Missing Office 365 icons after blocking untrusted fonts in Windows 10

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One of my customers contacted me recently to ask about a challenge they had seen with Windows 10. After blocking untrusted fonts in Windows 10, they noticed that parts of the Office 365 portal were missing icons.

The problem

The issue is that Office 365 uses a font to display icons/glyphs (to improve the experience when scaling to adapt to different screen sizes). It appears some browsers are unable to display the embedded fonts when they are untrusted – including Internet Explorer according to one blog post that my colleague Gavin Morrison (@GavinMorrison) found – apparently Edge has no such issues (though I can think of many more issues that it does have…) – Chrome also seemed to work for me.

There’s some good information about blocking untrusted fonts on TechNet and this highlights that:

“Using Internet Explorer to look at websites that use embedded fonts. In this situation, the feature blocks the embedded font, causing the website to use a default font. However, not all fonts have all of the characters, so the website might render differently.”

The fix

So, that appears to be the issue. What’s the fix?

It seems there are two workarounds – one includes excluding processes from the font blocking (but it’s no good excluding a browser – as the most likely attack vector for a malicious font would be via a website!) and the other includes installing the problematic font to %windir%\Fonts.

Tracking down the Office 365 font

So, where do you get hold of the Office 365 font? I thought it should be part of the Office UI fabric but I couldn’t find it there, nor any reference to it in the Office developer documentation (there are some icons in the fabric – but they don’t seem to be the ones used for the Office 365 portal).

There is a site where you can select Office 365 glyphs and download a font file but I’m not sure that will address the issue with the Office 365 fonts being blocked in the portal, so some more detective work was required…

Stefan Bauer has posted quite a lot of information on the Office 365 fonts (there’s more in his “lab”) but it seems the CDN location Stefan highlights has changed. Thomas Daly found some new locations (and helpfully hosts a copy of the font on his site) but I wanted to signpost my customer to a Microsoft-provided source.

One of the locations that Thomas highlights is https://outlook.office365.com/owa/prem/16.0.772.13/resources/styles/fonts/office365icons.ttf but that results in an HTTP Error 404 now (not found). So I opened the Office 365 portal in my browser and started the Debugger. Then, I found the following line of code that gave me a clue:

<meta name="msapplication-TileImage" content="https://r1.res.office365.com/owa/prem/16.1630.11.2221454/resources/images/0/owa_browserpinnedtile.png"/>

I used that base location (up to and including the version number) with the tail end of the URI that Thomas had provided and was pleased to find that https://r1.res.office365.com/owa/prem/16.1630.11.2221454/resources/styles/fonts/office365icons.ttf got me to an installable TrueType font file for the Office 365 fonts on Windows.

I expect the location to change again as the version number is updated but the method of tracking down the file should be repeatable.

Testing my theory

Testing on one of my PCs with HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions set to 0x1000000000000 resulted in Internet Explorer loading the Office 365 portal without icons and Event ID 260 recorded in the Microsoft-Windows-Win32k/Operational log:

C:\Program Files (x86)\Internet Explorer\iexplore.exe attempted loading a font that is restricted by font loading policy.
FontType: Memory
FontPath:

Office 365 fonts blocked - missing icons

After installing the Office 365 icons font (office365icons.ttf) and refreshing the page, I was able to view the icons:

Office 365 fonts installed - icons visible

Uninstalling the font locally and refreshing once more took me back to missing icons.

I then tidied up by setting the MitigationOptions registry key to 0x2000000000000 and restarting the PC, before removing the registry entry completely.

Further reading

Block programs from loading untrusted fonts in Windows 10.

My social media journey

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week, I spent some time with the risual Marketing team recording a short interview on “my social media journey”. The idea was that I have an established blog and I’m prolific on Twitter – what could colleagues pick up from my experience that might help them?

Then the team decided to put it out on YouTube! You can watch the video below but I apologise for the constant glancing at my Surface screen – I only had 20 minutes to prepare and we shot it all in one take!

For those without time to watch the video – these are the notes I prepared in advance for Jordan’s questions:

risual: First off, can you talk about what influenced/inspired you to start using social media/your blog?

Mark: I started blogging in about 2004. We didn’t even use the term “social media” then around about then having a “weblog” had started to become popular. I just wanted somewhere to store my notes and thought they might be useful to others too. 13 years later and there are around 2500 posts on there!

I’m pretty bad at remembering things – even today it surprises me when I search for an answer and my own site comes up in search results!

Twitter was a bit different. I really didn’t “get it” at first, then it clicked one day when I was watching a keynote video and saw the moderated tweets on the hashtag alongside. I could really see the value. I started tweeting soon afterwards (at a Microsoft event) and over time Twitter has become my main social media output.

risual: In terms of starting off, did you have a goal? How did you build up your follower count?

Mark: I didn’t really have a goal, but the site sort of took off – as I wrote more, more people read it. Then I put some ads on the pages and it started to make money. Then Google changed their algorithm and I started to lose money ;-). I’m not in it for the money though.

Actually, there was a time (around 2005) when I was double-blogging on my own site and my employer’s site – myself and Jamie Thomson [@jamiet] (who also went on to be an MVP) had a bit of an internal battle at as the company’s most prolific bloggers – me for infrastructure and him for data!

As for followers, I’m not too worried about the number of followers – more in the quality of those followers.

If you create good content the followers will come naturally.

risual: How much time do you spend updating your blog or using social media daily?

Mark: Not enough and too much at the same time! I would like to have more time to write blog posts but you do have to be in the right frame of mind. I have loads of part-written posts – and even set up a Kanban board in Office 365 Planner a few nights ago to try and sort out my blog post planning!

Twitter is a lot easier – you can tweet on the train, in gaps between meetings, etc. But it’s good to tweet at times when people are around (UK and US business hours) – all too often I find myself catching up on Twitter at bedtime when I should be sleeping. It’s not healthy!

risual: Do you think it’s helped you engage better with other tech professionals with the ability to keep up to date with what topics are “hot”?

Mark: Absolutely. My personal brand has been greatly enhanced with blogging and tweeting. It’s probably how I got my MVP Award and, even though I’m not an MVP anymore I’m still recognised by Microsoft as what their marketing folks call an “influencer”.

risual: What do you get out of it all personally? You’ve obviously got a very busy job and have no obligation to do it, but do, why?

Mark: Narcissism! No, not really. I think personal branding is important in our industry. It’s amazing how often I meet people in the real world that I know via social media. In fact, I once attended an interview where the interviewer told me he read my blog – that was a bit of a curved ball!

risual: It may seem like an obvious question, but what’s your own advice for those starting out on Twitter hoping to build a following?

Mark: Not obvious at all!

  1. Just dive in there and start RTing things you think are relevant.
  2. Tweet links to your own blog posts.
  3. The more you tweet the more followers you will get. It’s just the way it is. Having said that, quality is more important than quantity.
  4. Engage, reply – don’t just broadcast.
  5. Don’t just tweet things to advertise your company! People don’t want to be marketed to (at least not in an obvious way). I sometimes tweet risual posts that I’ve been involved in – or if it’s something that could really make a difference to people – like what we’re doing in Education. But I also mix it with lots of tweets from other people (not just Microsoft!) and about 10% personal stuff. People follow people, not brands!

I have about 43,000 tweets at the moment. Over an 8 year period that’s not many a day (<15 on average) although I have to admit a big chunk of my tweeting was when I was working in a role where it was actually a part of my job!

risual: How do you keep up to date with the latest technology news in order to talk about them when they’re still hot out of the oven?

Mark: I listen to podcasts (like the Microsoft Cloud Show and WB-40) and Twitter is my main news source. I’d like to read more blogs but don’t have the time.

Twitter is a bit of an echo chamber at times but I’ve created some lists of people who tweet interesting content (I have a CTO watchlist, a Microsoft watchlist and a risual list) and I try to keep up to date with them. I don’t actually read all of the tweets for all the people I follow – mostly just the ones on these lists!

Microsoft Teams: General channel syncs files by default

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One of the projects I’m working on is using Microsoft Teams (and the underlying Office 365 Groups functionality) to collaborate. Teams is a new experience for me – I’ve played around with it a little but not had a lot of time to get to grips with it – though I have to say I find the whole Office 365 collaboration story a little disjointed at the moment. More on that in another post in a few days’ time (I hope…).

One thing I have found though, is that the General channel (created by default in Teams) will sync files to every team member’s device. I learned this to my cost when suddenly I found I had no disk space left. Other channels/folders in the associated SharePoint site will sync using OneDrive – i.e. only when sync has specifically been requested – but it’s worth knowing about the “General” sync. I added an empty text file to send a message to others not to save files in the General folder…

Microsoft Teams General Document Library

Teams is currently in preview and this behavior may change before release. I certainly hope so because the new OneDrive client, which finally supports SharePoint, is a much better way to sync files between Office 365 and a desktop device.

