About / Welcome

This site was originally a Forum for family / friends to act as an alternative to using Facebook, however never achieved adoption and subsequently evolved into a personal general blog that it is today (serving as my personal self-hosted surrogate to Facebook).

As always, the views expressed here are my own and (unless otherwise explicitly stated) I do not purport that any of my views to be factually correct and opinions on any given topic are most certainly subjected to change. The intended audience of this blog is Family and friends and the content here should be regarded in the same vein as a series of personal public Facebook posts as opposed to a fully-fledged blog.

Ngā mihi nui


Fergus Young
www.nui.nz

About / Welcome

Security Warning – Click Hijack investigation

Investigations so far suggest that there is some type of conditional redirect exploit/hijack being planted on many WordPress websites redirecting search engine referred visitors to fake award/survey sites such as “applefacetook”, “hurryexpectsugar”, “mouthtroubleask”, “ondiesmall”, “thendownmeat”, “makemodernfive”, “sayhitome”, “whateyeweight” among several others typically ending in a “.live” address. While this Hijack, as far as I have seen appear to predominantly affect WordPress websites, I wouldn’t be surprised to learn that this possibly affects other types of websites as well.

In my experience, for sites that are affected, to replicate…
(These most certainly could differ depending on the site affected)

  1. Prerequisites…
    • Needs to be done from an IP address that has yet to access the site in question. (e.g Mobile Data Connection, activate and deactivate airplane mode to get a new IP address)
    • Chrome or Firefox browser (Win 10 or Android) in Incognito Mode (No plugins). Reportedly in other variations of the exploit, it only occurs on Safari under iOS
  2. Search for your site in Google search
  3. Click on the search result that points to your website. Instead of loading up your website as expected, you get redirected to a hijack site.

The hijack will not fire If you access your site directly. This appears to be some conditional exploit based on visitors coming from Search Engines. (e.g by typing the site URL directly into the Address bar, you won’t get redirected) and it looks like it will only fire once per IP Address.

I probably should add that many so called WordPress vulnerability scanners online I’ve discovered aren’t even set up to detected this sort of hijack. The scanners based on “Securi” certainly will not detect this exploit, I’ve found.

Other resources…

Original Post (Old):
Noticing some apparent weird intermittent redirect hijack on the general web where some sites are allegedly redirecting to some dodgy website with names such as “mouthtroubleask”

Update – 2020-09-11T06:55:00+12:00: Added steps to replicate (from my own experience)

Update – 2020-09-12T18:20:00+12:00: Added note to mention that all of the online WordPress malware scanners I’ve tried won’t detect this sort of hijack.

 

 

Security Warning – Click Hijack investigation

Tech Bubble 2.0

As always, all views expressed in this site is my personal opinion only. Not financial Advice

With Faceborg shares, along with other Tech shares up 6-8% today on something I can’t pin on, I’m declaring this as a classic bubble in formation as the FOMO factor along with mania very obviously increasingly takes hold. As mentioned in my previous post, If I were a short term speculator type who likes riding by the seat of their pants, yeah, I would probably look to go all in.

Also reaffirming view of the bubble scenario. COVID-19 was essentially only an interruption to the larger trend originally sensed…

Old scribble I made in November 2019. Will need to be re-drawn to include COVID-19.

Not planning to substantially change my current mix of investments, however will probably now look to offload some over valued holdings in the next month or two and then rebalance things. Currently, I see many stocks are valued far beyond any reasonable metric and strongly believe that we are in the midst of a forming classic bubble. Short term, I now expect shares, in particular, technology stocks, to shoot to the sky towards completely absurd levels. Long term, I now expect pain (should the optimism continue).

For longer term folk, who aren’t into thrills and speculating, we may just have to sit tight for a while longer. I believe personally it is fairly clear that things are now running on almost pure emotion / euphoria. Though again, who the flip knows?

 

Tech Bubble 2.0

Unusual Economics

The original bull trap assessment is well and truly dead I believe. If a down leg as part of a great depression type scenario were to have happened, it should have occurred by July and no later than the middle August. Coming to the view that COVID-19 was a mere interruption to the previously assessed larger trend.

The financial markets from many accounts appear to mostly now be sentiment (emotionally) driven and would not be at all surprised to see Asset prices continue to drive higher as a result of the FOMO affect (before possibly abruptly pulling back), helped along by Federal Reserve support and other interventionist (as opposed to classic free market) policies.

The ‘Efficient Market’ disciples can argue blue in the face that the markets are forward looking and the market is factoring in that things will drive back to normal before we know it, but this argument simply isn’t stacking up for me… at all.

I see a forming Technology bubble, driven by the likes of TSLA whose prices are being driven far beyond what facts, fundamentals and underlying data could ever justify.

While this certainly seems like a classic bubble with the usual tell tale signs including Taxi drivers talking about their gains in Property + stocks, and phases such as ‘Permanently high plateau’ + ‘This is a new paradigm!’ being banded about (i.e this time being “Modern Monetary Theory”), these bubble signs and anecdotes have been going on for an extraordinary long time, considerably longer than what would have normally occurred in a text book bubble. In fact, I’d go as far as to say that I feel the last secular bull run from 2009 to today is highly unusual.

Nothing can be said for certain as all I can see is that much of the information coming out to date is simply too poor to base any meaningful longer term decision making off of (have long held the view that Economics as a discipline is in disrepute), and that the markets in my view have most certainly been interfered with.

Current personal investment focus is towards NZ Farm Land where prices on average have not shifted a huge amount over the last decade (See Farm land price Graph at interest.co.nz and REINZ Rural + Lifestyle property data). How one might be able to partake in this may be through funds such as the Booster Private Land and Property Fund, however, the types of properties they appear to cover are rather limited. In regards to other investment related thoughts… Continue reading “Unusual Economics”

Unusual Economics

Facebook Alleged Arbitrary Bans

Apparently when someone appears as deactivated in one’s friends list, this may not always be the case and can sometimes mean they’ve been thrown into Facebook Jail. Usually the first thing I noticed when a friend has their account deactivated (voluntarily or not) is that their profile picture has disappeared and then when you click on the friend’s profile, this message comes up…

Friends’ Facebook Account shows as deactivated, but she claims that Facebook has banned her. This friend also happened to be a huge fan / supporter / advocate for using Facebook.

Have had some friends over the years mentioning they were blocked without any sort of warning and it has taken ages, sometimes a month before they are allowed back on. Often they show up as being deactivated in my friends list.

This is a timely reminder that we shouldn’t rely solely on Facebook, run by a single for-profit company, as our sole means of staying in contact with Friends and Family, ever.

Remember, you aren’t the customer here (you don’t pay anything financially towards using Facebook), you’re the product being milked for your personal data.

I have been hearing more and more of these anecdotes and in behoves that people ensure they maintain a separate means of contact, least you end up like this guy mentioned in the Elliot Advocacy article, who has been unable to ever get his account back.

As an aside, a mass concerted movement off of Facebook I strongly feel is long past overdue. I would also even go as far as to state there is perhaps a moral obligation for the more tech inclined among us to lead the way and make the effort to make ourselves available on other (preferably federated, decentralized) platforms and gradually remove our dependence on Facebook for the purposes of staying in contact with friends and family.

 

 

Facebook Alleged Arbitrary Bans

Need to maintain vigilance regarding COVID-19

Update: 11th August 2020 – New community transmission cases discovered. Heading back in to partial lock down.

I feel Ashley Bloomfield’s (NZ’s Director General of Health) concerns are valid. Feeling the pulse in general, I am sensing…

  • An up tick of sentiment against the counter measures in general, including against the prospect of lock downs and mask wearing in New Zealand, particularly on the more conservative side of the political spectrum.
  • People not getting tested or otherwise refusing a test when showing respiratory symptoms or when otherwise directed to do so by their doctor.
  • A general feeling that most people have become unduly complacent, prematurely patting ourselves on the back and living like the Virus won’t ever come back.

The thing I feel is that all it takes is one case to come undetected into the community and can possibly see this whole situation go up in flames like a tinderbox.

Need to maintain vigilance regarding COVID-19

Pi-Hole on a Raspberry Pi 4

Experimented with running Pi-hole on the Raspberry Pi 4 that I have.

5 Minutes in, Pi-Hole showing how tragically ad ridden the modern web has become.

The Set up at least for the more tech inclined is very easy, all you had to do was launch a command line prompt and type this command…

curl -sSL https://install.pi-hole.net | bash

After running it for an evening. Thoughts and findings so far…

  • Predominantly Does a DNS level block with a blocklist of known advertisement serving IP addresses.
  • YouTube is a moving target whereby ads are served from youtube.com itself and therefore very difficult to (completely) block with Pi-Hole.
  • Mobile devices with Ad laden apps will perhaps see the greatest reduction in ads.
  • The default configuration doesn’t block nearly as many ads as say uBlock Origin installed on Desktop Firefox. This is not a replacement to having Client side ad blocking.

Curiously noticed these appearing in the query-log…

  • www.collab.apps.mil
  • www.gov.teams.microsoft.us
  • www.dod.teams.microsoft.us

Why would Teams try and poll for these addresses is beyond me. It does raise a sufficient level of curiosity that I will be checking this out.

 

Pi-Hole on a Raspberry Pi 4

Stream of Consciousness Week 13rd July 2020

Stream of consciousness and other personal thoughts garnered throughout the week and which will be added to as the week rolls on. These thoughts are unrefined, unquantified, unverified, and raw. Any of these may be either be edited, deleted or otherwise spawn out into its own separate post…

  • Grant Imahara of Mythbusters has tragically passed away very suddenly. Have to admit, his passing probably hit me a lot more than any other Celebrity.
  • Apparently those who were previously infected by CoVid-19 are susceptible to getting it again. I do wonder if we are actually looking at the same Coronavirus or a different strain? Appears the world are having repeated recurrent waves of this thing.
  • Quiet weekend away down Waikato way. Visiting various historical sites and doing another walk up the Kauri grove loop track at the northern end of the Hakarimata range.
  • Finally got my Raspberry Pi 4 (with 8GB Ram), have set it up as a Desktop PC and it appears to do the job surprisingly well. Seems to choke when I try to run Firefox browser though (hence why it seems they went with Chromium as part of the default install)
  • Coming to the conclusion that Branding increasingly in a lot of cases can end up leading to misplaced loyalty on the part of consumers.

Older Stream of Consciousness thoughts can be found here.

Stream of Consciousness Week 13rd July 2020

Australian Consumer Protections + Regulatory frameworks

Update: 15 July 2020 – Rewritten to correct some of my own views and information.

I concede this is more of an unquantified feeling at this stage and this post will likely be added to or otherwise edited…

While Australia has both Consumer and Retail investor Protection regulatory frameworks in place, the supervision and enforcement of I feel of is rather weak and probably weaker than anyone, even Australians actually realise. This extends to their financial sector as well In terms of retail investments and retail banking. Continue reading “Australian Consumer Protections + Regulatory frameworks”

Australian Consumer Protections + Regulatory frameworks

NextCloud Snap Packages updated to version 18

Just saw a notification that the Snap NextCloud installation I had running had been updated to version 18.0.4. For me this is fairly significant in that you can now self host your own office suite with “ONLYOFFICE” community edition and if you are ambitious enough, allowing the option to move away from the likes of Google and Microsoft (Office 365).

The catch is that you have to set it up yourself by installing the needed Apps.  To do this, go into Profile, then Apps and enable “Hub Bundle” (or at the very least “Community Document Server” and “ONLYOFFICE”)

Upon doing that, I ran into headaches with this vague and unhelpful error message…

Diving into the nextcloud.log… (the location of which is going to be different depending on your installation. Helpful I know.)

"message":"Allowed memory size of 134217728 bytes exhausted (tried to allocate 315857416 bytes)

I had to fire up an SSH session and send the following commands (applicable to Ubuntu Linux). One to increase the memory limit to 512 Megabytes and the 2nd one to restart the NextCloud service….

sudo snap set nextcloud php.memory-limit=512M 
sudo snap restart nextcloud

Back in NextCloud’s web interface, navigated back to Apps section and tried Enabling the Hub bundle again. Still got a flipping error!

"Cannot declare class OCA\\Talk\\Migration\\Version2000Date20170707093535, because the name is already in use at xxxxxxxxxxx"

At a loss as to now what to do, I then went through for each App under the Hub Bundle, clicking on Enable one by one and it worked for some completely and disconcertingly unknown reason (No errors happened this time around… have no idea why, sorry.)

After that, I went back to my Files and had a play at creating new word documents… (Success I guess)

Seems to work pretty well for a family user set up, even on the lowest tier VPS plan with my provider. (1CPU / 2GB RAM). Included with the ONLYOFFICE suite is a Word Processor, Spread Sheet and Presentation (slides) application. At the moment, the biggest issue I can see is the lack of a working spell checker on the community server plugin as reported here and here which I feel is fairly fundamental to a Word Processor. Little bit concerning is that the web browser based (core or plugin based) spell checkers don’t appear to work inside of it either.

I think at this stage, for word processing, will stick with using the visual Markdown editor “Text” (by Julius Härtl) and continue trailing out the Spread Sheet application by doing my Tax return on it and then reporting back here.

Despite the messing around and troubleshooting to get it working I’m overall pretty otherwise pleased with the “Only Office” implementation (Community Server plugin) as a proof of concept.

 

NextCloud Snap Packages updated to version 18

Recommend Abolishing the National Lottery

I have to admit, the oft used slogans in Lotto NZ’s marketing… “Got to be in to win” and “Imagine…” troubles me quite intensely, in so much that I feel it traps the more vulnerable people into a dopamine driven false sense of hope and psychological impression that the odds of winning the big one is magnitudes larger than either logic or statistics could ever justify.

It is also I feel serves as another function to distract quite a few people away from their meagre lives and contributing to drawing public attention away from the issues that really need attention and debate. (e.g The Value of Working, Provision of pathways and opportunities to progress and contribute meaningfully to the community, Ending the over-commoditization and downright pitiful rampant speculation on housing, etc)

People argue that Lottery organizations are charities and they give back to the community by way of grants as merely an excuse to keep these schemes around, however I firmly feel the impact (Addictions, distractions) outweighs any community good. Like the Pokie machines (“One arm bandits” I call them), the poor and the ones who can least afford to engage in such pursuits, seem to be the biggest patrons of them.

There I’ve said it… I strongly felt that I needed to at least get this off of my chest.

Recommend Abolishing the National Lottery

Financial Crystal ball gazing 2020

These are pretty much “Stab in the dark” predictions please acknowledge disclaimer

Have quietly Pilot bought into OTC:GBTC, while everyone attention wise appears to focusing their mind elsewhere. However I believe that in the shorter to medium term that prices for the asset class may continue to be soft and may even halve from its present day price (in which case, it would be an opportunity to add to the position)

We may see another parabolic run up in the next 2-3 years, provided some one doesn’t somehow manage to compromise the integrity of this particular asset in the meantime. Even if my “stab in the dark” prediction materializes, I feel the next BTC run up bubble is unlikely to be anywhere near as great (in terms of multiples of gains) as the last few parabolic run ups, given the trend of each such run up has been less than the preceding run up

Equity markets and asset prices behaving as per last observation and have seemingly started accelerating. However I am still cautiously feeling the pulse and this may change at short notice given financial system is behaving I believe well outside historical norms. I still assert things have been deeply distorted due to central banks unleashing the biggest ever liquidity glut known and a significant sustained correction I further assert is extraordinarily well past long overdue.

Away from the purely financial side of things, my prior concerns over global food supply and security have been increasing. How the world can best mitigate such an eventuality, I don’t yet know of an idea.

We’ve been in a very long period of relative calm and abundance (in the developed nations) but see a lot of risk factors that could potentially unseat this in the next decade or so.

Financial Crystal ball gazing 2020

Seeing straight through Thrifty Car Rental Australia “Smiles all the way” marketing

Update: 14 July 2020 – Have decided to move much of the commentary around Australian Consumer Protections to another post here instead.

I have had largely reasonable experiences with this car rental brand in Australia. Vehicles provided have predominantly been received in clean, tidy and good condition. Majority of hires have been smooth with one disappointing experience in the middle involving one of their licensees operating in Suburban Melbourne who I felt were dishonest and were also caught posting fake reviews to boot (Dandenong Thrifty / Lawrence Vic Pty Ltd). Continue reading “Seeing straight through Thrifty Car Rental Australia “Smiles all the way” marketing”

Seeing straight through Thrifty Car Rental Australia “Smiles all the way” marketing

More site Maintenance.

