TreeSize Free

When I tried to take a system image of my daily driver laptop, I didn't have enough space on my backup drive. I didn't remember doing anything extraordinary so I started looking for wasted space.

I ran Windows' tools without getting much back. So I started looking for tools in my "Software" folder. I found TreeSize Free and ran it.

The answer stuck out like a sore thumb. It was in C:\Users\%username%\AppData\Local\Temp. In a future post, I'll explain what had created all those files.

Back to TreeSize Free.

TreeSize Free is a free utility from JAM Software. Its visualizations make the utilization of space very obvious.

It's available as a portable app and you can get it here.

Kasa Doorbells

I've been using Ring Doorbells for several years. I had one at the front door and another at the back garage door. They were the original models but the images were fine. I liked the way that they worked with my house's original doorbell, i.e., the original doorbell chime rang when the Ring Doorbells were pushed.

But to get access to the historical events, I had to get a subscription that was $80 per year for the two doorbells.

After the Insteon fiasco, I have been diversifying my home automation. I have two Kasa (by TP-Link) Smart Plug HS103P2s and they work great. Kasa has a simple app but I schedule them using Amazon Echo.

So when I started looking at doorbell replacements, Kasa came up. I had looked at Wyze as well but, unlike the Wyze cameras, the Wyze doorbells didn't have on device storage. I ended up getting two Kasa KD110s.

They have on device storage using 128 GB microSD card. With their 2K resolution, that gives me about 10 days of 24x7 video (accessible using the Kasa app). These videos can be saved to your local device.

My front doorbell mounts on siding so I needed a appropriate wedge. I found what I needed from nearlynewmodels.com. It was 3D printed to my color and angle. The approach to my front door comes from one side so I used the angled wedge that came with the KD110. Interestingly, the KD110 used the same holes in the siding as the original doorbell button!

The software/firmware for the KD100 has bene continuously evolving. When I started looking at them, the reviews were full of comments saying that you had to remove the microSD to access the videos. That was addressed by an app update before I bought.

But I immediately noticed that the software/firmware didn't allow setting zones for person detection. This resulted in numerous false alerts. I finally turned off person detection and narrowly zoned the motion detection. This reduced the false alerts but I still got alerts from plants moving.

I opened a support ticket with TP-Link and after only one bounce got connected to a support person who knew what was going on. He replied that they were working on a firmware update to be followed by an app update to address this.

The firmware on the KD110s were OTA updated to 2.3.20 and the app updated to 3.3.500. That added a separate zone capability to the person detection feature. They are working fine now.

The only shortcoming that I can find is that the KD110s don't ring the original doorbell chime. They come with plug-in chimes that you can place anywhere. Each KD110 can support multiple chimes so you could put one in the kitchen and one in the bedroom.

BUT you can't buy a second chime! I've seen posts where people have actually bought a second KD110 just to use the chime. What I've done is to configure my Amazon Echos to announce the notifications.

Here is a capture from daytime.

Here is a capture from nighttime.

To VPN or Not

UPDATED 9/14/23

Over Prime Day(s), there were sales everywhere for VPNs. They tempted me but then I thought through it.

I'm always interested in "good" prices but I'm not sure why I really need a VPN. Most all the web is using https now.

The biggest risk (and it's not so big) is using public Wi-Fi. For example, I automatically connect to xfinitywifi. But if someone were to put up a fake xfinitywifi my laptop/phone would connect to it. The web data would be encrypted with https but DNS is still in the clear unless you're running DNS over HTTPS (DoH). This blog (archive.org) post explains what that is and how to enable it in Windows.

DoH was first introduced in Build 19628 (run winver to find your build). Between Build 19628 and Build 20185, you have to enable it with a registry entry.

1. Type regedit into the search box and click Registry Editor.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters.
3. Right-click on the Parameters folder and click New > DWORD (32-bit) Value, then name it EnableAutoDOH.
4. Double-click on the new key and set its value data to 2.