Forcepoint’s 2017 Security Predictions

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week, I spent an evening at my local BCS branch meeting, where Scott Bullock (Cloud Trust Officer at Forcepoint Cloud) was presenting Forcepoint’s 2017 Security Predictions.

For those who aren’t familiar with Forcepoint, they were formed from a combination of Websense, Ratheon Cyber Products and Stonesoft. Most of us have heard of Websense (and maybe Ratheon) but it seems Forcepoint have a suite of email, web and data protection products. They cite metrics like 27 globally distributed data centres, 5 billion web transactions a day, and 400 million emails processed per day. Those numbers may be a fraction of those processed by Microsoft (it would be interesting to compare with Symantec) but they are still significant.

What follows are my notes from Scott’s talk. My observations are in the square parentheses [].

A look back at 2016

Before looking at the 2017 predictions, Scott took a look at last year’s score card:

  • US Elections will drive significant themed attacks – A+
  • Mobile wallets and new payment technologies introduce increased fraud risks – C
  • New GTLD domains provide new opportunities for attackers – B
    • These are mostly spelling errors on recognised sites – for example rnarkwilson.name instead of markwilson.name. With the number of GTLDs in existence now, it’s harder than ever for companies to register all of the domains associated with their brands/trademarks.
  • Cyber insurers will require more evidence for coverage – B+
    • It’s no longer good enough to forget about implementing security measures and rely on insurance.
  • DLP adoption will dramatically increase – B
    • Data loss prevention is coming back into favour [I’m not sure it ever went away…]
  • Forgotten technology will increase risks to organisations – B
    • [Technical debt is never good]
  • IoT will help but also hurt more – B
    • Worm took over DVR and DoS…
  • Social views of privacy will evolve – great impact to defenders – B

Forcepoint give themselves a B+ overall… and you can read what you like into whether that means the predictions are worth taking note of (Matt Ballantine has some comments on that in his WB40 podcast with Chris Weston where he discusses Foxes and Hedgehogs). Nevertheless, let’s see what they are predicting for this year…

So what’s in store for 2017?

