Linux as a Desktop OS in 2019

I doubt there are many people that haven’t heard of Linux in 2019. For those that haven’t, Linux is an operating system created in the early 90’s by a University of Helsinki student named Linus Torvalds. He created a Unix-like operating system as part of a curiosity project while studying operating systems, and let’s just say it was well received. Today, in Fortune 500 companies, the number of Linux servers exceeds the number of Windows servers, and Sun servers have pretty much become extinct.

In the desktop space, Linux was not highly viable up until the past 10 years. Today, it is quite viable for both desktops and laptops. Hardware compatibility is very wide, and the far majority of applications are built for Linux in addition to Windows & Mac. However, even in 2019, there are applications that only work in a Microsoft Windows environment. You can guess that Microsoft Office is one such application set. I will talk more about that later.

Before we jump into the things you would gain by running Linux as your desktop or laptop OS, let me just say this blog is not intended to be a “how to” guide and instead is more of “why to” guide.

Why Linux on the Desktop — What Do I Gain?

To put it simply, you gain freedom, security, personal privacy, performance, stability, supportability, lifecycle management, and cost savings. These things are simply inarguable, but there is one more which could be argued: you gain coolness.

Freedom

By transitioning to Linux as your desktop OS, you are no longer locked into a proprietary OS from a vendor that decides what features and technology stacks you need. You run what you need and want to run. If you want to store documents on a cloud, you can decide to do that, but you won’t have OneDrive forced upon you and taking up system resources when you don’t even want it. Same thing with Skype, or OneNote, or Cortana.

Personal Privacy

Speaking of Cortana, you no longer have every word you type spied upon and transmitted to a vendor so they can tailor ads and services to you… and you hope and pray the vendor never gets breached or simply decides to violate their own privacy policy — or have a legal army that they use to blatantly violate your privacy and get away with it. Yes, you can turn off these scary things in Windows 10…. but what if the “turn off ability” is broken?

Security

You no longer have to wait for that vendor to decide to push patches to you one a monthly or quarterly basis. To be fair, Microsoft does do emergency patch releases to the most critical threats.

You also get an OS that doesn’t need a virus scanner running 24/7 — usually. The far majority of malware targets windows systems.

In terms of security, you get an OS that was designed and built from day one to be secure. Linux is secured in its default state and Windows is not. This empowers users with more power than they should have to inadvertently do dangerous things. Here are some more reasons.

Lastly, security is increased and threat risks lowered simply because Linux distributions tend to run only the services and software that the end user specifically asks for. As an example, by default, there is no file sharing services running on a Linux box unless that has been deemed necessary and installed. Windows 10, on the other hand, installs with file sharing enabled and services running. This means whether the user intends to share files, the services are installed and running and presenting a risk of a bad actor or malware on the network penetrating those services. The fewer services you run, the smaller your attack surface and the lower your security risk. An attacker cannot attack a service that isn’t installed or running.

Stability

You no longer have patches pushed to you which have escaped wide testing and which might make your system unbootable or unstable. Here is an example when a  recent emergency patch made some Lenovo laptops unbootable. Here is another example when an emergency patch for mitigate “meltdown” threat made some AMD system unbootable emergency patch made some AMD systems ubootable. Then there was the time a Microsoft patch put systems with Intel SSD’s into a crashing boot loop.

Despite its track record that shows serious patch release management practices, Microsoft still feels it is best to manage patches for the user. What this means is you get patches when Microsoft wants, and can potentially be broken at a time when you couldn’t afford to have downtime.

That isn’t to say that there have never been patches for any Linux distribution which induces problems. When it happens it is pretty rare. But at least you get to choose when to risk it, and you can roll back from it. Which reminds me to mention that in most cases you can’t roll back from a bad Microsoft update.

Microsoft also takes control of what drivers are used for the devices in your system, and in many cases the drivers deployed to end users via Windows updates are a couple versions behind the most current. What this means is you are not benefiting from the device manager’s development efforts. I was working an issue on one Window 10 laptop which had very unstable wireless and would lose all ability to connect until the device was power cycled. I was able to resolve this by installing the most recent driver from the device manufacturer, which would resolve the issue until Microsoft sent updates and effectively rolled the driver back to the problematic one.

Performance

The Linux kernel is far more efficient at managing hardware resources and multitasking/threading, and the end result is things just run faster. There are plenty of examples where people have done performance testing and benchmarks to compare Windows and Linux.

Aside from the kernel simply being better performing, the entire end-user experience sees a performance benefit because of less bloat in the operating system and installed packages.