Use one of the following DoH servers:

• Cloudflare - Primary: 1.1.1.1, Alternate: 1.0.0.1
• Google - Primary:8.8.8.8, Alternate: 8.8.4.4
• Quad9 - Primary: 9.9.9.9, Alternate: 149.112.112.112

To enable DNS over HTTPS in the Settings > Network & Internet menu:

1. Select Settings in the Start menu.
2. Open Network settings.
3. Under Network status, open the Properties menu for the desired internet connection.
4. Click Edit under DNS settings.
5. Select the Manual option, and then specify the Preferred DNS and Alternate DNS IP addresses. DNS providers currently supported by Windows 10 are:
   ● Cloudflare – Primary: 1.1.1.1, Alternate: 1.0.0.1
   ● Google – Primary:8.8.8.8, Alternate: 8.8.4.4
   ● Quad9 – Primary: 9.9.9.9, Alternate: 149.112.112.112
6. (Only after Build 20185) Select Encrypted only (DNS over HTTPS) for encryption under Preferred DNS and Alternate DNS.
7. If desired, you can configure the same for IPv6 (the previous steps were for IPv4).

Don't miss the "for the desired internet connection." You'll need to do this for EVERY network you connect to.

To enable encrypted DNS at home, you can use the above technique or your router will probably have a setting for that. Here's my router's settings:

Still simpler, for most of us, is to enable DoH in Chrome.

1. Click the three-dots menu and choose Settings.
2. Under the Privacy and security tab, click Security.
3. Locate Use secure DNS, enable it and choose a provider from the drop-down menu.

The only other risk I've found is exposing your PC's devices to a public network.

Here's how to disable that:

And then:

The only other thing I see needing a VPN for is exiting in a different geographic location, e.g. exiting in the UK to get the BBC.

The Cloud and High Availability

One of my new favorite podcasts is RunAsRadio with Richard Campbell. The June 14, 2023 edition was "High Availability in 2023 with Allan Hirt".

You can see Allan Hirt's credentials on LinkedIn.

Here's the synopsis of the podcast:

What does high availability look like in 2023? Richard chats with Allan Hirt about his work with high-availability solutions today - not just on-premises but also in the cloud. Allan talks about the frustration folks had with moving workloads in the cloud during the pandemic panic, lift-and-shifting workloads focusing on getting things working quickly rather than cost-effectively. The results can be costly, to the point where some folks considering moving back off the cloud again - but does that make sense? Allan talks about creating high availability efficiently wherever you want to run your workloads!

Richard and Allan covered availability as manifested in the cloud. Allan is a SQL Server guru who works for Pure Storage.

Here are some excerpts.

7:31 But when it comes to high availability, really, it's tough.

And cloud isn't a silver bullet for availability.

7:58 Like everybody assumes that there's this big red button that says I've got high availability in any cloud. We're not just talking Azure, we're talking AWS and GCP.

And the cloud doesn't eliminate traditional availability issues.

8:54 You know, like your platform layer, meaning Azure or GCP, like I can spin up this VM in another region when something happens is great. But the problem then winds up being it doesn't account for things like transactions in a SQL Server installation. So all the traditional things we worry about on premises still exist up in the cloud with IaaS. It's PaaS where things get different.

And the cloud introduces new issues.

13:15 … but now we need to think about placement of our VMs. We need to think about like ensuring that the VMs don't sit on the same host or in the same rack, which means setting certain things differently in your cloud providers.

And old issues don't go away.

15:10 … I appreciate the idea that if you're responsible high availability, … that doesn't go away with the cloud. … You still are responsible for [high availability] and you have to work through the additional complexity.

And monitoring gets even more important.

23:11 And you really don't have a view of is it functioning well. And then you need somehow you need to be able to monitor the stuff remotely and realize we have no insight into what's going on into our systems. I saw an uptick in implementation of like a lot of the third party monitoring tools or SCOM … because people "Like we need this stuff." Whereas they didn't put too much importance on that.

But cloud providers likely provide higher availability than you could.

28:15 I still think the cloud is up more than any data center I ever ran was. What I've actually told customers is Microsoft, Amazon, and Google can outspend you in building a data center. And a 24 hour staffed NOC is normal for them and expensive for anybody else.

But just moving to the cloud doesn't guarantee more benefits.

30:46 So I can take my on premises VMware infrastructure, vMotion it up to Azure, AWS, GCP and vice versa all day long, right. … I think for some folks that's a good solution. … It gets you to the cloud. It works well sort of. … And so it's always interesting to see things like this is where it's more of a on premises play in the cloud.

If you're not good at on premises, you won't be any better on the cloud.

34:56 If you sucked at virtualization on premises, you're generally going to suck at stuff in the cloud. Not always, but it's generally true because if you couldn't size and you couldn't deploy well on premises, how are you going to automate and do all this cool dev ops, dev stack ops stuff. If you had no skills to do it on premises, it's not magically going to happen in the cloud.

AWS - Amazon Web Services

GCP - Google Cloud Platform

IaaS - Infrastructure as a Service

PaaS - Platform as a Service

SCOM - Microsoft System Center Operations Manager

NOC - Network Operations Center

Using Artificial Intelligence for Technology Advice

Read all the way to the end.

AI-generated content is becoming increasingly common in many areas, including home technology advice. While this technology has the potential to be very useful, there are also some risks associated with it.

One of the main risks of AI-generated content is that it may not be accurate or reliable. AI algorithms are only as good as the data they are trained on, and if the data is biased or incomplete, the results may be inaccurate or unreliable.

Another risk of AI-generated content is that it may be used to spread misinformation or propaganda. Because AI algorithms can generate large amounts of content quickly and easily, they can be used to create fake news stories or other types of propaganda.

Finally, there is also a risk that AI-generated content could be used to manipulate people’s opinions or behavior. For example, AI-generated content could be used to create fake reviews or ratings for products, which could influence people’s purchasing decisions.

Overall, while AI-generated content has many potential benefits, it is important to be aware of the risks associated with it. If you are using AI-generated content for home technology advice, it is important to verify the information and use multiple sources to ensure accuracy and reliability.

This was written by Microsoft's Bing interface to ChatGPT. I just copied and pasted it. This is to show you what AI can do.

Windows Sandbox

I've always been interested in Windows virtualization. While I've exercised it somewhat, I haven't made continual use of it especially after Oracle bought Sun.

Then recently while listening to Windows Weekly Paul Thurrott described Windows Sandbox.

I knew about Hyper-V but didn't know about Sandbox.

Here's Microsoft's documentation (archive.org) on how to enable Sandbox. You have to be running Windows 10 or 11 Pro with virtualization capabilities enabled in BIOS (probably already enabled).

Click on the Windows key and type "Windows features". Press Enter.

Scroll down to "Windows Sandbox" and check the box. Click on "OK" and let the system restart.

Now click on the Windows key and type "Sandbox". Press Enter.

There it is.

It's a pretty vanilla copy of Windows. If you make any changes, they will go away when you shut it down.

That's good and bad. If you Google around, you'll find several articles on how to configure the Sandbox and move data and files back and forth.

CMR vs SMR

I'm building a new server. When I built Trump, I put 2 2TB drives into a Storage Spaces RAID-1 configuration.

That has worked well so I wanted to do the same in the new server.

But it got complicated.

When I started looking at 4TB drives for RAID configurations, I noticed terms that I didn't recognize in the specifications: CMR and SMR.

Then I read the reviews. I got confused. Nobody seemed to like SMR drives. What were CMR and SMR? How were they different?

Conventional Magnetic Recording (CMR) drives write data on a hard disk in tracks that do not overlap. Shingled Magnetic Recording (SMR) allows tracks to overlap, which results in higher data densities, but slower read and write times compared to CMR drives.

Huh?

Just to add to the confusion, CMR is also known as Perpendicular Magnetic Recording (PMR).

This illustration begins to explain it.

The SMR technology increases the density thereby reducing the number of platters needed for a given capacity. Less platters means less cost so you know which way the industry is going.

But the SMR recording technique is accomplished by overlapping the data from one track with the adjacent tracks. Reading one track back is OK but writing one track requires rewriting the adjacent tracks at the same time.

Think about that. To write a track, the drive has to cache the new data. Then it has to read the tracks adjacent to the track needing to be written and cache that data. Then it has to merge the old data with the new data before rewriting all the tracks.

Obviously this makes writes much slower than CMR drives with discrete tracks.

For "normal" usage, these slower writes aren't much of an issue. But in a RAID configuration, they really slow down the throughput.

So how do you know whether a given drive uses CMR or SMR?

Here's Seagate's status (archive.org). Here's Western Digital's status (archive.org). Here's Toshiba's status (archive.org).

It's not easy.

Strengthening Security

Windows Weekly is one of my favorite podcasts. Recently it has added a new co-host of Richard Campbell. He also has his own podcast at RunAsRadio. Of course, I added that to my podcast list.

