pquirk.com gets hacked

So, an interesting thing happened a couple of days ago, I got a notification on my WordPress phone app about some failed login attempts at my blog. Since this is running on my server running open source software that I installed, I get access to everything that happens. Every error log is captured, saved, and eventually archived.

How do I know it was a hacker? First of all, there is no obvious link to an admin login from my main page. If I wanted someone else to create a post on my blog, I would send them the link. Since this is a personal blog, I’m the only one who would ever log into it, and since I use a secure password manager from a secure device, I never have a failed login. So, when I check my activity log using a secure app on my phone and see a lot of failed login attempts, I look a little closer. When I see user names like jake, admin, teste, qwerty, user1, pquirk, and paul as user names being used to access my blog over and over again, I know that something’s up.

Each attempt captures the IP address of the person attempting to hack my website. Using a utility called whois, I can find out information about this IP address; who owns it, with full contact information. So jake failed from 123.16.70.105, which resolves to Pham Tien Huy of the VietNam Posts and Telecommunications Group from Ha Noi City. The next IP address used was 14.232.111.13, which also resolves to the Vietnam Posts and Telecommunications Group, also owned by Pham Tien Huy. Each attempt was from a different IP address, all resolving back to VIetNam. Odds are very good that different people from VietNam are attempting to hack into my blog; rather, this is probably one individual using either a VPN or proxy server.

I do have options in the event of getting hacked. I could contact Pham Tien Huy with the time, date, and IP address, and that person would tell me the IP address of the person who connected; in effect, trace it back to its origin, and then I could get that internet provider to provide me with details of who used the originating IP address at that time, then I could take action against that person, as nobody is truly anonymous on the Internet. That’s more work than I care to do right now, so another strategy I could employ is to block them with my firewall. Since whois gives me the entire range of IP addresses that this came from, and since it’s unlikely anyone from VietNam would ever read my blog, I could block that range of IP addresses; say, 14.244.0.0 – 14.255.255.255, with the “ufw deny” command. However, I don’t feel the need to do that either. This blog, and my web site, are hosted on a Linux server that exists for real in my basement. It’s locked down with the latest security updates and strong password encryption. In a worse case scenario, I can pull the plug, re-load from my daily backup, and be back up and running within minutes. I confess to actually getting some amusement scrolling through my logs to see this loser waste time in his (or her) pathetic life trying to hack my little insignificant blog. The only time my site goes down is if there’s a power outage in my area, or when I need to reboot after installing the latest security updates.

I do wonder, what kind of pathetic loser would try to hack a site like this? Then I realize that the truths I post are going to be offensive to those who profit from ignorance and censorship. The kind of person who has multiple fake Facebook accounts created from these multiple fake IP addresses so they can game Facebook’s heavy handed censorship policy by having them all report an “Offensive” post so a person can be censored. Except this time, it’s different. This time, their complaints would have to go to me. Of course, they would never air their grievance with me, because, deep down inside, they know that I’m right, that I speak the truth, and they’re a weasel who can only use underhanded tactics to silence me, and so that’s what they resort to. This motivates me to continue with this, to write candidly and openly about things that matter. Facebook’s fired. This is the home for my speech, and I won’t be silenced by some pathetic loser.


Keeping track of myself

Our smart phones can track our every movement, and this has become a controversial issue among people with privacy concerns. On one hand, this can be very beneficial; for example, it can act as the perfect alibi to prove where you were at a particular time. It’s also good to have if your phone goes missing. For me, as a service electrician, I can verify where I’ve been and how long I’ve been there. However, people have legitimate concerns about giving big companies that information about us; for example, what if it places you at the scene of a crime during the time it occurred, yet you had nothing to do with it? While it’s good for me to see how many times I’ve visited the LCBO in order to make better decisions and choices about my health, a company that would sell that information for marketing purposes would ensure that this government corporation could better target their marketing campaign to encourage me to consume more of their addictive poison. I’m writing this today to tell you that it’s not an either-or decision. You can enjoy the benefits of tracking the location of your phone without giving it to a big marketing company. You can do it yourself, and it’s really not as hard as you might think.

Screenshot of Owntracks showing my location, an open source Android and iOS app

First of all, I’m going to briefly go over how GPS works. We have been culturally conditioned through television and radio to believe that advertisements are the only way to get good things for free; however, when it comes to GPS tracking, big marketing companies are using something that we have already paid for at little to no expense to them for great opportunities to sell valuable targeted advertising. The heart of GPS technology is a network of 30 geosynchronous satellites each transmitting a unique signal; wherever you are in the world, at least 4 satellites are visible, and by timing the transmission of these four signals, a GPS receiver can determine, with a great degree of accuracy, its location. This is the most expensive component of this technology, and it has already been paid for by working class taxpayers of the United States of America. If you are a taxpayer in the United States of America, you and your fellow Americans paid for this network, it belongs to you. If you’re outside of the United States, this signal is a gift by the people of the United States to the world to make the world a better place. The other component of GPS locating technology is a combination of the hardware and firmware in your smart phone, and, if you’re like me and buy your phones unlocked, you have paid for this already; there’s no need to believe you should have to pay any more. The rest is software, which is provided by the open source community.

A screenshot of PhoneTrack, filtering my captured data.

Software needs to run on at least two places for this to work; you need software on your phone to collect and send the data, and you need software on a computer somewhere to receive and store this information. For this, I use Owntracks, an open source application for iOS and Android. On my server, I’m running a plugin called PhoneTrack which works on NextCloud, which is running on Apache2 on Ubuntu Server. All of these are open source, and some large marketing companies use some of these programs themselves, but they are easy enough to install and run on my small obsolete desktop computer. There is plenty of documentation online that provides step-by-step direction, so it’s a simple matter of following directions. Anyone could do it.

With NextCloud, I already have the ability to back up pictures and settings on my phone; this plug-in provides me with the ability to take ownership of yet another beneficial smartphone feature. Ultimately, it’s not an either-or decision; we really can enjoy all the benefits of technology without giving up our privacy, as long as we’re willing to take ownership of what rightfully belongs to us with the power of open source software.

Income tax 2018

It’s that time of year again, that time when we get to continue to ensure that we’re doing our part to help pay for the cost of everything our country needs to fight World War 1, even though it’s long been over. A lot has changed in the 102 years since income tax was federally mandated in Canada; our government has become ever increasingly bloated and inefficient, and income tax has become so complicated, regular people often need someone trained in this field to do it for them. One year around a decade ago, I had a professional, Katrina Morin and Associates, do it for me, and they made a mistake that cost me $25 in interest to the government that I would not have had to pay if my return was done correctly on the first attempt, and Katrina told me herself that she would not refund me this interest charge, even though I paid her many times more than that. Instead of fighting her for the money, I decided to leave her a one star review. I have since realized that all these so-called professionals do is plug numbers into the same computer software anyone can get for free (simple data entry clerk level work), and a lot of them don’t really care if they do that good of a job of even that simple task, so garbage in = garbage out. Since then, I have always vowed to do my and my wife’s income tax myself.

I have since become generally opposed to the idea of paying money for a person or software to complete my income tax return; it’s an additional burden that hard-working taxpayers should not have to endure. I find it amazing that people get excited when they get a return, considering the only reason they would get a return is because they over-paid the government in the first place, effectively giving our government an interest-free loan, although it’s probably better than leaving it in a bank because at least they won’t charge you for taking your money…yet. The expense of software or a person to assist us with our taxes should be shouldered by the government who take so much money from our income in the first place. At the very least, the cost of such software or services should be a 100% write-off. However, our government needs to waste our money elsewhere to keep their budgets on creating waste as high as possible (more on that in a future blog post), and so we are left with our current state of corruption. Fortunately, there are free and pay-what-you-want models that exist.

My favourite program for doing income taxes over the past few years has been StudioTax. Unfortunately, it is Windows or Mac only. This seems unusual to me, as their license to use the software seems to be more in-line with the ideals of open source software: It’s free to use with no strings attached, no registration or license key required, and no coercion to upgrade or pay for other services. I tried to install it using WINE, and while it installed and launched correctly, it ground to a halt after attempting to enter some information.

StudioTax 2018, as far as I can get in Ubuntu Linux

I decided to shoot an e-mail to the StudioTax support team to ask them about Linux support. This was their reply:

Hi, Sorry, not an easy port to make and, most importantly, a costly yearly maintenance/certification. It just not enough demands out there to justify the effort…mobile devices(iOS and Android) are more urgent priority going forward. Thank you for using StudioTax! Warmest Regards, StudioTax Support Team

I was disappointed to learn that there’s a cost associated with getting software certified with our government (again, what are they wasting all that tax money on, as if I didn’t know), but I was happy to see that they are working on Android support. Android is an open source operating system, and there is work being done now to get Android apps to run in Linux. All of this means that it’s just a matter of time.

But, what about now? I could order a paper copy and do my taxes that way, but that’s going to be time-consuming and seems foolish when I have a powerful computer that can help me do it error-free. I could boot into Windows for that one task, but I prefer to stay on the Linux desktop. Option three is to use one of the free on-line services for me to do my taxes this year. I decided to go for the web-based service SimpleTax. They claim to use encryption, so if you forget your password, there’s no way for anyone to reset it. They have a clean, ad-free interface that I prefer. The way I see it, I e-File my return to government run servers anyway and who knows who’s looking after that (outsourced to the lowest bidder or to someone’s good friend or family member), and I have no reason to assume the people at SimpleTax are going to be worse than our government.

What about you? I’d love to see my reader’s opinions on this topic.

LightZone and Ubuntu 18.04

One of my favourite desktop applications is LightZone; it’s a digital darkroom that allows me to work with the RAW image format that my Pentax camera produces. In Ubuntu 18.04, it reported the following error on startup after installation, and then did not work correctly with JPEG images:

/usr/lib/lightzone/libLCJPEG.so: libjpeg.so.62: cannot open shared object file: No such file or directory

After doing some research, I discovered a simple command line solution to this problem; I simply opened a terminal window, then entered:

sudo apt-get install libjpeg62:i386

Now everything works as it should.

Games on Linux

One popular argument many people use for wanting to go with or stick with Windows is that Linux isn’t as good for games. Giving credit where credit is due, Windows is an excellent platform for gamers. Then again, so are consoles like the Playstation 4, XBox One, and Nintendo Switch. However, I’d like to make the case that Ubuntu Linux is also an excellent platform for games, so if your only reason for not switching to Linux is a lack of games, I think you should reconsider.

The standard Ubuntu install comes with four great desktop classics; Solitaire, Minesweeper, Sudoku, and Mahjongg. These classics are both relaxing and mentally stimulating, and are pure versions of these games without advertising or requiring money to unlock certain things.

Next up is the Ubuntu software center. Bear in mind that these are largely open source free games, but there are some gems to be found. Warzone 2100 is actually a very well done real time strategy game, and some of the knock-offs, like MineTest, are actually really well done and get a lot of support and development from the community, though people are also able to run the original Minecraft in Linux by following some instructions found on-line with a search. One notable thing that shows up repeatedly here are emulators of various systems like the Nintendo Entertainment System. I was more of a Commodore nerd, so Vice and UAE are more my thing, and DOSBox does an excellent job for classic DOS games. In fact, just about every classic gaming system is emulated in the Linux platform, which can make Ubuntu Linux a great home for all of your classic gaming needs; you just need to add the ROMs or disk images.

One of my all time favourites

Some great Windows games run fine on Ubuntu Linux, thanks to WINE. WINE is a recursive acronym which means Wine Is Not an Emulator. What it is is a compatibility layer that allows Windows programs and games to run on the Ubuntu desktop as a native application, because the compatibility layer provides them with the resources they need. Back in the 90’s, when I bought Windows ’98, I also bought Command and Conquer: Red Alert to go with it as a Westwood Classics, and this was the game that convinced me that Windows was the platform to have because of that game alone. Remarkable that I can play it for free flawlessly on the Ubuntu desktop.

Steam on Linux

Then there’s Steam. I went directly to their website to install this on Ubuntu 18.04 LTS, and it runs great. Another one of my all-time favourites are the Half Life series, including Portal, and these have all been written to run natively on Linux.

Portal

In the case of Half Life, the characters got some improvements in their details.

And then there are new games to try out and explore in the Linux platform; the first one I’m going to try out is Endless Sky, which is a free download. However, I’ll be the first to admit that I’m not really that up-to-date on the latest and greatest games on Linux. For that, I would have to refer you to sites like Foss’s 30 best Linux games on Steam you should play in 2019.

That’s about all I have for now, but I think it’s pretty clear that there is no shortage of games on the Linux platform. At least for me, it’s delivered everything I want from the gaming world, and so see no reason to revert back to Microsoft’s marketing vehicle called Windows 10. I hope you have a great weekend and enjoy a few games yourself.

