Category Archives: pabulum

Pabulum– Stuff to Think About!

ID.ME

I am stating here in the strongest possible terms that I consider the website ID.me to be hugely insecure and putting enormous amount of extremely sensitive personal data at risk

I and many people like me have been forced to use this site to supposedly  verify identity to the satisfaction of the likes of EDD, DMV et cetera et cetera. I have been forced, in order to become eligible for PUA & so called “Real ID” to upload information and photographs that I consider extremely sensitive, including my own likeness in stills and video to a lower level functionary person at some kind of datacentre where I could clearly see other people walking around in the background. 
This itself and alone is a violation of confidentiality and security

I  will be demanding a data dump  of everything they have on me and requiring its deletion once my verification is done, if ever.
https://oag.ca.gov/privacy/ccpa
This is California Law, weakly enforced and undoubtedly will take as long or longer than the original application- By which point it can have been misappropriated and misused in copies.

This seems to have a follow of the disclosure that the EDD up until the end of 2020 had indiscriminately handed out benefits to the likes of federal prisoners and obviously false identity individuals –

In a massive slamming of doors after horses have bolted I have now become essentially the target for identity theft which I have scrupulously avoided since starting working on the Internet over 20 years ago – I closely guard my address Social Security number identity cards, credit cards my likeness and anything that could personally identify me which essentially has all been given away in a few short days to several organizations that literally have no idea what they were  doing even before the  onslaught  of a pandemic.

While I have no direct evidence that ID.me itself is doing anything wrong, its methods Reek of hackability and vulnerability and simple lack of due diligence – with similar features to the sites hacked: Sony, Experian, Chase, Home Depot, Yahoo!…..

I was never given an opportunity, or any alternative  to make an appearance in person with identifying documents and was never able to reach a person on the telephone for any effective identification.

So from bureaucratic incompetence those who are supposed to be served are put in a severely vulnerable position and I am stating for the record that I consider this unacceptable given that there are better ways to do it rather than loading the onus on the consumer or client.

Bureaucratically the use of the single point of failure like ID.me  “makes sense” and also from a budgeting point of view and certainly saves paperwork but that the ultimate cost to the end user which is bound to come, mark my words, usually disclosed by independent parties and not the result of any in-house diligence. 

I am sure the Form letter already exists:
“We take our clients security and  confidentiality Very Seriously, and value the trust placed in us”. Not.
The average cost of an identity theft is about $1500 and uncountable uncertainties for further violations of finances and privacy.

Being as ID.ME says it’s “one of only three federally recognized sites for identity solutions” I might feel more confident if they had posted a financial bond to assure conpensation when they fail:
No such guarantee is shown. 
One might consider the Titanic was manufactures to shipping standards of the day-

I await the sinking of this enterprise with due interest and not a little trepidation 

that’s it. For now. Not the end of this particular story.

 

Ego

Draft.

“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.”
The Egg in Egotism, no less– that they are MY words not Yours.
But how fragile- how meaningless. Great falls needlessly strengthen the ego 
“Try Harder Not Smarter” is an egotistical message

“My life has Meaning, goddamit!”
— Peter Finch character in the movie “Network” (1976)

Seems like common parlance suggests Ego means,
sense of identity, The Self In Contrast To Others And The World,
The identity creation and preservation mechanism that gives one a name, place, space, set of actions reactions and integrity as an individual- typically against the identity of all others-
yours in particular, whoever I am talking to. 

Saying “we are all one” is trying to deny an ancient mechanism-
Why not Live with it not against it.

So here are MY understanding.
It’s that which creates and maintains the impression of being a “Me” and not a “someone or something else” or worse still, nothing at all

It is the mental component that Reflects and contrasts itself against other egos.

It is naturally a mechanism of contrast- Always it seems in sets of comparisons- In other words it has to me very little abosolute reality but rather a duality:

Mine-Yours
This-That
Now-Then
Good-Bad
Right-Wrong
Threat-React
Proactive-Redactive

There is a simplistic and useful overtone to this form of identity that rejects the complexity and nuance of “Other Egos” which to me is where the real interest lies:
Why do people believe what they believe?
Am I the only person who really gets “It”
even though I cannot define “It”! 
What does it take to change ones mind against overwhelming evidence?
AND:

Am an actor in my life or just a reactor?

Is ego Bad? or does it just exist and is necessary somehow to our existence like air, water, food and safety?

Freud did say Ego is supposed to be  the moderator that exists between baser instincts that are adrenalin and animalistically driven and our “higher” decision-making mechanisms.
We might kill something or come to harm ourselves- 
due to  territorial threats, hunger, injury, fear etc and the “Higher” functions like volition, intention, the temporal businesses of planning, execution and evaluation that supposedly really make us human.

But do they? In being my honorable slave I do not trust my Ego-
yet it is ancient, largely evolved over thousands  of years of “primitive” existence and fits poorly with the safe environment of so called civilized present day society where individual responsibility for safety etc. is performed by proxies like law enforcement, not self.

The scorpion stings the frog to death that is carrying him over the river on his back:
so they both drown, the scorpion apologetically saying as they go under: “I did not mean to sting you but it is in my nature”
— Aesop.

Therefore My Ego:

* Whatever It Is , it will preserve itself unchanged as far as it can
* It will spare my “Higher Sense” anything from seeing what does not concur- Confirmation Bias lives here.
* It votes certainty over truth, present comfort over future betters
* It hides. If seen, it feels threatened. If spoken to, it defends, regardless. If questioned it triggers .. Adrenaline.
* It’s always on guard and does not want contradiction, dilemmas, disagreements or dissent. 
* It almost has a mind of its own at our expense and does NOT have our real-person here-and-now Civilized Persona  existence & enjoyment at heart.

____________________________________
Like our need to bereathe it appears, like air, to be necessary and needs to be judiciously stepped around rather than destroyed or avoided. How?

  • Discomfort? Lean into it.
    Unlikely to kill you no matter what the Ego says
  • Consider existential annihilation is way different to physical death.
    Looking stupid because you ignored your Ego’s warnings that you will fail…won’t kill you.
    In hunter gatherer circles, mistakes could kill. Not nowadays.
  • Learn to recognize adrenalin rise- This will taser the Ego. Be Still.
  • Feeling critical? That’s recognition of one’s very own ego  in others. 
  • STOP. that’s it. STOP reasoning. Wait. It will pass.. the Ego easily gets bored and distracted as it’s only Here, Now. Plus, adrenalin generally declines given about 20 minutes.
  • Prove to yourself the ego is almost useless. Do what it does not want you to do- go where it does not want you to go. Feast on the results and reinforce that. Good examples; Say Sorry and mean it with excuses. .. Just Say “YES”
  • this brings me to Improv, a fun revealing way to unravel the ego. 
  • the Rules of Improv are generally very challenging to the Ego as you get to practice safely being whoever you feel like being doing whatever  you want to do in a safe environment
  • that’s it for now. Comment welcomed.

XFinity

I get asked a lot of questions about installing a brand-new service by XFinity/Comcast cable Internet

First of all, to do this, the cable service needs to be present nearby in your neighborhood – you can tell simply if your neighbors have already got it 🙂 so Ask.
and by the type of cables outside your premises, which are co-axial or ROUND cables, typically black in colour. But you can find out when you apply on-line for service and provide your address.
https://www.xfinity.com/learn/internet-service
Do also Google “Xfinity Deals” as you may be shown lower prices via. marketing sites (Beware of Scams though!)

This leads to the interesting possibility that you do not really need to get your own Internet you could share it with somebody else, typically over Wi-Fi.
I will not address here whether this is permitted or not but it’s certainly not “Detectable” as such.

Bear in mind that XFinity will charge a different rate depending on whether your address is Listed residential or non residential. 
It need not be a business –
they just give the lowest rate to a place where people live.

Typically the cable service may already exist somewhere on your property perhaps being discontinued sometime before, or already in use for television et cetera. Let’s be really clear about this –
if Internet is all you need, then that is all you need to buy, not their television service or TV package no matter how hard they try to upsell you unless you are really clear. 

You also DO NOT need their modem or hardware equipment that they want to lease  to you at at least $15/month: the FCC is really clear about this- They cannot force you to use their stuff.
Just typically buy APPROVED Xfinity Equipment from Amazon for about $79 with a 3 year warranty-
That way they cannot refuse support for unsupported equipment (which I think is reasonable)
https://www.xfinity.com/support/articles/list-of-approved-cable-modems

Comcast has lost a lot of revenue from television services to the likes of YouTube TV, sling, the Amazon fire stick, Apple TV et cetera which I won’t go into here, so now they make most of their money from Internet services- typically their top speed and reliability for outstrip Att DSL/ADSL 2+ AKA “Uverse”

There are always introductory deals as low as $19 a month for their basic service for a year’s contract even when they tried to upsell that to a higher speed, most of which most people don’t need anyway.
They are always happy to bump the speed up if you find it really isn’t enough later – unlikely.

You will most likely not get this deal at a non-residential premise, but most types of educational, not for profit, and institutions can fill in a form and get a rebate which Comcast then claims back in tax deductions 🙂 https://business.comcast.com/ctf Called “Teleconnect Fund”

Cut to the Chase:
– you need the Coaxial (round). cable with their Service on it to be delivered to the right place INSIDE your Place.
Their job is to deliver the cable to some point on your building typically OUTSIDE sometimes known as “MPOE” (Minimum Point Of Entry) for free but may want charge for “Inside Wiring” to get it where you want it.
Or, You can do this yourself- Just use “RG6” type cable is all
https://www.amazon.com/dp/B01D3W29JG/

You can ask for “Self Install” and do it yourself.
Xfinity should STILL at least deliver Internet to there outside of your premises at the very least. I have known some linemen to happily run wires in for free too. They are Great–
But the Company Itself Sucks Majorly

The Hardware involved as separate items, which is how I prefer to do it, are:
1) – a MODEM– (without its own WIFI)  about $79
Converts Co Axial Cable Signals to Internet Ethernet signal.
2) – a ROUTER- this acts like a power-strip and makes one address available to many devices- 
-3)  a WIFI arrangements- this sends Internet “Over The Air” so your Service can reach WIFI devices up to about 100′ away.
[2) & 3) are usually inside the same Black Box. and cost $20 and up depending on range and features]

YOu can buy the Modem ahead of time so the technician has something to connect to, It will typically have ONE “ethernet” port you can connect directly via. that Ethernet to one Laptop or PC
for troubleshooting This is what your Technician can test, and makes later troubleshooting WAY simpler by eliminating extra hardware from XFinity  tech checks.

Once operating properly, one adds the separate WIFI router which propagates the single Ethernet to provide up to 254 different devices, plus 4-6 distinct extra Ethernet ports to attach hardware printers, extended routers, VOIP telephone boxes to, etc.
(Not OddFellows– this is the arrangement we already have)

This also, incidentally, creates a useful “Local Network” or LAN.

If you are SWITCHING away from , for example, AT&T, done right it should be almost transparent because your internet source is now different BUT the Local Network will remain the same along with any VOIP phone devices, printers etc..

This is a Basic Outline. Comments Welcomed!

Mini Split Ductless Air Conditioner

Some Good Info Here:
https://temperatureprocentralnj.com/everything-you-need-to-know-about-ductless-mini-splits/

These efficient units. which began appearing in the USA about 2015 
can quietly both heat and cool the inside of your house as needed. New homes seem to include these now, as opposed to a “central” air-ducted system.
You may already have seen some and not realised it as they are so unobtrusive

They come in three parts:

1) Outside Unit
A large weatherproof  outside metal box unit with a big but quiet  fan and compressor that dumps the heat out of your house
(or cold if used in reverse- More Later). It’s mounted on a solid slab or bracket. 
1300 sq ft area generally require a single 240v AC power supply “Fused” at 30A. USA homes have this at their power-panel but you will likely need an electrician to link things up properly.
Smaller units may only need 110v 20A.
A separate circuit should be provided in either case

2) Line Set:
A pair of copper pipes 25′ long on average called the “line set” with plastic insulation-

Outside  Diameters:  1/4″ high pressure (200 PSI) and one 1/2″ low pressure (50 PSI) Ave.
Plus- it is sold cleaned, purged and filled with dry nitrogen…

These pipes usually tuck into a 3″ duct between the Outside Unit
(Above) and the Inside Unit (next). to improve insulation and appearance.
Lengths can be changed but it’s simplest to use the default length.
There’s also 25″ of 5-conductor Power and Control cable, too,
as no separate ‘inside power’ is required.

3) Inside unit: (can be more than one)
This is the relatively small and quiet Business End of things that does the cooling with a long narrow “Squirrel cage” fan and evaporator coils rather than a bladed fan, and a very easy to clean filter.
This is what makes it so quiet!

It is generally fitted at least 6″ on all sides from obstructions,
high up on the wall in a central location, and not necessarily on an outside wall. A single hole 3″ in diameter is required to pass the “Line Set” through to outside,  to join all three parts, along with a simple 5-conductor control and power cable to get electrical power and controls from “Outside”.
The system is also called “Ductless” as no air ducts are involved. 

This is not a straightforward Plumbing Job as it might be with water or gas, be warned. I have done it myself but I advise you to get a licensed installer as its flared fittings must be correctly sealed & tightened, then ‘evacuated’ (vacuum pumped of air and moisture ), tested and filled with refrigerant that’s shipped inside the compressor.
I am also pretty sure the copper piping is specified in size and design for this and no other purpose.
Done right, 5 years is the usual warranty.

Mine has a remote control and you can set the temperature according to where you put the remote control rather than having it as traditionally, screwed to the wall where it measures the temperature there.
Lots more options are available, not least a simple default “Cool” one that maintains 73-77 degrees.

In winter they can switch to Heaters by REVERSING their function

It will more than gas but LESS than if you were using ’true’ Electrical Heaters. These devices are “Air to air heat pumps” being the reason- They move energy from outside to inside,
inherently more efficient than dumping electrical power straight to heat or cold.

Of Special Interest is the use of three “Inverter” motors in compressor, outside fan and inside fan.
More Info Here
Full torque is available at low speed s there are no start-up “surges”

My calculations  are for my  1300 sq feet with doors opened to other rooms so would need a “24,000BTU capacity unit” also mysteriously known as a “two ton unit”
(In fact the shipped weight of mine was 400 pounds, go figure)
Here is a calculator I used to figure the right size of machine
I went a bit ‘over’ as ‘under’ would disappoint on a hot day!

These start at $1500 from Amazon, Home Depot   etc.
Mine was less but be warned- an installer may not want to install something she did not order or is unfamiliar with.
This profession & business is known as: HVAC= “Heating Venting and Air Conditioning” and has various certifications.
Be Warned you will NOT get the warranty unless you use such a licensed installer! a “Handyman Install” such as I did, no matter how carefully or successfully  it is done, will allow the manufacturer or distributor to claim the warranty Void.

GOTCHAS:
These units can ONLY recirculate the air through filters and do not bring any new air in from outside.
This is Nice when its smokey or otherwise polluted outside but can make your home dry and stale
(They will naturally wring moisture out of the air)

I use mine in combination with a Whole House Fan- This is a huge extractor fan in the ceiling used to drag outside air inside via the House living space and push it out via the roof space, thus also purging hot air trapped under the roof area

I do this typically in the coolest part of the night around 4AM in the Summer- thus flushing the entire house of stale air in about 15 minutes.

One MUST leave some doors or windows open WITH SCREENS when doing this as the air must be sucked from somewhere, ideally bug-free
Certainly , leave things open at the furthest points in the house
and be warned unchocked doors can slam shut hard in the breeze!

This is all a certain amount of manual work but worth it-

No special arrangements needed for the air conditioner– In fact, most come with a WIFI Internet Connection and App. to maintain control remotely and pre set things more easily

That’s It in general. Comments are Welcome!

 

 

Split Air Conditioner Install Steps

NOTES ONLY! 
FYI- nothing I say here should encourage you not to get a qualified HVAC person in. All is at Own Risk.

These Notes assume you have figured out how to connect up a split air conditioner and want to vacuum pump out the line set (piping) ready to open the valves to fill the system with refrigerant from its lowest point, visible in this picture:

Steps in using a split ductless air-conditioner
valve core removal tool to install a new system

Examine the Core Removal Tool to see how it works.

Examine the Exhaust port. This is the lowest point on the outside compressor unit (above) to which you will connect and has a cap over it.

It has a “Schrader” valve within to retain the positive refrigerant pressure within your system when it’s running. It needs to be defeated somehow if you are to force air by sucking it  OUT of the pipes rather than keep it IN

Your job is to impose NEGATIVE pressure on this valve (a vacuum) to remove air and moisture etc.

Therefore, Ideally, this valve should be either depressed or removed as it’s going the ‘wrong way’ before vacuum pumping to free passage from vacuum pump to line-set.

Your blue extraction hose coupling from the vacuum pump may have a raised brass dimple within that could depress that valve to defeat it,
so that vapor can be drawn out of the piping… But that’s both unreliable and inefficient & 
In my experience is highly unpredictable and worse, obstructive, slowing the vacuuming process.

Compete Removal then replacement of this tiny valve is ideal.
(Have some – cheap- spares in case it’s damaged!)
but this presents the dilemma of how to do so without the system equalizing to atmospheric pressure either letting outside air back in or blowing off refrigerant when switching between tasks

Imagine having to deflate your car tire just to replace its valve.
Then you have to refill it.
Same story- But refrigerant is expensive unlike, well, air.
It’s also never Okay to release refrigerant into the atmosphere!
Worse, it’s hard enough to get a decent vacuum-
a tiny leak would instantly ruin it.

This is where the “Valve Core Removal Tool” comes in, an ingenious device that keeps system pressure or vacuum during change-outs

Aside: When sold the line set likely had some pressurized dry nitrogen in it. We assume this is now all flushed and joined-up.
I made the mistake of uncorking this a few hours before joining the line-set flanges. Some air & moisture would get in : (
Join things up promptly on releasing the nitrogen to avoid as little atmospheric air and moisture as possible getting in is the way to go

Attach correct adapter to end of core valve removal tool:

In my case, 5/16” which required an included adapter.
Before attaching anything,
GENTLY depress the pin in the middle of the valve.
Ideally, nothing happens as the pressure should be about the same both sides.
But, being the low-point of the system it’s possible moisture, lubricating oil, refrigerant gas or any combination of the above can come out. Pay Attention!
You should NOT be sucking this stuff-
Venting or bleeding a tiny quality of liquid to gas is OK though. Ask yourself how it got there is this is a New System : )

Now Trial fit the Valve Removal Tool on the “exhaust” port coming from below the Low Pressure (Large) pipe side

Open the ball valve in the tool (handle along the axis of the device.
This will allow you to push the removal spindle forward through the open ball valve up to the point where it meets the Schrader valve.

Be sure the outermost screwed seal for that spindle is finger-tight: 
This withstands some pressure either way

Gently “feel” for the farthest end of the spindle engaging the Schrader valve.

GENTLY twist and probe til it engages, Never Use Force!

Gently twist counter-clockwise a quarter turn and wait

Ready your Vacuum Pump blue hose

Ideally you will have a vacuum gage and understand its correct plumbing.

Continue unscrewing 3 or 4 turns- It’s fairly obvious when the valve comes free. Another few turns to be sure

Very Gently withdraw the stem which should have a tiny rubber washer in its tip (Examined it beforehand, didn’t you?) to ‘capture’ the valve center pin..

Pull the stem ALL the way back til obviously it has come though the ball valve

Gently CLOSE the ball valve to 90 degrees

YOu should now be able to unscrew the outermost spindle retainer so the spindle plus valve ALL come out.. Set aside the little valve in a clean place- well actually keep EVERYTHING clean

You are enow free to connect up the blue vacuum pump line finger-tight, but. DO NOT open any valve yet

Turn the vacuum pump on, It should ‘evacuate’ the blue hose all the way up to the ball valve. Even a basic gage should show this happening. albeit inaccurately- they are designed to show POSITIVE pressures so the needle moves a minuscule negative amount. A proper “Micrometer” vacuum gauge is $200-$300 so I did not use one : (

True the pump off & wait.. Ideally that needle will stay ‘put’ for at least a few minutes showing you your pump and lines are okay.

open the ball-valve, start the vacuum pump. I ran mine for 15 minutes and waited 15 minutes 3-4 times while watching that the negative reading on the gauges did not ‘leak’ back when the pump was off. YOu may want to Close the ball valve between pumpings– Just In Case.

The intermittent use lets the pump cool off, lets you check the system can hold that vacuum  AND more importantly,
gives time for any moisture to ‘boil off’ under the low pressure.

The ‘books’ say you are supposed to reduce air-pressure to “500 Mils or less” (only measurable using the expensive  gage mentioned above)

This turns out to mean that your normal atmospheric pressure of about 29mm of mercury (Barometric Pressure) will reduce to a mere half a millimeter.. or 60 times less.
The ‘harder’ (lower) the vacuum the harder it is to achieve. 
Zero is basically near impossible except in a physics lab perhaps-
Or outer space.

Satisfied? Right. This step is critical.
KEEP THE BALL VALVE CLOSED. 
Gently open first the top (high pressure) then the bottom (low pressure) 5MM hex screws all the way to the end stop then back them off.

The hissing is the refrigerant abhorring the vacuum in the line set and replacing it with pressurized refrigerant from the compressor where it’s stored, at 600PSI (High) 300 PIS (low)

So! the Valve Removal tool is now under POSTIVE pressure and the vacuum is gone. This is Good as it’s far easier to lose pipes full of vacuum than a tiny percentage of a whole system full of  pressurized gas and fluids.

THE BALL VALVE IS STILL CLOSED RIGHT?

Re Insert the spindle plus valve and hand-tighten the retainer nut.

Spindle cannot go all the way in of course as the closed ball valve is preventing it.

GENTLY open the ball valve.  A small hiss of pressurized gas is NORMAL. There will be a natural back pressure as you push the spindle forward through the now open ball valve to re insert the Schrader valve.. “Feel” for the moment the valve enters the aperture into which it will screw

You are doing this against the back-pressure of the system but that’s Ok! Hold the spindle knob forward against the gas pressure with your thumb as you turn it gently to thread the valve back in.

This is a skilled gesture which is neither forceful nor difficult,
just requires a “feel” for what’s goin on., followed by a few turns to ‘bed’ the valve.

Pull the spindle back behind the ball valve

Close the ball-valve.

Unscrew the spindle retainer slowly and completely.
there should NOT be any valve attached anymore!
A small trapped amount of gas will escape.

Gently open the ball-valve- another tiny escape of trapped gas should happen, NO MORE. If a lot comes oujtp the valve IS NOT working right,

Now you can unscrew the entire valve removal too.

An old Garage trick is to put a damp finger over the valve opening. 
Nothing shook be escaping If your finger is wet you should not see bubbles.

Screw the brass sealing-cap back on, This is. tapered fitting for which no thread compound should be used, and is considered a proper ‘system seal’ rather than the valve, strangely enough

Seal the High and low pressure side 5mm plugs with their brass caps

let’s leave it at that for now- I do have a Freon Leak Detector and studied it carefully BEFORE and AFTER running the system.

Take Your Time! best of Luck!

 

DDNS Dynamic DNS

DDNS– Dynamic DNS- is used to track by name a changing IP address at, for example, your home or office equipment.
It could be used to reach into equipment at home while away, Etc.
office.mysite.com is easier than 206.171.54.21

Security implications are detailed elsewhere

YOu might try any number of services like https://www.noip.com/free  to do this for you but I always prefer to Roll my Own. Plus, it’s hard to find reliable free ones any more

My particular solution involves use of the domains.google Google Domain Registry (Currently $12 a year) to do so-
They give you FULL control over all of your DNS entries, and are, naturally, super-reliable and do not bug you with confusing up-sells.

You could move your Domain Name Registration to their service
(very useful in itself!) or, well,
just register some name just  for this purpose alone : )

Most ISPs (Internet Service Providers) issue you a single “Public IP address”– a number drawn from a huge pool of unique addresses assigned to things connected to the internet,

Your router will perform Magic so multiple private addresses and machines show up ‘behind’ this address- But we are concerned with the Public-pointing WAN (Wide Area Network) facing single IP address, not the LAN (Local Area Network) things going on behind, 

The ISP does not guarantee that you will maintain the same IP address over any period of time.
You could pay (usually a lot) of money to get a fixed IP address but there is no need,

This may be like returning to your same favorite campsite regularly  and finding you have a different spot assigned to you- or not- Each time. You may even be moved while staying there.

Somehow there needs to be a way to give you an easily identifiable way for this changing numeric address to be published so friends and outsiders can find you as a fixed name
It’s easy to assign a fixed name to a fixed address for a server like 
www.artoflogic.com but- when the IP address changes randomly…?

It’s pretty easy to find out what your “Public IP address” is and even who gave it to you with sites like this one 
https://whatismyipaddress.com which you could then note down in hopes it does not change,- But we need an automated way.

So that’s the first step- some scripted way to catch the current IP address. The second step is to “publish” it to DNS in some way,

I’ll mention just one very reliable solution  I have found using domains.google

You will then need to follow the steps here to create a DDNS entry.
https://support.google.com/domains/answer/6147083

Registered Name Example: site.com, dynamic DNS entry home.site.com. YOu will end up with a Very Ugly Username and Password (which, for Security, you cannot pick yourself!)

The instructions above will list potential “DDNS Clients” but here’s where it gets Interesting- I found several listed there simply did not work because the HTTP protocol many of them use is deprecated in favor of the HTTPS used to discover your IP address.
DD-WRT.COM (More Later) has a config DDNS setting that does not work for this very reason 

What about if you have a Linux box? there’s a PERL script called DDCLIENT but as of writing it did NOT seem to enjoy configurations for Google

Try This (on One Line). It requires “curl” to “get” the current IP address using the given ugly username/password pair from above,
seperated by a colon, that were generated by the Google Dynamic Dns Configuration above. You could adjust or remove the final
” | /usr/bin/logger -s -t ddns”
whose only purpose it to log the update to something like /var/log/messages

0,15,30,45 * * * * root /usr/bin/curl -4 –user-agent curl -s -get https://Given-Ugly-Username:Given-Ugly-Pasword@domains.google.com/nic/update?hostname=home.site.com | /usr/bin/logger -s -t ddns

Troubleshooting!
Note: If you visit the URL given above in a web page  you will see the web page wants a proper working username/password pair
in order to
1) Locate the IP request address the user was using
2) Update the Google Dynamic DNS address within Google
for home.site.com from the address found in 1)
All of which must exist and be valid : )

Therefore, when done, “Outside On the Internet and Elsewhere” your Home or Office current IP address (Updated in this case every 15 mins by the CRON job that triggers the script)
can be known by name

If you do nothing else, this in no way changes your Security- Hackers typically will scan address blocks not names,
so simply getting a Name assigned achives nothing for them.

Now when you configure your Router to permit “Holes” in your Firewall (think VPN Inbound) etc, that situation changes completely.

Note the script DOES NOT need to be run inside your Router (although it naturally would be if you use for example, Linux Firmware in your router like http://dd-wrt.com) and can be run on any machine “Behind” your firewall as it reaches “out” onto the Internet– Nothing reaches “In”

Notes:
– Every 15 mins. Cron Update should be Fine, Any more often than that may annoy Google to the extent they stop listening
– Google  typically spots if there is no change in address from the previous check and does not touch the DNS entry (no need)
95% of Queries are like this,
My home office IP address has remained fixed for months even after router re boots but is NOT guaranteed to be so by my ISP : )

To make a Hot/Office PC now reachable by name OUTSIDE from the Internet you will need to ue your Router’s “Port Forwarding”: Feature. This is where security implications come in. 
For starters avoid using “DMZ” which means EVERYTHING reaching the router on all ports goes to a particular machine
Forward ONE thing at a time. Be VERY clear about the Security Implications of what you will do next- and also consider it may not be necessary anyway to remotely reach your home/office PC if you use something like http://www.teamviewer.com which achieves its functionality by the Remote and Host machine both logging in “forwards” through a Proxy Server managed by TeamViewer.
 
A great easy to do the port forwarding correctly is listed here:
https://portforward.com

Personally: I use a SINGLE ssh Port, normally over Port #22 but moved to a non-well-known Port number higher than 1024,
like 2468, though which all my access is “tunneled” to machines inside my Network.
This is what you might call a Single Point of Failure for everything.

YOu can google some of the wording above to make more sense of it– the subject of a whole other article in itself!

best of Luck!

 

SiteGround.Com BS

I am moving a site plus name registration from SiteGround.Com to another provider
To move the Name Registrar one normally unlocks the name registry then you ask for an APP code- a Key to Release the Domain to another provider. This Prevents Domain Theft.
So Far So Good.

In doing so.. SiteGround Emails me:
“rejected the transfer request you submitted because of Initial 60 Days after ICANN trade” (ICANN regulates all Internet Name Registrars)  with no further explanation. Nothing. 
NOTHING was changed by anyone outside SiteGround since 2016,
So I thought.

Tech Support! a blizzard of Help screens promise to bring you to a Tech Support Chat screen which appears to Never Happen. a PIN number is Supposedly Offered to permit a tech support phone number which is never provided. None mention the Real Reason
The instructions to reach the Chat screen never appear.

An outside site tellingly called “PissedConsumer” reports
the tech support number. Call it, and you hear directions that send you Back into the same Maze on their Site, No Human Available.

I DO finally find- by using the Site from a Different Browser without the original Cookies I was logged in, that there is a CHAT screen for SALES!- Instantly! I ask what Tech Support is like.

She says: “Excellent!” so I say,  “Please put me through then”
and she does indeed instruct me to reach a Tech Chat FINALLY by wading downward through a set of Questions which assume you already know what’s wrong.
Their tech then says he must ask the Domain Registrar about it… ‘Email Answer in 2 days”. Great

Turns Out in the Meantime:
the Domain Registration that got renewed 30 days before is what locked it- this is regarded as a Change- (!!)
and therefore Locks moving the name for total 60 days.

I only found THIS out by wading through a lot of ICANN documentation and NEVER got provided the Info by SiteGround,,,
are you Kidding?

I have been doing domain registrations, moves and maintenance for 20_ years- Seldom takes more than 30-40 mins of actual work and NO need for Tech Support calls anyway–
And I had not seen the “Lock on Recent Renewal” come up before.
 
My cost estimate is blown away and will certainly NEVER recommend this Host (nor GoDaddy, for Similar Reasons)

Search for Complaints about the site and a great deal of Astroturfing comes up: Company Sowing Compliments to Spice the Pot you might say.
Yelp.Com has some tellingly similar comments. Also try BBB site. 
Interesting.  Who has time for this?
Tech support humans are expensive, bandwidth is not.
They might be a Better Service if they got More Humans…
And stopped the CyberSquatting

On moving site to IONOS one phone call of 5 minutes was all it took to iron out a minor problem,

Get Real SiteGround OH and STOP upselling your Basic service because it is ‘using too many cycles’ and then doubling their Cost a couple years ago. I call BS. It’s a small site.

This is bait-and-switch,
plus opportunism on the failure to move elsewhere

</RANT>

Ransomware Woes

Ransomware:
This is any software that tries to extort value from you by either locking your files which requires a payment to unlock, or blackmails you by stealing copies of your data to publish elsewhere,
maybe both.
The Partial Prevention Solutions (not Cures!)
are at the end of this article if you want to Skim-
But a part of that solution is to Understand How It Happens- & prevent it. : )

It can end up on your machine for all sorts of reasons.

1) You ran some legitimate or valid looking software that additionally contained the ransomware
(someone breaks into a well known site and messes with their library of files which you then Download and Use)
or
2) You mistakenly ran the ‘wrong’ software from the wrong place (For example: Googling an HP printer software and ending up on a likely looking fake site & getting that software & running it)  
or
3) Your Machine was in some way vulnerable to have external forces trigger it, so you did nothing but the software ‘got in’
So, Stay Up To Date, Always! 
or
4) (Esp in these Lockdown times) an improperly configured remote control software was left running unsupervised and let someone or something ‘in’ to do the harm.
Note: This is not often so much a human as a script : )

5) You were tricked into viewing  an eMail attachment from someone you thought you ‘knew’-
These can be faked, as with anything else on the Internet : )

The Ransomeware rarely triggers instantly.
Like a Human virus it intentionally ‘incubates’ for some undetermined time before acting. Minutes or days.
This helps hide how it got in. Usually it’s a very small piece of code which waits and then pulls in its cohorts and main artillery software off the Internet, perhaps when your machine is Idle meaning you are away and less likely to notice activity.
Eventually, you will find out after some Page pops up with the Blackmail Instructions to pay the  ransom in cryptocurrency,
like BitCoin, which is largely untraceable : ( 

The Warning to Pay Up pops up after many of your files are already encrypted.
This pop up can itself be faked to freak you out into doing the wrong thing precipitously…
If you are lucky, you will notice unusual disk activity or a Virus Warning. If you are SURE then it’s that rare opportunity to power your machine off as quickly and brutally as possible.
Turning it back on will likely re start the problem, so:
Don’t.
Sit Back And Think! if this has already happened to you.
ALSO warn others on your same Network if in an Office, etc.
BUT NEVER DEPEND ON ANY SOFTWARE SUCH AS ANTIVIRUS TO DEFEND YOU!
These Operator guys are too smart, too well-motivated  and too elusive!

Things to Watch Out For:
1) BOGUS WEB PAGES pretending to be Ransomeware Fixes, offering Bogus Tech Support.
These are very easy to create and can trick you into, for example “downloading a simple program to recover your files”
where they were not touched after all initially,
but then get Locked by the ‘Fix’.

2) Software that promises to Protect you. If you think they can,
ask what financial guarantee they offer.
They Cannot & Won’t. Told you so.

3) Lending your machine to someone. Enough Said.
Or, drop-by activities by Clueless Teenagers. Malice.
Disgruntled co-workers…

4) Some corporations & organizations it is thought were compromised by an ‘inside job’ where the perpetrator got some kickback for launching the attack.

5) Thinking Backups Will Save You.
While always a  Good Idea, Ransomeware will try to Encrypt ANYTHING IT CAN WRITE TO including your Backups,
even over a Network. 
It may even use these means to spread to other machines on the network.

6) Network Shares (IE in the Office environment).
“If the Ransomeware can Write to your files anywhere at all, it will”
This will INCLUDE video files, images, documents, Nothing is safe 

7) Cloud Backups are a bit safer but again- it’s relatively simple to Subvert the files in such a way they end up ‘in the Cloud’ too…
The software can do anything you can do- and more- and worse.

8) Misconception: you will not be able to use your machine. You will: But some or all of its data will be unusable.
Having been compromised, 
however, the odds are very high the machine remains ‘snooped’ so ON NO ACCOUNT log in anywhere important. Your ‘saved’ passwords for websites etc will be difficult for the attacker to steal, BUT it is assumed they will ‘log’ your keyboard typing and send it off for analysis somewhere… USE ANOTHER MACHINE

9) Getting rid of the ransomeware will solve the problem. It won’t, the files will remain encrypted and the ransomeware operators will not be able to fix things even if you DO pay them.

10) Don’t assume they will not Decrypt your files for you.
The Operators will often demonstrate their ability to mess with your system by showing you your own list of Filenames, and decrypting a few to show they can do it. Should you Pay?
I will not address that here. Too Complex a Question : )

11) Somebody Human is Doing this, Human write the Ransomeware but it’s almost entirely robotic and scripted.
Anecdotally People HAVE spoken to the ‘operators’ to get things decrypted- Just please never get to that by staying Vigilant.
Security and Convenience are Mutually Exclusive.
One or the Other– Never Both

X) Avoiding hotel & coffee show wifi WILL NOT HELP whether they are ‘open’ (No Password Required) or not.
3 Reasons:
a) Inconvenient, and add false sense of Security
b ) These days, ANY important transactions are encrypted end-to-end, (HTTPS:// etc) IE between your Computer and the Bank, as everyone assumes the internet in general is full of snoops even over totally ‘open’ links.
Also true of Email, Messaging, FaceTime, Skype, etc etc
c) All modern computers have Firewalls. So long as you are not knowingly ‘sharing’ anything for Networking, you are okay, and cannot be ‘got’ from ‘outside’ your Machine  If you ARE- these days- Turn Shares Off. It’s Very Unusual to take ‘servers’ on the Road and there is no need. Keep your Servers at Home or In the Office!
_____________________
Okay- Now the Measures to Take to Prevent this.

1) Anything but the newest operating systems (MacOS, Windows, IOS) are helpless against these attacks. Use a new enough machine!
3) Run your Windows computer as a NON admin user. (Windows)
as usual this is a horrible and over complex Mess,
4) MacOS- same story- make sure you are a ‘Standard’ not an ‘Admin’ User
5) Latest MacOS, Windows have built in safeguards called by 
 various names such as:”Protected Directory Access”

This will show up with a message like
“Do you want to permit program X to write to folder or directory Y?”
when you FIRST run the new Program and do something useful.

Let’s suppose you install Microsoft Word. The FIRST time you try to Save a WORD document to the Documents folder, you will be asked this, like:
“Do you want Microsoft Word to be able to write to Documents?”
Your answer will be saved, you will not be asked again.

Just be absolutely clear what asked to do this and whether it’s a reasonable and expected question is all.

Alternating Backups– take one unit Offline as the second is used.
A really simple example is having two identical  USB thumb drives labelled A & B and using only one at a time,
The one that’s not plugged in cannot be infected : )

  • To Be Continued —