Sep 15, 2017

Long overdue post! mRemoteNG is back baby!

I have been an mRemote user for years. Even when the original project went tits up, and the new fork of mRemoteNG emerged, I've continued to use it.

A few years ago I wrote an article about switching over to Terminals because there was a bug in the version of mRemoteNG I was using that the developers weren't going to fix. Despite that, mRemoteNG was still my multi-terminal client of choice unless something went seriously wrong.

I've been using 1.72 Beta for what seems like forever. It would do weird things like freeze up my computer for 10 minutes if I had too many windows open. If that happened, I would switch to Terminals after my computer unfroze. I never made the full switch to Terminals though because of the amount of servers I have to manage. I just didn't want to take that time to manually re-create all the connections!

Well, on a whim this morning, I decided to check back with mRemoteNG and to my surprise they released a new stable version back in June! You can download their latest version here: (Download)

I just installed it, and re-imported my connections XML file. It will still be a few days before I know if all the old bugs have been worked out, and I can remove Terminals!

Do you use mRemoteNG? How do you like it? Let us know in the comments!

Sep 5, 2017

How To Solve Facebook Math: 6 ÷ 2 (1 + 2)

This is an older video I put out back when I was still doing Tech Chop. Lately, the Facebook math problems have been making their rounds again, so I thought I'd post it here. Check it out:



In the comment section on Youtube, there are a bunch of people still arguing with me over this, and the way I implemented the order of operations. In the video, I reference an article from PurpleMath that says the following:
When you have a bunch of operations of the same rank, you just operate from left to right. For instance, 15 ÷ 3 × 4 is not 15 ÷ (3 × 4) = 15 ÷ 12, but is rather (15 ÷ 3) × 4 = 5 × 4, because, going from left to right, you get to the division sign first.
So, as mentioned in the video, if you follow the order of operations when solving 6 ÷ 2 (1 + 2), we handle the stuff in parentheses first, which is 1+2 which equals 3.

That now leaves the problem as  6 ÷ 2 (3), which is the same as 6 ÷ 2 x 3. Because everything is the same rank now in the order of operations, we go back to what PurpleMath said, and we solve left to right. The first problem starting from the left is:

6 ÷ 2 = 3

Which leaves us with 3x3 which of course equals 9.

If you want to argue in the comments, fine, but please note that your argument is not with me. It's with PurpleMath and the order of operations.

===============================

EDIT: Okay, TotalMedia in the comments pointed out that PurpleMath actually explains why 9 is not the correct answer on page two. They say:

This next example displays an issue that almost never arises but, when it does, there seems to be no end to the arguing. 
Simplify 16 ÷ 2[8 – 3(4 – 2)] + 1.
16 ÷ 2[8 – 3(4 – 2)] + 1
    = 16 ÷ 2[8 – 3(2)] + 1
    = 16 ÷ 2[8 – 6] + 1
    = 16 ÷ 2[2] + 1   (**)
    = 16 ÷ 4 + 1
    = 4 + 1 

    =
The confusing part in the above calculation is how "16 divided by 2[2] + 1" (in the line marked with the double-star) becomes "16 divided by 4 + 1", instead of "8 times by 2 + 1". That's because, even though multiplication and division are at the same level (so the left-to-right rule should apply), parentheses outrank division, so the first 2 goes with the [2], rather than with the "16 divided by". That is, multiplication that is indicated by placement against parentheses (or brackets, etc) is "stronger" than "regular" multiplication. 

So, because of how 6 ÷ 2 (1 + 2) is written, with the multiplication not clearly defined like 6 ÷ 2 x (1 + 2), then according to the example above we need to simplify what's in parenthesis first which makes the problem  6 ÷ 2 (3), and since 2 is next to the parenthesis, then it is in essence a multiplication problem that is a part of the parenthesis and must be solved first, and the left-right rule doesn't apply because parenthesis is higher up in the order of operations.

That means that we have to multiply 2(3) which equals 6, and now the problem is 6÷6 which equals 1!

Son of a bitch! That is a tricky problem!

Sep 1, 2017

System error 67 has occurred. The network name cannot be found. --- DUH!

Oh man, I write this blog post feeling absolutely foolish and humble. Please be gentle on me in the comments...

The other day I needed to map a network drive for a number of users, so naturally I added a net use command to their login scripts. Simple right? Well, for some reason their drives just wouldn't map, and they were getting the following message if they manually ran the script:
System error 67 has occurred.
The network name cannot be found. 

For the life of me, I couldn't figure out what it was. I could manually map the drive fine through Explorer, but using the net use command at the command prompt didn't work at all.

After Googling, and searching, and sifting through bullshit forum posts about needing to enable WINS (This is not true), I finally got to playing around and figured out what my dumb ass did wrong...

I added an extra "\" at the end of the UNC path...

Instead of

net use j: \\servername\fileshare\

It needed to be

net use j: \\servername\fileshare

Once I removed the extra "\" it worked just fine!


It's weird, but after being in IT for over 12 years, I still sometimes mess up the simple stuff. Nobody is perfect I guess. Still though, if you are here, I'm assuming you probably ran into the same thing. Hopefully this helps you out and we can all start a support group in the comments!

Aug 31, 2017

HACK: How to downgrade Windows 2016 Datacenter to Standard

At my day job, we are getting ready to open a new office. It's going to be a relatively small office, but we still wanted to have a local domain controller on hand for authentication, DNS, DHCP, etc.

We decided that this would be a physical host, and since we weren't going to run any virtual servers in that office, we decided to go with Windows 2016 Standard edition to save on licensing costs. Well, despite that being the plan, when my Systems Administrator installed Windows, he accidentally opted for Windows 2016 Datacenter edition!

The problem with this is that you can easily upgrade Windows Standard to Datacenter using DISM from the command line. Downgrading from Datacenter to Standard is not officially supported though...

That being said, it can certainly be done. Since this isn't officially supported, I recommend making sure you have a good backup just in case, because you do this at your own risk!

Here's what you need to do:

  • Open the registry editor on the machine you want to downgrade
  • Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • Edit the EditionID key to say ServerStandard
  • Edit the ProductName key to say Windows Server 2012 R2 Standard
  • Close out of the registry editor
  • Run the Windows 2016 Installer from the install disk, thumb drive or a local folder
  • When prompted, enter your Windows 2016 key and follow the prompts to "upgrade" Windows

After your computer reboots one or more times, it will now be running Windows 2016 Standard!


If you are not fully understanding what is happening, you are tricking the installer into thinking it is doing an in-place upgrade of Windows 2012 R2 Standard to Windows 2016 Standard by editing the registry. Simple, yet effective right?

Needless to say, it worked like a charm for us, and saved my Systems Administrator from having to start all over.

Did this work for you? Let us know in the comments!

Aug 30, 2017

Simple Free Open Source Alternative to DFS

I am in the process of testing out VM's in Microsoft Azure. So far it's pretty bad ass, and there is so much you can do with it. It's truly remarkable, at least, that's my impression thus far.

One thing I want to do is setup file replication between servers so I can have a geographic active/active setup with front-end web servers. Now, Azure does have a cool feature called Read-Access Geo Redundant Storage that replicates your data at the block level to another region, and leaves that copy in a read only state. I have yet to find an option to have read-write in all regions though (If you know how to do it, let me know in the comments).

Anyway, I thought a good solution might be DFS (Microsoft's Distributed File System) which automatically syncs files to different servers. The problem with this is that it requires domain controllers and Active Directory, and I don't want to deploy domain controllers in Azure.

No problem, because I found what looks to be a simple and most importantly, free open source alternative to DFS! It's called FreeFileSync!

Check out their video:



As you can see, you can do a lot with it. I setup the folders I wanted to sync, set an interval to check for changes, and saved the settings to a .ffs_batch file. I then setup a scheduled task to kick off their RealTimeSync tool when the server reboots to run the following:

"C:\Program Files\FreeFileSync\RealTimeSync.exe" "D:\SyncFiles\FileSync.ffs_batch"

During testing, I have created files in all the directories I want to sync. I've updated them in one, and noticed the changes in the other. I've deleted files, and seen them delete on the other servers. It works great!

One thing I noticed, is that this needs to run on one single host for it to work right. If you need it to keep working if that host goes down, I'd recommend setting up the scheduled task on all nodes, and just leave them disabled unless the primary goes down for some reason.

Also note, that it isn't instant. If you make a change in one folder, it does take a few seconds to sync to the other folder.

Anyway, it was super simple to setup and it just works. It also works on Linux and iOS as well!

What do you use to sync files between servers? Let us know in the comments!

Aug 29, 2017

Option to join a local domain missing in Windows 10 version 1703

As I mentioned yesterday, I finally got around to upgrading my laptop to the latest Creators Update 1703 for Windows 10. Sometime after the update, and fixing my VPN issue I stepped away from my desk and when I came back to unlock my laptop I received a message saying that my laptop had lost it's trust relationship with the domain.

To be honest, I'm not sure if was due to the upgrade or if my desktop guy or Systems Administrator screwed up, but when I looked in my Active Directory my laptop object was gone!

I figured, no big deal. I'll just disjoin if from the domain, reboot, login as Administrator and re-join it. Well, that didn't work as expected, because when I went to join it back to the domain, the option to join a local domain was GONE!



If all you see is above, your only option is to join to a hosted Azure account really. WTF is that all about?

Anyway, to fix this I had to create a couple of DWORD registry entries in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

  • DNSNameResolutionRequired = 0
  • DomainCompatibilityMode = 1
After I added those and rebooted, I had the option to join to a local domain again!


Did you have a similar issue? Let us know in the comments!

Aug 28, 2017

L2TP VPN Not Working After Upgrading Windows 10 to 1703

I know it's been out for a little while now, but this morning I finally decided to upgrade my Windows 10 laptop with Creators Update version 1703. Everything went smooth, but there was one issue that I noticed immediately after the upgrade! I could no longer connect to any L2TP VPN connections!

The good news is that it was relatively easy to fix. The first thing I tried was I went into Device Manager > Network Adapters and I uninstalled all of the WAN Miniport adapters by right clicking on each one and selecting Uninstall.

After uninstalling them, I right-clicked on Network Adapters and selected Scan for Hardware Changes to re-install them.

I tried connecting to my L2TP VPN after that, but received the following error:
The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.


Luckily, this is an error I've seen before and just requires a simple registry entry to allow UDP Encapsulation for L2TP when you are behind a NAT firewall. You can set that registry entry by doing the following:
  • Right-click on the Start icon and select Run
  • Type regedit and click OK
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  • In the right pane, right click and select New > DWORD (32-bit value)
  • Name it AssumeUDPEncapsulationContextOnSendRule and set the value to 2
  • Reboot
After doing this, I was able to connect to my L2TP VPN server just fine!

I hope this helps you! If not, let us know what you had to do differently in the comments!

Aug 7, 2017

How to turn off Android's WiFi Assistant/Google's VPN

You might be asking yourself, why would you want to do this. I mean there are countless technology blogs out there sucking on Google's teat claiming this feature is the best thing since sliced bread!

If you are unfamiliar with WiFi Assistant, the idea is that it will automatically connect you to known un-secure public WiFi networks when you are in range, which will lower your cell phone data usage. At the same time, all of your traffic is routed through Google's private VPN network so your internet browsing is secure. How cool is that?

Well, if you look back in time to Snowden's PRISM leak, you might recall that Google is not to be trusted. With this feature, pretty much anytime you are near a public network, Google will now proxy your data through their network and can now snoop on all of your traffic!

I began getting suspicious when I was browsing to sites like Start Page from my Google Pixel, and the HTTPS icon in the browser was turned red. When I inspected the certificate, it was coming up as a Google issued certificate, but it didn't match the site I was going to. That seems to be working the same way a Fortigate firewall handles DLP, by acting as a man-in-the-middle and presenting it's own SSL certificate so it can decrypt the traffic, inspect it, and send it back on it's way.

That tells me, that Google is not really protecting your traffic, they are snooping on it. If the deal the NSA/CIA had with Google for PRISM are still active, then by proxy the NSA/CIA are probably snooping on your encrypted traffic as well.

To turn this feature off on your phone, at least on the Google Pixel do the following:

  • Go to Settings > Google > Networking
  • Disable WiFi Assistant

Maybe I'm just paranoid, but I really think you would be better off just not connecting to random open hotspots, and if you do, make sure the sites you visit are using SSL/TLS correctly. If you are browsing to a site that has a good implementation of SSL/TLS, then you don't need Google's bullshit CIA/NSA front VPN to make sure that traffic is secure.

You can check how well a site has TLS implemented by using SSL Labs.

If you are still worried about surfing anonymously on your phone using public WiFi, then you should probably use a VPN service like Torrent Privacy or even use Orbot (Tor for Android). Whatever you do, just don't trust Google...

What do you think about this? Let us know in the comments!

Jul 11, 2017

Did the cryptocoin bubble burst?

I mentioned a little while back that you can still get into cryptocoin/cryptocurrency mining by using MinerGate, and mining alternative coins. The question now is, should you hold off on mining for a while?

Back when I wrote that, Bitcoin and Ethereum, two of the biggest cryptocoins available were at all time highs! People who got in at the ground level, and left their money in saw incredible returns and probably ended up as millionaires! It now looks like that bubble might be bursting.

I'm no expert of course, but looking at these charts from Coinbase, certainly doesn't look good to me!

This is Bitcoin's loss since last month:


This is Ethereum's loss since last month:




Litecoin has gone up a little since last month:


However, Litecoin has dropped since last week:



Again, I'm no expert, but it seems that if you haven't already been on the cryptocoin boom boat, chances are you've missed it. If you are looking to get into cryptocoin investing, you may want to wait until after the market bottoms out first, and buy when it's really cheap.

What do you think about this? Are you a financial expert? Do you agree? Do you think that these numbers are nothing to be concerned about? Let us know in the comments.

Jul 9, 2017

Goodbye Photobucket! Hello Imgur!

Some of you may not have realized it. I mean, I just learned of it myself a few days ago, but if you host any of your images on the legendary image hosting site, Photobucket, chances are your web pages are all messed up right now! That is because Photobucket is no longer allowing free accounts to embed images on third party websites!

From The Register:
Photobucket is cracking down on people embedding on third-party websites images it hosts, until now, for free. 
The photo-slinging internet elder now says that anyone who wants to use its service to display photos it hosts on other pages – such as signature banners in forum posts – will now need to open up their wallets and plop down $399.99 a year for a subscription plan. 
The new policy will be particularly annoying to longtime users who have relied on Photobucket's 14-year-old service to host the images they use to place images on forums or in blog posts. 
Cheaper plans, including the free account option, will no longer have an option to allow third-party hosting.

If you have visited Bauer-Power, or my other blog Bauer vs Wild in the past view days, you have seen this annoying image plastered all over the place!



Of course the image above doesn't tell you that in order to get third party image hosting working again, you need to fork over $400! That is completely ridiculous, especially for private bloggers like me. I don't even make $400 a year with this little hobby. There is no way I'm going to pay that just to host images.

If they had said they wanted $20 per year, I might have considered it, but $400? They can shove their service up their ass! I'm not going to pay that!

I've decided to move the small amount of pictures I was hotlinking from Photobucket over to Imgur. Now my site doesn't look like complete shit! If you are looking for an alternative to Photobucket, you should check out Imgur too. You can even login with your Facebook, Twitter, Google or Yahoo accounts!

Besides just having really cool free image hosting, Imgur is also a pretty fun community to be a part of, where people share news stories, memes, jokes and all sorts of stuff. Here is a little history on Imgur from their About Page:
Imgur was founded in 2009 by Alan Schaaf in his Ohio University dorm room as a simple, no-limits platform to share images online. 
With the launch of the homepage gallery, Imgur gave its community the power to refine its many images into a showcase of the freshest, most interesting and popular images on the web. These images can be hilarious, cute, inspiring and informative. From stories of personal transformation to current events, pop culture, memes and more, Imgur has an image for everyone. Of course, there are plenty of cute puppies, too. 
Each month, images on Imgur are viewed across the Internet billions of times. It is currently ranked one of the top 50 largest websites worldwide.
Some people have complained about not being able to get their images off of Photobucket. I didn't have an issue myself. When I clicked on my images within Photobucket, it was replaced with the above disabled 3rd party hosting image. However, when I pasted the direct link URL for the image in the browser, the original picture shows up, and I was able to right click on it and download it. From there I could upload it to Imgur.

Suck it Photobucket!



Did you get screwed over by Photobucket's business decision too? Did you switch to a new image hosting service? If so, which one? Let us know in the comments!


Jul 7, 2017

Coming Soon: FREE Wildcard SSL Certificates!

I was just made aware of some really awesome news for those of you that value your online privacy! I wrote in the past about free named SSL certificates from StartCom. That was pretty cool, and I have used plenty of their free SSL certificates, but another group is about to "one up" them!

Let's Encrypt announced that they will begin offering FREE wildcard SSL certificates starting in January of 2018!

From their press release:
Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS. 
Let’s Encrypt is currently securing 47 million domains via our fully automated DV certificate issuance and management API. This has contributed heavily to the Web going from 40% to 58% encrypted page loads since Let’s Encrypt’s service became available in December 2015. If you’re excited about wildcard availability and our mission to get to a 100% encrypted Web, we ask that you contribute to our summer fundraising campaign
A wildcard certificate can secure any number of subdomains of a base domain (e.g. *.example.com). This allows administrators to use a single certificate and key pair for a domain and all of its subdomains, which can make HTTPS deployment significantly easier.

This is kind of a big deal. If you want to secure more than one website or service with TLS/SSL then getting a bunch of named certificates can be a pain to manage. Plus, many certificate authorities charge a pretty penny for wildcard certificates, so it prices many small businesses and groups out of the encryption market!

Having a non-profit group, like Let's Encrypt, issuing free wildcard SSL certificates encourages more people to use encryption, and makes it easy!

What do you think about this? Are you going to give Let's Encrypt a shot? Let us know in the comments!

Jun 26, 2017

Match Head Rocket Science Experiment with Brizzle Fo' Shizzle



The above video is from my son Brayden, aka Brizzle's new Youtube channel called, "The Adventures of Brizzle Fo' Shizzle!"


In this episode, Brizzle, his sister Kizzle, his Grandpa and I try a science experiment! A match head rocket experiment! Will it launch into outer space? Will it simply explode? Will it fizzle out in a puff of smoke? Watch and find out!

Jun 8, 2017

What is SNI?

I felt like writing this post because I deal with this question quite a bit at my company. What is SNI? Well, in short, SNI is an acronym that stands for Server Name Indicator, or Server Name Indication. Wikipedia describes it as:
Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted, so an eavesdropper can see which site is being requested.
In a shorter, more concise explanation, SNI lets us bind multiple SSL certificates to one IP address. In the past, we used to have to bind an SSL certificate to a single IP address, and any additional SSL certificates would require their own IP address.

This is a real problem when you can see that IPv4 is running out of addresses! It also became a problem if you wanted to host multiple websites on a single web server. One web server might need eight or nine IP addresses to server up eight or nine different websites!

The reason I get asked about this a lot is we have several clients whose applications don't support SNI, and when they try to connect to our API that requires SNI, they get some sort of SSL error. We have a workaround for those clients, but I still find myself having to explain this to many of the people I work with (Often several times over).

The reason the clients that don't support SNI get SSL errors is that their application isn't smart enough to tell the web server which website they are trying to connect to by using the hostname at the start of the handshake process. Because they can't tell the web server which site they are trying to connect to, they are presented with whatever is the default certificate, which doesn't match the hostname, so they get a handshake error.

I see this a lot with Java based applications, but occasionally I see this with custom .Net applications as well. I guess this depends on if the developers have taken into account SNI or not.

I also see this a lot with DataPower/WebSphere clients, but DataPower can be configured for SNI. Check out this video:




All modern browsers support SNI, and in my opinion, all modern applications should too. If your application does not support it, then I would suggest lighting a fire under your development team's collective ass, and have them update your application to support it!

Jun 7, 2017

How To Get Rid of Boxelder Bugs... Seriously!

This isn't really technology, computer or software related, but I thought I'd share this with you anyway since it is something that has literally been "bugging" me for the last two years. That is that I've had a huge issue with Boxelder bugs all over the front of my house! They weren't there when I moved in three years ago, but they took up residence last year and never left apparently!

Looking on YouTube, I found this video that tells you to use liquid dish soap and water on your siding because the Boxelder don't like it apparently:




Well, this technique did get them off the siding, it did NOT get them off my sidewalks or bushes around the front of my house. It did not solve the problem!

Well, today I had enough and decided to get something that would solve the problem. I bought some Spectracide HG-95830 Triazicide Insect Killer for Lawns & Landscapes Concentrate, Ready-to-Spray and attached that sumbitch to my garden hose!

I let loose a torrent of water and death all over the front of my house, on my sidewalks and in the plants around the front of of my house. Hordes of Boxelder bugs were covered in the Triazicide spray and slowly met their inevitable doom!

The ready to spray version is the best in my opinion because it hooks to your garden hose and allows you to spray a large area quickly.

The Spectracide website even lists Triazicide as one of their solutions to kill Boxelder bugs! Boom! Suck on that you nasty bugs!

If you have Boxelder bugs all over the front of your house, ditch the dish soap, grab a hose and hook up a bottle of Triazicide to it and unleash hell! You can thank me later!

May 31, 2017

mdadm: /etc/mdadm/mdadm.conf defines no arrays.

One of the most annoying things about Ubuntu 16.04 LTS server edition is that every time you go to run updates, you almost inevitably get hit with this message:
mdadm: /etc/mdadm/mdadm.conf defines no arrays.
It turns out that this message is completely benign and you can ignore it, but that doesn't make it any less annoying right? Hopefully they get that worked out in Ubuntu 18.04 LTS next year. Until then, there is a quick way to fix it.

Just open /etc/mdadm/mdadm.conf with your favorite text editor and add the following lines at the bottom.
ARRAY devices=/dev/sda
Save the file, and that's it. No more stupid error.

If you didn't know, mdadm is the Linux software RAID software. If you are running Ubuntu in a VM though, chances are it is not going to have a software RAID to manage.
[H/T Ask Ubuntu]

May 28, 2017

Get into cryptocurrency mining the easy way with MinerGate!

You may be asking what is cryptocurrency. Well, Wikipedia describes it as:
A digital asset designed to work as a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. Cryptocurrencies are a subset of alternative currencies, or specifically of digital currencies.
Bitcoin was the first one out, and if you didn't know, as of the time of this writing Coinbase is reporting that 1 Bitcoin is currently worth $2,277.22! That's a lot of money, and it's value has only gone up over the last few years.

If you are unfamiliar with Bitcoin, I made this Tech Chop video a few years ago to talk about it:



So now you get the idea right? Well, Bitcoin isn't the only name in the cryptocurrency game. There are tons of other ones like Monero, Litecoin, FantomCoin etc. Almost too many to count. The problem with Bitcoin, even though it's the most mainstream of them is that mining it has really lost it's profitability. In the early days it was fairly easy to mine Bitcoins, and therefore the guys that got in early have made a ton of money by now, but that ship has sailed. That being said, since there are other cryptocurrencies, those of us late to the game still have a chance!

Introducing MinerGate!

From their page:
MinerGate is a mining pool created by a group of cryptocoin enthusiasts.

It is the first pool which provides service for merged mining. This means that while mining on our pool you can mine different coins simultaniously without decrease of hashrate for major coin
With MinerGate, you can easily mine other types of cryptocurrencies and transfer them to a digital wallet that you can use to cash out to dollars, or exchange for other cryptocurrencies like Bitcoin.

A great free online wallet, that supports many cryptocurrencies that I recommend is Cryptonator. Cryptonator also lets you easily trade between currencies. If you are in Europe, it's also good to cash out to fiat currency like Euros.

If you are in America, I recommend converting your alternative cryptocurrencies to Bitcoin or Litecoin with Cryptonator, then transfer that to your free Coinbase account when you are ready to withdraw your money to dollars. I say that because a lot of foreign Bitcoin exchanges don't play well with American banks, but Coinbase does!

If you are new to cryptocurrency/cryptocoin and want to try out mining and see if it's right for you, then in my opinion there is no easier way of doing it than with MinerGate.

For those of you that have been doing this for a while, what other mining tools or programs do you recommend? Do you use MinerGate yourself? Do you like it? Let us know in the comments.

[EDIT] I found that it's actually easier to transfer your mined currency from MinerGate directly to your Coinbase account using Changelly! With Changelly, you can transfer any type of supported crypto-coin directly to any other type of crypto-coin. For instance, I just transferred my XMR (Monero) to my Litecoin wallet on Coinbase! Boom! Easy!

May 26, 2017

A Zenoss error has occurred



I had a bit of a scare the other day after a simple reboot of my Zenoss 4.2.4 monitoring server. When the Zenoss server came back up, I went to login like usual and I received the dreaded "A Zenoss error has occurred" message! Below it was the following:
Type: <type 'exceptions.KeyError'>
Value: 1495826580
Traceback (most recent call last):
File "/usr/local/zenoss/lib/python/ZPublisher/Publish.py", line 126, in publish
request, bind=1)
File "/usr/local/zenoss/lib/python/ZPublisher/mapply.py", line 77, in mapply
if debug is not None: return debug(object,args,context)
File "/usr/local/zenoss/lib/python/ZPublisher/Publish.py", line 46, in call_object
result=apply(object,args) # Type s<cr> to step into published object.
File "/usr/local/zenoss/Products/ZenUtils/patches/pasmonkey.py", line 153, in login
pas_instance.updateCredentials(request, response, login, password)
File "/usr/local/zenoss/lib/python/Products/PluggableAuthService/PluggableAuthService.py", line 1100, in updateCredentials
updater.updateCredentials(request, response, login, new_password)
File "/usr/local/zenoss/lib/python/Products/PluggableAuthService/plugins/SessionAuthHelper.py", line 102, in updateCredentials
request.SESSION.set('__ac_name', login)
File "/usr/local/zenoss/lib/python/ZPublisher/HTTPRequest.py", line 1379, in __getattr__
v = self.get(key, default, returnTaints=returnTaints)
File "/usr/local/zenoss/lib/python/ZPublisher/HTTPRequest.py", line 1336, in get
v = v()
File "/usr/local/zenoss/lib/python/Products/Sessions/SessionDataManager.py", line 101, in getSessionData
return self._getSessionDataObject(key)
File "/usr/local/zenoss/lib/python/Products/Sessions/SessionDataManager.py", line 188, in _getSessionDataObject
ob = container.new_or_existing(key)
File "/usr/local/zenoss/lib/python/Products/Transience/Transience.py", line 842, in new_or_existing
self[key] = item
File "/usr/local/zenoss/lib/python/Products/Transience/Transience.py", line 454, in __setitem__
current_bucket = self._data[current_ts]
KeyError: 1495826580
Doesn't look pretty does it? Everything seemed to be working still, I was still getting alert emails, but I could not login to the user interface to save my life!

Well, I found a solution in an archived community support thread. To fix it I did the following to fix it by SSH'ing into the Zenoss server:
  • su zenoss
  • zendmd
  • from Products.ZenUtils.Security import activateCookieBasedAuthentication
  • activateCookieBasedAuthentication(zport)
  • activateCookieBasedAuthentication(app)
  • commit()
  • zport.acl_users._delObject('sessionAuthHelper')
  • app.acl_users._delObject('sessionAuthHelper')
  • commit()
  • exit()
  • zopectl restart
After that, I was able to login fine! Each of the above are one line commands in the terminal. 

I hope it helps you out!

May 19, 2017

Don't panic! New exploits and malware are released every day!

I work in an industry where security is kind of a big deal. Without getting into specifics, or naming company names, we'll just say that the companies I work with a lot are in the financial sector. Because of that, I've found that their security is pretty damned hard core, and their vendor risk assessment crews are even more hard core.

Knowing all that, you can probably assume that I get a lot of risk assessment questionnaires asking about the company I work for and our security practices. On top of their annual, or semi-annual risk assessments whenever news breaks out of some fancy new malware, their pucker factor goes up exponentially and I get bombarded with questions asking about what we're doing about it.

Although I completely understand where they are coming from, the truth is in the world of network security, threats like this are always out there. There are always viruses, Trojans, worms and other nasty things hackers are trying to do to cause chaos, damage systems, steal information or to steal money. The difference with these cases is that they are famous and they've made the news cycle.

This latest crazy threat that has everyone in a tizzy is WannaCry(Or WCry, or Wanna Decryptor). If you have been living under a rock, it's your typical ransomware that encrypts all your files and asks you to pay a ransom to have your files unlocked. In reality, it's no different than CryptoLocker that came out in 2013. One might argue that the difference is how it was spread using a vulnerability that the NSA had been using for years.

Guess what folks, I have news for you. Shit like this comes out every day. In fact, WikiLeaks has been leaking all of the CIA's exploits  for the past few months. The Hacker News reported yesterday that two of the CIA's tools affect all versions of Windows! WannaCry only affected Windows 2008 and below! Get ready for an epic shitstorm of hacks now that the United State's Government's secrets are all over the web!

Long story short, DON'T PANIC! Stuff like this happens every day. The best thing you can do is prepare for it. Keep your systems patched, make sure your antivirus/anti-malware is up to date, use firewalls, beware of phishing scams, and make sure you have reliable backups! You know, all the recommended security shit you are supposed to do, and not be lazy about! If you maintain a decent security posture, you can prevent a lot of this sort of thing, or be able to mitigate against it should you be affected.

Do you agree? Disagree? Let us know in the comments.


May 18, 2017

Goodbye ExtraTorrent! Hello Zooqle!

Yesterday I posted that ExtraTorrent was closing up shop. In that post I mentioned a possible mirror, but that turned out to not be real. None of the download links worked. ExtraTorrent really is gone apparently.

That being said, if you like to torrent stuff, there are some alternative sites out there. Not all of them have RSS capabilities though. Well, I found one that does offer RSS! It's called Zooqle!



My only gripe with Zooqle is that they make you register. It's not that big of deal, but I recommend that if you register with any Torrent site, you do so while connected to a VPN connection. I also recommend NOT using your personal email address, and use one dedicated to Torrenting that also uses encryption like ProtonMail!

One thing I certainly do love about Zooqle, besides its RSS support, is the lack of intrusive advertising. One of my biggest problems with ExtraTorrent were their annoying redirect ads and pop-under ads. I respect having ads on your website. For many sites, that's their only source of revenue. I just had intrusive ads!

Now that ExtraTorrent is gone, which site or sites do you use? What alternatives do you recommend? let us know in the comments!


May 17, 2017

ExtraTorrent is down for good... Or are they?

Earlier today, TorrentFreak broke with the news that the famous BitTorrent site, ExtraTorrent was shutting down operations including all mirror sites.

From TorrentFreak:
Popular torrent site ExtraTorrent has permanently shut down. The abrupt decision was announced a few minutes ago in a brief message posted on the site's homepage. This means that after the demise of KickassTorrents and Torrentz.eu, the torrent community must say farewell to another major player. 
In a surprise move, ExtraTorrent decided to shut down today, for good.
Users who access the site’s homepage are welcomed by a short but clear message, indicating that the popular torrent index will not return (the message appears intermittently).
 
“ExtraTorrent has shut down permanently.” 
“ExtraTorrent with all mirrors goes offline.. We permanently erase all data. Stay away from fake ExtraTorrent websites and clones. Thx to all ET supporters and torrent community. ET was a place to be….” 
TorrentFreak reached out to ExtraTorrent operator SaM who confirmed that this is indeed the end of the road for the site.
If you browse to ExtraTorrent.com or any of their mirrors, you see a page like this:


Not long ago though, this message popped up on the ExtraTorrent Facebook page leaving many of their followers confused:


If you browse to the link that is circled in red above, it takes you to ExtraTorrent.cl which appears to be a live mirror. i haven't tried any of the downloads though.

So are they down or not? Is this just some kind of ruse to stop people from trying to DDoS their servers? If you have the goods, and know what's going on, let us know in the comments!

[EDIT] It looks like they really are gone. The site mentioned above is a fake mirror and the links don't work. If you are looking for an ExtraTorrent alternative, you should check out our post on Zooqle.

May 9, 2017

US Government Recently Passed New Pirate Watch List

With the new Trump administration comes an increase in the crackdown of online piracy, and with that the Office of the US Trade Representative has published its annual piracy watch list, also known as the Special 301 Report. In this 81 page report, around two dozen countries are listed has hotbeds for online piracy.

From ExtraTorrent:
The Office of the US Trade Representative has published its yearly piracy watchlist officially named Special 301 Report. The document highlights countries failing to comply with the copyright protection standards of the United States. Apparently, the enforcement of IP rights is a priority for the Trump administration. In the report, Canada and Switzerland are listed among the two dozen of other countries. 
USTR publishes its report listing countries that aren’t doing enough to protect US intellectual property rights every year. The latest report is the first under the administration of President Trump, but slightly differs from Obama’s: China, Russia, Ukraine and India are major threats, while even Canada and Switzerland remain in the list.
Switzerland is a popular country to host pirate related websites due to their Logistep Decision.That decision was a ruling from the Swiss Federal Supreme Court that prohibits companies from harvesting IP addresses of file-sharers because the Swiss Federal Supreme Court views IP addresses as private data.

May 4, 2017

I've switched from BitLocker to VeraCrypt for full disk encryption because SCREW MICROSOFT!

"Damn!" you are probably saying to yourself, "That's a pretty harsh title to a blog post." Yeah, I suppose you are right. Still though, it's pretty accurate. I'm not really a fan of Microsoft at all, and whenever possible I really like to use alternatives. In the case of drive encryption though, I think it just makes sense from a security perspective.

Allow me to explain, you see it was only a few years ago that Edward Snowden leaked information about the NSA's PRISM program. One of the interesting things that came with that leak was that the NSA was working with companies like Microsoft and Google to bypass security built into their platforms so they could illegally access users data. Backdoors if you will. 

So now that we know this information, how can we actually trust anything that Microsoft puts their name on to truly secure our data? Sure, it's probably safe from the average hacker, but it's certainly not safe from Big Brother!

That's why I've opted to ditch BitLocker, and go with the open source alternative of VeraCrypt. Besides, even if BitLocker is safe from Big Brother, I still feel that VeraCrypt is probably more secure because of it's PIM feature. That's just my opinion though.

The only drawback I see from this change is that VeraCrypt's boot time is slightly longer, but that is tolerable in my opinion.

What do you think about this? Let me know in the comments.

May 2, 2017

Why haven't we found aliens yet? (Infographic)

Have you ever wondered why we haven't found conclusive evidence of aliens yet? Well, this infographic hopes to shed some light on that question. Check it out!


[Mobile users: click the image to view]


[H/T Imgur]

May 1, 2017

I've replaced TrueCrypt with VeraCrypt on my VPS

A couple of days ago on Saturday I talked about VeraCrypt being the only real alternative to TrueCrypt, I also mentioned that I was still using TrueCrypt on my Linux VPS private email server. Well, after writing that post I wanted to see if VeraCrypt could mount a TrueCrypt volume, and it turns out it can!

So I went ahead and installed VeraCrypt on my VPS. The setup is almost identical to the TrueCrypt CLI version. After the install, I changed my mount scripts from:

truecrypt --mount /secret/secret.tc /var/vmail

To
veracrypt --truecrypt --mount /secret/secret.tc /var/vmail

Boom! Easy peasy lemon squeezy!

According to VeraCrypt, you can convert an existing TrueCrypt volume by performing any of these functions, but you must select TrueCrypt mode to do it:

  • Change Volume Password
  • Set Header Key Derivation Algorithm
  • Add/Remove key files
  • Remove all key files

I haven't tried it yet, but changing the password and or key files to convert it to a VeraCrypt volume via the terminal version should be as simple as running the following on your original TrueCrypt volume while it's dismounted:

veracrypt --truecrypt -C tc-volume.tc
Not wanting to risk corrupting all of my emails, I think I will hold off on doing that until I'm ready to change my password again, and I'll make sure I have a good backup first! Still though, even if it doesn't work, at least I can mount that volume now with VeraCrypt!

Edit: I've verified that the above command does in fact work to change the password and upgrade your TrueCrypt volume to the new VeraCrypt format via the cli/terminal! If you were wondering how to upgrade a TrueCrypt voume to a VeraCrypt volume via command line, there you go!

Apr 29, 2017

Serious Alternative to Truecrypt: VeraCrypt

As many people know, TrueCrypt has been discontinued since 2014. The developers said that TrueCrypt had some unfixed security issues. In 2015 the Fraunhofer Institute for Secure Information Technology conducted an audit on the last stable release of TrueCrypt, and although they did find a number of bugs, they came to the conclusion that it is still secure when data is at rest.

That being said, since TrueCrypt is no longer being developed, if you are still using it you should move to something that is actively being developed. Now, there are lots of encryption solutions today. Most modern operating systems have some form of disk encryption built in now. Microsoft has BitLocker, Linux has LUKS. You get the idea right? What if you really liked the way TrueCrypt worked though? What if you liked that TrueCrypt was multi-platform? Then in my opinion, you only have one serious alternative.

That alternative is VeraCrypt! From their page:
VeraCrypt picks up from where TrueCrypt left and it adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks. 
VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt. It can load TrueCrypt volume and it offers the possibility to convert TrueCrypt containers and non-system partitions to VeraCrypt format. This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. 
This is acceptable to the legitimate owner but it makes it much more harder for an attacker to gain access to the encrypted data.
Now, to be fair, there is another fork of TrueCrypt called CipherShed, but they only have a pre-compiled version for Windows. If you want to use it on Mac or Linux, you need to compile it yourself. Not to mention, they don't issue releases as frequently as VeraCrypt.

Some cool things I like about VeraCrypt are that the layout is very similar to that of TrueCrypt, and I'm already used to that. Also VeraCrypt offers some other encryption algorithms that TrueCrypt did not. Those algorithms are Camellia and Kuznyechik.



They also have some other hash options.


I'll be honest, I am still using TrueCrypt on my VPS email server. I'm not terribly worried about it because it should still be able to protect my emails at rest if my VPS is shutdown to reset the root password without my permission. Still though, I'm making plans to migrate to a new VPS when Ubuntu 18.04 LTS comes out, and when that day comes I'm going to make the switch to VeraCrypt!

Do you still use TrueCrypt? Do you think you will make the change to VeraCrypt? Why or why not? Let us know in the comments!

Apr 28, 2017

Now Virginia farm boys are trying to break into my email server?

One day after my post about Venafi setting off a host based intrusion detection alert on my email server, and me wondering if Venafi is a front for the NSA since they are stationed in Utah where the NSA's gigantic datacenter is; I get another interesting alert. This time from an IP address in Ashburn Virginia!



What is only 30 minutes away from Ashburn Virginia? Oh, just CIA Headquarters in Langley Virginia!



The alert I got was a little more aggressive than that from Venafi. This one was fired off as a "Possible attack on the ssh server (or version gathering)."




I get it. Just because Venafi is out of Utah, and the NSA is out of Utah doesn't make them both NSA. Also, just because this IP is out of Virginia, and the CIA are in Virginia doesn't mean that it's the CIA trying to hack my email. Still though, the timing of it is suspicious don't you think? One day after possibly outing a NSA front?

Just to be cautious I added firewall rules to block the following IP ranges from the ISP out of Virginia:
70.104.0.0/16
70.105.0.0/17
70.105.128.0/18
70.105.192.0/19
Hopefully that will keep the Virginia farm boys from snooping in my email.

Apr 27, 2017

Who the hell is @Venafi, and why the hell are they trying to connect to my private email server?

I work in a company where cyber security is kind of a big deal, and one of the tools I use a lot is a host based intrusion detection system called OSSEC. Well, the other day I decided to also install OSSEC on my private email server to see what kind of threats and intrusion attempts are happening on a daily basis. Needless to say, things have been interesting.

One thing that caught my eye this morning though is an SSL error message that showed up in the Apache logs that said "rejecting client initiated renegotiation". See below:



Okay, a simple SSL error. So what? No harm no foul right? Well, there is something kind of strange with this one. The IP address in question is 208.93.152.147, and when I do an IP address WHOIS lookup I see it belongs to a company out of Utah called Venafi, Inc.



Their website says that they are in essence an SSL company, and Wikipedia describes them as a privately held cyber security company that develops software to secure and protect cryptographic keys and digital certificates. The problem is that I don't do business with them, so they really have no reason to be scoping out my private email server.

Another thing that made me wonder about this company is that this isn't the first time I've seen their IP addresses show up in intrusion detection alerts. I've also seen their IP addresses in alerts for some of my day job company's web servers as well, and we don't do business with Venafi either.

Maybe it's my conspiracy mind at play here, but you know who else has a big data center in Utah that is designed to hack and store data about everyone on the Internet? That's right, the NSA has a huge data center in Utah called the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center.



Could Venafi be a front for the NSA? It makes me wonder...

Anyway, for now I am blocking the entire 208.93.152.0/22 range and I will continue to block ranges of suspicious IP's. There is no reason for Venafi to be connecting to my servers at all, even if they really are the NSA.

Have you seen these guys trying to connect to your systems? What are you doing about it? Do you do business with them? Is this something I shouldn't worry about? Let me know in the comments.

======

UPDATE: Venafi sent me the following tweet in reply to this post:



The link to their TrustNet Scanner talks about how they passively scan the certifications of every IP address on the internet to build a global certificate repository that they make available to the public. I suppose that's plausible... I'm still not convinced they aren't a front for the NSA though!



Update #2: Is the CIA now trying to break into my email server?



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam