Refund scam variant – 2023-02-02

Scams like this aren’t uncommon. Basically the idea here is to get you to call the number on the “invoice”, where they will then give you all kinds of fake information about “hackers” taking over your computer and bullshit like that. Like a hacker would hack into your system so they can purchase antivirus service for you using your own account.

But when you call in, they’ll have you install software so the scammers can actually take over your computer so they can scam you out of your money.

So yeah, when you see this email, just delete it. It isn’t from PayPal or Lifelock. In fact, the “PayPal” in the invoice is spelled “PayPaI”. The font hides the fact the last letter is a capital-I instead of a lower-L.

 

Tax Invoice

(818) 649-9458

 

 

 

Date: Feb 02, 2023

INVOICE#: PP01948838388373

 

Thank you for doing business with PayPaI.

 

 

 

 

 

 

 

 

 

 

DESCRIPTION

QTY

UNIT PRICE

TOTAL

 

Lifelock Antivirus

5pc

$199.00

$995.00

 

 

 

 

SUBTOTAL

$995.00

 

*Note to customer

We found some unusual login of your account from different locations. If you did not make this transaction, please reach out to the billing team 1(818) 649 9458, to cancel and claim a refund.

 

TAX RATE

0.00%

 

 

TOTAL TAX

0.00

 

 

SHIPPING/HANDLING

0.00

 

 

 

Balance Due

$995.00 –

 

 

 

 

 

 *Payment terms (due on receipt)

 

Blackmail variant – 2023-02-01

Hi Brian Black, thanks for the content! Yeah I know you don’t actually have access to my email account, and I know you don’t have a video. And hopefully with this article going live broadcasting your scam to the world, you’ll end up with zero BTC as well.

Hey, Kenneth

Your device was infected with my private malware, your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more, Google: Drive-by exploit.

My malware gave me full access to all your accounts (see the name above), full control over your device and it also was possible to spy on you over your webcam.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces and this email was sent from some hacked server.

I can publish the video of you and all your private data on the whole web, social networks, over email and send everything to all your contacts.

But you can stop me and only I can help you out in this situation.

The only way to stop me, is to pay exactly 750$ in bitcoin (BTC).

It's a very good offer, compared to all that horrible shit that will happen if I publish everything.

You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.

You can send the bitcoin directly to my wallet, or create your own wallet first here: www.login.blockchain.com/en/#/signup?product=wallet , then receive and send to mine.

My bitcoin wallet is: bc1qtt5akr5undmey83wcnyns2jxdy7kqp7p5a7j54

Copy and paste my wallet, it's (cAsE-sEnSEtiVE).

I give you 4 days time to pay.

As I got access to this email account, I will know if this email has already been read.

AFTER RECEIVING THE PAYMENT, THE SPAM WILL STOP, I WILL REMOVE EVERYTHING AND YOU CAN LIFE YOUR LIVE IN PEACE LIKE BEFORE.

Next time make sure that your device got the newsest security updates.

ClientMailID: 0450021

Blackmail variant – 2023-01-31

And another one…

Remember, it’s stupid easy to spoof the from address in an email. And in my case, as I’ve said several times, I don’t have a webcam, so there’s no way for them to have created any kind of video. And looking at the source of the email, there is no separate Reply-To address.

Hi there!
Unfortunately, I need to start our conversation with bad news for you.
Around few months back I managed to get full access to all devices of yours, 
which are used by you on a daily basis to browse internet.

Afterwards, I could initiate monitoring and tracking of all your activities on the internet.

I am proud to share the sequence of how it happened: 
In the past I bought from hackers the access to various email accounts (today, that is rather a simple thing to do online).
Clearly, it was not hard at all for me to log in to your email account ([REACTED]).

A week after that, I had already managed to effortlessly install Trojan virus to Operating Systems of all devices that are currently in your use, and as result gained access to your email.
To be honest, that was not really difficult at all (because you were eagerly opening the links from your inbox emails). 
I know, I am a genius. ^^ 

With help of that software, I can gain access to all controllers in your devices (such as video camera, keyboard and microphone).
As result, I downloaded to my remote cloud servers all your personal data, photos and other information including web browsing history.
Likewise, I have complete access to all your social networks, messengers, chat history, emails, as well as contacts list.
My intelligent virus unceasingly refreshes its signatures (due to its driver-based nature), and hereby stays unnoticed by your antivirus software.

Herbey, I believe that now you finally start realizing how I could easily remain unnoticed all this while until this very letter...
While collecting information related to you, I had also unveiled that you are a true fan of porn sites.
You truly enjoy browsing through adult sites and watching horny vids, while playing your dirty solo games.

Bingo! I also recorded several filthy scenes with you in the main focus and montaged some dirty videos, which demonstrate your passionate masturbation and cum sessions.

In case you still don't believe me, all I need is just one-two mouse clicks to make all your unmasking videos become available to your friends, colleagues, and even relatives.
Well, if you still doubt me, I can easily make recorded videos of your orgasms become a public.
I truly believe that you surely would avoid that from happening, 
taking in consideration the type of the XXX videos you love watching, (you are clearly aware of what I mean) it will result in a huge disaster for you.

Well, there is still a way to settle this tricky situation in a peaceful manner:
You will need to transfer $960 USD to my account (refer to Bitcoin equivalent based on the exchange rate at the moment transfer), 
so once funds transfer is complete, I will straight away proceed with deleting all that dirty content from servers once and for all.

Afterwards, you can consider that we never met before. You have my honest word, that all the harmful software will also be deactivated and deleted from all your devices currently in use. 
Worry not, I keep my promises.
That is truly a win-win solution that comes at a relatively reduced cost, mostly knowing how much effort I spent on monitoring your profile and traffic for a considerably long time.
In event that you have no idea about means of buying and transferring bitcoins – don't hesitate to use any search engine for your assistance (e.g., Google, Yahoo, Bing, etc.).

My bitcoin wallet is as follows: 19yaJM8qhsyXnwoQP7zQbMkqJStoMYxPmE

I have allocated 48 hours for you to do that, and the timer started right after you opened this very email (2 days to be exact).

Don't even think of doing anything of the following:
*Abstain from attempting to reply me (this email was created by me inside your inbox page and the return address was generated accordingly).
*Abstain from attempting to get in touch with police or any other security services. Moreover, don't even think of sharing this to you friends. 
 Once I discover this (apparently, that is absolutely easy for me, taking in consideration that I have complete control over all systems you use) - your kinky video will straight away be made public. 
*Don't even think of attempting to find me – that is completely useless. Don't forget that all cryptocurrency transactions remain completely anonymous.
*Don't attempt reinstalling the OS on all your devices or getting rid of them. That won't lead you to success either, because I have already saved all videos at my remote servers as a backup.

Things you should not be concerned about:
*That your funds transfer won't reach my wallet.
- Worry not, I can see everything, hence after you finish the transfer, I will get a notification right away 
 (trojan virus of mine uses a remote-control feature, which functions similarly to TeamViewer).
*That I will still distribute your videos although you make the funds transfer.
- My word, I have no intention or interest in continuing making your life troublesome. 
 Anyway, If I truly wanted that, it would happen long time ago without me notifying you! 

Everything can be settled in a peaceful and just way!
And lastly... make sure you don't get caught afterwards in such type of incidents anymore!
My fair advice – ensure you change all your passwords on a regular basis.

Blackmail variant – 2023-01-28

An odd variant, but not the first time I’ve received one formatted like this. Interestingly is the fact the sender put the BTC wallet address in the subject line rather than in the body of the email. It also claims to have “easily managed to log in to [my] email account” while being sent from a separate email address…

Greetɨngș!

Î have to șhare bad newș wɨth you.
Approxɨmately few monthș ago ɨ have gaɨned acceșș to your devɨceș, whɨch you ușe for ɨnternet browșɨng.
After that, ɨ have ștarted trackɨng your ɨnternet actɨvɨtɨeș.

Here ɨș the șequence of eventș:
șome tɨme ago ɨ have purchașed acceșș to emaɨl accountș from hackerș (nowadayș, ɨt ɨș quɨte șɨmple to purchașe șuch thɨng onlɨne).
Obvɨoușly, ɨ have eașɨly managed to log ɨn to your emaɨl account ([REDACTED]).

One week later, ɨ have already ɨnștalled Trojan vɨruș to Operatɨng șyștemș of all the devɨceș that you ușe to acceșș your emaɨl.
În fact, ɨt waș not really hard at all (șɨnce you were followɨng the lɨnkș from your ɨnbox emaɨlș).
All ɨngenɨouș ɨș șɨmple. (:

Thɨș șoftware provɨdeș me wɨth acceșș to all the controllerș of your devɨceș (e.g., your mɨcrophone, vɨdeo camera and keyboard).
Î have downloaded all your ɨnformatɨon, data, photoș, web browșɨng hɨștory to my șerverș.
Î have acceșș to all your meșșengerș, șocɨal networkș, emaɨlș, chat hɨștory and contactș lɨșt.
My vɨruș contɨnuoușly refreșheș the șɨgnatureș (ɨt ɨș drɨver-bașed), and hence remaɨnș ɨnvɨșɨble for antɨvɨruș șoftware.

Lɨkewɨșe, ɨ gueșș by now you underștand why ɨ have ștayed undetected untɨl thɨș letter...

Whɨle gatherɨng ɨnformatɨon about you, ɨ have dɨșcovered that you are a bɨg fan of adult webșɨteș.
You really love vɨșɨtɨng porn webșɨteș and watchɨng excɨtɨng vɨdeoș, whɨle endurɨng an enormouș amount of pleașure.
Well, ɨ have managed to record a number of your dɨrty șceneș and montaged a few vɨdeoș, whɨch șhow the way you mașturbate and reach orgașmș.

Îf you have doubtș, ɨ can make a few clɨckș of my moușe and all your vɨdeoș wɨll be șhared to your frɨendș, colleagueș and relatɨveș.
Î have alșo no ɨșșue at all to make them avaɨlable for publɨc acceșș.
Î gueșș, you really don't want that to happen, conșɨderɨng the șpecɨfɨcɨty of the vɨdeoș you lɨke to watch, (you perfectly know what ɨ mean) ɨt wɨll caușe a true cataștrophe for you.

Let'ș șettle ɨt thɨș way:
You tranșfer $1650 UșD to me (ɨn |B ɨ t c o ɨ n| equɨvalent accordɨng to the exchange rate at the moment of fundș tranșfer), and once the tranșfer ɨș receɨved, ɨ wɨll delete all thɨș dɨrty ștuff rɨght away.
After that we wɨll forget about each other. ɨ alșo promɨșe to deactɨvate and delete all the harmful șoftware from your devɨceș. Trușt me, ɨ keep my word.

Thɨș ɨș a faɨr deal and the prɨce ɨș quɨte low, conșɨderɨng that ɨ have been checkɨng out your profɨle and traffɨc for șome tɨme by now.
În cașe, ɨf you don't know how to purchașe and tranșfer the |b ɨ t c o ɨ n ș| - you can ușe any modern șearch engɨne.

Here ɨș my |B ɨ t c o ɨ n| wallet: >> Împortant! The |B ɨ t c o ɨ n| addreșș ɨn the șubject of thɨș emaɨl. For copy ɨt you need to be șure to remove the șpaceș! <<

You have leșș than 48 hourș from the moment you opened thɨș emaɨl (precɨșely 2 dayș).

