Author Archives: zephyr

Who is keeping your Android company?

Android Vulnerability, BlueFrag

Let’s start with BlueFrag

This is a critical security issue allows a malicious entity to silently log onto your phone via bluetooth . “This vulnerability can lead to theft of personal data and could potentially be used to spread malware ” (TechSecurity, 2020). This vulnerability affects Android versions 4.2, 6.0.1, 7.0 and 8.0. If you are on a version that is older than 3 years you will not receive any security patches from Google.

How to reduce the risk of a BlueFrag vulnerability on older versions .

Since there aren’t any software patches what you can do is to keep your bluetooth connection turned off when not in use and not to make your phone is not discoverable via bluetooth.

The danger of running unsupported Android OS versions is high.

The current Android version is 10 but there are a lot of phones (millions!) running older versions which are no longer supported by Android and hence not patched for vulnerabilities. I have a phone with such an older android operating system v4.2 KitKat) and I am sure it has been hacked and the apps infected by malware. It has come to my attention many apps on it have every permission under the sun and even if you force stop them, they restart on reboot. BlueFrag is just one vulnerability. There are a host of malware apps that can be downloaded from the Google’s PlayStore including ones that can steal payments information and other personal information. To my mind Google takes a flexible view on security policy when it comes to safeguarding users’ personal data. Google have only committed to 3 year support plan for each version release. So you should consider this if you are in the market for a second hand phone.

What’s to be done if you are on a older OS?

Ditch phones with older versions. Personally I wouldn’t run anything older that v6.0 (Marshmellow) which has more strict settings to what permissions an app is granted. On v6.0 apps have to be granted permissions explicitly by the user to access sub systems on your phone. Of’course this requires knowledge by the user to know which permissions to allow or deny an app when prompted.

If you have the ability you can use ADB (Android Debug Bridge ) utility to remove bloatware apps from your phone and generally manage what is on your phone, in a better way.

More is less.

Be very careful with which apps you install. Just because an app (application) is available from Google Play for download does not mean that it is secure or that it will be secure in the future. Carefully check which permissions an app is requesting and has been granted. See this in your Settings -→ Apps.

Good luck everyone – remember to think twice 🙂

References:

https://techsecurity.news/2020/02/bluefrag-critical-bluetooth-vulnerability-in-android-cve-2020-0022/

thtps://www.cvedetails.com/vulnerability-list.php?vendor_id=1224&product_id=19997&version_id=188440&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=772&sha=cc989d75eb9a930c55694358f687a94f77858134h

GoAccess -a fab tool for quick Web Analysis on Linux

I was looking for linux Web Analysis tools and came across GoAccess. I found it’s recommended on a cybercitibiz site (Gite,2021).

On Linux Ubuntu 18.04 you can install it from the debian repository. Open Terminal and type

sudo install goaccess

This will run the install script and install goaccess on your system. To get help type

goaccess –help

To do something useful you need to point it at a web server log file. I am using a LAMP configuration for my test web server (Linux Apache MySql and PHP) . The log files here are located at /var/log/apache2/access.log where access.log is the name of the log file. If you have virtual hosts running you may have setup separate log files for each virtual host which is a good idea.

You can download remote web server log files to your local linux and view them in the goacess application.

To view the log file in goaccess run

goaccess -f/path/to/logfile/access.log

example: goaccess -f/var/log/apache2/access.log

Note: If any of your directory names contains a space or spaces enclose it in quotes or goaccess will encounter a parsing error.

The following screen should come up.

GoAccess initial selection screen- GoAccess is a light weight web traffic analysis Terminal tool for Linux

Pressing enter gives you the Analysis view shown below.

GoAccess Analysis of log file from a web server

I think it is an excellent tool for giving you some idea quickly, on what’s happening on your web site.

In my February log file snapshot, you can see that I had 3748 unique visitors and unfortunately no referrals (referrers). Referrals are when visitors come to your site through a link of your website on another site.

I think it is an really excellent tool! It’s small in size, just over 2Mb and easy on processor resources. And you don’t have to pass your or your client’s data to a third party like Google. Having mentioned Google , there is Google Analytics which is a full blown web analytics application. It is free. The down side is google have access all your web server traffic and activity.

There are Open Source Web Analytics alternatives which I am going to look into but for the moment I am happy with just GoAccess.

