Jan 4, 2017

Trying a new backup software program at home

For years I have been using Crashplan for home backups, but I stopped using their cloud service for backups because if I forget to renew they delete all my backups in the cloud and I have to start over. I started just using their software to backup to a local NAS device I have with RAID5 enabled. I figure that was good enough for most things I needed.

Well, I noticed that on my laptop that I had configured to backup to the NAS (Using a technique I developed) stopped working. I'm not sure if Crashplan got wise to it or what, but it stopped backing my stuff up and said it couldn't connect to the backup location. I decided I needed to use something else.

I at first thought about using the built in Windows backup program, but the problem with that is that it doesn't use encryption or offer an option to password protect your backups. I'm backing up files from my Bitlocker Encrypted files to an un-encrypted NAS device. I don't want to compromise that encryption security by storing my files un-encrypted on the backup device. Makes sense right?

So I decided to try out a free third party backup program called AOMEI Backupper Standard!

Here are the features from their page:

  • Backup system and create a system image to keep Windows and applications safe.
  • Backup entire hard disk (HDD), SSD or specified partitions to create an image file.
  • Backup or sync your most important files and folders on a regular basis.
  • Set and forget with automatic backup, incremental/differential backups to save time and storage.
  • Clone a smaller HDD to a larger HDD for disk upgrade, or clone HDD to SSD for better performance.
  • Real-time file sync: monitor files for changes and synchronize new added, modified or deleted files from source to target path as soon as the change has occurred.
Besides what's listed, they also offer encryption and compression settings as well as the ability to email you when backups complete or fail so you can set it and forget it!

I will try this out for the next few weeks. If it continues to work well, I think I may have found my new backup solution!

Jan 1, 2017

ExtraTorrent under major DDoS attack

ExtraTorrent has been under massive DDoS attack for the last few days. It's still going on apparently. For the last few days users may have noticed their RSS feeds are no longer working because if it. Also if you try to browse to their site now, you are greeted with the following CloudFlare DDoS protection screen:


I've also noticed that periodically you will also see a 503 Service Unavailable error, or you will get an error page from CloudFlare saying they can't connect to the backend web servers.

This has obviously been happening since at least around Christmas time. TorrentFreak reported the following on December 27th:

The popular torrent site ExtraTorrent has suffered several major DDoS attacks over the past few days. The problems appear to be related to the site's recent ban of 'unofficial' proxy services. Meanwhile, The Pirate Bay is also down, but for now it's unclear what's causing the issues on their end. 
ExtraTorrent, one of the largest torrent sites on the Internet, just experienced one of the most turbulent weekends in its ten year history. 
While many people were celebrating Christmas, the site’s operators were busy keeping the site online, after it was pounded by DDoS attacks. 
“Extratorrent faced tons of cyberattacks over the last three days. Most of them were DDOS attacks. Cloudflare can’t help us because we get 40 to 50 million requests from the U.S. every hour!” ExtraTorrent’s SAM informed us. 
To counter the attacks the site temporarily limited several functions to save resources. The login functionality for users is disabled, for example, so there are no fresh torrents. In addition, the site’s operators have removed the added protection against unofficial mirror and proxy sites.

In the meantime, you can use alternative sites like LimeTorrents or Yify to get your movies and TV shows although none of them support RSS feeds. Hopefully ExtraTorrent can get this straightened out soon.

Dec 21, 2016

Getting Exchange or Office365 Calendar to Sync on your Google Pixel

Merry Christmas to me! I was due for a phone upgrade with Verizon so I opted for the new Google Pixel phone! I went with the 5" model because I hate giant "Zack Morris" phones. So far I like everything on the Pixel except how Google wants you to setup email.

If the only email you use is Gmail, then you have nothing to worry about. By default the only email client that comes with the Pixel is the Gmail client, and it works well for Gmail users.

However, if you are like me and millions of other users, you need Exchange or Office365 support for work email. The Gmail client will setup the email part for that fine, but it will not work with Exchange/Office365 calendar. WTF Google!?

No problem, Bauer-Power here! To make this work, you just need an easy to use third party email client. I found a free one that works great in the Google Play store called VMWare Boxer Email!

The cool thing about it, at least on the Pixel, is that it integrates with the Google Calendar client. VMWare Boxer has it's own built in calendar display though, so if you want to use Google's Calendar client you will want to disable calendar notifications in VMWare Boxer.

For you Evernote users, VMWare Boxer has integration for that as well!

Once I installed VMWare Boxer for email, everything else on the Pixel was pretty bad ass. My only gripe is their lack of Exchange support.

Do you have a Pixel? Do you like it? Dislike it? Let us know in the comments.

Dec 20, 2016

How To Handle NAT Reflection on a Sonicwall for a Cisco Expressway One NIC Configuration

Holy hell folks. I ran into an issue over the last few weeks that seemed way harder than it should have been in my opinion. The problem I ran into was a mix of a difference in terminology between Cisco and Sonicwall, and how they handle traffic going from an internal LAN to a WAN IP. For instance, for this setup Cisco said that I needed a NAT reflection policy on my firewall. Well, Sonicwall doesn't know what a NAT reflection policy is, because they call it a loopback policy.

Another thing I ran into is how Sonicwall handles loopback, it's not how Cisco wants it done. For instance, when you want an internal LAN server to talk to another server on it's public IP address, Sonicwall NAT's the connection outbound in order to communicate to the public IP of the server you want to connect to,

Ok, that being said, here is a really basic diagram of my setup. The IP addresses have been changed to protect the innocent. In this example, 1.1.1.1 is the public IP of my Expressway-E device that is NAT'd to it's internal LAN IP of 192.168.1.3. The Expressway-E is setup with a single NIC, with static NAT enabled.


In this configuration, Expressway-C (192.168.1.2) sends traffic to the public NAT IP of Expressway-E (1.1.1.1) so Cisco says you need a NAT reflection policy on your firewall. In an ASA firewall, you would configure that as follows:

object network obj-192.168.1.2
host 192.168.1.2

object network obj-192.168.1.3
host 192.168.1.3

object network obj-1.1.1.1
host 1.1.1.1

nat (inside,outside) source static obj-192.168.1.2 obj-192.168.1.2 destination static
obj-1.1.1.1 obj-1.1.1.1
Simple enough right? Not on Sonicwall. What I found, as I mentioned before, is that with the loopback policy, which Sonicwall documentation, and support says needs to be configured from "All firewalled subnets" usually, causes the outbound traffic of Expressway-C to be NAT'd to a public IP address in order to send traffic to the public NAT'd IP address of Expressway-E. Because of that nonsense, in order for traffic to flow the way you need it to, you actually have to assign a public NAT address for Expressway-C as well, and configure it for NAT, then use the internal and external IP of Expressway-C in a specific loopback policy with Expressway-E... Confused yet?

Let me see if I can break this down...

On the Sonicwall, assign a public IP address for Expressway-C, let's use 1.1.1.2 in this example. You will need to create a NAT rule to to point 1.1.1.2 to 192.168.1.2. Make sure it's reflexive so that the outbound traffic of 192.168.1.2 goes out as 1.1.1.2 as well. Your network should now look like this:



Now you need to create your loopback policy (NAT reflection) as follows:

  • Original Source: 192.168.1.2
  • Translated Source: 1.1.1.2
  • Original Destination: 1.1.1.1
  • Translated Destination: 192.168.1.3
  • Original Service: Any
  • Translated Service: Original
  • Inbound Interface: Any
  • Outbound Interface: Any
  • Comment: NAT reflection
Once we did that, the Expressway setup correctly, and our external MRA phones were able to register and make inbound and outbound calls. When I set this up my Cisco Engineer's mind was blown, but it was the only way we could get it to work.

One thing to note, even though you created a NAT address for Expressway-C, it's still not exposed to the public in your firewall rules (At least it shouldn't be, if it is you need to check your rules). This whole setup is just so Expressway-E knows who is talking to it, and can send the appropriate traffic back to Expressway-C.

If this is confusing to you, take comfort in the fact that it took me two weeks to figure this out, and Sonicwall support, and Cisco TAC was no help at all. I'm writing this in the hopes that it will help out some other poor Systems/Network Engineer that has to make a Cisco Expressway work with a Sonicwall in the future, because there is no documentation on this ANYWHERE!

Related articles

Dec 15, 2016

Holy crap Yahoo! Can't you get your security shit together?

Y from the Yahoo logo
Y from the Yahoo logo (Photo credit: Wikipedia)
It's happened yet again. It was only a few months ago when Yahoo revealed that around 500 million of their users had their accounts hacked back in 2014. This latest report double the last report of affected users at roughly 1 billion users! This attack, Yahoo says, dates back to 2013.