Thɨngș you need to avoɨd from doɨng:
*Do not reply me (ɨ have created thɨș emaɨl ɨnșɨde your ɨnbox and generated the return addreșș).
*Do not try to contact polɨce and other șecurɨty șervɨceș. ɨn addɨtɨon, forget about tellɨng thɨș to you frɨendș.
ɨf ɨ dɨșcover that (aș you can șee, ɨt ɨș really not șo hard, conșɨderɨng that ɨ control all your șyștemș) - your vɨdeo wɨll be șhared to publɨc rɨght away.
*Don't try to fɨnd me - ɨt ɨș abșolutely poɨntleșș. All the cryptocurrency tranșactɨonș are anonymouș.
*Don't try to reɨnștall the Oș on your devɨceș or throw them away. ɨt ɨș poɨntleșș aș well, șɨnce all the vɨdeoș have already been șaved at remote șerverș.

Thɨngș you don't need to worry about:
*That ɨ won't be able to receɨve your fundș tranșfer.
- Don't worry, ɨ wɨll șee ɨt rɨght away, once you complete the tranșfer, șɨnce ɨ contɨnuoușly track all your actɨvɨtɨeș (my trojan vɨruș haș got a remote-control feature, șomethɨng lɨke TeamVɨewer).
*That ɨ wɨll șhare your vɨdeoș anyway after you complete the fundș tranșfer.
- Trușt me, ɨ have no poɨnt to contɨnue creatɨng troubleș ɨn your lɨfe. ɨf ɨ really wanted that, ɨ would do ɨt long tɨme ago!

Everythɨng wɨll be done ɨn a faɨr manner!

One more thɨng... Don't get caught ɨn șɨmɨlar kɨnd of șɨtuatɨonș anymore ɨn future!
My advɨce - keep changɨng all your pașșwordș on a frequent bașɨș 

Wallets associated with this:

Coming full circle

Build Log:

When I first built Nasira almost 7 years ago, I knew the day would come when the first pair of 4TB hard drives would be pulled and replaced. Whether due to failure or wanting to evict them for larger capacity drives. In late 2021 I wrote about needing to replace one of the second pair of 4TB drives due to a drive failure.

Now it’s for needing more storage space. First, here are the current specifications:

CPU: AMD FX-8350 with Noctua NH-D9L
Memory: 4x8GB Crucial DDR3-1600 ECC
Mainboard: ASUS Sabertooth 990FX R2.0
Chassis: Rosewill RSV-L4500 with three 4-HDD hot-swap bays
Power: Corsair CX750M (green label)
OS: TrueNAS SCALE 22.12
Storage: 2x 16 TB, 2x 4 TB, 4x 6 TB, 2x 10TB, 2x 12 TB

Somehow, despite its bad reputation, the Corsair CX750M green label I bought back in 2013 is still chugging along with no signs of failure. Yet. But it’s connected to a pure sine wave UPS and running under a modest load at best, so that “yet” is likely a ways off.

Due to our ever-expanding collection of movies and television shows – of which Game of Thrones on 4K was the latest acquisition, at around 300GB per season – plus the push to upgrade our 1080p movies to 4K releases, where available, we were fast running out of room. Plus my photography really took off last year, so I had a lot more RAW photo files than in previous years.

All of that adds up to terabytes of data.

So when I saw that I could get a pair of 16TB drives for 500 USD – yes, you read that right – I just couldn’t pass them up. A single 16TB drive for less than I paid for a pair of 4TB drives 7 years ago.

So out with the old, and in with the new.

Swapping ’em out

Replacing the drives was straightforward using TrueNAS’s user interface. It’s the same process you’ll follow to replace a dead drive. The only difference is you’re doing it for all drives in a vdev. And since my pool is made up of nothing but mirrored pairs, I’m replacing just two drives.

Here’s where having a drive map will come in very handy. I mentioned in my aforementioned article about the drive failure that you should have a chart you can readily reference that shows you which drive bay has which HDD so you eliminate the need to shut down the system to find it. And it’s difficult to overstate how handy that was during this exercise.

The first resilver finished in about 9 hours, 46 minutes, or about 107 MiB/s to copy 3.59 TiB. The second resilver went a little quicker, though, finishing in a little over 6-1/2 hours and running at an average shy of 160 MiB/s. The new drives are Seagate Ironwolf Pro drives, ST16000NE000 specifically, which their data sheet lists as having a max sustained transfer rate of 255 MB/s.

So now the pool has a total raw capacity of 54 TB, effective capacity (as reported by TrueNAS) of 48.66 TiB.

The pool also showed the capacity immediately after the second 4TB drive was replaced and the resilver had just started. If this was a RAID-Zx vdev, it wouldn’t show the newer capacity till the last drive was replaced. This was one of the central arguments for going with mirrored pairs I raised in my initial article.

Replacing more drives

It’s quite likely that later this year I’ll replace the other 4TB pair with another 16B pair. Less for needing space, more because of the age of the drives. That second pair is where one had to be replaced, and the other drive is approaching 7 years old. Sure no signs of dying that I can see, no SMART errors being reported on it, but probably still a good idea to replace it before ZFS starts reporting read errors with it.

And when I replace those, I’ll have a much faster option: removing the mirrored pair from the pool rather than replacing the drives in-place. This will ultimately be much faster since the remove operation will copy all the data off to the other vdevs – meaning it’s only copied once. Then just pop out the old drives and pop in the new ones, as if I was adding more drives to the pool instead of merely replacing existing ones.

Had I realized that option was already there, I would’ve used it instead of relying on rebuilding each disk individually.

And while the option of removing a vdev entirely isn’t available for RAID-Zx vdevs, it’ll likely be coming in a later ZFS update. Removing mirrored vdevs was likely a lot easier to implement and test up front.

Why replace when you can just add?

Let’s take a brief aside to discuss why I’m doing things this way. Replacing an existing pair of drives rather than adding new drives to the pool. There are two reasons.

