JP Tyres Porana Road Review

Our experience with JP tyres was terrible, they swapped our tyre without our consent.

So, initially we went to Auto Garage (car servicing shop next to it) for a WoF and they failed our WoF, primarily due to tyre was different between front-left with the front-right, then we went to JP tyres (the shop next to it) and purchased the same tyre with our front-right (Blacklion Cilerro 175/65-R14).

Blacklion Cilerro 175/65-R14

After we completed the purchase and JP-tyres fitted the new tyre to our Honda Fit, we put the car overnight in Auto Garage as our car needs some WoF repairs (such as replacing the wheel bearings, top strut mounts, dead tail bulb, etc. Which actually we don’t know since we are not oto-savvy.)

The strange thing is the next day we pick up our car after they finished the repairs and passed the WoF, our front-left vehicle has utterly different tyre like magic!

Jinyu Gallopro 175/65-R14

They replaced with Jinyu Gallopro 175/65-R14, and yes, which means our front-left and front-right tyre are again, not the same). We have all the evidence including the detailed invoice from JP-tyres. The Auto Garage mechanic said the guy from JP-tyres collected our car key from Auto Garage, brought the car to JP-tyres and swapped our tyre ‘without’ our consent.

We strongly NOT suggest you to go to the following venue for all kind of tyre maintenance and/or replacement:

JP Tyres
80 Porana Road
Glenfield, Auckland 0627

Please be advised that they’re also known as JP Tyres 2009 Ltd.

It’s inevitable that we are doubting that they’re both (JP-tyres and Auto Garage) are working in-conjunction for each other to gain their own personal benefits.

Auto Garage Porana Road Review

Our experience with Auto Garage was terrible, we went to Auto Garage for WoF and they failed our WoF, primarily due to tyre was different between front-left with the front-right.

Then we went to JP tyres (the shop next to it) as of Auto Garage’s recommendation and purchased the same tyre with our front-right (i.e. Blacklion Cilerro 175/65-R14).

Blacklion Cilerro 175/65-R14

After we completed the purchase and JP-tyres fitted the new tyre to our Honda Fit, we put the car overnight in Auto Garage as our car needs some WoF repairs (such as replacing the wheel bearings, top strut mounts, dead tail bulb, etc. Which actually we don’t know since we are not oto-savvy)

The cost was shockingly $1k. We’re okay with the price, but the strange thing is the next day we pick up our car after they finished the repairs and passed the WoF, our front-left vehicle has utterly different tyre like magic!

Jinyu Gallopro 175/65-R14

They replaced with Jinyu Gallopro 175/65-R14, and yes, which means our front-left and front-right tyre are again, not the same). We have all the evidence including the detailed invoice from JP-tyre. It’s inevitable that we are now doubting what are the other original parts they might have swapped with the other dodgy or cheaper parts.

We strongly NOT suggest you to go to the following venue for both car servicing and WoF:

Auto Garage
78 Porana Road
Hillcrest, Auckland 0627

MikroTik Bruteforce Login Prevention

To stop SSH/FTP attacks on your router, follow the following advise:

This configuration allows only 10 FTP login incorrect answers per minute.

in /ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment="drop ftp brute forcers"

add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m

add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
address-list=ftp_blacklist address-list-timeout=3h

This will prevent a SSH brute forcer to be banned for 10 days after repetitive attempts. Change the timeouts as necessary.

in /ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute forcers" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no

If you want to block downstream access as well, you need to block the with the forward chain:

add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute downstream" disabled=no

To view the contents of your Blacklist, go to “/ip firewall address-list” and type “print” to see the contents.

This is the recommended Bruteforce prevention, officially from the MikroTik Wiki. Despite their page was last edited on 7 August 2013, at 09:47 this method is still pretty much effective until present.

Couldn’t install Microsoft Office with Error Code: 30182-1011

Microsoft Office, Couldn't install, Error Code: 30182-1011

This error code is known when you try to install different Microsoft Office licenses into the same system (e.g. Non-profit license or OEM license and you’re installing Retail license or Office 365 Subscription-based license) – Basically you cannot mix varies types of license in one system.

In this case, we had:

  • Microsoft Office Home and Business 2016;
  • Microsoft Project Professional 2016;
  • And we’re trying to install Microsoft Office 365 Business (Subscription-based license).

Similar error code, same issue:

Microsoft Office, Couldn't install, Error Code: 30182-1011

We ended up with converting all of our office licenses to Office 365 (Subscription-based) license.

Tips: Use Microsoft’s easy fix tool to completely uninstall Office.

Microsoft Office 365: Other installation options
Microsoft Office 365: Other installation options for Microsoft Project
Microsoft Office 365: Other installation options for downloading Microsoft Project
This is the Office 2016 + Project Professional 2016 (All of them are Office 365 Subcription-based License as they appears in Programs and Features)

Office 365 & Microsoft Project Professional 2016 in Programs and Features

Prevent Windows from Automatically doing Updates

Don’t like your Windows performs automatically download, install updates and restart by itself?