Jess Dodson was a recent guest on the RunAsRadio podcast.

Here's the synopsis of the podcast:

How do you improve the security of your organization? Richard talks to Jess Dodson about the current security environment we're living in and what you can do to improve your security posture. Jess talks about how breaches happen and what you can do to detect them early before things get worse. The conversation dives into getting more resources - in most cases, improving security means having the time to work on preventative measures, like implementing multi-factor authentication, security information and event management, and setting up Just Enough Administration. And you need the time to review the activities in your network to let you stop a breach before it turns into something worse!

It's well worth your 40-odd minutes.

But Jess had a couple of points that I want to emphasize.

At 21:34 she says:

You've not backed up if you haven't tested your restore.

I hope I'm preaching to the choir on that one. Here's an earlier post of mine.

And then at 33:15 she says:

[Limit] the blast radius of what they have access to do is as restricted as I can make it without limiting business.

I think that is an excellent way to explain to management the objective.

Windows 11 Upgrade Issues

My "Trump" PC server is getting long in the tooth. It won't run Windows 11 so I set out to replace it sometime down the road.

I clearly wanted the new PC to run Windows 11 so I carefully selected a tower system that supported that. In a future post, I'll detail what all I've done.

But when I began to run through Windows Update on the new system, it consistently told me that it wasn't capable of running Windows 11. I ran "msinfo" (archive.org) and it showed that all the requirements were met. Then I ran "PC Health Check" (archive.org) and it too said that Windows 11 was supported.

So I Googled "windows update says no windows 11 but pc health check says yes" and BINGO!

I'll cover the solution later but first look at that page (archive.org). It was created 16 months ago. 421 users had said "I have the same question" AND Microsoft has locked that topic to stop new posts.

tl;dr - Ignore Windows Update. Use the Installation Assistant (archive.org) to download Windows 11.

You would think that Microsoft would fix that in a year.

But my story doesn't end there.

I ran the Installation Assistant and it churned away. Then I got this screen.

Back to Google "We couldn't update the system reserved partition." and BINGO!

I'll cover the solution later but first look at that page (archive.org). It was created almost 2 years ago. 299 users had said "I have the same question" AND Microsoft has locked that topic to stop new posts.

And worse, the problem isn't new. That page links to a Windows 10 installation page (archive.org).

Unfortunately, there is not a tl;dr solution.

Microsoft warns:

Caution: these steps are complicated, and carry some risk. This is best done by advanced users with experience using the command line. If you make an error in entering these commands, you could put your device in a no-boot situation, and possibly lose data you have stored on the device.

Here's the solution:

1. Search for cmd. Press-and-hold or right-click on Command Prompt in the results, and select Run as administrator.
2. At the command prompt, type mountvol y: /s and then hit Enter. This will add the Y: drive letter to access the System Partition.
3. Switch to the Y drive by typing Y: and press Enter. Then, navigate to the Fonts folder by typing cd EFI\Microsoft\Boot\Fonts. Once there, type del *.* to delete font files. The system may ask you if you are sure to continue, press Y and then Enter to continue.

The solution worked and Windows 11 installed with no more problems.

C'mon Microsoft. You can make this simpler than this.

You Need a Side Channel

Here we Microsoft go again! There's a list of Microsoft availability problems here. Don't think I'm all doom and gloom on Microsoft. It's just that even HUGE organizations struggle with subtleties.

Microsoft's latest incident affected Azure, Teams, and Outlook for hours.

Microsoft recently released their postmortem. I applaud Microsoft for publishing this. Could your company have done such a thorough job so quickly?

As part of a planned change to update the IP address on a WAN router, a command given to the router caused it to send messages to all other routers in the WAN, which resulted in all of them recomputing their adjacency and forwarding tables. During this re-computation process, the routers were unable to correctly forward packets traversing them.

Maybe your network isn't so large that this "re-computation process" wouldn't saturate your network equipment.

Regardless there is a learning here.

Due to the WAN impact, our automated systems for maintaining the health of the WAN were paused, including the systems for identifying and removing unhealthy devices, and the traffic engineering system for optimizing the flow of data across the network.

Their network management system, including device security,  ran ACROSS their network. So when the network was impacted their network management system was ineffective. Basically, Microsoft had to watch and wait for the network to settle down.

A side channel network management solution would have mitigated that. And introduced a myriad of other problems, principally security.

Tough choices.

Password Strength Testing Tool

You've probably been following the LastPass saga. An emerging alternative is Bitwarden.

Recently Bitwarden has published a Password Strength Testing Tool here.

It's worth running your passwords through it. My day-to-day algorithm generated a rating of "Good" and an estimated time of cracking of "7 hours."

I was relatively satisfied with that until I put the password generated with my client's algorithm.

Time to revisit my algorithm.

Happy New Year 2023

The start of a new year is a good time to review a few things and make sure everything is right. Here's my list of things I think you should check once a year.

Some of the steps may be a little out of date but I think you can find your way around. If not, leave me a comment and I'll help.

Password Store

PayPal Preapproved Payments

Offline Backup

Certificate Store

Router Configuration

Guest Network for IoT

Windows Defender and Windows Defender Offline

Controlled Folder Access

System Restore

You'll sleep better.

Office Deployment Tool - Revisited

Once again I found myself with a new laptop and no Microsoft Office license. 

I found one of those gray market key vendors and bought a Office 2021 Professional Pro key for less than $20. It came promptly and even included a link to a Microsoft download site. (Don't rush to download.)

I don't need all the included Office apps. The legacy installation dialog would let me choose which application and features would be installed. I used to use that dialog to omit all the Office apps except Word, Excel, and PowerPoint.

But now Microsoft has an Office Deployment Tool that lets you customize the installation.

I recalled the solution I had found earlier and revisited my previous post.

The referenced site, MS Guides, seems to have gotten crossways with Google and probably other organizations. I used archive.org to retrieve the instructions. This post is my recap of the process and is heavily based on MS Guides.

Step 0: Uninstall all the Click-to-Run Office 365 apps that come pre-installed.

Step 1: Download the appropriate version of the Office Deployment Tool from Microsoft. Use Google to find the proper download and download it.

Step 2: Double click the download to extract the contents of this file. It will create a new folder with configuration files (xml) and setup.exe.

Step 3: Tailor the following code as needed and paste it into a new text document.

    <Configuration>

      <Add OfficeClientEdition="64">

        <Product ID="ProPlusRetail">

          <Language ID="en-us" />

        

          <ExcludeApp ID="Access" />

          <ExcludeApp ID="InfoPath" />

          <ExcludeApp ID="Lync" />

          <ExcludeApp ID="OneNote" />

          <ExcludeApp ID="Outlook" />

          <ExcludeApp ID="Project" />

          <ExcludeApp ID="Publisher" />

          <ExcludeApp ID="SharePointDesigner" />

          <ExcludeApp ID="Skype" />

          <ExcludeApp ID="Skypeforbusiness" />

          <ExcludeApp ID="Groove" />

       

        </Product>

      </Add>

      <Display Level="Full" AcceptEULA="TRUE" />

    </Configuration>

The above sample code will only install Word, Excel, and PowerPoint.

Then save this as config.xml in the folder created earlier.

Step 4: Copy the code below into a new text document file.

    @echo off

    cd /d %~dp0

    setup.exe /configure config.xml

    pause

Then save this as install.cmd in the folder created earlier.

Step 5: Double-click on the install.cmd file and it'll run. You may have to right-click on it to run it as  an administrator. I didn't have to do this.

The process will even download the required bits.

Step 6: After successfully installing Office, launch one of the apps. You'll be prompted to login OR enter a product key. Enter your new product key there.

You're done.

USB-C vs Lightning - Redux

Earlier this year I shared a post on USB-C vs Lightning. It was mostly on the durability aspects of the different connectors.

But with the recent release of the iPhone 14 Pro, there's another furor around Lightning connectors.

The earlier post included the following chart:

But I didn't pay much attention to the last row - Maximum transmission speed.

There's a 40 fold increase in transmission speed when using USB-C. FORTY FOLD!

And Thunderbolt is twice as fast as USB-C.

So what does iPhone 14 Pro have to do with this? 48-megapixel ProRAW photos - four times as many pixels as iPhone 13 models.

Full-resolution ProRAW photos taken with the iPhone 14 Pro can be close to 100MB per file.

I hope you're not in a hurry to offload your photos from your shiny new iPhone 14 Pro.

The good news is that there's lots of talk that next year's iPhone 15 Pro will have USB-C.

We can hope.

Here's a good recap of the issue from Lifewire (archive.org).

The Green Light is Back

Insteon users have had a bad couple of months. I gave up and moved on.

Then Insteon rose from the ashes.

Maybe.

Here's their blog post:

A New Day for Insteon!

We are a small group of passionate Insteon users that have successfully acquired Insteon. Like many of you, our homes are powered by Insteon’s amazing dual-mesh technology and highly configurable products. 

Most of you discovered that the Insteon Hubs began coming back online. Our first priority was getting the hubs online immediately before we had access to this site, the email service provider, social accounts, etc. Every day more customers were giving up hope so it was critical to get that restored as soon as possible. We are aware not all functions are back online but we are actively working on it. We hope you understand this urgency and appreciate your patience. 

Going forward we are committed to responsibly re-building the Insteon business. Our commitment to you, as part of the Insteon family, is to listen, communicate and be as transparent as possible in everything we do. 

Please stay tuned for updates here as well as on twitter, facebook, reddit and elsewhere. If you are an Insteon Hub account holder, look for an email in the coming days. 

Thank you all for your patience. We look forward to sharing this new journey with you. 

Best regards,

Ken Fairbanks

CEO, Insteon Technologies

No thanks.

And here's an e-mail thread between me and some co-workers:

A: Are either of you doing anything with the new Insteon company??

Me: Not with a 10 ft pole. The new owners seem to be well intentioned but the brand is sullied beyond reprieve.

A: That’s my thinking too. Plus I am [not] as dependent on them as some people.

B: No. Pretty much moved all to Wyze.

Z-Wave to the Rescue

You'll recall the disaster that Insteon caused me.

I started off down the road to use "simple" Wi-Fi devices and bought a couple of Kasa (by TP-Link) plugs and a switch. They were easy to install and setup and worked fine.

But every one of them was a separate device on my IoT Wi-Fi network. Long term, that could get to be a problem.

Then another problem opportunity arose. My alarm system went south. But it was 20+ years old.

My alarm company suggested a new system. As I was researching it, I noticed that it included a Z-Wave controller.

So, I stopped my Kasa roll-out after 2 plugs and ordered Enbrighten Z-Wave switches.

The alarm system uses alarm.com for an Internet interface. The Internet services costs $5 per month. To add Z-Wave service adds another $5 per month. At least alarm.com has a business plan unlike Insteon.

Adding the Z-Wave switches to alarm.com was easy.

alarm.com has a good system to create device scenes and schedule them but I wanted to concentrate my automating into my Amazon Alexas.

Amazon has TWO Alexa skills for alarm. com. One is for alarm settings, e.g. scenes, and the other one controls individual devices.

This one is for the alarm and scenes:

This one is for devices:

It would be nice if there was something more obvious to differentiate them other than inferring function from the terse text.

Anyway, initially I installed the alarm and scenes skill. With that, Alexa didn't see the individual devices. So on the alarm.com app, I created scenes for the each logical activity I wanted, e.g. "Outside Lights On".

This caused further complications in the Alexa routines. Notice that I had to use the syntax of "Alexa ask alarm.com to run outside lights on".

That works fine but there are undocumented syntax restrictions on the Alexa action command. It took lots of trial and error to get names that would clear the restrictions.

Then I discovered the Alexa skill for alarm.com devices. With that, Alexa could see the individual devices. I haven't undone my successful work and switched to the more direct constructs.

For thermostats, I'm going with Honeywell RTH6580WF.

Almost as Good as Wired CarPlay

I've been running CarPlay in my car for a couple of years. I dedicated an old iPhone to this function and left it in the call full time. We run the car enough to keep it charged.

That worked very well. Every now and then the car's head unit wouldn't recognize the iPhone. Sometimes unplugging and replugging would fix it. Sometimes you had to turn off the car and restart it.

Nevertheless, it was very satisfactory.

Except...

My wife wanted to be able to call and text from her phone using the car's integration. The dedicated iPhone worked fine for that but presented a different phone number.

I had tried a wireless CarPlay dongle from AliExpress in 2019. It required me to download an app and install it in my car's head unit. Microsoft Windows Security pitched a fit when I downloaded that app and then it wouldn't install in my car's head unit.

Recently I gave it another try.

I ordered CarlinKit 3.0.

This time it worked almost flawlessly.