The main reason is simply that I don’t have any more available drive bays. Adding more drives would require finding an external JBOD enclosure or migrating everything – again! – into another 4U chassis that can support more hot-swap bays. Or pulling out the existing hot-swap enclosures for 5×3 enclosures, which is just kicking the can down the road. Or… any other multitude of things just to get two more drives attached to the pool.

No.

But the secondary reason is the age of the drives that I replaced. The two drives in question had been running near continuously for almost 7 years. They probably still have a lot of life in them, no doubt, especially since they were under very light load when in service, and will be repurposed for lesser-critical functions.

Yes I’m aware that meant getting 12TB additional storage for the price of 16TB, something I pointed out in the article describing moving Nasira to its current chassis. But then if you’ve ever swapped out existing storage for new, you’re also only getting less additional storage compared to what you paid for. Paying for a 2TB SSD to replace a 1TB, for example.

Next steps

I’ve been considering a platform upgrade. Not out of any need for performance, but merely to get higher memory capacities. But ZFS in-memory caching seems to be a lot more under control migrating from TrueNAS Core to SCALE. And the existing platform still works just fine with no signs of giving up the ghost.

But the next step for Nasira is taking advantage of another new ZFS feature: metadata vdevs. And taking full advantage of that will come with another benefit: rebalancing the pool. Since fully taking advantage of it will require moving files around – moving them off and back onto the pool or moving them around.

And special vdevs is a great feature to come to ZFS since it allows for a hybrid SSD/HDD setup, meaning the most frequently-accessed data is now on high-speed storage. Deduplication has the same benefit with a dedup vdev.

Whether you’ll benefit is, of course, dependent on your use case.

In my instance, two of my datasets will benefit heavily from the metadata vdev: music and photos. Now I do need to clean up the photos dataset since I know there are plenty of duplicate files in there. I have a main “card dump” folder along with several smaller folders to where I copy the files specific to a photo shoot. Overall that dataset contains… several tens of thousands of files.

And the music folder is similar. Several hundred folders for individual albums, meaning several thousand tracks. And since my wife and I tend to stream our music selection using a Plex playlist set to randomize, the benefit here is reduced latency jumping between tracks since the metadata will be on higher-speed, lower-latency storage. The TV folder is similar to the music folder in that we have several thousand individual files, but contained in fewer folders.

The movies folder, though, won’t really benefit since it’s only a few hundred files overall.

Really any use case where you have a LOT of files will benefit from a metadata vdev. And it’ll be better than the metadata caching ZFS already does since it won’t require accessing everything first before you see the performance benefit. Nor do you have to worry about that cached data being flushed later and needing to be refreshed from slow disks since you’re supposed to build the special vdev using SSDs.

Now I just need to figure out how to get more NVMe drives onto Nasira’s AMD 990FX mainboard…

Blackmail variant – 2023-01-26

Two new blackmail variants two days in a row… And this one is rather unique in that it plays on the fact that we’ve all probably received one of these at some point in time. But it’s still the same scam. They don’t have access to my email account, and I don’t have a webcam so there’s no video.

Hello!
Have you recently noticed that I have e-mailed you from your account?
Yes, this simply means that I have total access to your device.

For the last couple of months, I have been watching you.
Still wondering how is that possible? Well, you have been infected with malware originating from an adult website that you visited. You may not be familiar with this, but I will try explaining it to you.

With help of the Trojan Virus, I have complete access to a PC or any other device.
This simply means I can see you at any time I wish to on your screen by simply turning on your camera and microphone, without you even noticing it. In addition, I have also got access to your contacts list and all your correspondence.

You may be asking yourself, "But my PC has an active antivirus, how is this even possible? Why didn't I receive any notification?" Well, the answer is simple: my malware uses drivers, where I update the signatures every four hours, making it undetectable, and hence keeping your antivirus silent.

I have a video of you wanking on the left screen, and on the right screen - the video you were watching while masturbating.
Wondering how bad could this get? With just a single click of my mouse, this video can be sent to all your social networks, and e-mail contacts.
I can also share access to all your e-mail correspondence and messengers that you use.

All you have to do to prevent this from happening is - transfer bitcoins worth $950 (USD) to my Bitcoin address (if you have no idea how to do this, you can open your browser and simply search: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 15WXLWo8mH79dJiUiHJ7UMgrpXD33ky9XU

After receiving a confirmation of your payment, I will delete the video right away, and that's it, you will never hear from me again.
You have 2 days (48 hours) to complete this transaction.
Once you open this e-mail, I will receive a notification, and my timer will start ticking.

Any attempt to file a complaint will not result in anything, since this e-mail cannot be traced back, same as my bitcoin id.
I have been working on this for a very long time by now; I do not give any chance for a mistake. 

If, by any chance I find out that you have shared this message with anybody else, I will broadcast your video as mentioned above.

Other Bitcoin wallets associated with this:

Blackmail variant – 2023-01-25

Been a while since I’ve seen a new variant on the blackmail “we have you on video masturbating” scam email.


Hi there!

I regret to inform you about some sad news for you.
Approximately a month or two ago I have succeeded to gain a total access to all your devices utilized for browsing internet.
Moving forward, I have started observing your internet activities on continuous basis.

Go ahead and take a look at the sequence of events provided below for your reference: 
Initially I bought an exclusive access from hackers to a long list of email accounts (in today's world, that is really a common thing, which can arranged via internet).
Evidently, it wasn't hard for me to proceed with logging in your email account ([REDACTED]).

Within the same week, I moved on with installing a Trojan virus in Operating Systems for all devices that you use to login to email.
Frankly speaking, it wasn't a challenging task for me at all (since you were kind enough to click some of the links in your inbox emails before).
Yeah, geniuses are among us.

Because of this Trojan I am able to gain access to entire set of controllers in devices (e.g., your video camera, keyboard, microphone and others).
As result, I effortlessly downloaded all data, as well as photos, web browsing history and other types of data to my servers.
Moreover, I have access to all social networks accounts that you regularly use, including emails, including chat history, messengers, contacts list etc.
My unique virus is incessantly refreshing its signatures (due to control by a driver), and hence remains undetected by any type of antiviruses.

Hence, I guess by now you can already see the reason why I always remained undetected until this very letter...

During the process of compilation of all the materials associated with you,
I also noticed that you are a huge supporter and regular user of websites hosting nasty adult content.
Turns out to be, you really love visiting porn websites, as well as watching exciting videos and enduring unforgettable pleasures.
As a matter of fact, I was not able to withstand the temptation, but to record certain nasty solo action with you in main role,
and later produced a few videos exposing your masturbation and cumming scenes.

If until now you don't believe me, all I need is one-two mouse clicks to make all those videos with everyone you know,
including your friends, colleagues, relatives and others.
Moreover, I am able to upload all that video content online for everyone to see.
I sincerely think, you certainly would not wish such incidents to take place, in view of the lustful things demonstrated in your commonly watched videos,
(you absolutely know what I mean by that) it will cause a huge adversity for you.

There is still a solution to this matter, and here is what you need to do:
You make a transaction of $1370 USD to my account (an equivalent in bitcoins, which recorded depending on the exchange rate at the date of funds transfer),
hence upon receiving the transfer, I will immediately get rid of all those lustful videos without delay.
After that we can make it look like there was nothing happening beforehand.
Additionally, I can confirm that all the Trojan software is going to be disabled and erased from all devices that you use. You have nothing to worry about,
because I keep my word at all times.

That is indeed a beneficial bargain that comes with a relatively reduced price,
taking into consideration that your profile and traffic were under close monitoring during a long time frame.
If you are still unclear regarding how to buy and perform transactions with bitcoins - everything is available online.

Below is my bitcoin wallet for your further reference: 1P5vLEEuGawo33WLs3pVdxTuyjqt7Ymf9C

All you have is 48 hours and the countdown begins once this email is opened (in other words 2 days).

The following list includes things you should remember and avoid doing:
> There's no point to try replying my email (since this email and return address were created inside your inbox).
> There's no point in calling police or any other types of security services either. Furthermore, don't you dare sharing this info with any of your friends.
 If I discover that (taking into consideration my skills, it will be really simple, because I control all your systems and continuously monitor them) - 
 your nasty clip will be shared with public straight away. 
> There's no point in looking for me too - it won't result in any success. Transactions with cryptocurrency are completely anonymous and untraceable.
> There's no point in reinstalling your OS on devices or trying to throw them away. That won't solve the issue, 
 since all clips with you as main character are already uploaded on remote servers.

Things that may be concerning you:
> That funds transfer won't be delivered to me.
 Breathe out, I can track down everything right away, so once funds transfer is finished,
 I will know for sure, since I interminably track down all activities done by you (my Trojan virus controls all processes remotely, just as TeamViewer).
> That your videos will be distributed, even though you have completed money transfer to my wallet. 
Trust me, it is worthless for me to still bother you after money transfer is successful. Moreover, if that was ever part of my plan, I would do make it happen way earlier! 

We are going to approach and deal with it in a clear manner!

In conclusion, I'd like to recommend one more thing... after this you need to make certain you don't get involved in similar kind of unpleasant events anymore!
My recommendation - ensure all your passwords are replaced with new ones on a regular basis.

Virtualization server gets more storage

An NVMe solid-state drive in a dual-Opteron server… Just ponder that for a moment. Why in the world would anyone do that?

The big reason: storage is cheap. And for 80 USD, a 2TB NVMe solid-state drive is really cheap. And given this is a much older virtualization server, there is no need to go with anything high end.

Specs:

  • CPU: 2x AMD Opteron 6278
  • RAM: 64GB Registered DDR-3 1600Mhz
  • Storage: Samsung 850 EVO M.2 500GB

Recall that back in March 2018, I replaced an older dual-Xeon HP workstation with a dual-Opteron server setup for virtualization. Going away from a system made in the late 2000s to one with hardware from the early 2010s. But in doing that I was doubling the available core count. From a dual quad-core with HyperThreading, so 8 logical cores per processor, to two processors with 16 cores each. Later I upgraded the RAM to 64GB Registered ECC – after I accidentally bought registered sticks for Nasira and couldn’t sell them off.

And in building the system, I wanted to eliminate cables as best as possible. The CPU and ATX power connectors to the mainboard were unavoidable. But if a power or data cable could be avoided, I wanted to avoid it. The fans are powered off the mainboard, the GPU is onboard, so that leaves the storage.

And here, an SSD was the obvious choice. I had a 500GB Samsung 850 EVO I mistakenly bought for my wife’s upgrade to an i7-5820k for a mainboard that wouldn’t support it, and a StarTech M.2 to 2.5″ enclosure to use it in something else. But the enclosure still requires a power and data cable. So how to get around that? Thankfully I was able to buy a PCI-E adapter board that handled the power and data, so no additional cables.

Storage requirements

For most virtualization setups, 500GB is more than enough. My Plex VM sits on 32GB storage and uses about… half of it. (It runs off Fedora Server.) I have an OpenVPN instance on another VM that’s also 32GB and also running off about half of the space. And my only other virtual machine (at this moment, at least) is a mail server sitting on 64GB, but using 1/4th of that.

I’d been planning to upgrade the storage for a while as there are other projects I want to get into. And when I saw Micro Center having a sale on their Inland NVMe SSDs, and saw a 2TB NVMe SSD for only 80 USD, there was no way I could say No.

Alongside that I found an adapter board that could take one each of SATA M.2 and NVMe M.2 on the same board. It does require a SATA cable for the SATA M.2, unlike the previous adapter board, but nothing more. Both drives are powered by the PCI-E slot.

Wait, it works? But… bottleneck!

So did the system even recognize the drive? Well of course it did. And I had no reason to think it wouldn’t.

NVMe SSDs are PCI-Express devices after all, and the PCI-Express specification means that a PCI-Express 3.0 device can be used in a PCI-Express 2.0 slot. I already have that in Nasira, actually, where I’m using an NVMe drive as an SLOG.

But how well does it perform? Better than the SATA drive, I’ve definitely noticed. Plex is a lot snappier and the VMs load much faster. System updates on each VM are faster, too. And that along with the much better capacity was the point of that exercise.

It’s also a QLC drive with a rated top synchronous read speed only just a little higher than what PCI-E 2.0×4 can provide, so it was never going to saturate a PCI-E 3.0×4 connection anyway. And under this use case will never saturate a 2.0×4 connection. But it’s still be far better than a SATA SSD and doesn’t need any cables.

I was after the storage real estate, primarily. That it came in an NVMe SSD that I could install with an interface board and not have to worry about additional cables is the major bonus.

Cooling everything down

10GbE cards can run hot. Very hot, actually. So much so that I’ve actually considered watercooling the one in Mira. But as I discovered building my OPNsense router, the solution is simple: quiet 40mm fan and VHB tape to stick it to the heatsink. Problem solved. You don’t need to use a Noctua fan specifically, as there are plenty of quiet 40mm fans on the market. I just happened to have a Noctua 40mm fan that I wasn’t using for anything.

Goodbye, Proxmox!

As of the time I installed the new NVMe SSD, the server was still running Proxmox 5. And not even the latest minor version of that. Merely upgrading it to the latest 5.x version, let alone installing Proxmox 7 – the latest version as of this article – would require… a lot of work.

The easiest route would be to jettison the VMs and install Proxmox 7 clean. Trying to upgrade in-place would’ve been… “time consuming” wouldn’t adequately explain it. But that would only get me up to the latest version. Keeping it up to date is the greater chore.

Without a support subscription – €190 (€95 per CPU socket) per year for this box for the lowest tier – the only way to get minor version updates to keep Proxmox updated is through the DVD image. Then there’s the continual nagging whenever I log in that I don’t have a subscription:

So… I’m done with it. Just completely done with it.

So back to VMware, then, or what?

Hello, VirtualBox!

I was jettisoning the existing VMs regardless. Plex is easy to migrate, I no longer use the OpenVPN VM since building an OPNsense router, and the mail server was migrated to a physical box.

But for a much smoother and flexible upgrade path going forward, I moved to VirtualBox and Docker. And I went the full headless route, meaning creating and controlling the VMs through the command line. Sure it means creating VMs is a little more of a chore without a script to automate the process. Which is something that’ll be relatively easy to set up since my VMs will usually have pretty similar settings – core count, storage space, or memory will vary as needed. But the upgrade path is a LOT more flexible.

How so?

Ubuntu and Fedora (among others) allow for in-place upgrade to the next major version. My Plex VM, for example, had been getting upgraded in-place (using the dnf-plugin-system-upgrade package) since I first built this virtualization server with a fresh VM for Plex. That was Fedora 27. Didn’t need to touch it till now when I created the new VM with VirtualBox.

And VirtualBox can be upgraded via the official repository or – as is the case already with Plex, unless you enable the repository – manually on my own watch. Docker containers allow similar flexibility. Being able to use Windows Remote Desktop instead of the browser to interact with the VM’s terminal is also a bonus.

Now sure, updates on the bare metal system does mean shutting down all the VMs. But I’d have to do that with Proxmox or any virtualization system anyway.

Creating an Omada Controller VM

This will outline how to create a VM for running the TP-Link Omada Controller software. These same steps can also be used to install the software to a physical machine.

1. Create the virtual machine (or physical box)

CPU: 2-cores
RAM: 4GB
Storage: 20GB min
OS: Ubuntu Server 20.04 LTS
Networking (VM): Bridged

Obviously first you need a VM to actually run the software. With version 5.7.4 of the TP-Link Omada Controller, you MUST use Ubuntu 20.04 LTS. The Omada Controller requires MongoDB which cannot be installed on Ubuntu 22.04 LTS due to one of its dependencies. (As of version 6.0.3, the most recent as of this writing.) I recommend the Server distribution as well since it’s lightweight. Make sure to install OpenSSH with it so you can just copy/paste the commands in the next steps.

And, of course, once you have Ubuntu installed, make sure to fully update it. You should also install and enable “avahi-daemon” so you can find the machine by hostname. I also recommend installing “nmon” or something similar so you can monitor CPU and memory usage to determine if you need to bump the core count or memory for the VM based on your use case and how many devices you’re trying to manage.

2. Add the MongoDB CE repository

These commands come from the MongoDB documentation.

wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
sudo apt update -y

3. Download and install the Omada Controller software

You can find it on TP-Link’s website.

From the directory where you copied the .deb package, run this command (obviously the filename will be specific to your version):

sudo apt install -y ./Omada_SDN_Controller_v5.7.4_Linux_x64.deb

This will pull down a lot of other packages. MongoDB will be pulled down from the repository installed in the previous step. It will also attempt to start the Omada Controller but fail due to this error that is displayed immediately: “Cannot find any VM in Java Home”. So next we’ll take care of that error once it aborts.

4. Setting up soft links for Java Home

Run these commands (source) to correct the error you got in the previous step:

sudo mkdir /usr/lib/jvm/java-11-openjdk-amd64/lib/amd64
sudo ln -s /usr/lib/jvm/java-11-openjdk-amd64/lib/server /usr/lib/jvm/java-11-openjdk-amd64/lib/amd64/

5. Start the Omada Controller

Now we can start the Omada Controller. You can do this either by rebooting the machine or running this command:

sudo /usr/bin/tpeap start

Note as well that when you do reboot the VM, it will take a little bit after the login prompt appears for the web interface service to be accessible.

Finish the setup

And with that, you’re done and should be good to go. You can log into it remotely by going to https://[omada_hostname]:8043/ to create the admin account and finish your setup, adopt devices, etc.

(Optional) Change out the self-signed certificates

If you want to get rid of the self-signed certificate error (and accompanying browser exception), and you’ve generated a certificate using your own CA, look for the Settings option down in the lower-left corner of the browser window. Then click on “Controller” in the left-hand menu and scroll down till you find “HTTPS Certificate”. By default “File Format” will be set to JKS – “Java Key Store”.

In my instance, the generated certificates (from my custom home CA) were in PEM format with a separate certificate and private key, so I changed the drop-down to PEM, then uploaded the corresponding files using the Import buttons.

Click “Save” down at the bottom to import the certificate. Then you’ll need to reboot the VM. Unfortunately you can’t do that from the Maintenance section.

Building a router

Build Log:

Amazing that it’s been… 6 years (as of this writing) since I decided to pursue 10GbE.

First trying to build a custom switch, then dropping all that when I learned that a lot of retired Quanta 10GbE switches dropped on eBay. Then dropping that switch two years later for the far quieter, lighter, and just better overall MikroTik CRS317. Even ordering it direct from Latvia. And then last year replacing the fans with the far quieter, Noctua NF-A4x20 FLX.

So why am I now talking about building a router?

Google Fiber’s buggy interface

Before Google Fiber, I was with Time Warner Cable (now Spectrum), and I used my own cable modem and router. Never had any issues as a result. With Google Fiber, though, we were given their router box from the outset. As much as I don’t like not being able to use my own hardware, I didn’t really have a choice here. (Or so I thought, actually… Apparently I could’ve used my own router from the outset, but their documentation didn’t make it look that way.)

Google Fiber has changed how their routers are configured a few times. Initially, like most every router out there, you connected to it directly via the IP address. Then they made it so everything is configured by the Google Fiber site. The latter was better, since it allowed you to handle things remotely but still securely, such as enabling or disabling any port forwarding, allowing you to enable/disable it more-or-less on demand from anywhere.

Recently this has become more frustrating and buggy. Port forwarding in particular. Plus I didn’t have nearly as much control over other aspects as I would like.

Thankfully Google Fiber has an account option allowing me to use my own router and put theirs into “bridge mode”. So I did just that and switched over to using the MikroTik CRS317 as the router.

[Insert Nuke’s Top 5 voice-over]: It did not go well.

RouterOS performance

Sure port forwarding was far easier than using Google Fiber’s buggy interface. But performance… fell off a cliff. Instead of getting 2Gb down, I was getting around 500Mb. Something my research told me was largely unavoidable. Both with RouterOS versions 6 and 7.

Hardware is the primary reason. It’s just too underpowered with a dual-core ARM 32-bit processor running at only 800Mhz. That’s more than capable as a 10GbE switch, especially if you’re not loading up all of the ports. (I’m using 7 of 16 as of this writing, one being a link to a MikroTik CSS610.) As a router, though… not so much.

So the solution then is… building my own router using spare hardware I have lying around.

Requirements and Specs

The requirements are simple: gateway between the MikroTik switch and the Google Fiber box while being able to handle 2Gb up, 1Gb down without a problem. So what level of hardware would work?

Linus Tech Tips most recent video about building a router used an old Dell Optiplex 7010 with an Intel i5-3770. And with that being just a Gigabit gateway, the CPU was barely being touched.

And the hardware for the official pfSense appliances is also very lightweight. The Netgate 4100 is the lightest that would still meet my requirements. And it has an Intel Atom C338R 1.8GHz dual-core processor with 4GB RAM and sipping only a few watts of power.

I’m going a little overkill merely because I have this lying around not being used:

CPU:AMD A8-7600 APU with Noctua NH-D9L
Mainboard:Gigabyte GA-F2A88X-D3HP
RAM:16GB DDR3-1600
PSU:EVGA 650 G2
Storage:Inland Professional 128GB 2.5″ SATA SSD
WAN NIC:10Gtek X540-10G-1T-X8 10GbE RJ45
LAN NIC:Mellanox ConnectX-2 10GbE SFP+
Chassis:Silverstone GD09
Operating system:OPNsense (with latest updates as of this writing)

Okay, not all of it I had lying around. The 10Gtek card I needed to acquire, along with replacing the fans in the chassis, but that was it.

Now why a 10GbE card for the WAN link when I only have 2Gb service? So I don’t need to upgrade it later.

Google Fiber is rolling out 5Gb and 8Gb full-duplex service starting early 2023, so I’m already set for either option. I don’t need to swap out any hardware to support it. And with the 10GbE switch as the backbone of my home network with a 10GbE card in mine and my wife’s desktop systems, we’re already well positioned to take full advantage of it.

And if your router needs to handle faster-than-Gigabit traffic to the Internet, pay attention to PCI-E lanes with your mainboard and processor combination, in particular with slot bandwidth when you have certain slots populated to ensure you’re not cutting off bandwidth to your card(s). 2.5GbE NICs should run in a PCI-E 2.0×1 slot without issue. 5GbE and 10GbE cards require additional consideration.

Thankfully the FM2+ board and APU have enough lanes. The PCI-Express slot with the Mellanox card is wired for full x16 while the full-length slot with the 10Gtek card is wired for x4. PCI-E 2.0×4 is more than enough to handle 10GbE.

And to keep the NICs running at peak performance and cooler temperatures while still remaining nearly silent, I used 3M VHB to attach a Noctua 60mm fan to the 10Gtek NIC, and a Noctua 40mm fan to the Mellanox.

And I went with OPNsense due to it running on the newer version of FreeBSD – pfSense still uses FreeBSD 12 as of this writing but will update to version 14 with the next major release, which isn’t slated to release until July 2023.

OPNsense and Mellanox

The Mellanox card wasn’t being used out of the gate. Some searching led me to an obscure article mentioning the solution. I needed to create the file /boot/loader.conf.local with this line (the file didn’t exist on a fresh install):

mlx4en_load="YES"

But that leaves the question of why OPNsense does not have support for Mellanox cards enabled by default. Given how popular Mellanox cards are with DIY and homelab setups, they really need to have that enabled by default in future distributions. TrueNAS has that support by default. And I’m pretty sure pfSense has it, too.

So why did OPNsense not do that?

Router-hosted VPN

I have been relying on OpenVPN for a while. First installing it in a Docker container, then moving to a dedicated virtual machine. Neither was optimal, but it was really the only way I could have a self-hosted VPN.

OPNsense allowed me to move the VPN service to the router, allowing me to jettison one of my VMs. This cuts out the extra steps of the router sending traffic to what is, in essence, a second router to determine where to send the traffic.

OpenVPN is installed by default with OPNsense, but I took this as a chance to change over to the lightweight and better-performing Wireguard. And the VPN performance has been much snappier as well. Moving to Wireguard was probably a lesser part of that performance jump compared to being able to have the VPN service on the router.

Going wireless

WiFi 6 is integrated into the Google Fiber router. I do have an older Tenda AC1900 wireless router, but I wanted to keep the WiFi 6 capability. Enter TP-Link and their EAP670 WiFi 6 access point. It has a 2.5Gb RJ45 port that can also be powered via POE+ or the included 12V adapter. I have it connected directly to the 10GbE switch through another RJ45 adapter.

The beauty here is not just cost – I found it for about $150 at Micro Center – but expansion. If I need greater coverage of my house, I can install a second and set up a virtual machine as an Omada controller for hand-off with all of that configuration staying local. It also has the capability for guest networks, though I haven’t used this yet.

Performance and recommendations

My network configuration is now back to what it once was but with a couple slight improvements.

First being the custom router itself. Objectively and subjectively, it’s allowing for a much better connection to the Internet. The speed test when I put the new router into service was higher than the initial speed tests when I first got the Internet service upgrade. Probably about 15% better and it was the first time I saw >2000Mbps on the downlink during a speed test.

And there are two reasons for that improvement. The custom router being one, being able to perform a lot better than the Google Fiber router. The hardware providing the physical connections being the other.

In my last article about the CRS317, I said I used a MikroTik S+RJ10 module to connect the switch to the Google Fiber router. That’s a very high latency connection. Even with a Cat7 cable. Higher still than using dedicated RJ45 hardware. It’s just the nature of the beast.

This changeover allowed me to use an optical fiber connection between the switch and router – the first time I’ve been able to do that. Optical fiber has virtually zero latency across short runs.

And the connection from the router to the Google Fiber box is going through dedicated RJ45 hardware, not an SFP+ RJ45 module that gets very hot. No, seriously. Even with a fan, it was running at over 60°C continuously while the optical fiber modules had no issue with temperature. And with this upgrade, I was able to remove the fan I had blowing down onto the SFP+ module.

So what can you take away from this if you want to build your own router?

1. Have a high-performance switch as the backbone for your network

Avoid the cheap desktop switches. Like the ones that are under $30 for 8 ports.

Two things to look for are 1. whether it supports full-duplex and 2. the switch bandwidth. The switch bandwidth should be higher than the all the ports combined at half-duplex – e.g. an 8-port GbE switch should have switch bandwidth higher than 8Gbps. If the switch specifications don’t even mention “switch bandwidth”, then don’t bother with it as your network’s backbone.

The uplink of the switch will also matter as you’ll need to make sure it’s faster than your Internet connection. So if you’re sticking with Gigabit Ethernet but have a faster-than-Gigabit Internet connection, then something like the MikroTik CSS610 will be perfect as a backbone switch. Just make sure, again, to use an optical fiber connection between that switch and your custom router.

2. Build the router with only one (1) WAN and LAN port, if possible

Don’t build your custom router to also act as a switch. Build it only as a router. This means one port for the LAN, one for the WAN. The LAN port goes to your backbone, the WAN port to your modem or, in my case, ISP-provided router configured to act as a bridge. Even if you want to segment your network so one part is isolated from another, you can generally accomplish that far better and still maintain line-speed or near line-speed performance with a managed switch – e.g., the MikroTik CSS610.

Both ports should be also faster than your Internet connection. For example, if you have a Gigabit Internet connection, buy 2.5GbE NICs. This should ensure that you are able to max out your Internet connection. And if you have less-than-Gigabit Internet, don’t rely on any onboard Ethernet controller unless it’s an Intel chip.

Your custom router will rely on software for moving packets around, so keep it relegated to just one task – moving packets into and out of your home network while blocking everything else you didn’t explicitly request. Having it also move packets between other interfaces will only degrade performance.

So if you’re acquiring hardware to make your custom router, stick with a single dual-port card. I have two separate cards only because I’m using different media – optical fiber between the router and switch, Cat7 between the router and the Google Fiber box. Just make sure the mainboard and processor combination will have enough PCI-E lanes to allow for it. Use an AMD APU or integrated Intel graphics where possible to free up slots and lanes.

3. Connect only the switch to the router. Nothing else.

Sure this kind of seems like a duplicate of #2, but I’m mentioning it in case you decide to use a card with more than two ports.

The switch will handle everything about funneling traffic to and from your router. And if you have any other services on your network, it can prevent traffic from clashing so you can still access those services (e.g., a Plex Media Server) without impacting or being impacted by anyone else’s Internet activity. Provided you aren’t relying on a cheap switch.

4. Don’t forget the UPS

Unfortunately OPNsense appears to support only APC via a plugin you can install, but that only matters if you require monitoring and auto-shutdown. Make sure to get one rated for about… double what your router requires to operate and pay attention to the half-load battery runtime.