Click Start and type in: ‘gpedit.msc‘.

Go to: Local Computer Policy -» Computer Configuration -» Administrative Templates -» Windows Components -» Windows Update -» Configure Automatic Updates.

Set from ‘Not Configured’ to: ‘Enabled‘.

Configure automatic updating: ‘2 – Notify for download and notify for install‘.

Click ‘Apply‘ then ‘OK‘.

See screenshot below:

Windows Automatic Update Policy

Control Panel crashes with Windows Explorer on Windows 10

So when you open Control Panel the Windows Explorer crashes?

If you have IDT Audio Drivers, use your File Explorer to get to:

C:\Windows\System32

And then remove: IDTNCPL.cpl and IDTNCPL64.cpl

Those files are remnants from the previous Windows Driver update and are safe to be removed, it has potential to crash Control Panel with the Windows Explorer (i.e. the explorer.exe process)

Tested on Windows 10 Creators Update [Version 10.0.15063]

See/Recover Stored Wi-Fi Password in Windows

So you want to recover the Wi-Fi password you previously stored on your Windows? It is very simple, you will just need to execute two easy commands below.

Firstly, open up Command Prompt by clicking Start -» type: ‘cmd‘ then press Enter.

Type in:

C:\Users\Andy>netsh wlan show profiles

Profiles on interface Wi-Fi:

Group policy profiles (read only)
---------------------------------
<None>

User profiles
-------------
All User Profile : CWMGuest5G
All User Profile : Mercury
All User Profile : SPARK-JVYXR4
All User Profile : Brick
All User Profile : Ellerslie
All User Profile : Telecom-8080
All User Profile : JR-WIFI
All User Profile : JEAL-WIRELESS
All User Profile : ANDY-IPHONE
All User Profile : Millennium Conference
All User Profile : BETHEL
All User Profile : CSC-Guest


C:\Users\Andy>

And then to see the password, type in:

C:\Users\Andy>netsh wlan show profiles WIFI-SSID key=clear

Profile BETHEL on interface Wi-Fi:
=======================================================================

Applied: All User Profile

Profile information
-------------------
 Version : 1
 Type : Wireless LAN
 Name : BETHEL
 Control options :
 Connection mode : Connect automatically
 Network broadcast : Connect only if this network is broadcasting
 AutoSwitch : Do not switch to other networks
 MAC Randomization : Disabled

Connectivity settings
---------------------
 Number of SSIDs : 1
 SSID name : "BETHEL"
 Network type : Infrastructure
 Radio type : [ Any Radio Type ]
 Vendor extension : Not present

Security settings
-----------------
 Authentication : WPA2-Personal
 Cipher : CCMP
 Authentication : WPA2-Personal
 Cipher : Unknown
 Security key : Present
 Key Content : thiswillbethewifipassword

Cost settings
-------------
 Cost : Unrestricted
 Congested : No
 Approaching Data Limit : No
 Over Data Limit : No
 Roaming : No
 Cost Source : Default


C:\Users\Andy>

Simply replace WIFI-SSID with your SSID you want to reveal the key.

Tested and working properly on Windows 10 Creators Update (Version: 1703 (Build: 10.0.15063.296))

Hope this helps, cheers!

Enable Windows Photo Viewer in Windows 10

Those you who have upgraded from Windows 7 or Windows 8.1 to Windows 10 probably have Windows Photo Viewer program in Windows 10. But some users are reporting that Windows Photo Viewer has gone missing after clean installing Windows 10.

If you are missing the Windows Photo Viewer, we can bring back the classic Photo Viewer to Windows 10.

  1. Copy and paste the following registry key and save as PhotoViewer.reg :
    Windows Registry Editor Version 5.00
    
    ; Change Extension's File Type
    [HKEY_CURRENT_USER\Software\Classes\.jpg]
    @="PhotoViewer.FileAssoc.Tiff"
    
    
    ; Change Extension's File Type
    [HKEY_CURRENT_USER\Software\Classes\.jpeg]
    @="PhotoViewer.FileAssoc.Tiff"
    
    
    ; Change Extension's File Type
    [HKEY_CURRENT_USER\Software\Classes\.gif]
    @="PhotoViewer.FileAssoc.Tiff"
    
    
    ; Change Extension's File Type
    [HKEY_CURRENT_USER\Software\Classes\.png]
    @="PhotoViewer.FileAssoc.Tiff"
    
    
    ; Change Extension's File Type
    [HKEY_CURRENT_USER\Software\Classes\.bmp]
    @="PhotoViewer.FileAssoc.Tiff"
    
    
    ; Change Extension's File Type
    [HKEY_CURRENT_USER\Software\Classes\.tiff]
    @="PhotoViewer.FileAssoc.Tiff"
    
    
    ; Change Extension's File Type
    [HKEY_CURRENT_USER\Software\Classes\.ico]
    
    @="PhotoViewer.FileAssoc.Tiff"
  2. Double-click on the saved PhotoViewer.reg file.

  3. Click Yes button when you see the following confirmation dialogue to merge it. Alternatively, you can right-click on it, and then click Merge option.

  4. Click OK button again when you get the following dialogue box and that’s it! You have just enabled the classic Windows Photo Viewer in Windows 10.

  5. Optionally you can also make it default for images.

Mac Spotify: Cannot Start Application

So you want to run Spotify.app on macOS with multiple users environment but it says that you ‘Cannot Start Application’

Multiple users environment is where you have one Mac, and it has more than one user using it.

Spotify updated their app and prevent us running the app from another user (it will only run on the user who installed it)

Since their previous version doesn’t have this issue, I investigated the issue and found out that it was caused by permission issue.

The following are the resolution:

  1. Download and install Spotify as normal;
  2. Quit the Spotify Application once it’s finished installing;
  3. Open the application called Terminal (Command Prompt for Windows computers);
  4. Change to the correct directory by typing this and then hit enter:
    cd /Applications
  5. Then, copy and paste this command, followed by enter:
    sudo find Spotify.app -exec chmod 755 {} \;
  6. When prompted, enter your Mac user’s password and hit enter;
  7. Open the Spotify.app.

It is obviously if you open Terminal before installing Spotify.app you’ll get the ‘No such file or directory’ message.

Note: If all of this still doesn’t work, I found another temporary solution by simply dragging the Spotify.app from the Applications folder onto a USB and running Spotify from there. This is because by default Mac ignores ownership on USB volumes.

Cheers!

3CX NZ Setup Guide & Tutorial

3CX Setup Guide for UFONE (Supported by 3CX) in New Zealand
Firstly, make sure that the computer/server power scheme is on 'High performance' -- this ensures that the computer operates at maximum performance and it will not goes into sleep mode after 30 minutes (Windows default).
  1. Computer Name format is CompanyName-3CX
  2. Assign IP and make sure that the server is configured for the client’s network (3CX Server IP is NOT designed to be changed after installation) — Add client’s IP as secondary IP if needed!!
  3. Go to https://www.3cx.com/phone-system/download-links/ — and download the latest 3CX Server
  4. After installation done, you will be asked whether you want to continue using web browser (press 1) or CLI (press 2)
  5. Windows Firewall popup might also occur and in that case; tick all network to make sure 3CX is allowed to connect to all the networks.
  6. 3CX Management Console credentials, setup the username (e.g. 3cxadmin) and you can also use the same password with Windows’.
  7. Public IP Address, open up https://www.whatismyip.com/
  8. Configuring FQDN: Select ‘I need a 3CX FQDN.’ — Enter Client’s Name as Subdomain and, Select a 3CX Domain: Select New Zealand (*.3cx.co.nz)
  9. Select Local IP and make sure to choose the client’s IP again here.
  10. ===WAIT=== it might take some time during the ‘Creating FQDN and certificates…’ process, that is perfectly normal.
  11. Set HTTPS port to 443 and HTTP port to 80 if those ports are not currently in use.
  12. Login to 3CX Management Console for the first time, the best practice is to use: ‘3 Digits (000-999)’ — be aware, this cannot be changed later!!
  13. 3CX Phone System Admin Email: your@admin-email.add
  14. Use mail server (necessary, I’d personally recommend using SendGrid):
    » Mail Server IP or FQDN: smtp.sendgrid.net
    » Reply To Address: 3cx@intra.saputra.local
    » Email: companysmtp (e.g. saputrasmtp)
    » Password: companysmtp’s sendgrid password
    » Enable SSL/TLS: ticked
    » Perform ‘TEST’ and make sure you get this message: ‘Mail sent’ in green colour.
  15. Select Country: New Zealand, Set the Time Zone: +12:00 New Zealand (Wellington, Auckland)
  16. Select Language: UK English Prompts Set (or select Aussie/NZ Prompts Set if available)
  17. Registration Details:
    License Key: (leave it alone)
    Contact Name: Systems Administrator
    Company Name: (e.g. Saputra Enterprises Ltd.)
    Email: use@real-email.here
    Phone: +64-9-xxxxxxx
    Country: New Zealand
  18. If there are any updates available (it will be indicated by red bubble on the Updates link)
  19. Go to Updates Page, tick ‘Automatic updates’, select ‘Weekly 0:00 every Sunday’ — DO NOT tick the 3CX PBX updates (this will make sure all clients/templates are updated while leaving the PBX system untouched to avoid undesirable unknown update effect)
  20. Add SIP Trunk / VoIP Provider:
    Country: NZ
    Provider: UFONE
    Main Trunk Number is the Main Phone Number, e.g. ‘649xxxxxxx’ — FORMAT MUST BE LIKE THIS, OTHERWISE WILL NOT WORK!!
  21. Trunk Details:
    Enter name for Trunk: leave it UFONE
    Registrar/Server/Gateway Hostname or IP: see credentials, e.g. ‘xxxxxx.sip.ufone.co.nz’
    SIM Cals: depending on the UFONE contracts, e.g. 2
    Authentication ID: see sip username
    Authentication Password: see sip password
  22. CREATE INBOUND RULES, put ‘UFONE’ as Inbound rule name just click OK to create (might need to repeat depending on how many numbers they have)
  23. CREATE OUTBOUND RULES:
    1. Emergency 111:
      » Calls to numbers starting with prefix: 111
      » Calls to Numbers with a length of: 3
      » Route 1: ‘UFONE’ / Strip Digits ‘0’ / Prepend ”
      » Route 2: ‘UFONE’ / Strip Digits ‘0’ / Prepend ’64’
      » Route 3: ‘BLOCK CALLS’ / Strip Digits ‘0’
    2. International:
      » Calls to numbers starting with prefix: 00
      » Route 1: ‘UFONE’ / Strip Digits ‘2’ / Prepend ‘+’
      » Route 2: ‘UFONE’ / Strip Digits ‘0’ / Prepend ”
      » Route 3: ‘BLOCK CALLS’ / Strip Digits ‘1’
    3. National + Mobile + Tollfree:
      » Calls to numbers starting with prefix: 0
      » Route 1: ‘UFONE’ / Strip Digits ‘1’ / Prepend ’64’
      » Route 2: ‘BLOCK CALLS’ / Strip Digits ‘1’
    4. Local 09:
      » Calls to Numbers with a length of: 7
      » Route 1: ‘UFONE’ / Strip Digits ‘0’ / Prepend ‘649’
      » Route 2: ‘BLOCK CALLS’ / Strip Digits ‘1’
    5. Catch All:
      » Route 1: ‘UFONE’ / Strip Digits ‘0’ / Prepend ”
      » Route 2: ‘BLOCK CALLS’ / Strip Digits ‘1’
  24. Go to Windows DHCP server, on IPv4 -» Scope [LAN_IP] [Domain] -» right click on Scope Options -» select Configure Options -» and tick option 66 (Boot Server Host Name), add provisioning http URL from 3CX (e.g. ‘http://192.168.1.3/provisioning/wsyeg9vhyqod7’)
  25. Back to 3CX Management Console, click Phones -» Add Phone -» Choose Extension (e.g. 303) -» Choose from available models (e.g. GXP-1628) and add the mac address of the phone (e.g. ‘000b82a347ab’) -» click OK and OK again to close the extension window.
  26. Go to that phone’s web interface using IP address, enter on browser (e.g. http://192.168.1.33) login using admin:admin and reboot the phone so that it will be provisioned on the next boot.
  27. Setup port forwarding on the router/firewall to the 3CX server IP address for the ports specified below:
    » Default SIP port is 5060 UDP and TCP;
    » Default RTP ports are 9000-9500 UDP only (please also open these ports in Firewall, and it will not make our network vulnerable as the RTP ports are on-demand, so 3CX will only open when it’s required)
    » Default Tunnel port is 5090 UDP and TCP;
    » Default https port 5001 or can also 443 TCP.

Another phone provisioning method:

» Configuring the provisioning server via the Grandstream GXP series web interface

Step 1: Configure the phone in 3CX

  1. Log in to your 3CX Management Console ⇒ Phones ⇒ press “Add Phone.”

  1. Pick an extension from the list to which the IP phone shall be assigned.

  1. Select the model and enter the MAC address of the device which can be found on the back of the device itself.

  1. Optional set the “Phone Display Language” and “Timezone” for the device.

  1. Take a copy of the “Provisioning Link” which needs to be entered into the Grandstream GXP in step 2.

Step 2: Enter the Information into the Web Interface of the device

  1. Open the Web Interface of the Grandstream phone and login (default password is admin).
  2. Navigate to “Maintenance” ⇒ “Upgrade and Provisioning.”
  3. Set the “Upgrade via” to HTTP.
  4. In “Configuration Server Path” and “Firmware Server Path” enter the provisioning link taken from step 1 and paste in without http://”
    (example: pbx.mybusiness.local/provisioning/pc56bscs195k)
  5. Press “Save and Apply” and “Reboot” which can be found in the top right corner of the Grandstream web interface.

Grandstream GXP1628/GXP2140/GXP2160 attended transfer fix:

Go to Phone UI -» Settings -» Call Features -» » Auto-Attended Transfer (by default: No) — set to “Yes”, and the phone will use attended transfer by default.