Has the enhance function in your Microsoft Photos App stopped working? It did for me for a few months. How did I fix it? Well, let’s take a look at why it might have stopped working.

1. There was a bug.

And if so, a Windows Update might come along later to fix it.

2. Your Photos app destroyed itself.

If so, you have to reset or reinstall the app. Try re-registering it first with PowerShell.

Get-AppxPackage -allusers Microsoft.Windows.Photos | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

And if it doesn’t work, uninstall and reinstall using PowerShell.

get-appxpackage Microsoft.Windows.Photos | remove-appxpackage

Get-AppxPackage -allusers Microsoft.Windows.Photos | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”

3. You need the Photos Media Engine package.

This is the one that worked for me. Go to the Microsoft Store and install the app. Here is the link: https://www.microsoft.com/en-us/p/photos-media-engine-add-on/9plk42wd0rc0

References:

  1. Microsoft Answers
  2. Microsoft Answers
  3. WinBuzzer

Security@Georgeliu.me

Sometimes people make mistakes. Sometimes they make very expensive mistakes.

I made a mistake last year, when I was busy trying to secure my home. Apparently, some guys broke into a girl’s apartment nearby and stole a lot of money.

So I bought a VimTag camera. But hey, at least it wasn’t a Porche, right?

Here’s why VimTag cameras are mistakes:

1. Weak security.

There are guys out there talking about how they can telnet in with no password required.

The telnet protocol is usually run on port 23, but this device is running it on port 8600 as a ‘security’ measure. He’s saying all you have to run to get root access is: telnet target-ip-address 8600

From Reddit

People on Amazon are claiming their networks were hacked after installing a VimTag.

I called tried to change my wifi password and someone had already done so. They also changed my device access code for the router. I factory reset and within minute it had been changed again. Now my net is disconnected, pending replacement of my router for security reasons.

Why Amazon sells a product with known security risks speaks volumes about their priorities to me. I thought people were being paranoid, but turns out exactly what they warned about happened to me within a day. DO NOT USE THIS PRODUCT. So shady… I now have the pleasure of resetting all my passwords and info and not having access to the net for several days while I clean up this mess. I only hope there are no other precautions I’m missing that will pop up later… Ugh..

From Amazon

2. Iffy security.

I monitored some of the data from the camera. It was going to servers in Turkey as well as in China. I understand China, but why Turkey?

17.253.54.253
ISP Apple Inc.
Usage Type Commercial
Hostname defra1-ntp-002.aaplimg.com
Domain Name apple.com

54.153.82.107
ISP Amazon Technologies Inc.
Usage Type Data Center/Web Hosting/Transit
Hostname ec2-54-153-82-107.us-west-1.compute.amazonaws.com
Domain Name amazon.com

46.45.138.218
ISP Radore Veri Merkezi Hizmetleri A.S.
Usage Type Data Center/Web Hosting/Transit
Domain Name turkrdns.com

210.72.145.44
ISP China Science and Technology Network
Usage Type Fixed Line ISP
Domain Name cstnet.net.cn

From AbuseIPDB

3. No security.

After further testing, I found that most of the communication between the app and the back-end occurred in cleartext (no HTTPS). Actions that used unencrypted communications included registering a camera to my account, adjusting settings, formatting the SD card, accessing stored audio or video, and initiating the recording of audio or video. When I went to view the network settings, their backend server sent to my device a list of SSIDs for all the wireless networks in the camera’s proximity. A team of researchers found that using only SSID, they could locate a device within 13-to-40 meters. The server also sent the WPA2 key for the network to which it was connected meaning that not only is the key visible to any attacker, it’s stored on the server and easily recoverable.

From NowSecure

4. They are insecure liars.

I left it connected and there were multiple connections going to and from the camera. I also noticed that it was scanning the network with PING requests. I have attached a WireShark Packet capture from start to finish of the setup of the camera. The 172.16.74.0/24 network is my private LAN and the 192.168.137.0/24 is the AP that I was running off my laptop, .1 being the laptop/GW.

I will also add that if you try to run a port scan on the camera it renders it completely DOA and will not restart. I did this using Zenmap on my PC and the camera is now DOA. The paranoid part of me suspects this is to prevent seeing what it’s doing and has open. The other part of me just chalks this up to poor firmware/software on the device.

That being said I just wanted to put a quick post out there in case someone else was thinking about getting these cameras. They also do NOT work with any standard IP cam applications or DVR software, this means no RTSP or ONVIF support.

From TimothyHogland

5. They are really liars.

Their website states:

Network specs

Wireless Network
WiFi (IEEE802.11b/g/n)

Ethernet
10/100Mbps RJ-45 interface

Protocols
TCP/IP, UDP/IP, HTTP, DCHP, RTSP, RTMP, MUTP

IP address
Static IP address and dynamic IP address

From VimTagUSA

In actuality? If you pay them money, you can connect to their private cloud. There is no RTSP or RTMP support, which is necessary for 3rd party apps to connect to your camera. Nothing else works. You pay for their stuff, or it doesn’t work. Not to mention it’s incredibly slow.

6. Their customer support is worse than bad.

After I wrote a bad Amazon review with all the information contained here, they sent me this reply:

Vimtag server is all over the world. What you said is just your own opinion and it’s Incorrect.
You don’t know exactly how the camera work.
We will contact you via email.
Maybe you hate Chinese goods,right? Our maker not only in China, the United States,United Kingdom,and Italy also have Vimtag Company.
Best Regards
Vimtag Team

If I hated Chinese goods, why did I buy one? Well, OK, I seriously have a much lower opinion of Chinese goods after this mistake. And they didn’t email me in the end.

Well, OK. Maybe I’m just hating on them so much because the camera was expensive, but it was slow, not useful, and really not good. And…

7.They are liars, again.

Fakespot Review Grade: F

Our analysis detected 80.0% low quality reviews

From FakeSpot

Future Steps

Seriously, don’t buy this thing. I bought one and it was a huge mistake, not to mention a security risk.

After that, I bought an Amcrest camera, which emails snapshots to me and takes video, no cloud subscription required, for the same price. Even has notification zones. I wanted to buy stuff with facial recognition and the like, from good brands like Ring or Orbi or whatever, but those are expensive and almost require a cloud subscription. My Amcrest connects to my NAS and can send me snapshots when there’s movement. Although it has a lot of bugs that require resetting the device at times, which was a pain, too. Cheap Chinese goods, eh?

But I have the VimTag, so I’m looking to hack into it through telnet and have it send any images it takes to a cloud server. More info here: JumpESPJump

How do you export an Outlook calendar to a .ics file for use with other calendar services? Outlook.com doesn’t make it easy, but the correct link for this as of July 2018 is this: https://outlook.live.com/owa/?path=/options/calendarpublishing

Click on Options > Calendar > Shared Calendars > Calendar Publishing, select the right calendar, and then Create a link for sharing. The .ics format will appear.

 

Outlook.com Calendar to .ICS file

 

Don’t forget that it’s also possible to download ICS files from iCloud through the web by replacing the publicly available webcal:// address with a standard https:// and then by adding an .ics at the end of the resulting downloaded file.

A few days ago, I got a really nice message from someone. It’s nice to know that someone benefits from what I do. And apparently, I had almost 400 hits on this site in December, according to WordPress! Fun stuff.
Apparently, I need to get my comments working again. If you want to contact me, use the email form for now and tell me to get the comments up!
Also, a good tip from my reader:
Thanks for you Fail2ban & postfix article at georgeliu.me – Fail2Ban and PostFix Mail.Warn Error | George Liu It helped a lot.

Just a note that you should not edit jail.conf as it will be overwritten in an update. Instead edit either jail.local or if it exists in your distro (Ubuntu) paths-overrides.local

Google Sites’ update put me in a bad situation. I’m pretty busy as is, but the new Sites doesn’t fit my needs as well as I would like. Not to mention that the old Sites was slow and unresponsive. So I find myself in the position of moving a Google Sites-based site to my WordPress server–or rather, remaking the site with new customizations.

I chose the default 2017 WordPress theme because it looks professional. I used the Quest them and other themes for other sites, but this theme seems customizable enough for my needs.

And yet, that brings a few problems.

Number 1: I need a sidebar.

Presto, there’s a plugin (here, thanks [email protected] Institute) to restore the lost sidebar! However:

Is it possible to move sidebar to the left?

Not with this plugin, it simply adds the Blog Sidebar to all pages.

Onto problem 2!

Problem 2: The sidebar is on the right.

Presto! Someone has already fixed that (here, thanks [email protected]!).

 @media screen and (min-width: 48em) {
 .has-sidebar #secondary {
 float: left;
 }
 .has-sidebar #primary {
 float: right;
 }
 .has-sidebar:not(.error404) #primary {
 float: right;
 }
 }

But then, the sidebar is really big!

Problem 3: The sidebar is really big!

Someone has already fixed that, too (here, thanks [email protected])!

#primary {
width: 70% !important;
}

*** 3rd — decrease right sidebar width ***

.has-sidebar #secondary {
width: 26% !important;
}

Well, the content is still not wide enough.

Problem 4: The default “full-width” is not full-width enough.

Presto, there’s CSS to fix that (here, thanks [email protected] !

.wrap {
    /* margin-left: auto; */
    /* margin-right: auto; */
    max-width: 100%;
    /* padding-left: 2em; */
    /* padding-right: 2em; */
}
 
@media screen and (min-width: 48em) {
    .wrap {
        max-width: 100%;
        /* padding-left: 3em; */
        /* padding-right: 3em; */
    }
}
 
.page.page-one-column:not(.twentyseventeen-front-page) #primary {
    /*margin-left: auto;*/
    /*margin-right: auto;*/
    max-width: 100%;
}

@media screen and (min-width: 30em) {
    .page-one-column .panel-content .wrap
    {
        max-width: 100%;
    }
}

Solution (My Edits):

.site-info { display: none; }

.wrap {
/* margin-left: auto; */
/* margin-right: auto; */
max-width: 90%;
/* padding-left: 2em; */
/* padding-right: 2em; */
}

@media screen and (min-width: 48em) {
.wrap {
max-width: 90%;
/* padding-left: 3em; */
/* padding-right: 3em; */
}
}

.page.page-one-column:not(.twentyseventeen-front-page) #primary {
/*margin-left: auto;*/
/*margin-right: auto;*/
max-width: 90%;
}

@media screen and (min-width: 30em) {
.page-one-column .panel-content .wrap
{
max-width: 90%;
}
}

@media screen and (min-width: 48em) {
.has-sidebar #secondary {
float: left;
width: 15% !important;
}
.has-sidebar #primary {
float: right;
width: 80% !important;
}
.has-sidebar:not(.error404) #primary {
float: right;
width: 80% !important;
}
}

#comments {
display: none !important;
}

Other fun stuff

See JimmyKnoll.

White space issues

See WP.org.

Remove “Powered by WordPress”

From WordPress.org

.site-info { display: none; }

I coerced myself into adminning a Windows XP for a relative, and when I started scanning it, I found a huge load of viruses and RATs. Wow. There was even something in the MBR. This gave me a lot of problem, because I now had to restore the MBR to get rid of the trojan.

How to do this? There is actually a great free tool here: Ambience.sk. It’s a lifesaver for Windows XP, which I am glad I don’t have to admin anymore.

There’s an alternative way to get data for the XP install from Microsoft.

As I build more and more Pi-based systems, I find the need to add management scripts for accessing SSH, OpenVPN, and all kinds of other tools. This leads me to version 4 of the CloudFlare Dynamic DNS AutoIP updater script. It’s now hosted on GitHub.

Pulling off of GitHub:


Cloudflare-Subdomain-AutoIP-Updater

Create a private Dynamic DNS using the CloudFlare API with this script.

If you have a domain registered at CloudFlare, you can use this script to update the IP of the subdomain with a specific computer. The computer will get its IP address and send the information to CloudFlare using the API.

This script creates 3 files:

  1. an initializing script that creates and runs everything: cf_ip_script_creator.sh
  2. a script that gets all the CF details from you: cf_ip_updater_creator.sh
  3. a script that updates the subdomain IP address: cf_ip_updater.sh

Put the 3rd script (cf_ip_updater.sh) into a cron job to run every 5 or 15 minutes or so so that you can use access your system anywhere.

  sudo crontab -e
  
  */10 * * * *  nice -n 16 /home/scripts/cf_ip_updater.sh

Potential uses:

  • log into your computer anytime with SSH
  • run a portable OpenVPN server
  • keep your blog server private by using CloudFlare caching
  • whatever you can think of

Some potential issues:

  • if you fail to successfully run the script, the cat commands that append text to existing commands will force you to delete the create scripts (cf_ip_updater.sh, cf_ip_updater_creator.sh) before you run the initializing script (cf_ip_script_creator.sh) again.

You need the following information:

  • FULLDOMAIN cloudflare.com (your registered domain name)
  • SUBDOMAIN web.cloudflare.com (your subdomain linked to your system’s IP address)
  • EMAIL [email protected] (your account name)
  • KEY 9a7806061c88ada191ed06f989cc3dac (your CloudFlare API key details)
  • FILEPATH /home/path (where you want the script to be)

How to run:

  wget https://raw.githubusercontent.com/tgmgroup/Cloudflare-Subdomain-AutoIP-Updater/master/cf_ip_script_creator.sh
  chmod +X cf_ip_script_creator.sh
  sudo bash cf_ip_script_creator.sh

Dependencies:

  • The jq command requires the jq package (sudo apt install jq)
  • The dig command requires dnsutils (Debian) or bind-utils (Cent-OS) (sudo apt install dnsutils)

Read more at:

Gitter is an interesting Slack-like alternative that I tried using recently. (I’m also looking into Samepage and Padlet for work).

I tried embedding a Gitter room into my page, but it didn’t work well. I kept getting a “RangeError: Maximum call stack size exceeded” message and a bunch of javascript errors.

 

Why does this happen? Well, it’s pretty simple, yet dumbfounding. When specifying the Gitter room, you can’t just embed a channel (TGMGroup); you have to embed a specific room (TGMGroup/Lobby).

 

Here’s code for an embedded iframe:

<iframe src="https://gitter.im/CHANNEL/ROOM_NAME" width="100%" height="500">

or for a WP iframe embed, use the WP iframe plugin and replace the <> with [].

Use the WP Code Embed plugin for the SideCar open-button-and-get-a-gitter-client-in-the-side-of-your-website feature with the code:

<script>
  ((window.gitter = {}).chat = {}).options = {
    room: 'CHANNEL/ROOM_NAME'
  };
</script>
<script src="https://sidecar.gitter.im/dist/sidecar.v1.js" async defer></script>

Sources: Gitter, Unknown

 

Apt is the newest alternative to Apt-Get and comes with a variety of improvements. As such, it is the suggested default for Ubuntu and other distributions. Here are some of the equivalent commands for Apt and Apt-Get.

APT Commands APT-GET Commands Description
apt update apt-get update Update source lists and package cache
 apt -y COMMAND apt-get -y –force-yes COMMAND Force yes
sudo DEBIAN_FRONTEND=noninteractive apt-get -y COMMAND Force yes and without user interaction
apt upgrade apt-get upgrade Upgrade packages
apt full-upgrade apt-get dist-upgrade Upgrade system OS
apt install package XXX apt-get install package XXX Install package
apt remove package XXX apt-get remove package XXX Remove package (leaves configuration files)
apt purge package XXX apt-get purge package XXX Remove package and configuration files
apt autoremove XXX apt-get autoremove XXX Remove package and unnecessary dependencies
apt autoremove –purge apt-get autoremove –purge Remove packages, configurations, and unnecessary dependencies
apt –reinstall install XXX apt-get install –reinstall         XXX Reinstall packages
apt-get check Check for broken dependencies
apt-get -f install Fix broken dependencies
apt clean apt-get clean Remove all packages from package cache
apt autoclean apt-get autoclean Remove packages for uninstalled programs from package cache
apt search XXX apt-cache search XXX Search package cache for XXX
apt show XXX apt-cache show XXX
apt list –installed dpkg –get-selections | grep -v deinstall List installed packages
apt list –installed dpkg -l List installed packages
apt edit-sources echo ‘new line of text’ | sudo tee -a /etc/apt/sources.list Add a new package source
apt edit-sources sudo nano /etc/apt/sources.list Add a new package source
apt depends XXX apt-cache XXX Find package dependencies (packages that XXX needs)
apt rdepends XXX apt-rdepends XXX Find reverse dependencies (packages that need XXX)
apt policy XXX  apt-cache policy XXX Set package update policy
apt held  dpkg –get-selections | grep hold List packages with prevented ugprades
apt hold XXX echo XXX hold | sudo dpkg –set-selections Prevent upgrade of package
apt unhold XXX echo XXX install | sudo dpkg –set-selections Remove hold on package upgrade
apt list –upgradable (sudo not required) apt-get -u upgrade –assume-no (sudo required) List upgradeable packages
aptitude show XXX Get package description
apt-cache show XXX
dpkg -p XXX Get package description
aptitude why XXX Detail packages dependent on XXX
dpkg -S

 

Searches for package dependent containing XXX filename

Sources: