Loading...


Dec 13, 2017

10 Upcoming Gadgets and Technologies to Change the World

Digital technology has come a long way through all leaps and bounds over the past five years. Cloud computing, smartphones, and multi-touch tablets are the innovations which revolutionized our personal and work life. Well, it's just a beginning. Technology will get even better. In the near future, we could lead a life just like in sci-fi movies.

So, get ready to slice Ninja fruits through your gestures and control the desktop with eyes, print your own physical product, and enter into the virtual world and experience virtual reality. Here's is the rundown of top 10 real-life, upcoming gadgets and technologies which will change the world.

Google Glass

Augmented Reality is already here in the forms of simulated education and experiment app. But Google has taken multiple steps ahead by launching Google Glass. Theoretically, you can view your texts, social feeds, Google Maps and navigate through GPS. You can also get updates on the ground. Currently, it is offered only to some developers at $1500. But other tech companies are working and trying to build an affordable variant for commercial sales.

Form 1

3D printing could forge any digital design into a real-life product. It is nothing new for the mechanical industry but a 3D printer is surely a revolutionary idea. Everyone can create their own product with their unique design and you don't need any approval from any company. Even Aston Martin in a James Bond movie was a 3D printed product which was crashed for a scene.

Form 1 is a personal 3D printer you could buy at $2799. It seems a very hefty price but you can produce your own prototypes with it. Imagine a day when any professional can mass produce their own physical products without any limits.

Oculus Rift

Oculus Rift is a 3D headset which would bring virtual reality to life. It allows you feel that you are actually in a video game mentally. In its virtual world, you could view the world in HD display with very low latency by just turning the head around. Several premium products can do the same but Rift gives that experience at just $300. It is the beginning of next-gen gaming revolution.

The world is bombarded with VR gadgets. So, the timing is right to be immersed in the whole virtual world. Oculus Rift is the first step to reach such level of realism.

Leap Motion

The concept of a multi-touch desktop is miserably failed because hands could get too tired for long use. But Leap Motion could come with a more innovative idea. You can control your desktop with fingers, without having to touch the screen.

Unlike a usual motion sensor, Leap Motion enables the user to zoom in the photos and map, scroll a web page, sign documents and also play FPS game with just finger and hand movements. A smooth reaction is a very important part of it. This future tech could be yours at just $70. You could buy a PS3 premium game title for this price. If it could work with Oculus Rift, it could definitely give a great makeover to your real-time gaming.

Smart Things

In most devices, the existing problem is that they work standalone and it needs effort for tech leaders to partner with one another and build products that can connect to one another. With Smart Things, you can make every digital to connect together, whether digital or not. You can easily get your humidity, vibration and pressure sensors, and smoke alarms to detect things and alert you by using your smartphone.

You can also track who has been in your house, turn the lights on when entering the room, and shut the doors and windows while leaving the house, all with a gadget which could cost around $500.

Eye Tribe

Eye tracking has been discussed actively by tech lovers already but it is not that simple to implement. But it is not so for Eye Tribe. They created a technology successfully that can let you control the tablet, play flight simulator and even play Fruit Ninja with just eye movements.

Basically, it's just an eye-tracking technology which can be combined with a front camera and some serious computerized algorithm. In LeWeb, a live demo was done this year and we may see it in action in future. The company is still looking for partnership to bring this tech to the market.

Firefox OS

As we all know, there is no competition for Android and iOS. But both of them have their own policies and rules which inhibit the developers and their creative efforts. Since then, Mozilla decided to develop a new mobile OS from the very beginning, which will focus on freedom, true openness, and user's choice.

It's Firefox OS which is built on Gecko, Gonk, and Gaia software layers. It means it is completely open source and carries HTML5 and CSS3 technologies.

Developers can debut apps without blockade of needs set by stores. Hence, users could also personalize the OS as per their needs. Currently, it is available for Android-compatible devices. It can be used to do basic tasks that you do on Android or iOS devices, such as browsing the web, calling friends, playing games, etc.

Project Fiona

Razer's Project Fiona is supposed to be the first generation of gaming tablet. It is seriously built for hardcore gaming. Tech companies might also develop their tablets that are dedicated to gaming. It features Intel Core i7 CPU to play all the PC games you love at the palm of your hands. Razer has developed user experience just on the tablet, along with magnetometer, 3-axis gyro, accelerometer and multi-touch UI.

Parallella

It will clearly redefine the way computers are made. It is simply a supercomputer for all. It is a power-saving computer built to process complex program efficiently and simultaneously. It will make holographic heads-up display, real-time object tracking, and speech recognition even smarter and stronger.

Driverless Car by Google

We all have imagined driverless car to be real someday. Finally, Google has made it happen. It works on artificial intelligence which gets input from video cameras in it, a sensor on the top, and some position sensors and radar in various positions of the car. A lot of research and development has been done to imitate the human intelligence.

Dec 12, 2017

When I made this video, #Bitcoin was trading for $12.83



I made this video for my old Tech Chop video series back in October of 2012! When this video came out, nobody really had heard about Bitcoin at that time. It was trading for roughly $12.83 per Bitcoin then, and mining was still relatively profitable. Now mining has stopped being profitable, but since Bitcoin is now trading at around $18,000 people are still making money!


Bitcoin mining itself isn't profitable anymore, but you can still get into cryptocurrency mining, and transfer your earnings into something worthwhile like Bitcoin, Litecoin or Ethereum using MinerGate! Check them out!


Google Creates More Magic With Pixel 2

Google Pixel 2 XL
Google has raised the curtain on the newest edition of its Pixel phone line and Android fans will not be disappointed.

A worthy successor to the original Pixel, the Pixel 2 combines an outstanding camera with reliable software and an attractive design, all in an aluminum waterproof package.

The phone is available in two sizes the Pixel 2 and Pixel 2 XL. Unlike Apple and other manufacturers the large and small versions both are identical in guts and performance.

Look under the hat and you'll find the same Snapdragon 835 processor, 4 gigs of RAM, and the same 64 or 128 gigs of storage. The camera is the same as well. Both run Android Oreo with no bloating or customizing to the operating system. Battery life is around 7 hours with only 15 minutes of charging. Since it is "pure Android" users will get security updates and more features faster than other phones.

Screen size is the big difference between the phones. The smaller version has a five inch 1920 x 1080 OLED screen. The larger version has a higher-res 6 inch screen with a 2880 x 1440 display. The larger phone also has a rounded bezel and bigger battery.

Google has added a few design elements to the Pixel for a better experience. The search bar has been moved down to the bottom of the home screen, so it can be reached more easily. A new widget will show you useful information like the weather or your next appointment. An always-on display lets you know the time and any new notifications.

Throw around some more magical dust and you get an app called "Now Playing". It automatically identifies whatever music is playing nearby whether you are in a bar, restaurant or other place. It downloads a list of similar songs to your phone. You can then select if you wish to listen to them.

For most, the camera is king when it comes to cell phones and Pixel 2 continues the excellent reputation of its predecessor. The photos are sharp with soft background portrait shots. The 12.2 rear megapixel camera, and 8 MP up front, are fast and extremely impressive in low light.

The Pixel's video capabilities will also turn heads. It can shoot slow-motion video at up to 240 frames per second. 4K shooting can be done at 30 frames per second. Google also touts the phone's ability to combine optical and electrical image stabilization so your video is smooth even in the roughest conditions.

Worried about storage? Google says no need. Pixel provides unlimited and free photo and video storage, even in 4k.

You can also search "what you see" with Google Lens. Do more searching by voice or with a squeeze of the device.

Since it is a Google phone it comes with all company accoutrements working in tandem between the phone's Google Assistant with Google Home and Chromecast. Like most phones there is no headphone jack but Pixel Bud wireless headphones are reportedly on the way soon.

Colors include "Just Black", "Clearly White", and "Kinda Blue" for the Pixel 2 with the "Just Black" and "Black and White" available in the XL model.

Pricing starts at $649 for the Pixel 2 and $849 for the XL.

Though perhaps lacking behind the Samsung Galaxy Note 8 in performance options, and in price, Google has waived its wand and created a worthy competitor in the cellphone marketplace. The Pixel 2 should certainly generate many "oohs and ahhs" among Android fans.


About the author:
George Rosenthal is a founder and partner with ThrottleNet Inc.. ThrottleNet offers an array of technology services and products to help business owners achieve their corporate goals and accelerate business growth. These include cloud computing, custom software and mobile application development, and outsourced Managed Network Services which helps companies improve their technology uptime and IT capabilities while, at the same time, reduces costs. To learn how to accelerate your IT visit ThrottleNet online at http://www.throttlenet.com.

Dec 11, 2017

If you have an HP laptop, you might have a keylogger installed

HP has done it again. They have screwed over their customers by leaving something nasty installed in over 460 of their laptop models. This nasty thing is a keylogger program that can be used by hackers to log your every keystroke allowing them to capture your most sensitive passwords!

This isn't the first time they've done this either! Back in May, security researchers discovered a keylogger hidden in HP's audio drivers. ZeroHedge recently reported about spyware being pre-installed on HP computers as well! How low will these guys stoop to snoop on their customers?

Well, this time the keylogger was found in the touchpad driver.



Via The Hacker News:
A security researcher who goes by the name of ZwClose discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details. 
The Keylogger was found embedded in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers. 
Although the keylogger component is disabled by default, hackers can make use of available open source tools for bypassing User Account Control (UAC) to enable built-in keylogger "by setting a registry value." 
Here’s the location of the registry key:
  • HKLM\Software\Synaptics\%ProductName%
  • HKLM\Software\Synaptics\%ProductName%\Default
The researcher reported the keylogger component to HP last month, and the company acknowledges the presence of keylogger, saying it was actually "a debug trace" which was left accidentally, but has now been removed.

Normally to combat bullshit bloatware that hardware manufacturers install by default, I recommend wiping out the OEM operating system and do a fresh install. The problem this time is that the keylogger is contained in the drivers! That means when you go to HP's website to get the correct drivers, the keylogger will still get installed! It's pretty messed up!

I guess you really have two options here:

  • Stop buying HP products
  • Stop using Windows and switch to Ubuntu or some other flavor of Linux
What do you think about this? Let us know in the comments!

Dec 8, 2017

Book Review: Security and Privacy in an IT World: Managing and Meeting Online Regulatory Compliance in the 21st Century

My good friend and mentor (Basically the guy who taught me everything I know about Linux) , Craig MacKinder, recently wrote a book! It is called Security and Privacy in an It World: Managing and Meeting Online Regulatory Compliance in the 21st Century.

MacKinder is the owner of Blueshift Information Systems Inc, has been in the IT industry for over twenty years, and he's probably forgotten more about the business than I may ever know. When he told me that he wrote a book, I was pretty excited about it!

Here is a description of the book from Amazon:
Regulatory compliance has historically been a concern of only a company's legal and finance departments. However, as e-commerce continues to dominate retail both in the United States and abroad, regulatory compliance is now a major area of concern for IT managers, everyone on executive teams, and entire boards of directors. 
Amid a recoiling global marketplace and bigger and more costly cyberattacks, the nexus of "what can our networks do" versus "what are our networks allowed to do" is ever more complex. New privacy regulations coming from some of the closest allies of the United States are increasing the need for all companies doing business online to understand and abide by regulations that are in constant flux. 
On top of these concerns, the U.S. government itself is in a rocky place with domestic politics threatening to stand in the way of business as usual for American companies. How will CEOs navigate this minefield centered around Internet freedom? It will require boardrooms and network managers to focus in partnership on meeting new privacy mandates while also keeping networks safe from cyberattacks and data theft.
MacKinder sent me a copy of the book shortly after it published, and I have to say that I really like it.

It's not a terribly big book, and you can easily read through it in a week or so. It's also written in a manner that is not super technical, and helps give you an easy to follow understanding of the security threats businesses face, as well as the regulatory requirements businesses must adhere to in order to protect client and business data.

It also discusses the politics of IT security and government regulations, and how it impacts global trade and e-commerce. There is also good information about dealing with complex and conflicting Internet regulations.

Overall, I highly recommend this book for IT managers, executives, and board members!

If you are having a hard time getting someone on the executive team to understand the security and regulatory compliance challenges you face as an IT professional, you might consider buying a few copies for them and hand them out as gifts!


Dec 7, 2017

Former FCC Chairman Tom Wheeler Says Ajit Pai is Selling Out Consumers At Behest of ISP's

On Monday we reported that Ajit Pai would not delay their vote to overturn Obama era protections of net neutrality. This was in response to senators requesting that the FCC delay their vote.

One can only assume this is because Ajit Pai is an asshole that doesn't give a shit about consumers, and only the interests of ISP's. One might also speculate that he is probably taking bribes from ISP giants like Verizon and AT&T... I digress...

Anyway, yesterday Pai's predecessor, Tom Wheeler slammed Ajit Pai's plan to eliminate net neutrality. He basically called Pai out for selling out consumers and entrepreneurs at the hands of large ISP's.

Via Ars Technica:
"ISP monopoly carriers have been trying for four years to get to this point," Wheeler said, pointing to a 2013 story in The Washington Post about how telecoms were trying to "shift regulation of their broadband businesses to other agencies that don't have nearly as much power as the FCC." 
Pai's elimination of net neutrality rules, scheduled for a vote on December 14, will also shift consumer protection responsibility to the Federal Trade Commission and forbid state and local governments from writing their own net neutrality rules. 
"It is a classic example of regulatory capture, where the regulatory agency bends to the wishes of those they are supposed to oversee," Wheeler said today during a press conference with US Rep. Anna Eshoo (D-Calif.) and Sen. Ed Markey (D-Mass.).
If you don't think this whole thing stinks, you need to get your nose checked. We are all on the brink of losing the ultimate freedom humanity has ever created, and it's all about money.

What do you think of Ajit Pai, or his plans to kill net neutrality? Let us know in the comments!

Dec 6, 2017

Over 31 Million Ai.type user's info leaked in massive data breach

Researchers from Kromtech Security center have discovered that personal information from around 31 million users have been leaked online due to a security vulnerability in the popular smartphone keyboard app Ai.type. The data was found online and can be accessed by anyone without a password.

Via The Hacker News:
Founded in 2010, Ai.type is a customizable and personalizable on-screen keyboard for mobile phones and tablets, with more than 40 million users worldwide. 
Apparently, a misconfigured MongoDB database, owned by the Tel Aviv-based startup AI.type, exposed their entire 577 GB of the database online that includes a shocking amount of sensitive details on their users, which is not even necessary for the app to work. 
"...they appear to collect everything from contacts to keystrokes."
The leaked database of over 31 million users includes:
  • Full name, phone number, and email address
  • Device name, screen resolution and model details
  • Android version, IMSI number, and IMEI number
  • Mobile network name, country of residence and even user enabled languages
  • IP address (if available), along with GPS location (longitude/latitude).
  • Links and the information associated with the social media profiles, including birth date, emails, photos.
"When researchers installed Ai.Type they were shocked to discover that users must allow 'Full Access' to all of their data stored on the testing iPhone, including all keyboard data past and present," the researchers say.
If you are an Ai.type user, it's already too late, but I'd still uninstall it if I were you...

Dec 5, 2017

Mining Bitcoin on a 55 year old IBM mainframe works worse than expected

I ran into an interesting blog post today where a guy named Ken Shirriff decided to test what would happen if you mined Bitcoin on a 55 year old IBM 1401 mainframe! If you think he was able to really crank out hashes on that old giant monstrosity using punch cards and assembly language, well... you would be wrong.

Via www.righto.com:
The IBM 1401 can compute a double SHA-256 hash in 80 seconds. It requires about 3000 Watts of power, roughly the same as an oven or clothes dryer. A basic IBM 1401 system sold for $125,600, which is about a million dollars in 2015 dollars. On the other hand, today you can spend $50 and get a USB stick miner with a custom ASIC integrated circuit. This USB miner performs 3.6 billion hashes per second and uses about 4 watts. The enormous difference in performance is due to several factors: the huge increase in computer speed in the last 50 years demonstrated by Moore's law, the performance lost by using a decimal business computer for a binary-based hash, and the giant speed gain from custom Bitcoin mining hardware. 
To summarize, to mine a block at current difficulty, the IBM 1401 would take about 5x10^14 years (about 40,000 times the current age of the universe). The electricity would cost about 10^18 dollars. And you'd get 25 bitcoins worth about $6000. Obviously, mining Bitcoin on an IBM 1401 mainframe is not a profitable venture...
...Implementing SHA-256 in assembly language for an obsolete mainframe was a challenging but interesting project. Performance was worse than I expected (even compared to my 12 minute Mandelbrot). The decimal arithmetic of a business computer is a very poor match for a binary-optimized algorithm like SHA-256. But even a computer that predates integrated circuits can implement the Bitcoin mining algorithm. And, if I ever find myself back in 1960 due to some strange time warp, now I know how to set up a Bitcoin network.
Ken went on to say that he didn't actually mine real Bitcoin using this museum computer, but he did actually create and run the SHA-256 algorithm on the IBM 1401, showing that mining is possible in theory. He verified that he was able to find a successful hash by comparing it against one that had already been mined.

Line printer and IBM 1401 via righto.com
Even though it doesn't really make any sense to try and attempt mining on such old hardware, this little experiment is kind of fun an interesting in my opinion.

What do you think? Let us know in the comments!

Dec 4, 2017

FCC Chairman Ajit Pai basically tells net neutrality supporters they can eat a bag of dicks

FCC Chairman, Ajit Pai (Asshole)
OK, to be perfectly honest, the title of this blog post is not an exact quote. FCC Chairman, Ajit Pai did not actually tell net neutrality supporters that they can eat a bag of dicks, but he might as well have.

According to our last blog post, 28 senators were asking the FCC to delay their vote on repealing net neutrality regulations implemented by the Obama administration. Well, Ajit Pai said they will not be delaying the vote, and also said net neutrality supporters are "desperate".

Via Ars Technica:
The Federal Communications Commission will move ahead with its vote to kill net neutrality rules next week despite an unresolved court case that could strip away even more consumer protections. 
FCC Chairman Ajit Pai says that net neutrality rules aren't needed because the Federal Trade Commission can protect consumers from broadband providers. But a pending court case involving AT&T could strip the FTC of its regulatory authority over AT&T and similar ISPs. 
A few dozen consumer advocacy groups and the City of New York urged Pai to delay the net neutrality-killing vote in a letter today. If the FCC eliminates its rules and the court case goes AT&T's way, there would be a "'regulatory gap' that would leave consumers utterly unprotected," the letter said.
Sorry folks, there will be no delay. Hopefully Pai is right and the FTC can protect consumers from broadband carriers without regulations, but I wouldn't hold my breath!

What do you think about this? Let us know in the comments!

Senators Asking FCC to Delay Net Neutrality Vote

Citing concerns over the possibility that fake comments will be used to file the agency's public comment, twenty-eight senators are calling on the FCC to delay it's vote on repealing net neutrality rules that were put in place during the Obama Administration.

Via The Hill:
The group, led by Sen. Maggie Hassan (D-N.H.), wants the FCC to conduct an investigation into whether the net neutrality docket’s public comment record was tampered with. 
“A free and open Internet is vital to ensuring a level playing field online, and we believe that your proposed action may be based on an incomplete understanding of the public record in this proceeding,” the senators wrote in a letter to FCC Chairman Ajit Pai. “In fact, there is good reason to believe that the record may be replete with fake or fraudulent comments, suggesting that your proposal is fundamentally flawed.” 
The group included Sens. Charles Schumer (D-N.Y.), Bernie Sanders (I-Vt.) and Elizabeth Warren (D-Mass.). All of the senators who signed the letter are net neutrality supporters. 
The FCC will vote on Dec. 14 to scrap the Obama-era rules that prevent internet service providers from discriminating against certain content. The agency was flooded nearly 22 million comments, a record, when it sought public input on Pai’s plan to repeal the rules.
The letter cited New York Attorney General Eric Schneiderman’s investigation into fake comments filed with the FCC on net neutrality. Schneiderman said last month that his office had found that “tens of thousands” of New York residents may have been impersonated by fake commenters. 
The senators also noted that 50,000 net neutrality consumer complaints may not have been included in the public record.
Hopefully the FCC will listen to the senators and delay the vote. Many people are rightfully up in arms over this. The idea of net neutrality is to keep the internet free, and not allow ISP's to charge you extra to view the content you want to see.

Here is a pretty funny infographic explaining it via Imgur from back in July:



What do you think about this? Are you for or against net neutrality? Why or why not? Let us know in the comments!

Cisco Finesse Cannot Authenticate With The Notification Service

I love waking up in the morning extra early, and hearing the lovely sound of my IM client at my computer (I work from home). It usually means that something is broken for someone. Well, this morning was no different. I got a message from one of my company's client support folks saying that she couldn't get into the Cisco Finesse phone queue, and that she was getting an error saying that it failed to load workflows.

When I tried logging in myself, I was greeted with a much different message. I got a message saying:

Cisco Finesse
Cannot authenticate with the notification service. There may be a configuration mismatch. Please contact your administrator.


Well shit... That's no good...

Anyway, I decided to try logging into Cisco Unified CCX Administration. When I logged in there I was greeted with a different message. This one said:

The Cisco JTAPI Client versions are inconsistent. Please go to Cisco JTAPI Resync in the Unified CM Telephony Subsystem to install the Cisco JTAPI Client.


Well shit... That's no good...

So I decided to follow instructions. From within Cisco Unified CCX Administration I went to Subsystem > Cisco Unified CM Telephony > Cisco JTAPI Resync. Then clicked OK when prompted.


After that I got another message saying:

For changes to take effect, please restart the Cisco Unified CCX Engine.

In order to do that, I had to go into Cisco Unified CCX Serviceability. Once in there I had to browse to Tools > Control Center - Network Services.


Once in there I had to find Cisco Unified CCX Engine service and restart it. Once that was done, I restarted the Cisco Finesse Tomcat service as well. After that users were able to login to the call queues again!

Did this post help you out? Let us know in the comments!

Dec 1, 2017

The end of an era. StartCom is packing up shop.

I was a big proponent of StartCom SSL certificates. I wrote about them in the past, and used them quite a bit over the years. I mean, the price was right. How can you beat free?

Well, last year around October Google announced that they were dropping support for StartCom and WoSign SSL certificates because they didn't maintain high enough standards. This was shortly after Apple and Mozilla did the same.

Via Google:
Certificate Authorities (CAs) play a key role in web security by issuing digital certificates to website operators. These certificates are trusted by browsers to authenticate secure connections to websites. CAs who issue certificates outside the policies required by browsers and industry bodies can put the security and privacy of every web user at risk. 
Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome, in accordance with our Root Certificate Policy. This view is similar to the recent announcements by the root certificate programs of both Apple and Mozilla. The rest of this post provides background to that decision and how we plan to minimize disruption while still protecting users.
Apparently this struck a major blow to StartCom, and after trying to fix the issues laid out by these browser providers, they apparently still fell short. Because of this, StartCom has issued the following statement via email:
Dear customer, 
As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers. 
The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcom´s website. 
StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. 
StartCom would like to thank you for your support during this difficult time.
StartCom is contacting some other CAs to provide you with the certificates needed. In case you don´t want us to provide you an alternative, please, contact us at certmaster@startcomca.com.
 
Please let us know if you need any further assistance with the transition process. We deeply apologize for any inconveniences that this may cause.

Best regards,
StartCom Certification Authority
This sucks to be sure, but truthfully, there are better providers out there. I mean you can get wildcard SSL certificates these days for as little as $38.00 per year (Click Here for that). Named certificates go for as little as $9.00 per year.

Anyway, I'll be on the lookout for another free SSL provider. They are super handy when you want to stand something up fast and cheap! I've heard good things about Let's Encrypt, but I haven't used them yet.

If you have any recommendations, let us know in the comments!

Nov 30, 2017

Testing out a new way to monetize using Coinhive!

Ever since Google implemented their Panda angorithm years ago, and ever since Google booted me off Adsense for no reason whatsoever, I've been struggling to monetize Bauer-Power. To add insult to injury, Ad Blockers have become ever so popular as well, which kills monetization even more.

Look, I get it. Ads are annoying, however they are what keeps many websites free and their content free. It's a lot like terrestrial television. I digress...

Anyway, I discovered an interesting way to possibly monetize Bauer-Power recently. And it doesn't cost you a dime! At the top of the page, you should see a Coinhive banner like this:


Loading...


When you click on it, a simple javascript kicks off that borrows some of your CPU power to mine Monero cryptocurrency for me. When you press the pause button, or leave the site, the miner stops. Simple! While you are reading my content, you can throw me a bone by letting me borrow some CPU. No big deal right?

If you click on the links in this post, you may also notice that they take you to a Coinhive redirect page first. That also mines a little Monero for me to help out as well.

Hopefully this method works, because to be honest, I have yet to find a truly viable alternative to Google Adsense. On top of that, if I made more money on Bauer-Power, I would be able to add content more frequently.

Nov 9, 2017

How to log X-Forwarded-For events in IIS 8.5+ and in Apache

At my day job, we use a cloud based content delivery service called Incapsula that also acts as a cloud based load balancer. Like just about every load balancing solution, when traffic finally hits your web server, the only IP addresses you see are usually that of the load balancer. The same holds true with Incapsula.

Well, the other day I was asked to identify certain traffic by IP address, and I couldn't. The logs only showed that of Incapsula. I asked Incapsula for their logs so I could correlate, but they only keep security related logs due to PCI compliance, which is understandable. That meant that I needed a way to log X-Forwarded-For header information going forward.

If you are not familiar with X-Forwarded-For, according to Wikipedia:
The X-Forwarded-For (XFF) HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
Makes sense right? Well, the good news is that both Apache and IIS (8.5 and above) support logging X-Forwarded-For natively with some slight modifications.

For IIS:
  • In IIS Manager, click the server name in the left panel to go to the Home screen
  • Click on Logging
  • Click on the Select Fields button
  • Click on the Add Field button
  • In the Field Name box enter x-forwarded-for
  • Leave Source Type set to Request Header
  • In the Source box enter X-Forwarded-For
  • Click OK
  • Click OK again
  • In the upper right of the Logging page click Apply
  • Restart IIS
Your logs will now be appended with _x to show that the logs contain custom fields. You can also follow this same process at the site level if you want. The above example makes the change global for all sites on the server.

For Apache (In Ubuntu):
  • Edit /etc/apache2/apache2.conf
  • Find the line that says
    LogFormat “%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  • Change it to
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  • Restart Apache

Simple right? Now you will be able to see actual client IP's in your logs!

Did this post help you? Let us know in the comments!

Oct 19, 2017

How To Use Remote Assistance (Quick Assist) in Windows 10

Holy smokes! I discovered today that Remote Assistance still exists! It's actually been re-named to Quick Assist apparently according to Wikipedia. If that's true, it's funny that the application windows all still say Windows Remote Assistance still, but I digress...

Anyway, I used to use it all the time in my old Windows XP support days, but for some reason I thought it went away after Vista. I'm guessing that is because it became less intuitive to find it.

Well, the company I work for recently moved out of one office into two smaller offices, and the guys who work for me that support the users in both places are located at just one of the offices. That means remote support for everyone in the second office now.

We had Skype for Business through our Office365 subscription, which was "good enough" up until now, but the problem with that is it won't give the support person the administrative rights they need to actually help people remotely. My team and I talked about it, and we decided we needed to find something that works better in our new multi-office setup.

I decided to do a quick Google search, and lo and behold there it was! An article talking about how to use Remote Assistance in Windows 10! Bam!

It's pretty simple, you just have the user open a Run line by pressing Windows + R, then have them type in msra and click OK.



They are then presented with this screen:


If the user clicks the first option, they can save an invite file, email an invite file or use Easy Connect. Once they select an option, another window pops up with a temporary session password that the person giving support can use to connect with.

If the person giving the support clicks on one of the invite files, they are presented with a prompt to enter in the temporary password of the user needing help!



Once the password is entered, then the user needing help shares their screen, and the person giving support can request control in order to troubleshoot issues! All of this is free and built into Windows too!

What remote support tool(s) do you use at your company? Let us know in the comments!

Sep 15, 2017

Long overdue post! mRemoteNG is back baby!

I have been an mRemote user for years. Even when the original project went tits up, and the new fork of mRemoteNG emerged, I've continued to use it.

A few years ago I wrote an article about switching over to Terminals because there was a bug in the version of mRemoteNG I was using that the developers weren't going to fix. Despite that, mRemoteNG was still my multi-terminal client of choice unless something went seriously wrong.

I've been using 1.72 Beta for what seems like forever. It would do weird things like freeze up my computer for 10 minutes if I had too many windows open. If that happened, I would switch to Terminals after my computer unfroze. I never made the full switch to Terminals though because of the amount of servers I have to manage. I just didn't want to take that time to manually re-create all the connections!

Well, on a whim this morning, I decided to check back with mRemoteNG and to my surprise they released a new stable version back in June! You can download their latest version here: (Download)

I just installed it, and re-imported my connections XML file. It will still be a few days before I know if all the old bugs have been worked out, and I can remove Terminals!

Do you use mRemoteNG? How do you like it? Let us know in the comments!

Sep 5, 2017

How To Solve Facebook Math: 6 ÷ 2 (1 + 2)

This is an older video I put out back when I was still doing Tech Chop. Lately, the Facebook math problems have been making their rounds again, so I thought I'd post it here. Check it out:



In the comment section on Youtube, there are a bunch of people still arguing with me over this, and the way I implemented the order of operations. In the video, I reference an article from PurpleMath that says the following:
When you have a bunch of operations of the same rank, you just operate from left to right. For instance, 15 ÷ 3 × 4 is not 15 ÷ (3 × 4) = 15 ÷ 12, but is rather (15 ÷ 3) × 4 = 5 × 4, because, going from left to right, you get to the division sign first.
So, as mentioned in the video, if you follow the order of operations when solving 6 ÷ 2 (1 + 2), we handle the stuff in parentheses first, which is 1+2 which equals 3.

That now leaves the problem as  6 ÷ 2 (3), which is the same as 6 ÷ 2 x 3. Because everything is the same rank now in the order of operations, we go back to what PurpleMath said, and we solve left to right. The first problem starting from the left is:

6 ÷ 2 = 3

Which leaves us with 3x3 which of course equals 9.

If you want to argue in the comments, fine, but please note that your argument is not with me. It's with PurpleMath and the order of operations.

===============================

EDIT: Okay, TotalMedia in the comments pointed out that PurpleMath actually explains why 9 is not the correct answer on page two. They say:

This next example displays an issue that almost never arises but, when it does, there seems to be no end to the arguing. 
Simplify 16 ÷ 2[8 – 3(4 – 2)] + 1.
16 ÷ 2[8 – 3(4 – 2)] + 1
    = 16 ÷ 2[8 – 3(2)] + 1
    = 16 ÷ 2[8 – 6] + 1
    = 16 ÷ 2[2] + 1   (**)
    = 16 ÷ 4 + 1
    = 4 + 1 

    =
The confusing part in the above calculation is how "16 divided by 2[2] + 1" (in the line marked with the double-star) becomes "16 divided by 4 + 1", instead of "8 times by 2 + 1". That's because, even though multiplication and division are at the same level (so the left-to-right rule should apply), parentheses outrank division, so the first 2 goes with the [2], rather than with the "16 divided by". That is, multiplication that is indicated by placement against parentheses (or brackets, etc) is "stronger" than "regular" multiplication. 

So, because of how 6 ÷ 2 (1 + 2) is written, with the multiplication not clearly defined like 6 ÷ 2 x (1 + 2), then according to the example above we need to simplify what's in parenthesis first which makes the problem  6 ÷ 2 (3), and since 2 is next to the parenthesis, then it is in essence a multiplication problem that is a part of the parenthesis and must be solved first, and the left-right rule doesn't apply because parenthesis is higher up in the order of operations.

That means that we have to multiply 2(3) which equals 6, and now the problem is 6÷6 which equals 1!

Son of a bitch! That is a tricky problem!

Sep 1, 2017

System error 67 has occurred. The network name cannot be found. --- DUH!

Oh man, I write this blog post feeling absolutely foolish and humble. Please be gentle on me in the comments...

The other day I needed to map a network drive for a number of users, so naturally I added a net use command to their login scripts. Simple right? Well, for some reason their drives just wouldn't map, and they were getting the following message if they manually ran the script:
System error 67 has occurred.
The network name cannot be found. 

For the life of me, I couldn't figure out what it was. I could manually map the drive fine through Explorer, but using the net use command at the command prompt didn't work at all.

After Googling, and searching, and sifting through bullshit forum posts about needing to enable WINS (This is not true), I finally got to playing around and figured out what my dumb ass did wrong...

I added an extra "\" at the end of the UNC path...

Instead of

net use j: \\servername\fileshare\

It needed to be

net use j: \\servername\fileshare

Once I removed the extra "\" it worked just fine!


It's weird, but after being in IT for over 12 years, I still sometimes mess up the simple stuff. Nobody is perfect I guess. Still though, if you are here, I'm assuming you probably ran into the same thing. Hopefully this helps you out and we can all start a support group in the comments!

Aug 31, 2017

HACK: How to downgrade Windows 2016 Datacenter to Standard

At my day job, we are getting ready to open a new office. It's going to be a relatively small office, but we still wanted to have a local domain controller on hand for authentication, DNS, DHCP, etc.

We decided that this would be a physical host, and since we weren't going to run any virtual servers in that office, we decided to go with Windows 2016 Standard edition to save on licensing costs. Well, despite that being the plan, when my Systems Administrator installed Windows, he accidentally opted for Windows 2016 Datacenter edition!

The problem with this is that you can easily upgrade Windows Standard to Datacenter using DISM from the command line. Downgrading from Datacenter to Standard is not officially supported though...

That being said, it can certainly be done. Since this isn't officially supported, I recommend making sure you have a good backup just in case, because you do this at your own risk!

Here's what you need to do:

  • Open the registry editor on the machine you want to downgrade
  • Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • Edit the EditionID key to say ServerStandard
  • Edit the ProductName key to say Windows Server 2012 R2 Standard
  • Close out of the registry editor
  • Run the Windows 2016 Installer from the install disk, thumb drive or a local folder
  • When prompted, enter your Windows 2016 key and follow the prompts to "upgrade" Windows

After your computer reboots one or more times, it will now be running Windows 2016 Standard!


If you are not fully understanding what is happening, you are tricking the installer into thinking it is doing an in-place upgrade of Windows 2012 R2 Standard to Windows 2016 Standard by editing the registry. Simple, yet effective right?

Needless to say, it worked like a charm for us, and saved my Systems Administrator from having to start all over.

Did this work for you? Let us know in the comments!

Aug 30, 2017

Simple Free Open Source Alternative to DFS

I am in the process of testing out VM's in Microsoft Azure. So far it's pretty bad ass, and there is so much you can do with it. It's truly remarkable, at least, that's my impression thus far.

One thing I want to do is setup file replication between servers so I can have a geographic active/active setup with front-end web servers. Now, Azure does have a cool feature called Read-Access Geo Redundant Storage that replicates your data at the block level to another region, and leaves that copy in a read only state. I have yet to find an option to have read-write in all regions though (If you know how to do it, let me know in the comments).

Anyway, I thought a good solution might be DFS (Microsoft's Distributed File System) which automatically syncs files to different servers. The problem with this is that it requires domain controllers and Active Directory, and I don't want to deploy domain controllers in Azure.

No problem, because I found what looks to be a simple and most importantly, free open source alternative to DFS! It's called FreeFileSync!

Check out their video:



As you can see, you can do a lot with it. I setup the folders I wanted to sync, set an interval to check for changes, and saved the settings to a .ffs_batch file. I then setup a scheduled task to kick off their RealTimeSync tool when the server reboots to run the following:

"C:\Program Files\FreeFileSync\RealTimeSync.exe" "D:\SyncFiles\FileSync.ffs_batch"

During testing, I have created files in all the directories I want to sync. I've updated them in one, and noticed the changes in the other. I've deleted files, and seen them delete on the other servers. It works great!

One thing I noticed, is that this needs to run on one single host for it to work right. If you need it to keep working if that host goes down, I'd recommend setting up the scheduled task on all nodes, and just leave them disabled unless the primary goes down for some reason.

Also note, that it isn't instant. If you make a change in one folder, it does take a few seconds to sync to the other folder.

Anyway, it was super simple to setup and it just works. It also works on Linux and iOS as well!

What do you use to sync files between servers? Let us know in the comments!

Aug 29, 2017

Option to join a local domain missing in Windows 10 version 1703

As I mentioned yesterday, I finally got around to upgrading my laptop to the latest Creators Update 1703 for Windows 10. Sometime after the update, and fixing my VPN issue I stepped away from my desk and when I came back to unlock my laptop I received a message saying that my laptop had lost it's trust relationship with the domain.

To be honest, I'm not sure if was due to the upgrade or if my desktop guy or Systems Administrator screwed up, but when I looked in my Active Directory my laptop object was gone!

I figured, no big deal. I'll just disjoin if from the domain, reboot, login as Administrator and re-join it. Well, that didn't work as expected, because when I went to join it back to the domain, the option to join a local domain was GONE!



If all you see is above, your only option is to join to a hosted Azure account really. WTF is that all about?

Anyway, to fix this I had to create a couple of DWORD registry entries in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

  • DNSNameResolutionRequired = 0
  • DomainCompatibilityMode = 1
After I added those and rebooted, I had the option to join to a local domain again!


Did you have a similar issue? Let us know in the comments!

Aug 28, 2017

L2TP VPN Not Working After Upgrading Windows 10 to 1703

I know it's been out for a little while now, but this morning I finally decided to upgrade my Windows 10 laptop with Creators Update version 1703. Everything went smooth, but there was one issue that I noticed immediately after the upgrade! I could no longer connect to any L2TP VPN connections!

The good news is that it was relatively easy to fix. The first thing I tried was I went into Device Manager > Network Adapters and I uninstalled all of the WAN Miniport adapters by right clicking on each one and selecting Uninstall.

After uninstalling them, I right-clicked on Network Adapters and selected Scan for Hardware Changes to re-install them.

I tried connecting to my L2TP VPN after that, but received the following error:
The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.


Luckily, this is an error I've seen before and just requires a simple registry entry to allow UDP Encapsulation for L2TP when you are behind a NAT firewall. You can set that registry entry by doing the following:
  • Right-click on the Start icon and select Run
  • Type regedit and click OK
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  • In the right pane, right click and select New > DWORD (32-bit value)
  • Name it AssumeUDPEncapsulationContextOnSendRule and set the value to 2
  • Reboot
After doing this, I was able to connect to my L2TP VPN server just fine!

I hope this helps you! If not, let us know what you had to do differently in the comments!

Aug 7, 2017

How to turn off Android's WiFi Assistant/Google's VPN

You might be asking yourself, why would you want to do this. I mean there are countless technology blogs out there sucking on Google's teat claiming this feature is the best thing since sliced bread!

If you are unfamiliar with WiFi Assistant, the idea is that it will automatically connect you to known un-secure public WiFi networks when you are in range, which will lower your cell phone data usage. At the same time, all of your traffic is routed through Google's private VPN network so your internet browsing is secure. How cool is that?

Well, if you look back in time to Snowden's PRISM leak, you might recall that Google is not to be trusted. With this feature, pretty much anytime you are near a public network, Google will now proxy your data through their network and can now snoop on all of your traffic!

I began getting suspicious when I was browsing to sites like Start Page from my Google Pixel, and the HTTPS icon in the browser was turned red. When I inspected the certificate, it was coming up as a Google issued certificate, but it didn't match the site I was going to. That seems to be working the same way a Fortigate firewall handles DLP, by acting as a man-in-the-middle and presenting it's own SSL certificate so it can decrypt the traffic, inspect it, and send it back on it's way.

That tells me, that Google is not really protecting your traffic, they are snooping on it. If the deal the NSA/CIA had with Google for PRISM are still active, then by proxy the NSA/CIA are probably snooping on your encrypted traffic as well.

To turn this feature off on your phone, at least on the Google Pixel do the following:

  • Go to Settings > Google > Networking
  • Disable WiFi Assistant

Maybe I'm just paranoid, but I really think you would be better off just not connecting to random open hotspots, and if you do, make sure the sites you visit are using SSL/TLS correctly. If you are browsing to a site that has a good implementation of SSL/TLS, then you don't need Google's bullshit CIA/NSA front VPN to make sure that traffic is secure.

You can check how well a site has TLS implemented by using SSL Labs.

If you are still worried about surfing anonymously on your phone using public WiFi, then you should probably use a VPN service like Torrent Privacy or even use Orbot (Tor for Android). Whatever you do, just don't trust Google...

What do you think about this? Let us know in the comments!

Jul 11, 2017

Did the cryptocoin bubble burst?

I mentioned a little while back that you can still get into cryptocoin/cryptocurrency mining by using MinerGate, and mining alternative coins. The question now is, should you hold off on mining for a while?

Back when I wrote that, Bitcoin and Ethereum, two of the biggest cryptocoins available were at all time highs! People who got in at the ground level, and left their money in saw incredible returns and probably ended up as millionaires! It now looks like that bubble might be bursting.

I'm no expert of course, but looking at these charts from Coinbase, certainly doesn't look good to me!

This is Bitcoin's loss since last month:


This is Ethereum's loss since last month:




Litecoin has gone up a little since last month:


However, Litecoin has dropped since last week:



Again, I'm no expert, but it seems that if you haven't already been on the cryptocoin boom boat, chances are you've missed it. If you are looking to get into cryptocoin investing, you may want to wait until after the market bottoms out first, and buy when it's really cheap.

What do you think about this? Are you a financial expert? Do you agree? Do you think that these numbers are nothing to be concerned about? Let us know in the comments.

Jul 9, 2017

Goodbye Photobucket! Hello Imgur!

