How to install Nextcloud on NETGEAR ReadyNAS.

Once there was ownCloud. Now there is Nextcloud. It’s time to install Nextcloud on NETGEAR ReadyNAS.

If you’ve followed my 5-year-old guide How to install Owncloud on a NETGEAR ReadyNAS, you might have noticed that the ownCloud desktop client has complained about an unsupported server version for some time. ownCloud on your ReadyNAS server has been stuck on version 6, while the rest of the world has moved on to version 10. Unfortunately, the ownCloud version in the NETGEAR package repository has not been maintained, and upgrading using ownCloud’s own mechanisms has not been possible. ownCloud itself has also been through some rough times. In 2016, its founder, Frank Karlitschek, left the company, citing “moral questions”. Karlitschek went on to found Nextcloud, which is a ownCloud fork, and the file hosting software we will install now.

My particular ReadyNAS model is the 102, which uses an ARM CPU. There is no Nextcloud package in the NETGEAR package repository. This means that getting Nextcloud up and running on my ReadyNAS 102 would involve a lot of compiling, troubleshooting, and general hair pulling. Not ideal for a guy like me with a receding hairline, and I’d probably use a lot of my precious spare time that I’d prefer to prioritize differently. That’s why I’ll take the path of least resistance this time, and turn to someone who’ve gone through all those hoops already: Say hello to RNXtras.com.

Continue reading "How to install Nextcloud on NETGEAR ReadyNAS." →

We Need to Toot About Mastodon.

Is Mastodon the silver bullet, or yet another social media dud?

First of all, we’ll have to clarify one thing. This post isn’t about the American heavy metal band Mastodon. It’s about the social network Mastodon. You’d think that the creator of Mastodon (the social network) would to at least a little research before picking a name, but apparently not.

With that out of the way, let’s get on with it.

The internet is great. It makes it incredibly easy to for us to connect, share, and educate ourselves. It’s also a place where trolls breed and feed, and hate is amplified. The anonymous nature of the series of tubes that is the internet often brings out the worst in people. There are few things that will make you lose faith in humanity faster than reading comments on a random, high-traffic site on the internet.

Historically, any lack of anonymity has restrained the trolls to a certain degree. And life was good. But with the rise of social media sites like Facebook and Twitter, we’ve seen that some people really don’t need anonymity to go absolutely nuts. They’ll write and share whatever they think about race, sexual orientation, global warming, and other heated topics. This has turned many social media sites into very hostile environments, and people are looking for alternatives.

So wouldn’t it be great if there was a Twitter, but without all the hate and hostility? Mastodon tries to be just that, but can it succeed?

Continue reading "We Need to Toot About Mastodon." →

Defeating PoisonTap (and Other Dirty Tricks) with Beamgun.

Late last year, a neat little device called PoisonTap surfaced. With it, anyone can easily steal passwords, credit card numbers and other sensitive data from any computer – even when it’s locked. But hot on the heels of PoisonTap came its antidote: Beamgun.

PoisonTap takes advantage of Windows’ and OS X’ inherit trust in devices connecting to USB and Thunderbolt ports. A lot of different devices can be connected to these ports. Keyboards, mice, printers, scanners, storage devices, and network cards. Just to name a few. Both Windows and OS X will happily activate whatever device is connected without asking the user if it’s OK. Even if the computer is locked. Because if someone has physical access to the computer, they always have good intentions. Right? Wrong. It’s a terrible assumption to make, and one PosionTap takes advantage of. A better assumption is that everyone who has access to a computer has malicious intentions.

When connected to a USB or Thunderbolt port, PoisonTap quickly registers itself as a network card, and effectively becomes a man-in-the-middle (MitM) on the computer. As a MitM, PosionTap can intercept all inbound and outbound network traffic.

Continue reading "Defeating PoisonTap (and Other Dirty Tricks) with Beamgun." →

PoisonTap – The $5 Tool That Steals All Your Stuff.

A while back I wrote about the WiFi Pineapple, a wonderful little device that can be used to “audit”¹ wireless networks. The device makes it surprisingly easy to act as Man in the Middle (MitM), a technique used by hackers to effectively steal all your passwords and credit card numbers. The cheapest version of the WiFi Pineapple, the Nano, costs just shy of $100. Not a lot of money, but it’s a bit too much for me to spend on a device that can’t be used for anything cool without breaking more laws than I can count. But now there’s a new toy available that does many of the same things as the WiFi Pineapple: PoisonTap.

Price tag? Around $5.

PoisonTap also plays the role as the MitM, but there’s a big difference. While the WiFi Pineapple hijacks wireless networks, PoisonTap needs physical access to the computer you wish to audit. Because of that, it’s easy to dismiss PoisonTap as pretty useless. It’s hard to get physical access to an unattended computer, isn’t it? No, it’s not. If you’re working in an office environment, simply take a look around you at lunch time. And if you have access to a conference center or a hotel, take a look inside. I bet you can find an unattended computer within minutes.

Another reason you might dismiss PoisonTap as worthless, is the size of the delivery vehicle. The version of PoisonTap demoed by its creator, Samy Kamkar, runs on a Raspberry Pi Zero. While the Zero is small, it’s not exactly invisible, and not hard to spot. But the PosionTap software doesn’t have to run on a Raspberry Pi, it’s possible to install it on even smaller computers. Both LANTurtle or USB Armory are viable options. Not too easy to spot one of those connected to the back of the workstation tucked under your desk, is it?

On top of that, the PosionTap doesn’t have to be connected for long. Just leave it plugged in for a minute or two, then pull it out, and walk away. The target computer is now infected, and a persistent backdoor has been installed.

Continue reading "PoisonTap – The $5 Tool That Steals All Your Stuff." →

Facebook Sucked Me Back In!

In 2011, I deleted my Facebook account. But now, through my selfish need to spread the good word, my old nemesis has sucked me back into its cold and clammy embrace.

Deleting a Facebook account can quickly prove to be social suicide. In my case, that wasn’t much of a problem. Contrary to what you might have heard in April, I’ve never had an outrageously active social life. The people I spent time with still answered they phones, and Anniken, who was on Facebook, was my other social lifeline. Even without Facebook, I’ve somehow miraculous managed to get on with my life, and function like a normal human being for the past five years.

A while ago, however, I decided to start dabbling in cryptocurrency. More precisely, I wanted to get a Steemit account. Steemit is a bit like Reddit, but its users don’t seem to be narcissistic trolls who want to see the world burn. Also, the content on Steemit is mostly user generated, whereas Reddit functions a lot more like a link machine. The most attractive feature of Steemit, however, is that users get paid for the content they create. If you write a popular article, you are awarded with STEEM, the platform’s cryptocurrency. STEEM can then be traded on one of the many cryptocurrency exchanges.

There was one huge issue with Steemit at the time, though: You had to have a Facebook account to register.

Continue reading "Facebook Sucked Me Back In!" →