Feb 8, 2017

Feb - 08 2017 | By

http://www.gotenna.com/ For when there’s No Cell Signal- Range up to 2 miles.. BlueTooth Plus VHF

We Got Hacked:
WordPress 4.7.1 Retained Vulnerability How we found out and how it happened
WordPress Security …

Thanks Ryan for: the Ublock Origin Plugin for FireFox, Chrome, Safari and why these things are Free.

Two more: AdBlockPlus (Banners, Animations)
VideoDownload Helper  ..Use this last in combination with VLC Media Player for great results

Cable Modem Lore.Background here and what to expect

 https://en.wikipedia.org/wiki/Digital_cable

 


 

Additional notes

Notifications of new show notes and edits are tweeted at: twitter.com/ddhart.
– They’re tagged with #Zentech.
– When what’s said is unclear to me (or I’m unfamiliar with a topic) I tend to quote (” “) verbatim.
– Editor’s comments are delimited by < >

For a couple of months, the audio of today’s show is here. Recent shows are here.

 

Paul was in the studio. Glenn called in from Davis.

 

Paul keeps all of the music he likes on his iPod and a long time ago he sent his entire collection to Google Music. You can send, over a period of days, 140 gigs of music from an iPod classic up to the cloud, Paul said. He previously talked about it on the 11-25-15 show.

Once Google has your music, it looks thru your collection and will “offer you things which are more of what you like”. But the problem with that is “it makes you more like what you are” <the so-called filter bubble> and you’re less likely to explore other genres of music.

The Zen Tech web site was hacked on 2-6-17. They changed the page for today’s show notes by posting the flag of the Peshmerga and a profane word followed by “death to ISIS”. Paul fixed the site yesterday.

The Zen Tech site runs on a content management system called WordPress. Something like 40% of websites run WordPress, Paul said. Such a large proportion makes it a low hanging fruit for those intent on mischief.

The attack was done by a “script” <essentially, a program> which can originate anywhere. The hackers can send out a “crawler” that purports to be, for example, Google and the Zen Tech site can’t tell that it’s not Google except maybe by the IP address.

Being an automated process, the script tries breaking into many websites. The script doesn’t care if the WordPress is an older and more vulnerable version; it tries an exploit and moves on — like a burglar trying doorknobs until one opens.

It turns out that Paul was just 10 days behind in updating WordPress from version 4.71 to 4.72. After fixing the site, he installed a plugin that automatically checks the other WordPress plugins and WordPress itself to be sure they’re up to date.

There are 3 ways to compromise WordPress.
– WordPress itself, which is bunch of software with a data base running behind the scenes, which is usually MySQL.
– The themes
– The 3rd, and most likely way, are feature plugins, which are enhancements to improve the functionality of the website. The plugins are developed by individuals who may make money (but usually don’t) and the plugins are abandoned. With no security updates they become vulnerable.

Glenn called in and told us that he’s used Xfinity wi-fi for the first time <while away from home, I guess>. Apparently he’s recently subscribed to Xfinity’s internet service (internet only). He can now use any the nation-wide Xfinity Wi-fi Security Recommendation hotspots <access points>. Paul asked if one needs a valid cable account to have the access and Glenn confirmed that it’s true. Glenn said he just chooses the Xfinity network in the wi-fi settings and logs in with his name and password.

Both Glenn and Paul got an ad for the [Xfinity] cable service offering a 1 year contract for $30/mo and an optional $10/mo for the cable modem, if you don’t have your own. It’s strictly for internet service, not TV. You can add a TV package that includes your local channels and HBO or Showtime.

The guys bought their own modems from Amazon. Paul just did a search for the words: comcast compatible modem. The thing to look for in a modem is that it decodes a number of channels. The old modem Paul had would decode only 1 channel, which was good up to 30 megabits/sec. If you buy a modem, make sure it says 8 by 4 — 8 channels down and 4 up, for a total capacity of 350 megabits/sec. Though you won’t use the full bandwidth, you get better performance when other people using some channels. The Aris modem/router costs $69 and comes with a 2 year warranty. Note that some credit cards add an additional year to the warranty.

Paul offered a tip for those looking for wi-fi service. He said to look at wi-fi signals in your area, using the network menu of whatever device you have. Find a neighbor whose connection shows up in the menu and offer to share and split the cost of their service.

Paul was sent a link to the free Ublock Origin Plugin that works in the 3 major browsers — Firefox, Chrome and Safari. <See the link at the top of this page> It keeps a table of places that are known to farm out banner ads and Flash ads. It keeps track by address and domain names. It blocks ads based on where the ad comes from rather than the type of ad. If you hover the mouse over the Ublock tool bar item, it tells you what sites are blocked and the sites you’ve visited. Ublock allows you to unblock banners at a particular site, if you want to see them.

Ublock collects statistics on how you use your browser. They aggregate the data but don’t identify you specifically. Also it’s open source software so the code is available for all to see. Many eyes make for better security.

Paul went on to mention Adblock Plus, which blocks Flash animations from running automatically, If you want to see the animation, you can start it with a click.

Then there’s Video Download Helper, which allows you to download Youtube and other videos.

And finally, VLC Media Player (Video Lan Converter) that runs on PC, Mac, Android (but not iPhone). It’s a multi-standard video player that will play just about anything including video, audio and Flash .flv files, which you might get from Youtube.

Paul talked about gotenna.com. When you want to communicate but don’t have a cellular signal, e.g. in the wilderness, you can use this VHF transmitter/receiver box. It uses FRS BRS frequencies, which don’t require a license. These frequencies are also used by walkie-talkie products, which have a similar range and may actually be more practical to use. You use your phone to connect to this box via Bluetooth and you can send encrypted text (txt) messages and make voice calls.

See link at the top of this page for these various items

.

Glenn invited listeners to visit the Zen Tech website at zen.kvmr.org. You can also send email to zen at kvmr dot org, He thought email might be having problems right now, but the mail will eventually get thru.

Glenn mentioned the Mac Mini he bought recently with 4gig RAM, 500 gig hard drive and an I5 processor. He had thoughts of boosting the RAM to 8 gig but found out the RAM is soldered onto the motherboard and can’t be upgraded. He’s thinking about getting a version that comes with 8 gigs, instead. He noted that the newer versions of the Mac operating system come with Siri, which requires 8 gig to avoid serious slowdowns.

Paul noted that some Apple products can’t be upgraded. The iPhone comes with a fixed amount of memory and the Mac Book Air has a solid state drive that’s soldered-in. Reliability may be the reason they’re made that way, but it may be that Apple wants you to buy an upgrade. Paul also speculated that this latest version of the Mac Mini will be the last one made with a spinning hard drive. He expects a move to solid state drives (SSD).

Glenn said there is a version of the Mac Mini with a 1 terabyte fusion drive. He thought it might be a combination solid state drive and spinning platters. Paul mentioned some advantages of such a drive. <See show notes from 11-30-16 & 1-25-17 for a better discussion>.

Paul said more about the Zen Tech website. There are over 1,000 links from 10 year of use. Some of the links aren’t valid anymore. Though there is a plugin that checks for outdated links, Paul said he doesn’t have the time to go back and correct them.

Paul mentioned that archive.kvmr.org has the audio to recent KVMR broadcasts. The audio for music content is no older than 2 weeks, for copyright reasons. Talk shows are up to 2 months old <and are usually downloadable>. Also, there is a “subscription system” at audio.kvmr.org/podhawk.

The broadcasters at KVMR use Spinitron to log the music that’s played, for the purpose of paying royalties to the artists. Some other stations are automated and keep track of what’s played with their own equipment. <You can see for yourself what’s been played at kvmr.org/playlists>

Last Updated 11:55 PM 2-8-2017