Some of you may not have realized it. I mean, I just learned of it myself a few days ago, but if you host any of your images on the legendary image hosting site, Photobucket, chances are your web pages are all messed up right now! That is because Photobucket is no longer allowing free accounts to embed images on third party websites!

From The Register:
Photobucket is cracking down on people embedding on third-party websites images it hosts, until now, for free. 
The photo-slinging internet elder now says that anyone who wants to use its service to display photos it hosts on other pages – such as signature banners in forum posts – will now need to open up their wallets and plop down $399.99 a year for a subscription plan. 
The new policy will be particularly annoying to longtime users who have relied on Photobucket's 14-year-old service to host the images they use to place images on forums or in blog posts. 
Cheaper plans, including the free account option, will no longer have an option to allow third-party hosting.

If you have visited Bauer-Power, or my other blog Bauer vs Wild in the past view days, you have seen this annoying image plastered all over the place!



Of course the image above doesn't tell you that in order to get third party image hosting working again, you need to fork over $400! That is completely ridiculous, especially for private bloggers like me. I don't even make $400 a year with this little hobby. There is no way I'm going to pay that just to host images.

If they had said they wanted $20 per year, I might have considered it, but $400? They can shove their service up their ass! I'm not going to pay that!

I've decided to move the small amount of pictures I was hotlinking from Photobucket over to Imgur. Now my site doesn't look like complete shit! If you are looking for an alternative to Photobucket, you should check out Imgur too. You can even login with your Facebook, Twitter, Google or Yahoo accounts!

Besides just having really cool free image hosting, Imgur is also a pretty fun community to be a part of, where people share news stories, memes, jokes and all sorts of stuff. Here is a little history on Imgur from their About Page:
Imgur was founded in 2009 by Alan Schaaf in his Ohio University dorm room as a simple, no-limits platform to share images online. 
With the launch of the homepage gallery, Imgur gave its community the power to refine its many images into a showcase of the freshest, most interesting and popular images on the web. These images can be hilarious, cute, inspiring and informative. From stories of personal transformation to current events, pop culture, memes and more, Imgur has an image for everyone. Of course, there are plenty of cute puppies, too. 
Each month, images on Imgur are viewed across the Internet billions of times. It is currently ranked one of the top 50 largest websites worldwide.
Some people have complained about not being able to get their images off of Photobucket. I didn't have an issue myself. When I clicked on my images within Photobucket, it was replaced with the above disabled 3rd party hosting image. However, when I pasted the direct link URL for the image in the browser, the original picture shows up, and I was able to right click on it and download it. From there I could upload it to Imgur.

Suck it Photobucket!



Did you get screwed over by Photobucket's business decision too? Did you switch to a new image hosting service? If so, which one? Let us know in the comments!


Jul 7, 2017

Coming Soon: FREE Wildcard SSL Certificates!

I was just made aware of some really awesome news for those of you that value your online privacy! I wrote in the past about free named SSL certificates from StartCom. That was pretty cool, and I have used plenty of their free SSL certificates, but another group is about to "one up" them!

Let's Encrypt announced that they will begin offering FREE wildcard SSL certificates starting in January of 2018!

From their press release:
Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS. 
Let’s Encrypt is currently securing 47 million domains via our fully automated DV certificate issuance and management API. This has contributed heavily to the Web going from 40% to 58% encrypted page loads since Let’s Encrypt’s service became available in December 2015. If you’re excited about wildcard availability and our mission to get to a 100% encrypted Web, we ask that you contribute to our summer fundraising campaign
A wildcard certificate can secure any number of subdomains of a base domain (e.g. *.example.com). This allows administrators to use a single certificate and key pair for a domain and all of its subdomains, which can make HTTPS deployment significantly easier.

This is kind of a big deal. If you want to secure more than one website or service with TLS/SSL then getting a bunch of named certificates can be a pain to manage. Plus, many certificate authorities charge a pretty penny for wildcard certificates, so it prices many small businesses and groups out of the encryption market!

Having a non-profit group, like Let's Encrypt, issuing free wildcard SSL certificates encourages more people to use encryption, and makes it easy!

What do you think about this? Are you going to give Let's Encrypt a shot? Let us know in the comments!

Jun 26, 2017

Match Head Rocket Science Experiment with Brizzle Fo' Shizzle



The above video is from my son Brayden, aka Brizzle's new Youtube channel called, "The Adventures of Brizzle Fo' Shizzle!"


In this episode, Brizzle, his sister Kizzle, his Grandpa and I try a science experiment! A match head rocket experiment! Will it launch into outer space? Will it simply explode? Will it fizzle out in a puff of smoke? Watch and find out!

Jun 8, 2017

What is SNI?

I felt like writing this post because I deal with this question quite a bit at my company. What is SNI? Well, in short, SNI is an acronym that stands for Server Name Indicator, or Server Name Indication. Wikipedia describes it as:
Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted, so an eavesdropper can see which site is being requested.
In a shorter, more concise explanation, SNI lets us bind multiple SSL certificates to one IP address. In the past, we used to have to bind an SSL certificate to a single IP address, and any additional SSL certificates would require their own IP address.

This is a real problem when you can see that IPv4 is running out of addresses! It also became a problem if you wanted to host multiple websites on a single web server. One web server might need eight or nine IP addresses to server up eight or nine different websites!

The reason I get asked about this a lot is we have several clients whose applications don't support SNI, and when they try to connect to our API that requires SNI, they get some sort of SSL error. We have a workaround for those clients, but I still find myself having to explain this to many of the people I work with (Often several times over).

The reason the clients that don't support SNI get SSL errors is that their application isn't smart enough to tell the web server which website they are trying to connect to by using the hostname at the start of the handshake process. Because they can't tell the web server which site they are trying to connect to, they are presented with whatever is the default certificate, which doesn't match the hostname, so they get a handshake error.

I see this a lot with Java based applications, but occasionally I see this with custom .Net applications as well. I guess this depends on if the developers have taken into account SNI or not.

I also see this a lot with DataPower/WebSphere clients, but DataPower can be configured for SNI. Check out this video:




All modern browsers support SNI, and in my opinion, all modern applications should too. If your application does not support it, then I would suggest lighting a fire under your development team's collective ass, and have them update your application to support it!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam