Archive for the ‘Geekery’ Category.

Thwarting Facebook Scammers: Use 2FA!

I wrote this on my mom’s Facebook account today:

Hi, this is Marlene’s son, Lee Sonko, writing on Marlene’s account. Someone broke into Marlene’s account a few weeks ago. If you got a friend request from “me”, please report that account as fraudulent and unfriend them!

They were amazingly sneaky. The only notice we got that something nefarious was happening was an email that Marlene’s password had changed. I’ve seen this before and the thieves plan was to let the account sit for 30 days with the new password and then lock Marlene out of her own account. A good friend of mine got completely locked out of her account forever with this scam!

Here’s what to do to make sure this doesn’t happen to you: Set up two-factor authentication for all your important apps. Just install the Authy app on your phone and then follow these instructions https://authy.com/guides/facebook/ Now you’ll need your phone when logging in with a new device. It’s not a bother and it will save you!

Also, don’t ignore odd emails from Facebook, like if they say your password has changed.

Here’s another message I was using

This is Marlene’s son, Lee writing from her account.

Recently you got a friend request ostensibly from Marlene but it isn’t her! It is someone pretending to be her! Could you please do a few things:

First, please report and unfriend that new, Bad Marlene . Go to this page: https://www.facebook.com/marlene.sonko.9 , and in the upper right corner just below “Friends and “Messege” click the “…” and click “Find support or report”. Please report this account!

Second, please make sure that all of your accounts have 2 factor authentication using an authentication app like Authy.com or Google Authenticator to secure your account! Here’s a pretty good video showing how to do this https://www.youtube.com/watch?v=vcKnAjTTXYg

My mom’s account got hacked even though we had just set up SMS-based 2-factor-authentication! It was a bother to set up the authentication app but it was WAY more of a bother to recover Marlene’s account from the bad people. Seriously.

Third, if you ever get an email from Facebook saying your password has changed, or you get locked out of Facebook for an unknown reason, don’t ignore the problem! You’ve got 30 days to undo problems or be locked out of your account FOREVER.

Sorry for such a long message. Best regards – Lee Sonko for my mom, Marlene.
PS Feel free to call my mom or me (I’m at xxx-xxx-xxxx) and verify all of this!

 

Here are some more details. I didn’t share all of this with all her friends on Facebook but it’s worth mentioning!

The thieves did a very elegant switch-a-roo! My mom only uses Facebook on her iphone. She reported that app had starting looking “weird”. We figured out that her login had been switched to a new, fake account! I didn’t have her phone in my hands but it was apparent that the thieves were able to log her in to the new, fake account that looked similar (maybe using the old login credentials, where they switched her legitimate account to using new credentials that we never had access to)

On this fake account, she could see her friends but not interact with them. Maybe what they did was something like this:

  • hack her legit account
  • create a fake account, Making friend requests to all of her Friends on her legit account
  • change the phone number and password on her legit account to something else
  • change the phone number and password on her fake account to her original credentials
  • (her iphone app magically switches to using the fake account)

 

Blargh.

Old School Nslookup Humor

For the adventurous among you.

Start nslookup. Set the server to hastur.rlyeh.net

then

> set querytype=txt
> set domain=adventure

and then:

> 1

Press enter and follow the interactive adventure!

 

No More Outgoing Email Spam Problems

Ok, I think I finally fixed it.

Since 2017, I’ve been having outgoing email spam problems. At one point, I’m sorry to say, malicious actors were sending 50,000 emails per day from @lee.org. I’ve been wrestling with the tools that stop stuff like that from happening. How did I finally fix it? Until last month, my email was hosted at Dreamhost.com and it forwarded to my free Gmail account. Now, it goes straight to a ($6/month) Google Workspace account.

I’ve only moved email over, not all the other google services but so far the move is successful.

Pluses:

  • I can send email and expect people to get it!
  • My spam folder is now seeing 10 spams/day instead of 100. I guess the paid account is smarter. Not having to wade through that crap monthly for the inevitable non-spam is well worth $6/month!

Minuses:

  • I’m now 1/2 in Gmail and 1/2 in Google Workspace and fixing that will take some more effort
  • Right now I’m keeping my contacts in Gmail (for my phone and Google Voice) and a not-often-updated copy in Google Workspace (for my email) :-(
  • Switching Calendar will be a bother since I’ve got like 20 shared calendars and fiddly defaults to set up.
  • Switching to Google Workspace Google Voice will be $10/month which I’m hesitant to do since it’s free right now
  • Migrating my 30k emails took 3 days and a learning curve but it’s done!
  • I’ll have to migrate my beloved Boomerang for Gmail manually
  • Setting up DKIM for my email wasn’t hard per se but took some thinking and clicking

 

 

Some tools to test the spamminess of your domain:

 

Moving Mail Hosting

After having a come-to-Jesus discussion with Dreamhost tech support (I said, “Pretty please help me fix this or I’m leaving.” They said, “It is unfixable Google Workspace might magically fix it”) I moved my gmail account to a paid Google Workspace account. The hope is that for $6/month, they’ll fix my intractable spam problem (whenever I send email to a new person from @Lee.org, it falls into their spam folder for unknown reasons). It’s kinda exciting seeing all my gmail email being migrated to my new account. All 62,000 emails going back to 2011! And I might just fold in my Outlook email going back to 2002 and my RFDMail and Eudora going back to 199-something!

(previously)

Spam and Spam

I’m still trying to make it so my emails from lee.org don’t fall into people’s spam folders. When I send email to new people it often goes to spam. I’ve checked headers carefully and it shouldn’t but gmail receivers see a notice “emails from lee.org have been spam in the past”. Ugh.

Dreamhost tech support suggested that I move my mail to Google Workspace. They have a 1 month free trial and it’s just $6/month/user. Maybe if it’s hosted locally, they will show more love for the domain. And there’s a bunch of tools available with the suite. Maybe I can go back to Dreamhost after a few months.

 

The data migration tool would only let me pull in the last year of gmail from my old gmail account. Bah! So I turned on the import feature in gmail and did it that way instead Go to admin.google.com | Apps | Google Workspace | Gmail | Setup | User Email Uploads. Set to “on” Then go into the new gmail account and go to Settings | Accounts and Import. Do the import!

 

Here are the tools I’m using to analyze email:

Google Postmaster Tools

Google Admin Toolbox

MXToolbox Monitoring

Google Admin for Workspace

IDrive Backup Doesn’t Recover Snapshots

Let’s say my computer was stolen today. I would want to recover a snapshot of my files from yesterday’s backup. As part of that, if a file of mine was deleted 5 days ago, I don’t want it in my snapshot. IDrive isn’t capable of that :-(

I spoke to 3 IDrive representatives over the past 3 weeks and they all admitted that this was not a feature of the system.

This is totally unacceptable because recovering from a lost/stolen computer is half the reason I pay for backups. I’m now shopping around for another backup system.

 

Here’s an example of IDrive failing at the task:

AGM Lead Acid Battery Charging

Just leaving this here for the 35 AH AGM lead-acid battery I use for my CPAP.

Charge State
13.5 full charge (2.25 per cell)
12.5 66%
11.5 33%
10.5 flat (1.75 per cell)

2.0 nominal voltage
2.4 full charge
2.25-2.30 float, don’t overfloat AGM!
1.75 flat
200 discharge cycles total
via Battery University

MPOW Bluetooth USB Dongle

Just got an MPOW Bluetooth USB Dongle, Model BH519A
It does Bluetooth 5.1. :-)

There’s no manual for it, just drivers on the XMPOW.com site

Mpow Flame Solo Wireless Bluetooth Eardbuds

I got a pair of Mpow Flame Solo Wireless Eardbuds, model BH503A recently. I’m really happy with them!

Here’s the Mpow Flame Solo User Manual

I did a comparison recently between them, Tozo T12, Jabra Evolve T65, and Anker Soundcore Spirit X, and these came out on top!

Main features:
— $40 inexpensive on Amazon
— They “just work”. It has taken a little effort to figure out how to switch between my now multiple audio-out options on my computer, that isn’t the fault of the earbuds. Syncing is easy, turning on and of is easy.
— audio quality for music is nearly as good as my wired earbuds, I use them for music and Zoom sessions a lot
— The over-the-ear design means they stay on my head and I don’t have to rely on squeezing the earpiece into my ear to stay on (like the Tozo T12)
— The volume and sound response (highs vs lows etc) is sometimes a little bit less than my wired earbuds. But, as Ultron said as he prepared to destroy earth, “I got no strings on me!”

Gmail SPF Softfail When Pulling Email in From Another Account via POP3

For a long while I’ve been forwarding my @Lee.org email to my Gmail account. One problem I’ve had is that some valid email falls into my Gmail spam folder. This is probably because those forwarded (actually, pulled via POP3) emails always softfail SPF in Gmail. It stands to reason since gmail isn’t lee.org. But ugh!

I’m tired of wading through my spam folder for obviously valid email!
I think the only way to fix this is to get a Google Workspace (formerly G-Suite) account and have Google host my mail fully. Does that sound right?