Category: Tech Articles

Articles on the topic of technology I’ve written for various personal blogs over the years

  • Does Facebook store passwords insecurely?

    In 2017, I had stumbled on an issue with Facebook: while you are entering your password, adding a superfluous extra character at the end of the password would STILL allow you to login to https://Facebook.com.

    (more…)
  • Spy Craft of the 22nd century: Quantum Entanglement

    I’m not a I’m not a quantum physicist, nor a computer scientist. But Microsoft released this video a few months ago which sparked a thought.

    Microsoft & Photonic demonstrate distributed quantum entanglement

    While they were quick to point out the obvious benefits of “teleporting” the quantum state, i.e. the computational results, from one pair of entangled qubits to another.

    This quickly begged the question: given the hyper-advanced nature of supply chain attacks (see Israel planting explosives in the pagers of Hezbollah operatives, recently), could a nation-state simply take entangled qubits of an adversary’s quantum computer and see what it is they are working on at any given time? Further, could communications networks be compromised for real time ‘eavesdropping,’ so to speak? Perhaps not even internationally, but perhaps in an intelligence gathering platform akin to the NSA’s own PRISM program? If there is, according to some theories, no limit to the number of particles that share an entangled state, nobody would know if you simply “cloned” a few more, right?

    Am I understanding that well enough? Or would it not be the Qubits that become entangled, and only the ‘data’ that flows through them?

    I’m not the person to write the research paper on this topic. But I certainly hope someone out there will produce it – because I would love to read through it. Just an interesting thought I had with an eye on the future. Whether that future is 20 years, 50 years, or even further out is another question.

  • Ubuntu Linux CPU usage / CPU temperature high? Try this…

    We have an Ubuntu based mini computer at which serves as little more than a network switch. CPU and other resource utilization should be next to nothing, but frequently this computer would have CPU temperatures around 80 degrees Celsius, and when you would watch the resource monitor the CPU activity was all over the place. Despite the computer only really showing a few percent of CPU usage, if you went toe the Resources Tab of System Monitor, the per-core CPU activity was all over the place.

    As I mentioned, the computer in question is a simple network appliance that would never need to print, and upon closer inspection, it was the Linux “CUPS” Service. Once we disabled that, the CPU settled right down.

    (more…)
  • Cannot locate base snap core22 – easy fix

    A co-worker came to me recently because they had an Ubuntu Linux 22.04 computer on which restored a “Timeshift” backup, but suddenly Firefox wasn’t working. How or why it became corrupted was beyond me, but by the time I was ‘called in’ he had already tried several troubleshooting techniques, which had only seemed to make things worse. He had tried resetting, removing, and purging Firefox, and as other errors popped up they became things like cannot locate base snap core 22, or something about an inability to run certain hooks. I honestly didn’t even get a shot of the error message, but the good news was, that I had a fix.

    The simple fix for this is to have your core runtime environment (the Core 22 base snap, or Core 20, or any other core you may be having this issue with) switch over to the beta branch, and then immediately switch it back to the production / stable branch. Two quick commands will take care of this:

    sudo snap refresh --beta core22
    sudo snap refresh --stable core22

    Once finished, you can simply reinstall your problem snap: sudo snap install firefox – and then it began redownloading and reinstalling correctly.

  • Generating a self-signed certificate PFX file with Powershell

    Sometimes you need a self-signed SSL certificate for an internal project, but perhaps you’re restricted from using a 3rd party tool such as OpenSSL. Maybe this is for security reasons, a lack of external internet connectivity, or maybe you’re just working on something small and you need a quick solution. Well, Microsoft has you covered, as the ability to self-sign a certificate in Windows is quite simple.

    Open a Powershell Command Line as an Administrator, then enter the following command (changing “computerhostname” to the hostname of the server the file will reside on, using the FQDN (ex. computername.local) if you can):
    New-SelfSignedCertificate -DnsName “computerhostname” -CertStoreLocation “cert:\LocalMachine\My”

    Then, Windows Key+R to open the run menu, type certlm.msc and press enter or click OK. This will open the Certificate Manager for the Local Machine.

    To export the public and private certificate and key as a Private Information Exchange or PFX file (a Personal Information Exchange public/private key combo file) follow these steps:

    1. On the left side of Certificate Manager, expand “Personal” then click Certificates.
    2. Right click the certificate you just created, then click All Tasks, then Export.
    3. Next > YES > Next > leave the defaults (Personal Information Exchange, with “Include…” and “Enabled…” checked) > Next > Password (enter your desired password, which you will need later to use the PFX file), change the Encryption to AES256-SHA256 > Next > Browse and give the PFX file a destination and a name (demo.pfx) > Next > Finish > OK.
  • How to create PEM and PFX Certificates and Keys with OpenSSL

    OpenSSL has become THE standard for generating certificates for casual needs. Here’s how quickly you can create your own self-signed certificate and and a cert/key. Whether you need a .PEM, .CER, .Key, or .PFX, this article has you covered.

