this setting didn’t allow the computer to properly boot OS X, either. In any case, recent iterations of Chameleon and Clover allowed to safely bypass this BIOS setting by including dart=0 in the kernel flags and settings. Use this only if you are sure that you need it.

MSI Intel VT-d Disable

Over on MacBreaker, one reads:

Disables the VT-d virtualization technology built into certain Intel processors. For Hackintoshes, VT-d is pretty useless; virtually no Mac OS X applications use it (virtualization apps like Virtualbox tend to use the alternative VT-x technology, instead), and certain Hackintosh motherboards have been known to crash in Mac OS X when VT-d is enabled.

Of course, disabling “VT-d” for starters, allows to setup the haxie with minimum of effort and bootloader settings. Later on, if someone really needs it, using kernel flag “dart=0” during boot time seems to solve the issue. I personally haven’t tried it, but it’s all over the forums.

MSI CFG Lock Disable

The “CFG Lock” is a setting that is quite new in UEFI BIOS, or appears in some manufacturers. For example, I never encountered it on my Gigabyte GA-Z87N-WIFI BIOS settings, despite using this same CPU. Nevertheless, it seems critical and related to Haswell’s power management as nearly all UEFI BIOS versions seem to “lock MSR 0xE2”. Disabling it is crucial, especially for running OS X 10.10 (Yosemite) and booting stock kernel. What does this “locking” do? All I can find is that it locks cuurent C-State until the next reset occurrs. Beats me, but OS X doesn’t like it!

3. Get that RAM in optimal speed

One of the last things to do, for better performance, is to enable the XMP profile of the memory modules if they support it (please check your specifications). I purchased these Corsair RAM modules knowingly that they support XMP, so I wanted to set them to run at 1600MHz.

MSI 12 XMP Profile Select

MSI XMP Profile Enabled

Having XMP as part of the hardware specifications is nice, but not needed. Nevertheless, if someone is going to buy new RAM modules anyway, better get the full monty as price-difference is too small compared to other non-XMP modules, for same total capacity.

4. Save settings and reboot!

Pretty straight-forward action…

MSI Save And Reboot

Now we are ready to run our Mac OS X USB Installer that we previously created on another computer running OS X! More on that, coming soon. I will post my optimal Clover flags, too.


5. Disable Serial (COM) Port

I agree, these are my own personal additions to the guide, however, the serial (COM) port is nowhere needed on Mac OS X and disabling it will prevent it from appearing in the “Network” interfaces of “System Preferences” as I want my haxie to look as close to a real Mac as possible.

MSI Serial COM Configuration Select

MSI Serial COM Port Select

MSI Serial COM Port Disabled

6. Disable that Full Screen Logo

The reason I always disable the fancy boot screen logos of my Hackintosh efforts, is really practical. If the computer running OS X sleeps, restarts or resets and the boot screen then shows the logo, this means that some process or kext failed, resulting to CMOS reset. This was particularly evident in Mac OS X 10.9 (Mavericks) without patching the ACPI kext accordingly, causing CMOS reset every time the computer went to sleep and woke up.

MSI Full Screen Logo Select

MSI Full Screen Logo Disabled

7. Initialize Intel’s integrated graphics first

If you don’t plan to use a dedicated AMD or NVIDIA graphics card, but only stay with Intel’s own integrated graphics controller (Intel’s Core i7-4790K embeds the HD Graphics 4600 controller, perfect for a Mac Mini emulation) then why not telling BIOS to initialize the embedded graphics by selecting “IGD” first?

MSI Integrated Graphics Select

MSI Integrated Graphics Enabled

I have discovered via trial-and-error that on my Hackintosh, changing the “Shared Memory” setting from 64MB to anything else, crashes the computer during boot-time (on both Yosemite and El Capitan). I would therefore recommend to not alter the value that comes with “Optimized Defaults”!

8. Check and set advanced CPU features

Finally, a couple of advanced optional BIOS settings that we could enable, have to do with the so-called “C-States” and the “C1E” feature (Enhanced ‘Halt’ State) that highly depend on the Intel processor used.

MSI Check C-State Enabled

In order to achieve optimal speed-stepping and better power conservation, CPUs now include several such “power modes” that are collectively called “C-States”. With more recent Apple models and Intel processors, there is a growing need to enable such “modes” either by purchasing a CPU that already exists in released Apple computers (so-called “Vanilla”), or to generate such needed information using Piker Alpha’s excellent script (I know, this is for advanced users, but I need to mention it).

The basic idea of these modes is to cut the clock signal and power from idle units inside the CPU. The more units you stop (by cutting the clock), reduce the voltage or even completely shut down, more energy you save, but more time is required for the CPU to “wake up” and be again 100% operational. These modes are known as “C-states” or “C-modes”. They are numbered starting at C0, which is the normal CPU operating mode, i.e. the CPU is 100% turned on. The higher the C number is, deeper is the CPU sleep mode, i.e. more circuits and signals are turned off and more time the CPU will take to go back to C0 mode, i.e. to wake-up.

As you can see from the above definition, such feature is directly affecting the performance (and also ‘sleep’) of the Hackintosh, so use this feature only if you are comfortable with Hackintoshing.

Similarly, the “C1E” feature is a power management state that allows the processor to reduce power beyond just the cores. If you plan to use a standard Intel processor with or without Piker Alpha’s SSDT script support, you can enable this in BIOS to achieve better power management.

MSI Set C1E Support Enabled

From various posts that deal with O.C. (i.e. over-clocking) I read that this feature must be absolutely disabled if you plan to over-clock your Intel processor beyond its factory setting, with the absolute need for Piker Alpha’s SSDT script generated to fit your needs.

A nice and highly useful tool to see if your Hackintosh is achieving these power states, is called Intel Power Gadget and I strongly recommend you download and install it on your Hackintosh!


Modern UEFI BIOS versions have important settings enabled by default — that weren’t so, in the past. In the case of the MSI Z97i-AC, I had no more work to do, but it’s always good to check them and remember them, so we never forget.

  • HPET must be enabled and set to “64-bit” mode, if such setting is available;
  • AHCI must be the chosen SATA Control Mode of your setup;
  • Both EHCI and XHCI “Hand-Off” are usually left enabled, depending on your board and chipset;
  • Similarly, XHCI Mode should be left to Auto, if such setting is available (avoid “Smart Auto”);
  • ACPI Suspend Type must always be in S3 (STR) mode;
  • Check that Secure Boot Mode is disabled, or UEFI Mode is set to “Other OS” (i.e. not Windows 8 mode)


Useful haxies installing Windows 7 (Part 1)

I recently needed to install Windows 7 (Home) on my old Dell Inspiron Mini 10V (1011) netbook so my mother-in-law can learn how to type. Quite a strenuous procedure, as I have been spoiled with Mac OS X that has had the smoothest of installation procedures, including all updates (it took almost 24h to get all Windows 7 x86 updates on that small, slow computer).

First of all, an easy and quick way to avoid CD/DVD media burning (of the Windows 7 ISO) is to create a bootable USB disk, through Microsoft’s own free Windows USB/DVD Download Tool tool, requiring an original Windows 7 (x86 or x64) ISO image (e.g. from MSDN).

Then, once the USB preparation is done, a simple hack that requires a single file to be removed (called ei.cfg) will allow to bring up -during installation- a list of choices of Windows “operating systems” to install i.e. Starter, Home, Professional, Ultimate, etc. regardless of the ISO you have used. However, the architecture remains same across: that is, x86 or x64 (depending on the used ISO) and not both (on same USB with this creation method, anyway).


A list of actions that I must perform next, will be described here below, for the sake of my next reference instead of searching the web. It’s nothing advanced, just some stuff to remember to do… perhaps useful to you, too.

1. Switch to the automatic logging of main user to Windows
I keep forgetting the command to run is “netplwiz.exe” as found in this useful article. Simply select the user account from the list, uncheck the “Users must enter a user name and password to use this computer” checkbox then click the apply button.

Auto-Login Setting

2. Complete the Windows Update procedure and reclaim space
With a small (in capacity) and old SSD installed in that netbook, I needed to reclaim the wasted space after installing those painfully slow updates. From an initial 30GB drive, after installing Windows 7 (with SP1 integrated) I got left with some 17GB and now down at 10GB due to the storage of the Windows Update backups!

The supposedly magic command is “cleanmgr.exe” as per this article, but I did follow the tips of this other article, too.


3. Remove that annoying Windows 10 Upgrade notification
Ever since it appeared on the bottom taskbar and scared off people as a hoax, I have been searching for a permanent and official way to remove it. It appears it’s related to some Windows Update and more specifically to KB3035583 that needs to be uninstalled from the Windows Update items/list. Unfortunately, in the description that appears (on the right) to this KB3035583 in the Windows Update list, there’s absolutely no reference to this new “Windows 10 Notification” so one need to remember KB3035583 and never install it (and hide it).


4. Change the system language without “Ultimate” version installed

The installation ISO that I used to create that bootable USB was in English language, but the target computer (the Dell notebook) should eventually end up in another system language. As I installed “Home” and not “Ultimate” edition of Windows 7 (x86) I could only get the system language changed via Vistalizator to any other language of my choice. This excellent tool accomplishes the task easily and in a couple of steps, to the point of being fool-proof. It officially downloads the chosen language pack from Microsoft’s own servers, so the end-result is the real deal. Despite being created for Windows Vista originally, Vistalizator remains a highly valuable tool.


Please note that it is recommended to switch to another system language (via Vistalizator) first thing, after a clean Windows 7 installation.

5. How to facilitate further Windows Update items
Since there was never a Service Pack 2 released (SP-2) to the dissatisfaction of most Windows 7 users (that would indeed make our lives easier) and rather than creating a bootable Windows 7 installation disc/image with slipstreamed updates (not a procedure for everyone) there appears to be a miraculous tool called WSUS Offline Update filling this gap, that is thankfully still being updated.

This tool is seemingly helping users to download and group those (dreadfully many) updates once and in one place, allowing for off-line use in many Windows 7 installations. From the website, one reads “Using WSUS Offline Update, you can update any computer running Microsoft Windows and Office safely, quickly and without an Internet connection.” Of course, any machine-dependent device drivers that normally appear as “updates”, are not downloaded via this tool (for example, Network, WLAN, Graphics, etc.) so you will still need to use the normal route of Windows Update service on your computer.


Despite its simple documentation, I have not spent enough time with this tool in order to get a personal opinion or experience using it. My first attempt was to quickly download the main Windows updates for the x86 architecture, and then run its UpdateInstaller.exe on the target machine, as instructed.


However, due to the fact that I used Vistalizator to change the system language (from English) earlier, I am not sure if all the acquired updates were succesfully installed or if WSUS Offline Update was confused about which updates were applicable (due to the new system language) despite saying “multilingual updates” on its main window. It did install some updates, but the target computer’s Window Update service eventually found many more to download and install that I didn’t expect, but excluding device-drivers of course (which is normal).

The next time I ran WSUS Offline Update was to download the Windows updates for both architectures (x86 and x64) as I plan to test the tool on my next VMware Windows 7 installation, on my Mac, to see how it behaves and what updates eventually remain to download/install.


Create back-ups of your DVDs using HandBrake on Mac

I knew this day would come, as it has come for all other friends of mine who became fathers: create back-ups of your original kids-content DVDs, as their constant playback is not only difficult to manage but damaging to the discs themselves. Hooray for the media playback method: digital files! Long live the Matroska format!

