 So welcome to a Thursday blog and the first trivia question is is there something in the shot? That's also not supposed to be in a shot because it bothers him that it's in the shot really does Really really does so comment below and tell us if you see it anyways Marvin actually had gone to school for Doing this stuff. Yeah, he's officially trained in it. So yeah, yeah film and video So yeah, he's like Tom though. There's a thing he knows technical terms Like dead cat on a blimp. This is the fun stuff and C 47 also comment If you know what a C 47 is it's not a plane. It is a piece of equipment used in TV and film production C 47 C 47. Here's the really interesting thing. You probably have a bunch of them in your house Cool. Yeah. Oh, I know what it is. We talked about this before and it's coming back to me Yeah, um, anyways, I know the answer. Maybe you do too. Yeah, everyone's gonna Google it and answer Yeah, probably but still He's already on the internet and they're doing this So we're gonna start with the the the flappy theory and I mean flappy theory Yeah, I think may have shared it with you in some form or another but it's ever evolving with my friend who does Lots of sysops work and system development work and build systems and we ran into the flappy theory Severely with a client. So the flappy theory goes like this The entire world is run off of a series of scripts that stop the flappy thing or start the flappy thing And what that is is just the basic analogy that there's always a script running to stop it or start whatever keeps breaking So then someone writes another script to start or stop whatever is breaking and then they Compact that come compound the problem by putting another script on top of that that stops something from starting and breaking And we ran into the stack of amazing this so that is a new client So like somebody writes a script to switch a switch on and then somebody writes a script to switch a switch off No, no, the switch randomly switches off and no one knows why no one investigates why to fix why it keeps turning on They just write a script to flip the switch on yeah check if switches off if it's off turn it back on So this stack of seven seven. Yes seven. I think we're at right now The flappy scripts at this client has occupied a lot of time And it's kept me from doing youtube because it's we took over iti from a completely undocumented Which means we didn't know what we were getting into so there's hours budgeted There was estimates given but they they were very well aware that the other iti guy Well, he didn't document anything and So we found all the flappy scripts that make the flappy things flap at their at their company and There was a lot of them So just by changing, you know, the first thing you do is make sure you lock out the other guy And because he had an admin account So we locked it out and when we took over iti and then we changed the administrator password on all the things Uh, but when we did all the flappy scripts broke and then it was a hunt to find all the flappy scripts because Things just didn't work It turns out there's there's even a script because no one knows why the log files will get so big They'll crash the server if the server Truncate log script file that has nothing to do with the program It's just a script someone wrote to rotate log files over a certain day Like it's not part the program literally will produce a file that crashes the rest of the server and the program has no way to fix it So someone wrote a script to fix it. See this is the flappy problem No one stopped to think to call the company that wrote the program is a war changes setting in a program So it quits dumping a log file so big it crashes the server Instead they they just wrote a script to delete the log fix the symptom not the cause Yeah, so immediately you're trying to change your password within 24 hours. There was uh drive limit problems and just The flappy stuff started flapping and then when That's the noise we should start making whenever we run into it and and this is actually In see phil does this all the time for very very very big companies. I don't think you can use this real name Yeah, yeah, but we will we'll because he watches this sometimes and uh, he does this and yeah, he um The it this is what he runs into all the time and I've seen them in small scale But this is a larger scale one Maybe it's just the size of the company and the weight was set up and the fact that uh, they have legacy products Uh blended in with their current system They literally have to keep separate networks for old equipment and old things in the warehousing manufacturing Um, and we have this with some of the other clients So we've never had a flappy script problem quite this extensive of how many things broke just by changing an admin pastor Also, why was everything running off an admin password? Not just as a system level service that automatically runs. So if we change a password, we don't break the system But that's it guess how it's run. We fixed so many things and this is all happy now. So we're good It's a happy not flappy now. It's happy not flappy So we're still sorting that out, but it's occupied way too much of my time I my free nasc video has been pretty popular Uh for free nasc 10 coral, but I have not done more of them simply because All the things people keep asking me to do a video for all the features that are missing And I didn't they did release an update and they fixed on the features They They may do a major version release before they fix the features that should have been built in by default Based on the I mean everyone's like hey exciting big venture endeavor that the free nasc team did They did a great job on a product But they just omitted some major steps that kind of make the product really really usable So they fixed the major security flaw in it of not being able to replace encrypted hard drives But you know I it's also slowing me down from making more videos on it because I all the questions that people really are asking me That one answer have to do with the features that are missing and so people are literally a couple of people posted Well, when do you think these features will be available? I said the they have ticket They at least have um on the roadmap for development like here's the item number When this item number gets up to date. That's when we wrote the program so for nasc Please hurry up and get because Tom gets real cranky. I get cranky any videos. Oh my gosh So please please let him do some videos about this Yeah, you know got stuff to do. By the way, I got plans this weekend to make a bunch of other videos We were gonna do a big announcement the announcement got delayed But don't worry. We'll even share with you why the announcement was delayed and I thought it'd be calling this project Is it project Jefferson or something? I think project Jefferson. I think that's a good one. It's given it a code name It's it's exciting. It's fun We just can't talk about it yet until it's all like there's no dates set and it's not because of us But we'll complain about we'll we'll call out those who are delaying but not until later That's a little we don't want to rock the boat in case any of those who are delaying us are watching this and go Hey, you kind of complain about I'm look once it's taken care of though We're on blast everyone's on blast Because that's what the kids say these days. That's that's what I hear Other exciting news, uh Yeah, yeah, um lots more Things happening. What which one's gonna stuff we can't talk about though. That's it like, uh, we're not trying to be cryptic about this We just there's some things going on We can't really talk about it's always a challenge when you're dealing with an nda over something that a project for a client Um, because probably you know clients are always expanding sometimes our expansions require them buying more buildings and things like that So it's like we can't talk about that because well, we're building it all out But they haven't announced it even we do stuff that their employees may not even know yet So because we do the infrastructure cabling and build-offs for these which is really cool But then we can't talk about or take pictures or post those videos because if we were to do so We would tip the hat that oh, yeah, we you could be doing that looks like maybe our new building or something So we have a great huge respect for all of the privacy of anyone So any videos you do see a client of course have been vetted and asked me as I can we film here Can we fly a drone through your office? These are questions we ask We don't just do it I mean you gotta wonder how many companies ask I'm like, can we fly a drone through your business? Please We do that Yeah, it's funny because usually the the only response we get is oh really can I have the footage right? Yes So we actually uh one of the guys we gave him the footage and we gave him he wanted some aero photos of his whole Areas so we well where you got the drone? So he flew around his building gave him an entire aero photos and then he shared with everyone in the office Now I got more views on that So there's always uh, there's always fun things happening. Yeah We are still rocking out lots of websites. We're uh more more every day Yeah on the edge of behind all the time. It's just always this right on the edge of it. Melissa knocks him out though She does she really she kicks it into high gear and Out they go. So we're working on that. That's been lots of fun I've been really really encouraging everyone to install word fence On there. It's the even if it's just a free version Other paid versions not very expensive and you can get licenses through us and things like that Uh, because we get bulk discounts But it word friends is another security protection tool for your WordPress website and hope keep the bad guys out because that is such Say such a honey. It drives me nuts. We clean up hacked WordPress sites and that's part of my client conversion We fix hacked WordPress sites and then from there we do the uh We'll end up usually taking over hosting form at the same time I kind of want to do a video on it on how we clean up a hacked WordPress site Uh, but there's so many little steps And it's kind of one of those hit and miss it's It's not as simple because there's so many things like I This method I used last week may not even work this week the concept's the same You find the javascript files that are usually it usually java Something something inserted into the code and find it root it out look for file changes based on certain dates Um word fence is another scanning tool that helps me locate which files were modified or changed And then when we're done We'll just re upload the WordPress core files over the top of the old core files to just replace it Maybe I'll do some videos on if there's an interest in cleaning up the hacked WordPress sites Um, I'm probably not like the fastest guy at it, but I'll time lapse the videos. We make it thorough Yeah, I try to be very thorough that's very important word fences because word fence will tell you if there were there were attempts at Yes, which I so I I installed word fence recently on a personal website of mine Somebody in Latvia is really interested in getting into my site. Yes But word fence is holding them out. Yeah, and uh, one of our clients it's word fence. It held out It's funny. They're not good news is not using um, because one thing you can flag is if you have a unique username in WordPress And you realize someone has compromised that name and they're guessing passwords. That's a little scary Uh, and we usually they get it from you look at the published posts and they will they will pull the Uh username for the published post and try that username with different password combinations We actually use very high entropy passwords that are usually 16 characters of random gibberish that we saved in Last pass. So yes, I know I got hacked again. That's going to be another video Please see my previous video and then it'll be a forthcoming one winsters disclosure on the current hack that Tavis Ormandy found But back to WordPress, uh use high entropy passwords as in really long gibberish And then it's less likely because most of the uh hacking attempts are password guesses And they simply use all the common passwords Even though you thought monkey one two three was so unique to you Turns out it's not It's actually I think monkey's still in the top 20 list. Really? Yeah Maybe we should read that next time next week. We'll have the top list of passwords used in 2016 Not to be used to hack websites Yeah There's got to be some kind of psychological thing to that why people would pick monkey I don't look into that So why would somebody pick monkey? Yeah, someone definitely picks monkey. Oh well Oh This isn't live and I'm gonna so I'm gonna edit this out. I have to answer this All right, that phone call was a part of project jefferson. It's why I had to answer it Anyways, so But yeah, no we clean up WordPress sites. We do all that fun stuff That is a whole another part of the business that I probably should make some more videos on about websites Maybe that'll be something I get done But my fun filled and exciting plan for this rainy cold weekend Making more youtube videos. Um, I was really hung up on a project that my wife had me doing that really sucked I don't think she watches this so we'll see Find out I would say we'll find out see this is going to be about what 10 minutes into the video So 12 minutes after posting it, we'll find out and it's some of you Do we know I have a podcast the smlr.us and I recorded that over the weekend So my weekend was really busy and I tried to try to get a lot of youtube videos done I got a lot of learning done and uh, that's I just been studying some different Tools and utilities and Linux stuff and there's little projects. Oh project tinfoil hat. Um, Yes, yes, that was my other project I had going so what I did was uh In this is one of my security friends and he's helping me with this We're just doing a full internal audit and uh, not because we found anything But because I want to do it now instead of ever asking what could I have done better? And so that's one of those little things that we're doing and it's just a whole step-by-step encryption stuff And I've talked about how we do our backups and things like that That's all it really is is making sure and double checking that every step we do Anytime you have data at rest it should be encrypted. So we do we have that encrypted We have the sequel backups encrypted. We store the virtual machines on offline encrypted drives that are passwords So there's a lot of things that we're doing, but I always like to have that whole process looked at from top to bottom And uh, just I one of those I like checking it and then I have my friend who I trust and work since computer security him just kind of come through and he stops by and He's gonna be by here like tomorrow and stuff and just doing some auditing work looking at it We talked about Structures and things like that. He thought we were doing really well with all of it He was he didn't really find any flaws like don't be critical. Don't be nice So just make sure my process is the same. We've had a process like this for a while But it's one of those let's stop and look make sure we're being really secure Because businesses are under absolute attack We are switching over one of our clients. We've finally got them convinced of it by showing them the logs They're seeing 4,000 logins a day to a open server They have and we're like we we're we've already blocked all the foreign countries That's just the 4,000 a day trying to log into their rdb server is the us countries It's just the us ip addresses That are trying to hit it, you know, so as much filtering as we do want it There's just it's getting really hammered so they're going to go to a higher level of security rather than just having an open RDP session, which is just scary. We told them any of those things we manage clients and when they take our advice That's awesome. We have other ones that go. Ah, I don't think I'm we have hard passwords I don't think anyone guess it and I'm like that you still shouldn't leave that open because of potential flaws So their hard password is monkey one two three four. Yeah, they had a fourth into the monkey So phase two of project infoil hat is building a bunker and yeah stocking up on canned goods Stocking up on canned goods and all that stuff. So we'll be moving on to phase two Very soon, but we should probably cut it off right now because um It's we've gone on droned on for long enough now droned on for long enough And uh, we got to get back to all the client stuff. It's true. I mean, we're almost done with the flappy project It'll be a happy flappy happy flappy And get all the scripts sorted out in the backups Yeah, and the ridiculous stuff we were dealing with they make all that happen, but thank you again Yep, so remember, uh, what is the c47? Let us know in the comments if you know what's in the shot. What's in the shot? You can't google. What's in the shot? What's in the shot that you can't see and uh, like and subscribe Uh, if you like what we're doing Hey, come on next week. Look at that The family portrait. It's our family portrait all them. So all right. We'll see you next week. Yep Um