    1. Open an elevated command prompt as Administrator.
    2. Browse to C:\Program Files’OpenSSL-Win64\bin or C:\Program Files (x86)\OpenSSL-Win32\bin (or wherever you installed OpenSSL).
    3. openssl genrsa -aes256 -out demo.key 4096
    4. openssl rsa -in demo.key -out demo.key
    5. openssl req -new -x509 -nodes -sha512 -key demo.key -out demo.crt -days 3650

    In step 3, you can use 2048 bits on slower machines, or 4096 bits for higher security. These days most anything can handle higher bit encryption, so I just stick with 4096. In the screenshot you’ll see I used SHA1 in step 5, but you can use SHA512 for additional security as it is fully supported nearly anywhere you’re going to use these certificates in 2024 and beyond.

    In Step 5, you can replace “.key” and “.crt” with “.pem” if you prefer, the file will still be compatible.

    Also in step 5, you can specify a number of days – since this certificate is self-signed it can be anything you want. 365 for one year, 3650 for 10 years, or even 36500 for a 100 year certificate!

    After you press enter, it will ask a series of questions that should be simple to answer. When it asks for server name or FQDN, it’s best to enter the local machine name you’ll be using the certificate on (ex. computername.local).

    The result will be a pair of files in the “bin” folder from step 2! You should be able to upload these and use them wherever you need them!

    But what about PFX files?

    If you also need a PFX file (a Personal Information Exchange public/private key combo file which can be more easily shared) you can generate one with one, simple additional command:
    Step 6: openssl pkcs12 -export -out demo.pfx -inkey demo.key -in demo.crt

    This will prompt you for a password that you will need to remember in order to use the PFX file in its final place.

  • Robo & Kala 2 in 1 Laptop Review

    Robo & Kala 2 in 1 Laptop Review

    Back in September, I purchased the Robo & Kala 2 in 1 Laptop. I was looking for tablet that specifically ran Windows. Unfortunately, Windows tablets are few and far between, and those that exist are quite underpowered. That’s not to say that this device is a powerhouse, and we’ll talk about that more in a moment. But I was about to travel internationally for the first time in many years, and I was looking for a laptop that met two important requirements: battery life, and lightweight.

    (more…)
  • FIXED: pfSense Missing APPLY CHANGES Button

    A few weeks ago I was making changes to a firewall rule in a pfSense+ 23.05.1-RELEASE version firewall. But after I clicked the “save” button – there was no way to “Apply Changes” – the green banner that would normally appear at the top of the page was simply not appearing.

    (more…)
  • Gen1 Hyper-V Virtual Machines to Gen2 by converting boot drives from MBR to GPT

    While I consider myself a long way from being an absolute master, I think I have more experience with Microsoft Hyper-V Virtual Machines than your average Joe. I have had to convert a few virtual machines If you have an existing Generation 1 virtual machine, converting it to a Generation 2 and, these days, it can be remarkably simple. At least if the computer already has Windows 10 or 11 installed.

    (more…)
  • Windows 22H2 repeatedly says “wrong username and password” trying to login Active Directory user

    I recently had to troubleshoot an issue where a new Surface Pro 9 for an employee of an existing company. IT staff unboxed the device and began the initial set up, including Windows 11 22H2 Pro. Initially, the machine joined to the domain, but upon reboot, after joining the domain, absolutely nothing would let us log in to the domain. We tried normal users, domain Administrators, and in the end we had to go back to local users to continue troubleshooting.

    We didn’t believe there was a problem with the Domain Controller because all of the other computers in the building are behaving fine. Why just this one brand new computer? In the end, we realized it was because Windows 22H2 (Windows 10 or 11) doesn’t like a Linux-based SAMBA Active Directory server.

    (more…)
  • Gaining Command Prompt access on a Windows Computer that has never been set up

    Gaining Command Prompt access on a Windows Computer that has never been set up

    I sometimes work in an environment that has reasonably tight security requirements. One of those requirements as that a device’s MAC Address / Hardware Address be entered into a table on the router before it can be assigned an IP address.

    I recently showed up on site with a brand new in box Surface Pro 9, but I had no idea how to get the MAC Address of the device because I could not log in and open a command prompt. Or so I thought.

    I got to the wifi screen telling me to create a connection, then pressed “Control+Alt+Escape” which brings up Task Manager. Although it did not appear on my screen, I suspected it was running behind the overlay locked to the forefront of my screen. I pressed “Alt+Tab” and was able to confirm my suspicion. I then used the keyboard combination of “Alt+F” to open the file menu, pressed Enter knowing that “Run” was highlighted, typed “cmd” and pressed enter to open a Command Prompt window. All of this was happening behind the “Let’s Connect You to a Network” screen, but as veteran of the keyboard era of Windows, all of this was second nature to me.

    From there I was able to run the familiar ipconfig /all command, then, with the help of my phone’s camera, I could take a photo of the output of the command prompt and see the MAC Address that I was looking for.

    This was convenient enough, but the thought of just being connected to wifi without ever logging in to the machine and then being able to take advantage of this “defaultuser0” account to open a terminal, and then utilize wget to download and execute potential malware before the computer has ever even been set up… fascinating. I’m sure this isn’t “breaking news” to anyone, infact the feature is probably left in, intentionally, for cases just like my original issue! But it does force me to take pause and think of what I can do with this.

  • How to disable “notifications” from all major browsers

    People often get a lot of annoying pop ups down by their clocks in Windows 10 and 11, and what they don’t realize is that they have accidentally allowed “notifications” to come from advertising driven websites that are sending them notifications even when they aren’t visiting that website!

    In my opinion, the “notification” feature was the worst thing ever added to modern web browsers, but they all have it: Chrome, Edge, and Firefox all include this ability and with more and more browsers being powered by Chrome (Brave, Opera, etc…) this feature doesn’t look like it’s going away anytime soon. So here’s how to disable it!

    (more…)
  • I Love What I Do

    Originally published on Reddit in the /r/Sysadmin subreddit which was often filled with negativity and frustration, I shared this:

    I’m probably the very last of a generation.

    I wasn’t part of the earliest days of silicon valley. I grew up watching them, wishing I was just 10 years older.

    My first computer was a Commodore 64. Then I had a Packard Bell w/ an Intel 486DX4 80Mhz, Windows 3.11, 8MB of RAM, and a 600MB HDD. We upgraded the HDD to a whopping 4.2 GB, added another 16GB of RAM, and eventually upgraded to Windows 95. My first modem was 19.2Kbps. I watched the first “dot com” bubble burst. I was an unabashed geek who loved learning things, but I could never wrap my head around math skills. I was told there was no way I could make it in “computers” because of my weak mathematics.

    I went off to college, got a degree in English because I thought I was going to be a school teacher. Couldn’t find a job as a journalist, teaching jobs required years of being a substitute before you could find something good, so I fell back on my geeky skill set. I found a place that was willing to take a chance on me in an entry level help desk. I think I’m the very last of a generation that was able to get into this line of work without a formal background or degree or even certificates.

    I then worked from one position to another… technician’s jobs at small companies where a title was more of career stepping stone than the work I did while I was there… another help desk, a “Director” title at a job where I was the only IT guy… now I’ve pivoted to a place where I’m the “IT Administrator” but I’m doing all kinds of things I never thought I would do.

    I never learned programming languages… after all, I am still pretty bad at math. The company I work for is small enough that I can work directly with end-users and see that I still make a difference when I solve their problems. I’ve always loved that feeling. But I have zero formal training, and I’ve made a pretty great career out of “I don’t know everything, but I know that I can figure it out.” My attitude is always if there’s a problem, there’s a solution.

    Last night I spent two hours troubleshooting an Ubuntu Linux server because I’ve spent the last 35+ years of my life being a “Windows Guy” and only the last 14 months or so learning about Linux. I called a friend of mine when I took this job (full time RHEL admin) and he basically had nothing but encouraging things to say! ‘You’ve spent your whole life figuring things out, this is just something new to figure out!’

    ARE there times when an end user tries to throw the IT Department under the bus? Sure. Bring your receipts, show your logs where the email was delivered to their inbox, and it’s not that it wasn’t delivered, it’s just that they didn’t see it. ARE there times when an end user frustrates me? Sure, but there are days when those same people make me laugh. It’s all “water off a duck’s ass” as my dad used to say; it’s very rare that you have to completely avoid someone for the sake of your own sanity, and even when there are people like that, you learn which ones. ARE there times when I wish the biggest decision I had to make today was which font to use on a graphic or on which date I need to ship something out to make sure it doesn’t arrive too early or too late for an event? Absolutely. ARE there times when I’m overcome with existential dread that if I my backups don’t work correctly the whole company is sunk and dozens of people are out of a job and all I want to do is vomit at the mere thought of how much weight rests on my shoulders? Occasionally.

    But DAMN I love what I do. I love knowing that I fixed a problem and made a difference that day. I love the tangible nature of puzzle solving. I love that I always get to tinker with something new. Even in small dead end IT jobs where the work is repetitive – make a project up for yourself! Download something new and tinker with it! I love that just because I don’t have any credentials that require “Continuing Education” credits doesn’t mean that I should ever just STOP learning new things!

    What gets YOU excited these days? What got you excited when you first STARTED this career? Let’s have a thread that’s different from all of the rants!

  • How to fix Pending Update of Snap-Store, Close the App to Avoid Disruption

    I have a Virtual Machine running Ubuntu Linux that I use for testing purposes, but it recently started popping up this message saying “Pending Update of Snap-Store, Close the App to Avoid Disruption.”

    No matter what I thought I closed correctly or how many times I rebooted the VM, the error message still came back.

    (more…)
  • What’s the big deal with REBOOTING my computer, anyway?

    In my personal life, I regularly have people come up to me and ask “Why does my IT guy always tell me to reboot before calling him?” My reply, often times, is simply: because it works.

    Just SOME of the tasks your computer is running at any given moment
    (more…)
  • Windows 10 / 11 HEIC / HEIF Image Extensions for Free

    These days, many phones, in particular iPhones, will shoot photographs in raw or in High Efficiency Image File formats. But when those files are emailed to Windows computers, sometimes they just can’t be easily opened.

    Installing this free extension from Microsoft should allow your computer to open these files natively in the Windows “Photos” app.

    This goes hand-in-hand with the Free HEVC extension for playing videos.

  • Windows 10 / 11 HEVC Video Extension for Free

    Microsoft offers the HEVC Video Extension necessary to play videos from iPhone users on their store, but they often try to charge a dollar for it. Just $0.99, in fact! In many cases, I don’t mind spending a dollar, and I encourage others to do the same. But sometimes you’re just in a pinch and you don’t have your credit card on file, or you aren’t logged in to your normal Microsoft account and it’s just a pain.

    Have no fear! Microsoft also provides a link in the Microsoft store where you can download the HEVC Video Extension completely free of charge.

    Why are there two, and why does this link exist?

    (more…)
  • Spamhaus blocking sites not on block list?

    Seemingly out of nowhere after literally over a decade of using Spamhaus with no issues, people were having issues sending to us. Their emails were getting flagged as spam – or at least so it would appear to them – they were receiving rejection notices saying that our email server rejected their message as spam. When I combed through our server logs, I noticed the error message actually seemed to indicate that the spamhaus service was unavailable and that’s why it was rejecting mail:

    Remote Server returned '550 5.7.350 Remote server returned message detected as spam -> 554 5.7.1 Service unavailable; Client host [40.92.21.67] blocked using sbl.spamhaus.org'

    You’ll notice it says “detected as spam” but it also does specifically say: “service unavailable.” So what gives?

    Well, thankfully, the geniuses over at MXRoute.com recently posted an article and have asked for help spreading awareness of an issue, so that’s precisely what I’m here to do. Spamhaus has made the horrible decision to no longer accept DNS requests from the most common DNS servers. In other words, if your mail server is configured to use something like Google’s 8.8.8.8, or Cloudflare’s 1.1.1.1, there’s a good chance that your request is simply going to get rejected. This, in turn, will cause your server to receive a “service unavailable” message like the one above, which will force it to send a rejection notice to the original sender.

    Why was I impacted by this “seemingly out of nowhere?” Because I had recently switched my DNS settings to use 1.1.1.1. Surprise!

    You can fix this quickly by switching, painful as it may seem, to your local ISP’s normal DNS entries, or there are ways you can see if you can have your server’s IP address added to a sort of approved list for low volume senders.

  • Apple is blowing it with this charging port fiasco

    Stanley Ng

    I’ve never been much of an Apple guy. The only Apple product I’ve personally owned was a used Mac Mini that I bought just so I could be a little more knowledgeable about helping people troubleshoot Mac problems. But when the European Union said that Apple had to ditch their custom charging port and make it “Common Charger” USB-C port, I feel like Apple missed a golden opportunity.

    (more…)
  • How To Add Safe Mode & Safe Mode w/ Command Prompt to Windows Boot Options

    I recently ran in to a VERY frustrating issue trying to get a Windows 10 computer to boot in to safe mode when the main OS kept freezing up. Modern Windows will “fall back” to safe mode if it detects problems booting, otherwise you’re supposed to enter a hidden boot menu from inside the operating system. But if the OS boots normally and then locks up, it can be difficult to boot to safe mode.

    Unlike the olden days of Windows 95 you can’t press F5, or Windows XP just press F8 – so I decided to bring a more thorough boot menu BACK to modern Windows on all my personal computers. This can be done through the Boot Configuration Data editor tool, BCDEdit.

    Safe Mode added, and verified
    (more…)