ValiDrive

I've been known to eat some crow and here I go again.

I'm a long time follower of Security Now with Steve Gibson on the TWiT network. I've also been a user of SpinRite.

But over the years, SpinRite has bumped into some limitations, e.g. disk size, speed, and no support for UEFI.

Steve has been working on SpinRite 6.1 which will address disk size and speed as well as add some new features.

SpinRite 6.1 was almost wrapped up when Steve got distracted with what seemed like a random project.

He discovered that some of the cheap USB drives on Amazon didn't contain as much memory as they advertised. Worse, they would accept writes to sectors beyond their capacity without complaining.

There goes your data.

So Steve set aside SpinRite 6.1 and began developing ValiDrive to validate the capacity of USB drives. Steve is a meticulous developer and he always make sure his code is RIGHT.

I kept running into SpinRite 6's limitations and finally blew up at Steve:

Shortly after this, ValiDrive was released and Steve went back to working on SpinRite. Quickly, SpinRite 6.1 was pre-released.

I downloaded ValiDrive and ran it on a multi-adapter USB drive that I had bought from Amazon.

This was advertised at a 512GB USB drive with USB A, USB C, and Lightning connectors. I bought it to take on a trip but never used it. It came in a nice metal case lined with foam. It had neatly printed instructions and the support e-mail actually answered questions for me.

But it was too good to be true.

ValiDrive showed that it only had 64GB of capacity and was SLOW.

Then I ran it on 2 microSD cards that I had been using in my Wyze cameras.

They were true to size and much faster.

Then came a real test - the 64GB USB drive that I use for my KeePass vault.

Perfect.

TreeSize Free

When I tried to take a system image of my daily driver laptop, I didn't have enough space on my backup drive. I didn't remember doing anything extraordinary so I started looking for wasted space.

I ran Windows' tools without getting much back. So I started looking for tools in my "Software" folder. I found TreeSize Free and ran it.

The answer stuck out like a sore thumb. It was in C:\Users\%username%\AppData\Local\Temp. In a future post, I'll explain what had created all those files.

Back to TreeSize Free.

TreeSize Free is a free utility from JAM Software. Its visualizations make the utilization of space very obvious.

It's available as a portable app and you can get it here.

Kasa Doorbells

I've been using Ring Doorbells for several years. I had one at the front door and another at the back garage door. They were the original models but the images were fine. I liked the way that they worked with my house's original doorbell, i.e., the original doorbell chime rang when the Ring Doorbells were pushed.

But to get access to the historical events, I had to get a subscription that was $80 per year for the two doorbells.

After the Insteon fiasco, I have been diversifying my home automation. I have two Kasa (by TP-Link) Smart Plug HS103P2s and they work great. Kasa has a simple app but I schedule them using Amazon Echo.

So when I started looking at doorbell replacements, Kasa came up. I had looked at Wyze as well but, unlike the Wyze cameras, the Wyze doorbells didn't have on device storage. I ended up getting two Kasa KD110s.

They have on device storage using 128 GB microSD card. With their 2K resolution, that gives me about 10 days of 24x7 video (accessible using the Kasa app). These videos can be saved to your local device.

My front doorbell mounts on siding so I needed a appropriate wedge. I found what I needed from nearlynewmodels.com. It was 3D printed to my color and angle. The approach to my front door comes from one side so I used the angled wedge that came with the KD110. Interestingly, the KD110 used the same holes in the siding as the original doorbell button!

The software/firmware for the KD100 has bene continuously evolving. When I started looking at them, the reviews were full of comments saying that you had to remove the microSD to access the videos. That was addressed by an app update before I bought.

But I immediately noticed that the software/firmware didn't allow setting zones for person detection. This resulted in numerous false alerts. I finally turned off person detection and narrowly zoned the motion detection. This reduced the false alerts but I still got alerts from plants moving.

I opened a support ticket with TP-Link and after only one bounce got connected to a support person who knew what was going on. He replied that they were working on a firmware update to be followed by an app update to address this.

The firmware on the KD110s were OTA updated to 2.3.20 and the app updated to 3.3.500. That added a separate zone capability to the person detection feature. They are working fine now.

