Author: Miguel

I’m a bilingual Network Engineer. I have over 20 Years of Professional experience in Computer Science & Information Technology. I currently own and operate Web Semantics (www.websemantics.com) in Vancouver, Washington. I provide bilingual (English & Spanish) enterprise-level IT support to small and medium-sized businesses across the West Coast. *** Soy un ingeniero de redes bilingüe. Tengo más de 20 años de experiencia profesional en ciencias de la computación y tecnología de la información. Actualmente poseo y opero Web Semantics (www.websemantics.com) en Vancouver, Washington. Proporciono soporte de IT/Informática bilingüe (inglés y español) a nivel empresarial a pequeñas y medianas empresas en toda la costa oeste.

PHP CLI & Terminal Colors

A Simple PHP class for wrapping your console/terminal output text in color. Keep in mind that building a class for such projects will require customization as each terminal emulator will process colors a bit differently. For the most part, the colors in this class work with any popular terminal emulator.

<?php

class CLI
{

// this function requires 1 variable, content. The color arguement is optional.
function cout_color($content, $color=null)
{

// if a color is set use the color set.
if(!empty($color))
{
// if our color string is not a numeric value
if(!is_numeric($color))
{
//lowercase our string value.
$c = strtolower($color);

}
else
{
// chec if our color value is not empty.
if(!empty($color))
{

$c = $color;

}
else
{ 
// no color was set so lets pick a random one...
$c = rand(1,14);

}

}

}
else// no color @paramter was passed, so lets pick a random one...
{ 

$c = rand(1,14);

}

$cheader = '';
$cfooter = "\033[0m";

// let check which color code was used so we can then wrap our content.
switch($c)
{

case 1:
case 'red':

// color code header.
$cheader .= "\033[31m";

break;

case 2:
case 'green':

// color code
$cheader .= "\033[32m";

break;

case 3:
case 'yellow':

// color code
$cheader .= "\033[33m";

break;

case 4:
case 'blue':

// color code
$cheader .= "\033[34m";

break;

case 5:
case 'magenta':

// color code
$cheader .= "\033[35m";

break;

case 6:
case 'cyan':

// color code
$cheader .= "\033[36m";

break;

case 7:
case 'light grey':

// color code
$cheader .= "\033[37m";

break;

case 8:
case 'dark grey':

// color code
$cheader .= "\033[90m";

break;

case 9:
case 'light red':

// color code
$cheader .= "\033[91m";

break;

case 10:
case 'light green':

// color code
$cheader .= "\033[92m";

break;

case 11:
case 'light yellow':

// color code
$cheader .= "\033[93m";

break;

case 12:
case 'light blue':

// color code
$cheader .= "\033[94m";

break;

case 13:
case 'light magenta':

// color code
$cheader .= "\033[95m";

break;

case 14:
case 'light cyan':

// color code
$cheader .= "\033[92m";

break;

}

// wrap our content.
$content = $cheader.$content.$cfooter;

//return our new content.
return $content;


}



}

?>


$cli = new CLI();

// echo a string using the class string color 'red'.
echo $cli->cout_color('It Works!', 'red');

// echo a string using the class color id 1.
echo $cli->cout_color('It Works!', 1);

// echo a string using a random color.
echo $cli->cout_color('It Works!');

Add/Remove based on your project requirements.

Propagating The “CryptoCurrency Is An Unstoppable Force” Myth

I am sure you’ve heard that mantra, Bitcoin can’t be stopped. All regurgitated by a handful of those who have to benefit from it going mainstream. So they begin to ramble on about blockchain technology, wallets, nodes, revolution, etc. Yet, they always fail to mention that almost ALL cryptocurrencies rely on the internet being open and accessible. Ask a network engineer if they can block bitcoin traffic, “But, but it can’t be banned!”, ok buddy. It doesn’t necessarily need to be. As I’ve clearly stated in previous posts, what has made a reserve currency a viable option was security but ultimately its accessibility.

While cryptocurrency can offer accessibility, it cannot provide security… yet. Yes, it will work on a Mickey Mouse scale; it even creates an immutable log, cold storage mechanisms bla-bla-bla, so? Aside from cheaper ways to accomplish this, breaking network encryption for a true quantum computer will be like AI beating the first level of Tetris on its own… sinchy.

