Protecting your domain

A lot of people own a domains either for business or personal use. Few people stop to consider the security of their domain. When you think about it though if someone got hold of it they would have control over everything from sending e-mails as yourself to resetting passwords. Here are some things to consider, in summary:

  • Choose a well established registrar (I use and recommend NameCheap)
  • Use two factor authentication
  • Restrict account access to certain IP addresses (may not be practical)
  • Use auto renew and keep an up-to-date card on file

You can still take advantage of offers but if you keep a card on file you know you won't loose your domain if you forget for some reason.

UTM Backup and Restore from the command line

You can easily restore a backup of your UTM from the command line by using the following command:

backup.plx -i <backup_file>

You can also view a list of backups with the following command:

backup.plx -l

To create a backup simply run:

backup.plx

I found this handy when experimenting with different configurations.

Unlock Ghost Accounts without resetting the password

If you remember your password but the account is already locked you can unlock it at the database level. I have demonstrated this using MySQL.

The first step is to work out the user id that is locked, this statement will show you all the accounts that are locked:

SELECT id , name, email, status FROM users WHERE STATUS = "locked";  

Find the user that you want to unlock and run the script ensuring you use the ID that is shown in the results above for the one you want to unlock. In the example below we are unlocking the user with id of 1.

Update users set  status='active' where id="1";  

Clear SSH Key Cache in OS X

Sometimes you can clear a key in OS X however it will hold onto it in memory. This is due to OS X holding onto the keys with a time to live forever unless the user logs out or the system is rebooted. You can view the keys in memory by using the following command:

ssh-add -l

You can also clear it manually by using the following command:

ssh-add -D

VMWARE Sound fix for Windows 95 / 98 / ME

I know Windows 95 is over 21 years old but I had some legacy software I wanted to try out. When using VMWARE Fusion or workstation there are well documented issues with the sound not working. All the guides I read just reported the same issue I got, they tried to download the drivers but got a blue screen. After much troubleshooting I realised the issue is down to a IRQ conflict.

blue screen

The first thing to do is to shut the virtual machine down. Open up the folder where the virtual machine is stored. Right click the Virtual Machine and click "Show package contents"

Show package

Within this folder will be a file called <machine name>.vmx - right click this file and edit it with a text editor. I used BBEdit in this example.

edit file

From here a file will appear. You need to look for the pci lines highlighted below and delete them:

PCI present

Now replace with the following lines, included below for easy copy and paste and demonstrated in the screen shot below:

pciBridge0.present = "false"
pciBridge1.present = "false"
pciBridge2.present = "false"
pciBridge3.present = "false"
pciBridge4.present = "false"
pciBridge5.present = "false"
pciBridge6.present = "false"
pciBridge7.present = "false"

correct lines

Save the file and start the virtual machine. A found new hardware box will appear, cancel it for now.
sound showing

Next install the sound drives using the tools from the creative website, you need the Sound Blaster PCI 128. The hardware will install and not blue screen, part way through you may be asked to reboot, press no and reboot when the setup has finished.

Drivers installing

Once the virtual machine reboots you should hear the welcome sound! The same principle should also work with Windows 98 and Millennium Edition just make sure you download the right drivers.

Opening Lotus Word Pro files

My wife had a load of old stories she wrote in Lotus word pro in the late 90's. She had them on a floppy disk and never thought she would see them again. After getting them off the floppy I used a Windows 2000 virtual machine and got a free tool called Lotus KeyView. I could not get it to run in Windows 10.

Image of Lotus Key View

Lotus KeyView was official Lotus software and allows you to open Lotus Word Pro files and copy and pate them into other programmes in my case Word as well as print them. You can download it here:

ftp://ftp.lotus.com/pub/lotusweb/product/smartsuite/Kvlotus.exe

Nespresso Machine Service Manuals

When buying most things I always like to hold a repair / service manual. I thought some of these manuals may be useful for others so have included them here as it took a lot of googling to find them. Most my family have nespresso machines which is why there are different models below. Hope they are useful.

Krups Cube Nespresso Service Manual

Nespresso U (C and D models) Service Manual

Nespresso Pixie Service Manual

Delonghi Lattissima Plus Service Manual

Quick Tip - Tomato - Creating a Guest Wifi Network

Creating a guest wifi in Tomato is easy. Just follow these screen shots: To begin:

  1. Login to the Tomato Control Panel
  2. Click Network under basic settings and add a new lan connection as the screen shot shows:
    tomato lan
  1. Go to VLAN under advanced and create a new one linking it to the new LAN. You will have to restart the router after this operation.

Tomato vlan

  1. Add a new virtual wifi interface

tomato wifi

Job done!

Norton ConnectSafe

Not many people realise but Norton ConnectSafe is a free service (even if you don't use Norton Security) which works at the DNS level and acts as a first line of defence against cyber threats. It is not a replacement for end point protection but compliments it well. Full details here: https://dns.norton.com/

Norton ConnectSafe

Expanding Varnish to Serve Mutiple Languages

Varnish is often used with PHP or NodeJS. On my server I run both applications simultaneously. Its possible to run NodeJS and PHP applications through Nginx, send them to the same varnish instance by setting different backends. This is done by working with the Varnish configuration language (VCL) and is surprisingly simple. Its also not really talked about much so here is an example. My setup also serves SSL content taking into account not to cache the management interface which includes authentication tokens and the like. I also realise I should call it TLS not SSL. To keep it simple here is a diagram:

Diagram of Nginx, Varnish, PHP and NodeJS on different ports

To make the changes open the following file:

nano /etc/varnish/default.vcl

Below the default backend definition add the following:

backend ghost {
  .host = "127.0.0.1";
  .port = "2368";
}

The above creates a second backend that is getting its content from our Ghost NodeJS app running on port 2363. Our PHP application is served by Nginx which would still be on the default backend.

Finally in the sub_vcl_recv section we need to tell Varnish which backend to use. Many advanced methods can be used but here is a simple example that sends the domain howson.me to the ghost cache and any other sites to the PHP cache:

if (req.http.host ~ "howson.me") {
    set req.backend_hint = ghost;
} else {
    set req.backend_hint = default;
}

There we have it. An easy way to use one varnish instance with multiple languages.