  1. The digital battlefield is the new cold (or hot?) war
    • Enhanced NATO policy on collective defence (article 5 – if one nation is attacked, then will work together) could lead to military responses to cyber attack
    • The potential and consequences of misattribution could lead to destabilization of the policy.
    • Essentially, cyber warfare could have physical impacts. [Worrying]
  2. Millennials in the machine
    • The digital generation know how to mix business and pleasure – millennials bring an understanding of the digital realm into the workplace.
    • Millennials are used to over-sharing information. [So they are also used to the consequences.]
    • The potential for accidental data leakage has risen (e.g. take a picture of a whiteboard at work and it’s automatically uploaded to iCloud)
    • [I’m calling BS on this one – if indeed there is any difference in the ways that each generation uses tech – which I doubt – then it’s more likely that there is a bigger issue with Generation X and Baby Boomers not being as cyber-savvy as millennials.]
  3. Compliance and Data protection convergence
    • EU GDPR is around the corner and will come into place in May 2018
    • Businesses will redefine their organisational processes to accommodate new controls
    • The onset of new data protection controls will incur costs for businesses and that impact will be most felt by large enterprises that have not yet begun to prepare:
      • Companies need to appoint a Data Protection Officer
      • Fines can be 4% of global annual turnover…
      • Will apply on top of DPA (enforced by Data Protection Office)
  4. Rise of the corporate-incentivised insider threat
    • Corporate abuse of PII will increase; business goals will drive poor decisions resulting in bad behavior
      • Corporate-incentivized insider abuse of customer PII – is it just too tempting?
    • Regulations will further restrict corporate and personal access to digital information
  5. Technology convergence and security consolidation 4.0
    • Mergers and acquisitions change the security vendor space
    • Cybersecurity corporations are buying up smaller vendors
    • Vendors that are not consumed or do not receive venture capital funding will exit the market
    • Products will stagnate/orphans as a result of mergers and acquisitions
    • Adjustments in employee base will benefit the cyber security skills shortage
    • [Whilst I can see the convergence taking place in the security sector, I have to take this prediction with a massive pinch of salt, bearing in mind its source!]
  6. The cloud as an expanding attack vector
    • Cloud infrastructure provides an ever-expanding attack vector with possibilities for hacking the hypervisor
      • [I’d suggest this is more of an issue for so-called “private clouds” as the major players – Amazon, Microsoft, Google cannot afford a breach and are investing heavily in security – Microsoft spends over $1bn annually on security-related R&D and acquisitions]
    • Organisations will combine on premises and cloud infrastructure – a hybrid approach
      • [Yes, but this is for much broader reasons than security]
    • DOS of cloud providers will increase so ask what anti-DDoS protection they have and check that you have the right to audit…
      • [Isn’t that just due diligence?]
  7. Voice-first platforms and command sharing
    • Voice-first AI and command sharing bring a new level of convergence
    • Voice activated AI will radically change our interactions with technology
    • AI will be able to distinguish between individuals and their patterns of behaviour
      • For example it will know when you’re at home, tech in house, when to burgle you!
    • AI will influence our normal or default settings
    • The number of voice-activated apps will rise significantly in 2017 – and so will attacks
      • [I already mute Alexa in my home office when I’m working – do you really want your conversations being overheard and used for analysis?]
  8. AI and the rise of autonomous machine hacking
    • The rise of the criminal machines
    • Automated hacking machines vs. AI cyber defence machines
    • Widespread weaponisation of autonomous hacking machines will occur in 2017
    • State actors could use such systems to overwhelm rival national cyber defences
  9. Ransomware escalation
    • Ransomware is here to stay
    • Data will be held to ransom, and traded
    • Ransomware will morph to gain data exfiltration capabilities
      • Taken to another network and sold to others… pay multiple times…
  10. Abandonware vulnerability
    • Legacy tools leave holes in your defences
      • [This is not new. We call it technical debt!]
    • End-of-life abandoned software will lead to data breaches
      • Lapsed domains are bought up and used to inject code into software that phones home for updates
      • Systems are not patched
    • Businesses will start to consider the perils of abandonware
      • [And some will continue to ignore it, at their peril!]

In conclusion

Security challenges arise from the convergence of the digital and physical worlds and treating each world as insulated is an obsolete view.

The full report is available from the Forcepoint website.

A month without social media. Well, sort of…

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Ben Seymour (@bseymour) made a very pertinent point in a recent Milton Keynes Geek Night talk when he said:

“At no point did I find myself wishing I’d spent more time on Twitter”

So, when one of my friends said he would give up social media for January, I thought it would be worth a try too. After all, if a brand and marketing communications Consultant can do without #socmed, then so can I!

Actually, I made some exceptions:

  • Twitter is work. It’s how I keep up to date – and how I build my personal brand (if that doesn’t sound too pretentious). Having said that I’ve been too busy for most of January to tweet much.
  • Ditto for my blog.

I turned off notifications for LinkedIn, Facebook, Facebook Messenger and some more. And then I realised how many channels I have – for example WhatsApp is one of the methods my son uses to contact me. That’ll be another exception then. Then there’s Strava. Hmm… well, I guess it’s not so much social media as where I track my activity…

The main one to drop was Facebook. So, how did that go? Really, I haven’t missed it at all. Sure, I was probably the last person in our town to know that a McDonalds is being proposed for the BP garage 2 miles up the road (which apparently has divided opinion…) but is that really so important in the great scheme of things? I did miss some contact on Messenger – but anyone who knows me well also has my mobile number…

And the biggest observation from my month of social media abstinence? Well, I watched a few series on Amazon Video (two seasons of The Man in the High Castle and Mr Robot). As my wife noted, it seems my digital addiction just switched channels…

Redirecting from one website to another

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

After almost 15 years working freelance, my wife is in the process of winding up her business, in preparation to start a new job in a few weeks’ time.

Unsurprisingly, that means a few IT requests for the (unpaid) IT Manager… one of which is to redirect the former company website to her LinkedIn profile.

There are a few ways to redirect websites – an HTML meta tag is often used – but with the variety of web browsers out there I wasn’t sure how current that technique is. Some would argue it’s better to sort out the re-write server-side but I don’t have that ability on this hosting platform.

Then I found a really useful thread on Stack Overflow – including this code snippet with HTML, JavaScript and fallback links:







Page Redirection



If you are not redirected automatically, follow this link to example.

That's in place now and working nicely.

Playing around with Azure Cognitive Services

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve been spending quite a bit of time recently getting more familiar with some of the advanced workloads in Microsoft Azure. After all, infrastructure as a service is commodity, so I’m looking at services that can be used to drive real value for my customers (more on that in another post…).

Yesterday, was our team meeting – with all but one of the risual Architects getting together, including some coaching from Microsoft around data and intelligence services. I was particularly taken with some of the demonstrations of Cognitive Services, so I set about getting some sample code to work for me…

Building the Intelligent Kiosk sample application

First up, I needed to install Visual Studio 2015 (Community Edition is fine) – it took a while, and needed admin credentials (so a visit to our support team) but eventually it installed on my PC.

Then, I downloaded the sample code for the “Intelligent Kiosk” from Github. F5 to build the solution told me that:

A project with an Output Type of Class Library cannot be started directly.

In order to debug this project, add an executable project to this solution which references the library project. Set the executable project as the startup project.

The Intelligent Kiosk sample code is a Universal Windows Platform (UWP) app, so I ignored that message, continued with the build, and tracked down the resulting IntelligentKioskSample.exe file. Trying to run that told me:

This application can only run in the context of an app container.

And StackOverflow told me that I need to sideload the app onto my PC, by creating a package to use locally.

Installing the Intelligent Kiosk sample application

The application package comes with a PowerShell script to install it (Add-AppDevPackage.ps1), but I found I needed to follow these steps:

  1. Enable developer mode in Windows 10 Settings
  2. Restart the PC
  3. Open a PowerShell session as an Administrator and run:

Show-WindowsDeveloperLicenseRegistration

Get-WindowsDeveloperLicense

Set-ExecutionPolicy unrestricted

.\Add-AppDevPackage.ps1

Now the app is ready and available via the Start Menu…

Running the Intelligent Kiosk sample application

  1. Get some API keys (for free) from the Microsoft Cognitive Services site.
  2. Run the Intelligent Kiosk app.
  3. Go to settings and paste in your API keys.
  4. Have some fun with the demos!
Demos in the Azure Cognitive Services Sample app
Intelligent Kiosk Demos
Azure Cognitive Services Emotion Detection
Emotion detection (web image)
Azure Cognitive Services Emotion Detection
Emotion detection (live image)
Azure Cognitive Services Face Detection
Face Detection
Azure Cognitive Services Mall Kiosk
Detect age and gender, recommend a product!

Further Reading

Restoring Adobe Lightroom from backup (on a Mac)

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

For well over a year now, my digital photography workflow has been in tatters. The Mac that I use for photo editing had some defective memory which corrupted the file system and the “genius” at the Apple Store reinstalled OS X. Data and application re-installation relies on me though, and it just hasn’t risen high enough on my list of priorities… until now.

So, I needed to:

  1. Re-install Adobe Lightroom (and the various other tools that I use).
  2. Restore my Lightroom catalog.
  3. Repoint Lightroom to the new location of my images (I’ve given up trying to maintain enough space locally and they all now sit on a Synology NAS, backed up to Microsoft Azure).

This post may be more for my benefit than for readers of the blog but you never know… someone might find parts of it useful.

Re-installing Lightroom

Re-installing Lightroom is reasonably straightforward and these are the steps I took:

  1. Install Lightroom 5 from physical media (My Mac has no DVD drive, so I needed to use a USB-attached DVD drive).
  2. Launch Lightroom from the finder.
  3. When prompted, enter the serial number (or elect to use it in trial mode). My copy of Lightroom 5 is an upgrade, so I was prompted for the previous serial number too (from Lightroom 3 in my case).
  4. Lightroom needs to create a catalog. Let it get on with it.
  5. Lightroom then detected that an upgrade was available (5.0-5.7) and it directed me to the Adobe website, from where I downloaded 5.7.1. Incidentally, I have a feeling that these updates are the full product, and I could probably have used this for the original installation. That may be one to try next time… [Update: that’s confirmed by Lightroom Queen.]

Restore the Lightroom Catalog

Nex up, restoring the catalog. Amongst the many excellent posts from the Lightroom Queen is one titled “How do I move Lightroom to a new computer”, which is kind of what I wanted to do, except in my case it’s “How do I move Lightoom from a backup of my computer to the currently-running version of my computer”.

