My Phone

My phone has a Snapdragon 835, has 4 GB of RAM, and 128 GB of non-expandable storage. My phone has two 13 MP cameras on the rear (one is black and white only for those art shots) and one 8 MP camera on the front. My phone has a 5.7 inch screen, edge to edge and not curved at 508 PPI. My phone comes in 4 colors and is made out of ceramic and titanium for ultimate durability. My phone has a 3040 mAh non-removable battery that quick charges extremely fast. My phone is unlocked and works on all carriers in the United States. My phone was designed and assembled in the United States. My phone carries no branding because it is my phone, not the manufacturers.

My phone cost $500 for me and you.

I am very happy with my phone. You would be too.

Cat vs. Mouse | Mouse Gets New Weapon

I’ve been using AdBlock for a few years now.  There are many clones so let’s be specific: https://www.getadblock.com/  Accept no substitutes.

For the most part, it works great.  However, the “cat” in this battle (websites and advertisers) can detect when you use AdBlock and may choose to either give you a nag screen (please help us pay for our site) or deny you access entirely unless you whitelist the site.

Which brings me to Pi-hole.  This service runs on any Linux distro, and the most popular method is to use a Raspberry Pi, hence the name.  However I chose to use Ubuntu Server as a virtual guest on VMware.

Installation was extremely simple if you follow their website.  Once installed, you can change the default password by running the command on your Linux command line:

pihole -a -p

Once Pi-hole is running, change the DNS of your DHCP server to resolve to the Pi-hole device (or virtual guest).  That’s it.

WPA2 Enterprise

Just rolled out to my home network; also known as WPA2-EAP or 802.1x EAP, it’s the last “unhackable” wireless encryption protocol.  The encryption key is handled by the access point (ultimately the RADIUS server) and the client device therefore there is no key to be compromised or changed regularly.  Authentication is handled by the users credentials on the RADIUS (read Active Directory) server.  Want to lock out a user?  No problem; just disable their AD account.

As my wireless network just sits at the same physical address for years on-end, this prevents me from being brute-force attacked by a tech-savvy neighbor.

Secure Socket Layer

Yesterday I went through literally (yes literally) every host on my IIS server and rebuilt every SSL certificate. I was using the program Let’s Encrypt as my certification authority. Upon first attempt, this was no easy feat with Microsoft IIS. If I had Linux, it would be practically effortless. However, Windows was a different story. Fortunately there is a freeware command line application that assists in the process called letsencrypt-win-simple. For the most part, it does the job well and also create a scheduled task that automatically handles the certificate renewals. 

Unfortunately last month I pressed “create all certificates for all sites” in the program. This made at least twice the number of certs I needed, the new ones pertaining to my redirects. This caused a few issues and spammed my Inbox that some certs were expiring. 

So yesterday as I said before, I started all from a blank slate. The Let’s Encrypt program had its own folder that stored renewal information. I made a copy and wiped it. Then I cleared out all the unnecessary certs in IIS. Finally I went through one by one and made new valid certs that should renew automatically. 

One site wouldn’t accept SSL, but I suspect that is due to the manual HTML encoding used. I’ll be speaking with that webmaster soon. 

Free SSL for the win! 

SonicWALL SSL-VPN and Tunnel All Mode

I must remember this one.  Scenario: you have setup SonicWALL’s SSL-VPN to accept external NetExtender client connections.  You have configured the clients in “Tunnel All Mode” which means the external device will browse the Internet from the IP of the SonicWALL (useful for when you’re at a public hotspot or other connection-inhibiting location).  Everything connects properly and yet you cannot browse the Internet.  The fix is simple.

Go to Local Groups, edit the SSLVPN Services group.  Go to the VPN Access tab.  Add the entry WAN RemoteAccess Networks.

You’re welcome.