In the latest round of website maintenance issues… In the latest version of Chrome, v79 for Android, it was found the Tiled Galleries weren’t displaying / resizing properly anymore and were ending up being cut off on the right hand side. The funny thing was that the Desktop and iOS variants of Chrome (v79) were unaffected. Similarly, all the other browsers (Such as Brave and Firefox) on Android would display the same galleries fine.

Decided to try and debug it. After much blooming mucking around trying to get Chrome PC DevTools to recognize my phone. Managed to start walking through the code and identify where it was flipping out… but not necessarily understanding why.

PC Desktop Chrome v79 Devtools Debug freaking out and closing the USB Debugging connection

All I know was at the highlighted line, it would skip right out without error. Often at the same time it would cause my USB Debugging / ADB connection to the phone to die, requiring me to revoke all Debugging access permissions on my phone and then trying to re-authorize the connection to get it going again.

The section of code checks if all the images have been loaded up prior to executing the actual resizing / re-scaling of the Tiled Gallery images.

Anyway, have since identified and implemented a workaround in code and I am now testing it out on all the browsers I have access to. I am thinking however that this isn’t anywhere near the last of the challenges I will be facing while maintaining my own web presence and services going forward (as opposed to relying on Facebook / Instagram for that). Facebook have whole dedicated teams to troubleshoot shit like this.

More site Maintenance.

Site Move + State of the web.

Moved NUI.NZ again. This time to cheaper self managed hosting at Digital Ocean. Was on Cloudways who turned out to be excellent, though couldn’t justify spending almost 40 NZD a month on what essentially was a personal homepage hosting a bunch of personal photos. New arrangement will probably save me around 300 NZD per year.

I’m probably increasingly one of the last few netizens in New Zealand who still bothers to maintain a fully fledged personal website as the primary means of staying in contact with Friends and Family, particularly where I host my own photos (and video clips) on my own domain rather than putting it on one of the many proprietary services.

I have trouble with supporting the like’s of Facebook given their track record behaviour. After all they are a business whose first and foremost aim is to maximise profits and believe that it is not a good idea for us collectively allowing them to so much power over our communication lines between friends and family and subsequently our lives in general. They aren’t some benevolent organisation, being a for-profit entity, they are ultimately answerable only to their shareholders

Giving the increasing complexity of maintaining a website along with Web development becoming an increasingly specialized field… we are seeing more and more personal websites simply become single page landing sites which contain little more than a series of links to one’s social media accounts on the proprietary platforms owned essentially by Advertising companies.

Site Move + State of the web.

But what will be the “Trigger”?

The theme has been the same for years. If the legion of economists and financial experts are to believed, the markets are over valued, the world is awash with money. We are totally hooked on cheap credit and a crash is imminent, but this ‘crash’ never ever seems to come. Indeed, even with me, my feeling is that a sizeable financial correction is extraordinarily well past overdue. The thing I feel hasn’t be covered in great deal is how might such a financial crisis end up being triggered? Hardly anyone I feel has actually really covered this in a great deal of depth.

It appears that as long as central banks keep “printing” Money (from thin air), this action appears to be very supportive of equities and the property market and is insulative of any world Crises that may ordinarily spoke the market. Unless anything untoward happens, Asset prices such as equities and property prices I feel will continue to escalate and may even accelerate in the short to medium term from here on in. There seems to be NOTHING that will cause a crash as long as central banks and commercial banks keep creating money and pumping it into the system by way of Fractional Reserve Banking.

Something I penned on a scrap piece of paper. This scenario is probably unlikely to eventuate, but at the same time, wouldn’t be surprised if it does.

There are however underlying risks at any time that can seemingly jump out of the blue and come bite everyone in the arse. When such an event will happen I believe it’s anyone’s guess as to when such a catastrophic event will happen and ultimately such an event is outside our ability to predict with any sort of usable accuracy. A correct prediction by anyone would basically be down to pure chance / luck. Statistically, someone will undoubtedly guess correctly and may get fawned over by the masses looking for any sort of answers as being some guru who had some insight.

The way the system is currently structured, if and when something does occur to be sufficient to get the boulder moving. The subsequent chain of events is going to be absolutely devastating. Once say a bank fails, there is a tendency for others to collapse along with it. Loans may be recalled, Entities stop investing, money stops flowing, More loans are recalled, People get laid off, Home owners may be forced to sell into a sliding market, trigger more loan recalls, panic selling ensues, Sell stops are triggered on stocks dumping more equities into the market, ultimately an unstoppable panic driven chain of events will be happening feeding upon itself in a frenzy and will undoubtedly drive asset prices to absurdly low levels.

So far the ‘Risks’ factors that I can see that may sufficiently trigger a crisis at some point.

  • Some sort of Pandemic, similar to SARS or another airborne virulent infectious agent.
  • Supply side shock of an essential resource, such as Food Shortages / Famine. An event such as plague, disease or disaster that ends up reducing the food supply. Food price going out of control, eventually leading to panic buying feeding (pun not intended!) on itself.
  • Spreading Civil Global Unrest. In the case of Hong Kong and Chile, there were an underlying sense of discomfort. Civil unrest was often ignited by a single policy in the style of a feather breaking the camel’s back.

The reality is, I feel we haven’t learned very much if at all from the 2008 Global Financial Crisis. The credit and liquidity bubble I feel is a lot more lofty today than it was back in 2008 before the shit hit the fan. The last run up of asset prices have almost, I feel, has been entirely credit driven and along with artificially low interest rates.

Indeed, with no end insight to current trajectory of asset price inflation from ever loosening monetary policy.  Have been cautiously investing back into the equity market for the last 3 years.

Have up until recently been focusing my investments primarily towards REITs and Property Stocks, however, it would appear that ship suddenly sailed away from the start of this year catapulting the unit prices across the New Zealand REIT basket from below Net Tangible Asset Ratio to well above it. Additionally, prior was getting yield of 7% pre-tax on that sector, however, this has completely sunk down to a mere 3% dividend yield. Will cease adding any more to that sector and will be cancelling all Dividend Reinvestment plans, I feel this sector is now largely over valued.

The only other near term opportunity I can identify is possibly in some stable higher yielding companies, both here and abroad for which there are still plenty.

That said, am keeping a close eye on the pulse of the global economy. I think regardless though. If and when the next crisis comes and in spite of any safe guards taken, I’m still going to be reamed in some way whether I like it or not.

TL;DR – Financial System no longer obeying usual economic fundamentals. Unprecedented Flood of liquidity sees us potentially on the cusp of a relentless rampant run up in Asset and equity prices. The bubble may be about to inflate even more and faster than it has in the recent past. If something of sufficient severity does managed to spook the market and snow ball, then expect blood on the streets.

But what will be the “Trigger”?

New Zealand Rooms of Matrix/Element.io Chat

Update: 23 July 2020 – Riot.IM is now Element.io

So far the known New Zealand specific chat groups (chat rooms) that exist within the Matrix chat federation include…

If there are others that you know of, feel free to advise me or post in the comments below.

If people are looking for a viable alternative for staying in contact with friends and family at home and abroad as opposed to using the common proprietary messaging systems (e.g. WhatsApp, Facebook Messenger, etc) operated by sole corporations. Then I implore people to start looking at the federation of matrix.org chat servers.

If you want to start chatting. Go to Element.io, sign up for a Matrix.org account and start joining rooms such as :matrix.org

Similar to how Email is structured, where Joe Bloggs at Hotmail can seamlessly Email his friend, Max Mustermann at Yahoo without needing to be with the same provider. The Matrix protocol is structured the same way for instant messaging and group chat. No one single company / provider has total control of the protocol.

If Joe Bloggs for example, doesn’t like Hotmail for what ever reason, he is able to choose to sign up to Gmail. Matrix.org is the same way, you have a choice of providers. You can even host your own node (like I do).

Like any project the onset, Matrix was pretty rough around the edges, but I feel the development of the system (being the Matrix Protocol together with the available client software) has now matured to a point where I feel Matrix/Element.io is now certainly very usable.

The reason why I favour Matrix over say Telegram, Signal, Slack, Zulip, Mattermost, Rocket Chat, is that Matrix is the only system where you can…

  • Self host a node of your own AND
  • Send messages to users on other servers (Federation) AND
  • Has a usable front end client (Being Element.io available for Windows, Android, iOS, Linux, and others)

 

New Zealand Rooms of Matrix/Element.io Chat