I say "almost" and that's not a big negative. Even wired CarPlay is not 100% dependable. This CarlinKit 3.0 is "almost" that dependable. The CarlinKit 3.0 disconnects more than the wired iPhone but not enough to be a real problem. When either CarPlay disconnects and reconnects, any trip in progress is terminated and has to be restarted.

CarlinKit 3.0 connects quickly, "almost" as quickly as the wired CarPlay.

The only thing I've found that is different from wired CarPlay is that CarlinKit 3.0 occasionally switches away from FM to CarPlay audio. But I'm not convinced that that is a CarlinKit 3.0 problem. Since I am no longer using a dedicated iPhone for CarPlay, my passenger uses the iPhone connected via CarlinKit 3.0 while we are driving. If the iPhone starts emitting audio, e.g. from an autoplay video, I think that triggers the switch. That would be a CarPlay issue, not a CarlinKit 3.0 issue.

Overall, it is worth the minor issues. Being able to use CarPlay for voice calls and text messaging is very valuable.

Between a Rock and a Hard Place

That's where ALL Insteon users find themselves.

I've had a good ride with Insteon. Until April 15, 2022.

I'll let you read Stacey on IoT's coverage. And even SmartLabs' feeble and belated attempt at explaining.

Where that leaves me and 1000s of other Insteon users is that their in-house equipment is fine but crippled due to https://connect.insteon.com being down for the count.

So, where do I go from here? There are several organizations out there trying to help.

But let's think about those solutions. They all cost a couple of $100s. And when you're done, you still have the Insteon switches and plugs which you can no longer buy and the Insteon hub which you can no longer buy. And the solutions put a server in your house that you have to support and maintain.

That's the Rock.

Then there are the alternatives. These mostly consist of Wi-Fi switches and plugs but depend on a cloud service.

What do you do if/when the cloud service goes away like Insteon did?

That's the Hard Place.

My decision is "Less is More." I'm going with Wi-Fi switches and plugs with no hub and server in the house. At least there are less moving parts.

And I plan to use Amazon Echo to create the automation schedules and routines. That gives me one degree of separation from the Wi-Fi switch and plug vendor's cloud service.

Don't Believe Everything You Read on the Internet

I guess the title of this post is obvious but from time to time I just have to repeat it.

You'll remember that I'm a big fan of Wyze. But that doesn't lower my expectation of them.

The Verge did a "The Sky is Falling" story on Wyze's v1 camera. Incidentally, Wyze stopped selling them in 2018. They continued supporting it until January 2022.

The security research firm Bitdefender discovered a vulnerability in the v1 camera in March 2019. For some unclear reason, Bitdefinder didn't go public with this after a responsible time. Nor did Wyze share the vulnerability with it's customers.

Then the media started piling on. Read some here.

Even my favorite security podcast featured the vulnerability as "Not So Wyze."

Squarely in the doghouse this week is WYZE whose super-popular webcams have problems which are just as serious as those of the company itself... and, oh!, the authentication bypass details, which I'll share, are SO wonderful!

But don't stop listening there. Listen on to 1:31:12. Someone in the chat room asked "Would it be safe to use a Wyze cam v1 behind a firewall?" Steve answered "I think so. ... The threat model is that you might have mapped a port through it so that you had access to the camera directly, remotely ..."

Listen folks, if you have mapped a port through your firewall to your security camera, you get what you deserve.

Guest Network for IoT

Several years ago I posted a diagram of my home LAN. It's still very much the same.

While that diagram covered the wired network, I didn't mention the wireless network. That diagram showed 3 wired IoT devices: the Insteon Hub, the Obihai terminal, and the Cisco femtocell.

I have replaced the Insteon Hub due to failure, upgraded the Obihai to OBi200, and replaced the Cisco with a new AT&T Cell Booster.

For the wireless IoT devices, I've created a "guest" network using my Asus RT-AC68R.

All of my IoT wireless devices use 2.4GHz so I didn't even enable the 5GHz band.

Notice that the Asus screen says:

The Guest Network provides Internet connection for guests but restricts access to your local network.

What it doesn't say is that the guest network as implemented by the Asus allows access FROM the local network TO the guest network.

So I can view and control my IoT devices from my local network.

I was inspired to write this post by a recent article on Android Central. In that article, they say:

Your home router's guest network is wholly separate from the one you connect your smartphone or computer to. [emphasis mine]

Don't believe everything you read on the Internet.