Has your router set up secret port forwards without your knowledge?

February 18th, 2014 No comments

I admit the title may be a little bit sensational.  Please forgive me and read this anyway.  For the tl;dr, scroll down to the link to the STUN Test Utility.

It's a common misconception that placing a network device behind a router provides impenetrable security.  This might be true, but if you have a full cone NAT router, your VoIP equipment (and possibly other internet-connected devices) are likely be open to anyone, as if you had forwarded ports or used DMZ.  Instead, you should use a restricted cone NAT router.  Keep reading to find out what these terms mean how to test your router.


Pumpkin Pie

February 15th, 2014 No comments

Pumpkin pie in February?  What Mangosteen wants for Valentine's day, Mangosteen gets!

1 398 mL (15 oz by weight) can pumpkin
3/4 teaspoon cinnamon
1/2 teaspoon salt
1/2 teaspoon nutmeg
1/2 teaspoon ginger
1/4 teaspoon cloves
1 300 mL (14 oz by weight) can sweetened condensed milk
2 eggs
1 9" deep dish pie shell

Thoroughly mix pumpkin and spices.  Add remaining ingredients and mix well.  Pour into prepared pie shell.  Bake at 425F for 15 minutes, then reduce temperature to 350F and bake for another 45 minutes.  Turn off oven and allow pie to cool.  When the pie plate is cool enough to be safely touched with your hands, remove the pie from the oven and enjoy!

Improving SpamAssassin accuracy on cPanel (or any other) mail servers - with statistics

July 25th, 2013 4 comments

For some time we've been frustrated by the amount of spam not caught by our spam filter.  We're delighted to say we've developed a simple configuration that results in extremely high accuracy.  Though some of the techniques in this article are related to cPanel servers, the most important points should work with any mail server running SpamAssassin.

Keep reading to see the rules we use and why we use them, as well as statistics for actual mail addressed to Mango's personal email address.


Mango's User Configurable Scheduled cPanel Full Backup

March 12th, 2013 5 comments

Mango has always wanted to make it as easy as possible for users to make backups.  If you're a cPanel administrator, consider this script as part of your disaster recovery plan.  It will rsync a full backup anywhere the user likes, and allows the user to configure the location of the backup and how many backups will be retained.  Since its authorization is by RSA key, it does not require passwords to be stored in the configuration file.

Suggested use for users: By default, full backups are large and take a lot of server resources to create.  Why not exclude your home directory by placing a single * in cpbackup-exclude.conf, and rsync the full backup to your home directory?  Then rsync your home directory to your NAS device a few times per week.  Using rsync requires much less resources because it only copies files that have changed since the last rsync.

Here's the script: http://www.toao.net/pub/cpbackup-mango.php

Map a directory on a MyBook Live NAS to a Windows drive letter over the internet with SSHFS and Samba

February 3rd, 2013 No comments

We needed to be able to access a directory on a MyBook Live via a Windows drive letter and evaluated a few options.  Samba works well if the file server and client are on the same LAN, but we discovered it painfully slow when used via an SSH tunnel over the internet.  WebDAV is typically a good solution, but we found it unstable when used with the MyBook Live.  We settled on two techniques that we use in different situations.  The first technique is SSHFS and Samba - SSHFS for the internet portion and Samba for the LAN portion.  This works relatively well with only a moderate performance decrease.

This article describes our technique for setting up SSHFS and Samba on a Western Digital My Book Live NAS device.


SSH Tunneling - also known as "Port Forwarding on Steroids"

February 2nd, 2013 No comments

If you need to access network resources behind a firewall, you could set up lots of port forwards.  But it can be cumbersome to manage a large volume of these, and depending on the protocol, this practice may be insecure.  Instead, why not use an SSH tunnel?  An SSH tunnel is an excellent method for handling encryption and authentication.


Mango's Opinion of Sage 50

January 1st, 2013 No comments

Mango evaluated Sage 50 accounting software and was underwhelmed.


Free Tools for Windows

December 29th, 2012 No comments

Everyone seems to have their list of free Windows applications they can't do without, and here's ours.  All of these are free for the download and their authors deserve a serious hat tip for all of their excellent work.  We list them in alphabetical order:

AutoHotkey is the quintessential automator that you really must try to see just how powerful it is.  You can automate almost any program by sending it keystrokes and mouse clicks.  You can remap keys on your keyboard or mouse.  One of our favourite features is that you may compile your finished script into a single EXE that may be run on any Windows computer.


How to Download Previously Downloaded Music from iTunes

December 29th, 2012 No comments

Mango accidentally deleted some music he'd downloaded from iTunes.  Fortunately, iTunes will allow you to download previously downloaded music, though it required some hoop jumping.

