Mouse sticking between monitors?

If you’re using Windows 7 with more than one monitor and your mouse pauses when you try to move between them, go into display resolution settings and make sure that in the little monitor alignment screen the two monitors are actually touching.

If they aren’t touching, your mouse will stop at the edge of one monitor and require an extra nudge to get to the next one.

Windows 10 can’t find Office365 applications

I installed Office365 over my old Office 2013 installation. O365 removes Office 2013, but I noticed after I was done (and had rebooted) when I pressed the start menu and started typing (for example) “Word” the only thing that came up in search results was “Word 2013”. The icon did nothing, and I couldn’t find the Office 2016 applications that way. They were listed in the start menu, but I like to be able to quickly type the name, hit enter, and launch the application.

I tried every solution I could find online – registry edits, stopping and restarting services, rebuilding the Windows search index, powershell commands – and nothing worked.

Finally I created another local user account on the system and that one worked fine. So I concluded something was broken in my user profile. I logged in as the built-in administrator account, backed up all my files from my previous user profile, deleted it, recreated it, and everything works fine now.

So, if your Windows start menu is acting weird, try creating a new profile and see if that fixes it.

Host content on Android with reverse SSH port forwarding in Serverauditor

EDIT: JuiceSSH has fixed the keyboard issue on Samsung devices running Android 5+!

I’m back to using JuiceSSH since their app is more reliable to me (creating port forwards often failed in ServerAuditor and I could never figure out why, but they always work in JuiceSSH). I’m leaving this post here in case anyone wants to use ServerAuditor and needs these instructions.


When it comes to SSH clients on Android devices, I was a fan of JuiceSSH until I began using the Note 5 and started having issues with the keyboard.

The short version is that JuiceSSH has a popup keyboard with ctrl/tab/arrows etc. that shows up when you tap the screen. I like it. But on the Note 5, that popup keyboard often/randomly shows up underneath (think photoshop layers) the regular keyboard, which means you can’t see both at the same time, so requires more keypresses to do a ctrl-x for example (hide the main keyboard, hit ctrl, bring up the keyboard, hit x, then hide the keyboard again to see the output which now shows up under the keyboard as well. You can tell the JuiceSSH popup keyboard to appear at the top of the screen, but then the popup keys are very far from the main keyboard, and worse, sometimes the popup keyboard shows up under the status bar (again, think photoshop layers), so you can’t touch the top row of buttons. Also none of this fixes the issue that the terminal drops under the keyboard so you often can’t tell what you’re typing. I’ve emailed JuiceSSH about this; I will update if I get one, as I am still a fan – and paid user of – JuiceSSH). It’s probably a Samsung issue unique to their setup (maybe multi-window?) or maybe relating to screen resolution, but I did try another keyboard and still had the same problem.

So I found Serverauditor in the Play Store. It has many of the same features in the paid (annual subscription) offering, including encrypted credentials/identities, a popup keyboard that works on the Note 5 (and is customizable!), and some great mappings for volume keys and single / double finger swipes. Down-arrowing through a long document in nano is almost a pleasure now with a double-finger down swipe (it’s mapped to PageDn). So I’m happy with it.

But there’s one piece missing from Serverauditor’s UI that JuiceSSH does correctly. I occasionally like to run services like web servers on my phone. Using KSWEB or Bit Server, for example, it’s possible to run a local LAMP (well, lighttpd or nginx at least) stack on your phone for a quick demo. With a reverse SSH tunnel you can offer up a port on an Internet-facing VPS that tunnels to your android device despite whatever NAT your provider is using. Kind of cool, but it requires a little trick to get working in Serverauditor. Continue reading Host content on Android with reverse SSH port forwarding in Serverauditor

Recent increase in spam from SPF authorized domains

Recently I’ve noticed a huge increase in spam from domains that are SPF authorized. They’re shilling everything from mesothelioma attorneys to home stairlifts.

After looking at the headers of a few messages I noticed something common to all of them that you can use to filter them out in Postfix (or any mail server, really):

Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=;;;

See where it says “…”? The “” part was actually my email address (not on this server, in case you’re wondering why I’ve removed it). So I set up a rule in Postfix’ header-checks:

/envelope-from.*-first\.last=domain\.com@/ REJECT Permanently blocked for spamming.

Replace first\.last=domain\.com with whatever format your email address is (might just be something=domain\.com for example), restart postfix, and enjoy the NOQUEUEs.

