OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years



Home Forms Contact Current Newsletter subscribe 
Search Articles
Before Aug 2024

Browse by Category
Tips & News Security Internet Mobile Hardware Fun


powered by pmc2m
  OCS Newsetters from August 2024 to current

Oregon Computer Solutions' Newsletters Aug 2024 to current



Oregon Computer Solutions' Newsletter

September 2024
Steve Shank
Keeping clients' computers safe and profitable for over 30 years


Contents



Library Access

Preview:People using library

Many Oregon and SW Washington libraries are part of the Metropolitan Interlibrary exchange. This means that people living in one county can get library cards, from any of the other libraries. This allows them to access the services, books, and videos of those other libraries. I borrow e-books and stream movies and TV shows from both Multnomah County libraries and Washington County libraries.

Oregon and Southwest Washington Libraries are Pretty Cool. Around the tri-county area surrounding Portland and including Vancouver and all the way east to Hood River all share the Metropolitan Interlibrary Exchange. This means if we reside in any of these areas, we can get library cards from the others. I live in Washington County and have a Washington County library card and a Multnomah County library card.

In the last few years, I've been to a library twice. Once to get my Washington County library card and once for my Multnomah County card. Perhaps I should drop down to Lake Oswego and pick up a Clackamas County card too, but that is liable to get too confusing for me.

Books


All these libraries offer access to Libby. You can set up a free Libby account with each of your library cards and checkout e-books. These work with the Libby app on Android or iOS. It also works with Kindle and Kobo e-readers. If you have multiple library cards, perhaps a book will be available at one library that has a waiting list on another. You just check the book out with your device and return it electronically when you are finished. The books will automatically return on the due date unless you renew them. There is a better chance of getting your books from this system, than from any single physical library because you'll be accessing all the available books for the entire county.

Streaming Videos


All three of the Tri-County libraries also offer Kanopy. This is a streaming app for your TV, which offers thousands of movies and TV programs. It works like any other streaming service. You'll get a certain number of credits to use each month on the TV shows and movies of your choice. I've added it to my Roku TV and logged in once with my Washington County library. Lots of fun stuff here. It is also available on other platforms.

Multnomah County also offers 10 credits each month for streaming movies and TV shows from Hoopla. Hoopla is another service, like Kanopy offering thousands of TV shows and Movies. All these services stream ad free.

Both Kanopy and Hoopla have apps for most streaming devices, like Amazon TV, Apple TV, Roku and others.

What I do


I use the Washington County Library for books. I have a Kobo E-reader, and it automatically connects to the back engine behind Libby. I set up the account using my Washington County card. I also have the Libby app on my Android tablet, and my Android E-book reader.

On my Roku TV, I've installed the Hoopla app. I set it up with my Multnomah County library card and the Kanopy App account, which I set up using my Washington County library card. This way I don't need to switch accounts. I just click the app and all the favorites I've chosen appear, and I can stream what I want.

Links





[return to contents]

Bitwarden Password Manager

Preview:

Bitwarden is my choice for a password manager that will keep all your passwords on your multiple devices synchronized. Here are some of its features.

Password managers are essential for computer security. If you aren't using one, then it would probably be the best security upgrade you could make. I have long recommended KeePass. Here's a link to a page from October 2011 where I list 3 introductory videos I'd made for KeePass. However, as time passes, more of my clients want their passwords synchronized between their phones, laptops, and tower computers. I recommend Bitwarden for those clients.

I still think KeePass is the best option for a single computer. For example, an office computer to maintain necessary business passwords. It is also an excellent option if you are comfortable keeping your KeePass database synced to your mobile devices manually. Furthermore, it offers the advantage of being entirely on your local computer. In case of an emergency, if your emergency contact has your KeePass file and the password, they will get in. They won't be stymied by confirmation emails or texts going to your cell phone.

However, if you aren't comfortable doing that, or want better syncing, or simply want your passwords online so they are always accessible if there is an Internet connection, Bitwarden is a better option. Bitwarden also makes it a little bit easier to log into most websites.