1) From the Store menu in iTunes, be sure your computer is authorized.
2) Navigate to the iTunes store and click the link for Purchased.  You may be able to download the files by clicking the Cloud icon.  If not,
3) Shut down iTunes, rename your iTunes Library folder, and restart iTunes.  Only after doing this, we were permitted to download the files.
4) If you had to follow Step 3, shut down iTunes again, restore the original iTunes Library folder, restart iTunes, locate the songs you just downloaded, and add them to your library.

On a slightly related note, in doing this we discovered that iTunes now sells DRM-free music in *.m4a format, not *.m4p.  Though this is old news, we were glad to read it.

Should you use Conventional or Synthetic oil in your vehicle?

September 30th, 2012 Comments off

I recently took my car to an oil change shop that really wanted to upsell me on expensive oil for my car.  I told them to put in whatever the dealer would use and they put in semi-synthetic.  This was a somewhat unfortunate illustration that working with a professional is no substitute for knowing what you're doing.  Though the semi-synthetic won't harm my car, the extra $20 won't offer any benefits, based on the car I drive, what I use it for, and the time of year.  Should you use conventional or synthetic oil in your vehicle?  Keep reading.


Disable Firefox AutoFill / AutoComplete in the Address Bar

September 26th, 2012 No comments

Firefox's AutoFill feature, which appears in new versions of Firefox, makes it more difficult to type a URL such as, if is in your history.

To disable this, enter about:config and set browser.urlbar.autoFill to False.

So I had this dream...

September 23rd, 2012 2 comments

So the other night I had this dream.

The company I worked for was doing well.  Really well.  So well, in fact, that we ended up leasing the old Ikea warehouse in Richmond.  THAT'S how much space we needed for our operations.  (On a recent visit back to British Columbia, I discovered the warehouse in question torn down.  My subconscious was, ostensibly, not aware of this fact.)


Use POTS for all outbound calls on an OBi110

August 6th, 2012 1 comment

A user recently stated that they wanted all outbound calls to be passed directly to their POTS line, with no interaction from the OBi110.  Here is one way you can configure an OBi110 to present the user with a POTS dial tone:

Physical Interfaces >> PHONE Port:
DigitMap: (<:>)
OutboundCallRoute: {li}

DIY: OEM Cruise Control on a 2006-2010 Toyota Yaris for $40 shipped!

August 2nd, 2012 1 comment

We're not even kidding.

We wanted to have cruise control installed on a 2010 Toyota Yaris.  We were dismayed when a dealer quoted $500 for an aftermarket system, even more dismayed when we read bad reviews about Rostra products, and finally, even further dismayed when we discovered this Rostra recall.

Then we discovered cruise control functionality is already built into 2006 and later model Yaris that were sold in North America.  There's no need for an aftermarket kit.  All that's really necessary is simply ordering a few parts and plugging them in.  Here's a Yaris cruise control FAQ with detailed installations and photos.  To order the parts, contact CTScott.

There are a few things about the instructions we would like to elaborate on.  The stalk can be very easily scratched, so we recommend you leave the plastic coating on until the installation is complete.  If you do accidentally scratch it, a little PlastX will have the scratch buffed out in no time.  Also, when they say the Torx T30 screws are tight...they're not just joking.  Be sure to use a T30 driver that you can put a great deal of force on - a Multi Tool or an L Key won't work as you're sure to break either the tool or your skin.

Thanks to CTScott and everyone who made this excellent DIY possible!

OBi110: How to use POTS if VoIP or internet is down

July 24th, 2012 No comments

Many users of the OBi110 route local calls via POTS, and use VoIP for long distance.  But what if your internet service is not working, or your VoIP provider's equipment is down?  Fortunately, the OBi110's Trunk Groups feature will allow you to configure the OBi110 to try different routes in a priority fashion.  For this example, let's assume our VoIP provider is configured on sp1.  This technique may be used with any combination of service providers or the LINE Port.


Using an OBi ATA as an FXO port or Google Voice trunk for Asterisk or your IP Phone

July 22nd, 2012 No comments

If you need an FXO card for your IP PBX, expect to pay hundreds of dollars for a good one.  But what if your PBX doesn't have expansion slots, or is in a different location from your POTS line, or your project is for home/small office use and you require a device that works just as well for a fraction of the price?  You're sure to be delighted with an OBi110.  If you wish to add Google Voice to your call routing, any OBi ATA will be more than up to the challenge.


Blocking Telemarketers with an OBi ATA

July 22nd, 2012 3 comments

No one likes telemarketers, but if you have an OBi ATA, you can easily blacklist them based on their Caller ID.  For this we'll use the ATA's excellent User Defined Digit Maps feature.


Fixing SpamAssassin Spam/Ham Reports on cPanel servers

July 5th, 2012 1 comment

A few months ago, cPanel released an "upgrape" that caused SpamAssassin Spam/Ham reports to include blank lines.  This is a problem because folding continuation lines cannot contain only white space, so the header is invalid.  The result is that the report or other headers may appear in the body of the email if you use an email client such as Outlook, or AVG's email scanner.  Also, the subject may not appear.

Since the two cPanel techs we dealt with, as well as a tech from our datacentre, did not know how to solve the problem, we post the workaround that we wrote here.


Using VoIP for POTS Voicemail with an OBi110

June 24th, 2012 No comments

Those of you who mix VoIP and POTS may find it useful to use VoIP-based voicemail when you're unable to answer your POTS calls.  There are a few reasons you might want to do this.  VoIP voicemail is typically free, but POTS providers often charge for it.  VoIP voicemail often has more/better features, such as email or SMS notification, or even multiple voicemail boxes for different people.  Also, it might be convenient to have one single mailbox to check instead of having to check both a POTS mailbox and a VoIP mailbox.


Run a script on every column of every table in your MySQL database

June 23rd, 2012 No comments

Have you ever needed to recursively run a script in a loop on every single column in your MySQL database?  This PHP code can help.
// Start by getting the list of tables.
$tables_result = mysql_query("SHOW TABLES FROM `$database`") or exit("Error " . mysql_errno() . ": " . mysql_error());
while ($tables_row = mysql_fetch_row($tables_result)) {
 // Loop through the tables.  Get the list of columns from each table.
 $table = $tables_row[0];
 $columns_result = mysql_query("SHOW COLUMNS FROM `$table`") or exit("Error " . mysql_errno() . ": " . mysql_error());
 while ($columns_row = mysql_fetch_row($columns_result)) {
  // Loop through the columns in the table.
  $column = $columns_row[0];
  /* --------- Anything you want happens between here... --------- */
  echo "$table $column\n"; 
  /* ---------------------- ...and, here =) ---------------------- */

Cloning a Windows 7 hard drive

June 23rd, 2012 No comments

Recently when cloning a hard drive with Windows 7 installed on it, we ran into some problems.

We first attempted to use Windows' backup tools; this was unsuccessful as Windows refused to restore the image to the new drive.

We then attempted to use Ghost 11.5 (we didn't have the latest version handy).  Though it appeared to be successful, the computer would not boot afterward and simply displayed a black screen after POST.

We attempted to use CloneZilla which was not successful because the destination drive was slightly smaller than the source drive.  When we attempted to shrink the partition, Windows informed us we could not do this because there were several unmoveable files near the end of the drive.

What finally worked was a clean install of Windows 7 on the destination hard drive, then Ghosting the data partition from the source drive to the destination drive.

Vegetarian Quiche

June 9th, 2012 No comments

Dice ½ red bell pepper and slice ½ a medium zucchini, or other in-season vegetables.  Steam until tender and brightly-coloured, but not wilted.  Lightly saute one diced onion in one tablespoon butter or olive oil.  Arrange the vegetables in a 9" pastry shell and sprinkle ½ cup freshly-grated Parmesan cheese on top.  Beat together 5 eggs, 1/2 cup milk, 1/4 teaspoon curry powder, 1 teaspoon salt, and fresh ground pepper to taste.  Pour over the vegetables.

Bake for 45 minutes at 350F.  Cool for at least 10 minutes before serving.

$90 for PCI Validation?  Get real.

May 3rd, 2012 1 comment

Our merchant services provider, Global Payments, sent us a letter stating that we must be PCI Compliant, or face consequences such as fines, termination of our merchant account, and general woe and spiders.  We already follow the prescribed standards.  So, no problem?  No, problem: they want us to pay $90 to fill in a self-assessment questionnaire.



Canada withdraws the penny in 2012

March 29th, 2012 No comments

The federal government has announced that Canada will withdraw the penny from circulation in 2012.  This means if someone offers a penny for your thoughts, they will have to pay by cheque.

I think they have not fully considered the ramifications of their decision.  For example, anyone selling something that costs a pretty penny will now need to sell a five pack if anyone wants to pay by cash.

If someone usually has to think for a minute before the penny drops, they will be in trouble.

Finally, people who are used to putting their two cents in will need to have opinions that are 2.5 times better.

How to Save for your Child's Education with an RESP

March 26th, 2012 No comments

One can never start saving too early for their child's education.  An RESP can even be opened for a newborn, as long as he or she has a Social Insurance Number.  Once you've opened an RESP, you'll be eligible for many government grants, such as the Canada Education Savings Grant (20% of your contributions up to $500 per year and a lifetime maximum of $7200), the Canada Learning Bond ($500 first year plus $100 subsequent years, if you qualify for NCB supplement), and several provincial grants.