With the Snowden leaks (Vault 7 etc.), we learned quite a bit about network security at a nation-state level. Governments were actively weaponizing their networks; in some cases, some had already been at it for years. With the disclosure came the fallout; governments began internalizing their networks and software stacks. This also led first-world countries to up their electronic warfare capabilities, specifically EMP technology. An undisclosed EMP weapon was first used on the USS Donald Cook as it traveled through the Black Sea. On April 10, 2014, courtesy of a Russian SU-24, the USS Donald Cook’s entire weapon systems were disabled by a simple fly-by. With this in mind, how many detonations at an atmospheric altitude would it take to disable entire countries’ electronic and power systems? The answer would scare you. Do you know what would happen to metal? Nothing.

Aside from the obvious boring subject of electronic warfare, cyberwar is where all the fun is at. With absolute and unchecked power, like anonymity, cryptocurrency has no chance. When you own or have access to every network and power utility globally, with enough data from both datasets, you can quickly generate an algorithmic model to detect and pinpoint mining across multiple platforms. Just like financial data, your energy footprint says a lot about you. A few significant nodes coming down would cause massive network latency issues. The process could then be further weaponized to cause persistent network fragmentation resulting in wasted network resources and long network transaction times. Oh, but you want to mine a cryptographic network on solar, a cool story… Via satellite? You can’t successfully do it on land, you want to do it wirelessly? Who’s going to protect it? Do you think wireless signals are invisible? Even easier to find and destroy.

Most nation-states, with and who have insatiable budgets, are setting up multiple network sensors across global networks using various cloud providers, if they don’t already, to help map hidden/encrypted traffic—ever heard of supercookies? Imagine what other undisclosed headers/packet injection takes place at an ISP level, for “national security,” of course. They probably already do this for users who get flagged for using VPNs and Tor. It wouldn’t be hard to target central nodes and start causing massive fragmentation and chaos, or better yet, a few controlled power outages, and the men in black show up at your door and take you and all your equipment.

If it can be blocked, why haven’t governments banned Bitcoin then? One Word, Geopolitics. Can they block it? It depends on your definition of “block.” Again, do you have to block it to stop it? So why has no government done anything about it? Currently, governments around the world entertain the idea as it serves as a case study, hedge, and perfect tool to weaken the petro-dollar. No boogie man, no immediately identifiable group to blame, dress up, or call a terrorist, Bitcoin can’t be blamed, vilified, or assassinated. Don’t worry; governments connected with central banks will tell you that Bitcoin and cryptocurrencies are generally bad and contribute to crime. All while they make their own “safe” centralized versions (backdoored) in their dark closets. At the end of the day what ultimately makes Bitcoin bad to government institutions is it can’t be mandated to comply. A Decentralized cryptocurrency doesn’t care about opinion, only consensus.

Why do governments have an incentive to stop any trans-national rogue currency/currencies? Easy, who wants their local economies hijacked and manipulated by unknown foreigners? Kind of like how transnational corporations already do? Most importantly, how will governments fund their illegal freedom wars? This alone is the single greatest threat to government institutions, the ability to tax you arbitrarily. How do you fund any war without its people’s backing? This is why a rouge currency will never be allowed to become a world reserve currency. They will kill the internet, heck, some would say it already is.

Bitcoin is an idea, and if you ever watched V for Vendetta, you know that ideas are indestructible. I’ve always said who gives a rat’s ass about the currency aspect; it’s the protocol that matters. Although Bitcoin currently relies on digital networks, its true potential won’t be viable until two crucial technologies pass. The first and most important will be Quantum Networking, and the second, Zero Point Energy. These two, in conjunction, will make the concept genuinely unstoppable, unhindered by physical network constraints, censorship, and energy consumption.

If you still think Bitcoin today, as a reserve currency has a chance, you need to get off your non-binary unicorn and put the crack pipe down.

Facebook Faking User Account Hacking To Prevent Censorship Enmity

Are you one of the many whose Facebook account one day automagically got hacked? You’re not alone. In the past few months, I’ve been investigating the problem as it happened to me… Like many, I wouldn’t normally care and would just pass it off but this was different, I could smell the BS. As Cybersecurity “enthusiast” I have very strict protocols when it comes to nomenclature, specifically account details, in other words, there was no F’ing way my password was “hacked”. I decided to go down the rabbit hole a bit and started by trying to recover my account only to come to a super-shady Facebook recovery page that, for being a billion-dollar company, looked and worked like garbage. Aside from feeling like I was getting scammed, the page asks you to upload a photo ID… wtf. After debating for a few days, I decided to test the domain name, did all kinds of network scans to make sure it was indeed Facebook I was about to send my ID to. After validating the page was indeed facebook, I submitted my ID only to get some generic message. With a few weeks remaining I decided to wait for a response. Three months later NO response. In the end, being an engineer myself, realized that I had been shadowbanned. Why shadowban? Easy, it’s easier for someone being censored to deal with the idea of their account being hacked, no immediate person or thing to identify and blame, a digital form of smoke and mirrors. As I said, straight-up shady behavior. In my opinion, Facebook, like Twitter, has been weaponized to regurgitate a specific narrative (duh?) under the guise of “free speech”. EVERY country should block both and have their own clones internally developed for “national security” reasons. Best way to tell both to choke on :eggplant:

New Email Scam Targeting Small-Medium Sized Businesses In The Pacific Northwest

I decided to write a quick post on the topic as I just received one of these new scams and almost fell for it and hopefully can prevent someone else from falling for it. The scam campaign seems to be targeting small-medium sized businesses and may variate in tactics depending on the industry targeted, the email example below is real and should be used as a template for what to look out for.

The prospect, in this case, is also the attacker (a fake prospect), sends a vague email as the one below (this is an actual scam email ):

It Looks ok, right? Weary of the pdf attachment I scan it for malware or trojan but nothing was detected. I was still weary, being a computer & network security expert I decided to upload it to Google drive (lol) and previewed it there. To my surprise, it actually was a banner design…

At this point, I was 75% convinced that this was a legitimate prospect. I decided to reply with additional questions required to effectively do the job or at least provide an accurate quote. The next day I received a reply:

After receiving the reply, I took some time to further analyze the entire conversation and began to find problems in his requests such as:

1. His email address, it was a Gmail address, easy to create anonymously.
2. Why is Save A Life Foundation (SALF) making banners for HIV/AIDS?
3. The banners mention sponsors but nothing about the SALF.
4. The banner size is an odd size, not a standard size, and doesn’t mind “any good” size.

Still weary but curious, I decided to go further down the rabbit hole and give them a quote which they then replied:

After I received this response I was convinced it was a scam and decided to do some research.

So SALF is asking me to send banners to a Mexican Address huh? let’s check it out…

Yeah doesn’t look like the Save a Life Foundation unless they’ve downsized and are outsourcing now, it’s obviously not any organization saving lives.

The email midlandshipping@usa.com looks absolutely wrong but somewhat legitimate because of the @usa.com domain behind it, which is why attacker used it. Thinking the attacker had compromised a mail server belonging to the domain, I decided to look at the domain in search for their abuse email so I could notify them of a possible breach with their mail server. Upon my search of the usa.com site, I came upon this on the usa.com site contact page.

So now we see how he was able to get the @usa.com email, it’s completely free.

This experience was annoying because of the time wasted but was good practice. I suggest people research companies who want to send your business requests for quotes and then ask to ship outside the country. Make sure their request makes logical sense, someone asking for something in quantity should be asking for standardized items and should require a standardized transactional process, no special or shady instructions, if it feels wrong don’t do it! In my case, it saved me a few thousand dollars that would have been most likely through a chargeback from a stolen credit card the attacker used.

sihost exe Hard Error Fix, Windows 10 Derp Edition

We noticed that a lot of customer PC’s where coming in with the same problem after installing a Windows update, specifically the April update. After a few hours of troubleshooting, the only conclusion to fixing the problem was creating a USB Windows 10 installation media and reinitiating the update process from the USB media (It will reinstall windows but download everything via USB update instead of the OS). We tried everything (sfc /scannow, dism…) and this was the ONLY solution that worked. So the solution to your broken windows is simply restarting the updating process through a Windows 10 USB installation media, the process should leave all your old files intact and only fix the broken OS, specifically the Administrative/System accounts which is what caused this problem originally.

Streaming 1080p Video Through The Browser On An Odroid-C2

If your trying to build a video kiosk using a RasperryPi 3 guess what, you can’t and trust me I tried. I stumbled upon the Odroid-C2 and my whole life changed…

To build a 1080p capable video kiosk simply follow the outlined steps below.

Download VideoJS (Open Source Javascript HTML5 Player)
HTML5 Video (.mp4)
Encode your Video at 24/25 fps or at a max of 6Mbps stream, ideally 5Mpbs.

I tested multiple in-browser video players and VideoJS outperformed all. I was able to get movies like The Matrix to play very smooth at even the most GPU intensive scenes. For more information about other methods used or to view the odroid forum thread that dealt with this issue visit here.

Consider avoiding viewport values that prevent users from resizing documents Validation Error

So apparently this new rule/standard went into effect December 2016 causing this “Consider avoiding viewport values that prevent users from resizing documents” HTML5 validation error. To fix it make sure your:

Tag does not have the “maximum-scale=1.0” value, it’s that simple :)

*** UPDATE***

make sure you remove the following values:

maximum-scale=1.0
user-scalable=no

Source: https://github.com/validator/validator/commit/7cfc964d343cbd677beee32dad8f8e6ecab1210b

Thanks to Gaspard d’Hautefeuille for the update notice.

Updating To OpenSSL 1.0.2g On Ubuntu Server 12.04 & 14.04 LTS To Stop CVE-2016-0800 (DROWN attack)

It was a bit difficult to find any real information on fixing the latest openSSL CVE-2016-0800 (DROWN attack) so I decided to write this quick post on how to update your Ubuntu Server 12.04/14.04 OpenSSL (or any debian-based distro with apache2) to the latest 1.0.2g build to avoid the DROWN/Heartbleed attacks. I’m not going to go into the details of how the exploit works and how it’s exploited as there are many blogs/sites that already go over this. Instead I will only focus on the fix, I have provided 2 methods, a method using cURL or wget.

*** UPDATED 7/4/2017 ***
Because this is a popular post, I’ve gone ahead and updated it to reflect latest SSL binaries, it’s good practice to check what the latest binaries are regardless of this post.

cURL Method

sudo apt-get install php5-curl (Install cURL library)
sudo apt-get install make (Install compiling library Make)
curl https://www.openssl.org/source/openssl-1.0.2l.tar.gz | tar xz && cd openssl-1.0.2l && sudo ./config && sudo make && sudo make install (single command that will download latest binaries, extract them, cd into the directory, compile configuration and then install the files)
sudo ln -sf /usr/local/ssl/bin/openssl ‘which openssl’ (This will create a sym link to the new binaries)
openssl version -v (Used to check the version of the Current OpenSSL binaries)

wget method

sudo apt-get install make (Install compiling library Make)
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz (Download the latest OpenSSL 1.0.2g binaries)
tar -xzvf openssl-1.0.2l.tar.gz (Extract the tar ball to the local directory)
cd openssl-1.0.2l (Enter extracted OpenSSL directory)
sudo ./config (Configure binaries for compiling)
sudo make install (install configured binaries)
sudo ln -sf /usr/local/ssl/bin/openssl `which openssl` (This will create a sym link to the new binaries)
openssl version -v (Used to check the version of the Current OpenSSL binaries)

This was tested on both Ubuntu Server 12.04 & 14.04 LTS versions. Questions? Comments?

How To Change Network Location On Windows Server 2012 R2

This is one of those quick posts designed more as a note, I had fun trying to find the way to update the network location on my 2012 Server sandbox so I figured I would create a short post on the matter…

It can be found by following:

Server Manager>Tools>Local Security Policy>Network List Manager Policies>Network

This is of course assuming that you have a fresh install with GUI.

—

If you’re using PowerShell you will want to run the following command (this requires PowerShell 4)

Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private

The Shady SEO Email Sales Pitch & Why I’m building A Public API To Stop IT!

Doing legitimate business now days is becoming quite cumbersome but you know what really grinds my gears (Peter Griffin reference lol…)? Shady SEO sales emails, I have a lot of SEO clients who seem to be receiving emails from salesmen with fake GMail accounts promising them better ranking through their site’s contact forms. The problem is the clients receiving these emails are clients already Ranking 1-5 on Google, Bing & Yahoo. Here is an example of what these sales emails look like…

Cristina Matthews
phone:206-309-XXXX
email:matthewscristina12@gmail.com
we can help your website to get on first page of google and increase the number of leads and sales you are getting from your website. please email us back for full proposal.
best regards,
cristina

It takes in some cases a lot of work to get these clients to the first page of any search engine and these clowns try to take advantage of uninformed business owners by getting them to try to switch to them. Now I have no problem with honest business but this is just shady period!. If you’re so confident about your process, business or model why send out covert emails? Why would you be pitching SEO incognito?
People like this make me sick and have no sense of honor, most likely trained by some sales clown with a suit in a call center (shell company) who resells one-size-fits-all SEO packages for another “SEO” company who wants to make easy money from people who already have put in the hard work. I have already built an anti-solicitation framework for internal business operations to try to eliminate these type of sales pitches but now I’m going to take it a step further.
For the next few weeks I will be working on a public API to stop all people with flagged email and IP addresses associated with these types of sales tactics. Just for fun I am thinking of also putting up a public wall of shame for people to view the type of shady emails sales pitches to look out for.