RowPro 4.0 “No Trees” Mod

RowPro 4.0 No Trees Mod
RowPro 4.0 No Trees Mod

Update: This mod is no longer needed as current versions of RowPro offer the no-trees option with 3D graphics in the system settings menu.

This is a mod for RowPro Version 4 to allow live water mode with no trees (not available from the program options). From my testing so far this mod provides an increase in frames-per-second (fps) performance, most notably if your video card is able to handle standard 3D mode but not Live Water mode.

Do I need this?

Update: No, you don’t; see the “no trees” option in graphics system settings in RowPro.

If you turn on “All Scenery (Live Water)” and your graphics are jittery and unusable, or your frame rate (FPS) is much lower than 60 (like 15), then you might want to try this mod. For my older RowPro system this works really well; if you have a recent graphics card and a powerful PC then you may not need this. Continue reading RowPro 4.0 “No Trees” Mod

Who’s Who spam

UPDATE August 2016:

Obviously non-US email senders/subjects may use UTF-8 encoding, so there’s a risk here. Personally this doesn’t affect my server or business, so the rule below was doing well for me. However, legitimate mail services (looking at you, Paperless Post) are sending emails with UTF-8 encoding on the subject line.

I scanned my mail logs and since I’ve set up greylisting and a few additional RBLs, I haven’t seen any UTF-8 spam in awhile, so I’m going to turn this rule off and see how things go. It was fun while it lasted, but at this point I think the rule is too draconian even for US-only email systems.


Getting lots of Who’s Who spam? They have a new trick; they are sending messages with UTF-8 encoding, which you can’t see unless you go into the server and really look at the mail or if you look at the subject field in the message headers.

In much the same way as we blocked Rick’s “I am a china based imaging” spam, we use a similar rule in Postfix’ header_checks to block messages with a UTF-8 subject line:

/^Subject: .*\?utf-8\?B\?.*/ REJECT Please do not use UTF-8 encoding to send mail here.

This will prevent them from getting through. Nobody else I know with legit mail uses UTF-8 encoded subject lines, so hopefully good riddance until they find the next thing to use.

Didn’t get a password reset email from the Franchise Tax Board?

So you clicked the “lost password” link on the California Franchise Tax Board web site and didn’t get the email you were supposed to get with a temporary password?

Here’s why. From the mail log of the receiving mail system (mine):

Jun 15 22:47:53 dallas postfix/smtpd[14986]: NOQUEUE: reject: RCPT from[]: 550 5.7.1 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see;;ip=;; from= to= proto=ESMTP helo=

Looks like the Franchise Tax Board has an outdated SPF record. Servers configured to reject mail with an incorrect SPF record will do just that – reject the mail from the FTB. Either write to their IT department and ask them to update their SPF record to reflect the IP address or range they are actually sending mail from (good luck with that), or have them send the password to an email account that doesn’t check SPF records (or at least won’t fail them). You can choose that at the bottom of the page where you enter the answers to your security questions. is not responding

Did you start getting this message out of the blue from an iOS device like an iPhone that was working fine just a few hours ago, and you haven’t made any changes?

Before you use the nuclear option of removing and re-creating the account, try this suggestion from faridbe on the Apple Support Forums. Sign into gmail using a web browser. Go to settings, POP/IMAP, then disable IMAP, save changes, then enable IMAP, save changes again.

Then try accessing mail on your device again – perhaps it will work.

Testing postfix header_checks with postmap -q

This post makes some assumptions, for example that you use Postfix, Ubuntu, and regexp format for your header_checks, etc. but I find that testing new rules isn’t all that well documented and I always forget how to do this.

Testing header checks with postmap -q:

For a single line:

postmap -q "From: my spammer" regexp:/etc/postfix/header_checks

If you match a “REJECT” line you should get “REJECT” as a response. If you get nothing, your rule isn’t working. You can make the switch -vq (has to be in that order) to get verbose logging, but I don’t find that really helpful. It either works or it doesn’t and you’re not going to get any special regexp help from postmap.

If you’ve saved spam message headers to a file (ex: /tmp/spam.txt), do this:

postmap -q - regexp:/etc/postfix/header_checks < /tmp/spam.txt

That second dash is important or it won't work.

Can’t access \\readyshare

Can’t access \\readyshare through a UNC path but able to ping the IP address? Try this. Log into the router web based admin interface, scroll down to “UPnP” under advanced, and turn UPnP on. The router will say “please wait” (or something like that) for a minute or two. Then try accessing \\readyshare again. Worked for me after nothing else did.