Starting Lightroom had created two files in ~/Pictures/Lightroom called:

  • Lightroom 5 Catalog.lrcat
  • Lightroom 5 Catalog Previews.lrdata

I made some backup copies of these, then tracked down the last versions on my backup disk and copied them to the folder.

The Lightroom Catalog Previews file can be pretty large (mine was around 37GB), so this took some time…

Ideally, I would also have restored the following:

  • Preferences, from ~/Library/Preferences/com.adobe.Lightroom5.plist
  • Presets, from ~/Library/Application Support/Adobe/Lightroom/ (there are more details about these in Lightroom Queen’s Lightroom 5 Default Locations post).

Unfortunately, these were missing from my backup (I’d had some issues backing up the Library in single-user mode), though I did find the presets on another machine and may be able to restore them later…

Helping Lightroom to find my images

Whilst I was waiting for the Lightroom catalog to copy, I started preparing for when I open Lightroom using the new (old) catalog. In my original installation, my images were in ~/Pictures/Digital Camera Photos but now the images are on my NAS. So, I created an alias for the folder on the NAS and moved that to ~/Pictures, hoping that this would look to Lightroom as though my images are in the same location…

Unfortunately, although Lightroom was able to follow this alias (symlink), it was smart enough to work out that the folders within it were at a different location – and not on Macintosh HD. Thankfully it wasn’t too big a task to select each orphaned folder in Lightroom (displaying a ? over the folder name), right click and select Find Missing Folder. Once the catalog was re-connected with the images, the ! on each preview went away and I could view the full-resolution image. More details can be found in the Lightroom Queen article I referenced earlier.

Wrap-Up

So, Lightroom is re-installed and my photos are back where I need them. Now all I need to do is sort out my workflow… and there’s the small matter of picking the best images from the 50000-odd that I’ve taken since I started using a digital camera so I can print some albums. Because, sometimes, analogue media is good.

Preventing dnsmasq from running as a daemon (service) on a Raspberry Pi

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Some time ago, I wrote a post about running a Raspberry Pi as a home infrastructure server (DNS, DHCP, TFTP, etc.). Now my Synology NAS is doing that for me (well, the DNS and DHCP at least – TFTP is less critical as my Cisco 7940 IP Phone just sits there taking up desk space most of the time) so I don’t need the Pi to provide those services.

Unfortunately, when I migrated DNS and DHCP a few months ago, I just stopped the service with sudo service dnsmasq stop so, after a power outage last week, when the Pi came back up, so did dnsmasq – and having two DNS/DHCP servers on the network produced some strange results (as might be expected…).

So, to do the job properly, I ran sudo nano /etc/default/dnsmasq and changed the ENABLED=1 line to ENABLED=0. That should prevent dnsmasq from running as a service but leaves the configuration intact if I ever need to bring it back online.

A quick sudo reboot and sudo service dnsmasq status is all that’s needed to check that dnsmasq stays disabled.

dnsmasq, not running

Making the Airfix A20005 Engineer Jet Engine Educational Construction Kit work

This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Airfix manufacture educational construction kits for both combustion and jet engines. The combustion engine is set A42509 and the jet engine is set A20005. My son was very keen to receive a jet engine for Christmas and he very quickly set to work building it.

I can’t recommend the kit because the instructions are poor (the black and white images don’t exactly help) but we got it working – sort of – in that it would whir and puff but the fans wouldn’t turn.

My son didn’t seem to mind, but it annoyed me that his new toy didn’t work. So, this afternoon, I set to work with my favourite search engine and found some really useful advice. Firstly, making sure the compressor turned freely (thanks to Phil Parker):

“By taking the red cone off the back and shoving the spindle back and forth once everything is in place you can put enough lash in to get really free turning.”

After following Phil’s advice I could blow on the blades and turn the compressor but it didn’t work under its own power. So, I found some more advice on the Unofficial Airfix Modellers Forum:

“[…] clean up the parts where you’ve removed them from the sprues […]”

My son set to work with a knife to remove a couple of bits of plastic on the main fans that were snagging. After this, we were able to run the engine with a “twist start” and after it had run for a while and loosened up some more, we were able to start it using the controls in the kit.

Looking at the reviews on Amazon, there are a lot of people struggling with this kit (we wouldn’t have bought it if my son hadn’t been so keen) but hopefully, this post will come up in someone’s searches and help them out…