From RT:
Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013, making it the email company's largest data breach. 
The tech company said the information stolen by hackers may have included names, email addresses, phone numbers, birthdates and security questions and answers. 
The company said it believed bank account information and payment card data was not affected.

Wow Yahoo... Really?

This information is now being made available only because Verizon is looking to buy out the once formidable Internet giant. Verizon is offering a cool $4.8 billion.

With all of the news about Yahoo's crappy security, I think Verizon should lower their bid...

What do you think about this? Let us know in the comments.

Dec 10, 2016

Waste of time: Obama's "BS" review of alleged cyber attacks from Russia

Official photographic portrait of US President...
President Obama
(Photo credit: Wikipedia)
An interesting story popped up yesterday in several mainstream news publications that Obama is ordering a " deep dive" into alleged reports of Russian hackers affecting the US Elections. This comes on the heels of a similar report that some members of Congress are asking for the same thing. Namely RINO's like John McCain and Lindsey Graham.

From Politico:
President Barack Obama has ordered a "deep dive" into the cyberattacks that plagued this year's election, the White House said Friday. 
Obama has asked the intelligence community to deliver its final report before he leaves office. 
The review will put the spate of hacks — which officials have blamed on Russia — "in a greater context" by framing them against the "malicious cyber activity" that may have occurred around the edges of the 2008 and 2012 president elections, said White House principal deputy press secretary Eric Schultz at a briefing.
Another report from RT says that whatever findings they uncover won't even be made public!

From RT:
President Obama has ordered US spy agencies to prepare “a full review” of election-linked cyberattacks, but the public may never see it. The report should be ready before Obama vacates office and it is likely to be disclosed only to “a range of stakeholders.”
Great, so they are going to investigate, review logs and all that jazz, but won't let any of us regular folks know about it? How much do you want to bet that this is all theater and they won't really do anything? It's all a big front to blame the Democrat's loss this election on something other than the fact that the DNC picked the wrong pony to run in the race!

The interesting thing about all of this nonsense is that the idea of Russian hackers sort of started when Wikileaks began leaking the Democratic National Committee's (DNC) emails, however there was absolutely no evidence of that either!

From Trent Lapinski at Medium:
I’m the former CEO of a tech startup who lives in San Francisco, I have 15-years of experience in the tech industry, and I’ve spent the last year and half of my life working with some of the World’s best software engineers when it comes to developer operations, cloud orchestration, and data security. I also have a marketing background, and regularly research the psychology of persuasion, and propaganda. 
I’ve personally analyzed every leak from this election season, and I have seen zero evidence the Russians have anything to do with the leaks. Unless some form of evidence is provided, it is my professional opinion the leaks are the result of an insider given the extent and complexity of the data that was leaked. 
A government is attempting to manipulate and control this election, but it is not the Russians. It is the Obama administration. 
Two days before the Presidential debate, the US government officially accused Russia of hacking, and interfering in the U.S. election. However, much like the Bush administration when accusing Iraq of having Weapons of Mass Destruction (WMDs) — which did not exist, the Obama administration has provided zero evidence for these accusations. They are trying to use their authority to convince the American people that Russia has something to do with Wikileaks, and the Trump campaign with no evidence.
Another interesting thing to note, is that there is no actual evidence that the election was hacked at all. Everything is speculation, blame and an excuse from a party that thought they had the election in the bag, then lost big time!

From NYMag.com:
There is, as of now, no evidence that any voting systems were compromised on Election Day, merely speculation and theorizing. The speculation that Russia literally hacked into our voting system and added millions of fake ballots to swing the election is Hollywood fiction.
The funny thing about all of this is that there is evidence that our own government, particularly the Department of Homeland Security, did apparently try to hack into Georgia's state office firewall. This particular firewall was protecting the office that overseas elections in Georgia!

From Cyberscoop:
Georgia’s secretary of state has claimed the Department of Homeland Security tried to breach his office’s firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation. 
Brian Kemp issued a letter to Johnson on Thursday after the state’s third-party cybersecurity provider detected an IP address from the agency’s Southwest D.C. office trying to penetrate the state’s firewall. According to the letter, the attempt was unsuccessful.   
The attempt took place on Nov. 15, a few days after the presidential election. The office of the Georgia Secretary of State is responsible for overseeing the state’s elections.
Maybe instead of wasting more tax dollars on investigating alleged hacks from Russia that probably didn't happen, perhaps our government should take a look in the mirror, because the only evidence of attempted hacking from a government so far is not coming from Russia, it's coming from DHS!

