Month: October 2010

Using child safety outlets to save energy

Dave Farquhar Saving money , , , , ,

Last Updated on July 15, 2017 by Dave Farquhar

I got a new book recently about saving energy. I’ve read several of those, but this one had two tips I’ve never seen anywhere else: caulking baseboards and putting child safety covers on electrical outlets.

It didn’t explain caulking the baseboards, but I will. Frequently there’s a gap in the wallboard where it would normally meet the floor. Maybe it’s laziness—it’ll be covered by the baseboard, after all—but that gap is also a handy place to do after-the-fact wiring, reducing the need to cut into walls and then patch and repaint. The gap makes the area prone to drafts, however. So caulking where the baseboard meets the wall, and where it meets the floor if it’s not over carpet, makes rooms less prone to drafts.

Child safety outlet cover
These child safety outlet covers team up with foam gaskets (pictured below) to make a good energy-saving combo

The child safety outlets make for another interesting trick. I’ve talked before about foam electrical outlet inserts and their companion for light switches. And I’ve wondered about putting a child safety plug in. But recently I bought child-resistant outlet covers, after seeing them on This Old House. They come in varieties that twist or slide.  I like the sliding ones better, both from an insulating and usability standpoint. They’re convenient because you can just slide the cover out of place, rather than having to remove an insert. And these covers do two things: They put more material between you and the gap in the wall, and they cover the outlet plugs themselves, eliminating that last little source of drafts. And when you have small children like I do, they’re a necessity anyway.

I do insulate interior walls as well as those that face the outside. I didn’t used to bother. But this book mentioned that gaps in interior walls can cause them to act like chimneys, drawing heat out of the room. So I’ve changed my ways.

Foam electrical outlet insulatorsBoth of these are inexpensive upgrades that don’t take long to accomplish. When you buy the switch covers in bulk, it gets even cheaper.

I get ridiculed sometimes for talking about saving energy so much, but think about it. Energy isn’t getting any cheaper. My local utilities ask for rate increases just as frequently as the law allows them to, and more often than not, the state grants an increase. Not always as much as they ask for, but something.

More energy saving ideas

I’ve done a number of other things to help me save energy over the years. Most are pretty inexpensive. I installed thermal blinds and thermal curtains. Then I insulated my hot water pipes. And of course I use LED light bulbs.

My electric usage dropped 19 percent in 2011, so these things work.

Save money on cables by not buying at retail

Dave Farquhar Hardware, Saving money , , , , ,
Save money on cables by not buying at retail

Last Updated on November 28, 2018 by Dave Farquhar

I’m ashamed to say I own one Monster cable. Hopefully if I tell you I bought it at a garage sale for $2, I’ll regain your respect. But there’s an easier way to save money on cables than buying at garage sales.

Unless you need it immediately, there’s no reason whatsoever to buy Monster and other overpriced cables at big-box consumer electronics stores. Profit margins are really thin on most electronics, even the big-ticket items, and they use the cables to make up for that. That’s the reason nobody includes cables in the box.

Read more

The solution to paper passwords

Dave Farquhar Software , , , , , , ,

I know your passwords are either written down or insecure. I know it just as surely as I know New Year’s Day is January 1.

I know because passwords have to be incredibly complex to be secure, and I know because the typical person has to juggle half a dozen of them, or more. Think about it. Your work account. Amazon. Ebay. Paypal. Facebook. Your bank. Your personal e-mail. Your credit card. Your online billpay service.

I know you’re not going to memorize a half dozen gibberish passwords that look like 5E%c2.3730pK$0/.

So you have them written down somewhere, which is OK, or you have them all set to the same thing (hopefully not “popcorn”), which isn’t OK. Even if you’re using 5E%c2.3730pK$0/ as your password.

A secured piece of paper works fine until you lose it, or you’re out somewhere and don’t have it.

The solution is a product called Lastpass. Software legend Steve Gibson talked about it at great length at http://www.grc.com/sn/sn-256.htm.

Basically it’s a program, which can run standalone or as a browser plug-in, that stores passwords securely. It mathematically slices and dices the data so that all that’s stored on LastPass’ servers is undecodable gibberish, but, given your e-mail address, your password, and a printable grid you can keep in your wallet, you can decode your password database from any computer, anywhere you happen to be.

There’s a lot of nasty math involved in cryptography, and I won’t pretend it’s my best subject. Gibson goes a lot further into the details than I want to get into. As someone who knows enough about cryptography to get CompTIA Security+ certification, and someone who’s read the official CISSP book chapter on cryptography twice, it sounds good to me.

An additional feature is the ability to store things you need rarely, but when you need them, you need them desperately. Things like your credit card numbers, driver’s license number, and your kids’ social security numbers.

There’s a free version of Lastpass, and a premium version that works on mobile phones and mobile software like Portable Firefox, which costs $12 per year.

The free version runs on Windows, Mac OS X, and Linux, which covers more than 99% of the computers out there today. And it runs in every major browser.

When you go to run Lastpass, it will import your stored passwords from your web browser(s). And it will give you a rating, based on how secure your passwords are and how often you re-use them. It will generate secure, random gibberish passwords for you and help you visit sites and change your passwords. Along the way it grades you, helping you to increase your security.

It can synchronize too. So if something happens and I have to change my Amazon password and I’m at work, my wife gets the changes, so if she needs to get into Amazon, she doesn’t have to do anything different.

It makes good security an awful lot less painful. I can pretty much say, without reservation, knowing nothing about you except that you use a computer, that you need this.

SSD myths

Dave Farquhar Hardware
SSD myths

Last Updated on April 3, 2025 by Dave Farquhar

SSDs, like most disruptive technologies, face some questions and resistance. People will grasp at any straw to avoid adopting them. Thanks to this resistance, a number of SSD myths arose. Here are the myths I see repeated over and over again, and the truth, based on my experience actually using the things.

Note: I originally wrote this way back in 2010. The drive technologies I speak of as state of the art are rather aged now. But the principles still hold today, and will continue to do so. Hard drives have gotten better, but SSD have gotten better at a more rapid pace.

Read more

What to do when a Microsoft patch won’t install

Dave Farquhar Software, Windows ,

Last Updated on September 6, 2016 by Dave Farquhar

Every once in a while, when you push patches for a living, you come across a time when a Microsoft patch won’t install. This is one of those times, and what I did to fix it.

So, Microsoft KB947742, an old .NET 1.1 fix, refused to install on one of the servers at work. When I ran the executable, all it did was pop up the window showing the Windows Installer switches or parameters. Searching Google turned up a number of people having the problem, but no solutions that worked, although reinstalling the .NET 1.1 Framework and the latest version of the Windows Installer are always good ideas when you run into weird problems. .NET 1.1 is extremely fragile anyway, and reinstalling it along with all applicable hotfixes has worked for me in the past to resolve weird issues, such as permissions issues showing up in the security log. Or .NET applications just suddenly not running anymore, even though they ran just fine yesterday.

I tried everything I could think of and finally stumbled on a solution. I have absolutely no idea why this works. First, I opened a command line, changed into the directory where I had stored the patch, and I ran the following command:

NDP1.1sp1-kb947742-x86.exe /extract .\947742

This extracts the update to a directory called 947742. Inside that directory, I found a single file, named NDP1.1sp1-kb947742-x86.msp. When I double-clicked on the file from Windows Explorer, it installed.

I’ve applied this patch on more than 100 servers and I recall only having the problem on one of them. And, oddly, all other .NET patches and for that matter all other recent Microsoft updates apply to this machine just fine.

I suppose the same fix could work on other Windows updates that supply only a window full of switches instead of installing, or other weird installation issues. It’s worth a shot if nothing else works and you can’t (or would rather not) open a support case with Microsoft.

This is a strange case. If you’re running WSUS or (better yet) Shavlik Netchk and a patch refuses to install, try logging in, downloading and running the offending patch manually and note any error messages. Maybe, just maybe, this fix will help you. Or better yet, maybe the patch will tell you what you need to fix, but don’t count on it.

When absurdity strikes, try extracting the patch and poking around inside, like I did in this case.

How to secure your wi-fi router

Dave Farquhar Servers and Networking , , , , , , , , , ,

Last Updated on November 27, 2018 by Dave Farquhar

It’s not enough to know what to look for in a router. I wanted to get some solid advice on wi-fi network security. Who better to give that advice than someone who built an airplane that hacks wi-fi? So I talked to WhiteQueen at http://rabbit-hole.org, the co-builder of a wi-fi hacking airplane that made waves at Defcon.

Hacker stereotypes aside, WhiteQueen was very forthcoming. He’s a white hat, and I found him eager to share what he knows.

Read more

Tagged!

Dave Farquhar net.culture, This weblog

I’ve only wanted tags for about 10 years. Tags are little keywords you can use to help categorize blog posts. And the first blog I ever saw use them used them liberally. You’d read a post, and at the bottom, there were links to similar posts.

I found a way to make WordPress automatically tag all 1800+ posts here. Many of the tags are nonsensical, but they seem to work. I’m finding all sorts of related content all of a sudden. Which makes sense, seeing as I tend to write about maybe 20 different things over and over. Due to the many migrations I’ve made with this blog, much of my content was never categorized, let alone anything else. Now it’s all cross-referenced. Finding related content is easy. Depending on the age of the related content, it’s not always enlightening, but often it is.

So I hope you like it. I know I do. Suddenly it’s far, far easier for me to find stuff on my own blog. And I wrote all this stuff. If I didn’t know it was all there, then how will anyone else?

Blocking malware at the operating system level

Dave Farquhar security, Windows , , , , , , ,

Last Updated on February 1, 2022 by Dave Farquhar

In recent months I’ve been recommending that everyone run Adblock Plus with the malware domains subscription, to get extra protection beyond what your antivirus/antispyware suite can give. Given a choice between detecting and blocking bad stuff, or not downloading it at all, it’s much better to not download it at all.

There are some downsides to this. Adblock Plus uses a fair bit of memory. It’s tolerable on my desktop PC with 2 GB of RAM, but less so on my netbook with 1 GB of RAM. And if you have to use a browser that doesn’t have a compatible version of Adblock Plus available, you’re unprotected.

The solution is to block at the operating system level, using the hosts file.

Here’s a script that does it, with instructions.
http://www.ericphelps.com/scripting/samples/Hosts/index.htm

But I know of one malware site list that his script doesn’t use: http://www.malwaredomainlist.com/hostslist/hosts.txt.

Read more

How I changed servers midstream

Dave Farquhar Apache, Linux, Servers and Networking, Software , , , , , , , ,

When upgrading this site, I replaced the underlying hardware as well. The old server was just a dead end in too many regards to be worth upgrading in place, and besides, being able to run new and old side by side for a time is helpful.

This type of maneuver is routine work for a professional sysadmin. But it’s been at least two years since I’ve done a similar maneuver at all, and at least five years since I did it with Linux.

When I built the new machine, I gave it a unique IP address. Turnkey Linux makes getting an operational LAMP stack trivial, and depending on what you want to run on that stack, you may even be able to get that installed for you too.

Unfortunately for me, the Geeklog migration tool doesn’t seem to work with WordPress 3.0.1. So I had to get WordPress running on my old hardware in order to migrate. I chose WordPress 2.0.11 because the 2.0 branch appeared to be the current branch when Justdave wrote his migration tool, and 2.0.11 ran without complaint on the dated versions of PHP and MySQL that were on my old server.

After importing the content, I used mysqldump to export my databases. Specifically:

mysqldump --opt -u [mysql username] -p [database name, probably wordpress] > wordpress.sql

I should have gzipped the file, but I didn’t.

gzip wordpress.sql

I then connected to the old server via FTP and transferred the file. Use your favorite file transfer method; I happened to have FTP set up for my internal network.

Uncompress the file if you compressed it:

gunzip wordpress.sql.gz

Then restore the file:

mysql -u [mysql username] -p [database name] < wordpress.sql

Or, if the database already exists, like in my case:

mysqlimport -u [uname] -p [database name] wordpress.sql

Then I connected to the webserver via my web browser. WordPress 3.0.1 saw the WordPress 2.0.11 database and informed me that it needed to be upgraded. So I let it do its thing, and a few minutes later, I had a functioning WordPress site with 10 years’ worth of legacy entries.

I messed around with it for a while. Finally, I decided to go live. And at this point, I should have physically moved the new server into its permanent home. I didn’t do that, so now when I decide to move the server, I’m going to have some downtime.

To flip the IP addresses, you need to know where your Linux box stores its IP address. Debian and Ubuntu both store it in /etc/network/interfaces. As far as I can tell, Red Hat and derivatives like CentOS store it in /etc/sysconfig/network-scripts/ifcfg-eth0, but I haven’t used Red Hat or a derivative in a long time, perhaps 2003.

If worse comes to worse, try something like this to determine where it’s stored:

grep -r [ip address] /etc/

I edited the appropriate file on both boxes, changing the IP address while leaving all of the other parameters unchanged.

I then issued the command ifdown eth0 on both machines.

On my new production server, I then issued the command ifup eth0. Depending on the Linux distribution, it might also be necessary to re-issue a default route command. I didn’t have to do that.

Depending on how much Linux/Unix cred you have at stake, you could just do it the Windows way and reboot the box. Or both of them.

Once I was satisfied everything was working, I powered down the old server and celebrated.

Weekly roundup: 6 Oct 2010

Dave Farquhar Linux, Servers and Networking, Windows , , , , , , , , , ,

Last Updated on November 3, 2025 by Dave Farquhar

I used to do a weekly roundup every so often, just doing short takes on stuff that interested me as I found it. I haven’t done that in years; I thought I’d give it a whirl again. I don’t know how often I’ll do it, but it was fun.

Ars Technica says Intel’s neutral stance on Atom in servers is a mistake. Absolutely. A dual-core Atom gives plenty of power for infrastructure servers like Active Directory DCs, print servers, and other similar roles. Atoms could even handle many web server tasks.

Xeons are appropriate for database servers and application servers, but throwing them at everything is severe overkill. A lot of server tasks are more disk-bound or network-bound than CPU-bound.

I worked in a datacenter facility for several years that was literally at half capacity, physically. But they didn’t have enough power or cooling capacity to add much more to it.

The only way anything can be added there is to take something away first. Right-sizing servers is the only way to fix that. If they would yank a Xeon, they’d be able to replace it with several Atom-based servers and get a net gain in functionality per square foot and BTU.

Virtualization, a la VMWare, is an option, but one isn’t necessarily a drop-in replacement for the other.

Or, of course, Intel can sit back and wait for ARM to come in and save the day. ARM provides even more functionality per watt. And even though ARM doesn’t run Windows, it does run Linux, and Samba has reached the point where it can stand in for an Active Directory domain controller.

Is there a market out there for a domain controller that fits in a package the size of a CD/DVD drive and consumes less than 20 watts? I’m sure there is. And if Intel doesn’t want to deliver it, ARM and its partners can.

There may be some resistance to ARM, since some decision makers are nervous of things they haven’t heard of, but it should be possible to overcome that. Maybe you haven’t heard of ARM, but guess what? Do you have a smartphone? It has an ARM CPU in it. That PDA you carried before you had a smartphone? It had an ARM CPU in it. It’s entirely possible that your consumer-grade network switch at home has one in it too. Not your router, though. That’s probably MIPS-based. (MIPS is another one of those scary RISC CPU architectures.)

Put a solid operating system on an ARM CPU, and it can run with anything. I have ARM devices that only reboot when the power goes out. If it weren’t for tornado and thunderstorm season causing the power to hiccup, those devices could run for years without a reboot or power-down.

And speaking of ARM, I have seen the future.

Pogoplug is an ARM-based appliance for sharing files. You plug it in, plug USB drives into it, and share files on your home network and the Internet with it. At least, that’s how it’s marketed. But you can hack it into a general purpose Linux box.

Inside, there’s a 1.2 GHz ARM CPU, 256 MB of RAM, and another 256MB of flash memory. Not a supercomputer, but that’s enough power to be useful. And it’s tiny, silent, and sips power. You can plug it in, stash it somewhere, and it’ll never remind you that it’s there.
I’ve actually considered picking up a Pogoplug or two (they go on sale for $45 occasionally, and the slightly less powerful Seagate Dockstar is available for about $30 when you can find them) to run this web site on. Considering how surprisingly well WordPress runs on a 450 MHz Pentium II with 128 MB of RAM (don’t ask me how I know), I think a Pogoplug could handle the workload.

What stops me? I can build an Atom-based PC for less than $150, depending on what I put in it, and run Turnkey Linux on it. Under a worst-case scenario, Turnkey Linux installs in 15 minutes, and it doesn’t take me any longer than that to drop a motherboard and hard drive into a case. So I can knock together an Atom-based webserver in 30 minutes, which is a lot less time than it would take me to get the LAMP stack running on an ARM system.

But if I had more time than money, I’d be all over this.

A device similar to this with an operating LAMP stack on it ready to go is probably too much to ask for. A ready-to-go image running the LAMP stack, similar in form to the DD-WRT or Tomato packages that people use to soup up their routers, might not be. I think it’s a good idea but it isn’t something I have time to head up.

I don’t think I’ve mentioned Turnkey Linux before. I’ve played with it a little, and I’m dead serious that it installs in 15 minutes or less. Installing off a USB flash drive, it might very well install in five.

And it’ll run pretty happily on any PC manufactured this century. More recent is better, of course, but the base requirements are so modest they aren’t worth mentioning.

I’ve built dozens of Linux servers, but this is fantastic. Spend a few minutes downloading an image, copying it onto installation media, and chances are the installation process will take less time than all of that does.

It’s based on Ubuntu LTS, and comes in literally 38 flavors, with more to come after the next refresh is done.

They haven’t built their collection based on the current version of Ubuntu LTS yet because they’ve been distracted with building a backup service. But that’s OK. Ubuntu 8.04.3 still has a little life left in it, and you can either do a distribution upgrade after the initial install, or build a new appliance when the new version comes out and move the data over.

And if Ubuntu isn’t your thing, or you really want 10.04 and you want it now, or worse yet, Linux isn’t your thing, there’s always Bitnami (bitnami.org).

Linux appliances took a little while to get here, but they’re here now, and they work.