Author: Russ Michaels

WIFI problems caused by windows update

WIFI problems caused by windows update

I have been having some WIFI problems the last couple of months where devices would randomly lose access to the internet, some devices couldn’t even connect to the WIFI access point, others could connect but were just slow as hell. Even wired devices seemed to be having problems. After trying everything possible, I finally thought that maybe something on the network was sucking all the bandwidth, as some devices did still have a connection.

So I logged into my router and checked the connected devices bandwidth usage and saw that PC which was showing high usage. Lo and behold windows update was running, which was sucking all the bandwidth and killing the network for everyone else.

P2P Updates

After further investigation, I discovered that one of the new features introduced in windows 10 is the ability to get updates through P2P (like how torrents work) to improve download speed. This can be a major network bottleneck due to the number of p2p connections that get opened up. So disabling this was the first step.

go to Windows Update -> Advanced Options -> Choose how updates are delivered

and chose PCs on my local network, this will still allow you to get updates from other computers in your local network only, and not external computers, which will save your available bandwidth.

Although making this change while updates are already downloading doesn’t seem to have any effect, so you would have to stop the downloads for the setting to take effect. This also did not solve the issue by itself, it improved things, but everything was still slow.

My next step was to go into my router admin and set some throttling so that individual computers had a limit on how much bandwidth they could consume. Although if you have a basic/cheap router from your ISP then you may not have such an option available. In which case you can try setting thr throttle on the individual pc’s using BITS.

BITS

The updates happen through 2 main windows components: WUDO and BITS.

WUDO is the Windows Update Delivery Optimization is part of the Windows Update for Business and is used for the P2P installation that I  disabled already.

The Background Intelligent Transfer Service (BITS) is commonly used by Windows to download updates, so this can also be tweaked using group policy.

To open the Local Group Policy Editor from the command line:

  • Click Start , type gpedit.msc in the Start Search box, and then press ENTER.

To set a bandwidth rule on the BITS:

  • Navigate to Administrative Templates -> Network -> Background Intelligent Transfer Service (BITS)
  • Open Limit the maximum network bandwidth for BITS background transfers
  • Set it to Enabled
  • Set the time range and maximum transfer rate
  • OK

Problem solved!

Cyber Security: How to protect your kids online

Cyber Security: How to protect your kids online

To be blunt  (no insult intended),  most parents are not very computer literate and as a result are also oblivious the dangers of letting their kids loose on the Internet. This is not specifically because you are parents but simply a statistic based on research that shows that 69% of the population are not very computer literate and 26% cannot use a computer at all. In most cases, your kids are probably more computer literate than you are.

But while your kids might be better with technology, they have ZERO knowledge or experience of staying safe online, and will probably happily look at much of the stuff you would rather they didn’t.

Are you aware of the most common dangers that the Internet and social media (Facebook, twiiter etc) present?  children are regularly bullied online, your little darling could even be the one doing the bullying and this cyber-bullying has led to many children committing suicide. They can be easily manipulated into performing any number of dangerous or perverted acts, or groomed into meeting a sexual predator.

Using the internet without protection can also cause you a lot of damage, and if you are allowing your child to use your computer or tablet, then you could end up being the target of cyber-crime. Everything from malware and ransomware attacks, trojans and bots using your computer to attack other people to identity theft, and emptying your bank account.

Just as you do in the real world, you need to offer guidance, set boundaries, and, depending on your child’s age and maturity level, implement some safeguards.

You also need to be aware of where the threats are coming from, so it is your responsibility as a parent to educate yourself about online security.

 

10 Things You Can Do Right Away to Protect Your Children


1.  Make YouTube safe for your kids

YouTube is the new children’s TV.

It is one of the most popular sites out there, but not all of those videos might be appropriate for your children. even those innocent-seeming Minecraft videos are sometimes full of swearing.

But the site does have some safety features, and you should take advantage of them, although be warned that there is nothing to stop a savvy child from turning this setting off again.

On the desktop site, if you scroll down to the bottom of the screen, there’s a “Restricted Mode” setting that hides videos that have been flagged as containing inappropriate content.

In the mobile apps, click on the three dots at the top right and click on Settings > General and scroll down until you see the “Restricted Mode” option.

2.  Help your kids set the privacy controls on their social media accounts

Most social media sites have an age limit of 13, but kids sign up regardless and lie about their age, and frankly if they have the ability to do this behind your back anyway, then you are better off at least letting them do it so you can monitor their activity.If your children share messages, pictures or videos on Facebook, Instagram and other social media platforms, they might not be aware of who can see their posts.

If your children share messages, pictures or videos on Facebook, Instagram and other social media platforms, they might not be aware of who can see their posts, in fact, many adults do not realise that everything they post/share is public by default.

Most apps do have privacy settings, however, letting your children control who they let into their lives.

Here are the links to information about the privacy settings on the most popular apps:

 

3.  Install anti-virus on your computers and mobile devices

Children are just as vulnerable as the rest of us, if not more so, to clicking on bad links and downloading malicious software. Every device that is connected to the internet needs to be protected from malware.

There are some of the most popular free products available from trustworthy brands. Bear in mind that the FREE versions are limited.

If you are happy to pay for your protection and security product, then I recommend the premium edition of BitDefender, which has consistently been the #1 in the industry. If you have multiple devices in your household, then the BitDefender family pack is a great deal to protect them all.

4.  Set up separate accounts for your kids on your computers

If you share a device with your children, consider setting up a separate account/user for them. Each account would have its own home screen and, depending on the device and platform, a different selection of features, apps, and permissions.

Not only does this help you protect your own data — or video recommendations — but you can also set up customized security and privacy settings for each child.

On Windows computers, you can set up a new user account for you children. Go to Settings > Accounts > Add a family member > Add a child.

Windows 10 Kids Account

You can blog specific apps, games, or websites, or set screen time limits. Visit https://account.microsoft.com/family for more information. Although I would not reply on this alone, as Microsoft family safety has proved to be notoriously unreliable and randomly breaks.

On Apple computers, you can set up Parental Controls for some user accounts, where you can, for example, restrict access to adult websites. Learn more here: https://support.apple.com/en-us/HT201813

5.  Set up separate accounts for your kids on your mobile devices

Android parental controlTablets and smartphones also allow multiple user accounts on the same device.

On Android tablets, you can create a restricted account for your child, with limits on which apps they can use.

On Android phones, you can create a new user account for your child, but the only account restriction currently available is to turn off the ability to make phone calls and send text messages. However, you can restrict their Google Play account. Go to Settings > Parental controls and turn them on. You will able to set specific content restrictions on apps and games, movies, TV, books, and music.

On the Apple side, iPhones and iPads have controls for apps and features, content, and private settings. Launch the Settings app and go to General > Restrictions and tap on “Enable Restrictions.”

6.  Secure your gaming systems

Don’t forget that your gaming console is also an Internet device these days. Children can download games and make in-game purchases, and even surf the Web.

Most devices have parental control features that allow you to restrict the kind of content your children can get, limit their purchases, and restrict or turn off their Web browsing.

7.  Consider using kid-safe browsers and search engines

For added control, you can install a kid-safe web browser for your children to use.

Zoodles, for example, offers a child-safe environment, and there’s a free version for Windows PCs and Macs, and for Android and iOS tablets and smartphones. The premium version, which costs $8 a month, includes ad blocking, time limits, and other features.

Another alternative kid-safe browser is Maxthon.

There are also some built-in tools in the browsers you’re already using.

If you use the Chrome browser, you can set up a “supervised profile” that will block explicit search results, show you what websites your children visited, and even restrict what websites they can go to. The way the restrictions work is that you can either have a list of approved websites, where your children can only visit the sites on this list, or a list of restricted websites where they can visit any website except for the ones you’ve banned.

More information here: https://support.google.com/chrome/answer/3463947/?hl=en

Also check out these kid-safe search engines:

 

8.  Lock in apps for youngest children

If you want to be able to hand your phone to your child to play with in the back seat of the car without worrying about them messing up your phone or surfing the web for creepy content, what you can do is open up an app for the child and then set it up so that they can’t exit the app.

On phones running Android 5 and higher, it’s called “screen pinning.” First, go to Settings > Security > Screen pinning and turn it on and also enable “Ask for PIN before unpinning.” Then load your app, hit the overview button — the little square on the bottom right — and swipe up until you see a pin icon come up in the lower right corner. Now your child will need your PIN in order to switch apps.

Screen Pinning on Android

On iPhones and iPads, this is called “Guided Access.” First, go to Settings > General > Accessibility > Guided Access to set up Guided Access. Then when you’re in the app you want to lock in, triple-click the home button to bring up the Guided Access settings. You can turn off Guided Access either with a PIN or by setting it up to work with your Touch ID through Settings > General > Accessibility > Guided Access > Passcode Settings.

9.  Consider using an app that limits the time your child spends online

According to the Pew Research Institute, 50 percent of parents have used parental control tools to block, monitor, or filter their child’s online activities.

The ScreenTime app is available for Apple, Android and Amazon devices. The app is free for one child and includes the ability to monitor the device remotely and to see your child’s web and search history. A $4-per-month premium version adds daily time limits, the ability to block apps, and block the use of the device during school hours or after bedtime.

Alternative apps:

There are also some James Bond-type apps out there that will let you track your child’s location, read their emails and text messages, and spy on their Snapchats and other communications.

Be careful with these. Do you want to lose your child’s trust? And do you really want to engage in a cyber war with a teenager, where they escalate to using anti-spyware applications and burner phones?
When dealing with older children, explain to them why you are using these parental control apps, that you are only protecting them, and tracking them in case something happens to them so you can find them. Remember that you would not be happy with this level of control, especially if it was forced on you with no explanations.

10.  Make sure your kids are only using safe chat rooms

Some kid-friendly platforms offer chat rooms where kids can talk to other kids. Vet the sites first, to make sure that the chat rooms are monitored.

In addition, teach your kids not to share their real identities on such platforms, and use anonymous screen names, instead.

Teach, Educate and Talk with Your Children


11.  Teach your children not to respond to messages from strangers

If they get a text message, instant message, email or social media message from someone they don’t know — they should just delete it.

Make sure they know not to open it, not to respond to it, and, of course, not to click on any links or attachments.

If those girls from Pretty Little Liars followed that advice, the show would have been over after one episode.

12.  Educate your children about the risks of “sexting”

Last year, in a report to the U.S. Congress, the Justice Department revealed that the most significantly growing threat to children was something called “sextortion.”

It’s bad enough when minors send nude images of themselves to boyfriends or girlfriends, and those images then get distributed to others.

In addition to the psychological damage, children who both send and receive the “sexts” are breaking the law — and could result in prosecution and even registration as a sex offender.

And it gets worse.

According to the FBI, the “sextortionists” have gone pro, with individual criminals targeting hundreds of children each. They pretend to be the same age as their victims, trick or coerce them into producing child pornography for them — and even get them to recruit friends and siblings.

In a review of 43 such cases, the FBI found that two victims committed suicide, and ten others attempted to kill themselves. Victims also have their grades decline, drop out of school, get depressed, and engage in cutting or other types of self harm.

According to the National Center for Missing and Exploited Children, reports of sextortion were up 150 percent during the first several months of 2016 compared to the same time period in 2014. 

In 4 percent of the sextortion reports, the children engaged in self-harm, threatened suicide or attempted suicide as a result of the victimization, the Center said.

13.  Warn your kids about file sharing

Uploading illegal files is, of course, illegal.

And so is downloading, though fewer media companies seem to be prosecuting kids these days.

But downloading illegal files also carries other risks, such as viruses.

Fortunately, there are now many free and low-cost services out there where kids and teens can get videos and music.

14.  Warn your kids about online polls and surveys

There are lot of fun, harmless polls out there, like the one that tells you what kind of poodle you are.

Others ask for too much personal information, and could land your kids on spammers’ email lists, or open them up to identity theft.

Many adults have a separate, throw-away email account for when they need to provide an email address in order to register for something. If your child have a legitimate reason to fill in questionnaires that require an email address, consider helping them set up a throw-away email account of their own.

15.  Warn your kids about getting too close to strangers

When you’re meeting someone for the first time after, say, communicating with them via an online dating app, you know to set the meeting in a public location, such as a coffee house, and to let friends know where you are.

This is common sense.

But children and teenagers often lack that basic common sense — or might be tricked into keeping their online relationships secret.

Of course, predators can also communicate with potential targets via traditional mail, or meet them at bus stops. But the Internet allows them to scale up their activities dramatically.

Attackers can use online relationships to lure children to meet them in person. Or, more frequently, they will try to trick children into making unnecessary purchases, or sharing information, photos, or videos.

Know your children’s online friends. And, just as with regular friends, confirm their identities, and talk to those kids’ parents. If those “kids” are, in fact, kids.

16.  Help your children deal with cyberbullying

Cyberbullying affects up to 15 percent of children, according to a report released last year by the National Academies of Sciences, Engineering, and Medicine.

And the rates are even higher for children who are overweight, disabled, or LGBT, or members of a minority group.

Victims have physical problems such as sleeping, upset stomachs, and headaches and also suffer psychological effects, such as depression, anxiety and alcohol and drug use.

Let your kids know that they can turn to you for help, and find out what resources are available from your local schools.

You should save messages and other evidence of the cyberbullying and report the bully to the social media platform, telephone or Internet service provider, school, or local law enforcement authorities. In addition, you should block the bully from your child’s social media, telephone, or email accounts.

More information here:

17.  Set a good example

How many baby pictures and vacation photos have you posted online? Before lecturing your kids about staying safe, make sure that you yourself are a good model. Learn about the privacy settings in the social media apps you use most, then check that you aren’t sharing private, personal moments with the whole Internet.

Also, don’t drive while texting or talking on the phone.

Wait until we all have those self-driving cars, and do your texting then.

18.  Set rules about what your kids can share online

As an adult, you know to be careful about what information you post online. You know not to share your financial information or social security numbers with strangers.

Make sure your kids know the rules and understand the reasons behind them. Even seemingly innocuous information, like vacation pictures, can let criminals know when your house is empty.

Some information, like funny picture of your cat in the snow, can be shared with everyone. Some information, like vacation plans, can be shared with family and close friends. And some things should never be shared online at all.

In addition, the recommended age for children to have their own social media accounts is 13.

The Family Online Safety Institute has a sample family online safety contract here: https://www.fosi.org/good-digital-parenting/family-online-safety-contract/

19.  Add your kids as “Friend”

If your children have their own accounts on Twitter, Facebook, Google Plus, Instagram, Snapchat or other social media sites, follow or friend them.

Don’t let your kids tell you that other parents don’t do this. According to the Pew Research Center, 83 percent of parents are friends with their teenage child on Facebook.

You’ll be able to see if they are posting inappropriate things online and can step in before problems escalate.

It’s not foolproof — there are ways that children can keep their communications hidden from you. And if you are too heavy-handed in your monitoring, it may cause your children to be more secretive.

20.  Set limits on how much time your children can spend online

According to a recent national survey, tweens spend an average of six hours a day with their devices, and that’s not including the time spent on school or homework. And teens spend an amazing nine hours a day staring at their screens..

Sure, some of that is listening to Spotify while exercising. But the bulk of the time is spent watching videos, playing games, and using social media.

The American Academy of Pediatrics used to recommend that children under two should not have any screen time at all, and had very conservative limits for screen time for older children. In late 2016, the organization re-evaluated current research and loosed its recommendations.

Some screen time, such as video chats with relatives, or educational applications, can be very valuable, even for the youngest children.

Now, the organization suggests that families create a Family Media Plan.

However, the organization recommends that parents limit the use of screens during meals, and for an hour before bedtime. Also, phones and tables shouldn’t be charged overnight in the child’s bedroom, to limit the temptation to check the devices at all hours of the night.

21.  Additional resources

Internet Matters: Resources for parents looking to keep children safe online, with age-specific how-to guides, free apps, and device safety checklists. https://www.internetmatters.org/

Family Online Safety Institute: Parenting guides and news and reports about online safety issues. https://www.fosi.org/

Safe, Smart & Social: Social media training guides and safety tips for parents and educators. https://safesmartsocial.com/

Thanks go to John Mason for most of this content, who conveniently emailed me which reminded me I had this article in draft, so saved me a lot of typing.

