Comey is a backdoor man

FBI Chief Comey blames Snowden for releasing info, ignores the fact that mass spying on Americans was illegal and anti-American and so the FBI’s actions essentially were the catalyst for the mass adoption of encryption to begin with. Wants the US to have an “adult” conversation about how math should work – sounds like a child whining that his homework is too hard. With all the hacks and leaks over the last couple years talking about making encryption weaker (or outlawing software that protects folks) seems ridiculous. There should probably be some minimum requirements for becoming the FBI director which are more rigorous than going to the right school and getting a degree in theology. Comey is a lawyer, not a technologist and it shows.

http://www.dailydot.com/layer8/comey-crypto-war-business-model/

Fix for Firefox typing delay and slow scrolling

I frequently boot Arch Linux from a USB3 drive in various Intel based machines which I’ve discussed here before. Recently I was using the drive in a Dell e7240 which is a fairly nice, if older, Core i5 based ultrabook and although the drive was inserted in the USB port marked SS (USB3) performance in Firefox was awful. While performance in terminal windows seemed as quick as usual, typing anything in Firefox induced a delay that was so bad that the letters I typed into the URL bar or into a search form field wouldn’t show up on screen until several seconds after I had typed them. Scrolling with the wheel on the wireless mouse would induce a pause every. single. time. I tried to scroll. It was actually quite maddening, and monitoring in htop didn’t reveal any CPU or memory bottleneck. I disabled a bunch of extensions (plugins) that I wasn’t using often anyway and restarted Firefox with not much change.

A quick Google search turned up this amazingly informative section on the Arch wiki. It turns out that OpenGL OMTC is indeed disabled by default when Firefox is running on this hardware. The page explains that this reduced performance setting might be getting set for a very good reason, but ignoring that good advice, I switched it on in about:config easily enough by toggling

layers.acceleration.force-enabled true

and restarting Firefox. Checking about:support again confirmed it was now enabled. Now Firefox is running just as fast as usual again! I will just have to use it for a while before I can really judge how stable the setup is, but at least I can use the machine.

2016-07-09-204403_1366x768_scrot

Finding the perfect netbook-sized laptop

Falling in love with the form factor

Ever since I first got an android based ASUS Transformer model TF-101 back in 2011 I’ve been a fan of the tiny netbook sized laptop form factor. The Transformer could be separated from its (optional) keyboard but I never used the Transformer in tablet mode anyway, and the few times I did it wasn’t for very long. The Transformer was quite heavy – a solidly built device that certainly outlived its usefulness – and tablets always have to be held or propped up in a suitable position, my hands would tire using it that way quickly. Besides, the keyboard had an integral battery which would keep the thing going for about 12 hours! The post linked above goes into detail about Android as a choice for OS if you’re wondering.

asus-transformerI kept the Transformer relevant for as long as I could by flashing it with custom ROMs. After a couple years most manufacturers of android phones and tablets stop updating software for their older devices and users are left to fend for themselves against an onslaught of security breaches and malicious websites. The folks working to build custom ROMs for these older devices are doing so mainly because they want to use the latest software on their older devices and at least with Android (an open source project at its core) this is possible. I had very good luck running the Transformer on KatKiss ROMs and its still working fine running KatKiss 5.1.1.

note: Since Apple has monopoly over their devices, Apple users can usually keep their devices current longer – but ironically Apple has also successfully promoted a culture which encourages tossing the old devices and buying new ones every couple years even though the new devices are so similar to the older ones its almost incredible they are able to make the case! Customization, the removal of Apple’s bloatware, or installation of open source apps isn’t possible on these devices though.

The web is slowing me down!

The internet itself has changed over the years too and simply surfing the web takes a lot more horsepower than it once did. There are now sometimes upwards of 30 separate javascript connections being made out to other servers in order to create a single webpage (install noscript in firefox to review them); I routinely encounter mandatory ads that float over the page obscuring the text sometimes floating down the page as you scroll; videos are often set to play automatically when you load a page even if your little device isn’t powerful enough to play it and you’ll end up waiting for it to load before you can do anything useful; there’s often a lot of CSS (sometimes 10 or more stylesheets!) and while I’m a fan of the new standards – these styles are very demanding to parse and require the latest and greatest browsers to display properly. I’m a fairly patient person but it was late 2015 and the Transformer just wasn’t going to cut it anymore.

An old Gateway gets refurbed

IMG_20160322_114229A friend at work brought in a netbook sized Gateway from around 2009 which looked perfect. The processor was sorta slow, but compared to the nVidia Tegra2 in the transformer it was lightning. My friend had brought it in for help replacing the hard drive which had failed, and when I stuck an SSD in that machine and slapped Ubuntu on it I instantly knew I could use that machine. I was thinking about looking for a used one online, but didn’t get very far and gave up.

The RCA Viking Pro (2015)

I’ve been using android in this format (a 10″ tablet with attached keyboard) for so long that when I started looking around for a replacement thats what I went looking for. There really wasn’t very much of a selection. I was, however, amazed to find a line of cheap Chinese tablets branded with the RCA trademark. I’m well aware that RCA, the Radio Corporation of America, went out of business in 1986 because that was a fairly big deal at the time. The trademark is maintained and licensed out to various manufacturers today, including rcaav.com which markets tablets made in China by Venturer Electronics in Shanghai and ALCO Electronics in Hong Kong. The tablets are very low cost and can be found in Wal-Mart or on Amazon (where I got mine) for under $100.

P_20160704_211326I think it was the cost that hooked me. Here’s a device that looked a *lot* like the Transformer I loved, with a faster processor and twice as much flash disk space. It had a detachable keyboard (though I wouldn’t need to detatch it as I’ve already explained), miniSD and USB ports, and it ran android 5. I didn’t realize at first that it would be running an older version of android (5.0) than I was running on my Transformer via the custom ROM, but it wasn’t too ancient and since it was fairly new there was some hope that it would get an update.

I used it for only a short time before I realized I would really need some kind of case for it. The Viking Pro is very cheap plastic and slippery – this was no over-designed and heavy duty ASUS Transformer. I opted for a faux leather folio cover which the page on Amazon describes as “Vegan leather” which got more than a laugh or two! The case keeps the keyboard and tablet snugly together as its carried and used, and while it makes it more difficult to detatch if you wanted to use the tablet on its own (which I have done more often than I did with the Transformer because its so light) you can still do it once you figure it out.

I’ve been using the Viking Pro for a few months now and I can say that I don’t like the ultra cheap keyboard as much as I liked the ASUS Transformer keyboard, but at about 1/5 the price what do you want, really?

Lots of the programs I use on the Viking Pro are the same ones I used on the Transformer. I’ve discovered new apps over time – perhaps I’ll list them out here soon – but I’ve been able to get most of my day to day work done on it. I can check email and calendars from lots of accounts, surf the modern web with some limited sluggishness on some sites, watch videos and stream them to the chromecast (which we keep plugged into the TV) with ease. I take notes on it at meetings, and play some light games. I play music on it from time to time but the sound quality of the speaker is horrible so only if I’m going to plug it in to a speaker.

Could a chromebook become my ultimate netbook?

It seems, however, that it has only taken some time for the rest of the world to catch up to what I already knew – in May Google announced plans to make the Play store available on chromeOS later this year which would bring android apps to the form factor I’d already been using for four years in a real way but for now this is only available in the development versions of ChromeOS.

P_20160704_211028I like the Viking Pro, but I really wanted something a bit nicer, preferably a netbook sized laptop no bigger than 11″ with attached keyboard and good battery life. I came across the ASUS Chromebook C201 and was instantly struck by its classic Macbook styling (though, in miniature) and when I looked into it I was able to find a bunch of them USED on Amazon some for as low as $140. Since Chromebooks don’t run Android and instead everything you run revolves entirely around the Chrome browser, I knew I wouldn’t be happy with it unless I could get around that limitation. At that price I’d be willing to do a bit of work to see if I could get Linux running on it.

With Google’s announcement of the Play store coming to Chromebooks (and this one is on the list) I figured that at least I’d be able to run some of the apps I love on it eventually. I didn’t realize when I was looking into them that this model doesn’t come with a touchscreen though so its unclear how much fun those android apps are going to be on the C201. Since I prefer to use a wireless mouse anyway hopefully it won’t be too bad. This Google I/O talk describes what this wedding of ChromeOS and android might look like:

I was able to get Ubuntu Linux (with XFCE4) running with ease using crouton and have been enjoying using all the tools I’m used to using on my big boy rigs and switching back and forth between ChromeOS and Linux. Some cases in point: ChromeOS doesn’t let you run Firefox which I prefer (for reasons I won’t go into here), but I can use it fine under Linux on this device. ChromeOS requires you to have a cloud printer (which I don’t have) to print. I was able to set up my printer just fine from Linux. There are just tons of tools I use every day that are free and open source – they don’t work under ChromeOS but run fine on this Chromebook under Linux. The Chromebook side is fine for checking email and playing some videos (though casting them seems a lot clunkier than on android), but for anything more than that I’ll be using this in Linux. I was *not* able to get desktop Minecraft running on it (I got close) because crouton doesn’t support 3D hardware acceleration on Arm (the Rockchip is an Arm processor).

So far the ASUS C201 Chromebook seems well made (certainly more so than the Viking Pro, though nothing has broken on that device as yet), though nowhere near as sturdy as the old Transformer. The C201 is really thin and light (which is nice) but definitely flexes when you put some twisting pressure to it. My advice: treat it with kid gloves. Its Rockchip Cortex‚ÄĎA17 (some claim its actually A12) RK3288 CPU is no slouch and its able to run ChromeOS and a bunch of Linux applications with ease. It has two USB 2.0 ports (USB 3 would have been nice, but really I don’t think it is necessary since it has a miniSD slot which can be used to run an alternate OS). Since I have an Arch Linux 64GB USB drive which gets a lot of use I was able to stick that into one of the USB slots and make symlinks over for some folders so I can store files and images over to that drive instead. Linux initially took up only about 1.5GB of my 16GB internal drive but with it set up with all the tools I like its up to about 3GB now. I’ve had no issues closing the lid and having it wake from sleep even with Linux running. I do have to deal with the annoying Development screen at boot, just hit Ctrl-D to bypass but if someone accidentally hits the space bar its “game over man, game over!”

My Raspberry Pi 2 Minecraft server

Almost three years ago when I first set up a Minecraft server for the kids (and never wrote more about it as I had originally intended to do), I imagined it becoming a frequent haunt for the kids and their friends and cousins to build stuff together. I didn’t realize that the lure of real minecraft gaming servers would soon make our private server an empty wasteland. minecraftEventually my kids and their friends were no longer meeting up on our server to build houses and mess around with World Edit but were instead playing PVP on servers with hundreds of other kids they didn’t know. I had no intention of putting in the kind of effort that running a Hunger Games or Parkour server would require, but after the year or so of good use it had gotten I liked the idea of keeping the server running to preserve those things the kids (and I) had created.

This slideshow requires JavaScript.

Some history about custom Minecraft servers
When I first set up the Minecraft server in 2013 I chose to use a software called CraftBukkit to do so. Minecraft, at the time was owned by its creator and his company Mojang. CraftBukkit was an independently developed open source server modification software that depended on the vanilla Minecraft software. CraftBukkit made it possible to run lots of cool plugins built with Bukkit (the development API) on your server that you couldn’t use otherwise. Although Mojang had purchased Bukkit (the server API software) 2 to 3 years prior, they had not purchased CraftBukkit and so didn’t own that software. When Mojang sold to Microsoft in September, 2014 (about a year after I set up my server) it caused shockwaves through the Minecraft universe of independent developers. Minecraft’s popularity was arguably due largely to the work of these indy devs who had created game servers with the open source server software which was popularized by players on youtube. These server softwares made running a minecraft server easy, and provided a means for admins (called “OPs” from the word “Operators”) to moderate the game, kicking or banning users, control it, shut it down or restart it, and opened the door for a plethora of independent plugins that grew to provide a way to do a huge number of things in the game that the vanilla software from Mojang, then Microsoft, did not do. There was some anger from folks who saw the Mojang guys profiting wildly for a software that was popular (they believed) mostly because of open source efforts, and when CraftBukkit got shut down, it wasn’t because of any action by Microsoft (they didn’t have a claim on it), but by one of the CraftBukkit devs themselves! It appears that some of this has been worked through now and Spigot server, a fork of CraftBukkit is alive and well and providing tools to make running a custom server as easy and awesome as it ever was.

My first servers
When I had first set up the server, I ran it under the radar at work on real hardware with a fat network connection, but after some time the resources it ate up could no longer be justified and I decided to pull the plug on it. I was able to back up the worlds and get them running again using msm [minecraft server manager] on a small Intel NUC which I had connected to my TV in the living room, but that machine is rarely on and when it is, one of the kids is usually using it to play minecraft which makes for poor performance all around. I really wanted to be able to have the server running all the time but I didn’t want to leave the NUC on all the time just for some minecraft worlds that are rarely if ever used.

Running Minecraft on the Pi
I already had a Raspberry Pi 2 (note: there is a Raspberry Pi 3 out now and I would recommend this kit if you’re interested in getting one since it comes with everything you’ll need) which I had originally set up with OpenELEC last year and it wasn’t being used very much. I wondered if I could get it set up as a minecraft server instead?

mc_02

Enough of this talk! What did you do to get it set up?
I found a great write up for doing just this at https://pimylifeup.com/raspberry-pi-minecraft-server but I must admit I didn’t really follow it very closely.

I didn’t take notes when I was setting it up but the whole setup was done in under an hour or so. I’m not done, but its up and functional. The URL is pretty simple to guess but since its really got nothing on it other than some silly things our family created I don’t see any point in promoting it at all. This is what I did as far as I can remember:

  • Setting up Raspbian on the Pi.
    • Grabbed a Windows laptop because it had an SD card reader in it (I have a micro SD to SD card adapter which makes loading files to it easy)
    • Used SD Formatter for Windows to partition and format the microSD card since it had a couple funky partitions on it from my previous playing around and OpenELEC
    • Downloaded Noobs, unpacked and copied the files over to the microSD. Noobs makes it super easy to to get the Pi up and running quickly.
    • Chose to install Raspbian from the Noobs start screen
  • Configuring Raspbian a bit.
    • Used Raspi-config to set up SSH server
    • Made some other changes to Raspbian suggested by the pimylifeup article (GPU memory allocation to 16, overclocking to 1GHz)
    • note: Rasbian already had Java on it (I noticed a disclaimer from Oracle that you’re granted license to use it at set up) so there wasn’t any need to download and set that up again.
  • Setting up the Minecraft Server.
    • The key to getting everything set up is BuildTools by SpigotMC. The folks at SpigotMC provide enterprise level minecraft server software (this is actually a thing) which is basically a fork of and is reverse compatible with Craftbukkit. I downloaded the jar file and ran it on the Pi and the script cloned the code out using git and proceeded to build server APIs for Bukkit, Craftbukkit, and Spigot minecraft servers. This completed without error and produced a server jar file for me to use which worked with a fairly recent Minecraft version (1.9.2).
    • cd into the folder I wanted to keep the server files in, and ran the server once from the command line to create all the ancillary server files and then stopped it.
  • Configuring the Minecraft Server.
    • Edited the server.properties file and reduced the number of users that could connect at a time to 5 and reduced the number of chunks to display to 4. update 160517: upped this to 7 without any noticeable problems, but haven’t tested with more than one user as yet.
    • Dropped in the NoSpawnChunks plugin
    • Dropped in Spigot-Essentials-2.x plugin (and copied my Essentials folder over from the old server)
    • wrote a short bash script with parameters to use as much memory as possible I could use to start the server and set to run it from rc.local so that it would get started at boot time. This is one thing I intend to improve (see below).
  • Things on the todo list include:
    • Bring over all the worlds (so far I’ve only brought the one that I was using). Not totally sure about what I want to do at this point. I want for the kids to be able to cruise around in the worlds they built but should they be set so they cannot be modified any further?
    • Figure out if the Multiverse plugin will work on this new server so that all the portals we had defined will work again between the worlds.
    • I used to have World-Edit and World-Guard running – not sure I want to bother with that again
    • I used to run Dynmap for real-time mapping available in a browser but theres just no way the Raspberry Pi will be able to handle that. I do want some kind of mapping software though. Maybe I could set up a program to produce static maps on a schedule? I’ve used mapcrafter like that in the past.
    • Write a true service to start and stop the server, or
    • Re-write startup script to use screen (so I can re-attach to the running script when I ssh in to the pi) but for now, it gets the server running at least. update 160517: already changed the startup script to include screen -dmS minecraft before the launch directive so that when I ssh in I can use screen -r minecraft to reattach to the running process and interact with the server on the command line.

update 160715 – I got a Raspberry Pi3 and was able to copy over my server files and settings after setting up Raspbian and get it all running fairly quickly. It runs the server a LOT smoother than the pi2 did. It does still stutter a bit as chunks load, but I don’t see the “Can’t keep up” messages in the log anymore. I’m also running it over the built in wireless in the Pi3 and so far no issues.

Users are the weak link

I read the email and smiled – all that work I do trying to get users to reach out to me when they are confronted with something suspicious pays off! Bob (not his real name) had taken a screen shot of the strange error message and sent it to me asking how to proceed. He had been using Chrome, there were two tabs open. The first was on MSN.com and according to Bob he was just clicking on an article to read. The second contained a full page of courier font text made (poorly) to resemble an operating system error. A pop-up covered some of this text with a text warning from technicalerror-detected.xyz urging the “Customer” to call an 855 number for a Microsoft-Certified technician to “help resolve the issue”. I chuckled to myself and shook my head at the obvious ruse. I sent an email reply to Bob that he should call the number given, but only after he calls the FBI to trace the call because it was an obvious scam attempt.

p0wned

Fast forward about 15 minutes and I get a frantic call from Bob who then sheepishly uttered “I think I may have messed up”. He went on to describe how he hadn’t waited for my email and had decided to call the number. Somehow they convinced him to fork over his credit card number in order to obtain their “aid” in cleaning out the malware and he had let someone get remote access to his machine (a laptop). They were working on it right now, but suddenly he wasn’t sure if they were who they said they were.

“Holy crap, Bob!” I yelled, “turn that machine off NOW!”

Bob ran over and powered it off and I sighed with a little relief while I was deleting his VPN account and changing his email password.

“Bob, you need to protect yourself. You need to dispute that charge and cancel that card immediately. If you’ve ever logged onto a personal email account or a bank or any site from that machine you need to get onto another machine and change those passwords as soon as possible.” At this point you have no idea what automated scripts the malicious scammers may have managed to run. They may have gotten all the keys to the castle in that brief few minutes, they might need some extra time to analyze their haul, but there’s very little time to shore up defenses. It might even be a good idea to alert the FBI with both the phone number you called, the number you called from and the time of call in case someone over there wanted to follow up. (He did contact the authorities later)

While I’m explaining this, he interrupted me,
“The machine just turned back on!”

“Turn if off again Bob, and this time pull the battery out!”

He did so, and I explained what his next steps would be according to our procedures to get him back in business again.

This attack would have been less effective had the user been a local domain user, but because some users need to work more autonomously and have more control over their machines and don’t often check in at the office they are usually given admin access. I never used to permit that but the powers that be feel differently and I can’t say I blame them since the user will definitely have to install a printer and likely some personal software.

The problem is there really isn’t any way to fix the root problem – users. Users generally don’t pay very close attention to what they’re doing and they don’t read things that appear on their screen carefully or critically. Users are usually not interested enough in the nitty gritty details of these kinds of confidence scams or their eyes glaze over at any kind of technical jargon. They see an error message and their minds turn off and they don’t notice mis-spellings or grammatical mistakes that might make the ruse more obvious.

Somehow Bob had managed to install an Add-on or extension to Chrome. Not sure when this occurred, or how, but it hobbles the browser. The extension removes some vital toolbars, limits which sites can be visited (blocking search engine sites you might use to figure out that its a scam for instance) and redirects the user to their own site to increase their page-views (which sites like Google and Yahoo happily pay them for). Most devastatingly to Bob it threw up a fake error page which was good enough to sucker him into calling them which eventually led to him giving them his credit card number and following their instructions to grant them access to the machine.

In this case, the spelling and grammar used in the ruse was pretty good but there were still some tell-tale items to suggest that something nefarious was going on.

  • The URL for the tab he was looking at was clearly not a Microsoft.com URL even though the message claims they are Microsoft technicians.
  • Microsoft will not tell you to call them – good luck getting a human at any of these big companies anymore! The last thing they want you to do is call them, and if you do you will invariably be routed to India or the Philippines.
  • The Error message appeared in a browser window – typically big ugly errors like this take up the whole screen – you wouldn’t be able to minimize Chrome or see other parts of your desktop like the taskbar or the clock.
  • If you could google up the phone number on your phone or another machine quick you’d see the first whole page of hits for that number are about spammers and scammers that tried to call from that number.
  • Googling BSOD: dllRegisterSetting which are the biggest words on the screen results in several links for removing the malware or virus by that name (the least helpful is the actual Microsoft result). Most of these helpful guides assume that you have not been stupid enough to actually fall for the ruse and call the number of course.

I thought I had done a good job educating everyone about how to identify these kinds of scams but clearly I have some more work to do.