The only shortcoming that I can find is that the KD110s don't ring the original doorbell chime. They come with plug-in chimes that you can place anywhere. Each KD110 can support multiple chimes so you could put one in the kitchen and one in the bedroom.

BUT you can't buy a second chime! I've seen posts where people have actually bought a second KD110 just to use the chime. What I've done is to configure my Amazon Echos to announce the notifications.

Here is a capture from daytime.

Here is a capture from nighttime.

To VPN or Not

UPDATED 9/14/23

Over Prime Day(s), there were sales everywhere for VPNs. They tempted me but then I thought through it.

I'm always interested in "good" prices but I'm not sure why I really need a VPN. Most all the web is using https now.

The biggest risk (and it's not so big) is using public Wi-Fi. For example, I automatically connect to xfinitywifi. But if someone were to put up a fake xfinitywifi my laptop/phone would connect to it. The web data would be encrypted with https but DNS is still in the clear unless you're running DNS over HTTPS (DoH). This blog (archive.org) post explains what that is and how to enable it in Windows.

DoH was first introduced in Build 19628 (run winver to find your build). Between Build 19628 and Build 20185, you have to enable it with a registry entry.

1. Type regedit into the search box and click Registry Editor.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters.
3. Right-click on the Parameters folder and click New > DWORD (32-bit) Value, then name it EnableAutoDOH.
4. Double-click on the new key and set its value data to 2.

Use one of the following DoH servers:

• Cloudflare - Primary: 1.1.1.1, Alternate: 1.0.0.1
• Google - Primary:8.8.8.8, Alternate: 8.8.4.4
• Quad9 - Primary: 9.9.9.9, Alternate: 149.112.112.112

To enable DNS over HTTPS in the Settings > Network & Internet menu:

1. Select Settings in the Start menu.
2. Open Network settings.
3. Under Network status, open the Properties menu for the desired internet connection.
4. Click Edit under DNS settings.
5. Select the Manual option, and then specify the Preferred DNS and Alternate DNS IP addresses. DNS providers currently supported by Windows 10 are:
   ● Cloudflare – Primary: 1.1.1.1, Alternate: 1.0.0.1
   ● Google – Primary:8.8.8.8, Alternate: 8.8.4.4
   ● Quad9 – Primary: 9.9.9.9, Alternate: 149.112.112.112
6. (Only after Build 20185) Select Encrypted only (DNS over HTTPS) for encryption under Preferred DNS and Alternate DNS.
7. If desired, you can configure the same for IPv6 (the previous steps were for IPv4).

Don't miss the "for the desired internet connection." You'll need to do this for EVERY network you connect to.

To enable encrypted DNS at home, you can use the above technique or your router will probably have a setting for that. Here's my router's settings:

Still simpler, for most of us, is to enable DoH in Chrome.

1. Click the three-dots menu and choose Settings.
2. Under the Privacy and security tab, click Security.
3. Locate Use secure DNS, enable it and choose a provider from the drop-down menu.

The only other risk I've found is exposing your PC's devices to a public network.

Here's how to disable that:

And then:

The only other thing I see needing a VPN for is exiting in a different geographic location, e.g. exiting in the UK to get the BBC.

The Cloud and High Availability

One of my new favorite podcasts is RunAsRadio with Richard Campbell. The June 14, 2023 edition was "High Availability in 2023 with Allan Hirt".

You can see Allan Hirt's credentials on LinkedIn.

Here's the synopsis of the podcast:

What does high availability look like in 2023? Richard chats with Allan Hirt about his work with high-availability solutions today - not just on-premises but also in the cloud. Allan talks about the frustration folks had with moving workloads in the cloud during the pandemic panic, lift-and-shifting workloads focusing on getting things working quickly rather than cost-effectively. The results can be costly, to the point where some folks considering moving back off the cloud again - but does that make sense? Allan talks about creating high availability efficiently wherever you want to run your workloads!

Richard and Allan covered availability as manifested in the cloud. Allan is a SQL Server guru who works for Pure Storage.

Here are some excerpts.

7:31 But when it comes to high availability, really, it's tough.

And cloud isn't a silver bullet for availability.

7:58 Like everybody assumes that there's this big red button that says I've got high availability in any cloud. We're not just talking Azure, we're talking AWS and GCP.

And the cloud doesn't eliminate traditional availability issues.

8:54 You know, like your platform layer, meaning Azure or GCP, like I can spin up this VM in another region when something happens is great. But the problem then winds up being it doesn't account for things like transactions in a SQL Server installation. So all the traditional things we worry about on premises still exist up in the cloud with IaaS. It's PaaS where things get different.

And the cloud introduces new issues.

13:15 … but now we need to think about placement of our VMs. We need to think about like ensuring that the VMs don't sit on the same host or in the same rack, which means setting certain things differently in your cloud providers.

And old issues don't go away.

15:10 … I appreciate the idea that if you're responsible high availability, … that doesn't go away with the cloud. … You still are responsible for [high availability] and you have to work through the additional complexity.

And monitoring gets even more important.

23:11 And you really don't have a view of is it functioning well. And then you need somehow you need to be able to monitor the stuff remotely and realize we have no insight into what's going on into our systems. I saw an uptick in implementation of like a lot of the third party monitoring tools or SCOM … because people "Like we need this stuff." Whereas they didn't put too much importance on that.

But cloud providers likely provide higher availability than you could.

28:15 I still think the cloud is up more than any data center I ever ran was. What I've actually told customers is Microsoft, Amazon, and Google can outspend you in building a data center. And a 24 hour staffed NOC is normal for them and expensive for anybody else.

But just moving to the cloud doesn't guarantee more benefits.

30:46 So I can take my on premises VMware infrastructure, vMotion it up to Azure, AWS, GCP and vice versa all day long, right. … I think for some folks that's a good solution. … It gets you to the cloud. It works well sort of. … And so it's always interesting to see things like this is where it's more of a on premises play in the cloud.

If you're not good at on premises, you won't be any better on the cloud.

34:56 If you sucked at virtualization on premises, you're generally going to suck at stuff in the cloud. Not always, but it's generally true because if you couldn't size and you couldn't deploy well on premises, how are you going to automate and do all this cool dev ops, dev stack ops stuff. If you had no skills to do it on premises, it's not magically going to happen in the cloud.

AWS - Amazon Web Services

GCP - Google Cloud Platform

IaaS - Infrastructure as a Service

PaaS - Platform as a Service

SCOM - Microsoft System Center Operations Manager

NOC - Network Operations Center

Using Artificial Intelligence for Technology Advice

Read all the way to the end.

AI-generated content is becoming increasingly common in many areas, including home technology advice. While this technology has the potential to be very useful, there are also some risks associated with it.

One of the main risks of AI-generated content is that it may not be accurate or reliable. AI algorithms are only as good as the data they are trained on, and if the data is biased or incomplete, the results may be inaccurate or unreliable.

Another risk of AI-generated content is that it may be used to spread misinformation or propaganda. Because AI algorithms can generate large amounts of content quickly and easily, they can be used to create fake news stories or other types of propaganda.

Finally, there is also a risk that AI-generated content could be used to manipulate people’s opinions or behavior. For example, AI-generated content could be used to create fake reviews or ratings for products, which could influence people’s purchasing decisions.

Overall, while AI-generated content has many potential benefits, it is important to be aware of the risks associated with it. If you are using AI-generated content for home technology advice, it is important to verify the information and use multiple sources to ensure accuracy and reliability.

This was written by Microsoft's Bing interface to ChatGPT. I just copied and pasted it. This is to show you what AI can do.

Windows Sandbox

I've always been interested in Windows virtualization. While I've exercised it somewhat, I haven't made continual use of it especially after Oracle bought Sun.

Then recently while listening to Windows Weekly Paul Thurrott described Windows Sandbox.

I knew about Hyper-V but didn't know about Sandbox.

Here's Microsoft's documentation (archive.org) on how to enable Sandbox. You have to be running Windows 10 or 11 Pro with virtualization capabilities enabled in BIOS (probably already enabled).

Click on the Windows key and type "Windows features". Press Enter.

Scroll down to "Windows Sandbox" and check the box. Click on "OK" and let the system restart.

Now click on the Windows key and type "Sandbox". Press Enter.

There it is.

It's a pretty vanilla copy of Windows. If you make any changes, they will go away when you shut it down.

That's good and bad. If you Google around, you'll find several articles on how to configure the Sandbox and move data and files back and forth.