Add MariaDB support to MSP Control

Add MariaDB support to MSP Control

I have recently been setting up MSP Control (formerly WebsitePanel) on my new CFML Developer server. Unfortunately, it doesn’t support MariaDB out of the box and so won’t detect if you have it installed. Fortunately, this is an easy hack.

  1. Open up your MSPControl database in SSMS, and open the providers table.
  2. Now find the MySQL providerID that matches your MariaDB install
    i.e. MySQL 5.7 for MariaDB 10.1
  3. Now add a new entry into the SERVICES table, using the providerID you got from the last step and the appropriate serverID for the server you want to add it to. You get he ServerID from the servers table, or just edit the server in the control panel and get it from the URL.
  4. Now just edit this server in MSP Control, and you should see MySQL listed, just edit and setup as you would MySQL.
  5. Now you just enable MySQL on your hosting plans.

 

Review: Uhans U200

Review: Uhans U200

20151023150914431443

A couple of months ago I decided to bite the bullet and get rid of my Windows Phone and switch back to Android, I donated my Nokia Lumia 930 to my son.  While I liked Windows Phone, and I do prefer the GUI, there were just too many niggling issues and bugs and those few “must have” apps that either did not exist or the WP version sucked, and this is not going to change due to the tiny user base.

Now my requirements are pretty simple, I do not need a phone to play 4k video or play 3D games which will drain my battery within 2 hours, so spending hundreds on a phone seemed like a pointless waste of money. I did get myself a Galaxy S7 edge, but frankly I found the EDGE quite annoying as I could not pick it up or put it down without touching the edge and causing some action to occur, and frankly it felt so flimsy I was scared  of breaking it, so I sent it back as I am not prepared to spend that much on a phone if it annoys me in any way.

I do not understand this whole concept of making phones more powerful with more battery draining features, yet thinner so the battery cannot even last a day if you actually use it for anything other than checking your email. Surely if you want to use your phone to watch a video and play games you need a phone that has a big fat battery in it, I think the phone makers are really missing a trick here. Phones are not primarily phones anymore, that functionality is likely the least important feature for most people, what they really want is a pocket tablet/gaming device.

So I decided to start looking at budget phones, and specifically the Chinese alternatives which seem to be getting more popular. My first choice was a Doogee X6, which despite having good reviews turned out to be a mistake. It felt very cheap and the screen was very unresponsive, either it did not even detect my taps or detected them in the wrong place, I found the device totally unusable and frustrating, so that was returned after a couple of weeks.

My second choice was the Uhans U200, which is an unusual looking phone, but it seemed chunky and solid with a bigger battery than most, a proper mans phone, which was exactly what I was looking for. So far I am glad to say it has delivered everything I had hoped and is absolutely worth the £85 I paid for it and I would not hesitate to buy this phone again. There is also a smaller model called the Uhans U100, which I have bought for my son, and he loves it also.

Despite being a Chinese phone, there are no issues setting it up, it is as easy to setup as any UK phone, and the Uhans packaging is as slick as any top of the range phone.

I have also installed a Windows Phone style launcher, so I still get the benefits of the GUI that I preferred on the Windows Phone but with an Android.

 

Look and Feel

The Uhans U200 I think is squarely aimed at men, it has a real leather back with a crocodile skin pattern, and I must say I like it, sadly it only comes in black, there are no other colors which is a shame, as I would have quite liked one in actual snake skin style. The other big advantage with the leather is that it is immune to greasy finger prints, which is something that affects just about every phone. As soon as you touch them, they are covered in them. It is chunky too, it has a 5 inch screen and I can hold this phone comfortably without fear of dropping it, and it feels solid, the buttons are easy to use with my big fat man fingers, and with the metal frame I do not feel the need to actually purchase a case to protect it. I carry a man bag so not really an issue for me, otherwise it sits quite happily in my jacket pocket or the leg pocket of my combat trousers.

Performance and Usage

The Uhans U200 has a 5.0 inch screen, 4G Smartphone,  Android 5.1 MTK6735 64bit Quad Core 1.0GHz 2GB RAM 16GB ROM, 13.0MP Main Camera OTG

So far I have no complaints with regards performance. The screen is responsive in all applications including games. It has had no issues with running any of the apps I use regularly, playing video etc and the only time it has struggled is when I tried to play some resource intensive 3D games, although it still managed to run them at an acceptable speed to make them playable, but this is not an issue for me as this is not what I use my phone for anyway, but when I do play games, it does the job.

Sadly you do not get fast charging, but hey it is a budget phone, so I am not complaining, and I suspect that in the near future that this will become a standard feature for all phones, budget or not.

The battery easily lasts all day for me, sometimes I have forgot to charge it and it has lasted 2 days, but that is with me barely using it.

Accessories

This is one area where the phone is let down, when I went looking for a case, I found only one, and not a lot else accessory wise. However this is a compromise I find acceptable, being as the phone feels so chunky and solid anyway, I am not feeling the need to buy a case, although I did order the only one available just so that I do have something to put it in when I don’t take my main wallet, and the case does match the style of the phone and it is wallet style case itself, so fits in well with the whole MANLY concept of the phone. Other than this there is actually no other accessories I actually need, so again I have no real complaints.

Camera

After several months using this phone, I can say that the camera is a bit of a let down. As long as you have good lighting then it takes great pictures which I have been happy with, but as soon as lighting is less than adequate then it struggles to get focus, and the flash often seems to go off BEFORE the shutter, which means it does nothing to illuminate the target. The rest of the time the flash seems to add a blue hue to the picture, which is also not great.

Customer Support

This has been the biggest let down of all, support from UHANS is virtually nonexistent. I contacted them about an issue I was having with the SDCARD reporting wrong size, and each reply took several weeks, the last response took them 2 months, so I gave up as they simply did not care and were unhelpful.

I then had cause to contact them about connecting the phone to the PC as this also would not work. They told me that Windows 10 is not supported and I had to install Windows XP or Windows 7 to do this. This is absolutely shocking and incompetent that they are suggesting I install an end of life, no longer supported OS with serious security vulnerabilities. Even Windows 7 is no longer secure to use.

 

Turn your Android into a Windows Phone

Turn your Android into a Windows Phone

wp81-1-970-80Windows Phone has received a lot of bad publicity, and the main complaint you see from ignorant reviewers is that there is a lack of apps for windows Phones (WP). While there may be many legitimate reasons to not like WP, lack of apps is not one of them, there are currently over 500,000 apps in the WP store, and there were 300k even when I got my phone, so I would hardly call this a lack of apps. Sure there are some apps you may want that do not exist because most vendors do not bother with WP due to the small user base, but in most cases someone else has created a good alternative and I have found the quality of most WP apps to be high. I have only found a very small handful of apps I wanted which were not available at all or were so bad I could not use them, LastPass and Kayako are 2, both of which I needed and both of which are dire on Windows as the developers have put barely any effort into them and they lack the functionality of their Android counterparts.

The biggest cock up that Microsoft did make was not releasing Windows Phone 10 at the same time as Windows 10, and I think this killed it for them, aside from being too late to the phone  party in general. And then they have taken forever to roll out the upgrade to Windows phone 8 users, and many phones will not even keep the upgrade as promised as their phones do not meet minimum memory requirements.

I have a Nokia Lumia 930, running WP 8.1, which I purchased after getting fed up with Android updates making my Galaxy note unusable, killing my battery life etc. It turns out I much preferred Windows Phone, it was faster, more responsive, more reliable, and I simply preferred the more grown up and business like UI. The requirements for WP are also a lot lower and thus the phones are lower spec and cheaper as a result. Certainly there were some areas of functionality lacking, and I got fed up waiting for WP10 to be released for my phone, and so I installed the insider preview instead. Sadly it has been riddled with bugs, with each update seeming to break something new, and then it seems the last update I did must have resulted in the battery being drained super fast, as it was only lasting half a day with no use whatsoever and suddenly became unusable.

At the time I thought it was a problem with the phone/battery itself, so decided to bite the bullet and get an upgrade from O2, and decided to try the much applauded Samsung Galaxy S7 edge (which I will be reviewing). While I like the look of the new Lumia 950 XL,  my experience with WP10 insider preview has given me a bad impression that if I bought a new WP10 phone, I would have same issues, and as much as I like Windows Phone, unless Microsoft pulls a rabbit out of the hat, its days are certainly numbers, unless the rumored surface phone saves the day.

wp_ss_20160317_0001.pngNow annoyingly after I got my new Galaxy S7, my son asked if he could have my Lumia 930, so I did a factory reset on it, and installed latest updates, and guess what, the battery is now fine GRRR!!

So I then decided to find out if WP10 was officially available yet, and it was, although this information was not made easily available by Microsoft, you have to install the upgrade adviser first to find out if your phone supports WP10, and then you have to enable the upgrade. So I would imagine that most WP8 users are never going to find this out. You can find upgrade instructions HERE.

So I now have an upgrade that I didn’t really need and I am tempted to just send it back and carry on using my Lumia. But I first decided to see if there was a way to make Android UI more like Windows Phone, so then maybe I could have UI I wanted, but keep the other advantages this phone offered, and it turns out there is a way.

wp launcherA number of developers have created Windows Phone style launchers for Android that emulate the WP8 or WP10 UI and layout. The best one I have found so far is “Launcher 8 WP style” which has managed to emulate the WP tiles interface so perfectly that you think you have a Windows Phone. The only thing that seems to be lacking is live tiles, as I so far have not seen any of the tiles updating. Most of the others I have tried have not got it right, and just look like cheap knockoffs as they have no got the tiles right. This app also includes themes so you can change the look further.

So if you are a fan of the Windows Phone UI and tiles, but find the Windows Phones lacking and cannot give up your Android phone, give this a try instead.

 

 

 

How to update WebsitePanel services/providers

How to update WebsitePanel services/providers

If you upgrade Windows or any of the software on your server, there is unfortunately no easy way to apply these changes within WebsitePanel, which means it will often break if it is still using the old service/provider.

The video below shows you how to make the required changes directly in the database.

Why ColdFusion is not suited to shared hosting

Why ColdFusion is not suited to shared hosting

This is a topic I have found myself explaining a lot over the years, not just to customers but to developers as well, and one thing I can say with absolutely certainly from dealing with hundreds of developers of all levels over the years, from newbs to gurus, is that most devs in general do not really understand how things work on the server (they know how to write code and upload it to the server) and most CF devs additionally don’t understand how ColdFusion really works and how/why it differs from other scripting languages like PHP or Perl or ASP.net, so I decided it was time to write a complete blog post on the subject and hopefully to try and enlighten some of those developers a bit more. I have copied this article across from my old blog as it was a popular article with a lot of views. I have removed all references to Railo (since it is now dead) and replaced with Lucee.

Now I have heard many say “I am just a developer, it is my job to write code, not to understand the server stuff”, but i’m afraid I disagree with this and consider it a bit of a cop out, because If you don’t understand how things work on the server to at least some degree, how can you be sure you are writing code that is going to be scalable, reliable and is not going to cause problems? Sure no-one should expect you to know EVERYTHING to the same level as a sysadmin, but you certainly should know the basics that are relevant to your job, especially if you are going to be making any hosting recommendations to your clients, which most devs do.

The first thing to understand, is that ColdFusion and Lucee are not technically application servers (which most people believe them to be), they are simply Java applications (that convert CFML into Java bytecode) that run inside a java servlet container (e.g. Apache tomcat, Jetty, Jboss) which runs as a service/daemon, and all requests for all pages coming into the server go through that same service/daemon. This means that any problems with that service affect ALL CFML (or JSP)  websites on the server.
This is also a bad thing for security because it means that all sites on the server run within the security context of the service and so cannot have their own permissions. So any java code in any site can access files in site2, site3 or any other site on the server or in fact any part of the system that the service itself has access to. The only way round this is to use security sandboxes, which is a feature of ColdFusion enterprise and Lucee.
But BEWARE, CF sandboxes can give a false sense of security, they are only applied to CFML code and do not sandbox Java, so if you drop any Java code in your CFML pages (using CreateOnject(java), then you bypass the sandbox completely, so they not stop any vaguely competent coder/hacker. There is no way round this on a shared server, you simply have to take the risk. On a dedicated VPS you can mitigate this by using multiple instances of CF/Tomcat and isolating each site using server side permissions.

Before you say “so hosts shouldn’t allow Java”, this also is not even an option for any host as all moden frameworks and apps need createObject(java), so disabling this function would break almost every modern application, ergo it is a risk that has to be taken, because at the end of the day 99% of clients simply don’t care about the security risks, all they see is that their app doesn’t work and will just go elsewhere.

When we look at other common languages such as PHP, Perl, asp.net etc, these run as an ISAPI or CGI process, so every website on the server spawns its own process to handle the requests. So if there are 20 PHP sites then there are 20 x PHP processes running (think of this like 20 instances of ColdFusion). The process runs within the security context of the website that spawned it, so in the case of Windows it runs under the application pool identity. So this means that as long as you have every website/application pool  set to run under a different user account with access only to that website root, and so will php also have only this permissions, so it is more secure and also isolates each site in a separate process.
So if site1 crashes php or ASP, it will have no effect on any other site because they are running php/ASP in a separate process.

Here is a diagram to illustrate.

cf-server-diagram

This is the primary reason why CFML is not suited to shared hosting, no application isolation and no control over security.

Imagine the following (very common) scenario.

abc.com makes a cfhttp request to an external web service at xyz.com  to get syndicated content for its pages.
The web service at xyz.com goes down, which means all the pages on abc.com are now going to timeout. On a shared server this will very quickly result in all the ColdFusion max number of simultaneous requests to be consumed, and subsequent requests to then become queued. The result of this is that every other CFML site on the server now becomes slow as well as all their page requests have become queued behind the problematic site, and now are likely to also timeout as a result.

An even worse scenario is where native java requests are concerned, such as database queries as these cannot be killed automatically, not even with FusionReactor. If a page hangs in the middle of a database query because it is waiting for a response back from the db server, then this request will not ever timeout and will hang indefinitely, thus 1 cf thread is now no longer available. If this happens 10 times, now 10 cf threads are gone and no longer available, if your “max number of simultaneous  requests” is set to 10, then you now have 0 requests left and your server will stop serving up CFML and all websites will now hang/timeout untill the service is restarted.
If the original problem still exists then restarting CF also will not help, as the issue will simply continue until all the requests are again used up and all sites start to hang. The only solution at this point is to turn off the site causing the problem.

Then we have the security issues that I mentioned. Everyone by now is aware of the CFIDE hack which affected many cf servers. This was only possible because CF runs as service and because that service runs under the SYSTEM account by default, which has full file system access, which allowed the uploaded hack to access every part of the server. If CF worked like a CGI/ISAPI application, the effect of this hack would have been far less.

But my code has proper error trapping and caching and stuff, so this doesn’t affect me right ?

Wrong i’m afraid, on a shared server it doesn’t matter how brilliant your code is, or how well your have performance tested it, or how much error trapping you have, this does not stop the other sites on the server from causing you problems.
You could be lucky on a shared host for months or even years if you are on a server that doesn’t have many sites, or simple  sites that are not problematic (at the moment), but It only takes one poorly written app to bring CF to its knees.
It is also important to realize that almost nobody using shared hosting has ever done any kind of load testing or performance testing on their website and in most cases do not even know what this means or how to do it, the result of this is that web site owners have no idea how their site will perform under load nor did the developer who made it. This results in another very common scenario which usually begins with a statement like “Nothing has changed on my site and it has been running fine for years, so it must be your server”.
Again this is totally irrelevant in most cases, sure your site may well have run fine for years with 20-50  visitors per day, but what happens when it suddenly gets 1000 visitors per day as a result of some marketing or media attention, or if it starts getting hit by search engine bots, suddenly this once stable site falls over horribly due to poorly written or legacy code.

But Railo/Lucee is better right ?

Ultimately no i’m afraid, as they run on Java so work the same way as CF so the primary issues mentioned above apply just the same.

Lucee is however an improvement in that the security sandboxing is automatically applied at website context root level (if you set this in your Lucee server admin) and does not require admins to set up sandboxes for each site as with ColdFusion which is a sandboxing nightmare, which makes Lucee better for shared hosting. However the sandboxes like ColdFusion’s only sandbox CFML and can easily be overridden with Java code.
Lucee also has its per site web admin allowing all users to admin their own site, which is again a bit improvement over ColdFusion which has a single Admin which must be administered by the host.
So by using Lucee you don’t have to rely on your host, you can pretty much do everything yourself.

So what’s the solution ?

The only solution is to do some research, educate yourself and use a bit of common sense.
ColdFusion is intended to be an enterprise solution, and thus run on dedicated hosting solutions, it was never intended to be used for shared hosting and is not built to do this. So the simple answer is, use the right tool for the job.
If you just want to run a blog, personal website or simple brochure ware website and you don’t have your own server and only have the budget for shared hosting but do not want to be affected by the above problems, then use a technology more suited to this purpose, one that runs as a CGI/ISAPI process, the most popular of course being  PHP or ASP.net . Avoid any Java related choices as these will all suffer from the same issues.

If you love CFML and want to use it for everything you do, then do yourself a favour and get a VPS running Lucee (or ColdFusion if you can afford it).
On your own VPS you then also have the option to use multiple CF instances, so each of your sites runs on a dedicated instance of Tomcat or whatever is your java servlet container of choice, so you can still run multiple sites but avoid the shared hosting scenario and also lock down the security.

I am going to use shared hosting anyway regardless, what do you suggest ?

If you really have no choice (or simply won’t take good advice), then here are some tips on choosing a host.

  • Choose a host that specializes in Lucee  or ColdFusion and actually knows what they are doing, do not choose a generic host that simply has Lucee/CF installed and classes this as SUPPORTED.
  • Test your hosts knowledge, see how much they know about CF/Lucee, ask to speak to a CF specialist.
  • Make sure your host is secure
    • For ColdFusion they should be using enterprise edition, otherwise no sandboxes, and no security. If they are running standard edition, avoid.
    • Ask them if they run a bog standard out of the box CF installation, if yes then it is not locked down and is not secure.
    • Ask them if they use FusionReactor or HackMyCF. Preferably go with someone who says yes.
    • Ask them if they use security sandboxes, if no then avoid.
  • Ask your host how many sites they run on each CF server. Too many = bad
  • If you regularly need to set up data sources, mappings or anything that requires access to the CF Admin, you would be better of with Lucee.
  • Ask if you can get RDS access, if they say yes then avoid, as this should not be enabled in production
  • Check if you can access the cfadmin or adminapi from your site, is yes, change host now as they are not secure.

Unfortunately there are very few noteworthy CF hosts these days, the ones I see most commonly recommended are Viviotech, Hostek, HostMySite (although not so much since they got taken over by hosting.com), Host Partners (my company)

Kayako Fusion : Controlling the display of sub departments

Kayako Fusion : Controlling the display of sub departments

nb: copied from my old blog

We run Kayako fusion over at Host Partners, and one of the issues I have had is dealing with sub-departments.

e.g.

GROUP1

  • dept1
  • dept2

I do not want customers to be able to to submit tickets to the parent department “GROUP1”,  as this is just a a group/label, but fusion provides no way to stop this as it treats everything as a department., and does not allow to simply treat the parent as a group.

I never found any solution to this, so decided to do it myself, hopefully others may find this useful.

In the template editor, find the template named “submitticket_departments”

Find the following line, right after the first <(foreach block

 

and replace it with this

 

This will stop any departments that have sub-departments being selected, even if it is set as the default department. If you also want all the departments to be expanded by default find this line, after the second <(foreach block

and change it to

 

 

O2 and the phone of doom

O2 and the phone of doom


60e00bddf4bd417a9930208e5447a689.300x271x1You may recall from my earlier post “O2 customer service driving me insane” that I have not been having a very good experience with O2 support/customer service of late, and sadly things have not improved and if I had any hair then I would certainly be tearing it out by now, so here is my latest rant on the subject.

.

Nokia-Lumia-930-640My last phone from O2 was a Nokia Lumia 930, which while being an overall good phone when it works, I have had ongoing problems with it and O2 and have had it replaced around 5 or 6  times now. Now most of these replacements were O2’s decision to just replace the phone because they could not be bothered to troubleshoot my issues, which on several occasions were to do with signal problems, call quality, sms messages going missing and the likes so replacing the phone actually made no difference at all. Yet they actually had the gall to tell me that they would  not replace the phone again due to the number of times it had been replaced already, even though most of the replacements were O2’s choice not mine and were due to their own laziness.  I have also since discovered that all the replacements I have received are refurbished not new phones, which probably explains why I have had ongoing problems.

O2 also has the default response to tell me to take my phone to my local O2 store so that they can take a look at it. I have taken my phone to the store twice when advised, and the store staff and the store manager has told me that they cannot fix phones so it is pointless O2 support telling me to take my phone there and they do not know why they keep telling customers to do it. They are not engineers,  and the most they can do is a factory reset or just follow the exact same canned response suggestions that O2 support have already given. The only thing the store can really do is just send the phone away to be looked at or repaired, which O2 support can arrange themselves anyway. Even when I tell O2 this, and advised them that the store themselves told me this, they still continue to suggest going to the local O2 store.

So my current issue with my Lumia 930 is that the search button stopped working which is quite annoying as it takes more effort to use cortana as well as search, I have now had 2 phones with this issue, and also a phone where the screen started to grow a corrupted color blob from one side which was getting bigger and bigger. I have wasted a huge amount of time on the phone, on live chat and on twitter with O2 trying to resolve this and getting no where as every person is as clueless and unhelpful as the next, it is like running up a down escalator.

I am certainly thankful for my OneDrive cloud storage and phone sync that is for sure, as have had to factory reset this phone so many times now because O2 required me to do so due to their standard response.o2_factory_reset

The last suggestion I had from O2 after weeks of back and forth was to book a meeting with an O2 Guru. I do wish I have taken screenshots of my live chat conversations as most of these are monumentally stupid.o2 tell me to book a guru

This is despite me telling them that the staff in the shop cannot fix phones, and I asked them to confirm if the guru was any different, and they advised me that he would be able to help me fix the phone. Needless to say I did not believe this, and was not going to make 2 hour round trip to take my phone to someone who would just give me the same response as my local store. So I booked an appointment but I also took my phone to a local repair shop and they advised me that it was the digitizer which was faulty and that this was a common issue with refurb phones. So I advised O2 of the issue.

faulty_digitizero2_fault_response

I then got a response from the O2 guru who I had booked the appointment with, and he informed me (as I knew he would) that he would not be able to help me with the problem and the phone needed to be repaired. So I then reply to O2 support and tell them this, and their reply was this.
o2_repairo2_fault3

So

 

 

 

 

 

 

So even though they knew the phone was faulty, and knew what the fault was because I had told them, they had still told me to go to the guru who they knew could not fix such an issue. Not to mention that I had previously been told they would not repair the phone now due to the previous replacements.

During this whole process, just to wind me up a bit more, we were getting lots of unsolicited calls from one of O2’s sales/marketing agents called ADSI,  all the other numbers on my account were getting calls several times a day trying to get them to upgrade, no matter how many times they said that they are not the account holder or were not interested, the calls kept coming. O2 were just as helpful with this as well, they just said they did not recognize the number (see tweet above), further tweets did not help they just refused to take responsibility even though this company was calling on behalf of O2 with the details O2 had given them.

By this point I had started to hate my Lumia 930 thanks to O2, so as I had a couple of numbers on the account  which were due for an upgrade I decided to just cut my losses and get a new phone instead. Silly me for thinking this would be any easier. I tried many times to call O2 but was constantly stuck in a never-ending queue, same with the online chat. So I sent an email to all the O2 addresses I had in my address book asking for someone to call me back to do an upgrade as I was unable to get hold of them. Did anyone call me back? No of course not, instead  I got a rather unexpected letter via email telling me that my (non-existent) complaint had not been upheld. I of course had no idea what complaint they were referring to, and the sender of the letter “Christine Marsland” refused to reply to me. so I had to take it to twitter yet again  order to get an explanation, which is when I was told that sending an email asking for a call results in a complaint being logged, WTF ?.

o2-letter-page-1 o2-letter-page-2

 

 

 

 

 

 

 

 

 

Not only did Christine refuse to reply to me but needless to say that “Terri-Ann” never called me either.

The saga continues.

Linux can be hacked using only the backspace key

Linux can be hacked using only the backspace key

As any I.T. person will know, Linux geeks consider Linux to be the most secure OS on the planet, and many will even claim it is so secure and un-hackable that they do not need any malware protection or such. So it is ironic that a Linux hack has now been discovered which is probably the worst and simplest hack ever discovered, far worse than any hack or vulnerability ever discovered for Windows. If you press the backspace key 28 times on a locked-down Linux machine you want to access, a Grub2 bootloader flaw will allow you to break through password protection and wreck havoc in the system.

Researchers Hector Marco and Ismael Ripoll from the Cybersecurity Group at Universitat Politècnica de València recently discovered the vulnerability within GRUB, the bootloader used by most Linux distros.

As reported by PC World, the bootloader is used to initialize a Linux system at start and uses a password management system to protect boot entries — which not only prevents tampering but also can be used to disable peripheries such as CD-ROMs and USB ports.

Without GRUB password protection, an attacker could also boot a system from a live USB key, switching the operating system in order to access files stored on the machine’s hard drives.

The researchers discovered the flaw within GRUB2, of which versions 1.98 to 2.02 are affected. These versions were released between 2009 and today, which makes the vulnerability a long-standing and serious problem.

In a security advisory, Marco and Ripoli said the bootloader is used by most Linux distributions, resulting in an “incalculable number of affected devices.”

Exploiting the flaw — and checking if you are vulnerable — is simple. When the bootloader asks for a username, simply press the backspace button 28 times. If vulnerable, the machine will reboot or you will encounter a Grub rescue shell.

The shell grants a user a full set of admin privileges — within the rescue function only — to load customised kernels and operating systems, install rootkits, download the full disc or destroy all data on a machine.

The researchers say the fault lies within two functions; the grub_password_get() function and the andgrub_password_get() script which suffer integer overflow problems. Exploiting the flaw causes out of bounds overwrite memory errors. When a user presses backspace, the bootloader is erasing characters which do not exist — damaging its memory enough to trigger an exception in authentication protocols.

Not only does the vulnerability give attackers the chance to steal data and tamper with peripherals and passwords, but Linux entries can be modified to deploy malware.

While there is an emergency patch available on Github for Linux users, the main vendors have been made aware of this security flaw. It is recommended that users update their machines as soon as patches have been deployed, but it is worth noting an attacker needs physical access to the machine to exploit the flaw.