Dec 9, 2016

How Customization Is Shaping Technology

Japanese mobile provider SoftBank has announced that it is releasing two customized Star Wars phones ahead of this December’s release of the new Star Wars spinoff, "Rogue One: A Star Wars Story." The Sharp-manufactured phones will come in a black Dark Side Edition and a white Light Side Edition. SoftBank’s Star Wars phones illustrate a trend towards customized products that is transforming technology in the smartphone industry as well as other industries. Here’s a look at a few of the ways customization is catching on.

Modular Smartphones

One way customization is influencing technology is the emergence of modular smartphones. The concept of a modular smartphone is that individual parts of the phone can be removed and switched to add functionality as needed without the need to purchase a new device. Google began working on a modular smartphone project in 2011 under the aegis of Project Ara, which envisioned a phone with customizable processors, batteries, displays and cameras.

Google abandoned the project this year, but other companies have continued to move forward with modular smartphones. This year saw the release of the LG G5, which allows modular components to be inserted by removing the phone’s chin and battery and plugging the battery into an accessory. Components introduced with the launch included modular audio enhancement and camera grip accessories.

Customized Computers

The concept of modular smartphones was inspired by customized computers, something PC enthusiasts have been building for decades. Hardcore computer users often assemble computers from scratch by piecing together motherboards, power supply units, cases, monitors, keyboards and other components. Gaming enthusiasts often customize their computers by upgrading their graphics cards for a better user experience.

While this may sound intimidating to the non-tech user, kits are available to help teach children how to assemble their own computers from component parts. For instance, Kano makes kits that anyone can use to build and code computers for around $150. For those who want customized computers without having to build them, providers such as Puget Systems will help you assemble a computer from parts you select, with specialized components such as high-quality fans to keep noise down to a minimum. Puget also makes specialized computers for heavy graphics users, video editors and 3-D designers, along with pre-built computers and base systems that users can tweak as desired.

3-D Printing

3-D printing is one of the most revolutionary technologies impacting customization. Whereas traditional manufacturing works from a physical mold, 3-D printing produces physical objects from a digital blueprint that can be used to create a mold, prototype or product. This allows for a greater range of design flexibility, since the digital model can take on any three-dimensional shape the designer can conceive. 3-D printing also can employ a greater range of materials than traditional manufacturing, with the same printer able to create objects from plastic, metal, ceramic, paper and even biomaterials.

3-D printing is being applied to a wide range of customized products, from personalized jewelry to customized smartphone cases. One industry that has already felt the impact of 3-D printing in a major way is the shoe industry, where top brands such as Nike and Adidas are offering customers the opportunity to go online to select from a variety of customized designs. In the future, as 3-D printers drop in price, shoe manufacturers expect that customers will be able to print their own customized shoes right at home. 3-D printing is also making a major impact on the healthcare industry, where the flexibility of digital design is providing patients with customized prosthetics, implants and even skin for burn victims.

Nov 18, 2016

Trying out yet another new Adsense Alternative

It's been a few years since I was kicked out of Google's Adsense program, and I'll be honest, I've never truly recovered. I used to write here on a daily basis, but because I don't get hardly any revenue anymore, I only write when I have something to say, or something I want to record for my own future reference.

I've tried various alleged Adsense Alternatives since I got kicked out of the program, and none have ever come close to providing the same kind of money that Adsense did. Well, now I'm trying out yet another one, and hopefully I can start making money again. It's called Adbuff.

I'm hoping this one is better than others that I've tried because they are way more strict in regards to the applicants they choose. In order for your site to even be considered it must meet these requirements:

  • English Sites Only
  • Over 2,000 Uniques /day
  • Traffic from US/Canada/UK/Australia
  • No free hosts (ie blogspot)
  • No streaming sites
  • No faucet sites
  • No download sites
When I submitted Bauer-Power, it took over a month to get approved! I'm glad it finally did! After getting approved I tried to submit two of our other sites, Mainwashed and BauervsWild, and both of those were immediately rejected because they either didn't have an Alexa score, or had a really low Alexa score. Picky picky! 

Still though, that's not a bad thing since they are offering only quality websites for advertisers, there is a chance that they can also charge a premium for the ad space, and therefore pay more to publishers... At least that's what I'm hoping for. I literally just put the ads on the page, and have no idea how well it will perform yet.

Wish me luck! If I can start making money again, you will start to see more articles again! If you are looking for an Adsense alternative too, click here to check them out! What do you have to lose?



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam