October 2019 – Frontier9 - Web and Security

Halloween – IT and Photography – getting a life…

October 31, 2019December 4, 2019
by Michael

Horror Stories – remember that time you tried to set up fibre-channel storage card. Technical horror stories, fighting with your website design, your database or recovering saves you thought you made but lost? Scary … but actually, tonight I’m heading out to Bangkok to look around at their version of celebrating Halloween.

I have other websites related to my photography, my interests and a Patreon that I capture interesting events to feed. I just revamped the site. Changed the parameters – I am going public. It has been a fairly private site but now I’m changing tack.

https://www.patreon.com/openmindphotography

One of the ways of reaching out for my services is to become a Patreon subscriber. You’ll see I’m a writer, photographer, vlogger as well as a very experience IT worker. So if you want guidance or help with your own social media projects – web services or troubleshooting, hand holding or other forms of support. Reach out – because going it alone can be horrific. I’m very open to give you a free consult to see if I can resolve your problem fast and give you an affordable rate. If you become a Patreon subscriber then it goes without saying I’ll deduct that from any bills.

Admin Guides

Mail Servers

October 29, 2019December 4, 2019
by Michael

Reviewing Mail Servers – why? To find out where the state of the art is since last time I checked. This is what blogging is to me – its not always about selling some service or some product. I’ve blogged for free since I ever heard of blogging. Its just a reflection of what happened at this time to add to the history to look at later perhaps, or not.

When Gmail came out – tentatively we all started to test it, sign up as beta users. We could invite friends into the program and I ended up with a 1000 user account with Google for their apps service to provide non-profit users with email and all the Google Apps as a business unit. It meant a lot less worry, and offloading server admin to Google. Also that people had everything there for them to find their way to using to integrate many things instead of pressing for an internal mail to integrate better with all the google tools.

So why would I go back and make a mail server. Mostly, because I there is so much tax and over-commercialization. People want to turn everything into a higher cost than it is perhaps worth. Still it will take me considerable management effort but when it comes to security then it will be in my hands. Security and restoring backups are not in your hands with a 3rd party provider. If they experience serious down time you will have to wait.

Google hasn’t had much downtime for years – that was lucky. I guess in the end we want a hybrid – something independent that also integrates. Yet there are so many more messaging services today – chat’s are almost replacing email, but not quite yet.

—- Update —

I’m going to install and try out mailcow – that seems low cost and useful, is getting developed at a good pace.

Increase Earnings

Straight Talk on WordPress

October 27, 2019December 4, 2019
by Michael

Almost nothing anyone says can be trusted on monetized websites. This website will be using monetized links so I guess you will have to apply that here too. Yet I’m an older guy, who started before there were even web pages and so I can tell you dinosaur stories of FTP to Helsinki (Finland) university via the education research network that extended out of ARPAnet. You can’t even find Wikipedia or google much about those days. I just remember saying, i’m downloading a file from Helsinki – nice. However, i’d been downloading files with modems and BBS systems for a while already. Being older doesn’t make you the best though … that takes day to day work staying on top of things. Mostly you learn because you have customers and you learn by resolving their problems for them.

So anyway – then came the days of ugly websites with the occasional beauty but generally … not so nice. However, it was the information and pictures that people were really looking for. Video was mostly out of the question then. Years passed, I worked for companies, I worked for Buddhists, and I used the various CMS as they showed up … Joomla, Drupal were some nicer ones. Had arguments about PHPnuke which was the first PHP cms – or so they claim. One guy I worked with wanted to use it and I said, “but nobody cares anymore” he was years behind trying to use “the best product”. Before long friends were saying “WordPress” and they loved that. Then they got hacked … there were no security solutions back then. Today that WordPress draw-cards is ubiquitous and people tend to go looking for a specialized provider. So I’m working to support it and secure it for clients. My mother used WordPress, my dad uses it today. I’m using it right now – this is WordPress. I have clients who use it – but mostly I become their IT provider so I can remove the malware that has slipped in.

So to help my clients I’ve created my own hardened servers … to reduce the chance of attacks being successful. However, if you run WordPress you are really mostly in the hands of the developers to find exploits, issue updates and you have to apply the updates before its too late and some automated bot finds your website and applies the exploit to sneak in malware or make other “hacks”. Companies will always tell you they will handle that but they tend to leave people on outdated servers where the updates can’t even be applied because some component needed by WordPress is too old (PHP for example). What you can do is use “security plugins” … because that is one of the main draw-cards for WordPress, the features you add with plugins.

Of course the plugins could make your WordPress vulnerable – so you need to have your website checked the same way an attacker would detect if you were vulnerable. You are unlikely to find a provider who will give you a free offensive security check … but some of the security plugins are almost at that level … almost. The fact is that WordPress security is getting to be somewhat expensive and it makes you wonder if the security providers are attacking everyone so they come to them and pay for assistance. They have all kinds of “help me” and “clean my site”. That is what you might wonder when you see the scale of operations and complexity – one provider I’m looking at doesn’t even have a single plugin they talk about 4 categories of security plugins – prevention, detection, auditing and utility. If the solution is that time consuming the user isn’t better off, you make security beyond a tickbox.

That would be why you might want to use a smaller company who just takes responsibility to offer you a secure website and audit it, check in and update, correct issues. I always try to offer the best of free or “part of the deal” access so there isn’t an endless up-sell. Real security is about trying to rid the web of threats by making the solutions free – that is what open source is about. If there is money left to invest – best to spend that on your IT staff or consulting, the provider.

Hacking Defenses

Travel and Home Router Tricks

October 25, 2019December 4, 2019
by Michael

If you travel, take even just one trip but plan to use the internet. If you need your laptop or phone you might find a tiny investment of say $25 to $70 USD pays over and over. Getting connected directly with your device can be temperamental and dangerously insecure. The hotel residents or staff may just record all your traffic and search it for passwords, pictures you viewed, websites you visited and more. Its not just for travel though – at home you you need this kind of serious firewall this is a minimum level to protect you even from your own ISP equipment and it’s vulnerabilities. Its not the whole solution but a crucial foundation of the puzzle.

Hotels and other public places can either have sketchy weak internet access that drives you nuts. A good little tool like this might plug in to the wall and give you your own wifi. Or it could bridge you to their wifi in the spot that “works” freeing you to sit where it is comfortable to read or work.

I can’t emphasise enough you need to be protected from other “guests” who might use this chance to attack and infect, take control of your computer of phone. Hacking is very prevalent. The last thing you want on your holiday is either spending all day just trying to find somewhere to check emails and make flight confirmations or new hotel bookings. Beyond that having your email hacked while you are away from home could lead to your bank accounts being frozen or robbed. What is so special about the products I share – they use open source, tested software. I’ve tested them and use them myself and I’ve got a history of securing companies and clients workspaces. Many of them paying thousands to protect their ability to stay online even during constant attacks from all over the world that look to break in to any place they can.

So get started with any of these products – the GL.inet GL-MT300N-V2 mini travel router. I have one very smilar. If you want something more potent from the start. This GL.iNet GL-AR750 Travel router has one more port of wired ethernet and both 2.4ghz and 5ghz wifi. Note that 5ghz is likely to max out the speed you can receive downloads if your hotel has a premium quality connection. Finally the fastest newest model is this GL.iNet GL-AR750S-Ext Gigabit Travel AC Router has full gigabit wired connectivity. So if you want to have a small network with family or friends safely behind your own firewall … this one would be a great lightweight tool.

They all power from USB – like any phone charger. Some of the models come with their own 5v USB power. You can even just plug them into your laptop USB to power them up, and that means you are only adding a tiny lightweight box to your luggage. A box that as you get to know it will likely solve a problems.

To make a long security rant short – this uses a community maintained operating system. Most companies make products and don’t keep them updated or from the very start they have flaws that are found making them a target to make you more likely rather than less to be hacked. Giving hackers a back door instead of locking them out. These devices are using the kind of system a hacker is likely to use to protect themselves. They can be as easy as pie to set up.

Tricks? – Well, it would be obvious to plug a router into your network at the wall and you get your own wifi. That’s great, but what if you go to somewhere with only wifi? Well if you want to get a bit deeper into the web pages that this device provides to help you connect everything – you can use this to get wifi and share it to you via the cable. So they come with a small thin ethernet cable. Its usually possible, especially with the bigger ones (AR750 and AR750s) to get internet with wifi and share it with the other wifi – because there are 2 wifi units (radios) in this little box.

So you can do wifi to cable access, cable to wifi access and wifi to wifi access. Yes also cable to cable access. You create a protected LAN for yourself. If there is not access you can “tether” your phone USB or use a 3G/4G usb modem to provide access to your hotel room. You can even take this down to starbucks or anywhere you go to work with your computer to protect yourself from the rest of the visitors.

Its really a **welcoming** device that succeeds in simplifying things for it’s owner. Take it from a veteran of networks this is easy peasy. Under the hood is Open WRT a unix type system giving basic through to adept users an **accessible** swiss army knife of network tools.

Not secure enough for you? You can, with some effort, get a VPN account and use this device to connect through to another network, encrypting your communications completely. So even insecure websites are not visable to anyone watching you – like the hotel guests or staff.

It is possible to do VPN, firewall with your travel computer itself or with your phone … but its typical that something will lead you to turn it off or forget to set it up. This device is really all about dedicated security and or just making it easier and better. I’ll write some further stories – in fact I’ll explain more about security and how this protects you in ways most people don’t even know are needed yet. I even use these at home because my internet providers router/wifi is not secure enough for my purposes. I consider that already unsafe even in my own home. The company that provides it definitely have backdoors so they can watch and maybe attack you from there offices. That means that staff who once worked there probably know how to hack everyone that has that equipment. If they get through then I’m still behind a firewall.

Health and Wellbeing

The Keto Admin

October 19, 2019December 17, 2019
by Michael

If your an administrator of information technology I recommend you go low carb. Don’t beat yourself up that you can’t find enough time to get up and move, exercise and its all your own fault. Learn to health hack by finding the evidence that leads to obesity and resolving it. Living a lifestyle of low carb then there is likely to be less down time due to illness. The ketogenic diet sustains better concentration and work outputs in my case. There is however a transition time of a week or more where you might experience a lot of body changes adapting.

During the change over time you have to stay hydrated, take supplements – particularly magnesium and relax. Then your body turns on the fat based metabolism – using it instead of trying to store it away. I’ll write more later on adapting to a ketogenic lifestyle which i think of as understanding meta-nutrition and applying it to your health.

Evidence Based understanding

This channel [no affiliation] is full of doctors and other professionals who research and follow evidence based medicine to help combat the dis-information about what foods are best for your health. Evidenced Based Keto: How to lose weight and reverse diabetes – by Dr Paul Mason.

Paul Mason is explaining, and he’s not the first that Obesity isn’t just because of exercise or lack of. That we are lazy or not following medical advice. He goes on to present evidence that insulin is really the proven culprit and we can “hack” our body by ceasing to eat that which stimulates insulin production to higher and higher levels.

Being in tune with today’s generation “the millennials”, many of whom are more into evidence based systems, people question old advice. Crypto (i really mean bitcoin here) vs Banking, Keto vs Industry influence dietary guidelines. Taking care of gut health vs taking various pharmaceuticals that destroy it. Using non-invasive medicines such as essential oils that are anti-cancer rather than foreign synthesized chemistry that is cancer inducing.

Where is the evidence though? Well its there where you don’t look, hiding in an ocean of falsified research. Many research journal editors in medicine speak to their complete loss of trust in the very articles they are publishing. They are kind of forced by industry money that buys influence in academia.

So anyway, today making Keto muffins because like many computer worker, i am addicted to sweet things. Baked goods and here is a recipe – there are tons of these out there but if you search you’ll end up on some super annoying website with endless scrolling before you reach the recipe. Links show examples of what kind of products you could order – just standard blogging now for me to link up products. You don’t need to buy, look at local supermarket but if you get desperate why not order online.

1 cup almond flour or almond meal
1 1/4 cup coconut flour
1/2 tsp baking powder
1/4 tsp Himalayan or other salt
1/3 cup Coconut oil – cooking or virgin (or melted butter)
1/3 cup Unsweetened almond milk or just cows milk
3 large Eggs
1/2 tsp Vanilla extract or 2 tsp Imitation Vanilla
3/4 cup Blueberries or Mixed Berries or Raspberries or even chopped fine strawberries

1/2 cup of erythritol based natural sweetener (ie Natvia)

175 celsius for 25 minutes, cool for 10 minutes

I also found this while thinking about lowering the erythritol (sugar alcohol is a sugar alternative that doesn’t give you carbs so much) and replacing it with stevia. Mixing them together is typical in these types of recipes

https://www.whatsugar.com/post/2018/11/05/stevia-sweeteners-part-1-with-erythritol

Admin Guides

Going Linux – Going Gimp

October 17, 2019December 4, 2019
by Michael

Gimp, Graphics Image Manipulation Program, has always played 2nd fiddle to Adobe Photoshop. I remember when I was working at an apple shop when Adobe Photoshop 1 appeared and we used it on the monochrome screen of a mac SE thinking wow. Now Gimp has way surpassed that.

Recently, after some nasty malware related refreshing from backups on a windows laptop, I bought some PC parts. I threw together a desktop since now I have a family, house, home to work from. It ended up actually being 2 PCs in the end but that’s another story.

So as I started posting on this new install of wordpress – you are reading from here I was using Ubuntu linux on the downstairs PC. Running it on a TV, its a bit furry and I had just the stock installed basic photo/image program to adjust some graphics. I have tried gimp many times over the years but I saw Photogimp and some spanish text saying Adobe Photoshop, which I am much more used to … see image insert.

So I installed it and what do you know its all layed out like a modern photoshop. Now I can say for the first time – actually Gimp looks like its workable. Just like LibreOffice (formerly Open Office) is up to the task for editing documents.

Open source is basically able to surpass some of the older commercial software at this point. How could it be, well its the the idea that eventually instead of just moving stuff around and acting like you made it better when you really didn’t … or taking parts out and charging extra if you want them back. Well in Open Source you just find out what people really want and if they like it your variation of the code, fork, project becomes really appreciated and maybe others step in and help you make it even better. You aren’t trying to keep selling, or get subscriptions – perhaps you get donations but generally you can eventually after many years get the project to the point where it just does what people want and we can stop wasting our time paying and upgrading and re-learning some bullshit new version.

Now Ubuntu Itself falls into that category. You might love windows or macOS but in the end the only thing that really makes them superior other than basic look and feel (which can be duplicated) is that they have the stable support and drivers for all the computer parts you use as your PC. Yes and that means you too mac users – you use a PC with MacOS. Anyway, if I can put together a very recent set of parts and start a USB stick of Ubuntu and get sound video, software instantly (really, as fast as you can boot) then something is wrong on the older OS front. They stopped making their stuff better. Mac hasn’t written an installer for a long time, mostly they just chase a lot of security updates and hope they can retain customers. Its not all the way there yet – commercial software still rules a few areas but I’m going to work with linux now.

I was always just messing around as a kind of half serious thing on linux other than with servers. That’s another blog – but I think if I can invest my experience on linux as my work environment now its worthwhile. I recently heard someone say if you use windows you are an idiot – I almost agree. Especially when it comes to security concerns. Not that linux is immune – not at all but you have a lot more chance of securing it without fighting against the OS.

Uncategorized

Frontier9

October 16, 2019December 4, 2019
by Michael

This is the blog of the admin of this humble Ubuntu server. He lives in the cloud of PheonixNAP – a US hosting company that has baremetal and cloud elastic virtual servers. Frontier9 is one of those servers.

He started with my mate T telling me, eh this is pretty affordable and I know the guy running the company. So i go there, but there is no obvious landing page – or at least I find it weird that he sends me to an admin subdomain to sign up. Eventually I sign up

Frontier9 started his time as a Ubuntu 14.04 LTS – now at end of support life. He wanted to stay there to be a lean fast machine but the evils of updates, security and bloatware pulled him into now. After all to use latest wordpress you can’t be on PHP5.5.9.

So during his set up he got upgrade script into the Xenial world 16.04. He is a LAMP server sometimes written as LAMPP – not sure what the second P is. I’m a very old timey computer user – started when I was 10. I’ve always liked to do things and programming was a way to get there. However, if someone already wrote the program and many exist I just let go programming so I could use applications and do things. These days I’m back to more admin, network, security to help my friends and customers.

This blog is the story of Frontier9 because the internet remains a frontier – it will extend way into the future unless the whole planet dies. I am inspired by an old gamer Day[9] who I used to enjoy the vlogging of and so I added a 9 – seems fun. I also live in Thailand as a nomad, expat or whatever you want to stay after getting free of organized Buddhism that took over my life for a time. In Thailand the number 9 is associated with moving forward which is what Frontier9 is built to help me with.

Here is another blog where I found explanation of the lucky number 9 in Thai culture. https://www.thaizer.com/culture-shock/lucky-number-9/