This means you get more bang for you buck in terms of return on your investment in PC hardware.

Supportability

I have to admit that I really have a negative view of Microsoft in the area of support, and I am sure what I write here will show that negative bias. Over the years I have seen countless times where people are experiencing a valid issue, and they go to a Microsoft community board and post their issue in a very clear and concise manner, which demonstrates they have spent appropriate time before seeking support, and the only thing that comes back from a Microsoft representative is something along the following lines:

“My name is [NAME HERE] and I am sorry to hear you are experiencing problems with [PROBLEM SUMMARY HERE]. I am happy to say I can assist you with this problem. Please do the following:

  • In the search box on the taskbar, enter Command Prompt. Press and hold (or right-click) Command Prompt (Desktop app)from the search results and select Run as administrator.
  • Enter DISM.exe /Online /Cleanup-image /Restorehealth (note the space before each “/”). (Note: This step may take a few minutes to start and up to 30 minutes to run and complete.)
  • Enter sfc /scannow (note the space between “sfc” and “/”

The Microsoft representative almost always chimes in as soon as the thread is started, and has some variation of the above. In 99% of the times, the poor user goes off to do these things, and comes back and says “Hi, I did that and the problem continues… what now?”

What happens next is crickets chirp while waiting for the Microsoft representative to advise next steps, which in most cases doesn’t come; but if next steps come, it is almost always “go into System Restore in control panel and choose the option to Reset This PC”.

That is pretty much the Microsoft support troubleshooting script: dism /restoreHealth and then sfc /scannow…. then reset. For those not aware, “Reset This PC” is a drastic step which, while it does preserve the users’ documents it still is a long process and ultimately, in many cases, still doesn’t fix the problem; because the problem is within Windows and appears even on a fresh install.

How most problems get fixed in Microsoft land is eventually a Microsoft Certified Professional that spends his/her own time helping the community, will come along and post the real resolution or work around.

Over the years I have seen this so many times that it really makes me angry. There is nowhere you can go to see what known bugs are out there, search, and track to see if someone at Microsoft is aware and what the disposition is…. and if it is verified and will be patched, when will that happen.

No, not with Windows, but with the major distributions of Linux, the public does get access to the issue tracking system, can report issues, search, etc. Here is the tracker for Ubuntu.

What Linux users do when they face an issue which doesn’t appear to be within their own control (e.g. their own mistake or mis-configuration), is go to the appropriate issue tracker and see if their problem is already reported, and if so how is it resolved, how can it be worked around, etc.

To really boil it down to the most simple elevator pitch, the free support you get from the community surrounding your completely cost-free Linux distribution is miles better than the support you get from the vendor you paid $139 for a stable operating system which empowers your work rather than impedes it.

Cost

It seems plainly obvious that an operating system that costs $0 is a cost save versus an operating system that costs $139 to license. However, the cost save is actually much greater.

Because running Linux almost always is done in tandem with moving away from all proprietary software and embracing open source alternatives, then there is also the cost save associated from not needing a Microsoft Office license, or Photoshop (GIMP > Photoshop), or 3D Modelling (Blender rules).

In addition to the cost save on the OS and software, you also have the cost gains associated with the increased performance, or the less downtime, etc. Some would agree that you can’t put a pricetag on having an operating system that doesn’t spy on you, isn’t a breeding ground for malware, or is a ticking bomb waiting for an attacker to gain access to your system by exploiting Windows vulnerabilities.

Lifecycle

The leading distributions of Linux have a support timeframe that is much longer then Windows. This means you can run it for many more years and the OS and all the software packages continue to be maintained, and bugs fixed, and security holes closed.

The useful lifespan is increased because of the support cycle, and also because Linux is higher performing, less bloated, and therefore less hardware demanding. To put it simply, as the years go by and more things you probably won’t use are crammed into the Windows OS, those things consume disk and memory and CPU cycles. Linux distributions are intentionally managed so as to not cause this kind of bloat.

There Have To Be Downsides – What Are they?

Complexity and User Learning Curve

Obviously, many of the benefits mentioned also carry downsides if examined from the opposite direction. For example, since Linux is less prone to virus/malware spread because it is not so easy for the user to run a script or executable, the converse of that is that it is — well — harder to use overall. While that is true, it isn’t that much harder to do the things you want and need to do.

Some would disagree, but I still can’t see it happening to manage a Linux system without ever dropping to the command line to get things done. Yes, there are GUI apps that provide access to the command line features, I still can’t say that one should plan on running linux and not plan on learning how to use the command line to get basic things done.

Also, earlier we talked about how Linux doesn’t have all software installed and running by default. We said that was a good thing from a security perspective. But what do you do if you really do want to run an apache web server?

The answer, assuming a Debian derivative distribution (Ubuntu, etc.) is you have to install the Apache Httpd package, and if you are using the built-in firewall you have to configure that to allow httpd traffic. Here is a guide: https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-ubuntu-18-04-quickstart

If one plans to run Linux but doesn’t plan how to follow instructions like this and carry out commands, that is not a good plan. That said, luckily most distributions don’t enable UFW (firewall) by default, so you don’t have to do that [art f the guide, and it boils down to really one command line: “sudo apt install apache2”.

When that command is executed, the system installs any dependent packages that are required and installs the Apache web server in a very basic configuration, which the user can then customize to work as they require.

Everything in Linux is modularised like this, and while it is a good thing from many perspectives, the bottom line is it has a slightly higher learning curve.

The good news is, everyone that is now an expert in Linux and whose guides you will read and follow, they once were also as inexperienced as you. And when you suck it up and dive into it, it won’t be long before you are a much more well-versed computer user.

Hardware Incompatability

If your system, and the devices in or connected to it, are less than 10 years old, you can expect the major Linux distributions to install and detect your hardware and provide and “up and running” experience.

That said, it would be wise to inventory your hardware and specifically research and verify that there are Linux drivers for everything. It used to be that when new hardware would hit the market, on day one it wouldn’t have Linux driver or support and all you could do is hope. It really isn’t like that anymore.

I would be remiss if I didn’t mention that some hardware has been “crippled” so that it can never run on Linux. It is very rare these days, but what used to happen is a device would offload all or part of its firmware to software within the Windows driver, and not make a Linux driver and also not make the firmware open source.

What that means is that it becomes illegal for anyone to even try to reverse engineer the driver to make it work under Linux. This kind of practice used to be somewhat common, but these days is not common as the community has reformed all the major industry players to make “open source” part of their guiding principles. If you are unlucky and have a hardware device that this is being done, you didn’t want to run that device anyways.

You Require Proprietary Software

We will talk about this in great depth next, but if you think you cannot run Linux because you require software that isn’t available on the Linux platform, there are ways around this. So let’s just dive into that now.

What Can I Do If I Want to Run Linux But Must Have Windows Apps Like Microst Office?

It used to be that if you needed Microsoft Office, that was a stopper for adopting Linux as a desktop OS. But over the past few decades a few things have happened that make that less of a stopper: the Windows Emulator (WINE), open source alternatives, and virtualization.

Windows Emulation – WINE

WINE is an emulator for running native Windows applications on Linux. A lot of applications work fully under WINE, some work partially, and some won’t even run. The reality is, you might get Microsoft Office 2007 to run under WINE.

Employ Open Source Alternatives

A better way of handling Microsoft Office under Linux is to avoid it altogether. There are several open source alternatives to Microsoft Office. LibreOffice my favorite. Other options include FreeOffice, WPS Office, Open Office, etc. Any of these alternatives will provide the core functionality of Microsoft Word, Excel, and Powerpoint. Of course, you could also migrate away from Microsoft Office by using the Google Docs apps. That said, you won’t find 100% compatibility. For example, if you are dependent upon VBA macros embedded in MS documents, that is going to be a problem — and it is a problem in itself that needs to be fixed.

It is important to point out, that you do not need to run Linux as your operating system to benefit from the MS Office alternatives. Even if you don’t plan on running Linux, it is still a good idea to decouple yourself from the Microsft Office products. I used to subscribe to Microsoft Office 365 until a few years ago, but terminated my subscription because it wasn’t gaining me anything I can’t get from open source alternatives, and it really did nothing but pollute the Windows event logs.

Virtualization

The last option for dealing with applications that create a stopper for adopting Linux is virtualization. Virtualization is a technology which allows one to create a “virtual” machine (VM) running within the operating system being used. To put it simply, if you are running Linux, you can create a Windows VM, and then within that VM you install and run the software. Windows 7 and 10 run well as virtual machines. Windows XP, 95, and 3.1 also can run as VMs, but why would you?

An interesting note is that Windows 7 professional used virtualization technology to provide 100% backwards compatibility with legacy applications. Most legacy applications could run under Windows 7 by employing a few tricks, but some could not run in any way. Windows 7’s XP mode used Microsoft’s Hyper-V virtualization technology to provide this last-ditch compatibility mode. Launching programs installed in this mode took longer, because of the time it takes to spin up the VM engine, and also ran slower because of the performance hit that came from running the VM engine and the VM.

“Virtualization” Does Not Mean “Slow”

If your saying virtualization was slow in Windows 7, why would I ever want to use virtualization to tear down stoppers to running Linux? Because in 2019, modern CPU’s that have been produced in the last five to eight years, all have virtualization features that drastically reduce the performance overhead. If your CPU is Intel, it should have VT-x. If you have an AMD CPU, it should have AMD-v.

Note that on older systems, the virtualization features might be available in the CPU but not enabled in the BIOS, and therefore it is necessary to go into BIOS and find the setting and enable it. If you are unsure, there are plenty of diagnostic apps that you can use to verify that your system supports VT-x or AMD-v. Or, you can install the virtualization software and it will warn you if VT-x or AMD-v are not found.

You can still virtualize without CPU VM features, but you cannot virtualize a 64-bit operating system and you can expect it to perform poorly.

Virtualization to Run Native Windows Apps

Using virtualization to run native windows apps is as simple as installing virtualization software, creating the virtual machine, and installing the windows OS and whatever required applications.

Virtualization Software

For virtualization software, your choice is either VMware Workstation Player or Oracle’s VirtualBox. VMware Workstation Player is paid software, but you can get a license to use at no cost for your own personal use. On the other hand, Oracle’s VirtualBox is licensed under GNU Public License V2, which for your purposes just means it is free now and will remain so. The problem with using VmWare Workstation Player’s free license is that it is a more restrictive license which could be terminated if VmWare so decides. It isn’t likely they would decide to do that.

Also, VMware’s license could cause you some legal problems if the work you do on that PC is considered “commercial”. From a licensing and legality perspective, your safer choice is VirtualBox. It is important to state this is my opinion and advice, not legal advice.

You Need a Windows License

Running a virtualized instance of Microsoft Windows as a virtual machine requires a license. In other words, you have to buy it. If you are replacing your current windows OS with Linux, and then hope to use your current Windows license inside that VM, that requires some hoops to be jumped through technically, and may not be 100% legal. It may not be legal if your license for windows is tied to the physical hardware, such as an OEM version of Windows that came pre-installed on that PC.

Another option is to use an evaluation copy of windows. Microsoft has offered free eval versions of Windows for quite some time. The problem is the free license typically only lasts 90 days, and can be renewed a limited number of times. After the eval license expires, the copy of Windows becomes quite useless.

In a nutshell, right here is where it can get complicated — not technically but legally. This might be a good place for most to simply decide to cut ties altogether with that piece of Windows-only software.

But if you must continue down this path, please do your homework and make sure you have the needed Windows product code in order to install and activate Windows within the VM.

I’m Ready To Do It!

Ok, so you are ready to go for it. Before you do, I’d like to tell you what to expect. Will I have windows GUI, desktop, taskbar? If so what does it look like? I will talk about that shortly, but let me first make a suggestion.

Try it out first!

You try Linux in a couple ways. Most distributions offer an image you can put on a USB thumb drive, and then boot your system off of that thumb drive. Just be careful not to choose the option to “Install” and instead use the option to “Try It”. Don’t worry, if you click the “Install” button it would take several steps into the procedure, and a few “are you sure you want to do this?” prompts, which would clue you in that you made an error.

Or, you could install the virtualization software (VMWare or VirtualBox) under your current windows, then use that to create a VM and install Linux to that VM. I recommend this, but especially if you plan to transition to Linux as your primary OS but then virtualize Windows from within Linux. By trying in this fashion, you are essentially doing the opposite, and gaining experience with the virtualization software and validating your hardware has the necessary features to virtualize and perform well.

Where Do I Get It, and What Is This “Distribution” Thing You’ve Mentioned?

Linux is not made or sold by any one company. The Linux kernel is the part that Torvalds did and continues to evolve and maintain with a team of global volunteers, but it literally won’t do anything for you alone. You won’t even get a command prompt and you certainly wouldn’t end up with a useful system.

When we say “Linux” these days, that means the Linux Kernel plus all the “stuff” (software layers) that are needed to make good use of that kernel in a modern context. The distributions are the kernel plus the “stuff”. There isn’t one because not everyone needs or wants the same “stuff”.

Just to give some insight int what this “stuff” is, there is not one window-like GUI available for Linux. GNOME 3 is the most popular windowing system, and is comparable to modern Windows UI, except it is a heck of lot more customizable. GNOME 3, being comparable to modern Windows UI, takes a pretty significant bite out of compute resources. Just like Windows “Aero” themes, GNOME 3 has transparaency, animations, etc. But also like Windows Aero, it requires hefty CPU and GPU. If one is less interested in the glitz and glam, and the compute resources it eats up, one might like XFCe better than GNOME 3.

XFCe provides a windowing system but is designed to be lightweight. No transparent windows or bars, no animated windows, etc. But a system running XFCe won’t need as much horse power. But even if the system has the horsepower, perhaps the user doesn’t want that horsepower eaten up by the windowing system.

The point is, you run what you want to run, and only what you want to run and that is usually driven by the hardware you have and how much horsepower you want given to any given compute function.

It isn’t just about the windowing system. All the common software packages can vary. That is really what these distributions are. Folks bundle the Linux kernel with the appropriate software packages in order to fulfill a common set of compute requirements.

A Desktop distribution will give you a windowing system (UI), system utilities, and office packages (LibreOffice), web browser (usually FireFox), etc. and a printing system.

On the other hand, a Server distribution usually doesn’t have the UI, all the utilities are command line, and it doesn’t have office software and the print subsystem is absent. But it does have Apache web server, PHP, a Mysql database server, etc.

That is really what distributions are about — giving you these varieties that best fit your compute needs so you are up and running quick after installing. DO not misunderstand though, you can start with a desktop distribution because you want a window UI and office stuff, and also add the server bits — if you need them. That really is what the flexibility of Linux is all about.

Since we are talking about desktop context here, there are a handful of most popular ones:

  • Ubuntu Desktop – The most popular/used distribution, with a specific “Desktop” blend. Probably the easiest to install and use. Uses GNOME3 desktop by default, but can be changed to XFCe for lighter weight windows system. There is a lighter blend targetted for aged/low powered hardware called LUbuntu… L for “Light”.
  • Linux Mint – Trending these days. Has its own windowing system that was a fork of GNOME. Was originally a derivative of an Ubuntu distribution called KUbuntu, with was an Ubuntu blend that used the KDE desktop environment, which is a windowing system that many preferred in the 2000’s; but even Mint uses a GNOME derivative as its UI shell.
  • Elementary OS – Another Ubuntu derivative, aims to be a “lesser learning curve” OS.
  • ArchLinux – targets x86/64 architectures only, and aims to adhere to the KISS principle, minimalism, etc.
  • Tails – This trending desktop OS specifically aims to provide an experience that focuses on your privacy and security. Way beyond the scope of this article, but people should be concerned about their digital footprint, and using Tails is one way to improve your personal security/privacy posture.

I will provide some visuals now. Please keep in mind that all of these distributions have windowing systems that are highly customizable. I am sure some of the pictures below do not depict the stock “out-of-the-box” look…. even if there is no box.

Ubuntu

Mint

Elementary

ArchLinux

Tail

How Can I Possibly Pick One?

Just do it. If you are taking my recommendation and test driving, either by using a “live” USB or setting up a VM, then you can try several and pick the one you like the most. Spin up a VM and install it and use it. See if you can get through a day by doing everything you need from within that Linux VM, and then a week.

If you must continue using thigs that are only available on Windows, then you will need to do the Windows in a VM thing. You can’t setup the Windows VM inside of the Linux VM to test how well that is going to work. Well, technically you can, but it isn’t fun and usually isn’t worthwhile to do nested VMs. But if you want to gauge how well your Windows VM will perform, it will perform roughly the same as it does when you are using Windows as your primary OS and have the Linux VM up and running at the same time.

The basic idea is your machine has to be able to run two OSes. So by leaving windows as your primary and running a Linux VM to test Linux, you are doing exactly that.

I’ve Spent Some Time Running Linux In A VM

Once you’ve spent some time in Linux on a VM under your current Windows OS, you can gauge what your life would be like if you cut over to Linux as the primary OS. If you can spend the majority of your time in the Linux VM, and only need to use Windows minimally, then cutting over is something to consider.

What About Games?

PC gaming favors Windows. I wish it wasn’t the case, but Linux isn’t a platform many studios target and that doesn’t seem to be changing any time soon. I wish it wasn’t the case, but it is. There was a time that Linux gaming was really growing and maturing, but that stopped many years ago. That isn’t to say there aren’t any games that run natively under Linux, because there are. But a serious PC gamer is not likely to not need Windows for some of the games they play.

But Can’t I Play My Games In That Windows VM Under Linux?

I wish, but the answer is mostly no. Games require GPU acceleration and that is not something you can count on working well in a VM. Yes, both VMWare Workstation Player and Oracle VirtualBox support GPU acceleration in the guest VM, it just doesn’t work as well as it needs to work for modern games. If you want to try it, you best chance of success is to use VMWare rather than VirtualBox becuase VMware has better GPU acceleration.

