Thursday, February 1, 2018

Amazing summary of IT/Engineering staff and how to deal with and understand them

I'm posting this here because I don't want to lose it. This article sums up my experiences in the IT world so well it hurts. Well worth the read.

Wednesday, December 20, 2017

My recommendations for passwords

- Every site has a DIFFERENT password (i.e. no two sites should ever share a common password)
- Every password is complex, long and very random, e.g. password I just generated: PU#!$KnT8x^z82qG
- Every password is stored in a program called LastPass ( which auto-fills the usernames and passwords for me when I visit sites.
- Every site that offers 2 Factor Authentication has it enabled, especially gmail/facebook, etc

My LastPass password vault is protected by a long password that I have never used anywhere else before and will never use again anywhere else, but it's still a password that I can remember, LastPass also has 2 Factor Auth enabled, and it signs out after a period of inactivity to protect the account from someone using my computer.

So, when signing up to a site, I generate a new RANDOM, LONG and COMPLEX password with LastPass and save the site/username/password combination in my LastPass vault.

When visiting that site, you ensure that you're signed in to LastPass and it will auto-fill the site's username password for you from your vault. LastPass is an add-in for Chrome, IE, etc, so it's very seamless. It'll even import any saved passwords from Chrome's password store for you.

The above process protects you in the event of your one password (that most people use for every site) being stolen from some random site you used 3 years ago, and then used everywhere else since. If that happens, your whole digital world can be compromised very quickly.

It's a bit of work to get up and running (i.e. you have to go to every site you use, change your password to a new gibberish one, save it away in LastPass, etc) but once you get used to it it's far easier and much more secure.

LastPass is free for basic functionality, but if you want it on your phone too (recommended) it's $24 per year - which is a bargain.

I am even rolling LastPass out at work with a 'corporate' account, which allows us to share site passwords between staff easily.

The above advice is what I give everybody these days, without doing something like the above you leave yourself very vulnerable to attack, manipulation, identity theft, etc.

I should also mention that SMS-based 2 Factor Authentication is VERY bad, and should be actively avoided/disabled wherever possible. You should instead use an Authenticator App on your phone (LastPass has one, Google has one also) which scans a QR code and generates one-time, time-based codes that roll every 30-60 seconds.

An example of why SMS is bad, this really happens a lot more often these days than people realise:
- Bad Guy gets some of your basic personal details (facebook, etc), email address and mobile phone number (where the 2FA SMS codes get sent to)
- Bad Guy calls your mobile phone provider (Telstra, optus, voda, etc) and pretends to be you, or your wife, in order to gain access to your account. Sometimes they even visit stores with fake ID and pretend to BE you.
- Bad Guy claims that your sim card is lost/broken, etc and does a SIM replacement for your number
- Your phone loses connection to the telco network, SMS and calls now go to the bad guy
- Bad Guy goes to gmail and fills out the 'forgot password' form, which sends a one time SMS code to your number, which bad guy is now in control of
- Bad Guy gains access to your gmail with a new password, and immediately removes your phone number from the recovery phone list and sets it to some other number he controls, probably changes the 2FA configuration also - you've now lost access to your email
- Bad Guy begins to pull info from your email, which has a wealth of knowledge these days and begins commandeering your other properties (twitter, facebook, internet banking, superannuation, website domain registrations and hosting, internet records, business records and relationships, extorting friends and family with fake please for monetary assistance, targeting friends and family with crypto-malware, any any number of other horrible things)
- there's scripts online that automate all this and soon your life is in somebody else's hands and you will spend weeks/months fighting to get control back.
- Bad guy signs in to your Apple/Samsung/etc accounts, and remote erases your devices (phones, tablets, computers) to make it even harder for you to get back in to everything

So, SMS == bad, because the phone companies are very keen to pump and dump calls. They make very little effort to verify the caller beyond basic personal information, which these days can be found very easily online.

Sunday, April 17, 2016

My Belkin WeMo Journey - Part 1

A few years ago, I purchased a house with solar pool heating. The system is supposed to be controlled by a little box which monitors temperatures around the place. The box has a set point in it (which is the desired water temperature) and determines whether it can pump water through some tubes on the roof to raise the water temperature to that set point. The box didn't work, and was showing wildly inaccurate readings so I decided it would just be easier if I plugged the pump in and turned it on manually on hot days.

This actually worked pretty great. In the morning, on a day we knew would be hot, we'd fire up the pump and go to work. We would come home and the pool would be a nice temperature for swimming. But, sometimes I forgot the pump was on and didn't realise until I went to bed later that night. I was wasting a lot of energy pumping water around unnecessarily.

I found the Belkin WeMo online and thought it was a great idea. I grabbed a waterproof container for outside, and placed the WeMo in the box. Now, I could turn the pump on and off whenever I wanted, all from my mobile phone. Fantastic.

I consider myself a fairly early adopter of this technology, and so I expected and understood the teething problems I originally experienced with the WeMo. It would occasionally disassociate from my Wireless Access Point and I'd need to power cycle it. Sometimes it would not connect to the AP, and I'd have to do a factory reset on it. It was a bit of a pain, but with each firmware update the reliability improved.

Today, I have 7 WeMo devices, 6 of them are the basic WeMo switch and one is a WeMo Insight. The Insight is now what I use to run the pool solar pump. It's in it's early infancy, so the stats collected aren't fantastic yet. The stats don't seem to persist across sessions and I can't get aggregated data from it yet, but I am sure these things will come with time.

The other WeMo devices I have control solenoid valves I have connected to sprinkler systems around my house. The in-built rules on the WeMo allow me to specify that after a switch has been turned on, it should automatically turn off after a set time. This means I don't accidentally water my front lawn for 3 hours. Love it!

I can water my front lawns (pop-up sprinklers), my front garden, my back garden, veggie patches, filling my pool with water, all from my phone. Plus, it also works via the internet.

There's currently a slight flaw though, which I hope one day can be resolved.
All of these WeMo switches are on my home WiFi network. This means that if a guest arrives at my house and connects to my Wireless, all they need to do is open the WeMo app on their phone and my WeMo's appear in the list. Not only this, but their app then registers with the Belkin Servers and can control them from anywhere in the world without my permission. I have since created a 'Things' wireless network, which is completely seperate from my home network for the WeMo's to live on. This prevents guests from being able to control my devices without my permission. But, most 'mum and dad' users won't know how to create separate wireless networks on their home router.

I have also created a C# WPF app which I can use to control these devices manually.
I watched a video by a pretty smart bloke on YouTube by the name of Jerry Berg (aka Barnacules).
This video of his ( demonstrates some code he wrote to use the WeMo Web API to control it via C# (or anything really). He very kindly released his code (in the video description), and I based several apps I have built around this foundation.
I now have a list which lists all of the WeMo devices in it. The app uses multi threading to regularly query the WeMo devices in the background and provide real-time updates on their status. Clicking on a WeMo allows you to turn that device on and off, etc.

The app also uses the uPnP searching that Jerry originally used (though it doesn't work on Windows 8 or up), and I took it one step further and integrated with the windows implementation of nmap to scan for devices that look like a WeMo on your lan automatically.

I went another step forward, and build a MVC5 web app in C# that lists all of the devices through a https website, and lets me control the devices from a web page hosted at my house. This means I can see and control the devices at home from any internet connected device with a web browser.

I did all of the above, because over the last two years the WeMo Android app has gone from being clunky, great, to poor, to great again. I did all my development when the app was performing poorly. But, the developers there have really done a good job with the current version.

I don't know who else out there has deployed the WeMo to the extent that I have, use as many of them on a daily basis or has developed applications that can control them via the web api. I'd love to talk to people who have done stuff like this.

If you're keen to play around with the code I have written, I am happy to send the latest versions through to you. I've got a couple other little purpose built wemo apps that run on Windows that do other things too (I even improved on Jerry's 'router reboot' script by re-writing it in C#).

If anybody from Belkin reads this, please have a look at my wish list below:
- I'd like to be able to sign in to the WeMo app with a Google Account
- I'd like to be able to add specific WeMo devices to my WeMo account
- I'd like to be able to login to a WeMo website and see all of my devices
- I'd like to be able to add devices that exist at multiple different locations and control them from the same interface (at the moment, I have one device at my office which I use to reboot a flakey ADSL router. I can't see it in my Android App, and so I have to use custom C# code to control it remotely)
- I'd like to be able to make a WeMo device 'managed', so that only the WeMo account that I have added it to can control it from outside of my LAN
- I'd still like to be able to query the web interface on it via a LAN address (i.e. same subnet)

So far, super happy with these WeMo's.

Wednesday, July 18, 2012

Swann SW111-EU1 - DRIVER

I have a Swann SW111-EU1 USB 10/100 Ethernet adapter, and I've been struggling to find a driver for it. The Swann website ( says that the driver should be this: But that file doesn't exist on their ftp server, and the file name is so generic it's nearly impossible to find it mirrored anywhere else on the net. It turns out that the adapter itself is actually a Realtek RTL8150 chip. If you go up a directory on that FTP server to here: You will see in that folder. This is the driver you need for the Swann USB NIC. You can also find this driver on the realtek website: Hope this helps someone, as it's taken me a while to figure this all out for myself!

Saturday, May 19, 2012

How to reset your windows 7 password from the installation CD

My cousin came to me this week with an odd problem: She had "protected" her Windows 7 laptop from her sibling with a password. Except she did it months ago and can't remember what the password is now.

Windows 7 by default doesn't enable the Administrator account any more, so using a blank password on Administrator is out (this design feature is probably a good thing for the majority of cases).

After a bit of searching around the internet I found this article:

It was very helpful, and worked perfectly.

The only thing I would add is that if you don't know the username of the account you want to change, at the very last command prompt before you reset the password simply type "net user" and it will list the user accounts on the machine.

For my sake:

Let's get Started!

1) The Boot Priority in the BIOS needs to be set to boot first from the optical drive; insert your Windows disk and re-start the PC. At the first screen select your language then Repair your computer then it'll do some searching, at System Recovery Options dot Use recovery tools then select the OS and click next; while there make note of the OS drive letter, it may not be C: like mine is D:.

2) At the next screen select "Command Prompt" then in the Command window type "regedit" (without the quotes) and hit enter.

3) In the Registry Editor window that opens click to select "HKey_Local_Machine" then at the "File" menu select "Load Hive".

4) In the "Look In" in the "Load Hive" window that opens navigate to (in my case) LocalDiskD:\Windows\System32\config\SYSTEM and click "Open".

5) In the "Load Hive", "Key Name" box give the new key a name e.g. " 123 " (it can be whatever you like) and click OK.

6) In the left pane of the registry Editor window click the " + " sign to expand the "HKey_Local_Machine" key then click the " + " sign to expand the "123" key then click to select the "Setup" key.

7) Now in the right pane right click "SetupType" and select "Modify", set the "Value data" to " 2 " and click OK.

8) Again in the right pane right click "CmdLine" and select "Modify" and set the "Value data" to "cmd.exe" and click OK.

9) Now just as a precaution, close the Registry Editor at the "File" menu click "Exit"; then in the Command window that's still open type "regedit" and hit enter to open the Registry Editor again.

10) In the Registry Editor click the " + " sign to expand HKey_Local_Machine and click to select the new "123" key, at the "File" menu select "Unload Hive" and click "Yes" for the "Are you sure ..." question.

11) Now close the Registry Editor at the "File" menu click "Exit" then in the Command window type "exit" and hit enter to close the Command window, then remove the Windows disk and restart the PC.

12) When the PC restarts a Command window will open, in that window type "net user " mine is (net user "Bare Foot Kid" Test6) be advised: if you have a username like mine, with spaces, you must use " " quotes around the user name; when you get the "Command Completed Successfully" type "exit" in the Command window and hit enter; at the logon screen use the new password you chose.


Saturday, March 31, 2012

Big companies don't learn

The article here on slashdot talks about the PS4 and the next XBox restricting the re-sale of used games.

I think the 'suits' in charge of these companies are simply not learning, and adding restrictions like these to their new consoles will not only put off seasoned game playing customers, but give the platform a bad name.

I have a XBox and a Wii, I own games on these platforms and they are not cracked at all. I have on several occasions, leant games to friends. Mario Kart, Wii-Fit, Forza 3, etc. I have also been leant games like Forza 4.

Very often, this lending will result in the friend or myself going out and buying my own copy brand new.

Disabling this sort of "sharing" will do several things:
- Motivate people... to fight back!
- Inspire people... to find ways to crack the platform, and download the games from the internet
- Get people excited... about PC games, and platforms like Steam. Moving them away from the standard console. It's just too easy to build a PC, connect it to your TV with HDMI and use an XBox controller to play PC games just like a console. With the added advantage that you can surf the web, watch tv, you tube, do your homework, listed to music, watch movies and TV shows.

Microsoft, Sony, you need to wake up and realise that trying to scrape money out of the backsides of naive and unaware people will NOT increase your profit margins. It's the existing base of loyal customers who want more freedom, openness, and sharing from their platforms, that will make you the big bucks you're after.

Lastly, don't TELL people what they can and can't do. Don't lock them down. Don't restrict them. This just motivates them to fight back harder. To find ways around your bs restrictions. To strike back at you by moving away from your platform or simply cracking their console and getting their content for FREE!

Actually, since I don't really like SONY that much. MS, do me a favour, listen to everything I said above. Do the right thing by your customers:
- Allow them to buy 2nd hand
- Allow them to share games around their circle of friends
- Allow the new platform to play existing games from the XBox 360 as best you can
- Get your new platform out before Sony does, and steal the market away from the Playstation

You won't regret it.

Sunday, February 26, 2012

Microsoft Multimedia Keyboard and the Function Lock Key

I have a microsoft multimedia keyboard with a function lock key.
Each function key does other tasks, e.g. F2 is UNDO.
However, F2 is also the "Rename" shortcut for Windows which I use very regularly to rename files. F6 is the shortcut to jump to the URL bar in Internet and Windows Explorer, etc.

Annoyingly, the F keys are OFF by default so every time I go to rename a file, I end up undoing the last action that I performed. Quite often this can be a file move and I then have to remember which file I last moved and re-move it! I suppose I could press F3 to "Redo" but that's not the point!

You can of course, turn on the function keys by pressing the Function Lock key - but usually by the time I realise I have not pressed it the damage is already done!

Anyway, others have had the same frustration that I have and created a registry hack that reverses the button functionality. So that by default, the Function Keys are the Function Keys and not whatever arbitrary functions the Microsoft engineers decided I needed instead.

The registry hacks are here:

As with any registry hack, you should always backup your registry, take a system restore point, pray to your god(s) and of course EDIT the file to make sure it does nothing terrible (if you know what you're looking for).

As of the time of writing, these files work fine and are safe. I used But there are others there that might be more helpful.

In fact, this is all it is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,0e,00,00,00,3b,00,3b,e0,3c,00,08,e0,\

Feel free to make your own .reg file with the above code.

Make sure to reboot after applying the registry fix. If you want to undo all of this. Simply delete the "Scancode Map" entry and reboot.