Sources: 7 Awesome Open Source Analytics Software For Linux and Unix – nixCraft , https://goaccess.io/

Picked Olives, Belmonte, Luz de Tavira, Algarve, Portugal, small holding, defender of - my meu girrasol creed :)

January

Is all but over. Weatherwise we have had a couple of cold weeks where you had frost and frozen pipes. But is has warmed up this week and some of the almonds have bloomed. It been a mixture of sunshine together with cloud cover and light rain.

almond trees, Belmonte, Luz de Tavira, Algarve

LE300 wind turbine from Leading Edge, AlgarveThe little LE300 wind turbine has been helping keep the lights on during periods of poor insolation. I have been pruning my own trees around the property. I have been taking my time with this. It’s going well and I am not going anywhere. I had my first avocado thus year. Of the Hass’ variety. Organic avocados, Hass variety, Algarve, Portugal

.fico em casa , over here , Algarve, Portugal oruned olive trees, Belmonte, Luz de Tavira, Algarve, Portugal

I have been experimenting with making cookies. The almond and lemon ones turned out decent. There weren’t many olives to be had last year but I managed to pick a few for pickling from the Belgian neighbours’ trees. Picked Olives, Belmonte, Luz de Tavira, Algarve, Portugal, small holding, defender of - my meu girrasol creed :)

I currently have 5 dogs in the house. True four are still only puppies but they are driving me insane. 🙂 I really hope I can find good owners for them and soon.

organic farming, sweet potato, Algarve, Portugal, real transition lifestyle
Another first for me. 1 kg of sweet potato. Grown in a large pot. The ones in the ground didn’t do well in the heavy clay soil.

Text to Speech

Cold January days so more time for reading, Due to my particular situation I can’t read books. As you can see I can read and write quite well well on the computer using standard ‘Accessibility’ tools and by improvising using different font/illumination settings.

Google-text-to-speech engine and a good read, the war on horror

I recently discovered Google Play books on my Android smartphone. It can use the Google text to speech engine which surprising works offline and works rather well. I ‘read’ “The War on Horror” which I found to be quite a good read. This is a free ebook. Brits would feel equally at home with the various themes explicitly presented or alluded to in this book. It brought back to the fore of my mind how we usually manage to achieve just mediocrity when aiming for excellence. If we started out aiming for just mediocrity the results are guaranteed to be dire.

Evie ebook Reader and Google Play Books on Android smartphones

I discovered an excellent ebook reader on the Android Download store, Google Play. The name of the application is Evie. It is a really good ebook reader! It has style and elegance and superb functionality. I am not sure who the creators/developers are but well done to them!

Evie, ebook reader for Android devices
Screenshot of Evie on my smartphone

Evie can use various text-to-speech engines including Google’s text-to-speech engine which surprisingly works offline. The voice of Brian (British english) is rather good. I use it to read .pdf books from my former degree courses, and technical manuals amongst other ebooks. You can change the engine. Amazon has gone the 100% cloud way. Their text-to-speech engine, Amazon Poly works only when you are connected to the internet. There are other text-to-speech engines that work offline. You can download and use these with Evie. Most of these require to be purchased but many offer a try-before-you-buy option.

Installing Linux with Persistence on a USB stick

This was covered by myself in this previous article when I first ventured into the world of Linux and Ubuntu.

I have learned some new things now and this is a follow up to correct some inaccuracies. Firstly, you should not install Linux on any FAT file system including FAT32 as these file systems don’t work correctly with linux file permissions.

Choose a partition size greater than 6GB preferably 10GB minimum for the primary partition which will contain the linux OS files and boot loader. Create a 4GB linux-swap partition as previously. Choose the ext4 journaling file system for the primary partition.

Ubuntu 18.04 partitioned with G-Parted

During installation I made a mistake and installed the ext2 file system which is a legacy linux file system and does not support journaling. A Journaling file system verifies the state of a file during the copy/move process by keeping logs. If a power outage occurred during the file copy process the system would know about it and inform the user that the file was not transferred/saved successfully. There is no such tracking with a non journaling file system and the corrupted file would be saved as a valid entry. I will have to see if I can convert from ext2 to ext4 without having to re-install.

Ubuntu 18.04 installation ext2 primary partition

The rest of the installation procedure for a portable Ubuntu linux 18.04 is still valid.

References: LinuxFilesystemsExplained – Community Help Wiki

Share your Smartphone internet – Bluetooth

I decided to invest in a Bluetooth dongle to help me access the internet on my desktop etc via my smartphone. Why, I think is more secure in being less visible than a Wifi connection.

After having a look around I decided to go for the Plugable USB-bt4le from amazon. This is because it claimed be run on Linux. You can read the review here

And it did! However I had an issue when connecting on an unlocked smartphone that was on the Orange network. This forced me to dig into the world of Android development . It was a baptism of fire. 🙂 I spent and entire day and most of the night learning about Android’s adb (android debug bridge) and the android development environment.

Thanks to Canonical who maintain the software packages for Ubuntu, it is easy to install adb using the apt install adb command in Terminal.

Plagable bluetooth 4.0 on Ubumtu 18.04, Canonical, debian,

After digging around on the internet I found that tethering was set to use DUN and to disable this you had to run

sudo adb shell in Terminal

followed by the statement below after you enter shell in

shell@E####:/ $ settings put global tether_dun_required 0

I think removing the APN for the DUN setting from the mobile phone carrier (on the Orange network in my case) also helped as it seemed to re-enable DUN on reboot.

shell@E####:/ $ settings delete global tether_dun_apn=[ApnSettingV3]Orange Internet,orange.fr,,,orange,orange,,,,,208,01,0,DUN,,,true,0,,,,,,,spn,Orange F

Then reboot.

This did not solve the tethering problem entirely although it prevented the DUN (Dail-up Network)lookup on trying to connect.

What really got it working – Solution to Bluetooth tethering the Smartphone running Android 6.0.1

On your Android Smartphone Go to Settings

Turn on Bluetooth first (ensure you also have an internet connection although this can be done later ). Then

Settings → More → Tethering and Portable Hotspot

then Enable Bluetooth tethering.

And this should work! Unfortunately it seems you have to do this each time you turn Bluetooth on.

Credits:

phpMyAdmin on Ubuntu 18.04

I had phpMyAdmin version 4.6 something running on php 7.2.24 on Ubuntu 18.04 linux.

I checked the version I had by running the following command in Terminal : apt show phpmyadmin

Package: phpmyadmin
Version: 4:4.6.6-5ubuntu0.5
Priority: extra
Section: universe/web
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Thijs Kinkhorst <thijs@debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 25.0 MB

I uninstalled the older version of phpMyAdmin via Terminal and running :

sudo apt remove phpmyadmin

These were originally installed from the Debian repository using Terminal and command line when I setup LAMP .

Do not use the autoremove command if you want the current version of php left in place. I also left the old phpMyAdmin database in place. Because I was not sure if it was needed by the new version.

My current php and phpMYAdmin versions are as shown in the image below

phpMyAdmin error - Warning in ./libraries/sql.lib.php#613

You can refer to this article here. phpMyAdmin never worked properly. When accessing tables in databases I got the following type error.

Warning in ./libraries/sql.lib.php#613

count(): Parameter must be an array or an object that implements Countable etc….

After looking at various articles the best solution I think is the one I found at AskUbuntu.com . See the image below.

How to get rid of phpMyAdmin error - Warning in ./libraries/sql.lib.php#613

It is simple and very effective. And exemplifies the portability of phpMyAdmin. The other methods of removing the installed version of phpMyAdmin and installing a newer version look painful and are not guaranteed as the Debian repository may not have the latest version or version compatible with your current Php version.

Method:

  • Go to the phpMyAdmin website. Download the latest version in zip format (5.0.4 at the time of writing). Copy the hash number as well. This will enable you to verify the integrity of the downloaded file.
  • Verify the hash number. To do this, open Terminal, supply the path where the zip file has been downloaded and type sha256sum filename.zip . Verify the hash number is the same as that supplied by the phpMyAdmin download site. See image below.
  • Unzip the file.
  • Copy the unzipped folder and all it’s contents to your public folder. On Ubuntu 18.04 running Apache 2.4.29 this is in ‘/var/html’ . You can renamed to folder to something shorter if you like.
  • Make a copy of config.sample.inc.php and rename it to config.inc.php.
  • Edit config.inc.php

Make sure you have the authentication part setup correctly as follows to use a cookie and your web server is correctly specified in host.

/* Authentication type */

$cfg[‘Servers’][$i][‘auth_type’] = ‘cookie’;

/* Server parameters */

$cfg[‘Servers’][$i][‘host’] = ‘localhost’;

$cfg[‘Servers’][$i][‘compress’] = false;

$cfg[‘Servers’][$i][‘AllowNoPassword’] = false;

  • Save config.inc.php
  • Launch phpMyAdmin by accessing the phpMyAdmin hosted folder.
  • In my case http://localhost/phpMyAdmin5/ You should get the phpMyAdmin login screen. See image below.

All done! 🙂

Spell Check not working in LibreOffice on Ubuntu 18.04

This even though the hunspell dictionary seems to been installed in LibreOffice.

The solution is to open Terminal and

 sudo apt install hunspell-en-gb

Credits

Thanks to @timothy at AskUbuntu.com for the phpMyAdmin solution.

Thanks to TrisquelUser on https://ask.libreoffice.org/en/question/78558/spell-check-not-working/

for the LibreOffice Spell Checker fix.

Bonji and her Pups

Dogs, puppies, Belmonte, Luz de Tavira

We had Petit Gervais who was killed by poisoning in October. But there is a silver lining to this cloud. Bonji, my other bitch has had a litter of four pups. It was my fault I confess. I let her have a bit too much fun – with the boys. I had meant to sterilise her but the vet whom I use, – Sarah at NovaVet – in Tavira was off on maternity leave. She has had twins! Congratulations to you and the twins, Sarah :).

Bonji had the pups on the 5th of November so they are under a month old. Their fathers are various. I know not who. I only saw her couple with one – and he was a strange looking chap.

The pups have started a eating a bit of dog food but depend mainly on Bonji to keep them fed. Bonji finds this difficult. They are hungry little things. Their mother eats almost double her pre-pup diet but still finds it hard to feed them sometimes. And now they have some teeth so I imagine it must be even more uncomfortable.

Bonji was orphaned when she was a pup. She used to scream a lot and was a very angry pup. Her mother Roxy was also killed by poisoning along with a few other dogs of some of the neighbours . These puppies are very calm and happy and sleep a lot of the time. So we have peace and quiet. I dread when they will be able to clamber out of their makeshift enclosure of plastic pots. This occupies the living room floor. Bonji has the sofa.

She does a sterling job of keeping them clean. They are developing their own characters :). There is 1 girl and three chaps. I have named them Chubbs, Topman, BlackBoy and Conan. I hope to find good homes for them. I will keep one and am sending one to my niece.

Thanks for reading . This is it for now.

Covid-19 Politics

Domingão, SIC, Setúbal, Lisboa, Sintra, Belmonte, Luz de TAvira, Algarve
Domigão – que virus? 😀

Since moving to Portugal I haven’t been active politically. Mainly due to being busy with things and having become resigned as to the futility of having a political rant. All those protest marches in England. against student debt and illegal wars. In the end the political classes do what their paymasters want. Only rarely do you see a politician with genuine conviction, passion and spine.

My nephew who has moved to the USA understands the workings of politics. He has only recently started earning but contributes financially to his favoured political party. In the USA the politics and policies are controlled by those with wealth and financial clout. It is a sad state of affairs but this is what it is.

The Covid-19 virus circus looks like it is set to continue. In the UK, PM Boris Johnson wants a 1 month total lockdown. In Portugal there is mention of a ‘soft’ lockdown.

You cannot keep going into lockdown as this is not effective. Lockdown has – and will – destroy economies and therefore societies. People need to go about their business for society to function. Portugal which is heavily dependent on tourists and the money they bring in, has been hard hit with the UK putting Portugal on the ‘black list’.

PM Boris Johnson talks the talk but can’t walk the walk. He, President Donald Trump and President Jair Trump, Republicans, mexicans Bolsonaro, PM , Brazil,

Bolsonaro of Brazil all had the virus. Their reaction to having contracted it has been very different. Boris wants to be wrapped in cotton wool and be hugged, while Trump and Bolsonaro know we have to get on with it or the future will be even worse with total economic chaos. Prince William, Duke of Cambridge

Prince William got on with it

and I, had the virus. We are just getting on with it.

What needs to be done is isolate only very vulnerable groups like the elderly to minimize their exposure to virus. The rest of us should go about our business and not hide from the virus. If you are in reasonable health you will survive it and then become immune. It is like a bad case of the flu. What the health departments of our countries should be doing is teaching people breathing techniques to deal with the virus when you contract it. It is the slow asphyxiation that finishes a person off over a period of a few days. Of’course carry on with wearing masks and the disinfection processes in closed spaces. But wearing masks on public roads and open public spaces is silly. I don’t get any pleasure seeing the dançarinas on the ‘Somos Portugal’ program in face masks , better SIC’s Domigão 🙂

Images credited to: links
https://en.wikipedia.org/wiki/Jair_Bolsonaro
https://en.wikipedia.org/wiki/Donald_Trump
https://en.wikipedia.org/wiki/Prince_William%2C_Duke_of_Cambridge
https://www.pmnewsnigeria.com/2020/10/31/boris-johnson-locks-down-england-as-virus-cases-top-one-million/
https://turismodocentro.pt/wp-content/uploads/2020/08/domingao-sic.jpg

Petit Gervais (Pipoca)

This is a tribute to my excellent dog, Petit Gervais – She was the runt of the litter and started her life as Pipoca (Popcorn) . She was the last pup of the litter up for adoption. She was a lively and inquisitive little dog if nervous. Pipoca suited her looks but not her character. I renamed her Petit Gervais after watching the excellent BBC production of ‘Les Miserables’ in Portugal on RTP2.

