Archive for category Uncategorized

Synology Antivirus Essential detects PHP.Exploit.CVE_2015_2331-3

Today my DiskStation emailed me about detecting malware in the system files. When I looked at the log, I saw this:

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

Antivirus Essential detects Php.Exploit.CVE_2015_2331-3 in zip

It appears this is a false positive in the ClamAV database.

Further reading:

If your Synology reports the same, simply restore the quarantined file, update virus definitions, and re-scan. It should come up clean. If you had configured Antivirus Essential to automatically delete files, you may have to restore the DSM OS to get the file back.


Leave a comment

Plex Media Server not starting on boot on Synology NAS

My Synology NAS would not successfully start Plex Media Server at bootup. I had to go into Package Center after each boot and run it manually.

I reached out to the Plex forums and didn’t get much help. I did eventaully find a fix.

I assumed that the script was failing on boot as it was waiting for some not-yet-ready resource, and would only run after the whatever-resource was ready. It just needed more time to be ready.

copy the “/var/packages/Plex Media Server/scripts/start-stop-status” file somewhere else on your NAS where you can edit it, and make the following edit:

start_plex ()
+  sleep 7
PLEX_PATH=$(/usr/syno/sbin/synoshare --get Plex | grep Path | awk -F[ '{print $2}' | awk -F] '{print $1}')

Save the file, and then copy it back to it’s original location. Reboot.

Plex Media Server should now run on boot successfully.


Leave a comment

YubiKey NEO and OpenPGP key generation and loading on Windows

This is an attempt to do a “quick start” guide for properly generating OpenPGP keys and loading them into your YubiKey NEO on Windows. This isn’t an all-exhaustive guide, and you more advanced users may choose to do things differently than I have demonstrated here. This is my way, and I know it works.

If you’re going to do anything with the OpenPGP functionality of the YubiKey NEO, you need the latest stable of Gpg4win, available here. You also need your NEO in CCID mode. See my previous post to get started. Also note that the YubiKey NEO only supports 2048-bit keys. Larger keys will not work. Smaller keys may or may not work.

After following this guide, you will have an OpenPGP 2048-bit key pair with sub-keys for encryption and authentication, a revocation certificate, a backup of your keys, and the secret keys loaded on to the appropriate slots on the YubiKey NEO.

YubiCo’s guide to this process is posted here. When I walked through their guide I noticed it was missing some steps. So I wrote this guide to fill in the blanks and be more descriptive.

Generating your initial key pair

Open a command prompt and run:

gpg --expert --gen-key

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
Your selection? 8

For ‘kind of key’, select 8 (RSA: Set your own capabilities)

Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify Encrypt

(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished

Your selection?

Now you want to select ‘e’, so that you toggle off the encryption ability off, so that ‘Current allowed’ shows only Sign and Certify. Then select ‘q’ to move on.

Make sure you select a 2048 bit key, and then continue through the wizard to complete your key pair generation.

Take note of your 8-character key ID. You will need it for future steps.

Adding the sub-keys

You need to add two sub-keys; one for encryption, and one for authentication.

From the command line, run (where keyID is your 8-character key ID) :

gpg --expert --edit-key keyID

Now, type:


Select 8 again, just like above, and then toggle abilities so you have an encryption-only key. Make sure you generate a 2048-bit key.

Repeat addkey one last time, and toggle abilities so you have an authentication-only key.

Then q to quit, and y to save changes.

Backing up the keys

Run each of the following commands to backup your public key, secret key, and to create a revocation certificate, where keyID is your 8-character key ID:

gpg --output public.asc -a --export keyID
gpg --output secret.asc -a --export-secret-key keyID
gpg --output revoke.asc -a --gen-revoke keyID

Moving the keys to the YubiKey

Run the following command:

gpg –expert –edit-key keyID

Then type toggle. You have sub-keys 1,and 2, and 0 represents the main key. For each of these sub-keys (1 and 2), type key subkey-number (such as key 1) to toggle handling that key, and then use keytocard to move it to your YubiKey. (after handling key 1, you have to type key 1 again to unselect it before selecting key 2). Keys 1 and 2 will only have one choice where to put them. Afterwards, type key 0 and keytocard it to the signature slot.

card errors: If you get a card error, IO error, or anything like that, quit gpg, saving any changes, quit Kleopatra, quit YubiCo Authenticator (if you’re running it), and then open Task Manager and kill any gpg-agent or gpg-* processes. Run this:

gpg –card-status

If this comes back with data (and not an error), then run this again and continue:

gpg –expert –edit-key key-ID

Integration with Putty / Pagent: This is something I haven’t explored yet, but this walk-through seems to deal with the topic quite well.

Leave a comment

YubiKey NEO Quick-Start on Windows

This is a continuation of my previous post on YubiKey.

In order for the most painless “Quick Start” of YubiKey on Windows, you will need a few tools:

First, the YubiKey NEO Manager, available here, will enable you to toggle the various modes (OTP, CCID, U2F) of your YubiKey on and off. Since the YubiKey ships with only OTP mode enabled, you will need this to turn on CCID (SmartCard) and U2F (Fido) mode. This will also let you check and verify the installed apps on your NEO, once you’ve enabled CCID mode. (Important: Check the version of your OpenPGP app. If it is 1.0.9 or lower, read this security advisory and take appropriate action).

Second, the YubiKey Personalization Tool, available here, will enable you to personalize the various configuration slots of your YubiKey. There are two slots available, and slot 1 is programmed with the YubiCo OTP (or RSA key, depending). It is strongly advised not to overwrite slot 1 unless you really know what you are doing. You can program slot 2 for whatever other implementation you would like. Please note that these two slots are independent of the applets that run on the CCID side of the card. Although that may be slightly confusing, it will be clear as you use your key.

Third, the YubiKey NEO contains the YubiOATH applet for generating those familiar 6-digit OTP codes that various websites use as two-factor authentication. Your YubiKey NEO can store many of those 6 digit codes and secrets in the key itself, but it requires the YubiOATH-desktop helper app, available here. This helper app is required because OATH codes are time-based, and the YubiKey has no internal clock. Also, this requires that CCID mode is enabled.

If you have anything to contribute, please do so in the comments below, or contact me using the form. 

Leave a comment

Hello, YubiKey NEO

I have one of the 2nd generation YubiKeys, and I really liked it, but the new YubiKey NEOs have many new features, including PGP, OTP codes, U2F, NFC, etc. I liked the original YubiKey (although there aren’t too many places where you can use it), but the new YubiKey really interested me. So I got myself one.

One of the problems that I ran into was a lack of “Quick start” documentation for the various features of the YubiKey, such as OTP, PGP, etc. The documentation is either too vague, or too complicated.

I’m going to attempt to give some blog posts to help users get start with their YubiKeys in the same manner that I got started with mine, including the various features and such, to help you get up and running as quickly as possible, and with as few headaches as possible.

So, if you’re interested, subscribe and watch for new posts.

Leave a comment

MMS settings for Windows Phone (and others) on Cricket Wireless

If you have an unlocked Windows Phone operating on Cricket Mobile, and are having issues sending or receiving MMS messages, change the settings of your phone to the below.

All Settings > cellular+SIM > View internet APN. Verify the following (ignore unlisted fields):

  • APN: ndo
  • Auth type: PAP
  • IP type: IPv4

If settings differ from the above, go to SIM Settings > Manual Internet APN > edit internet APN, and enter as above. Leave any unlisted fields blank.

Next, tap edit MMS APN, and set as below:

  • APN: ndo
  • Auth type: PAP
  • WAP gateway:
  • WAP gateway port: 80
  • MMSC (URL):
  • MMSC port: 80
  • Max MMS size: 10240
  • IP type: IPv4 < (This setting wasn’t provided by Cricket, but the default of IPv4v6 will not work. It must be IPv4)

These settings were confirmed with Cricket prior to publishing. If you would rather contact Cricket to get the settings directly from them, you may do so.

Windows Phone visual voicemail is currently not supported on Cricket at this time. I recommend YouMail with the ISeeVM app as an alternative.

Leave a comment

Skype randomly zooming during video calls

First, a little background. I was on a Skype call a short time ago and noticed that Skype would randomly zoom in and zoom out during the call. It seemed to happen at random, and I couldn’t figure out why, nor could I find any way of controlling it.

My Asus T100’s camera does have a user-controllable zoom, but it is zoomed all the way out when this is happening. It does not have face-following, a feature commonly blamed for this issue in Skype.

Here’s a shot of the Video Settings dialog in Skype, for anyone interested.


After some digging around the web, I’ve found a logical chain of forum posts that seem to indicate what the issue is, and point to a potential fix.

First, this blog post from another user who had the same issue, and he worked around it by installing and using ManyCam. This did work to resolve the issue, but requires ManyCam be running and adds the extra resources that it requires. If you decide to go this route, I strongly recommend areful reading during the ManyCam installer. It’s full of add-ons.

Second, this thread on yCombinator suggests a few things: 1) That lack of bandwidth is causing Skype to switch the camera to a lower resolution, resulting in the zoom; and that 2) lack of movement in portions of the cameras image is causing it to zoom. Theory 1 seems more plausible.

Third, this post on the Skype forums suggests that Skype’s video resolution can be forced by editing an xml file. Quoted with edits:

It’s impossible to change either the capture or stream video resolution in the Skype GUI. But the capture resolution can be changed by adding for example this:


directly under the <Lib> tag in %AppData%\Skype\shared.xml. The other supported resolutions also work. Check that it works from Call -> Call Technical Info.

Of course, make sure that you are forcing a resolution that your camera supports, that your PC has enough processing power to support, and that you have sufficient bandwidth for. Otherwise, you will experience undesirable effects. 640×480 is a good choice for many. 1280×720 would require a webcam capable of 720p HD capture. A 1.2 MP camera could give a resolution of 1280×960.

I used 1280×960 above as my camera is 1.2 megapixel. However, in my Call Technical Info, my camera is capturing at 1280×720, and zoom is correct. In one instance the camera zoomed in, and the Call Technical Info showed that it was capturing at 240×360. The zoom is definitely connected to the capture resolution, but changing the xml settings does not guarantee that Skype will force the resolution under all (or any) circumstances.

I’m also going to add that this is directly targeted at Skype for Desktop, not the Windows 8 app. If you are able to try this, please let me know your results. 

Leave a comment

How to save browser link URLs to disk

(I realize this is far from being a new thing, but I also know that some people don’t know how to do this, so I’m going to explain this for today’s lucky 10,000.)

I have a lot of very useful bookmarks, as I’m sure many of you readers do as well. I also tend to use more than one web browser. It’s a huge pain to constantly export/import bookmarks across browsers, back up favorites before re-installing an OS, etc. What if you could just have your favorites saved to disk, and use them however and whenever you wanted? That would be great.

Firefox and Chrome both have features where you can sync your bookmarks to their cloud services, but that only works with that one browser.

So, actually, you can save them to disk. And I’m not talking about saving the page to disk (via file > save). No. Not that. That saves the whole page and all of the content to your disk. No. I’m talking about saving just the link. Not in a text file, but in a simple file you can double-click to open in your web browser.

Sounds awesome, right? It is.

So here’s how you do it. In your favorite web browser, just locate the page favicon (that’s what that little icon next to the web address is called. It’s a favicon.) and drag it to your desktop, or other such folder. Screenshots below for Internet Explorer and Chrome:

Now you can save those files anywhere you want, even such places such as Dropbox, OneCloud, etc. Even a USB stick.

OneDrive users: If your link does something unexpected when you double-click on it (like trying to print), make sure it’s an Offline file. Right-click your link and select Make available offline. You can select multiple files and do this to many at once, or even an entire folder.

Leave a comment

XBox 360 popping crackling sounds over HDMI solved

If you have an XBox 360 hooked up to your TV over HDMI, you very well may experience popping, crackling, or static sounds while playing games.

It took me a bit of Googling to find the solution to this problem. Most people think it’s bad HDMI ports, cables, interference, or other. When in fact, I found the simplest solution (and the correct one) was to go into the console settings, under sound, and notice that the XBox by default is configured for Dolby 5.1 surround sound. On a 2-speaker system, this is not correct and will result in distorted sound. Change this setting to digital stereo and that will solve the issue.


Leave a comment

How to do a full system bare-metal backup in Windows 8

The Windows “Backup and Restore” utility that was present in the control panel in Windows 7 could easily do full-system bare-metal backup and restore. Unfortunately, this tool was removed from the control panel in Windows 8.

However, it looks like that tool is still present on the hard drive and can be used. Here’s how to find it.

Click Start, and in the search box, type SDCLT.EXE . Right-click the and click Run As Administrator.

As always, a test restore is good practice.

Comments are welcomed below!

Leave a comment