May 31, 2017

mdadm: /etc/mdadm/mdadm.conf defines no arrays.

One of the most annoying things about Ubuntu 16.04 LTS server edition is that every time you go to run updates, you almost inevitably get hit with this message:
mdadm: /etc/mdadm/mdadm.conf defines no arrays.
It turns out that this message is completely benign and you can ignore it, but that doesn't make it any less annoying right? Hopefully they get that worked out in Ubuntu 18.04 LTS next year. Until then, there is a quick way to fix it.

Just open /etc/mdadm/mdadm.conf with your favorite text editor and add the following lines at the bottom.
ARRAY devices=/dev/sda
Save the file, and that's it. No more stupid error.

If you didn't know, mdadm is the Linux software RAID software. If you are running Ubuntu in a VM though, chances are it is not going to have a software RAID to manage.
[H/T Ask Ubuntu]

May 28, 2017

Get into cryptocurrency mining the easy way with MinerGate!

You may be asking what is cryptocurrency. Well, Wikipedia describes it as:
A digital asset designed to work as a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. Cryptocurrencies are a subset of alternative currencies, or specifically of digital currencies.
Bitcoin was the first one out, and if you didn't know, as of the time of this writing Coinbase is reporting that 1 Bitcoin is currently worth $2,277.22! That's a lot of money, and it's value has only gone up over the last few years.

If you are unfamiliar with Bitcoin, I made this Tech Chop video a few years ago to talk about it:



So now you get the idea right? Well, Bitcoin isn't the only name in the cryptocurrency game. There are tons of other ones like Monero, Litecoin, FantomCoin etc. Almost too many to count. The problem with Bitcoin, even though it's the most mainstream of them is that mining it has really lost it's profitability. In the early days it was fairly easy to mine Bitcoins, and therefore the guys that got in early have made a ton of money by now, but that ship has sailed. That being said, since there are other cryptocurrencies, those of us late to the game still have a chance!

Introducing MinerGate!

From their page:
MinerGate is a mining pool created by a group of cryptocoin enthusiasts.

It is the first pool which provides service for merged mining. This means that while mining on our pool you can mine different coins simultaniously without decrease of hashrate for major coin
With MinerGate, you can easily mine other types of cryptocurrencies and transfer them to a digital wallet that you can use to cash out to dollars, or exchange for other cryptocurrencies like Bitcoin.

A great free online wallet, that supports many cryptocurrencies that I recommend is Cryptonator. Cryptonator also lets you easily trade between currencies. If you are in Europe, it's also good to cash out to fiat currency like Euros.

If you are in America, I recommend converting your alternative cryptocurrencies to Bitcoin or Litecoin with Cryptonator, then transfer that to your free Coinbase account when you are ready to withdraw your money to dollars. I say that because a lot of foreign Bitcoin exchanges don't play well with American banks, but Coinbase does!

If you are new to cryptocurrency/cryptocoin and want to try out mining and see if it's right for you, then in my opinion there is no easier way of doing it than with MinerGate.

For those of you that have been doing this for a while, what other mining tools or programs do you recommend? Do you use MinerGate yourself? Do you like it? Let us know in the comments.

[EDIT] I found that it's actually easier to transfer your mined currency from MinerGate directly to your Coinbase account using Changelly! With Changelly, you can transfer any type of supported crypto-coin directly to any other type of crypto-coin. For instance, I just transferred my XMR (Monero) to my Litecoin wallet on Coinbase! Boom! Easy!

May 26, 2017

A Zenoss error has occurred



I had a bit of a scare the other day after a simple reboot of my Zenoss 4.2.4 monitoring server. When the Zenoss server came back up, I went to login like usual and I received the dreaded "A Zenoss error has occurred" message! Below it was the following:
Type: <type 'exceptions.KeyError'>
Value: 1495826580
Traceback (most recent call last):
File "/usr/local/zenoss/lib/python/ZPublisher/Publish.py", line 126, in publish
request, bind=1)
File "/usr/local/zenoss/lib/python/ZPublisher/mapply.py", line 77, in mapply
if debug is not None: return debug(object,args,context)
File "/usr/local/zenoss/lib/python/ZPublisher/Publish.py", line 46, in call_object
result=apply(object,args) # Type s<cr> to step into published object.
File "/usr/local/zenoss/Products/ZenUtils/patches/pasmonkey.py", line 153, in login
pas_instance.updateCredentials(request, response, login, password)
File "/usr/local/zenoss/lib/python/Products/PluggableAuthService/PluggableAuthService.py", line 1100, in updateCredentials
updater.updateCredentials(request, response, login, new_password)
File "/usr/local/zenoss/lib/python/Products/PluggableAuthService/plugins/SessionAuthHelper.py", line 102, in updateCredentials
request.SESSION.set('__ac_name', login)
File "/usr/local/zenoss/lib/python/ZPublisher/HTTPRequest.py", line 1379, in __getattr__
v = self.get(key, default, returnTaints=returnTaints)
File "/usr/local/zenoss/lib/python/ZPublisher/HTTPRequest.py", line 1336, in get
v = v()
File "/usr/local/zenoss/lib/python/Products/Sessions/SessionDataManager.py", line 101, in getSessionData
return self._getSessionDataObject(key)
File "/usr/local/zenoss/lib/python/Products/Sessions/SessionDataManager.py", line 188, in _getSessionDataObject
ob = container.new_or_existing(key)
File "/usr/local/zenoss/lib/python/Products/Transience/Transience.py", line 842, in new_or_existing
self[key] = item
File "/usr/local/zenoss/lib/python/Products/Transience/Transience.py", line 454, in __setitem__
current_bucket = self._data[current_ts]
KeyError: 1495826580
Doesn't look pretty does it? Everything seemed to be working still, I was still getting alert emails, but I could not login to the user interface to save my life!

Well, I found a solution in an archived community support thread. To fix it I did the following to fix it by SSH'ing into the Zenoss server:
  • su zenoss
  • zendmd
  • from Products.ZenUtils.Security import activateCookieBasedAuthentication
  • activateCookieBasedAuthentication(zport)
  • activateCookieBasedAuthentication(app)
  • commit()
  • zport.acl_users._delObject('sessionAuthHelper')
  • app.acl_users._delObject('sessionAuthHelper')
  • commit()
  • exit()
  • zopectl restart
After that, I was able to login fine! Each of the above are one line commands in the terminal. 

I hope it helps you out!

May 19, 2017

Don't panic! New exploits and malware are released every day!

I work in an industry where security is kind of a big deal. Without getting into specifics, or naming company names, we'll just say that the companies I work with a lot are in the financial sector. Because of that, I've found that their security is pretty damned hard core, and their vendor risk assessment crews are even more hard core.

Knowing all that, you can probably assume that I get a lot of risk assessment questionnaires asking about the company I work for and our security practices. On top of their annual, or semi-annual risk assessments whenever news breaks out of some fancy new malware, their pucker factor goes up exponentially and I get bombarded with questions asking about what we're doing about it.

Although I completely understand where they are coming from, the truth is in the world of network security, threats like this are always out there. There are always viruses, Trojans, worms and other nasty things hackers are trying to do to cause chaos, damage systems, steal information or to steal money. The difference with these cases is that they are famous and they've made the news cycle.

This latest crazy threat that has everyone in a tizzy is WannaCry(Or WCry, or Wanna Decryptor). If you have been living under a rock, it's your typical ransomware that encrypts all your files and asks you to pay a ransom to have your files unlocked. In reality, it's no different than CryptoLocker that came out in 2013. One might argue that the difference is how it was spread using a vulnerability that the NSA had been using for years.

Guess what folks, I have news for you. Shit like this comes out every day. In fact, WikiLeaks has been leaking all of the CIA's exploits  for the past few months. The Hacker News reported yesterday that two of the CIA's tools affect all versions of Windows! WannaCry only affected Windows 2008 and below! Get ready for an epic shitstorm of hacks now that the United State's Government's secrets are all over the web!

Long story short, DON'T PANIC! Stuff like this happens every day. The best thing you can do is prepare for it. Keep your systems patched, make sure your antivirus/anti-malware is up to date, use firewalls, beware of phishing scams, and make sure you have reliable backups! You know, all the recommended security shit you are supposed to do, and not be lazy about! If you maintain a decent security posture, you can prevent a lot of this sort of thing, or be able to mitigate against it should you be affected.

Do you agree? Disagree? Let us know in the comments.


May 18, 2017

Goodbye ExtraTorrent! Hello Zooqle!

Yesterday I posted that ExtraTorrent was closing up shop. In that post I mentioned a possible mirror, but that turned out to not be real. None of the download links worked. ExtraTorrent really is gone apparently.

That being said, if you like to torrent stuff, there are some alternative sites out there. Not all of them have RSS capabilities though. Well, I found one that does offer RSS! It's called Zooqle!



My only gripe with Zooqle is that they make you register. It's not that big of deal, but I recommend that if you register with any Torrent site, you do so while connected to a VPN connection. I also recommend NOT using your personal email address, and use one dedicated to Torrenting that also uses encryption like ProtonMail!

One thing I certainly do love about Zooqle, besides its RSS support, is the lack of intrusive advertising. One of my biggest problems with ExtraTorrent were their annoying redirect ads and pop-under ads. I respect having ads on your website. For many sites, that's their only source of revenue. I just had intrusive ads!

Now that ExtraTorrent is gone, which site or sites do you use? What alternatives do you recommend? let us know in the comments!


May 17, 2017

ExtraTorrent is down for good... Or are they?

Earlier today, TorrentFreak broke with the news that the famous BitTorrent site, ExtraTorrent was shutting down operations including all mirror sites.

From TorrentFreak:
Popular torrent site ExtraTorrent has permanently shut down. The abrupt decision was announced a few minutes ago in a brief message posted on the site's homepage. This means that after the demise of KickassTorrents and Torrentz.eu, the torrent community must say farewell to another major player. 
In a surprise move, ExtraTorrent decided to shut down today, for good.
Users who access the site’s homepage are welcomed by a short but clear message, indicating that the popular torrent index will not return (the message appears intermittently).
 
“ExtraTorrent has shut down permanently.” 
“ExtraTorrent with all mirrors goes offline.. We permanently erase all data. Stay away from fake ExtraTorrent websites and clones. Thx to all ET supporters and torrent community. ET was a place to be….” 
TorrentFreak reached out to ExtraTorrent operator SaM who confirmed that this is indeed the end of the road for the site.
If you browse to ExtraTorrent.com or any of their mirrors, you see a page like this:


Not long ago though, this message popped up on the ExtraTorrent Facebook page leaving many of their followers confused:


If you browse to the link that is circled in red above, it takes you to ExtraTorrent.cl which appears to be a live mirror. i haven't tried any of the downloads though.

So are they down or not? Is this just some kind of ruse to stop people from trying to DDoS their servers? If you have the goods, and know what's going on, let us know in the comments!

[EDIT] It looks like they really are gone. The site mentioned above is a fake mirror and the links don't work. If you are looking for an ExtraTorrent alternative, you should check out our post on Zooqle.

May 9, 2017

US Government Recently Passed New Pirate Watch List

With the new Trump administration comes an increase in the crackdown of online piracy, and with that the Office of the US Trade Representative has published its annual piracy watch list, also known as the Special 301 Report. In this 81 page report, around two dozen countries are listed has hotbeds for online piracy.

From ExtraTorrent:
The Office of the US Trade Representative has published its yearly piracy watchlist officially named Special 301 Report. The document highlights countries failing to comply with the copyright protection standards of the United States. Apparently, the enforcement of IP rights is a priority for the Trump administration. In the report, Canada and Switzerland are listed among the two dozen of other countries. 
USTR publishes its report listing countries that aren’t doing enough to protect US intellectual property rights every year. The latest report is the first under the administration of President Trump, but slightly differs from Obama’s: China, Russia, Ukraine and India are major threats, while even Canada and Switzerland remain in the list.
Switzerland is a popular country to host pirate related websites due to their Logistep Decision.That decision was a ruling from the Swiss Federal Supreme Court that prohibits companies from harvesting IP addresses of file-sharers because the Swiss Federal Supreme Court views IP addresses as private data.

May 4, 2017

I've switched from BitLocker to VeraCrypt for full disk encryption because SCREW MICROSOFT!

"Damn!" you are probably saying to yourself, "That's a pretty harsh title to a blog post." Yeah, I suppose you are right. Still though, it's pretty accurate. I'm not really a fan of Microsoft at all, and whenever possible I really like to use alternatives. In the case of drive encryption though, I think it just makes sense from a security perspective.

Allow me to explain, you see it was only a few years ago that Edward Snowden leaked information about the NSA's PRISM program. One of the interesting things that came with that leak was that the NSA was working with companies like Microsoft and Google to bypass security built into their platforms so they could illegally access users data. Backdoors if you will. 

So now that we know this information, how can we actually trust anything that Microsoft puts their name on to truly secure our data? Sure, it's probably safe from the average hacker, but it's certainly not safe from Big Brother!

That's why I've opted to ditch BitLocker, and go with the open source alternative of VeraCrypt. Besides, even if BitLocker is safe from Big Brother, I still feel that VeraCrypt is probably more secure because of it's PIM feature. That's just my opinion though.

The only drawback I see from this change is that VeraCrypt's boot time is slightly longer, but that is tolerable in my opinion.

What do you think about this? Let me know in the comments.

May 2, 2017

Why haven't we found aliens yet? (Infographic)

Have you ever wondered why we haven't found conclusive evidence of aliens yet? Well, this infographic hopes to shed some light on that question. Check it out!


[Mobile users: click the image to view]


[H/T Imgur]

May 1, 2017

I've replaced TrueCrypt with VeraCrypt on my VPS

A couple of days ago on Saturday I talked about VeraCrypt being the only real alternative to TrueCrypt, I also mentioned that I was still using TrueCrypt on my Linux VPS private email server. Well, after writing that post I wanted to see if VeraCrypt could mount a TrueCrypt volume, and it turns out it can!

So I went ahead and installed VeraCrypt on my VPS. The setup is almost identical to the TrueCrypt CLI version. After the install, I changed my mount scripts from:

truecrypt --mount /secret/secret.tc /var/vmail

To
veracrypt --truecrypt --mount /secret/secret.tc /var/vmail

Boom! Easy peasy lemon squeezy!

According to VeraCrypt, you can convert an existing TrueCrypt volume by performing any of these functions, but you must select TrueCrypt mode to do it:

  • Change Volume Password
  • Set Header Key Derivation Algorithm
  • Add/Remove key files
  • Remove all key files

I haven't tried it yet, but changing the password and or key files to convert it to a VeraCrypt volume via the terminal version should be as simple as running the following on your original TrueCrypt volume while it's dismounted:

veracrypt --truecrypt -C tc-volume.tc
Not wanting to risk corrupting all of my emails, I think I will hold off on doing that until I'm ready to change my password again, and I'll make sure I have a good backup first! Still though, even if it doesn't work, at least I can mount that volume now with VeraCrypt!

Edit: I've verified that the above command does in fact work to change the password and upgrade your TrueCrypt volume to the new VeraCrypt format via the cli/terminal! If you were wondering how to upgrade a TrueCrypt voume to a VeraCrypt volume via command line, there you go!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam