• ek



    Viewing 15 replies - 1 through 15 (of 34 total)
    • in reply to: Dynamic or Static? Which do you choose? #2550765

      I use a dedicated firewall/router appliance (opensource IPFire installed on a low power PC) to protect my home net.  IPFire is configured to also serve as the DHCP server for my home net.  Some aspects of my DHCP server configuration:

      • I establish static (permanent) DHCP leases for all hosts (PCs, printers, servers, etc.).  The host’s ethernet (MAC) address is required to create the static address.
      • I only allow hosts with a pre-configured DHCP static/permanent address to have access to the home net.

      This allows me to always have all our home net hosts setup as DHCP clients – rather than as a non-DHCP static IP address.  This simplifies managing IP address assignment on my home net because – in effect – it’s all done via static/permanent DHCP leases on the firewall/router alone.  This also makes things really convenient for mobile devices as they can remain always configured for DHCP.

      For family & friends that are visiting, I’ll add their host info to the DHCP server config – as static/permanent leases.  No big deal: it’s a one-time deal for each and IPFire’s UI makes it easy to do.

      For anyone else: if they request internet access at my home I’ll tell them to use  HotSpot (or the equivalent) on their cell phone… or I’ll just roll my eyes and change the subject.  I never let strangers on my net.


    • in reply to: Ewaste or usable – week 4 #2449677

      I’ve administered Linux and Windows systems for many years.  For server administration, I often rely on the command line/shell to get things done.

      But when I’m using my personal laptop/PC to do non-administrative stuff I rarely have to resort to using the command line on Linux.

      Heck, now that I think of it, I think I resort to Powershell on Windows more than using command line on Linux because so much stuff is tucked away deep into convoluted GUIs in Windows 10 & 11 now.

      1 user thanked author for this post.
    • in reply to: Ewaste or usable? #2445081

      For the installing Linux on an Acer C710, this does a good job of outlining the steps:


      It’s focused on the C720 but the C720 & C710 are quite similar.


      For installing Mint on the ZA3, the graphics drivers are apparently the biggest challenge.  This gives some key info:



      Personally, I wouldn’t waste time on old laptops/chromebooks that have less than 4gb of RAM and are incapable of upgrading memory & disk.

      On the other hand, I’ve had great success taking old laptops, upgrading the RAM & storage (if needed) and then turning them into nice Linux laptops. But I’ll only do this with laptops that have a CPU with at least 4 physical cores (that can do at least 2.6GHZ) and can physically support up to at least 16GB of memory.

      1 user thanked author for this post.
    • When visiting some (not all) family members I sometimes am asked to look into issues with their computer or home network.

      For the computers, I always start off doing what most here have already mentioned: check backups are being done, make sure AV & anti-malware is working & updating, check logs, looking for persistent errors, etc.  I added “BIOS check” to this checklist after visiting a relative a last year.

      During that visit I discovered they had a fairly new but virtually unused high end custom workstation (from a local mom&pop computer shop) that they bought for their CAD work.  I asked about it and they said it would always crash after a few minutes of any kind of use, so they just didn’t use it.  The vendor had apparently been of no real help & the relative was just too embarrassed to pursue the issue any further.

      I looked over the system & confirmed the issues  – but none of my typical checks uncovered an obvious cause.  I spent hours on this and then – as an afterthought – I checked the BIOS.

      OMG!  The vendor had set one of those lame auto-overclock options… which I quickly confirmed had mis-configured memory and made the memory very unstable.  Disabling the auto-overclock & setting proper explicit parameters for CPU, power and memory resulted in a stable awesome system.

      So now when I debug a relative’s (or friend’s) computer/laptop I always look over the BIOS settings first.

      1 user thanked author for this post.
    • in reply to: Need help with GRC Port scan results #2373184

      My ISP blocks some ports (closed, not stealth) related to SMB and NetBIOS.  So GRC’s portscans always show those particular ports as closed but not stealth – despite my home firewall configured to stealth those ports.


    • in reply to: Trying Linux on your Windows system #2344519

      What have you had to turn off? The stuff I have seen is opt-in when it comes to the OS itself.

      After I do an Ubuntu install, there are a number of services I disable or uninstall.  One of these is the “whoopsie” service that “phones home” to share data on any app/service/system crashes.  The other “phone home” stuff I just opt out.

      I actually uninstall the whoopsie service.  That’s because – years past – some old versions of Ubuntu would sometimes re-enable whoopsie due to a heavy-handed update.

      The other thing I always disable/de-install on newer Ubuntu installs is the snap packages subsystem (ie:snapd).  This is due to how snap erodes Linux security and (to a lesser degree) reliability.

      Due to similar concerns, Linux Mint has taken a stand against snapd & does not install it in its more recent releases.

      It appears Canonical’s ‘devs are eventually going to make snap stuff absolutely essential for Ubuntu desktop releases.  This is why I’m starting to completely abandon Ubuntu and go with Mint for desktops.


      • This reply was modified 2 years, 9 months ago by ek.
      • This reply was modified 2 years, 9 months ago by ek.
      • This reply was modified 2 years, 9 months ago by ek.
      2 users thanked author for this post.
    • in reply to: Trying Linux on your Windows system #2344387

      Well, in fact, various Linux distros have had degrees of  “telemetry” for many many years.  Most of this was/is “phone home” stuff to give the distros some idea about the number & kind of installs.  Then there’s the “phone home” to report details of a software/system crash.

      A decade ago, this kind of voluntary “phone home” stuff wasn’t that big of a deal.  But the world we live in now makes folks (understandably) more sensitive to anything that can be associated with the word “telemetry”.  The old IT security adage “trust no one” really does ring true in today’s world.

      Unlike Windows, this stuff is pretty easy to turn off, disable or de-install.  I always turn off telemetry when I install Linux.


      2 users thanked author for this post.
    • in reply to: Trying Linux on your Windows system #2344385

      I purchased a new laptop 1.5 years ago from Dell.  It was a nice Precision model with Ubuntu (18.04) exclusively preinstalled.  It has worked great since I got it.

      When ordering it online from Dell, I found that choosing Ubuntu instead of Windows for the laptop’s config saved me some bucks & made it a little easier to choose 16GB of RAM instead of 8GB.

      Dell & Lenovo both offer desktops & laptops with Linux pre-installed.

      Dell, Lenovo, HP and others, work with Ubuntu’s foundation/company – Canonical – to certify some of their desktops/laptops for use with Ubuntu releases.


      I have indeed installed Ubuntu & Linux Mint on a number of desktops, servers and laptops with minimal-to-no issues.  The key to this is to – up front – do adequate research to find specific desktop/laptop products that are already well documented to work with Linux.

      Sometimes I’ve been lucky and old (3+ years old) laptops I already had on hand worked fine with Ubuntu or Mint.  My experience has been that the older the equipment the more likely it will work with the latest Linux release.

      All my Windows systems are in fact dual boot Windows / Linux.  I install Windows first & then Linux after.  Some motherboard UEFI implementations can make dual boot Linux installs a bit more complicated than necessary; but this is tempered by the various Linux distributions getting better at UEFI installs, doing a better job documenting how to do dual boot installs AND – in their forums – how to deal with particular manufacturer UEFI quirks.

      Nowadays, when I plan new desktop/laptop purchases I select products I can confirm will work well with Linux as well as Windows.  I won’t consider a server/desktop/laptop that has firmware that would effectively physically lock me into an OS exclusively – Windows or otherwise.

      3 users thanked author for this post.
    • In my book, the list of “improvements” is pathetic for a 5 year scope for a OS with a relatively rapid release cadence.

      It just confirms my suspicions of the Win 10 effort: that the product/dev teams are probably spending most of their time mired in project churn & wheel spinning.  Much of this probably due to being stuck in a reactive-mode chaos caused by the relatively rapid release schedule.  They just can’t handle it effectively, so actual measurable productivity goes out the window.

      The product (and consumers) would fare so much better if the release cadence was dialed way way back to give the product teams and devs room enough to do the good work they are capable of.

      It’s clear to me that the current release cadence has not added any value to Win10 and it is surely costing MS a lot of $$$ (e.g.: wasted productivity, PR impacts) by ignoring the reality and sticking with it at all costs.

      • This reply was modified 3 years, 10 months ago by ek.
      7 users thanked author for this post.
    • in reply to: About that nonsense FBI warning about TVs stalking you #2014701

      No, he’s right. If you can’t point to any evidence it has occurred, you shouldn’t be reporting it as a risk. Being able to hack an IoT device and being able to use it to actually stalk you are different things.

      Plus, unless you modified your ISP’s modem, you will be unreachable from the outside Internet without some way to get the TV to initiate the connection. If you haven’t put on any unregulated apps, it’s as safe or safer than your smartphone, which also has a camera and mic on it. But you don’t get warnings about those.

      We are on a site where we are told not to worry about exploits until they actually exist in the wild. Why are so many people not applying that to TVs, and thinking a completely hypothetical hack is a valid thing to release an FBI Warning about?


      I’ve used multiple ISPs over the years for home connectivity.  Each with different modems.  In every case, the logs of my firewall/router show constant inbound probing/scanning from addresses all over the world – 7x24x365.  I haven’t ever observed the modems doing any significant form of packet filtering.

      Some ISPs do block some protocols to/from home service.  Like Windows file & printer sharing, SMTP (server side) and sometimes uPNP.  But whatever blocking they do (if they do it) is quite limited.

      For consumers, safe computing (“security”) is the result of the priorities they set & choices they make.  When I learn of a new vulnerability, I don’t wait until I’m a victim before I take steps to mitigate the risk(s) in a reasonable fashion.

    • in reply to: About that nonsense FBI warning about TVs stalking you #2014470

      Not sure what triggered Jake.  I read the FBI article.  Sounded pretty reasonable and factual to me.  They were not preaching doom and gloom, just telling it as it is.  Actually similar to a slew of articles/advisories written by various security gurus.  Seriously, if the FBI article muted the potential risk, they’d get their behind handed to them later if consumers got harmed by some “new” exploit.  Note that I used the word “if” there.

      I run a pihole at home.  When I got a Roku TV I was blown away at the massive amount of telemetry traffic I saw in the pihole logs.  Things improved when I added some Roku specific rules to the pihole server.  Fortunately, I got a Roku TV that doesn’t have – or support- a camera or microphone.

      I spent some time reviewing Roku’s API.  Heck, I’ve used the API for scripting turning the TV on and off & changing channels while away from home (to make it look like I’m home).  But I have to say (in my opinion): the API is a disaster waiting to happen, due to the seemingly rich attack surface.

      Then there’s the Closed Captions vulnerability for some TVs & media players.  I believe this has been patched on most smart TVs by now.  At least, I hope so.

      The biggest security issue I see for smart TVs is that the manufacturers stop developing firmware/security updates after just a few years for many models.  Problem is, a lot of folks keep their TVs *forever*.

      For smart TVs, I think keeping them behind a good quality (and regularly updated) securely configured firewall/router is an absolute must.  But many households have deficient/obsolete firewall/router setups, offering poor-to-no protection.

      • This reply was modified 4 years ago by ek.
      2 users thanked author for this post.
    • ? says:

      i looked around a bit and found this one;




      don’t know if they would help? so did the March version install w\o trouble? anyway i hope you get past this glitch and then on to whatever else they throw our way…

      Aha!  Thanks for the pointers.

      First, I did review the update log and saw error #80070643 for my earlier attempts to install KB4474419.  I researched this and found no consistent answer on that code.  But it did seem sometimes to correlate to file permissions issues.

      And, yes, the earlier March version of KB4474419 installed fine, per review of my update history.

      Anyway… fix discovered:

      Well, per one of the links you provided, the “fix” was to login to the Administrator account and install the standalone 8/12/2019 version of KB4474419.  Perhaps I could have just done a right-click “run as Adminstrator” on the standalone update via my normal account (which has admin privs), but I chose to just login as Administrator as others had done to get the update to install clean.

      The bottom line: KB4474419 installed successfully (and relatively quickly) when running the standalone update when logged in as the Administrator user.

      I did the same thing on my other Win 7 systems. No issues.  I suspect I could have done a normal install of the update on those systems as they are Win 7 Ultimate.

      I have to say: it’s been a loooong time since I had to resort to installing an update this way.  I’m kicking myself for not remembering & giving it a shot initially.

      On one system I had to actually make the Administrator user visible in the login screen.  To do that, I right-click selected “Run as Administrator” for CMD.EXE.  Then in the resulting CMD window, I entered:

      net user administrator /active:yes

      Then I logged out from my account & immediately logged in as the Administrator user.  Note that no password was set for the Administrator user yet, so I could initially login as Administrator without a password (!!!!).  Thus, immediately after login I set a password for the Administrator user. 

      So if you choose to make Administrator visible on the login screen:  PLEASE make sure the Administrator user has a reasonably secure password set.

      • This reply was modified 4 years, 3 months ago by ek.
    • ? says:

      hi ek,

      did you get any error codes? or did it get stuck before generating any? is it the march version or did you get that one to install and now you’re sticking on the august v2 version? or in my case too much more brain damage

      No error codes.  Just the “Preparing to configure Windows” screen and some meager repetitive disk activity.  I gave it 2 hours and no change.  So I did a hard powerdown & then booted into safe mode, which announced the update failed and recovered to the previous state/version.

      That was with 8/12/2019 version of KB4474419.

      The update failed on my old Acer X64 Win 7 Home Premium laptop, which has the weird non-configurable UEFI/BIOS boot mode.  That is, it will boot UEFI if – when during OS install – I choose UEFI.  If I config a disk for good ‘ol BIOS MBR boot, the BIOS will boot that too.  And the BIOS will allow boot into UEFI mediated recovery.  But the BIOS itself has no options to control this.

      My other Win 7 systems are plain ‘ol BIOS MBR boot.  No UEFI in the BIOS at all (AMD 970 boards).  I think it’s likely KB4474419 will install OK on these systems… but I’m not going to bother finding out.

      On all my systems, I run Linux 99% of the time (some 100% now).  That’s been my practice for years now.  At this point I’d lose very little if I went full 100% Linux.  Man, MS missed the boat with me.

    • I have a few Win 7 systems, some X64 Ultimate and one x64 Home Premium.

      All of them already have KB4490628 (Servicing Stack update) and KB3125574 (a roll-up that includes KB3133977).

      I downloaded the latest standalone KB4474419 (SHA2 v2) update from the MS update catalog.

      The 1st system to be updated is the Home Premium system.

      Launched the update & it seemed to install OK initially.  But after I clicked on the post-install restart it has been stuck on the “Preparing to configure Windows” screen for almost an hour so far.  The system is a laptop with a modest CPU but fast SSD.  There’s consistent modest disk activity… but it’s taking forever.  The last time I experienced this was with the last servicing stack update.  I have my fingers crossed the update will complete…

      So this was posted by me (ek).  I had to post as anonymous because I was not on one of the home systems at the time.


      I gave up trying to install KB4474419 on the Win 7 Home Premium laptop.  The update just wouldn’t complete.  The laptop is an old Acer AMD A6 system and has a weird hybrid UEFI/BIOS boot that cannot be configured at all in BIOS.  It has always made setting up dual boot Win/Linux a pain and I suspect the quirk got in the way of the update.

      In fact, all of my other Win 7 systems are BIOS MBR boot and do not have bitlocker installed.  So, no real need for me to do the updates.

      Back in July I decided to no longer do any updates to Win 7.  But I got the recent impression I needed to re-update bitlocker/SHA2 updates with the latest versions to assure I could restore a Win 7 disk image backup.  Appears not to be the case for me.  So, hopefully, I’ll return to ignoring Win 7 updates.

      • This reply was modified 4 years, 3 months ago by ek.
    • We rarely have to deal with phone spam anymore.

      For landline:

      Got an AT&T DECT phone set with awesome call blocking features that work well.  Folks we add to the contact list can call through, everyone else goes to message.  We only pick up on calls from folks we know.  There’s also an even more effective mode that adds a call screening step (callers get a “… press 2 to continue” prompt – which robo callers can’t handle), but I only enable it if/when we start getting too many robocalls again.

      For mobile (iPhones):

      Setup the phones to always be in do-not-disturb mode – with the option enabled to allow calls from anyone in Contacts.  In addition (pretty much a redundant step): set the default ring tone to silence and then set each contact to an actual audible ring tone.  So, the phone only rings if it’s from someone we know.  As with the landline, we only answer calls from contacts we know.

      Our basic rule for phone calls: if we don’t answer & the caller leaves no message then the call was spam and/or unimportant.  Keeps life simple.

      1 user thanked author for this post.
    Viewing 15 replies - 1 through 15 (of 34 total)