Airtel 4G Dongle, Metered connection and Delivery Optimization

Windows 10 has a setting named “Metered connection” that can be used to mark a WiFi network as metered connection which then disables many data hungry features. One of those features is “Delivery optimization” that allows windows to download updates from many other PCs besides from windows update servers. This also make our own PC as seeder and this feature is enabled by default. As it can be guessed, this is a problem on limited connections. Many people may be using lot of bandwidth unknowingly uploading windows update bits on behalf of Microsoft without Microsoft paying them anything. Microsoft has converted entire windows 10 ecosystem as a giant network sharing update pieces with others without their knowledge.

If we are using Airtel 4G dongle, it is recognized as “Dial Up” device by windows 10 and there is no setting available to mark it as “Metered connection”. If we choose to update our laptops while using these dongles, we unwittingly becomes part of peer to peer network sharing updates using valuable limited connection bandwidth.

To save on your bandwidth, make sure to disable “Delivery Optimization” on your laptop. Instructions are given at Disable and Turn Off Windows Delivery Optimization . Failing to do so can give you nasty surprises.

1. Metered Connection
2. Delivery Optimization
3. Airtel 4G Dongle

Reliance Jio intrusive behavior

I took Reliance Jio connection after giving my fingerprint linked to aadhar. Process went very smooth and SIM was given immediately but downside started immediately again.

First of all, one needs to install host of apps to use Jio connection. Not an easy thing for a non technical person.

I never managed to do any phone call using Jio connection during free connection time. Jio would call it promotional but basically, it was to hook users to data usage, nothing promotional about this.

When time came to pay real cash, I chickened out and stpped paying anything and decided to uninstall Jio apps and this finally showed me intrusiveness of Jio apps.

1. My phone contact lost all sync facilities with Whatspp and other apps
2. Every app is asking permissions again.
3. Bluetooth playback for Google maps is not working. After Jio app uninstallation, map is working as usual sending voice overs.

I believe that Jio is installing some rootkit and Man in the middle kind of apps that sits cozily between  OS and apps. It is serious issue and needs to be investigated by a competent authority not they themselves.

Lynda.com experience

It has an issue if you have logged into non private Firefox but then tries to login into a private  Firefox instance. This happens even when non private Firefox instance is closed. I had to start non private Firefox again and then log out.

They do not provide good transcripts where link of items mentioned in videos are listed. One need to stop video and then bote down links.

LinkedIn learning is not merged in Lynda and thus it’s not possible to carry over courses from Lynda to LinkedIn learning.

In a learning path, students should be allowed to mark that they know an area.

In non full screen, fonts are not clear.

Search feature could be done better.

How to sign a document without access to printer/scanner?

Sometimes, agencies ask us to sign documents, take the scan and then upload/mail the scanned copy of the signed document. This is definitely better than nail mail but still a bit cumbersome. This will need access to copier (carrying document) or printer (scanned copy is available) or both. In case you do not have these at home and office is clingy about usage, option is to visit a cafe or some such other places.

With smartphones, adobe reader and access to a clean white sheet, you can save these efforts. Read on to know how.

Step 1. Take scan of the document if not already done. On Android phones, use either ‘Microsoft office lens‘ or ‘camscanner‘. Transfer these scanned documents to a cloud storage drive for long term usage or mail to yourself. Upload in PDF format from camscanner.

Step 2. Take a small piece of white paper and sign on it by pen. Take scan of this also and upload on cloud or mail yourself. Upload in JPG format from camscanner.

Step 3. Open scanned document in Adobe Reader and open signature pan. Choose option to sign using image and insert the scanned signature. Done.

Additionally, if you have access to a touch screen laptop, a bit rare case with business laptops, you can directly sign on scanned copy using touch screen and stylus, again a rare thing.

I have done the same while uploading documents to EPFO and they accepted all, so its workable solution. Adobe has done nice work with this feature whereas it puts signature as transparency rather than as white background image. You can even change the size of the signature image.

Strengthening WiFi router security for home network

My WiFi network got hacked as well as of my neighbors. I had trouble getting reliable network in other parts of house because many unknown devices kept connecting to my network. Same is true with neighbors.

Look at devices names

• android-d30a64368136fc1 14:1A:A3:8A:8B:4A MOTOROLA MOBILITY LLC, A LENOVO COMPANY
• android-c84b9e4c6410d964 34:BB:26:08:00:7d Motorola Mobility LLC, USA
• android-4bda3cc13c03e41e F8:CF:C5:4D:71:58 MOTOROLA MOBILITY LLC, A LENOVO COMPANY
• android-b2aa46d340f80770 F8:84:F2:D8:00:C2 Samsung Electronics Co.,Ltd, SOUTH KOREA

All these are weirdly named devices that were named as so to avoid being detected. Most probably, MAC addresses are also spoofed one.

I did some research on password crackers tools for WiFi and saw below links. All these claim to be legal but who stopped thieves from using AK 47?

• http://www.techzoom.net/Tools/CheckMacAddress
• http://www.hackingtutorials.org/wifi-hacking-tutorials/top-10-wifi-hacking-tools-in-kali-linux/ [Uses WPS PIN to access WiFi passphrase]

• http://resources.infosecinstitute.com/13-popular-wireless-hacking-tools/
• Http://resources.infosecinstitute.com/20-popular-wireless-hacking-tools-updated-for-2016/
• https://www.raymond.cc/blog/how-to-discover-hidden-wireless-network

It turns out that first level of attack is via WPS which is open by default on almost all home routers. Another problem factor is DHCP. We do not really need either of these if we can use technology in right way.

Another protection would be to hide broadcasting of SSID name of WiFi network. This will make it a bit difficult to do quick dictionary level attack on network. Most probably, hardware detection would be needed to scan all wifi signal in the vicinity to figure if an unknown WiFi is broadcasting.

Passphrase off course should be somewhere 30 to 40 characters long. 15 character alphanumeric is easy to break.

If living in apartment complex, one good idea would be to check neighbors to see if they are also hacked. Collecting hacker device names from them can help convince society to throw out unwanted elements, read data thieves, from building.

Additionally, MAC filtering can be enabled although it seems that it is very easy to spoof MAC addresses even on mobiles.

Some tools that are useful in detecting hacked WiFi or getting to know if any unknown devices are on network are as follows

• Fing Android App  This tells the list of devices connected on the WiFi whee the android mobile is connected.
• Acrylic WiFi can be used to list out the characteristics of WiFis around us. This gives rating of network security and stuff like that. It also tells if WPS is enabled. Disable WPS if you see it enabled for your SSID and see that network safety rating goes up from 2 to 5.
• WiFi Analyzer is a tool on Android to find out the strength of WiFi signal in graphical manner. If you see too much overlap from other routers. just reboot router once to get new interference free channel.

Modification in Remove-ScriptVariables by http://www.ehloworld.com/247

I tried to use the script created at Function: Remove-ScriptVariables – Cleaning Up Script Variables in PowerShell by Pat Richard

There seemed a issue which makes this script unusable. I then made some changes in it. Changes added are for removing ‘SCRIPT‘ from variable names and cleaning the variables in the defined scope of the script.

function Remove-ScriptVariables()
{
Param(
     [string]$path,
     [string]$scope
)
     $result = Get-Content $path |
        ForEach{ if ( $_ -match'(\$.*?)\s*=') {
            $matches[1]  | ? { $_ -notlike'*.*' -and$_ -notmatch'result' -and$_ -notmatch'env:'}
        }
     }
     ForEach($v in ($result | Sort-Object | Get-Unique)){
        Write-Host "Removing" $v.replace("$","")
        Remove-Variable -Name:($v.replace("$","").replace("SCRIPT:","")) `
            -Scope:Script -ErrorAction:SilentlyContinue
     }
} # end function Remove-ScriptVariables

Do ‘Get-Help Remove-variable -full | more’ to know what needs to be passed for Scope. Usually “SCRIPT” should be passed. This function can also be called at end of a function for better control with scope being defined as “LOCAL”. An example of using it as follows. This will remove script level variables created inside the script. Variables created inside a function will anyway be not accessible outside. ‘main’ is the function where I usually keep all my code.

try
{
    main
}finally{
    Remove-ScriptVariables -path:$MyInvocation.MyCommand.Name -scope:"SCRIPT"
}

Firefox is becoming creepy or at least hinting at

Many a times, I access a website through privacy window even on my [personal laptop and do not want it to appear in my browsing history in any way. Recently, I got a shocker. Entering one such website name in privacy tab, I discovered that there is auto completion going on and that’s looking creeping. After some analysis and trying all of the below, nothing changed. Auto completion continued.

• Refresh firefox
• Restart machine
• Clear browsing data
• Turn off suggested sites in new tab
• Stop search engines from suggesting sites
• Use DuckDuckGo

At the same time, when using Microsoft Edge and Google chrome privacy modes, no such auto complete was happening.

After a while, I came across a Firefox setting which when turned off allowed auto completion to turn off. Those are under Options\Privacy or about:preferences#privacy in new tab. Uncheck all the checkboxes under location bar. It took me some time and that’s scary since normal users cannot figure it easily.

At the same time, I purchased McAfee total security and ran McAfee App Protection on Android mobile. Lo and Behold, its marking Firefox alongside, Adobe Acrobat Reader and Skype and few other well known apps as medium risk application for its tendency to leak PII to third party sources.

Together, these tow are making me averse to Firefox now given that I use it to avoid intrusive detection and that is also the motto of Mozilla. They never gets tired of telling us about this, but seems to be following the different walks than their talk.

Removing references of SongsPk.info from downloaded bollywood songs

If you are a software engineer from India, you must have downloaded Bollywood songs from Songspk.info or one of its clone sites at least once. Its a nice service for sure but they definitely have their own quirks. Checking the music file in Windows explorer or Media player will show songspk.info in multiple place including in file names and all the tags. They definitely deserve to do it given the service they provide but I intend to remove that information from downloaded files to keep them short and clean in my media players and hence decided to use Powershell for some automation. Result of that effort is as follows

Before using this, make sure to download taglib-sharp on some folder as it needs to be loaded. Before running any command, make sure to run it with -Whatif parameter to understand what it will do. Code is divided into 3 sections. I intend to add function for modifying tags with multiple values later on. I am greatly indebted to all bloggers on powershell and especially stackoverflow for helping me along the way. They are too many to list out here.

Function Check-TagLibLoad()
{

#validate if taglib-sharp is loaded or not
$taglibload = [System.AppDomain]::CurrentDomain.GetAssemblies() | `
Select-Object -Property FullName | `
Select-String -Pattern "taglib-sharp"
if (!$taglibload){
Throw "Load Taglib using [Reflection.assembly]::LoadFrom(<Full path of downloaded taglib-sharp dll like D:\temp\taglib-sharp-2.1.0.0-windows\Libraries\taglib-sharp.dll>)"
}
}

Function Rearrange-Patterns()
{
# Rearranges array so that if string A is part of B, A comes after B
Param(
[ValidateNotNullOrEmpty()]
[Parameter(Mandatory=$true)]
[String[]]$Patterns
)
[System.Collections.Generic.List[System.String]]$PatternsTemp = $Patterns | Sort-Object -Unique
for ($cnt1 = 1; $cnt1 -lt $PatternsTemp.Count; $cnt1++){
do{
$found = $false
for ($cnt2 = 0; $cnt2 -lt $cnt1; $cnt2++){
if ($PatternsTemp[$cnt1].Length -le $PatternsTemp[$cnt2].Length){
continue
}
if ($PatternsTemp[$cnt1] -match $PatternsTemp[$cnt2]){
$PatternsTemp.Insert($cnt2,$PatternsTemp[$cnt1])
$PatternsTemp.RemoveAt($cnt1+1)
$found = $true
break
}
}
}while($found -eq $true)
}
$PatternsTemp
}
# Rearrange-Patterns -Patterns "Songspk.info","songs","- Songspk.info","so","pk","info","Songspk","[Songs]"

This function uses above two functions. Save all three in one file and then dot source that file and use this function through pipe lining. Make sure to run with -WhatIf first and carefully examine output.

Function Update-Simple-tags()
{

# Update tags with simple non-array values
[CmdletBinding()]
Param(
[ValidateNotNullOrEmpty()]
[Parameter( Position=0, Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[Alias('FullName')]
[String[]]$FilePath,
[ValidateNotNullOrEmpty()]
[Parameter(Mandatory=$true)]
[string[]]$RemovePatterns,
[switch]$WhatIf
)
begin{
Check-TagLibLoad
$RemovePatterns = Rearrange-Patterns -Patterns:$RemovePatterns
}
Process
{
Unblock-File -LiteralPath:$FilePath

$Music = [taglib.file]::create($FilePath)
$TagList = @("Title", "Comment", "Lyrics", "Conductor", "Copyright")
$Update = $False
$Message = @("$FilePath")

foreach ($tag in $taglist)

{
$OldTagVal = $Music.tag.$tag
$RemovePatterns | ?{$Music.tag.$tag -Match $_} |

%{
$Music.tag.$tag = ($Music.tag.$tag -replace $_, "").Trim()
$Update = $true
}
if ($update -eq $true) {
$Message += (" '$Tag': '$OldTagVal' to '"+$Music.tag.$tag+"'")}
else{
$Message += (" '$Tag': No Update")
}
$Update = !($Whatif)
}
if ($Update -eq $true) {
$Music.save()
}
$Message
}
End{
}
}

# dir -filter 2015* -Directory | %{dir -Path $_ -Filter *.mp3 -File} | Update-Simple-tags -RemovePatterns "Songspk.info","- Songspk.info","www.SongsPk.Info" -WhatIf  | Out-File Update.log
# dir -filter 2015* -Directory | %{dir -Path $_ -Filter *.mp3 -File} | Update-Simple-tags -RemovePatterns "Songspk.info","- Songspk.info","www.SongsPk.Info" | Out-File Update.log

Below are some commands that can be used to edit downloaded files before running above functions to ensure files are in good naming convention to be modified. Names with ‘[‘ in them are tough to handle otherwise. Unblocking is needed since files are downloaded from internet. Rename-Item cannot work with file with special characters hence Move-Item. Make sure to use -WhatIf beforehand with each command. There is a blog post that talks about unzipping zipped file from Powershell but you can discover that if needed.

#Dir -Filter 2015-*.zip | Unblock-File
#Dir -Filter 2016* -Directory | Move-Item -Destination {$_.FullName -replace "320kbps",""}
#Dir -Filter 2016* -Directory | Move-Item -Destination {$_.FullName -replace "\[Songspk.info\]",""}
#Dir -Filter *-2015.zip | Move-Item -Destination {"2015-"+($_.Name -replace "-2015","")}
#Dir -Filter 2016* -Directory | %{dir -Path $_ -recurse -File} | Move-Item -Destination {$_.FullName -replace "\[Songspk.info\] ",""}
#Dir -Filter *2016* -Directory | | Move-Item -Destination {$_.Name -replace "\[Songspk.info\] ",""}
#[Reflection.Assembly]::LoadFrom("D:\temp\taglib-sharp-2.1.0.0-windows\Libraries\taglib-sharp.dll")

Time zone of a tweet

It took me considerable time for me to decipher, but I finally managed to figure out few idiosyncrasies about Timezones used in a tweet. Twitter uses a simple mechanism when displaying tweet time to you on Twitter.com.

• If you are logged in, time shown will be of Timezone set in your profile.
• If you are not logged in, time will be shown in San francisco, USA timezone which is local timezone of twitter HQ.

At no time, it seems to care for system timezone.

As per some research, apparently, it saves the information in the database in GMT based values, but even APIs return values converted to profile timezone. Second case will not occur with API usage since Non-logged in user cannot call API directly. APIs do not seems to save daylight saving information so that will need to be deduced. It though contains UTC offset but its of the API caller not tweet poster. This thus rules out possibility of deducing location through timezone data if location info is not shared by Tweet poster.

To convert time of a tweet to the time of a location, various tools can be used. Most useful seems like https://www.timeanddate.com/worldclock/converter.html . You can provide multiple target cities in this one.

To avoid doing all this, you can use storify.com and copy the tweet there after creating an account and editing default story. Its settings allows one to change timezone of a story to the timezone of your target tweets thus giving this whole information easily.

Using Sendgrid with Powershell

Create a sendgrid account at https://sendgrid.com/

Download nuget.exe from https://www.nuget.org/nuget.exe and save it in some folder where sendgrid will be installed.

Run ‘nuget.exe install sendgrid’ on command line from the path where nuget.exe is saved. Two sendgrid folders will be created with structure like below in the same directory from where the command is run. No need to use Run as administrator option.

• Sendgrid.6.1.0\lib\SendGridMail.dll
• Sendgrid.6.1.0\Sendgrid.6.1.0.nupkg
• SendGrid.SmtpApi.1.3.1\lib\net40\SendGrid.SmtpApi.dll
• SendGrid.SmtpApi.1.3.1\lib\portable-net4+wp81\SendGrid.SmtpApi.dll
• SendGrid.SmtpApi.1.3.1\SendGrid.SmtpApi.1.3.1.nupkg

These folders are downloaded by nuget from https://github.com/sendgrid/sendgrid-csharp which is official location for SendGrid C# libraries.

This install option will not add these assemblies to GAC so you will need to use either Add-Type or [Reflection.Assembly]::LoadFrom(…)  option to load these libraries in session or script. Overall Code would be like below

$SGMail= [Reflection.Assembly]::LoadFile("C:\Software\Sendgrid.6.1.0\lib\SendGridMail.dll")
$SGSMTP= [Reflection.Assembly]::LoadFile("C:\Software\SendGrid.SmtpApi.1.3.1\lib\net40\SendGrid.SmtpApi.dll")</code>

$myMessage = New-Object -TypeName:SendGrid.SendGridMessage
$myMessage.From = New-Object System.Net.Mail.MailAddress("user@example.com");
$recipients = @("Another user &lt;Anotheruser@AnotherDomain.com&gt;")
$myMessage.AddTo($recipients);
$myMessage.Subject = "Testing the SendGrid Library"

$myMessage.Html = "&lt;p&gt;Hello World!&lt;/p&gt;"
$myMessage.Text = "Hello World plain text!"

$username = "sendgridusername"
$password = "sendgriduserpassword"
$credentials = New-Object -TypeName:System.Net.NetworkCredential -ArgumentList:$username,$password

$TransportWeb = New-Object -TypeName:Sendgrid.web -ArgumentList:$credentials
$returnval = $TransportWeb.DeliverAsync($myMessage)
$returnval

Easiest way to figure out the exported classes from Sendgrid DLLs is to load these as reference in a VS 2015 VC# windows console app where you can then use Object browser to access all classes exported by these DLLs. Powershell has a convoluted way to show that but no point wasting time behind that when VS Community 2015 is free for all.

Definitely, this is not most secure code, but it works. Also, do remember that using this for internal organizational mails may be security risk since Sendgrid SMTP server would be transmitting it and thus they can have access to all your mails.

two Sendgrid classes used here are Sendgrid.sendgridmessage and Sendgrid.web. System.web is not getting used as that may seem look like from Sendgrid Github example.