She didn’t have very a good sense of self preservation. Two weeks after I agreed to adopt her a terrible event befell her. I think she was hit by a car causing her hind leg to be irreparably damaged. I never saw either the event or her – as she crawled to her old home where my Portuguese neighbours found her and rushed her to the vet. When she returned home she was one less leg. Being three legged did not help with her nervousness. But she slowly overcame this and just before she was killed she trusted me completely and would always come when I called her and even learned to position herself so that I could lift her up onto the electric quadbike. By the end of her life she finally worked out my limitations and knew how to make her presence known to me to avoid being stepped on.

Her three legged gait prevented her from walking on a lease as she bounced up and down. One english friend suggested I name her Ping Pong. Bust she could run as fast as my other dog, Bonji.

This year she learnt to kayak with and loved it! She loved being on the sandbar whilst I picked cockles. She also became confident in the water and learnt to swim very well with her three legs.

Petit Gervais was a very good guard dog – of the alerter type.

This is probably one of the reason she was killed by poison on 5th October, (Bonfire night). Poisoned meat. From the security cam video footage, it was fast acting. Twenty minutes from when she came in to when she died. When I found her she has only two minutes left. I have a good idea why she was targeted. There are certain people who wish to pass through and around my property undetected. Hunting activities being one such a reason. The other is localized politics which does partly but not entirely encompass the hunter/gatherers mentioned. There are some very evil people here. I am not a good person but Petit Gervais was an innocent animal. I even used to keep her locked in at nights so that she wouldn’t disturb the hunter/gather types.

I buried her in her blanket under the carob tree behind the house. Farewell Petit Gervais , Peeps, Pipoca. She was just two and a half. I now keep poor Bonji mostly tied or locked up.

Other stuff going on in October. It’s been pretty quiet. I stay at home mainly, pruning my trees etc. I replaced the batteries of my Solar P.V system but I have yet to finish the full installation. They are working fine as they are at the moment.

olive trees for sale, Belmonte, Luz de Tavira

I have had a trickle of fruit coming through this month like apples, guavas and persimmon. The Persimmon was just one tree and I ate the last one today :). I have sold a few olive trees and aim to sell some more.

apples, kaki, persimmon, guavas, Belnonte, Luz de Tavira, Algarve

Over and out.

September 2020 Scribble

It’s the end of the month and definitely the end of the summer. The temperature at night is pleasantly cool and it hasn’t been unbearably hot for more than five-six hours during daylight.

The end of September has been quite bereft of fruit for me. I only have a few apples that are ready now. As for vegetables, not doing so great either. A few tomatoes coming along and got the usual cabbage (Cove Galega) and potted lettuce. The Cove Galegas are dying off this year and I will have to replant next year by the look of it. The plants can last a few years if you take off the floral stems as they begin to grow.

I have planted some sweet potatoes and am planting more. Will have a dig next month to see what’s there from the first batch I planted. It apparently takes four months for the tubers to form.

Been in the Ria Formosa catching cockles about twice a week. Today was for the last time this year. For me anyway. I am not sure if there is a closed season for cockles in Portugal. According to this bulletin from the DGRM (not sure what this stands for but it covers the Portuguese Fisheries Department) there doesn’t seem to be a closed season.

And I managed to pick up this good size clam – I think it is an Ameijoa Boa 🙂

Over 5 cm in length and only the second one I have found. Also tested the electric trawling motor with the lithium ion battery pack. The worked well together. I haven’t been fishing as yet but I intend to as soon as I find some suitable bait.

Have got any olives of my own this year worth mentioning. But I have been picking up some decent sized ones off the trees of my Belgian neighbours as I prune along. I have managed to get a sufficient amount for pickling.

That’s about all for this month. I have mainly just been on my own property so haven’t been affected by the COV!D-19 restrictions as they are. I have a lot that needs to be done around the place so it’s fine. 🙂