May 2, 2016

Hacking my Earthwise lawn mower battery

I bought an Earthwise 24-volt lawn mower last year to keep my lawn in check. It worked pretty good, but the battery didn't last the summer. It just stopped charging. I of course got lazy and didn't contact Earthwise to get a replacement. When I pulled it out of the garage this year and noticed that I couldn't mow longer than ten minutes I remembered... Oh yeah, I was going to call them about this...

Well, the one year warranty expired so that left me with one choice... buy a new battery. I decided to look online for replacements and found one at Home Depot for almost $150!

 

$150 is a little more than I was willing to spend, so I started looking around and I found a blog post talking about how the internal components of the battery are just two basic universal batteries!

It turns out the post was right. You can open up the battery housing by unscrewing the screws around the under ledge of the housing.


When you pull off the top you have two super cheap generic 20 Ah Chinese batteries.


For replacements, the post recommends two Universal Power Group UB12220 22 Ah batteries which fit perfectly in the battery housing. On top of that they are only $40 each with free shipping! You just have to make sure you hook up the wiring the same way that the old batteries were hooked up.


 
After putting it back together, I found that it was already fully charged and my mower started working like a champ again!

So there you go, pay Home Depot $150, or hack your battery yourself and only pay $80. What would you choose?

Apr 28, 2016

How to monitor MySQL in Zenoss

Years ago I discovered Zenoss Core and it has been my favorite monitoring system ever since. I've used lots of monitoring tools from Cacti to Nagios, from Manage Engine OpManager to Solar Winds and Zenoss has been the easiest to work with in my opinion.

Well the other day a coworker of mine asked if I could monitor a MySQL database server we had running on an Ubuntu Linux virtual machine. I found a ZenPack for MySQL, but I had a little trouble getting it to work at first. I finally did it though, and I'll tell you what I did.

  • I installed the MySQL Database Monitor Zenpack on my Zenoss server.
  • On the MySQL server I created a new MySQL user called zenoss by running the following:

  • In the configuration properties of the MySQL server you want to monitor modify the zMySQLConnectionString information with zenoss for the username, the password you created above and 3306 for the port number.
  •  In the Modular Plugins area for the MySQL server, add the MySQLCollector module and click save.
  

  • Now re-model your server and you should now see MySQL Servers and MySQL Databases under the components section.

Now you are done! It does take a while before you start to see graph information to appear, but it seems to work rather well.

One thing to note, in order for this to work, you have to configure your MySQL server to listen on port 3306. If you have an inclusive LAMP server that is only listening on 127.0.0.1 it won't work.

One thing that confused me at first was a note on the ZenPack page saying that the zMySQLConnectionString doesn't work right in Zenoss 4.1 so you have to set it up with a JSON list. For one, I don't know how to do that, and two it seemed to work fine for me on Zenoss 4.2.4.

All in all, this plugin seems to do the trick! How do you monitor your MySQL servers? What monitoring tools do you use? Let us know in the comments!

Apr 22, 2016

Smart Home Technology for the Savvy Homeowner

Tech gadgets are sometimes the most handy when found in the home. They help you save time, prioritize items on your daily to-do list and even save money. But what tech gadgets are the latest and greatest in a world in which technology constantly makes itself obsolete? Here are some slick gadgets and home appliances that will make your life easier.

1) Smart Home Consoles

No longer the stuff of science fiction and the Jetsons, the smart home is real. Smart home consoles, such as the Amazon Echo, Ivee and Cubic, are voice-controlled smart home devices that let you control everything in your house that is smart home enabled. This includes lights, TV, stereo and your other online devices.

Many consoles act as alarm systems with a motion sensor that will alert you if it is activated. Not only can you control your home with a smart home console, but you can also look up information with nothing more than a question directed at your console.

Amazon Echo and the Apple HomeKit are the front-runners in this industry, but other competitors are becoming available.

2) Home Appliances

Technology doesn't just let you control your home with your voice — it has also changed the way you go about your homeowner tasks. For instance, did you know there's now a WiFi-enabled coffee pot? Just load it up with your favorite blend before you tuck in for the night, then in the morning grab your mobile device and start your morning Joe before you even get out of bed. You can even program it to communicate with your wearable to determine how strong that cup should be based on your sleep — or lack thereof.

If you think that's fancy, you'll also be surprised that washing machines have gotten a technological makeover. No, this gadget isn't WiFi enabled — not yet anyway — but Smart Motion technology has given a new dimension in your fight against stains. Smart Motion technology moves the clothes in a way that simulates a hand-washed item. The motion also provides full submersion of clothing at all times, while alternating directions to give all articles of clothing a good scrubbing.

An energy-efficient dishwasher is also a great investment for your home. Dishwashers have become not only more efficient but also quieter. Next time you throw a dinner party, you don't have wait to load the dishes, as many high end washers are as quiet as 44 decibels.

Of course, now that you have come to rely on all these top-of-the-line home tech gadgets, make sure to protect your appliances with a home warranty.

3) Solar Hybrid Automower

Yes, you read that correctly. Similarly to robot vacuum cleaners, an automower is like a Roomba for grass. And the Husqvarna Automower has a solar panel that can power the mower completely in the right light conditions for a yard up to .35 acres. If the mower doesn't finish the yard in one charge, it will visit the charging bay to recharge and then finish the job.

One drawback of this mower is that it doesn't have a rain or humidity sensor, so it will continue operations even in poor conditions such as rain or snow.

While this robot mower is relatively new on the market, it still has a high price point, but look for similar products in the years to come.

Apr 15, 2016

My company has finally moved away from tape backups!

I never thought I'd see the day when I'd work for a company that DIDN'T use tape backups. I mean, as far as storage goes tapes are pretty cheap. Well, a few years ago I developed a fairly cheap SAN storage solution that I call a Bauer-Power SAN using SuperMicro hardware, Ubuntu and SCST. It works great! It works so great in fact that the storage we use for virtualization for my company's home office, our QA environment and our DR environment all use Bauer-Power SANs for storage.

Enough about that though, so how did we move away from tape? Well, a few years ago I discovered CrashPlan, and started using it with two 20TB Bauer-Power SANs. We would back things up to disk with CrashPlan, then back those archives up to tape once a week. It worked pretty good, but tapes are super slow.

Last year my CTO said he wanted to move away from tapes, so I came up with the plan to send one of the 20TB Bauer-Power SANs to our DR site in another state, and setup CrashPlan out there. Now all of our Production servers backup directly to our DR site, and since it is in another state, it is already securely offsite should something happen to our primary data center.

We also backup to our local CrashPlan server for faster recovery. CrashPlan lets you backup to multiple locations simultaneously.

CrashPlan is probably the most reliable backup solution I've ever used. I've used Backup Exec, Yosemite, Microsoft DPM and Arcserve Brightstore. All of them have had issues, but I never have those issues with CrashPlan.

Do you use disk only backups? What software do you use for that? Let us know in the comments!

Mar 14, 2016

5 Encryption Methods That Will Change the Face of Business in 2016

As a result of the San Bernardino County shootings, a Federal judge has ordered Apple to unlock one of the shooter’s iPhones. Apple has denied the request, citing customer privacy violations if it overrode its encryption process.

A four-digit lock has more than 5,000 permutations and six digits jumps to 150,000 possibilities. Encryption methodology is fast evolving and the smart business owner will need to stay aware of the changes.

Secure Sockets Layer

The Secure Sockets Layer (SSL) is the most common method of encryption because it works so well. This is used to transfer data from one place to another without fear of a person intercepting and reading the information. It requires the creation of a public and private certificate at the sender and receiver end of the communication. At the time of the connection, called the SSL handshake, a one-time session key is created. Without all of these keys, the SSL link cannot be made. This powerful encryption method is what is used by cloud solutions provider Mozy to make certain that customer information stays safe. Because of this high level of safety, encryption has opened up a world of cloud-based computing and globally located staff at many companies around the world.

Chaotic Encryption

This security technique takes advantage of modern chaos theory, which is a mathematical process of making predictions out of bounded random events. Encryption using chaos starts by taking the text and overlaying it on an image. This image is cut into a predetermined amount of grids. Each of these mini-pieces is rearranged randomly using a math key. When transmitted, these pieces have billions of combinations without the key. Because of its high level of sophistication and mathematical knowledge, chaos cryptography is sought after by governmental agencies.

Advanced Encryption Standard

Like SSL, Advanced Encryption Standard (AES) is symmetric, meaning that there is a key at the sending side and the receiving end. AES is a specific algorithm set that uses the key as a base of the mathematical equation. The key length can be 128, 192 or 256 bits long, giving billions of permutations.

This is the technology that you see in ATMs. Since banking machines are fixed in one location and do not require multiple servers, the codes can be stored without fear of detection. A person would need to cut into the ATM or dig up the shielded wiring in order to tap into this information.

Data Encryption Standard

Data Encryption Standard (DES) uses asynchronous algorithms, in which the sender and receiver have different keys. DES is used less often than the others because the math behind it somewhat caps the key length to 16. You would find DES in computer systems that do not require a lot of security.

Hardware Based

In 2015, the three largest credit organizations (Europay, MasterCard and Visa) changed their credit card technology, adding a chip to each card. Where we see consumer safety, the cybersecurity professional sees hardware driven encryption. In each of the cards is a chip with a unique set of instructions. Whenever you use the card, a one-time transaction code is generated. This way every transaction is unique. Even if a thief was able to copy the information from the purchase, the key would not work a second time. The EMV chip is being hyped as the cyber security breakthrough that will make mobile shopping safe.

Mar 10, 2016

Incapsula had a major worldwide outage last night

Do you use Imperva's Incapsula service for CDN and cloud load balancing? Well we certainly do at my day job, and they really screwed the pooch big time last night! I got woken up around 3:00am MST to the lovely sound of my phone ringing because my alert service was calling to let me know that ALL of my company's sites were down, and they were down for about 30 minutes!

According to Incapsula's status page, here is their explanation:
A rare edge case triggered an error on the Incapsula service and caused a system wide ripple effect making sites inaccessible. The issue was identified immediately and corrective actions were taken to restore service levels. 
Besides this issue, there is another issue I am dealing with in regards to the way Incapsula handles SSL certificates for legacy clients. By legacy clients, I mean clients that still use IE6 or some other application that doesn't support SNI. For clients that support SNI, Incapsula hands them our SSL certificate, and if the client doesn't support SNI then Incapsula hands them their  SSL certificate. Why? Who knows?!

You might be thinking to yourself, why would that matter? Well, it matters if you have clients that use Java based applications that don't support SNI, and are configured to manually trust SSL certificates instead of trusting the certificate authority. It would be less of an issue if Incapsula's SSL certificates lasted a year or so, but they renew themselves every two months! It's a nightmare!

Needless to say, we are pretty frustrated with Incapsula at the moment. If you are thinking about using them you might consider another CDN provider like Akamai or CloudFlare.

Do you use Incapsula? Were you impacted last night? Let us know in the comments.

Feb 16, 2016

Two Easy Things You Can Do To Protect Yourself From CryptoLocker

It finally happened, I saw my first case of a CryptoLocker variant on one of my users laptops. If you are not familiar with it, Wikipedia describes it as:
...a ransomware trojan which targeted computers running Microsoft Windows, believed to have first been posted to the Internet on 5 September 2013. CryptoLocker propagated via infected email attachments, and via an existing botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment (through either bitcoin or a pre-paid cash voucher) is made by a stated deadline, and threatened to delete the private key if the deadline passes. If the deadline is not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin.

Although CryptoLocker itself is readily removed, files remained encrypted in a way which researchers considered infeasible to break. Many said that the ransom should not be paid, but did not offer any way to recover files; others said that paying the ransom was the only way to recover files that had not been backed up. Some victims claimed that paying the ransom did not always lead to the files being decrypted.

The attacker's goal here is to have you pay a ransom to get your files back. It is estimated that 41% of people first hit by it paid the money to get their files back. That is ridiculous! The only thing you really need is a decent backup to get your files back.

Sure, you can use something like CrashPlan to backup your files to the cloud, but if you don't want to pay money for backups, and have a local NAS device or a USB drive you can use the built in File History tool to create backups of your files.  To turn it on:
  • Click Start, Click Search and search for File History


  • Click the button to turn it on.
What if you don't have a local storage device or network share to store your file changes to? No problem, just download and install Shadow Explorer! From their page:
ShadowExplorer allows you to browse the Shadow Copies created by the Windows Vista / 7 / 8 Volume Shadow Copy Service. It's especially [made] for users of the home editions, who don't have access to the shadow copies by default, but it's also useful for users of the other editions.
This is my preferred method as it acts just like the old Shadow Copy feature in previous version of windows and saves changes to files periodically so you can restore to previous versions. Plus it doesn't take up a lot of disk space. Not to mention that if you have laptop users that travel a lot, their local files can still be recovered.

With these two methods, you can recover files that were encrypted by RansomWare, and you won't have to pay those criminals one red cent!

Feb 15, 2016

Check your antivirus reports for false positives

The other night my email blew up because we use ClamWin on all of our servers. We do this because it has a decent detection rate, it can email out alerts, and it doesn't bog down the system with on-access scanning. We schedule it to scan once a week during off-peak hours.

Well the latest scans produced an epic ton of false positives. Pretty much any exe, or dll on the system was flagged as having been infected with Win.Trojan.Bancos-2115. I wasn't the only one that felt the impact of this. Apparently people who use Barracuda's felt it too because ClamAV is what Barracuda uses for virus detection engine.

Here's how my report log looked:


Well in my research over this false positive, I learned of a tool one can use to verify if the file is really infected or not. It's called VirusTotal!

From their page:
VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners. 

I selected a handful of the files reported and scanned them with VirusTotal and they all came out clean. Here is a report of another user from 2/11/2016 that apparently got hit with the Win.Trojan.Bancos-2115 false positive too. ClamWin was the only one that detected it. All other scanners reported that the file was clean:


I'm going to be using this tool quite a bit going forward I think!

Have you ever used VirusTotal? What do you like about it? Let us know in the comments!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | spam filter in the cloud