Going back to Linux

First, I will state that I think Windows 10 is a fine operating system. I switched back to Windows from Ubuntu Linux when I could upgrade my Windows 7 for free. I thought I’d try it out, and then stuck with it. There wasn’t anything I couldn’t do, and it ran all the software I wanted. On a technical level, I believe it is a superior product in the market, certainly better than the MacOS, and, as far as companies go, I believe that Microsoft is less nefarious than either Apple or Google.

Yuck.

My main reason for going back to Linux is that Windows 10 is a marketing machine for Microsoft. For example, when I click on my start menu, I see things like Candy Crush Friends Saga and Township, which are things I have no desire to play. I didn’t put them there, and while they are free, they have in game purchases that I don’t like. Honestly, I’d rather pay for a good quality game up front than to have on-going in game purchases. What’s wrong with Mine Sweeper or Solitaire? Another example is when I run an older version of Microsoft Office, it tells me that my Microsoft Office is out of date and wants me to buy the new version, even though there’s nothing wrong with the old one. Even my lock screen is constantly telling me how great Microsoft Edge is, and why I should use it. It’s constantly calling home to send data about my usage to Microsoft servers, in order for advertisers to be better at manipulating me through targeted ads.

Store bought boxed originals

I get it; Microsoft is a company, and so they need to make money in order to fatten the wallets of their shareholders. I have no problem buying a good quality operating system or office suite; for example, I bought legitimate store box copies of Windows 98, Windows XP, and Windows 7. I also paid for a legitimate copy of Office 2003, student and teacher edition as I was using it for non-commercial purposes. I didn’t need to be told when to buy these products; they offered something I wanted or needed, and bought them – or rather, paid for a license to use them.

Oddly restrictive licensing.

That license is another thing that is an issue. For example, my copy of Office Student and Teacher edition 2003 has qualifying criteria: Full or part-time student, home-schooled student, full or part-time faculty or staff of an accredited educational institution, or a member of a household meeting this criteria. This means that the average minimum wage earning joe struggling to make ends meet who just wants something to create a new resume so they can find a better job would have to shell out a lot more money for the “Standard” edition, while an overpaid tenured professor gets to use the inexpensive version. I have a problem with that. It also states that it’s licensed for non-commercial use on up to 3 home PC’s. I don’t get it; why should Microsoft care about how many PC’s I use this product on in the privacy of my own home? No wonder I switched to LibreOffice.

Then there’s the way Windows behaves. For example, every week there’s a new system update. Often, these will force my computer to restart. Ubuntu Linux doesn’t do that. One time, I got an update that linked my documents and pictures folders to my OneDrive, but then my OneDrive filled up, so I got a message that I could “Buy” more space. Yuck, more harassment from the marketing department. I have to “Opt out” of things that, if they were “Opt in,” nobody in their right mind would participate in.

This Netbook is over 10 years old!

My journey back to Linux started with giving new life to an old netbook; an Acer AspireOne. I replaced the hard drive with an SSD, and installed Lubuntu Netbook edition. Lubuntu is a lightweight distribution of Ubuntu. This became my workhorse and travel companion; I installed LightZone on it so that I could have a digital darkroom with me anywhere I went. I followed that up with installing and configuring Ubuntu Server on the computer that hosts this very blog. My main PC is one I built from hand picked components in 2017, and I had intended it to be a powerful Linux machine, but I ended up transferring my legitimate Windows 10 license to it. Today, I finally got around to installing Ubuntu desktop 18.04 in a dual boot configuration from a USB stick. I was pleased when the installation went flawlessly, and everything worked. It even found my network laser printer and set it up automatically, no need to go hunting for drivers!

My first impression was one of peace. I went with the clean Unity desktop that I hated so much when it first came out but now have come to appreciate. No advertisements. No visual noise. No pressure to upgrade and spend more money. Nobody watching, nobody tracking to figure out what to sell me next. I configured the Thunderbird mail client; I hadn’t used an honest, clean, functional mail client like this since the last time I used Ubuntu Linux. I was shocked to see that my neglected inbox had over 15,000 unread messages; thankfully, Thunderbird allowed me to quickly and easily cut that down in a reasonable amount of time. I installed the NextCloud client and synced everything.

Ultimately, my greatest satisfaction comes from the knowledge that every single clock cycle and every bit of memory in my computer is dedicated 100% for my benefit, and is not wasted for the benefit of a company forever trying to extract more money from me. No wonder my computer feels so much faster and responsive now.