www.jonsDocs.org.uk


Jonathan's blog

A blog about Jonathan's life and "stuff".

Gnome wallpaper change script

On Mon 5th May 2014, 14:12 Jonathan says:

Boudiccas, a friend of mine from IRC runs a blog titled A taste of Linux and published a script to automatically change the background wallpaper of her desktop environment every x minutes. This is a feature I quite appreciate on Windows but that hasn't been reproduced in Gnome3 as yet (to be fair, the wallpaper handling in Gnome3 is pretty poor generally).

In the interests of playing fair and being open source, I took Boudiccas' published script and adjusted it to work with Gnome3. This seems to work quite well.

You can get a copy of my script on my wiki

Boudiccas' original script can be found here.

Tags: geek,tech,      View/Add comments

MSc app coming along

On Sun 4th May 2014, 14:52 Jonathan says:

As part of the final stage of my MSc I'm producing an Android app and it's coming together quite nicely. The app needs to be able to receive a list of servers, display their states and then send an instruction (e.g. reboot). Data transfer needs to be encrypted to ensure any prying eyes don't work out how to remotely reboot servers.

Android's quite nice to work with in a number of ways, not least because throwing a GUI together takes very little time. The preferences screen took me all of 5 minutes to produce (the code to make it work a bit longer) and a change to a line of text is very simple to do as strings are (largely) abstracted from the code itself making it easy to make corrections.

Preferences screen List of servers and their states

Tags: tech,      View/Add comments

Rebuiling vs cleaning infected computers

On Fri 21st February 2014, 10:41 Jonathan says:

Malware and malicious code are common problems to computer users. From basic but annoying pop up adware to nation-state funded, complex attacks (a la Stuxnet) the problem exists for users of all ages, races and platform. There's no safe haven anywhere (albeit Windows is more targeted than the other OSes) unless you want your computer off the grid with all your USB and storage connectors disabled.

When an infection is discovered the problem of what to do next begins. A simple infection like a fake antivirus application / scareware might take 15 minutes to clean by hand (I've become quite used to neutering these) but there's no guarantee the whole infection is really gone. Throw a root kit in there, which you might never find, and you're even more under threat (although you probably don't know it). It's easy to say "just rebuild the machine" but there's time associated with that - first install the OS, then the applications, copy the user data from backup (you have a backup right?!) and configure the environment how you like it. All of that can take time and it's the reason people don't rebuild after every "minor" infection.

Would I? Probably not, depending on how confident I was that I'd really killed the thing (and even then I'd never say it was definitely gone).

I was aware of a computer recently which became infected with something. It wasn't immediately apparent what had gone on and the user was only aware when they attempted to use their Internet banking to later discover a fraudulent payment had been attempted. The machine was cleaned (not by me) and the results of the scan said a key logger and various trojans had been found. There may have been a root kit too.

Hold on - key logger?

Yeah, key logger. Now, I don't know about you but the idea that someone can see every keystroke I enter is somewhat terrifying. I'm not exactly finding a need to hide a government secret or a hidden lover but I still don't want my privacy invaded by someone thousands of miles away. I'd have rebuilt that computer at the sight of the term "key logger". The total count of infections was much higher than just what I've listed here.

Instead the computer was cleaned and given back to the user. A few days later the user reports odd behaviour again and the machine was erased and started again.

It's a difficult decision when you're a business. A cleanup might only take a couple of hours (at £90 an hour) so could be considered a reasonable spend if the infections can be proved to be removed. Clearly they can't always (do you take a hash of all the OS files on your computer every hour?) so that's still a risk. Conversely, rebuilding the unit from scratch could take half a day (4 hours, maybe) but at least you know the infection is gone.

Where am I going with this? This isn't a rant (although I was surprised at the decision the IT professional in this case took) but aims to make you think. How much do you value your data? Is it really worth the risk the infection is still there? Where finance is concerned I'd argue starting again was the best approach.

