Aug 7, 2017

How to turn off Android's WiFi Assistant/Google's VPN

You might be asking yourself, why would you want to do this. I mean there are countless technology blogs out there sucking on Google's teat claiming this feature is the best thing since sliced bread!

If you are unfamiliar with WiFi Assistant, the idea is that it will automatically connect you to known un-secure public WiFi networks when you are in range, which will lower your cell phone data usage. At the same time, all of your traffic is routed through Google's private VPN network so your internet browsing is secure. How cool is that?

Well, if you look back in time to Snowden's PRISM leak, you might recall that Google is not to be trusted. With this feature, pretty much anytime you are near a public network, Google will now proxy your data through their network and can now snoop on all of your traffic!

I began getting suspicious when I was browsing to sites like Start Page from my Google Pixel, and the HTTPS icon in the browser was turned red. When I inspected the certificate, it was coming up as a Google issued certificate, but it didn't match the site I was going to. That seems to be working the same way a Fortigate firewall handles DLP, by acting as a man-in-the-middle and presenting it's own SSL certificate so it can decrypt the traffic, inspect it, and send it back on it's way.

That tells me, that Google is not really protecting your traffic, they are snooping on it. If the deal the NSA/CIA had with Google for PRISM are still active, then by proxy the NSA/CIA are probably snooping on your encrypted traffic as well.

To turn this feature off on your phone, at least on the Google Pixel do the following:

  • Go to Settings > Google > Networking
  • Disable WiFi Assistant

Maybe I'm just paranoid, but I really think you would be better off just not connecting to random open hotspots, and if you do, make sure the sites you visit are using SSL/TLS correctly. If you are browsing to a site that has a good implementation of SSL/TLS, then you don't need Google's bullshit CIA/NSA front VPN to make sure that traffic is secure.

You can check how well a site has TLS implemented by using SSL Labs.

If you are still worried about surfing anonymously on your phone using public WiFi, then you should probably use a VPN service like Torrent Privacy or even use Orbot (Tor for Android). Whatever you do, just don't trust Google...

What do you think about this? Let us know in the comments!

Jul 11, 2017

Did the cryptocoin bubble burst?

I mentioned a little while back that you can still get into cryptocoin/cryptocurrency mining by using MinerGate, and mining alternative coins. The question now is, should you hold off on mining for a while?

Back when I wrote that, Bitcoin and Ethereum, two of the biggest cryptocoins available were at all time highs! People who got in at the ground level, and left their money in saw incredible returns and probably ended up as millionaires! It now looks like that bubble might be bursting.

I'm no expert of course, but looking at these charts from Coinbase, certainly doesn't look good to me!

This is Bitcoin's loss since last month:

This is Ethereum's loss since last month:

Litecoin has gone up a little since last month:

However, Litecoin has dropped since last week:

Again, I'm no expert, but it seems that if you haven't already been on the cryptocoin boom boat, chances are you've missed it. If you are looking to get into cryptocoin investing, you may want to wait until after the market bottoms out first, and buy when it's really cheap.

What do you think about this? Are you a financial expert? Do you agree? Do you think that these numbers are nothing to be concerned about? Let us know in the comments.

Jul 9, 2017

Goodbye Photobucket! Hello Imgur!

Some of you may not have realized it. I mean, I just learned of it myself a few days ago, but if you host any of your images on the legendary image hosting site, Photobucket, chances are your web pages are all messed up right now! That is because Photobucket is no longer allowing free accounts to embed images on third party websites!

From The Register:
Photobucket is cracking down on people embedding on third-party websites images it hosts, until now, for free. 
The photo-slinging internet elder now says that anyone who wants to use its service to display photos it hosts on other pages – such as signature banners in forum posts – will now need to open up their wallets and plop down $399.99 a year for a subscription plan. 
The new policy will be particularly annoying to longtime users who have relied on Photobucket's 14-year-old service to host the images they use to place images on forums or in blog posts. 
Cheaper plans, including the free account option, will no longer have an option to allow third-party hosting.

If you have visited Bauer-Power, or my other blog Bauer vs Wild in the past view days, you have seen this annoying image plastered all over the place!

Of course the image above doesn't tell you that in order to get third party image hosting working again, you need to fork over $400! That is completely ridiculous, especially for private bloggers like me. I don't even make $400 a year with this little hobby. There is no way I'm going to pay that just to host images.

If they had said they wanted $20 per year, I might have considered it, but $400? They can shove their service up their ass! I'm not going to pay that!

I've decided to move the small amount of pictures I was hotlinking from Photobucket over to Imgur. Now my site doesn't look like complete shit! If you are looking for an alternative to Photobucket, you should check out Imgur too. You can even login with your Facebook, Twitter, Google or Yahoo accounts!

Besides just having really cool free image hosting, Imgur is also a pretty fun community to be a part of, where people share news stories, memes, jokes and all sorts of stuff. Here is a little history on Imgur from their About Page:
Imgur was founded in 2009 by Alan Schaaf in his Ohio University dorm room as a simple, no-limits platform to share images online. 
With the launch of the homepage gallery, Imgur gave its community the power to refine its many images into a showcase of the freshest, most interesting and popular images on the web. These images can be hilarious, cute, inspiring and informative. From stories of personal transformation to current events, pop culture, memes and more, Imgur has an image for everyone. Of course, there are plenty of cute puppies, too. 
Each month, images on Imgur are viewed across the Internet billions of times. It is currently ranked one of the top 50 largest websites worldwide.
Some people have complained about not being able to get their images off of Photobucket. I didn't have an issue myself. When I clicked on my images within Photobucket, it was replaced with the above disabled 3rd party hosting image. However, when I pasted the direct link URL for the image in the browser, the original picture shows up, and I was able to right click on it and download it. From there I could upload it to Imgur.

Suck it Photobucket!

Did you get screwed over by Photobucket's business decision too? Did you switch to a new image hosting service? If so, which one? Let us know in the comments!

Jul 7, 2017

Coming Soon: FREE Wildcard SSL Certificates!

I was just made aware of some really awesome news for those of you that value your online privacy! I wrote in the past about free named SSL certificates from StartCom. That was pretty cool, and I have used plenty of their free SSL certificates, but another group is about to "one up" them!

Let's Encrypt announced that they will begin offering FREE wildcard SSL certificates starting in January of 2018!

From their press release:
Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS. 
Let’s Encrypt is currently securing 47 million domains via our fully automated DV certificate issuance and management API. This has contributed heavily to the Web going from 40% to 58% encrypted page loads since Let’s Encrypt’s service became available in December 2015. If you’re excited about wildcard availability and our mission to get to a 100% encrypted Web, we ask that you contribute to our summer fundraising campaign
A wildcard certificate can secure any number of subdomains of a base domain (e.g. * This allows administrators to use a single certificate and key pair for a domain and all of its subdomains, which can make HTTPS deployment significantly easier.

This is kind of a big deal. If you want to secure more than one website or service with TLS/SSL then getting a bunch of named certificates can be a pain to manage. Plus, many certificate authorities charge a pretty penny for wildcard certificates, so it prices many small businesses and groups out of the encryption market!

Having a non-profit group, like Let's Encrypt, issuing free wildcard SSL certificates encourages more people to use encryption, and makes it easy!

What do you think about this? Are you going to give Let's Encrypt a shot? Let us know in the comments!

Jun 26, 2017

Match Head Rocket Science Experiment with Brizzle Fo' Shizzle

The above video is from my son Brayden, aka Brizzle's new Youtube channel called, "The Adventures of Brizzle Fo' Shizzle!"

In this episode, Brizzle, his sister Kizzle, his Grandpa and I try a science experiment! A match head rocket experiment! Will it launch into outer space? Will it simply explode? Will it fizzle out in a puff of smoke? Watch and find out!

Jun 8, 2017

What is SNI?

I felt like writing this post because I deal with this question quite a bit at my company. What is SNI? Well, in short, SNI is an acronym that stands for Server Name Indicator, or Server Name Indication. Wikipedia describes it as:
Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted, so an eavesdropper can see which site is being requested.
In a shorter, more concise explanation, SNI lets us bind multiple SSL certificates to one IP address. In the past, we used to have to bind an SSL certificate to a single IP address, and any additional SSL certificates would require their own IP address.

This is a real problem when you can see that IPv4 is running out of addresses! It also became a problem if you wanted to host multiple websites on a single web server. One web server might need eight or nine IP addresses to server up eight or nine different websites!

The reason I get asked about this a lot is we have several clients whose applications don't support SNI, and when they try to connect to our API that requires SNI, they get some sort of SSL error. We have a workaround for those clients, but I still find myself having to explain this to many of the people I work with (Often several times over).

The reason the clients that don't support SNI get SSL errors is that their application isn't smart enough to tell the web server which website they are trying to connect to by using the hostname at the start of the handshake process. Because they can't tell the web server which site they are trying to connect to, they are presented with whatever is the default certificate, which doesn't match the hostname, so they get a handshake error.

I see this a lot with Java based applications, but occasionally I see this with custom .Net applications as well. I guess this depends on if the developers have taken into account SNI or not.

I also see this a lot with DataPower/WebSphere clients, but DataPower can be configured for SNI. Check out this video:

All modern browsers support SNI, and in my opinion, all modern applications should too. If your application does not support it, then I would suggest lighting a fire under your development team's collective ass, and have them update your application to support it!

Jun 7, 2017

How To Get Rid of Boxelder Bugs... Seriously!

This isn't really technology, computer or software related, but I thought I'd share this with you anyway since it is something that has literally been "bugging" me for the last two years. That is that I've had a huge issue with Boxelder bugs all over the front of my house! They weren't there when I moved in three years ago, but they took up residence last year and never left apparently!

Looking on YouTube, I found this video that tells you to use liquid dish soap and water on your siding because the Boxelder don't like it apparently:

Well, this technique did get them off the siding, it did NOT get them off my sidewalks or bushes around the front of my house. It did not solve the problem!

Well, today I had enough and decided to get something that would solve the problem. I bought some Spectracide HG-95830 Triazicide Insect Killer for Lawns & Landscapes Concentrate, Ready-to-Spray and attached that sumbitch to my garden hose!

I let loose a torrent of water and death all over the front of my house, on my sidewalks and in the plants around the front of of my house. Hordes of Boxelder bugs were covered in the Triazicide spray and slowly met their inevitable doom!

The ready to spray version is the best in my opinion because it hooks to your garden hose and allows you to spray a large area quickly.

The Spectracide website even lists Triazicide as one of their solutions to kill Boxelder bugs! Boom! Suck on that you nasty bugs!

If you have Boxelder bugs all over the front of your house, ditch the dish soap, grab a hose and hook up a bottle of Triazicide to it and unleash hell! You can thank me later!

May 31, 2017

mdadm: /etc/mdadm/mdadm.conf defines no arrays.

One of the most annoying things about Ubuntu 16.04 LTS server edition is that every time you go to run updates, you almost inevitably get hit with this message:
mdadm: /etc/mdadm/mdadm.conf defines no arrays.
It turns out that this message is completely benign and you can ignore it, but that doesn't make it any less annoying right? Hopefully they get that worked out in Ubuntu 18.04 LTS next year. Until then, there is a quick way to fix it.

Just open /etc/mdadm/mdadm.conf with your favorite text editor and add the following lines at the bottom.
ARRAY devices=/dev/sda
Save the file, and that's it. No more stupid error.

If you didn't know, mdadm is the Linux software RAID software. If you are running Ubuntu in a VM though, chances are it is not going to have a software RAID to manage.
[H/T Ask Ubuntu]

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam