I’ve been hacked! I’ve been scammed! What do I do?

Sometimes, we all have one of those “how did this happen?!?” moments, as we watch our mouse go shooting across the screen, deleting all of your files. You panic, and call your local computer technician, to ask what to do about it. A Trojan, worm, or human (a taller version of a worm) has taken over your computer. You’ve been hacked. You shut it off, and wait for your technician to show up. While you wait, here’s a list of the things of what they should have already told you on what to do if your computer has been compromised, and what you’ll probably be paying for.

From a technology perspective:

Turn off your device immediately

Have you been hacked or lost control of your computer? Simply turn it off. An off computer cannot be controlled, as there is nothing to control at that point. This is the fastest way to stop an ongoing attack and avoid a follow-up attack. In the event that you were compromised by a Trojan or worm, this will prevent it from causing any more damage than it already has. Once you have made sure that the device is off, contact a computer technician immediately to inspect and cleanup your computer. If you don’t have it sanitized before you start using it again, there is a very good chance that a Trojan or worm that has been installed on it will just turn on again, and continue wreaking havoc. They also tend to open up a bunch of holes in your computer, which makes it easier for hackers to gain access to your computer again.

Using another device, change your passwords

Since the device that was compromised is turned off, you will want to use another computer or device to get online and start changing your passwords. Not just the important ones, ALL of them. If you do any online banking, make sure to change your password for your bank’s website first to avoid anyone getting access to your accounts. Next, take care of your email account(s). Your email account is the gateway to almost all of your online accounts, so anyone with access to that could simply use the Forgot Password buttons on other websites to reset your passwords. Honestly, it wouldn’t hurt to handle your email accounts first, since they could still be used to change the password on your bank accounts. Next, make sure to log in to all of your social media accounts and do the same. Keep working through your list of online accounts until you have changed the passwords for everything.

When changing your passwords, make sure you follow these rules. They are common rules for all passwords, so they apply any time you ever create or change a password. These are just a few of hundreds of password tips. For more thoughts on password security, try Googling “password rules”.

  1. Use a strong password. “password” is NOT strong. Most websites these days make you use a secure password. You want it to be an absolute minimum of 8 characters in length (10 is better, the more the merrier), and use a combination of uppercase and lowercase letters, numbers, and symbols.
  2. Don’t use a modified version of the password you are changing. If you only change one or two characters in your old password, you are not really helping yourself out. While this will trick most automated hacking tools for a while, a true hacker will be able to figure out what you changed pretty quickly. If you make it easy for yourself, you’re making it easy for them too.
  3. Names, birthdays, anniversaries, and “password” all make horrible passwords, don’t use them. IF you are going to break this rule, use a combination of them.
  4. Don’t ever use the same password twice. If the password for your email account is the same as your bank account and Facebook page, you are going to be in a lot of trouble if someone finds out your password. Use a program like KeePass (http://keepass.info/) to keep track of your passwords for you. It is completely free, and can help you safely keep track of what passwords go where.

Tell your friends!

Nobody likes to admit that they were duped, but it is important that you let people know what has happened. If your friends and family (online and offline) are aware that you were hacked, they will be able to help keep an eye out for suspicious activity for you. It only takes one caring friend online to agree to wire “you” money because your social account is under the control of another person. Knowledge is power. Empower yourself and your friends.

From an identity/financial perspective:

Call the police (non-emergency line, NOT 911), get a police report

It doesn’t really seem like something you would have to do if your computer was hacked, but if you believe that someone has stolen any of your personal data, you need to contact your local law enforcement and file a police report. Digital theft is still theft, and theft is against the law. Additionally, your bank, credit card companies, and other businesses may require you to have a police report when filing claims with them. It may end up being a very simple police report, but so long as they can file that “my files were stolen on this date at this time”, you’ll have something to work with.

Call your bank and credit card companies

If you think that your bank or credit card account information may have been compromised, you will want to contact your banking institution and credit card companies as soon as possible to let them know that you may have lost your data. At bare minimum, you will want to tell them what happened, and to be on alert for any suspicious activity. Your banking representative will help you decide what to do next. In some cases, this may simply be to monitor your account for suspicious activity. In more extreme cases, they will help you freeze your accounts. If you have already had fraudulent purchases made in your name, they can help you get your money back.

File a fraud alert with the credit bureaus

Anytime you have to have to contact your bank, you will also want to call the big three credit bureaus (Experian, TransUnion, and Equifax) to file a fraud alert. In case you don’t already know, these agencies are responsible for tracking all of your financial accounts to determine how good of a credit user you are compared to other people (they do this using credit scores). Since your credit score is based on your credit, they will need to know if your bank accounts or credit cards have been compromised, so they can keep a lookout for any suspicious activity as well. While your bank is your first line of defense at stopping any fraudulent expenses, the credit bureaus are the second. As long as they know what is going on, they will be happy to work with you to make sure that any fraud does not negatively affect you.

If you follow the advice I have laid out for you in this article, there is a pretty good chance that any damages caused to you and your computer by a hacker (human or otherwise) will be minimal. For more tips on how to avoid these scenarios to begin with, check out this article on 5 Tips to Staying Safe Online (https://www.booksnbytes.net/5-tips-for-staying-safe-online/).

Migrating From visualstudio.com TFS to an In-House TFS Server (With Full History)

For the past two years, I have been actively developing a collection of proprietary software products, which I have maintained in one of Microsoft’s free visualstudio.com TFS repositories. For a single developer, this has been a great way to keep a complete revision history on the code base. Recently, I ran into a few caveats that have put me in a situation where it is time for the repository to be moved to a newly-created in-house Team Foundation Server. Thinking to myself “ok, I’ll just migrate the repository real quick”, I set to work. After a few hours of poking around VSO, it became painfully clear that there is no viable way to do this (while keeping the full revision history), since I did not have access to the underlying database for the repository. This gave me two options: 1.) Checkout the latest copy of the repository and commit it to the new repository (keep the latest source but lose the history), or 2.) Write some script that will loop through the repository, checking out each and every revision (starting at 1), and committing them one-by-one to the new repository (keep the source and the history, but may take DAYS or WEEKS to run).

After thinking on the options, I realized that they both sucked. I then remembered that I had written an article awhile back about Migrating from TFS to Git, so I pulled it up, re-read it, and though “I wonder if I can use this same technique to do a TFS to TFS migration?” The answer was yes! Though there was one downside: I kept all of the revision history, but I lost the Changeset Timestamps (all of the migrated history has the same check-in date). In the same fashion of migrating from TFS to Git, I had to use the “git-tf” tool for this process. Here’s how I did it:

1. Installing Git-TF

Download and install the Git-TF utility from the CodePlex page here, and extract it somewhere on your computer. Don’t forget to install the Java Runtime Environment (JRE) if you don’t already have it, it is required for the tool to run.

2. Cloning the TFS repository (with full history)

The next step was a bit trickier. The tool needs the latest copy of the TFS repository that is going to be migrated. However, to clone the repository, I needed to configure Alternate Credentials on my visualstudio.com account. It took a while to find a recent enough article on how to do this. After some trial and error, it’s easier than it should be:

  • Log into your visualstudio.com account
  • In the top-right corner, click on your name and select Security
  • In the new window, click on “Alternate authentication credentials” on the left
  • Make sure the “Enable alternate authentication credentials” checkbox is checked
  • Enter a secondary username and password to use, and click save

Once this was done, it was just one command from a Command Prompt to clone my TFS repo:

git-tf.cmd clone https://jarrenlong.visualstudio.com/DefaultCollection $/RepoIAmMoving –deep

Note: If you didn’t follow the Git-TF instructions and add the Git-TF root directory to your system path, just use the full path to the git-tf.cmd file when executing the command. Since I only planned on using this tool once, this is what I did.

This did take a while to clone, as it is pulling the entire TFS repo history with it. Just let it cook until it’s done. The repository that I was migrating had just over 4900 Changesets, so it ended up taking about 24 hours to do the complete clone. While this is running, it will be a good time to go ahead and create an empty TFS repository on your new server, if you haven’t already done so. For this example, we’ll say that my new Team Foundation Server is accessible at https://tfs.mynewserver.com/DefaultCollection, and the repo I created is called “RepoIAmHosting”.

3. Performing the TFS to TFS Migration

Before you commit the repository to the new server, you need to make a few minor changes:

  • Using Windows Explorer, you need to open the .git directory that was created inside of the cloned repo. There should be a file in there named “git-tf”; rename it to something else. This file tracks all of the Changesets for the repo, but is bound to the old server. If you tried to commit the repo to the new server now, you will most likely get a “Changeset XXX not found” error.
  • Use a text editor to modify the “config” file in the .git directory. This file tells git where the server for the repository is located. In here, you need to modify the [git-tf “server”] section to point to the new server/repository.

For this example, I would change

[git-tf “server”]
collection = https://jarrenlong.visualstudio.com/DefaultCollection
serverpath = $/RepoIAmMoving

To

[git-tf “server”]
collection = https://tfs.mynewserver.com/DefaultCollection
serverpath = $/RepoIAmHosting

Save and close the config file. You are now ready for the actual commit! From the root directory of the repository you cloned, you just need to issue a “git-tf.cmd checkin –deep” command, which will start committing the complete repository to the new server. Again, this is going to take a while, but when the check-in is finished, you will have your complete repository history visible in the new TFS portal. Note: If you need to retain commit usernames, use the –keep-authors flag with this command (see git-tf documentation for info on how this works). In my scenario, I was the only developer on the project, so there was no need for me to do this.

As I said at the beginning of this article, there is only one downfall to this process, which is that each and every Changeset will have the same timestamp (+/- a few minutes). Sadly, this appears to be unavoidable (at least, I have not found a way to preserve the commit timestamps). There is one way that you can (partially) retain the timestamps though. By using the –metadata flag with the checkin command, git-tf will attach the additional metadata for each commit from the old repository. This will preserve the timestamps, however it makes the display of each commit look a little funky in the Changeset list for the repo when viewed from the web portal. Instead of showing the Changeset # and the description attached to the commit, the web portal will just show “Commit xyz (Timestamp)”, and the description of the commit will be embedded further inside of the Changeset’s details.

Like this article? Make a Donation to Feed the Developer!

Teaching the Girlfriend to Code: Part 1, The Absolute Basics

Hello love! This one’s for you. I’m gonna start writing a collection of lessons on how to program, just for you (cause I love you, and you wanted to learn anyways <3).

I guess at some in point in time, I have to start at the very beginning. The very, very beginning, I have an article on the history of computing floating around somewhere, so I’ll leave that part out, and skip to “what is programming for?”

What is programming for?

In short, developing software, AKA computer programming, is a way of commanding a computing device (desktop/laptop, mobile phone, tablet, heavy machinery, etc.) to perform a series repeatable tasks. Simple enough, right? That being said, computers are relatively stupid; they cannot act for themselves, and can only do exactly what you tell them to do, meaning if they do something wrong, it is because they were programmed to do it the wrong way.

Computers are instructed, or programmed, using programming languages. A programming language is exactly that, a language. This language can be translated into something called machine language, which can then be understood by the computer and used to command it. As of right now, there are literally thousands of programming languages that can be used for programming. Some of these languages are mathematical and look very cryptic (example: C and C++), while others and very similar to English, and can be read as such (example: Visual Basic). If you want to see what some of these languages look like, check out the 99 Bottles of Beer website. They have the song 99 bottles of beer written in 1500 different programming languages!

Types of programming languages

With there being literally thousands of programming languages that are used for different purposes, it would be helpful to start breaking them all down into categories. The big three categories are:

  • Markup languages – Are used to decorate a document (like a research paper) to do things like highlight text, indent paragraphs, etc. Originally, this was the main purpose or markup languages, HTML (acronym for HyperText Markup Language) being the first notable markup language. Now, markup languages are pretty much just used to make websites.
  • Scripting languages – Are programs that are written to run inside of and control other programs. These “scripts”  are read by a program, and then the program translates them to perform tasks. The only difference between a scripting language and a regular programming language is that a scripting language can’t run directly on a computer without the help of other programs.
  • Programming languages – Are used to instruct the computer itself to perform tasks.

The programming language category can then be split into three more subcategories:

  • High-Level programming languages – A programming language is considered “high level” if the programmer can use the language without worrying about the details of the computer itself. If you can write your program without having to care about things like “what manufacturer of computer is this program going to work for?” then you are using a high-level language.
  • Low-Level programming languages – A “low level” programming language is a language where the programmer needs to know pretty specific information about the computer they are working on. Low level languages are usually pretty hardware-specific, meaning that your program may only run on certain computers, and not work at all on others.
  • Assembly Language and Machine Code – Assembly language (usually just called assembly or “asm”) and machine code are essentially the same thing. Assembly is a human-readable version of machine code, and machine code is the one and only language computers actually understand. Assembly itself is considered a low-level language, it only works on the hardware that it is designed for.

Let’s take a look at an example of some of these languages. Let’s say we have a variable x, and we want to make it equal to -1. In a high-level programming language, this could look like:

x = -1

If you were to look at a low-level language like assembly, you could probably see something like (at the very guts of it, there would be a lot more work to do to get to this point):

MOV ECX, -1

Cryptic, right? Guess what the computer itself sees? Something along the lines of:

00000030B9FFFFFFFF

in hexadecimal. Or, much more accurately (in binary):

000000000000000000000000001100001011100111111111111111111111111111111111

What the hell is up with all of these weird numbers you ask?

Numbering Systems

This might be a bit of a tangent, but it is good to know. Humans (yourself, and possibly me to) use a Base-10 “Decimal” numbering system for everything, meaning that our numbers go from 0-9. Computers, on the other hand, use a Base-2 “Binary” numbering system, meaning the only numbers that exist are 0 and 1.

Why? Because a computer (a digital one at least), can only ever be turned on, or turned off. There is no in between. That being said, you’ve seen this before (it’s literally tattooed on my arm):

This is the international symbol for the power button, and it is made by taking the number 1 and laying it over the top of the number 0, to represent “on” and “off”. Yay for symbols!

Back on track. Computers only understand binary, and humans are lazy. As an example, to represent the letter ‘A’ (capital A), the decimal number 65 is used. To a computer, 65 is really 01000001 in binary. But who wants to decode that? When talking about bits and bytes (FYI: a “bit” is one binary digit, and can be 0 or 1, and a byte is a group of 8 bits, which can represent any decimal number between 0-255), programmers use the hexadecimal numbering system, which allows us to write the same number in a shorter way. For this example, the decimal 65 (binary 01000001) can be written in hexadecimal as “41”. Don’t worry about figuring out how to translate between the different number systems yet; an advanced topic for another time. There is a handy website here that will show you these conversions, if you’re interested.

So why do computers only understand binary? That’s simple. A computer is just a machine that runs off electricity. Electricity (in it’s simplest form) can be turned on or turned off, just like a light switch. A computer itself is just a collection of millions of light switches wired together. Since these switches can be on or off, we can represent them with two numbers, 0 for off, and 1 for on. When you write code for a computer, all you are doing is telling the computer which switches to turn on and off, and when to do it.

Summary

  • Programming is the art of telling a computer what to do
  • There are thousands of programming languages
  • The main categories of languages are programming, scripting, and markup languages, which all have their own uses
  • Programming languages can be high-level, low-level, or machine code
  • Humans have 10 fingers, computers are light switches

Like this article? Feed the developer, every dollar counts: 

Android Development Quickstart Guide

A ridiculously outdated article on how to get started with writing Android apps, circa 2011. No idea what happened to the pictures that went with it…

Useful Links

Getting Started

This disk contains everything you need to get started with Android Application development on Windows. Getting everything set up and ready to use is easy:

  • Copy the contents of this disk onto your local hard drive.
  • If you do not have the Java Runtime Environment AND the Java Development Kit installed on your machine, run the appropriate installers in the “Java” directory. It is recommeneded that the JRE be installed before the JDK. These files are labeled [name]-[version]-[os]-[platform].exe.
  • Start Eclipse. When prompted, select where you would like your workspace to be located for this session. This is where all of your projects and files will be stored, along with your Eclipse IDE configuration files.
  • When Eclipse starts up, you will see the Welcome Screen. Click the arrow to continue to your workspace.

Setting Up Eclipse for Android Development

  • The first thing you’ll need to do is tell Eclipse where the Android SDK is located. From the Eclipse menu, select “Window > Preferences”.
  • When the window opens, select the “Android” node on the left. Click the Browse button on the right when the properties load, and navigate to wherever you copied the “android” directory to. Eclipse expects you to select the root directory that contains the Android SDK.
  • When found, click OK to close the open file dialog, and click the “Apply” button. If you have the right directory, the list will be loaded with all available Android SDK targets (v1.5-v3.2 included on DVD, plus all associated Google Add-ons). Click “OK” to close the properties window.
  • Eclipse is now configured to use the Android ADT plugin. Happy coding!

Starting Your First Android Project

  • From Eclipse, select “File > New > Android Project …”
  • This is the New Project Wizard for Android applications. Here, you will enter the name of the application, along with other details that will be used to setup the project build environment. Enter the project name and select an OS target from the list. NOTE: The project name is just the name of the Eclipse project, not the application.
  • Scroll to the bottom of the window. Here, you can enter the name of the Application, the Java package it will be created in, the default Activity name, and the minimum SDK version (minimum supported OS version). NOTE: The Application name is what will be displayed on the Android Market as your app’s title.
  • When you have finished entering the new application’s details, click Finish. Eclipse will generate a new Android project with all required files and directories.
  • This project can be compiled without modification to create the Hello World Sample App as seen below.

Please read the following links

Copyright © 2011 Long Technical, All Rights Reserved. Published on Oct. 12, 2011 by Jarren Long.