That leads on to a whole other topic - backups...

Tags: tech,      View/Add comments

Dancing violinist

On Wed 12th February 2014, 12:30 Jonathan says:

A lot of the music I listen to is influenced by my friends. When I was in secondary school, James and Ben had a lot to do with my choice of music (Feeder, Placebo). Adam joined in (Lacuna Coil, 3 Doors Down) as did Jules (Muse and more recently Ben Folds) to name but a few people and bands.

Adam still influences the music I listen to quite a lot as we're often coding together and that doesn't work so well if you're both wearing headphones. Recently he's introduced me to Lindsey Stirling. a dancing violinist that writes her own stuff as well as performing some covers. I really like her Phantom of the Opera medley, partly because it's nice and long so I can get a lot of the washing up done but also because it's nicely written. Her versions of the Halo theme and Pokemon theme are also pretty catchy.

Aside from spam comments I've not actually had any comments posted lately - have people influenced the music you listen to?

Tags: life,      View/Add comments

Been away a while

On Sat 8th February 2014, 10:09 Jonathan says:

OK, so yet again I've been away a while, I really should get back to some regular posts. I've just been looking over the administration side of this site and removed well over 2,000 spam comments (which fortunately you didn't have the read!) - most came from the 91.200.0.0/16 IP block which might be in the Ukraine. Either way, it shows I need to add some more anti-spam methods to the site. We'll add that to the list of things for the redesign.

Christmas was marred by the passing of my Grandfather, Alf. As Dad said at his funeral, "can't" wasn't in his vocabularly and he's quite right - I don't think I ever saw anything defeat him.

My sister got engaged at the end of December which is fantastic (and much needed good news). Good on you Mark.

I finished January with an event at BCS HQ run by the YPISG for which I'm the treasurer. This was a panel event with attendees invited to pose questions to 4 Information Security professionals and, based on the feedback, the event appears to have been useful. The YPISG website is here.

We're in the process of moving house, into my Grandparents' place, so there's lots of building work to be done. That starts on Monday and there's going to be a lot of changes. Just hope we don't upset the soon to be neighbours!

Tags: home,life,      View/Add comments

Reuse, repair, recycle

On Sun 13th October 2013, 15:24 Jonathan says:

I read an interesting article on the BBC website some time ago that discussed the throw away society will live in and how often something that's "broken" is easily (and cheaply) fixed.

There was a movement in London that aimed to repair or rejuvenate old equipment. People could bring along their faulty goods which would be opened up by volunteers with some experience in fixing things. If a fix could be applied then and there it was, otherwise people could come to the next meeting with any parts.

I've never liked throwing something away because it looked broken. When I was in secondary school I'd patch up a simple cardboard folder for ages, until it really was dead, before replacing it. As a network manager with a minuscule budget I used to hang on to components from failed goods, ready to fix or upgrade the next one that came along (a lot of laptops would come in for a software install and go away with a RAM upgrade, all done from spare parts).

I do the same a home too. I spent yesterday morning using a laptop someone had decided they didn't want me to fix (broken screen) and told me to throw it away. Aside from having a bit of a slow processor, dead battery and the broken screen, there was nothing wrong with the unit. A replacement screen (ebay), bigger harddisk and some RAM I had lying about and the unit performs well. I'll need to buy a battery somewhen but otherwise it's a good unit.

So what am I driving at? We really need to get out of the habbit of just throwing things away. Given people want to save money it seems even more ridiculous that it's "bin & replace" rather than "time + cheap parts = working again". Even when we don't want something anymore it can be re-homed (find a friend or a charity shop).

Not everything can be patched up & sorted but surely it's worth a check?

Tags: home,      View/Add comments

Outage today

On Sat 5th October 2013, 10:36 Jonathan says:

Jonsdocs is now back up following a denial of service attack against my provider. Other sites on my server were also effected but are now operational.

Sorry to have gone off the air folks!

Tags:       View/Add comments

Learning Yii

On Mon 26th August 2013, 21:34 Jonathan says:

I've started to learn the Yii Framework for PHP and am so far impressed with its simplicity and speed from a code to basic application point of view.

For people wanting to run Yiic on a Synology you'll need to login is root (not admin) via a shell to run your yiic migrate command.

Tags: tech,      View/Add comments

Using Group Policy to regain access

On Thu 8th August 2013, 08:04 Jonathan, whilst Sneaky, says:

A customer of ours was hacked resulting in a compromised terminal server. They first noticed the problem because they could no longer login and had a number of employees unable to work. A colleague attempted to login to the server only to find the perpetrator had denied our account access to the server also - we couldn't even remote manage the thing! For completeness, the attacker also changed the local account password.

The clock is ticking and it's suggested someone go to site with a password reset disk to break back in to the server. A perfectly valid idea but travel time equals more downtime for the customer. An idea struck me at this point; we still had full access to the domain controller so we also had access to the power of group policy.

Group Policy allows you to control a multitude of settings in Windows and popular applications from the IT manager's desk, i.e centrally. One such setting is restricted groups, a mechanism that allows you to force group membership on a member server or workstation. This was my route in.

A group policy was created to force "domain admins" group to become a member of the local "adminstrators" group. The customer was asked to hard power off the compromised server, i.e. hold the power button in, and then power the server back on. On boot the server updated its settings from policy, making the "domain admins" group a local administrator again and permitting management and RDP access.

All that was needed then was to cleanup and resecure the server.

Tags: tech,work,      View/Add comments

When I got scammed

On Wed 24th July 2013, 15:10 Jonathan, whilst remembering, says:

(I started writing this a while ago, just only got round to publishing now)

The good news is I didn't get scammed, I knew what was happening and practically scammed them, however, if I entitled this "an analysis of phone scams" you wouldn't be reading it.

It was a bank holiday Monday morning, an ideal time to cold call as you know people are at home. I received a phonecall from "Microsoft" reporting there was an issue with my computer and that I might need a new "security code". This immediately set alarm bells ringing - Microsoft don't have my home phone number. Moreover, the caller explained if my "security code" expired I wouldn't be able to boot Windows any more. For those unfamiliar with Windows licensing, home users don't generally have a subscription based license.

Pretending to know nothing about IT, I was talked into event viewer (eventvwr) where I was quickly shown "critical errors" with my computer. Windows event logs always contain warnings and errors so this isn't necessarily reason for concern. I allowed the caller to connect to a Windows 7 honeypot (consider this a trap computer) using Team Viewer. This remote control application is free for personal use and I can assure you Microsoft don't use it! There is a paid for version but the caller wasn't using that edition.

Next the "technician" ran "tree c:\windows" which produces a recursive directory listing - this runs for quite a while. I was told if the text goes red my "security code has expired" and, surprise surprise, the text went red and stopped to display that my code had expired. (I didn't actually see how they made the text go red, I must have looked away then)

While that's been running, a tool ("Advanced Windows Care") has been downloaded to my desktop to scan for problems. A lot are "found" by the tool and the caller begins to discuss support maintenance plans (cheaper if you buy the gold package for 3 years). I began to "fix" things myself and was told I shouldn't do that as I might release the spyware. Sneakily, the "technician" also runs "seckey" and sets a password. Seckey encrypts the Windows account database, requiring a password at boot, and I have no way to know what this password is.

During this process I've pulled over the TeamViewer chat box and have quickly typed that I actually work in IT, know this is a hoax and that I also have an interest in IT security. I get the impression the "technician" doesn't read English as they minimise the chat, depsite me having alerted them to the fact they've been rumbled.

We continue...

A PayPal page is opened and I'm encouraged to pay £130 in order to receive a replacement security code and my support subscription of 1 year. My other option is to purchase a 3 year plan at $299. A 2 year plan is also available and will cover 2 computers. Very reasonable charges from "123 iSupport" (hold on, they were Microsoft earlier...). I get passed to "Matt" in accounts.

"Matt" then takes another remote session using a free trial of LogMeIn Rescue. During this time I reboot the computer and the password screen pops up. "Matt" was expecting that as "your security code has expired" (I'm expecting it because they ran "seckey") and tells me these passwords take 2-3 hours to generate as part of the security code system. Clearly I now can't pay them because I can't get into Windows. No problem - they ask if I have a second computer or if I can borrow one from a neighbour. Explaining they weren't in and I had no other computer they offer to call me back tomorrow!

We're now 52 minutes into the call and I've spoken to "James" (the supervisor), an unnamed technician (albeit 1 way via chat) and "Matt" in accounts. I decide this is time to call it a day. I explain to them what a honeypot is, that they've been working in one, and that they really need to stop scamming people. "James" then asks me to hang up and tries to convince me to do so for about 3 minutes (meanwhile I'm telling him he should hang up because I'm not going to). Finally he hangs up.



Note: Microsoft do not make unsolicited, cold calls to tell you they know about a problem on your computer. Generally, they don't make cold calls to private individuals at all.

If you receive a call from a computer company, and you don't have a contract with any such companies, do not let them connect to your computer and hang up. Don't even begin to do what they ask you to do.

Tags: hoax,home,life,      View/Add comments

Synology OS location

On Wed 24th July 2013, 14:44 Jonathan says:

When I first received my Synology DS212 the only disk I had available was 500GB. Since then I've added a 3TB disk but clearly I can't RAID those two short of ending up with a rather pathetic 500GB space.

So, at some point I'll need to replace the 500GB with another 3TB which got me wondering, where does the Synology store its OS - DSM? Shutting down the Synology I removed the 500GB drive and attempted to boot with just the second disk connected. This worked - conclusion, the Synology stores its OS on every disk or on non-volatile memory elsewhere in the device.

Plugging the 500GB back in I'm told the "system disk has crashed" and the wizard repairs it, suggesting to me the OS is stored on the harddisks.

Hopefully I can just swap the 500GB for a 3TB and introduce that disk to the Synology Hybrid RAID to give me 3TB of mirrored storage.

I just have to buy the disk first...

Tags: tech,      View/Add comments

Solid gold caravan

On Mon 10th June 2013, 21:26 Jonathan, whilst surprised, says:

I don't want one of these (certainly can't afford one) but the inside does look very well done:

World's most expensive motor home

Some people have more money than sense...

Tags:       View/Add comments

Music online (Myspace)

On Mon 27th May 2013, 09:50 Jonathan, whilst awake, says:

Many years ago, when the social network space wasn't dominated by Facebook, the social networks were easily split: Bebo - ages 11 - 14 (ish), MySpace 15 and above (ish). There were others but I don't remember them having so much of a following.

MySpace clearly started losing ground to Facebook (who didn't) so started to remodel itself as the place for music artists online - for a while that even worked. Now, YouTube seems to be the place artists are placing their content and with the way it interprets what you're looking at it's easy to stumble onto a new piece of music.

Last night I logged out of email and saw a news article about Kid President and how a 9 year old boy had actually met President Obama having gained popularity through his videos (on the SoulPancake channel) which somehow got me to a video by artist Brianna Caprice.

Brianna's song, Reflections had some very powerful lyrics and imagery. Watching to the end of the video you realise it's a Christian artist and the video description reinforces that. If you're not a Christian you'll probably still enjoy the track so please don't be put off by that.

Some of you know I'm a fan of David Ippolito's music and you can find him on YouTube too - he's worth checking out.

Finally, watching some videos from Beckie0 (not a musician and someone I only found due to an article about a girl taking a photo of herself every day for 4 years) linked to MusicalBethan (Bethan Mary Leadley) and I really like sorrow of the dead.

Add to that you can find Cassandra Kubinski on there along with a load of other artists I like and MySpace has lost that battle too...

Tags: life,      View/Add comments

Cleaning up malware (System Care Antivirus)

On Tue 21st May 2013, 21:50 Jonathan says:

So it's something I write about reasonably often because there's a lot of malware out there. I was helping a friend this evening who'd got an infected laptop. She hadn't gone anywhere dodgy but that doesn't matter as a compromised legitimate website can still infect your computer. Most importantly she had a backup of her data!

On logging on each time some malware popped up, normal fake-antivirus type stuff which wouldn't let any other application run as it "is infected". The malware disabled the installed anti-virus as has been seen before - the whole thing was somewhat familiar.

Fortunately, there was a second administrator level account on the computer and logging in with that enabled remote control to the unit. Using Autoruns I could identify a directory in c:\programdata\ which seemed wrong, especially given the files in it were "modified 2002" - impressive given this was a Windows 7 laptop.

Visual inspection of the files showed the icon was that of the fake AV. Renaming those files so they couldn't execute (I'd disabled it in autoruns anyway) and logging in as my friend showed the fake AV appeared to be disabled. The free Sophos Virus Removal Tool is running a scan on there at the moment.

Transferring the malware back to my lab environment (isolated from the home network) I can confirm I'd found at least some of the malware (I infected the lab computer to prove it).

So, the "take home" from this post:
* Always have current backups (and at least a copy off site)
* You can be infected from any website on the Internet, not just "dodgy" sites
* Have at least 2 administrator accounts on your computer. Keep the second account passworded and unused until you have a problem (and then create a third before starting working!)

Tags: tech,      View/Add comments

The importance of Backups and DNS

On Sat 11th May 2013, 13:34 Jonathan says:

DNS and backups are both very important things both at home and on a company network and both are things I've had to work on this week - for myself and other people.

DNS, the Domain Name System, is what translates an address that we humans use (e.g. www.jonsdocs.org.uk) into the IP address numbers computers use (e.g. 8.8.4.4). If you can't resolve an address to an IP address you may find you can't go anywhere. If I poison your DNS I can send you to the wrong place, possibly to install bad software or to harvest your login credentials. Sometimes DNS poisoning is simply used to make money - the most recent high profile example being DNSChanger which infected millions of computers.

If you have a business network, or a network with Microsoft's Active Directory, DNS is critical to the running of your infrastructure. I recently received a report a customer was unable to access the Internet, they'd put a workaround in place by using a public DNS server but then found their Outlook clients wouldn't talk to their Exchange server. Outlook couldn't find the server because the public DNS server didn't know about the server's local address.

Their problem stemmed from an incorrect network card setup on the server although it had worked fine for years so I'm not sure what caused it to change. Anyway, the problem is solved - DNS is really important.

So, backups. It's no secret I've been burned by lacking or incomplete backups before. I killed a harddisk (as in I really killed it - laptops don't like fists) and went to my backup only to find I'd excluded some critical files. I won't be doing that again...

The last 2 weeks I've had to work on some laptops that appeared to have failed. Neither laptop had a backup of the files so the process of data recovery began. Fortunately, the harddisks were still alive in both cases and the data was fine (and promptly burnt on to several backup DVDs).

Windows users of Vista and above (or Windows Server 2008 above) can use Windows (Server) Backup which comes built in to Windows. Capable of making an image backup enabling you to restore your computer from harddisk failure the built in software is really quite helpful. Windows XP Pro users had NTBackup which was also useful. If you don't have a backup product built into the Operating System there's always the free alternatives out there or a hand written script.

Importantly, if you do take backups make sure they're not kept with your computer or laptop. Put them offsite somewhere (perhaps do a harddrive swap with a friend in another part of town) so if your computer is stolen (or worse your house burns down) you don't lose the backup too.

My backup completed about 30 minutes ago...

Tags: tech,work,      View/Add comments