Personal

Privacy & Google Search Alternatives

When it comes to privacy, using Google search is not the best of ideas. When you use their search engine, Google is recording your IP address, search terms, user agent, and often a unique identifier, which is stored in cookies.

Here are a few Google search alternatives

 

DuckDuckGo is a US-based search engine that was started by Gabriel Weinberg in 2008. It generates search results from over 400 sources including Wikipedia, Bing, Yandex, and Yahoo. DuckDuckGo has a close partnership with Yahoo, which helps it to better filter search results. This is a great privacy-friendly Google alternative that doesn’t utilize tracking or targeted ads.

Searx is a very privacy-friendly and versatile open source metasearch engine that gathers results from other search engines while also respecting user privacy. One unique aspect with Searx is that you can run your own instance

Qwant – is a private search engine that is based in France and was started in 2013. Being based in Europe, the data privacy protections are much stricter, as compared to the United States.

Metager – is a private search engine based in Germany, implementation of free access to knowledge and digital democracy. Ref: https://metager.de/en/about

StartPage – StartPage gives you Google search results, but without the tracking.
Ref: https://classic.startpage.com/eng/protect-privacy.html#hmb

 

CredSSP encryption oracle remediation

If you’re like me, you have encountered this error remoting into one of your servers.

An Authentication error has occurred. The function requested is not supported.
Remote computer: <servername> This could be due to CredSSP encryption oracle remediation

The quick solution is to patch your host from one of the patches here

If you are unable to patch and then issue the mandatory reboot of the remote server then you can apply the following registry fix

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
“AllowEncryptionOracle”=dword:00000002

Workaround Warning

After you change the following setting, an unsecured connection is allowed that will expose the remote server to attacks. Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case of problems occurring.

 

Scenario 1: Updated clients cannot communicate with non-updated servers

The most common scenario is that the client has the CredSSP update installed, and the Encryption Oracle Remediationpolicy setting does not allow an insecure RDP connection to a server that does not have the CredSSP update installed.

To work around this issue, follow these steps:

  1. On the client has the CredSSP update installed, run gpedit.msc, and then browse to Computer Configuration > Administrative Templates > System > Credentials Delegation in the navigation pane.
  2. Change the Encryption Oracle Remediation policy to Enabled, and then change Protection Level to Vulnerable.

If you cannot use gpedit.msc, you can make the same change by using the registry, as follows:

  1. Open a Command Prompt window as Administrator.
  2. Run the following command to add a registry value:
    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Scenario 2: Non-updated clients cannot communicate with patched servers

If the Azure Windows VM has this update installed, and it is restricted to receiving non-updated clients, follow these steps to change the Encryption Oracle Remediation policy setting:

  1. On any Windows computer that has PowerShell installed, add the IP of the VM to the “trusted” list in the host file:
    Set-item wsman:\localhost\Client\TrustedHosts -value <IP>
  2. Go to the Azure portal, locate the VM, and then update the Network Security group to allow PowerShell ports 5985 and 5986.
  3. On the Windows computer, connect to the VM by using PowerShell:
    For HTTP:
    $Skip = New-PSSessionOption -SkipCACheck -SkipCNCheck Enter-PSSession -ComputerName "<<Public IP>>" -port "5985" -Credential (Get-Credential) -SessionOption $SkipFor HTTPS:
    $Skip = New-PSSessionOption -SkipCACheck -SkipCNCheck Enter-PSSession -ComputerName "<<Public IP>>" -port "5986" -Credential (Get-Credential) -useSSL -SessionOption $Skip
  4. Run the following command to change the Encryption Oracle Remediation policy setting by using the registry:
    Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' -name "AllowEncryptionOracle" 2 -Type DWord

 

Blocking Internet Advertisements, and more with Pi-hole

The challenge is to mitigate exposure to the advertisements spammed all over the internet with the same approach as fighting against virus and malware threats.

I recently upgrade my Pi-hole® to take on not only the task of blocking Internet advertisements, but malware, and adult sites.

Here is my list on pastebin: https://pastebin.com/eV3cUnjy

Installing Pi-hole

Pi-hole makes it as easy as possible to download and get running with a one-line script that starts up a menu-based installer. Simply enter: curl -sSL https://install.pi-hole.net | bash

More on setup here

Whitelisting

There was a fair amount of whitelisting that needed to be applied to allow some social media sites to work as desired. You will want to monitor what’s blocked to determine what you are willing to allow.

Mobile Protection

I started using the Pi-hole® to protect my mobile device from these threats by leveraging the same blocking I am using on my home network.  This not only cuts back on the data use but also add layers of privacy and security protection to my device while on untrusted networks.

 

A simple solution to use is OpenVPN. Fore more info on setup please visit: https://openvpn.net/

DNSSEC

But what about my ISP who can see my upstream DNS requests.  Well for that, we could trust them, or trust in a 3rd party who uses DNSSEC technology to protect your privacy. Use Google, Norton, DNS.WATCH or Quad9 DNS servers.

And with that you get some decent statistics about your network.

 

 

 

 

 

 

 

 

 

 

MethylPREDNIsolone DOSEPAK 21S

Methylprednisolone is a steroid that prevents the release of substances in the body that cause inflammation. Methylprednisolone is used to treat many different conditions such as allergic disorders, skin conditions, ulcerative colitis, arthritis, lupus, psoriasis, or breathing disorders.

Friday, March 30, 2018

Today I start my DOSEOAK, sometimes referred to as Medrol (Pak) which was prescribed to me by my doctor to help address possible issues with inflammation in the area of my neck which may be triggering nerve sensations ending in pain starting in my shoulder, down the backside of my arm into my wrist and finally causing numbness in my fingers.

I am logging my treatment here as a reminder to myself and sharing the outcome with you.

  • 7 AM – First 2 pills of the Medrol (Pak)
  • 1 PM – pill number 3 after my lunch

Saturday, March 31, 2018

  • 9:00 AM – First pill of the day. Off to Orthopedic around noon.  I’ll be receiving x-ray of my shoulder and neck.
  • 12:00 PM – Completed neck and shoulder x-rays now waiting for the doctor.
  • 1:00 PM – I am now going to be scheduled for an MRI, also my medication dosage was increased by the Orthopedic because he felt that 4 MG was too low of a dosage considering the evident nerve pain in my fingertips.

Sunday, April 1, 2018

I started my new round of Prednisone Oral 20 MG Tablets

The plan:

  • Take 3 tablets by mouth daily for 2 days
  • Then take 2 tablets daily for 2 days
  • and then take 1 tablet daily for 2 days

Monday, April 2, 2018

Day 2 of my new plan, first dose at 7:00 AM – No side effects although, I do have soreness in my hips which is new…

Few hours after my second dose of the 20 MG Tablets – I felt cold sensations down my left arm (arm that was previously in pain).  Hand also felt cold

Tuesday, April 3, 2018

Today is day way of 2 tablets daily —  Took my dose in the morning 7:00 AM and went to work.

Around 12:00 PM I noticed the cold feeling running up down my arm again and into my hand and fingers.  Typing is difficult as is it feels like I’m poking my fingers with pins…  Reading online about symptoms has me paranoid …  Now reading about: Thoracic outlet syndrome – https://www.mayoclinic.org/diseases-conditions/thoracic-outlet-syndrome/symptoms-causes/syc-20353988

7:30 PM Took my second dose for the day.

In bed by 10 PM, numb feeling in fingers during the night while sleeping

 

Wednesday, April 4, 2018

Day 2 of my 2 tablets — Took my dose in the morning 7:00 AM

Around Noon, my arm felt cold again

 

VMware Guest Customization Specification, Configure Domain Joining

I recently worked to correct an outstanding support issue of VMware Guest Customization Specification not joining guests to Active Directory Domains. I thought I’d share my setup so it might help others facing similar issues.

Log into the vSphere console, navigate to the Home page section

From the Home page click the Customization Specification Manager

Once in the Customization Specification Manager Click on “+” symbol to create VMware Guest Customization Specification.

Select the operating system either Windows or Linux from the drop-down on target VM operating system and Specify the name for the Customization Specification. Enter the description of the customization specification. Click on Next.

Provide your registration information and click Next.

I use the computer name of guest OS as same as the virtual machine name. It simplifies the identification of the virtual machine in the vCenter inventory. Select “Use the virtual machine name” to use the computer name as same as virtual machine name and click Next.

Enter the windows licensing information for this copy of the guest operating system; if you are using a KMS server for activation you don’t have to type a key here.

Specify the administrator password and auto-login option for the administrator account of Windows operating system. Click Next.

Select your time zone and continue.

If you need to run some commands on the first log on, put them here and when your done click Next.

On the Configure Network, you can specify the network settings for the guest operating system. Either you can use DHCP or specify the custom network settings.

To specify the custom network settings, Click on Edit “Pencil Icon”… In this section is where I specify the DNS suffix to add to the Windows operating system. Click on OK.

This allows me to communicate to a specific Active Directory Domain Service (ADDS), and include the domain suffix. Once Network settings are specified in customization specification. Click on Next.

Under Set Workgroup or Domain, choose “Windows Server Domain”, specify FQDN and specify the user account and credentials information that has permission to add a computer to the domain.
The user account is in the format of user@domain.tld
Click on Next.

Select the checkbox “Generate New Security ID (SID)” to generate a new security identity for the windows virtual machine. This option is important to generate the new SID from the source machine. Click Next.

Finally, review all the settings specified in VMware customization specification and click on Finish

Now you can Deploy Templates Using VMware Guest Customization Specification, and join the guest to your Active Directory Domain without issue.