Computing

Moved from Google Keep to Joplin for note keeping

Fergus YoungLeave a comment

Have moved from Google Keep to Joplin.

Screenshot from Joplin’s Linux client.

Only draw back I can see is there is no Web based UI to the thing. Have to use the native platform specific Joplin apps.

Installed Joplin client on Ubuntu 22.04 using this command line.

wget -O - https://raw.githubusercontent.com/laurent22/joplin/dev/Joplin_install_and_update.sh | bash

However, found that Joplin (after double clicking it’s short cut icon) refused to launch. So had to run these commands to lay down something called libfuse2

sudo add-apt-repository universe
sudo apt install libfuse2

…and then tried again, it launched after quite a few seconds.

Set up the path to my Joplin directory on my NextCloud installation.

https://[YOUR_SNAP_NEXTCLOUD_SERVER]/remote.php/webdav/Joplin

As for actually migrating your Google Keep Notes to Joplin, it’s a bit of a long winded process. Check here for some potential methods.

Moved from Google Keep to Joplin for note keeping

BAN 1366×768 Screens 😛

Fergus Young1 Comment

In the year 2022, Why on earth do New mid-range and better Laptops fitted with a 15.6 inch 1366×768 resolution screen still even exist?

Something tongue in cheek… In the guise of certain people in New Zealand advocating banning 1080 poison by way of “BAN 1080” signage and scrawls particularly in parts of rural New Zealand, I propose a new movement for the more tech inclined among us: BAN 1080  768, Demand 1080 (minimum)… 😛

“768” being the vertical resolution on laptops screens I’m railing against (which is not tongue in cheek). The majority, if not all laptops with a screen size of 14 inches or larger should have at least a screen resolution of 1920 x 1080. No laptop with a screen 14 inches or larger on a medium spec (AMD Ryzen 5, Intel i5) or better laptop should ever be sold new with a mere 1366 x 768 resolution screen in the year 2022. Continue reading “BAN 1366×768 Screens 😛”

BAN 1366×768 Screens 😛

Security Warning – Click Hijack investigation

Fergus Young3 Comments

Investigations so far suggest that there is some type of conditional redirect exploit/hijack being planted on many WordPress websites redirecting search engine referred visitors to fake award/survey sites such as “moviesuddenvalley”“applefacetook”, “hurryexpectsugar”, “mouthtroubleask”, “ondiesmall”, “thendownmeat”, “makemodernfive”, “sayhitome”, “whateyeweight” among several others typically ending in a “.live” or “.top” address. While this Hijack, as far as I have seen appear to predominantly affect some WordPress websites, I wouldn’t be surprised to learn that this possibly affects other types of websites as well.

In my experience, for sites that are affected, to replicate…
(These most certainly could differ depending on the site affected)

  1. Prerequisites…
    • Needs to be done from an IP address that has yet to access the site in question. (e.g Mobile Data Connection, activate and deactivate airplane mode to get a new IP address)
    • Chrome or Firefox browser (Win 10 or Android) in Incognito Mode (No plugins). Reportedly in other variations of the exploit, it only occurs on Safari under iOS
  2. Search for the site in Google search
  3. Click on the search result that points to the website. Instead of loading up the website as expected, you get redirected to a hijack site.

The hijack will not fire If you access the site directly (via bookmarks or typing the address directly in the address bar of your browser). This appears to be some conditional exploit based on visitors coming from Search Engines. (e.g by typing the site URL directly into the Address bar, you won’t get redirected) and it looks like it will only fire once per IP Address each week (resets at the start of each week).

I probably should add that many so called WordPress vulnerability scanners online I’ve discovered aren’t even set up to detected this sort of hijack. The scanners based on “Securi” certainly will not detect this exploit, I’ve found.

Other resources…

Original Post (Old):
Noticing some apparent weird intermittent redirect hijack on the general web where some sites are allegedly redirecting to some dodgy website with names such as “mouthtroubleask”

Update – 2020-09-11T06:55:00+12:00: Added steps to replicate (from my own experience)

Update – 2020-09-12T18:20:00+12:00: Added note to mention that all of the online WordPress malware scanners I’ve tried won’t detect this sort of hijack.

 

 

Security Warning – Click Hijack investigation

Pi-Hole on a Raspberry Pi 4

Fergus YoungLeave a comment

Experimented with running Pi-hole on the Raspberry Pi 4 that I have.

5 Minutes in, Pi-Hole showing how tragically ad ridden the modern web has become.

The Set up at least for the more tech inclined is very easy, all you had to do was launch a command line prompt and type this command…

curl -sSL https://install.pi-hole.net | bash

After running it for an evening. Thoughts and findings so far…

  • Predominantly Does a DNS level block with a blocklist of known advertisement serving IP addresses.
  • YouTube is a moving target whereby ads are served from youtube.com itself and therefore very difficult to (completely) block with Pi-Hole.
  • Mobile devices with Ad laden apps will perhaps see the greatest reduction in ads.
  • The default configuration doesn’t block nearly as many ads as say uBlock Origin installed on Desktop Firefox. This is not a replacement to having Client side ad blocking.

Curiously noticed these appearing in the query-log…

  • www.collab.apps.mil
  • www.gov.teams.microsoft.us
  • www.dod.teams.microsoft.us

Why would Teams try and poll for these addresses is beyond me. It does raise a sufficient level of curiosity that I will be checking this out.

 

Pi-Hole on a Raspberry Pi 4