HowTo: Install and Configure a LAMP + CVS Server

This tutorial is designed to teach you how to install and configure a simple LAMP (Linux, Apache, MySQL, and PHP) server, as well as a CVS (Concurrent Versioning System) server for a small programming company. LAMP servers are the most common servers running today, and can be found on over 90% of all online servers in the world. A LAMP server is designed to do one thing: serve web pages, using the Apache HTTPD web server to deliver content via HTTP. MySQL and PHP are both added to the httpd server to extend functionality, by adding support for Relational SQL databases and the PHP scripting language (which is also be served via HTTP). These three servers comprise the core of a LAMP server. In addition to the LAMP setup, we will also be installing SquirrelMail, a PHP-based webmail client (for testing the HTTPD and PHP configurations), and a CVS server. CVS is a protocol that is used (mainly by software developers) for document revision management. This server allows multiple people to work on a single document, make changes, and “commit” the document back to the CVS repository, where the document changes are logged and the revision number is changed.

Install and Configure Services

  1. From a terminal, download and install the httpd, php, mysql, sendmail, dovecot, squirrelmail, and cvs packages. Configuring sendmail and dovecot will not be covered in this tutorial.
  2. You will need to add three A records to your server’s DNS for this tutorial. Create the “www” , “mail”, and “cvs” A records, and make sure their IP addresses point to your server.
  3. Using a text editor (I use VI), edit the /etc/httpd/conf/httpd.conf file (you will need root privileges to save it). Find the following lines and change the values as shown:

    Listen 80
    ServerAdmin jarren@jarrenl.class.com
    ServerName jarrenl.class.com:80
    NameVirtualHost *:80

  4. Save and close the file. Congratulations! Your HTTP server configuration is complete! Don’t bother restarting any of your services until you reach the end of this tutorial; you’ll just have to do it again later, so why waste the time now?
  5. Move to the /usr/share/squirrelmail/config directory. In here, there is a script called “conf.pl” that simplifies the configuration of SquirrelMail. Run this script.
  6. Select the server option, and change the domain to mail.jarrenl.class.com. Follow the onscreen directions to save and close the configuration script. It is normal to not be able to see what you are typing; use the mouse to highlight the input area to see what you typed. This is the final step in configuring SquirrelMail to communicate with your email server.
  7. Create a new directory inside the /var directory called “cvs”. This will be where our CVS server stores all of the repository data. Give the directory 775 permissions using the “chmod –R 775 /var/cvs” command. After creation, CD into the directory and type “cvs init” in the terminal to configure the directory to be used as the CVS repository. This will create the “CVSROOT” directory which will contain the configuration files (do NOT edit these).
  8. Create a new user named “cvs” with a password of “cvs” (no quotes). After this, edit the /etc/profile file and append the following line: export CVSROOT=/var/cvs
  9. Edit the /etc/xinetd.d/cvs file. Change the “user = “ to use the “cvs” user instead of root (for security reasons) and the “bind = “ line to use your server’s IP address. Make sure the “disable = “ line is set to “no”. Finally, set the “env = “ to point to your CVS repository (/var/cvs) and change the path in the “server_args” line to match. Save and close the file.
  10. At this point, your CVS server is configured, and you can (almost) login and begin using it. At this point, go ahead and restart the following services: httpd, sendmail, dovecot, and xinetd (xinetd manages the CVS service).

Testing Installed Services

  1. In the /var/www/html directory, create a file called index.html. Edit this file and add some text that will make it distinct. Create another file in this directory called index.php. In this file, add the following line, save and close: <?php phpinfo(); ?>
  2. On a client machine, open the web browser to http://www.jarrenl.class.com/index.html. You should see the content from the index.html file displayed. In the web browser, goto http://www.jarrenl.class.com/index.php. If PHP is working correctly, you will see a blue table listing many of the PHP configuration options. Finally, got http://mail.jarrenl.class.com. You should be taken directly to the SquirrelMail login page. Login using one of your email server user accounts to verify that your mail server is functioning properly. Close the web browser.


  3. On the client machine, open a terminal prompt. Enter the following lines (use your own server’s IP address)

    export CVSROOT=:pserver:cvs@192.168.8.151:/var/cvs
    cvs login

  4. Enter your password. If the server is running properly you should be able to login. Creating and using repositories will not be covered in this tutorial (that’s a tutorial on its own).
  5. To test MySQL installation: on the MySQL server, type “mysql” at the terminal to launch the MySQL prompt. If the install was successful (it always is, there’s nothing to configure!) your prompt will change to read “mysql>”. Type “quit” to close the prompt.