An excellent tool that I’ve been using since my first Intel-based OS X days, HandBrake is the solution to digital files creation and of course, MKVs are the only way to go nowadays. Simple in its GUI yet powerful, HandBrake has been a companion for many of us and I am very happy that its development is still on-going.

What I didn’t know until recently is that HandBrake was counting on third-party software to directly read CSS-encrypted DVDs (e.g. “Fairmount” for Mac, by Metakine) something I’ve never experimented with until now. However, this “third-party” software is no longer available nor updated, as “Fairmount” has been acquired by DVDSuki Software and has been merged into “Mac DVDRipper Pro”. But according to this older article in MacWorld, we can still read and convert encrypted DVDs to MKVs for use with our favourite digital media players. In my case, a Western Digital WDTV Live player.

When prompted by HandBrake, simply install the necessary CSS library in your system, re-launch HandBrake and you’re good to go. In effect, what you need is the installation of the file libdvdcss.2.dylib in /usr/lib/ on your Mac system and you won’t be getting these error messages on HandBrake anymore:

HandBreak Missing Library Warning

Open the inserted DVD via HandBrake and wait until it reads all titles and chapters, then just select what you want to convert. Happy converting…

UPDATE: Just found out that user pmetzger got the source code for Fairmount and released a tweaked version. It may or may not remain alive as a project, but it’s worth having a look:

UPDATE: Seems that MacWorld have updated their same article and now we can get the updated libdvdcss.2.dylib versions directly from

Keep “Internet Sharing” alive after rebooting Mountain Lion

You may certainly find guides on how to share an Internet connection (e.g. from your Ethernet to wireless devices via embedded Wi-Fi) on a Mac computer running Mountain Lion 10.8.x but maybe you are in the same boat as I was, some time ago: do the exact opposite.

Due to the serious economical conditions in my home country, I had to leave wife, child, family and friends and move to another country in Europe where I found employment anew. However, renting a furnished flat was easy; getting a telephone and ADSL connection proved impossible.

I therefore had the landlord talk to my neighbour and convince him to eventually share his Wi-Fi with me, at a monthly fee, therefore providing me with a link to the “outside world” in the evenings (that is, FaceTime with my family).

However, I still wanted to hook up to the Internet my 2 Hackintosh computers and my WDTV Live device, besides my iPad. I had to devise a plan and share Wi-Fi Internet through Ethernet.

My smaller Hackintosh (a Gigabyte GA-H61N-USB3 with Intel Core i3-2125 and 8GB RAM) is used as a file/media server and seemed ideal for the task. Back then, while running 10.8.2, I thought that using would solve my problems. However, being computer-literate but networking-apprentice, I could not set it up properly and abandoned all hope.

I then turned to the famous, easy “Internet Sharing” feature of the Mac OS X system, but doing the opposite of what most users did; and it was tricky. After purchasing an OEM 802.11n USB dongle with a flexible antenna (running with the official Realtek RTL8192CU8 driver) the task was to properly configure the settings so I could share Internet via Ethernet to my other devices too: my powerful Hackintosh and WDTV Live player, all hooked to a Gigabit switch.

First step was to set up the Wi-Fi dongle driver, then I made sure the connection was working by using DHCP for quicker, fool-proof results. In this case, the ADSL wireless router was serving a range of 192.168.1.x addresses, whilst the DNS assigned was the router/gateway itself, i.e.

Mountain Lion 'Internet Sharing' Wi-Fi Settings

Then, after a lot of searching and experimenting, I realised that the Wi-Fi dongle (en1) had to be first in the list of network devices, as it’s the one that is providing the connection to the Internet. The Ethernet (en0) connection would thus be second:

Mountain Lion 'Internet Share' Service Order

The next step was the tricky one: the Ethernet (en0) connection must get a manual IP address so that DHCP (a service running on Mountain Lion, this time) can serve any wired devices. This IP range had to be different, however, to the one served by the wireless modem/router and in this case I decided to go with 192.168.2.x and that meant I needed to assign on this computer (to start the DHCP pool):

Mountain Lion 'Internet Share' Ethernet Setup

As it can be seen, the tricky part lied to the Router and DNS settings, as Ethernet (en0) now is relying on Wi-Fi (en1) to have all packets properly routed to the Internet. Both these settings had to be set as, pointing to the wireless modem/router. The Subnet remained the same for the sake of simplicity.

The final step involved just activating the actual “Internet Sharing” itself. In the “Sharing” preferences pane and after clicking on the “Internet Sharing” service, I made sure that my source was set to the 802.11n WLAN Adapter, sharing to computers using Ethernet. When ticked both the “destination” and the service itself, I could see that my other devices immediately picked up an IP address and got connected to the Internet.

Mountain Lion 'Internet Share' Set Connections

As with each Hackintosh set-up, there are changes and updates needing to reboot the computer. Coming from Windows mentality I often reboot this Hackintosh file/media server, sometimes due to the frame-buffering issues that appear on the vanilla Intel HD 3000 display driver. Even after updating to 10.8.4, the new problem found was that upon reach reboot and despite the “Internet Sharing” service being ticked (implying “active”) the actual underlying service would not kick-start. I always had to manually stop and re-start this service by un-ticking and re-ticking this service on the list. Otherwise, wired devices had no access to Internet and curiously enough, could not get an IP address either.

Mountain Lion 'Internet Share' Confirm Start

This was a harder bug to crunch, as for countless times I was literally “digging” in Google results to find a solution using a multitude of keywords. The answer came after reading for a third or fourth time the insightful article “Running DHCP on Mountain Lion Server” where I found that the bootpd deamon is responsible for my problem. Moreover, it seems that Apple programmers decided to keep this daemon dormant at each reboot, as seen in the untouched file /System/Library/LaunchDaemons/bootps.plist where the <Disabled> key is set to <true> by default, meaning that Mac OS X forces the user to manually start DHCP, whenever it is needed. I guess this is the right way to do things but Apple programmers could at least have “Internet Sharing” stopped and un-checked at each shutdown!

The necessary edit is to change this <Disabled> key in line 6 from <true> to <false> and just reboot the system. Better make a backup copy of the file bootps.plist, just in case. This change is quite sensitive and needs to be performed only if the computer is intended to always behave as a DHCP server just like in my own case; now, it is not necessary to stop and re-start the service after each reboot, as long as “Internet Sharing” remains untouched.

Mountain Lion 'Internet Share' Activate Sharing

After activating “Internet Sharing” and following this article found on, I could now see how connectivity works with the new bridge created on the file/media server:

$ ifconfig
lo0: flags=8049 mtu 16384
	inet6 fe82::1%lo0 prefixlen 64 scopeid 0x1 
	inet netmask 0xff000000 
	inet6 ::1 prefixlen 128
en0: flags=8963 mtu 1500
	ether 00:e0:40:48:e0:40 
	media: autoselect (1000baseT )
	status: active
en1: flags=8863 mtu 1500
	ether 08:02:0a:0d:4c:05 
	inet6 fe82::4a02:2aff:fe9d:4c35%en1 prefixlen 64 scopeid 0x5 
	inet netmask 0xffffff00 broadcast
	media: autoselect
	status: active
bridge0: flags=8863 mtu 1500
	ether a8:d2:4a:10:d0:b9 
	inet netmask 0xffffff00 broadcast
		priority 0 hellotime 0 fwddelay 0 maxage 0
		ipfilter disabled flags 0x2
	member: en0 flags=3
	         port 4 priority 0 path cost 0

NOTE: The boodpd daemon starts with the network settings found in /etc/bootpd.plist which were created when “Internet Sharing” was previously activated. This file must not be confused with the actual daemon launch behaviour in bootps.plist.