KeePass has the security benefit of not being online. There do not have a huge database treasure for hackers to attack. It is strictly a Windows desktop application. KeePass2Android is an excellent Android app that will read and write to the KeePass database. It is separate from your browser, but is easy to use with your browser. Bitwarden, on the other hand, maintains your passwords online, and that poses a small risk. However, that risk is minimal. If you have a good master password even if they lost your vault, no one could access it. Bitwarden does not have your password. They cannot lose it. Furthermore, they have annual audits from reputable third-party security auditing firms as well as independent security researchers. The software is open source, and they enlist the hacker community to investigate and report any flaws as well as the paid audits.

Pricing

KeePass is free and open source, but I recommend giving them a donation occasionally if you use the program. Bitwarden has a perfectly good free version for one or two people. I recommend using the premium version though for $10/year. There are also family and business versions. These allow passwords and other information to be shared between users who can also have their own private accounts. These are competitively priced.

Recommended Bitwarden Programs

You can access your passwords three ways. I recommend using all three.
  1. The application. This is run from your computer or mobile device. They have it available for Windows, Linux and MAC, Android and iOS. Having it available on your desktop is useful for entering passwords for accounting and other local software. It is also useful for looking up information you store in it, like license keys or driver's license number.
  2. Browser extensions for all major browsers. These make it easier to log in to websites.
  3. Website. Some features that are only available by logging into your account online, so you should use this option as well.

Basic Features

Even the free Bitwarden has these features:
  1. Folders
  2. Excellent search to find anything quickly
  3. Generate excellent random passwords for you
  4. Have special forms for filling out logins, Credit cards, your identity (things like social security number, driver's license etc. and even Secure Notes.
  5. Quick access so you don't need to enter your long master password very often.
  6. Import and export for many other password managers.
  7. Favorites. Display your most used logins (or credit cards) on top for faster access to the websites from Bitwarden.

Creating a new Login

A new login looks something like this:


The check if that password has been exposed, checks hundreds of millions of passwords that have been exposed and reports whether that password is one of them and if so, how many times.

When I get to a new website that wants me to set up an account, I copy the login field and then set up the account in Bitwarden and be sure to save it. I always set up Bitwarden first, then use it to fill in the information to the website. This way, I always have the correct passwords saved in Bitwarden before the website gets them.

Extraordinary Features

Send (Free accounts text only, paid accounts also allow sending files)
Send lets you send fully encrypted messages or files safely to anyone, whether they use Bitwarden or not. If you need to send someone a password or other private information or a file, Bitwarden lets you do it quickly and easily. They do an excellent job with this.

Reports (Most are for paid users only)
There are many reports you can get from your web account, including how many times every one of your passwords was exposed in some data breach. This is important, because hundreds of millions of previously used and exposed passwords can quickly be checked by hackers.

Here's what a small part of my report looked like. I've removed the parts of the report that show the website and other information.



You can use this report to change your password and upgrade your security, or simply send old accounts to the trash. Those accounts above were either decades old and no longer in use, or completely local programs.

Other reports show weak password, reused passwords, data breaches and more.

Integrated Authenticator App (Paid feature)
Allows you to use time-based one-time passwords for 2-factor authentication.

Emergency Contacts (Paid Feature)
Premium users, can designate trusted emergency contacts. Anyone with a Bitwarden account can be designated as a trusted emergency contact. You designate them, then they must accept, then you must confirm. When you create the emergency contact, you specify a wait time.

Once that has happened, if an emergency occurs, the contact will submit a request which generates an email to you. You can approve or not. If you do nothing, then after the wait time you specified, access is granted.


Bitwarden Learning Center



[return to contents]

For Fun


Amazon, time traveling?

Does Amazon have unrealistic expectations, or have they mastered time travel? As of July 29, they still hadn't delivered a package with a guaranteed delivery date of July 24. In fact, they no longer had any expectations, since they couldn't find it, but they were sure it was "on its way".

This is from an email they sent me on July 27 confirming that my package would arrive on July 24. A week later, they still hadn't found it, so they issued a refund. I bought it elsewhere.





Google Pizza

This conversation could occur next time you order pizza.

Google Pizza: Hello John, what can I do for you?
You: "Is this Pizza Hut?"
Google Pizza: "No sir, it's Google Pizza."
You: "Oh, I must have dialed the wrong number, sorry."
Google Pizza: "No, sir. Google bought Pizza Hut last month."

You: "Okay. I would like to order a pizza."
Google Pizza:"Do you want your usual, sir?"
You: "My usual? You know me?"
Google Pizza:"According to our You ID data sheet, the last 12 times you called you ordered an extra-large pizza with three cheeses, sausage, pepperoni, mushrooms, and meatballs on a thick crust."
You: "Super. That's what I'll have."

Google Pizza: "May I suggest that this time you order a pizza with ricotta, arugula, sun-dried tomatoes, and olives on a whole wheat gluten-free thin crust?"
You: "What? I don't want a vegetarian pizza."
Google Pizza: "Your cholesterol is not good, sir."
You: "How the hell do you know that?"
Google Pizza:"Well, we cross-referenced your home phone number with your medical records. We have the result of your blood tests for the last seven years."
You: "Okay, but I do not want your rotten vegetarian pizza. I already take medication for my cholesterol."

Google Pizza: "Well, excuse me, sir, but you have not taken your medication regularly. According to our database, you purchased only a box of 30 cholesterol tablets once at Lloyds Pharmacy, four months ago."
You: "I bought more from another pharmacy."
Google Pizza: "That doesn't show on your credit card statement."
You: "I paid in cash."
Google Pizza: "But you did not withdraw enough cash, according to your bank statement."
You: "I have other sources of cash."

Google Pizza: "That doesn't show on your latest tax returns, unless you bought them using an undeclared income source, which of course is against the law."
You: "What the heck?"
Google Pizza: "I'm sorry, sir. We use such information only with the sole intention of helping you."
You: "Enough already. I'm sick of Google, Facebook, Twitter, WhatsApp and all the others. I'm going to an island without the Internet, TV, where there's no phone service and no one to watch me or spy on me."
Google Pizza: "I understand, sir, but you need to renew your passport first. It expired six weeks ago. Meanwhile, may I suggest an excellent travel agent?"



[return to contents]

Google is Killing uBlock Origin

Preview:man with machine gun killing a saint

Google's move to Manifest 3 is killing the best Ad blocking software. Is this because Google makes its money selling ads? In any case, here is how it will affect you and my suggestions for different browsers. Firefox users will not be affected.

What is Google Doing?

Google has been working to change the rules for extensions. These include ad-blockers and many other things. Many of their changes from what was Manifest V2 (MV2) to the newer Manifest V3 (MV3) make sense. They will produce faster, cleaner code. However, some seem to directly targeted at crippling ad-blockers. Remember, Google is an advertising company. They make their money by selling the ads which ad-blockers block.

The base Chromium engine is used by Brave, MS Edge, Chrome, and Vivaldi among others. This base is removing MV2 support. Brave is committed to continuing to support MV2 for a few privacy and security centered extensions like uBlock Origin. Microsoft and Google will stop allowing them. Vivaldi won't give us a clear answer.

Firefox doesn't use the Chromium engine and will continue to support MV2 and the full uBlock Origin into the foreseeable future. Safari is less clear about how long they will support it.

What Should You Do?

I strongly recommend that you do not use either Google's Chrome browser or Microsoft's Edge browser. Clients who use those browsers end up with 3-5 times as many trackers, even with a tracker blocker like uBlock Origin installed. Both Microsoft and Google make much of their income selling and tracking you. I recommend Firefox as the best alternative, but Brave is also good and Vivaldi is reasonable, particularly if you like to tinker a lot. These companies do not track you and sell your browsing information.

However, for those of you using Chrome or Edge, I recommend choosing either uBlock Origin Lite or Ghostery. Raymond Hill, the developer of uBlock Origin, is doing the best he can with MV3 compliance with his lite version. It isn't as good as the full version, but it works almost as well. Ghostery is from the old Cliqz company and is also making a pretty good MV3 compatible version of their excellent ad blocker and antitracker.

Further Reading






[return to contents]

Passwords or Pass Words?

Preview:

A comparison between using random passwords and what Bitwarden calls passphrases, but I consider pass words.
Girl with 2 good path options

An alternative option to random passwords is the idea of pass words. Bitwarden calls pass words, pass phrases, but they are not phrases. They are 3-5 randomly generated words from a 7,776 word dictionary. The idea is that for your password safe and perhaps a couple of other sites you might type the password into occasionally, or remember, then four words might be easier to type and just as secure.

So, what is safer? Let's start with the basics. To have a good password, it must be a password which no one has ever used before. Numerous data breaches have provided miscreants with hundreds of millions of passwords. If anyone has ever used a password, it is probably in a dictionary available to hackers, so it can be quickly cracked.

So, we all understand random passwords which would look like this:
RzON#@*7j86tkmI5txp3k!haao

while a passphrase will look like this:
Shower@Discern@Anaconda5@Yanking

Clearly, if you ever needed to remember one of these, type one, or tell someone one, then the passphrase is the only way to go. But, how safe is it?

I'll use Bitwarden's password space for these calculations. Bitwarden allows us to choose whether to capitalize each word, what separator to stick between them, and whether a numeral will be included.

There are three factors to consider when understanding or calculating password strength or space.
  1. The set size
  2. The length
  3. Complicating factors
Let's look at a few of these.

Imagine you have a password made up of only lower case letters. That is a base space of 26. Upper and lower would be 52. Upper lower and numerals would be 62. Bitwarden finds that so many sites restrict symbols, that it only allows 8, making the entire space 70 characters.

If your password is 1 character long, then 70 possible passwords would exist. If it is three characters long, then there are 70^3 or (70*70*70) or 343,000 possible passwords. You can see it increases fast. A 15 character password would be: 70^15 or 4.747561509943E+27 4,747,561,509,943,000,000,000,000,000

Now, a 4 word passphrase with 7,776 words possible means 7776^4 or
3.65615844006298E+15

With each word capitalized or not and any of 8 characters between the words, then we have 16 times as many or 5.84985350410076E+16

A 4 word passphrase is about has difficult to crack as an 8 character random password.
A 5 word passphrase is roughly equivalent to a 10 character random password
A 6 word passphrase is roughly equivalent to a 12 character random password.

I don't find this good enough, so I'd alter any of the options created by Bitwarden. First off, we don't need to limit ourselves to only 1 character between words or all caps or not. The same with numerals so Bitwarden's Shower@Discern@Anaconda5@Yanking

Could become
Shower333@Discern@;;;Anaconda5@Yanking

So, I just inserted 3 threes and three ; symbols. Otherwise, everything remains just as Bitwarden created it. Merely not following Bitwarden's system and changing something, will make it fall outside the parameters which an attacker might try if they expected you to follow Bitwarden's suggestions completely. Once you stop following the rules, incalculable options manifest. The attacker can no longer just guess words in a dictionary separated by a single separator.

This makes these passphrases a potentially useful option.


[return to contents]

Oregon Computer Solutions' Newsletter

August 2024
Steve Shank
Keeping clients' computers safe andprofitable for over 30 years

[TOP]

Contents



Microsoft's Increasing Invasiveness

Preview:

Microsoft's horrible new Outlook continues their movement toward being a marketing company, selling your personal information. It achieves new levels of invasiveness, previously unimagined.

The New Invasive Outlook

Microsoft has been upgrading users to the new Outlook, which will be free on all new Windows 11 computers. Here's what they say at Microsoft.com.

The newest Outlook for Windows is here
Outlook email and calendar is now included for free with Windows. Enjoy a best-in-class experience with intelligent tools to help you stay on top of your day, your way.

However, if we were in the European Union, where companies must disclose how they share your data, we'd see more. We'd be informed that Microsoft will collect data on you and share it with 813 "partner" companies (as of May 2024).

Some privileges these 813 companies would have included:
  1. They can store information on MY device. All 813 of them.
  2. Personalize ads and CONTENT!
  3. Derive insights about me
  4. Scan my computer, its files, drivers etc.
  5. Get precise location data
Number 4 above might freak you out. The purpose of their scanning our computers is to develop unique profiles about us so they can target ads more effectively and differentiate us from anyone else. However, this is freaky. Can they really control over 800 companies from reading our email or documents or accounting?

Data Storage, wrong place

One of the things which has consistently bothered me about Microsoft and where I fundamentally disagree with their approach is data storage. We encounter this consistently.
  • Microsoft wants you to log in to their servers, and I want my clients to log in to their own computer with local accounts.
  • Microsoft wants your documents stored on their servers with OneDrive, I want documents stored locally.
  • Microsoft wants spell checking and grammar checking done centrally, on their servers. They want everything you type going to them to analyze. I want everything held locally on your computer. Spell checking and grammar checking should be kept as local as possible.

This basic division is that I believe in local data and Microsoft's wants to keep everything on their systems. This division is displayed with the updated Outlook as well. If you don't use a Microsoft Exchange Server, but instead Gmail, or Comcast, or any other provider for your email, Microsoft will still keep your login name and password on their servers. They will log you in. They will control your credentials. I believe the login credentials should be stored locally on your computer, the way Thunderbird or Essential Pim do it. It should be an agreement between you, your local email program and your chosen provider, not Microsoft.

What do I do?

Many companies chose Microsoft and there is nothing you can do. You must use Office 365 to fit in. However, if you have a choice, there are many good alternatives.
  • I pay for a real email provider who does not make their money by selling me. The cost is minimal, the support excellent and the service very good. I use Runbox to host my email. I avoid my website host (who didn't do a good enough job) and Comcast and Google.
  • I use EPIM for my Email program, not Outlook. Essential Pim (Personal Information Manager), not only handles email, but also my task list, contacts, and calendars. Thunderbird is also exceptional and does all that.
  • I use LibreOffice for my office software, not MS Office. It will read and write Word, Excel, and PowerPoint documents.
  • I use specialized programs for special purposes, so don't need to use an office suite very often. I write this newsletter in Scrivener, and take my notes in Joplin.

Further Reading:




[return to contents]

Interesting Articles from Perplexity AI

Preview:

Perplexity AI is now one of my two recommended free AI services. The other is You.com. One of these should probably replace most of your searches for faster answers, less advertising and no tracking.

I've been exploring AI chatbots to use in addition to or instead of a search engine. I wasn't impressed with DuckDuckGo's entry into this market, but am very impressed with both You.com and Perplexity.ai. They are my goto search engines now, though I also use DuckDuckGo. Both these services offer non-tracking, free, limited versions, of their paid products. I'm pleased with their free versions.

What's wrong with old-fashioned search?

Usually, I don't want a list of websites that talk about a topic. I normally want the answer to a question, like "How many ounces is 232 grams?", or "What did Plato's alarm clock look like?". These bots provide a summary, pointed directly to my question, from a dozen or more sites.

Perplexity opening screen

Perplexity Discover

In addition to providing a free search bot, Perplexity also has their bots comb the news for interesting articles. These are available on their website by clicking discover on the left side menu. They then combine them, write a script, and produce a great little podcast called Discover Daily by Perplexity. It is read by ElevenLabs' shockingly great AI voices. I don't think a human hand is really involved.

Perplexity also offers mobile apps.

Here are some of the articles I found interesting last month.


  • Rolls-Royce develops a Nuclear Micro-Reactor
  • Plato's alarm clock. To wake up his students for morning lectures.
  • Xiaomi's Autonomous Phone Factory can produce 60 phones a minute without human intervention. Operating without human intervention, the facility employs advanced robotics, artificial intelligence, and machine learning technologies to manage the entire production process autonomously. No heat or light or people needed.


[return to contents]

Using Coretemp


I install Coretemp on all my clients' computers. The program displays in the status bar and will look something like this.

coretemp in system tray

It could be configured in many ways. It offers many options you can play with if you like, but I always set it to display 2 things:

  1. The highest temperature of all your CPU cores.
  2. The load on the CPU. In other words, how hard it is working.

Above you can see a shot I took of my system tray. Coretemp displays the hottest core is 97 degrees Fahrenheit, while the load on my computer is 0%. It isn't even using 1% of its power.

Here are two examples of how I've used it recently.

Example 1. Why is it running hot?


Normally, I look for excessive heat when the computer is on but not working hard, but this time it was working, and it shouldn't have been working.

On June 11, I noticed that my computer's temperature was running about 125-130 degrees, and it was working. Normally, it runs at about 95 degrees when not working hard. So, what was going on? I wasn't doing anything yet. I ran task manager and sorted by CPU usage.

  • Open Task Manager by pressing Ctrl + Shift + Esc
  • Be certain you are in the Processes area
  • Click on the CPU column header to sort.
  • By default, the arrow on the column header should point down to sort the data from highest to lowest CPU consumption.

Here's what it looks like.

task manager sorted by cpu

You'll notice when this snapshot was taken, my computer was using 4% of the cores' capacity and Firefox was the biggest user. But, when this anomaly occurred, Snagit was running in the background and doing a lot. I hadn't run Snagit. I checked back a couple of hours later, and it was still going, so I ran the program, it wanted an update.

Apparently, it was working hard, trying to connect with the updater but never actually alerting me. Perhaps it was asking a question behind other windows, I don't know. I got the update and the unusual heat disappeared.

It is normal for it to run hotter when it works harder.

Example 2. A Dirty Computer

This was a client who had a computer that was running hotter than it used to run when it wasn't working. Again, it normally runs at perhaps 95-100 degrees, but was running about 130 degrees even when not working. I went to the client's office, opened up the computer (after unplugging it!) and vacuumed it out, then blew it out and removed all the dust and dirt that had accumulated over the years. The dirt and dust insulate the electronics and hold in the heat. When I returned the computer to service, it was once again running cool.

Summary

Monitor your computer temperature and load so you get a sense of how it normally runs and be alert to prolonged unusual readings.

My Tool

I use the Jicawz compressed air duster from Amazon. It is a 3 speed vacuum and air blowing duster. It replaces your canned air and also works as a great little vacuum cleaner. It is rechargeable and cordless. It has many attachments and I also use it to clean my coffee grinder.



[return to contents]

KeePass Emergency Sheet

Preview:EMTs coming to home

I recommend a printed emergency sheet with your KeePass password, email password and some other critical information. Here I explain why and off a free fillable PDF Form for your use.

People can forget the password to their password manager. If they do, all is lost. There is no recovery or breaking into the password manager. It is secure if you use a good password. There are two good solutions to this problem, and I suggest using both options.
  1. Have a trusted friend or two who has your password in their password manager. Be sure they practice tight security and they are truly trustworthy. You are giving them a lot of power. I've given my password to both my brother and two friends.
  2. Print out an emergency recovery sheet so you have a paper copy and store it in a safe place you will remember.

To facilitate the second option, I've created a fillable PDF form, you can complete and then print out and delete. Then empty your recycle bin. I've made this form specifically for KeePass because that is what most of my clients use. You can still use it for any password manager, and simply add any other important information in the notes section.

In addition to the master password, the form has a spot for other significant information:
  • The KeePass file name and location
  • Your primary email address and password. Often a site will send an authorization code to your email address.
  • Your secondary email address and password.
  • Your phone's pin. In case, they send a code to your phone.
  • Notes for other critical information.

If you are married, be sure your spouse or children (if trustworthy), know where you are storing the sheet and what it is for.


[return to contents]

More fun signs


Oh, so true




At the bookstore:





Did you hear about the woman who quit her job at the doughnut factory?

She was fed up with the hole business.

[return to contents]

  
Copyright © 1998-2020 Steven Shank--ALL RIGHTS RESERVED