First of all, Happy Valentine’s Day everyone! Today is my first Valentines Day as a married man. My wife and I celebrated on Valentines Day Eve after work yesterday. Today we’re heading out to our favorite little coffee shop back in Gresham, Cafe Delirium, then we’ll have dinner at a little Lebanese restaurant (we love all kinds of ethnic food), followed perhaps by an independent flick somewhere in Portland. I hope you all enjoy your V-day as much as we will! Now on to the good stuff…
Port forwarding is required when users from outside your network need unsolicited access to a resource inside your network. By unsolicited, I mean that the service inside your network has absolutely no idea the outside user exists, or where they are coming from, but they should have access anyway. That sounds fairly abstract, I know. Let me give you a real-world example.
Christina is a web-design student. In order to work on her class projects she needs a web server. Christina has a couple of options – she can sign up for hosting from a company like Dreamhost, or she can setup a free web server on a computer in her own home. Christina doesn’t have a lot of money to spare, but he’s tech savvy so she installs WAMP on a spare desktop, and can access it from her laptop on her home network using the web address http://192.168.1.100. I didn’t bother making that URL “clicky” because it isn’t really going to work. You aren’t going to be able to see Christina’s work using that address unless you click on it while connected to her home network. The reason is that all addresses in the 192.168.x.x range are private addresses according to the IANA and it is against the rules to route that IP address range over the public internet.
Christina can access herwebsite when connected to her home network, but she can’t see it from school yet. She needs to configure her router, a device sitting between her home computer and her internet service provider, to recognize certain incoming network traffic and forward that traffic to her spare desktop computer where WAMP is installed. By “certain incoming network traffic”, I mean incoming HTTP, or web traffic for which TCP port 80 is reserved.
Armed with this information, Christina logs into her home wireless router using the address http://192.168.1.1 which is the default address for just about any residential router. There’s a port-forwarding section where multiple forwarding rules can be created. She creates a new rule that looks something like this (it will look slightly different on your router):
IP Address: 192.168.1.100
What this rule says is that if an unsolicited TCP connection is requested from outside the network on TCP port 80, forward that request to the computer at 192.168.1.100 on the inside of the network. Once Christina saves her settings and restarts her router, the rule is in effect and all the pieces are in place for Christina to access her home web server from her laptop while she’s at school.
But wait! What address should Christina use to get there? Remember that http://192.168.1.100 only works when she’s on the same network as her web server? Christina needs to find out her “public IP” designated to him by her internet service provider. The easiest way to do this is to visit What is My IP or ask Google while connected to her home network. These sites will echo the address you appear to reach them from. Christina discovers her IP address is 126.96.36.199 (this is not Christina’s address, it’s random) so when she’s at school she can simply type http://188.8.131.52 in her web browser and, voila! She is able to view the website hosted on her desktop computer at home from school (or anywhere else in the world with internet access).
Okay, I’ve glossed over a lot of details here so that I could illustrate the basics, but there’s one little hiccup Christina is bound to experience. Internet service providers for residential customers rarely give you a static IP address. This means that eventually the public IP Christina uses to connect to her home network will probably change. There is no warning, eventually she will just receive a new IP address from her ISP, and if she’s out and about when this happens, then he’ll have no idea how to access her website until she gets home again.
Enter Dynamic DNS! What is Dynamic DNS? DDNS is a service provided by a third-party like No-IP which allows you to register an easy to remember address like Christina.no-ip.org. Using their service, Christina.no-ip.org will always point to Christina’s home network no matter how many times her public IP address is re-assigned by her ISP.
How does DDNS work? From a high level it’s pretty simple. A small program is installed on any computer on Christina’s home network, and Christina enters her DDNS credentials in the settings. From here on out, this little program will periodically check-in with the DDNS provider, and each time it does this the provider “sees” the source address which is Christina’s public IP. If the source address is different than the last check-in, they update their records to ensure that Christina.no-ip.org always points to the last known IP address of Christina’s home network.
I hope you found this information helpful! It is just one example of the many, many reasons you may need to configure port forwarding. Other reasons include…
- Gaming – some internet-enabled games require special port-forwarding rules
- File Sharing – some file sharing programs only work if you forward designated ports. Remember though, sharing digital movies and music is almost always illegal!
- Security – Networked IP cameras and video management systems almost always require port-forwarding rules for remote access
You may have noticed that the website looks a little different. Well, I finally came up with my very first logo! Now that I have it, it’s time to build my site around that style and color scheme! My goal with the logo and website design is to reflect how I feel about technology, and how I prefer to run my business; with a playful sense of professionalism.
You can expect to see little changes here and there over the coming weeks, especially in the service menu where I’ll be re-evaluating the way services are charged. I believe that flat-rate repairs are where it’s at. Paying by the hour is scary from the customers perspective, so I will continue to offer flat-rate service.
I’ve noticed a couple of service providers that are now offering what I would classify as insurance plans. The idea is that you pay some amount of money each year which covers just about all your possible computer service needs (minus parts of course). I’m a big fan of this idea, and I believe it to be especially valuable for families with teens who are likely to infect their computer(s) with a virus at least a couple times a year.
Finally, I want to make a shout out to the owner and team over at Happy Hamster Computer Repair. It probably seems counter-productive to promote a competing computer repair shop, but after reading through their site and blog I have to say I was impressed. If you are looking to buy a computer, or prefer to work with a well-established local computer repair shop, they are a wonderful option. They seem to have a great work ethic, highly skilled technicians, and customer service is their top priority. If I was in the market for a new day-job, I would compete for the next available position there or attempt to build up my own business on the same tenets.
That’s all for now, happy computing!
Fixit is still providing the same great service, but is now located on the west side in Beaverton! The news is coming a little late since we moved last May, but we will be moving within Beaverton next month to a new location closer to my day job.
Speaking of my day job, last year my job title changed to Senior Support Engineer since I made the lateral shift from System Administrator. This has really freed up my time after-hours since I am no longer on the hook for critical systems issues when I’m not “on the clock”.
I have an awfully embarrassing confession to make. At some point last year FixitPNW was hacked. Yes, I was hacked. No one is immune! I had another domain hosted for an old online gaming team I was a part of in my teens called Apocalyptic Visions. I had found and old backup of the site and put it up for nostalgia. It was a (very geeky) counter-strike clan site which used an old version of PHPBB for the forum which I didn’t bother to update since the site wasn’t in use anymore.
Well, it turns out the forum was so outdated that there were known security flaws that had been exploited in order to gain access to a user account which was also used on FixitPNW.com. With root access to the site, they successfully defaced it.
I have learned my lesson however. Any of my sites that use a third-party CMS like WordPress or Drupal, or that use forum software are kept up-to-date. I’ve also verified that all hand-built sites use the best strategies to avoid cross-site scripting (XSS) and SQL injection including refreshing session ID’s, and sanitizing all un-trusted variables such as cookies and GET/POST variables.
Security is a constantly evolving topic. As such it is my mission to stay on top of the latest in web security, and to always build with security in mind instead of implementing security as an afterthought. Like Mulder said in one of my favorite old TV shows, “Trust No One”.
I heard some interesting news on the radio during my commute this morning. House bill 2463 is nearly ready to be signed into law. The bill requires computer techs like myself to report child pornography to the authorities along with the customer’s name and address when those images are discovered while providing prescribed services. Here is an excerpt from the amended bill which is now awaiting senate approval:
A person commits the crime of failure to report child pornography if the person, in the course of processing or producing a photograph, motion picture, videotape or other visual recording, either commercially or privately, has reasonable cause to believe that the visual recording being processed or produced, or submitted for processing or production, depicts sexually explicit conduct involving a child and fails to report that fact to the appropriate law enforcement agency.
Some consider this an invasion of privacy, but the bill doesn’t grant computer techs the right to “snoop” through your files. It is clearly stated that the law will only apply if sexually explicit photographs or video are discovered through normal work processes. No one is being granted permission to actually go looking for illegal content, and no one is allowed to monitor systems in any way either. Section 4 of the bill explains that computer techs shall be immune from liability unless their method of finding the illegal content is considered misconduct…
Any person, their employer or a third party complying with this section in good faith shall be immune from civil or criminal liability in connection with making the report, except for willful or wanton misconduct.
If you have photos of your children naked in the tub or running around the living room topless, you need not fear being reported. The definition of childÂ pornographyÂ is very specific. Photos or videos are only considered child pornography is they depict “sexually explicit conduct involving a child”.Â Failure to report such content would be a class A misdemeanor and punishable by one year imprisonment or a $6,250.00 fine, or both.
I’m glad to see that computer techs are being protected by the law for reporting this kind of thing, but I’m a bit ashamed that we need a law to specifically protect us for it. You can read more about house bill 2463 here.
Obviously I’m for this bill being passed into law, but I can see why some people might consider it a invasion of privacy, totalitarian, or a bit “1984”. How do you feel about this becoming law?
This article is a follow-up to this one about using DBAN (Deriks’s Boot and Nuke) to securely wipe all information off of your hard drive. I was recently reminded of a utility called Secure Erase which is actually much better at the job than DBAN.
Secure Erase is a free tool issued by the Center for Magnetic Recording Research (CMRR). The most interesting thing about the tool is that it doesn’t actually do any disk wiping itself – the tool sends a command to your hard drive and your hard drive takes it from there.
There are committees which govern the specifications for various computer hardware interfaces, and the ones responsible for the ATA and SCSI interfaces (for hard drives) were requested by the US government to include a secure disk wiping option in the command set for all hard drives. So now, any hard drive which is about 15GB or more in size has this built-in program to wipe all the data on the drive when a specific command is received.
I’ve found Secure Erase to run MUCH faster than DBAN (about an hour or less in most cases), but the most important difference is that DBAN and other similar tools will not wipe information off of areas of your hard drive that have been determined to be “bad”. These bad sectors can often be recovered without too much effort, and any data in them could be read even if the disk was wiped.
The Secure Erase command, however, will wipe the entire disk from beginning to end regardless of whether a sector is bad or not. So lets see – it’s faster, and more effective. I’m thinking Secure Erase is a big win over DBAN.
DBAN still has its place though as it is capable of wiping USB attached drives, and flash drives. Since Secure Erase sends a very specific command to directly attached hard drives, it won’t work with external USB or firewire attached drives, or anything that isn’t considered a “hard drive” like a USB flash drive, or memory card etc.
You can find more information, and download Secure Erase here.
Remember those late nights watching Cops? They would show video of convenience store robberies where the images were so grainy and of such poor quality that you sometimes couldn’t tell whether the robber was a man or a woman. Most of the time these videos could not actually be used to identify the perpetrator. All they were good for was to record a series of events. Fortunately video Surveillance has come a long way since then. Not only can surveillance cameras be used to reliably identify a person, but they can be used for facial recognition, license plate recognition, and even behavioral analytics to detect loitering, slip and falls, tailgating and more.
If you are looking to setup video surveillance for your home or business, you first need to consider exactly what it isÂ you want to record. Some of the things you should consider are…
- Daytime or nighttime recording, or both?
- Do you need to be able to identify people? From what distance? Do you need detail, or do you just need to know your house isn’t on fire?
- Do you want to be able to look in all directions, or do you want fixed camera views?
- How long do you want to store recorded video?
- Do you want to view recorded video on your computer, or over the internet on another computer or mobile device (iPhone, iPad, Android, BlackBerry etc.)
- Wired or wireless cameras?
- Do you want to integrate with your door and window sensors?
- Do you want e-mail alerts when motion is detected or doors are opened?
For a simple but flexible solution you can pick up an out-of-the-box solution from Lorex or Q-See for roughly $500 which includes an 8-channel DVR with 4 cameras included, and an LCD monitor to display them. You can add 4 additional cameras, and view video locally, or over the internet from a computer or iPhone. This system is great for basic surveillance needs, and has a low cost of entry. If you want more advanced features like integration with door/window sensors, lights, pan/tilt/zoom (PTZ), e-mail alerts or the ability to record on specific events like when a door is opened at a certain time of day or night, then you’ll need to invest a bit more into the system.
The best way to accomplish the kind of surveillance system described above, in my experience, is to use IP cameras and video management software. IP cameras could be considered “smart” surveillance cameras. They all run a flavor of linux and can be directly controlled from your computer for viewing or configuration using a built-in web server. Most of the time they can be setup with their own motion detection rules and alerts, but the video management software you choose can usually do this on its own. If that isn’t cool enough, they typically deliver a higher quality image than analog cameras. It is not uncommon now for IP cameras to have 5 megapixel image sensors.
Some IP cameras, like those from Mobotix, can be configured to record on motion to an SD card or to your computer. If you want more flexibility than that, you can pick up free video management software which supports the most common needs of an entry-level surveillance system, or you can explore some of the many options out there which range from “dirt-cheap” to “you want how much?”. Just remember, you get what you pay for!
For the last five years I have worked for a video management software company. In my time here I have setup license plate recognition for an airport parking garage in the mid-west, played with facial recognition, assisted with data recovery for criminal investigations, and helped members of various government organizations. If you ever have any questions, or need help setting up a surveillance system for your home or business, now you have a friend in the surveillance business!
If you’ve already read this article about data recovery, then you know that when you delete files on your computer they are not gone forever. If you haven’t, then this news may come as a shock: when you delete files, whether you use Windows or Mac or Linux, they can be found and recovered unless you perform a secure erase using third-party software. This is because when you delete a file, you are simply giving Windows permission to write new files over the space where the file is located.
When computer owners retire an old computer after an upgrade, they often drop it off at Goodwill or sell it on Craigslist without thinking much about what’s on the hard drive. Do you file your taxes electronically? Do you bank and shop online? If so your passwords, credit card numbers, and social security number could be stolen by even amateur computer enthusiasts using free data recovery tools.Â Before you sell, donate or give away old computers (even “broken” ones), you should “wipe” the drive(s) clean. There are many tools out there for this, but the crowd favorite by a wide margin is Derik’s Boot And Nuke, aka DBAN.
DBAN sanitizes your hard drive by writing patterns of “garbage” data across the entire hard drive several times. Think of it like taking a Sharpie to the pages of a book making it completely unreadable. The process is simple, but can take hours. Start by downloading the latest version, then burn the ISO file to a CD. Make sure to backup your important data, because you won’t be able to recover it after running DBAN! When you’re ready, reboot the victim-computer with your DBAN CD inserted. Here is what the process looks like…
Of course… if you plan to recycle the computer through an E-Cycle program you can pull the hard drive out of the computer and simply take a hammer to it. The grey dust and chunks that come out of the hard drive are the remnants of the glass/steel platters that used to store all your files. Not only is it the most secure way to destroy the data on a hard drive, but it’s a lot more fun!
Yesterday I shared with you a free hard drive diagnostic utility from Seagate called SeaTools. Today I want to share with you the first of two free antivirus boot-disks. I like this one from AVG because not only does it automatically update itself with the latest virus definitions, but it bundles MemTest86+ to test your computers memory for problems along with a few other useful tools including a ping utility, file recovery utility, and registry editor for advanced users.
You can download the AVG Rescue CD (get the ISO version), and burn it to CD using ImgBurn or your CD burning program of choice. See my previous post for steps on creating a CD from an ISO file. Obviously if you have an infected computer, you will probably need to do this on a different computer unless you are able to work around the problems associated with your virus infection (pop-ups, slowness, crashes etc). Once you have the disk, simply insert into the infected computer and reboot. From here the process is simple and straight-forward. The AVG Rescue CD starts up, asks you to update the virus definition database from the internet, then you run a scan and do what you wish with the results (DELETE!).
If you’re still a bit skiddish, I’ve put together a slideshow of what the process should look like. Enjoy!
Seagate offers a great tool for testing the health of your hard drive called SeaTools. If your computer makes a periodic clicking, screeching or other mechanical sound, it’s likely caused by an electronic or mechanical failure in the drive. Any drive making odd sounds should be considered a ticking time-bomb and all important files should be backed up as soon as possible. When you’ve backed up those important files you can use SeaTools to check the health of any hard drive, even non-Seagate drives!
Any drive making odd sounds should be considered a ticking time-bomb and all important files should be backed up as soon as possible.
SeaTools is a boot-disk, which means you will need to download it and burn it to a CD. You’ll find the steps required to make the boot disk at the end of the article. Once created, leave it in the CD/DVD tray and restart your computer. At that point your computer should automatically run the SeaTools CD and you’ll see a list of hard drives connected to your computer accompanied with some information about the drive(s).
Click on the Basic Tests menu at the top-left and run the Short Test first. This test takes only a couple minutes at best, and if it finds problems then you didn’t have to waste time going through the Long Test. If, however, the hard drive passes the Short Test, you can put it through the Long Test which will basically test every part of the drive.
If your hard drive makes funny noises and passes both tests, then it probably isn’t the hard drive! Try running the Acoustic Test which will actually shutdown the hard drive so that it is completely silent. If you still hear those clicks, screeches and whirs, then it has to be something else like a fan, CD/DVD-ROM or floppy. There are often several fans in a desktop computer – one to draw air into the case, one to cool the CPU, often two to cool the power supply, and sometimes there is a dedicated fan for the video card and another for overall exhaust. With up to six fans or more spinning between 3k-10k RPM, often clogged with dust and pet hair, there is plenty of opportunity for failure. It is important to identify those failures as a slow or stopped fan can quickly cause components to fail. A fan is maybe a $10 part, but a new CPU with installation can cost hundreds!
How to burn SeaTools to CD
SeaTools is provided in the common “ISO” form. An ISO file is basically a bit-for-bit image of the contents of a CD or DVD and is much easier to work with than ZIP files or folders full of individual files. The ISO file format is especially useful for Administrators as they can store them on a hard drive, and use virtual CD-ROM software to emulate a CD-ROM and open the ISO file without having to burn it to disk first. But I digress… here is how you can turn this downloaded “ISO” file into a CD:
- Download SeaTools by clicking “Download SeaTools for Windows setup file” if you haven’t already
- Insert a blank CD and open your CD burning software (Nero for example)
- If you have no CD burning software and are running Windows XP or Vista, download and installÂ ImgBurn from FileHippo, then right-click on the SeaTools file you downloaded and choose “Burn using ImgBurn”
- Windows 7 (and maybe Vista?) include the “Windows Disk Image Burner” so you don’t need a third party program to burn ISO files to CD. Simply right-click on the file, and choose Open with -> Windows Disk Image Burner. Choose the appropriate disk burner and click Burn.
- Most disk-burning software has an option to burn an image file from the File menu. Choose this option and locate the file you downloaded, then follow the bouncing ball choosing any default options when they are presented to you until the burning process starts
- When you’ve burned your SeaTools boot-disk, make sure to label it, then put it back into your computer and restart
- At this point most systems will start from the CD by default and you don’t need to do anything further
- If your computer boots to Windows as usual instead of booting from the CD, then you will need to press a key during startup to choose a different startup device, or if there is no option to choose a temporary startup device, you will need to enter setup. The magic button for these options are usually F1, F12 or Delete, but your miles may vary. Be warned that if you enter the BIOS and make the wrong changes, your computer might not work the way you want it to until those changes are reversed.
For the last week I have been looking for an inexpensive remote desktop solution for providing support to my customers from home. Many times a problem can be solved over the phone, but as tech support it can be difficult to “drive blind”, especially with there being a few different common operating systems out there. Yesterday I found a good free option for basic remote support, and today I’ve tested and confirmed that UltraVNC will do the job.
There are many companies out there offering “desktop sharing” where one user can take control of the other users computer over the internet. Most of the good ones are free for personal use, but cost money to use commercially. My two favorites are TeamViewer, and LogMeIn.
LogMeIn actually offers a free solution which is cleverly called “LogMeIn Free”. All you have to do is create an account on their website, then click Add Computer to install LogMeIn on your computer. Every computer you install LogMeIn onto will be listed on your account and you’ll be able to access them from anywhere in the world through a web browser.
I have two problems with this when it comes to incident-based remote support. First, the customer either needs my LogMeIn account credentials to install LogMeIn Free on their computer, or I need to have already installed it previously. Second, I don’t want an incident-based remote support tool to leave traces of itself on my customers computer. I don’t want them to feel like I could login again and spy on them at any moment.
LogMeIn has another tool which does exactly what I want, and it’s called LogMeIn Rescue. With LogMeIn Rescue, the customer goes to a website and enters a pin code which is issued over the phone, e-mail or text message. When they click Connect, a small program is launched which allows the support agent to control the desktop for as long as the small program is still running. Rescue has a lot of great features and it is what our support team uses at my day job, but it isn’t cheap at $129/month or $1188/year. And that price is per agent, so if I ever bring on a partner it would cost twice that for the two of us to be able to help customers simultaneously.
TeamViewer doesn’t offer any free options to commercial users like myself, but they are a cheaper alternative to LogMeIn Rescue with all the same features. Still, I can’t smile as I fork over $749 for their entry-level product right now – especially when I may only do one or two sessions per month in the beginning. What I really like about TeamViewer is that you purchase the right to use that version of the software forever. If you want to upgrade to the latest version you get a trade-in credit, but if you don’t need any of the new features then you don’t have to pay for them. I like this model a lot, and it is far less expensive than LogMeIn Rescue.
There are other options out there like Crossloop, Mikogo, ShowMyPC and more, but they either cost money or don’t work they way I’d like them to (or both). UltraVNC Single-Click is a customizable program that can be run without installing, and connects directly to my computer providing mouse and keyboard control, and file transfer ability. The session is encrypted with 128bit RC4 encryption, and when either of us ends the session the program closes and leaves no trace of itself in your Program Files directory or registry. Finally, it is completely free open-source software which means that if I was smart enough I could make changes to the software myself (but I’m not, so I wont).
It isn’t the best solution out there as far as features and reliability go to be honest. One of these days I will probably move toward TeamViewer or something similar. This custom UltraVNC utility works great for now though, and I could install LogMeIn Free during our first remote session for customers who might need ongoing support.