Crowd funding sites have transitioned to full on scams

Seriously, avoid any crowd-funded sites. Kickstarter, Indiegogo, and even things like GoFundMe are hosting full on scams these days.  Some years ago there used to be legit projects and I backed a few and got what I expected.  I’ve only ever had one project not finish, but that’s the risk going in.  However, these days there are straight up scams running unchecked on all of these sites.  I haven’t backed anything in quite some time and have decided I will never be backing anything on these types of sites again.  They have lost all credibility in my opinion.

Pi-hole users are the worst

I’ve noticed a new phenomenon in recent times where a user of a certain product, be it a nas, a switch, a ip camera, wireless ap, or anything else really, posts up questioning why X device is making X number of repeated DNS requests.  Just shut the hell up, seriously. This is normal behavior, it’s how DNS works. The device makes a request and the caching DNS server replies with the answer. This is how DNS has always worked, but these dim bulbs have been given a light in the window to the inner workings of DNS and have suddenly crapped their diapers about it. Also, the thought of offloading a critical network service like DNS to a $30 device is horrifying to me.  But then again, like I said, Pi-hole users are the worst.

Political Spam is not ok

I don’t know why political messages get excluded from Do Not Call Registry penalties, but it’s a bunch of crap. Not only are these calls unwanted and obnoxious, but there is no way to stop them! You can’t block them as they use different numbers every call, and you can’t unsubscribe from them because there is no list, they have your number, and they’re calling it no matter what.
And now… NOW they’re Text Spamming people! So far this elections season, I have received 3 separate spam SMS messages from political candidates. So now not only are they making unwanted calls, but they’re making unwanted texts too. I’ve had psycho-ex’s less clingy than these shady campaigns.
So far, I’ve got:
1 message for Jon Ebel (D)
2 messages for Erik Jones (D)
So, at least I know 2 candidates who will NOT be receiving my vote this fall. Keep it up guys, you’re helping me narrow down my list! ūüėÄ

Taking over from a failure of an IT company

Taking on a new client is a fairly normal occurrence most of the time. It usually goes decently smooth, getting domain and hardware passwords transferred over, sharing knowledge collected over time, making notes of any gotchya’s or unique issues with a client. Every once in a while though taking over a client leads to a complete horror of horrors in discovering how many things were done wrong and what a dangerous position the previous company had left their now former client in.
I’ve been doing this for a decade now and I thought I’d seen it all, but a recent case has proved to me to never underestimate the ability of someone to royally hose things up.
The original reason we were called in was because they had complained of their server freezing up. They had called their IT people 2 weeks ago and they kept getting put off. They were tired of their server freezing so they called us in. What did we find on arrival? A failing hard drive. Something that could have taken down their entire business, and the former IT company put it off for who knows whatever reason?! The good news was the disk was in a raid array, so they had some redundancy, but the failing disk was still causing the server to hang quite frequently. So, we replaced that and rebuilt the array.
The next issue we discovered during array maintenance, and that was a completely dead battery on the controller. So, we replaced the battery.
Next up, the server wasn’t even on a UPS. It was plugged in to the “surge” side (not the battery side) of a UPS, and the UPS wasn’t even big enough to handle the server anyway. So, we got them an appropriately sized UPS.
So, what if the array had died? What if they had lost power and ended up with corruption from a dead array battery and absent UPS? Well, they could have restored from backups, right? HAHAHA! No, no they couldn’t have. The “cloud” backup they were being charged from their previous company wasn’t even backing up any shared files. All of the business’s proprietary data would’ve been GONE. Their cloud backup was only configured to back up the “Program Files” directory, which would’ve been god damn useless in a disaster recovery situation.
While we’re on the subject of billing for services not being provided, we also found that they were getting charged for website hosting. The problem? Their IT company wasn’t hosting their website. They were hosted at another provider in town. The ONLY service their IT company was hosting was public DNS for their site, yet they were billing them at full website price. Nice little scam they had going there, don’t you think?
I wish I could tell you the horrors stopped here, but they don’t.

Read More

Why isn’t everyone doing 2-factor Auth?

17v9nnjz8cwlijpgSeriously, it is 2015 now. ¬†Every big service provider should be supporting some form of 2-factor authentication. ¬†Google is a prime example of the right way to implement this, and everyone should be following their lead. ¬†This weekend I had an email account I hadn’t used in over a year get its password cracked. ¬†The bot then pulled my extremely outdated online address book and sent spam links out to them all. ¬†Fantastic! ¬†So, I changed the password and deleted all of the contacts out of the address book. ¬†Had this provider (cough… AOL …cough) had a 2FA implementation this would have NEVER been able to happen. ¬†Their service wouldn’t have been used to send out spam, and I wouldn’t look like a doofus with an apparently weak password on that old account.

I’ll also add, if you have a service like Google and you’re NOT using 2FA, you need to go set that shit up right now. ¬†It makes your account nearly IMPOSSIBLE to get in to unless the hacker also has your physical device (usually your phone with an app, I recommend Authenticator Plus) to access your account. ¬†Knowing your login name and password alone would never get them in.

Wondering if a service you use supports 2FA or now?  Well, check out this nifty website: https://twofactorauth.org/

Android Lollipop Bullshit

Android 5.0 Lollipop came out back in mid November 2014.  So, it has been out a couple months as of the writing of this.  There are a lot of really annoying bugs in Lollipop like caller ID pictures just refusing to show up, silent mode completely broken, horrible navigation icons, and lock screen no longer locking the phone.

But the worst thing about Lollipop is the CONSTANT memory leakage. ¬†I have a Nexus 5 and this shit is out of control and Google hasn’t done shit all to fix it yet. ¬†Pre-Lolliflop, my Android devices could quite easily obtain MONTHS of uptime, and reboots were usually just to due something like updating the recovery image or something. ¬†In Lolliflop, something is leaking memory at the system level so severely that the phone can’t even make it 2 weeks with out getting so low on useable ram that even the damn keyboard will open, so you have to restart your phone if you even want to just be able to text people again.

Check this out:

Read More

Defeat the SJ-R’s Paywall with Chrome in 4 seconds

Print is dead.  You hear me SJ-R?

Central Illinois’ newspaper – The State Journal Register – was bought up by media¬†conglomerate¬†GateHouse Media back in 2006. ¬†Since then the paper has been on a wildly out of control downward spiral.

GateHouse media’s latest “innovation” in the digital age is… wait for it…

A PAYWALL!

Jesus GateHouse… seriously? ¬†It is the year 2013, and you think a Paywall is the way to move your business FORWARD? ¬†Have you learned nothing from your bigger brothers like The Times which lost over 4 million readers back in 2010 thanks to their paywall? ¬†Just as with TV Shows or Movies, if someone doesn’t want to pay for your media, they will simply not pay. ¬†Trying to trick the user in to consuming the media how you think it should be consumed will never bring in money. ¬†You will simply drive previous viewers away from you and to other services that remain free.

Your draconian thinking of what media is and how it should be consumed will be the end of you.

I was quite miffed today when I tried to read an article a friend had linked on Facebook and I was presented with this Paywall pop-up.  Clicking the X redirects you to the main page.  This really got on my nerves as all of the content was right there, sitting behind a cheezy looking pop up box.  How stupid.  So, I spent exactly 4 seconds, reloaded the web page, and read the content as it should be consumed.  For free.

I thought I should share my tip with others who may not be aware of this pretty nifty feature in Chrome. ¬†You can¬†selectively¬†disable javascript on any website you visit. ¬†Most sites use javascript for good… but some sites, like the SJ-R site, uses javascript for evil.

Read More

How Gyft Stole My Personal Information

I’m going to start off this article by warning people, DO NOT SIGN UP FOR GYFT! ¬†Do NOT install it on your phone! ¬†Why? ¬†Because they will steal your information and you can’t do anything to stop it. ¬†Gyft is an app that is supposed to allow you to easily trade/exchange gift cards to stores for other stores, but their shady business practices make me want to NEVER give them access to anything worth any real world value.

The Android version of Gyft launched the other day, so I downloaded it to check it out.  Upon first launch, it asks you to sign in with your Facebook account.  So, I did so.  Upon trying to log in, I was presented with an error message.  Apparently their servers were swamped since it was launch day.  I assume nothing worked, since I never got any confirmation or was presenting with any terms of service or anything, so I uninstall the app and say screw it.

An hour or so later, I received an SMS spam message from them asking to click a link and confirm my number (I did NOT click this link).  My first though was WTF?  I NEVER authorized them to harvest my phone number!  It really pissed me off that they just ganked my phone number and I had no idea.  I never gave them permission to take it or use it for ANYTHING.  I reported the app to the Google Play Store at this point.

Then a few days later, and the reason I am writing this, I learned that they also apparently pillaged my Facebook information and saved it all. ¬†Even though I unlinked the app from Facebook with in minutes of deleting the app from my phone, it was apparently too late. ¬†I received an email today reminding me that one of my Facebook friend’s birthdays is coming up. ¬†Another big WTF from me! ¬†I never authorized the pilfering of my (nor my friends) data. ¬†Plus, I had already unlinked Gyft. ¬†Upon removal, Gyft SHOULD have to delete the data they collected from me, but that is obviously not the case. ¬†So, Facebook friends, sorry about that. ¬†All I hope is that they don’t spam you too. ¬†Who knows how much information they were able to harvest.

I will give them some credit in that they deleted my account today within 5 minutes of me sending them the email request.  At least they got that right (although I am sure all of my information, including Facebook data, is still in their system).

Lesson learned here; pay attention to the apps you install and realize any time you sign in to an app or webpage with your Facebook account, they collect and store all of your information, even if you unlink the app or website, and they will likely keep it forever!