Friday, October 09, 2015

ASUS RT-AC66U Firmware 378.55 (Merlin) & setting up OpenVPN with Private Internet Access (PIA) and a ROKU Media player

I'm fairly late to the Netflix table but I knew early on that Canada was second to the US in terms of available shows(check out this Toronto Star Article). At the time of it's writing the US had just about double, 7202 titles compared to Canada's 3663.

I'm also a UFC fan and subscribe to UFC fight pass, their online streaming service. Last year UFC Fight Pass changed what I got content-wise from their service because the UFC had just signed a deal with TSN that prohibited Fight Pass from showing Prelims and other UFC TV offerings on the streaming service that were also being shown on television. If it happened to be shown on television, then UFC fight pass got "blacked out" in Canada (so you didn't "cut the cable" to encourage getting/keeping a cable subscription I guess). You needed Fight Pass AND a cable package featuring TSN in order to watch all the "free" TV UFC and Fight Pass events. The UFC was screwing over the paying subscribers of their streaming service by withholding UFC events that were also shown on TSN where "non-paying" UFC fans could watch them.

Thanks a lot. Even when we pay for stuff, we still manage to get screwed by cable companies we may or may not subscribe to.

In any event I had been using a VPN service for years, Private Internet Access(PIA) for my everyday surfing needs and wanted to extend it to my Netflix and UFC viewing to get around the annoying geoblocking. Everyone I know uses some sort of DNS-proxy based anti-geoblocking solution but I did not want to subscribe to a second service when I already had a perfectly good VPN service. The catch was that I do most of my media streaming on the main floor with a ROKU device which has zero OS customization (it has a great little remote, easy for the wife and kids to operate though). So how do you get a dumb closed device to use your VPN service? By telling your router to redirect it's IP to your VPN gateway.

Here's what you do.

You need to set up your router so that the OpenVPN client is known to it and then feed it an IP address of a device to have it go through the VPN and appear to come from somewhere else in the world like the good old U.S. of A. Here is a screen shot of my router's OPENVPN Clients tab.

In the "Server Address and Port" field you enter the location you are spoofing. I used
"us-east.privateinternetaccess.com" (no quotes)
along with port 1194. The port and the address need to match and you can find this info on PIA's site along with a full list of locations under the "Regional gateways" section in the bottom left.

https://www.privateinternetaccess.com/pages/client-support/

Enter your PIA userid and password as shown and in the "Redirect Internet traffic" section choose "Policy Rules" in the dropdown and this opens up a section where you can enter the IP address of the device you wish to use with the VPN. In the destination IP just put 0.0.0.0. (I'm using a ROKU media player).

I'm using the following in the "Custom Commands" section:

tls-client
remote-cert-tls server
reneg-sec 0
verb 4
comp-lzo

In the "Authorization Mode"  field I have it set to "TLS" and clicking on "Content modification of Keys & Certificates" brings up a page where you can enter the following cert in the "Certificate Authority" section. 


-----BEGIN CERTIFICATE-----
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
-----END CERTIFICATE-----



And that does it. If you are in Canada like I am fire up NETFLIX on the device you just made use the VPN and look for "Sons of Anarchy" or "30 rock" or any of the other 3000 some offerings not available in the great white north to see if it is working.

I don't feel too bad because it's a service we're paying for and it is the same as if you brought your IPAD with a netflix app across the border and fired it up in a Dunkin Donuts in Maccina or something. Plus the UFC Canada crap burns my ass almost enough to vote with my feet and cancel the service. At least this way I feel better about giving them my $10 a month. 

Wednesday, August 19, 2015

People who watch videos on their phone full blast with no headphones 3 feet away from me are idiots.

Is this a new "I have no self awareness" thing? People watching videos on their phones at full volume when waiting in line at the grocery store, subway, or sitting by themselves at a table in a half empty cafeteria while they are 3-4 feet away from someone like me?


GET HEADPHONES YOU FREAKS!

I'm going to do something embarrassing the next time someone does that near me.

"What are we watching? Ohh. old hockey fights? John Leclair and the Legion of Doom? Fascinating"

"So you missed the Video Music Awards live eh? How awesome. Is Justin Bieber presenting?"

 "So the subway guy that used to be fat's a pedophile? I guess it's important to catch up on current events like that in line at the express lane at the IGA."

"That sounds like a fascinating Japanese Anime. I especially love the pumping Japanese glam metal soundtrack. It's so helping me choose my sub's condiments..."

(To the stranger in the cafeteria after I pull up a chair and sit down beside him)
"Can you turn that shit up? What are we watching?"

Saturday, May 09, 2015

The Water Heater Fiasco 2015

Looking at the bright side, at least we have our health and food to eat no one is dropping bombs on us! Problems you can fix by throwing money at them and enduring a minor period of inconvenience
is not the worst thing that can happen to you.

Sometime back in February I was looking at my gas bill and was again bothered by the $25 water heater rental charge. Direct Energy (or whatever they are called now) were certainly getting the better end of that deal because the tank had never caused me any problems and was 17 years old. Thinking that $300 a year might be better spend elsewhere I went about getting a quote on getting my own water heater installed. I researched tank-less and rejected it due to cost and was quoted $1400 (they had to add some new piping to bring stuff up to code) on a 50 gallon old fashioned kind. Since 5 years of rental was $1500 and the new tank after install was $1400 I figured in less than 5 years it will have "been paid", and everything after that was savings.

The guys came on a Sunday with a 60 gallon by mistake (no extra charge). The install did not go well though and the guys ran out of time and had to come back the next day to finish. They took away the old heater as part of the deal to return it to depot. We had no hot water for most of Sunday and Monday. I had no idea what a first world problem pain that was. Clothes washer, dish washer, showers, baths, even washing your face with hot water, not an option.

They came back on Monday, finished up, even knocked $100 off the price for the extra delay and everything was peachy! There was an issue with my Direct Energy bill afterwards though. The water heater rental has yet to come off . There is an order of operations to taking our tank back, you need a number FIRST then you bring it back, my guy brought it back and I got a number later, so,, yeah. They tell me it takes several cycles to catch up. They say the 4th bill should do it so I've paid $100 in rental charges for a tank I don't have ;-)

Fast forward to today when the clothes washer upstairs malfunctioned and decided to drop several gallons of water on the floor which ran down the nearest vent which happened to exit above the water heater in the basement and give it a bath.The water did not seem to do any damage to anything else and quickly found it's way down the drain.

Later that evening when we ran out of hot water it was apparent that the water heater was not working. Upon close inspection the thing looks FRIED! The GAS Control Valve LED's don't light up and the blower assembly took a good douse. There was a ring of water inside the tank and this started to rust the open bottom lip of the tank.

So now I'm at that place I've been too so many times before. Do I pay for trial and error repairs to get the stupid thing fixed and have it break again or just assume the whole thing is suspect and look at replacing it whole. Just like my stupid lemon of a Jandy Pool heater, my crappy Bosch dishwasher, and Fridge which have all eaten $1000 in repairs and just got chucked out soon after. Repair people stink these days and don't even try to find the issue and just replace over-priced parts at random. When's the last time you saw someone get a multi-meter out and try and trace a fault?

Bloody hell. I'm going to call Direct Energy tomorrow and get them to install a new rental tank (again). $1300 down the toilet.

To top it off, the Dishwasher is making chewing sounds, I called up the service guys today. It came off warranty a week and a half ago, end of April 2015. There's usually a third bad thing that happens at times like this, we'll wait to see.

Morale of the story, If it ain't broke, don't fix it. When you try to save money, it sometimes ends up costing more &^$%$#*^^!



test

bla blka

Monday, January 19, 2015

Bring back the Death Penalty for people who code Browser Hijacks and web popups.


This is what we should do to any web developer that spends one millisecond of their time coding web/blog/browser hijack code. I would add a sign under each body saying "I wrote the Media Player Update" popup, or "I wrote the "Possible Privacy Breach" popup, or I wrote the "Talk to a technician in Czechoslovakia" popup. Life imprisonment would be treating them too good. Bring back the Death penalty....

Who's with me? Grab your torch and pitchfork!






Friday, January 16, 2015

The luggage incident...

Last Sunday my wife was away all day Scrap-Booking. My youngest had a play date and later that afternoon, when the other parent came by to pick up their kid, my daughter asks:

"Where's Mom?"
"She's scrapbooking." I said.
"Then why did she have luggage with her?" She asks...
(This is in front of the picking up parent)
"That's not luggage, those are scrapbooking totes, they look like luggage." I explain.
"I know what the other things are, she had luggage!" She insisted.
(The other parent is looking around wondering how quick he can pick up his kid and get out of there)
"They're totes, don't worry about it, say good bye to your Freind.." I say.

They leave and I think, wow, he must think we're getting a divorce (grin).... That's funny, I'll have to tell Julie..

Later on in the week, I see the other parent while we were picking up the kids after school and he looks at me and gives me that thumbs up "Is everything ok?" look but I didn't remember the Sunday thing and had no idea why he was looking at me like that so I gave him a weird look and he kinda nodded at me knowingly.. Dammit, he thinks I have marital problems (grin)..

So today I run into him and he kinda looks away as we pass in the hall (doesn't want to make me feel bad(grin) and it hits me..

Last Saturday night my wife came home with new luggage she had just bought as a gift. It was her best Freind's birthday and she was also booked to go down south and the luggage was a birthday present my wife was going to give her at the scrapbook thing. I helped her figure out how to get into the TSA locking mechanism that night and totally forgot about it. SHE DID HAVE LUGGAGE!

So my kid had it right all along. Now how do I go about explaining this to my kid's freind's parents so  they'll let her come over on future play dates(grin)...

No one wants their kid over at someone's house in the midst of a messy separation.. Oh well.. Let the rumour mill fly.. Damned luggage..

Tuesday, January 13, 2015

Blogspot www.adcash.com Hijack/Redirect www.freecounterstat.com sucks!

Thought I'd make a post since I was unable to find key words to point me to a quick fix to the problem and had to fix it myself the hard way. A few weeks ago my wife mentioned that visitors to her blogspot/blogger blog had contacted her mentioning that they were getting served random popups to a variety of crap sites. Some sites wanted to install viewer software, others just wanted to sell you crap, make you watch videos. Make you clickity click everywhere.. etc..

It would only do it once per visit per day, which meant when it happened and she told me about it, I asked her to repeat the steps to recreate the behavior and it would not do it again. How annoying is that? I'm used to Personal Computers and servers behaving in my presence because they are deathly afraid of me (as they should be) and flaking out when I leave the room but eventually I actually saw it happen with my own eyes.

Whatever it was wrote a local cookie, same name as the blog itself and deleting/blocking access to these would make the redirect fire each and every time Which made it easier to troubleshoot.

The sites were a multitude random crappy click generators. It was all starting with the site www.adcash.com. It would go here to find the random re-direct of the day:


offer.alibaba.com
lp.freegameszonetab.com
www.roblox.com
lp.bigfarm.goodgamestudios.com
www.binaryoptionsbrands.com
binaryoptionsbrands.com







So many of which it became impossible to research the problem from the back-end, like, "Hey I get re-directed once a day to this site (and this one the next day, and this one, and this one..) so you can't look up any info that way, it's a buckshot of annoying websites and the info is safe in the forest of keyword website crap. Any hits that did come up also only pointed to PC malware cleanups which was not the issue in this case. All the PC's at home are pretty well-protected with MS Security Essentials, Spybot Search and Destroy, etc.. This was a problem with the Blog itself. Had it been hacked? How was that possible? Can clicking on a bad popup while logged into your Google account (which we always are) write malicious code? Unlikely. That's a lot of clicks and not easily scrip-table.

I looked through the Blog template (3000 lines) and found an odd entry in an unimportant place in the layout. It was a 200 character nonsense string with a "Base64" function in front of it. This is handy for turning cleartext into gobbledygook when trying to hide stuff from people. You have some nasty commands you want to hide, you convert the string to base64 and tell the template to decode it on the fly. I popped it into a BASE64 decoder and saw cleartext and that it was calling some binary code. Out it came.

Didn't fix it. Not sure what is was. Next.. Time to get out Wire Shark and start looking at packets or process monitor and look for the needle in the haystack.. But wait!

Turns out the site I found the BASE64 decoder on was chocked full of info. It was http://aw-snap.info/articles/redirects.php. Not only did it go over the BASE64 thing but a host of other nasty tricks. They had a Blogger Tool you could plug your blogspot blog into and it would check it (tried it but no luck).

In fact there was not a lot of issues on the Blogspot/Blogger front apart from some kuno​ichi gadget issues. I figured removing javascript blocks one at a time was a good shortcut to try, so in a fit of brute force and ignorance I backed up the Blog template again, documented the layout and started removing HTML Javascript widgets. Damned if it wasn't the second one causing all the fuss. It was a visit counter from www.freecounterstat.com (counter2.statcounterfree.com to be exact) and this was the thing writing the cookies and calling the ajax random malware page popup generator.

This is a free 3rd party visitor counter java script that my wife found somewhere that looked pretty and she put it on her blog where it counted away for years until a few weeks ago. 

Brute force and ignorance. It was only after I found out it was the culprit and researching www.freecounterstat.com that I stumbled across that website keyword in this article that described the same issue we were having. Crazy thing about that story is that the author contacted the makers of the script and they replied back with "

Hi,
I turn off popup on your account
chris
GREAT! Thanks Chris.. Were they hacked or is this something they randomly turn on for sets of clients to generate click revenue for their free tool? I vote for the latter. 

Don't use scripts from www.freecounterstat.com. Malware sucks. 

Along the way I learned about Scriptsafe, a google chrome extension that stops scripts from running on web pages you can set to trust or distrusted. Worth checking out...