Don’t Trust The Cloud

Modern computing is geared towards moving everything into The Cloud. Your calendar, your email client, CRM, your office applications, even the music you listen to while commuting can all be in the cloud and while this seems great you know that it’s all one Internet outage away from being unavailable.

But you have mobile data with 4G or maybe 5G and you’re always near WiFI so why worry? The main cloudy problem is not the Internet connection at all, it is the companies who provide these services. For example, Amazon regularly update their online Music library to add new releases but they also remove tracks whose content providers decide to no longer sell through Amazon. If you rely on the cloud player by never downloading these tracks then you lose access to them and do not automatically get a refund.

Losing access to a small number of songs out of your entire library is annoying but no major heartache (though in my case Amazon removed three complete albums that I had paid for and owned for a few years). What if Amazon decided to ditch their music service entirely? Without your own local backups you have now lost your entire purchased content. What if Microsoft dropped Office365 or OneDrive for some insane reason?

Asides from the more obvious issues of cyber attack and Internet connection problems cloud services give great convenience with a big cost of having to consider the provider’s future prospects and exactly where they receive their digital goods from before you buy from them. Licensing terms change frequently on these providers and the vast majority of people do not notice so these giant companies get away with forgetting to issue refunds or warn you that your content is going to disappear.

Always backup your data and that includes any digital content you’ve purchased.

Of course that’s not always possible. Let’s hope Valve never go out of business or drop Steam…

EDIT: Just a few days after posting this we see a large organisation closing their service and customers losing out.

When Anti-Spam Lists go Bad

Email administrators everywhere will have dealt with the dreaded blacklisting problems. Whether it be a customer who has accidentally got them selves listed or your own server sending some backscatter through a misconfiguration we’ve all come across the “request for delisting” and found the tools to prevent the mistake from happening again.

Most of the time the solution is simply; you fix whatever problem you had or sign up to the recipient’s mail providers postmaster system (in the case of and request the delisting. In a few hours your IP is marked as fine and happily you go about your business.

Sometimes, however, unscrupulous individuals set up services and begin blackmailing email administrators. For example, UCEPROTECT and ivmSIP24 are scammers and should not be trusted because they list entire IP ranges without regard for what those IPs actually are.

For example, my mail server is with DigitalOcean who are a well known and reputable hosting provider and they, naturally, have lots of IPs. Anyone can sign up for a server and so it is bound to happen that a real spammer will create a short lived VPS and send some malicious content. Should every DigitalOcean customer be punished because it is possible someone might send spam? Of course not!

This is where UCEPROTECT and ivmSIP24 step in to wreck the day. They swiftly list the entire IP range as bad and demand payment to delist! They make it clear that payment will not guarantee you from being kept off the list in the future and, of course, if you cease paying (because it is a subscription) you will be put back on it.

The only thing missing from their site is “I am haxor and have haxd your system. You send money to my Bitcoin address or I release private picture hra hra hra”

This type of scam/blackmail/racketeering is nothing new but it is the first time I’ve seen this type of list used by a big email provider – Mimecast. Why in the merry hell is such a large company allowing these cretinous individuals to hold email administrators to ransom.

Microphone Not Working in Windows 10

It turned out that the Windows 10 update 1803 introduces (or changes) a privacy setting which prevented me using team speak/voicechat in games. To fix, you can just need to open All Settings -> Privacy -> Microphone or search Microphone and find it in the list. It needs to be enabled and apps need to be allowed.


Thanks to MicroSip for pointing this out on their site! I discovered this fix while using MicroSip on some Asterisk testing.

HOW TO: Completely Remove Asterisk

This was tested against a Ubuntu 16.04 virtual machine with Asterisk 13.22.0 and all commands were run from ~

sudo service asterisk stop
sudo rm /etc/init.d/asterisk
sudo rm /etc/init.d/
sudo rm -rf /etc/asterisk/
sudo rm -rf /var/log/asterisk/
sudo rm -rf /var/lib/asterisk/
sudo rm -rf /var/spool/asterisk/
sudo rm -rf /usr/lib/asterisk/

All of the Asterisk program and configuration files will now be deleted and you should have seen a notice about needing to run systemctl daemon-reload because the service files have been removed (they’re the ones from /etc/init.d/).

If you then whereis asterisk you may still see some leftovers in a few other places which you can also delete. Here is where I found remaining files:

  • /usr/sbin/asterisk
  • /usr/include/asterisk/
  • /usr/include/asterisk.h
  • /usr/share/man/man8/asterisk.8

tmux Script

I use tmux a lot and like to have a good layout that’s relevant to the work I’m doing. Mainly, this is very simple things like DNS queries, nmap scans, telnet/ssh checking which leaves most screen space free for displays such as watching failed hack attempts or showing system usage. Here are my scripts.


This is the script that launches tmux and sets up the panes or rejoins an existing session.

# TMUX Startup script
# C-m means enter key
#Inspired by

tmux start-server

if ! $(tmux has-session -t 'linkstart'); then
tmux new-session -d -s 'linkstart' -n 'linkstart' # -d *
tmux select-window -t 'linkstart'
tmux split-window -h -p 40
tmux select-pane -t 1
tmux split-window -v -p 15
tmux split-window -v -l 1
tmux send-keys -t 1 './watchfail' C-m
tmux send-keys -t 2 './watchauth' C-m
tmux send-keys -t 3 './watchusage' C-m
tmux new-window -n 'general'

tmux select-window -t 'linkstart'
tmux select-pane -t 0

tmux attach-session -d -t 'linkstart'


Sometimes it’s interesting to see the brute force attempts and get a feel for what usernames are popular with malicious actors.


watch -t -n 30 "tail -n 400 /var/log/auth.log \
| grep 'for invalid' \
| awk '{print \$1, \$2, \$3 \"\t\" \$13 \"\t\" \$11 }'"


This is so I can easily see where any successful connections have come from as I know the IPs I usually connect from.


watch -t -n 300 "tail -n 2000 /var/log/auth.log | grep 'Accepted' | awk '{print \$1, \$2, \$3 \"\t\" \$9 \"\t\" \$11 }'"


It’s a very, very, low-usage VM so this is really a “just because” pane.


watch -t -n 20  "echo "CPU `LC_ALL=C top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1}'`% RAM `free -m | awk '/Mem:/ { printf("%3.1f%%", $3/$2*100) }'` HDD `df -h / | awk '/\// {print $(NF-1)}'`""


Google Chrome Yellow Tint Version 68

If you’ve updated Google Chrome and now have a horrible yellow tint to everything that should be white you’ve been struck by the Overly Helpful Application Syndrome. This disease commonly affects Microsoft products but can also infect other applications and displays itself as a “helpful default” that is completely stupid.

The yellow tint in Google Chrome is easily fixed by going here and setting Force color profile to sRGB:


You’ll have to copy that URL and paste it into the address bar of Chrome because the latest versions of the browser do not allow clicking chrome:// links.

Why does this happen? The Chrome developers have modified the way Google Chrome displays so that it tries to match the default colour profile of the monitor it is in. Unfortunately, it often fails to do this properly which leaves you with just Chrome looking like an old yellowed smoker’s desktop PC from the 90s.

Update Ubuntu 16.04 Login Message

The standard login message is called the MOTD and usually looks like this:

Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-116-generic x86_64)

 * Documentation:
 * Management:
 * Support:

29 packages can be updated.
11 updates are security updates.

Last login: Wed Jul 11 18:35:08 2018 from 555.555.555.555

This text is generated by a series of executable files in /etc/update-motd.d that you can change or even add your to.

luke@ubuntutesting:~$ ls -la /etc/update-motd.d
total 36
drwxr-xr-x  2 root root 4096 Jun  6 15:43 .
drwxr-xr-x 92 root root 4096 Jun 28 08:34 ..
-rwxr-xr-x  1 root root 1220 Oct 22  2015 00-header
-rwxr-xr-x  1 root root 1157 Jun 14  2016 10-help-text
-rwxr-xr-x  1 root root   97 May 24  2016 90-updates-available
-rwxr-xr-x  1 root root  299 Jul 22  2016 91-release-upgrade
-rwxr-xr-x  1 root root  111 Jan 11 05:42 97-overlayroot
-rwxr-xr-x  1 root root  142 May 24  2016 98-fsck-at-reboot
-rwxr-xr-x  1 root root  144 May 24  2016 98-reboot-required

I decided to modify mine to display the system’s IP addresses on login and disable 00-header, 10-help-text from running:

root@ubuntutesting:~$ ls -la /etc/update-motd.d
total 44
drwxr-xr-x  2 root root 4096 Jul 11 19:54 ./
drwxr-xr-x 91 root root 4096 Jul 11 16:59 ../
-r--r--r--  1 root root 1220 Oct 22  2015 00-header
-r--r--r--  1 root root 1157 Jun 14  2016 10-help-text
-rwxr-xr-x  1 root root  147 Jul 11 19:54 50-ip*
-rwxr-xr-x  1 root root   97 May 24  2016 90-updates-available*
-rwxr-xr-x  1 root root  299 Jul 22  2016 91-release-upgrade*
-rwxr-xr-x  1 root root  111 Jan 11 05:42 97-overlayroot*
-rwxr-xr-x  1 root root  142 May 24  2016 98-fsck-at-reboot*
-rwxr-xr-x  1 root root  144 May 24  2016 98-reboot-required*

As you can see, to disable a file you only need to remove the execute permissions. When you add a file it’s important to think about the order in which they’ll execute. These scripts are run alphabetically which is NOT the same as ‘numerical order’


Here’s the IP script I added.

echo -e "\n\nSystem IP Addresses: "
ifconfig | grep "inet addr" | cut -d: -f2 | awk '/([0-9]{1,3}\.){3}[0-9]{1,3}/ { print "\t" $1; }'

Of course you’re could do anything in these scripts such as list the current load, free space, memory usage, logged on users, etc…

Illegal Phone Call Scams

These days the average user is far wiser against email spam than ever before and criminals are turning back towards direct threats in telephony-based shakedowns of vulnerable people. Thankfully the advent of websites like Who Called Me and Twitter mean you can easily discover if the number that called you is a known scam or not.

Once you know it’s a scam you can report it to the police directly through 101 if it’s not an emergency or 999 if you believe it’s something more serious than a simple scammer. Remember, you can also report crime anonymously through CrimeStoppers so make sure you say something if you get one of these calls!

Is it a scam?

  1. Do you recognise the number?
  2. Is the caller from a company you have a relationship with?
  3. Are they asking for your details?

It may sound obvious that a call from a company you don’t know from a number you don’t recognise asking for your bank information is suspicious but what would you do if you got a call from a stern police officer demanding to you know where you were on Tuesday? Or a pleasant individual calling to advise you’ve over paid on your water bill and are due a refund?

Whatever the purpose someone claims you need to be mindful of what information you’re giving out. Did the caller address you by your full name like a real company representative would or did they wait until you gave up that information first? Did they confirm your address to you or get you to let go of that as well?

If you’re ever in any way doubtful of the authenticity of a caller’s identity HANG UP and use the Internet to identify the number it came from. You could even simply call the company back on a known safe contact number from their website or your contract with them.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

Notice: ob_end_flush(): failed to send buffer of zlib output compression (0) in /home/mcgraneu/public_html/wp-includes/functions.php on line 4344