That said, I really suggest you go into testing it out with low expectations. You might be able to get decent results with older games, but anything you want to play in 2019 isn’t going to work well in a VM.

Sadly, this means PC gamers really need to keep Windows as the primary OS, and run Linux within a VM.

What About Dual-Boot?!

Yes, you could setup to dual boot between Windows and Linux. You would need some unused (unallocated/partitioned) disk which is large enough to hold the 2nd OS. The way it works is you keep your existing (Windows) OS and install Linux on the unused space, and have the GRUB bootloader configured to present a choice of which OS to boot.

This means that you are never in both OS’s at the same time, and that to switch you need to reboot. That gets cumbersome really quick.

The other problem is, setting this up can be tricky, and in the process of trying it is very possible to make your Windows OS unbootable.

The Bottom Line

Thus, my recommendation remains to use one OS as the primary and run the other in a VM, and the one that is the primary would be the OS that you just can’t live without and there is no way to cut it out of your life.

What About Raspberry Pi and Raspian?!?

I would be remiss if I didn’t mention that another way of experiencing Linux is on a $35 device, the Raspberry Pi 3. The best Linux flavor for the pi is the distribution that is maintained for it specifically, which is Raspian. Raspian is a debian derivative (like Ubuntu) but Raspian includes only software packages that are appropriate for the low horsepower pi. For example, it comes with and XFCe based windowing system, etc. since running GNOME 3 on a pi would be extremely painful.

In my experience, using a Raspberry Pi for desktop oriented work is painfully slow. But as anything but a desktop OS, the pi is wonderful. This blog site is running on a pi!

Facebook Security & Privacy Checkup in 2018

Tom C’s Facebook Privacy Tune-up 2018

In this article, I will walk you through a Facebook privacy and security tune-up.  Setting your privacy settings correctly will go a long way towards preventing you and your friends from being attacked by people with malicious intent, being embarrassed personally and professionally, or shattering your image by a “friend” that associates you with something that casts you in a negative light to your friends and family.

This tune-up will focus on your privacy settings and control how much personal information you expose.

Privacy Settings & Tools

In a web browser, while logged into Facebook this link will get you to your Privacy settings: https://www.facebook.com/settings?tab=privacy&view

The recommended settings are shown below, and I will provide an explanation of each:

Who can see your future posts

Controls the audience that will see your future posts, e.g. when you type a new status. By setting to friends will result in only those that are currently in your “friends” list can see the post. Please note that if in the future you become no longer friends of someone, they would then lose the ability to see posts that are set to visibility to friends. Also, posts that are set as friends visibility cannot be shared outside of the people that are in your friends list. Thus, if you intend a post to be shareable, you need to set that post to public. You do not need to go into your settings to do this, as you can set the privacy of an individual post on that post. However, if you do this when posting a status, Facebook will make future posts also public.

Review all your posts and things you are tagged in

This is not a setting but gives you a way to quickly see things are tagged in. People have valid concerns about being tagged in things. You may have had it happen in the past where you were tagged in a post that goes against your beliefs or desires, or that you wouldn’t want to be associated from the eyes of your entire friends list and family. I will tell you how to avoid this completely in a little while when we look at security settings.

Limit The Audience for Old Posts on Your Timeline

This provides a quick way to immediately change all your past “public” posts to another privacy setting. It is helpful because you may have inadvertently made public posts over the years, and you just quickly want to remedy that. However, you may want some posts to remain “public”. You will have to either go through your public posts and cherry pick the ones you want to change, or use this feature and then go over all posts to revert the ones you want to remain public to “public“.

Who can send you friend requests?

This controls who can send you friend requests. Setting to everyone will allow anyone to send you friend requests. In 2018 that is no longer a good idea because of the spam friend requests. Changing this setting to friends of friends then people would only be able to request friendship if they are already friends with another friend. If you get a lot of nuisance friend requests, you might want to change this; but my recommendation is to leave it to everyone and don’t blindly accept all friend requests.

Who can see your friends list?

Very important because there is no valid need for letting everyone see your friends list in 2018. Why? Because this is how chain posts and fake friend requests happen — by one of your friends allowing their friend list to be publicly visible. That becomes a phone book for accounts to target.

Change this to Friends Only . If that is not possible, at least make a smaller group of your friends — call it whatever you like and add your most trusted friends — and let those friends see your friend list. But if you are in the practice of accepting friends that you have never met in person, or many acquaintances, then please tighten this up.

Who can look you up using the email you provided?

Don’t expose this to the world. You know all those marketing and scam emails you get? You don’t want those people to also be able to get your name and other information by plugging your email into Facebook!

Who can look you up using the phone number you provided?

Same as last entry, but for your phone number. Don’t expose this to the world. You know all those marketing and scam calls that you get? You don’t want those people to also be able to get your name and other information by plugging your phone number into Facebook!

Do you want search engines outside of Facebook to link to your profile?

This is important because this is where most phishing attacks begin. What is a phishing attack? Well, put simply phishing is an attempt by a person with malicious intent to gain access to your personal data so that they can then launch attacks against you. Attackers first need to find an account, then they visit your page to find what bits you have unknowingly exposed to the world. For example, you might have your kids names and photos on your page and exposed to public. Now they know enough to target your kids — or target you via your kids.

I will talk more about securing your personal data, but for now please set this to No. You do not want search engines to find your profile.  Yes, this makes it harder for people to find you — but if they don’t already have a way of contacting you to initiate a friendship, then why are you friending them? You have to stop the insanity at some point, so why not start now?

Now we are going to switch pages and look at “Timeline and Tagging Settings”

Timeline and Tagging Settings

In a web browser, while logged into Facebook this link will get you to your Timeline settings:https://www.facebook.com/settings?tab=timeline

I recommend the settings as shown below, and will explain:

Who can post on your timeline?

Setting this to friends allows friends to post to your timeline… any friend. And when any friend happens to become irate because something you posted or commented doesn’t align with their beliefs, they may come to your timeline and post something that is against yours. Or, someone you met in a bar once posts a photo of you dancing on the bar to your timeline. And these people make those posts public in view scope, so now your employer who probably already has your facebook profile address and monitors posts to ensure you are not casting the company in a negative light can see those posts.

“Uh, Bob, can you come into my office and bring everything in your desk with you? Some photos have surfaced….”

Oh my, why would you want to let anybody post to your timeline? Well, when it is your birthday, friends that can’t post to your timeline because you have that set to higher security than friends will find out real quick how much you don’t trust them.

But, there is a better way to protect yourself. Keep this set to friends but activate the review timeline posts setting, described in a short while.

Who can see what others post on your timeline?

This controls who can see what others post on your timeline. Assuming you have timeline review turned on, this really shouldn’t be necessary to change. But if you don’t want to turn timeline review on, and you want all your friends to be able to post to your timeline, this setting might be beneficial. I prefer to control what goes on the timeline to begin with, so I don’t have to worry about this setting.

Allow post sharing to stories?

Stories is a new concept and quite frankly one I have yet to embrace. This setting will control whether or not to allow others to take one of your public posts and share to their story — with your name attached. Note, it has to be a public post….. no one can expand the scope of viewability of any of your posts. I don’t see a problem with this, so long as you are mindful to post public posts when necessary and intended, and with the expectation that the post could become viral and become well known at your workplace.

Hide comments containing certain words from your timeline

This is not particularly useful. You can enter keywords that will hide comments containing those keywords to posts you make, but those comments won’t be blocked completely and your mutual friends would still see the comment.

A  better practice is to actively moderate comments made to your posts. Yes, you have a responsibility to do that — especially if your post os of a nature that is likely to draw controversy and opposing views. You can remove comments to your posts, and you really should do that if the comments are personally attacking others. At a minimum, you should call out attacking comments and warn. Taking the position of “I can’t control who comments to my posts and who that might offend”. Because you can control that.

Who can see posts you’re tagged in on your timeline?

This will allow you to control who can see things you are tagged in. This setting used to be important because it used to really be a problem of people tagging their friends to offensive or nonsense. The better way is to prevent that, and that is done with tagging review, which is coming up real soon.

When you’re tagged in a post, who do you want to add to the audience of the post if they can’t already see it?

This comes into play if you are tagged in a post (or photo) by a friend, but your other friends can’t see it. I see no issue with this, assuming you have the review feature enabled.

And now we finally get to talk about the review features!

Review posts you’re tagged in before the post appears on your timeline?

This is a great feature and highly recommended. If you turn this on, any posts to your timeline will not be visible to anyone until you review them. When someone posts to your timeline, you get notified and can review and on a per-post basis decide whether to allow it or not. If you allow it, then it becomes visible to the people who can see your posts (controlled through another setting discussed previously).

This setting solves the problem of someone posting to your timeline something offensive or something you do not wish to be associated with.

Review tags people add to your posts before the tags appear on Facebook?

This is similar to the previously discussed setting but applies to the situation of photos. To be honest, I am not seeing how this is much different than the previous one.

Personal Data Points On Your Profile About Page

Why Protecting Your Personal Data Is Important

You probably wouldn’t want anyone on the Internet to know what High School you went to, where you work, your date of birth, your home address, your cell phone number, your email address, your kids’ names, their dates of birth, your mothers maiden name, etc. because a malicious person armed with all these data points can hijack your identity really quickly.

So why do you expose those data points to the world via Facebook? Ok, maybe you don’t expose them all, but how many do you expose? Keep in mind, that even if all these things are exposed only to “friends” unless you are extremely selective in who you friend, you are putting yourself at great risk.

How To Review Security Of Your Profile

From Facebook, click your profile picture in the top bar to view your profile, then click the tab “About”.

You should see something like below. It shows the “overview” by default:

Go through each item from the list in the left: Work and Education, Places You’ve Lived, Contact and Basic Info, Family and Relationships, Details About You, and LIfe Events.

For every piece of personal data exposed, hover over that data point and you will see an icon pop up that shows the visibility scope. An icon that looks like a world means you are exposing that to the world, an icon that looks like a few heads means you are exposing it to your friends, and an icon that looks like a lock indicates you are exposing it to no one but you. The setting for that is literally Only Me.

You should not have anything exposed to the world. I expose my website because that is not harming. I don’t even list my true workplace so it can’t be breached or disclosed by accident.

Beware of Life Events = Over Sharing To The World

The default setting is for your “Life Events” to be shown to the world.  Think about this carefully, because if you create a life event to commemorate the day your child was born, and expose that proudly to the world, that life event then shows anyone the birth date, and most likely the child’s name, and what hospital, and the parents’ names, and the grandparents. Pretty much all the information a malicious person would need to impersonate your child, obtain a duplicate birth certificate, etc.

Always Presume Someone On Your Friends List Is A Bad Guy

Go through every data point and make sure the visibility is set properly, and in 2018 that doesn’t just mean not exposed to the world. It also means not exposed to your friends — unless by chance you practice extremely good practices when considering/vetting friend requests, and all of your friends have a valid need to know and can be trusted that they also don’t put You and your family at risk. 

Which leads to an important point which will be discussed next.

How Can My Facebook Friends Put Me At Risk?

If your Facebook friends do not practice what you do, and especially if they expose their friend list to the world, and they are publicly searchable. Now bad guys that find them also find you.

What happens next is that bad guy creates a fake profile and sends your friend a friend request, and also to you. You are smart enough to vet that request and ignore it. But your friend cares more about the number of friends they collect than their own privacy and yours, so they accept the friend request. This is why you never set any privacy or post settings to “friends of friends”, because if you then this bad guy can see your personal data.

App Permissions

The last component of our checkup is to review application permissions. You may recall over the years you have used Facebook to log into other sites or integrate with other services, like games and such.

To see what application s have access to your Facebook account, you can click this link: https://www.facebook.com/settings?tab=applications

Here you will see all the applications that are allowed to access your Facebook data. There are three tabs: “Active”, “Expired”, and “Removed”.

The apps in the active tab are apps that have access right now, and you should recognize and understand the validity of that app having access to your Facebook data. If not, remove the app. You do that by marking the app with a check, then press the “Remove” button.

I have checked “Ali Express” and “Yelp” apps because I do not want those apps to have access to my Facebook.

Facebook does automatically track and will expire apps that aren’t used in 90 days. But that does not remove the app but just terminates its access for future requests.  You should remove apps that you cannot justify having access to your data. If for some reason you don’t want to remove an app, you can click the app to see the specific permissions, and perhaps cut back the things it can see and do.

Now,  I have to talk about the risks you create when you visit one of those “What Celebrity Do I Look Like” sites.

Why Shouldn’t I Allow Apps I see My Friends Posting Results, Fortune Telling, etc?

Because those apps/sites first ask for access to your Facebook personal data and profile picture! Notice how the purpose of the site is one that requires your photo. Sites like “what will I look like in 50 years”, “what hair color is best for my face”, “do I look like Brittany Spears or Christina Aguilera” (Answer, no — neither).

While it is certainly possible that these sites are truly for entertainment purposes and your profile pic and data go nowhere,  that isn’t very likely.  It is more likely that the site really exists as a way for bad guys to get your photo and personal data.

What can a bad guy do with your photo and personal data? Well, pretty much anything. They can create a fake ID and make a copy of it, and mail it to Facebook, Gmail, Hotmail, etc. to “recover” your account. Of course, your account doesn’t need recovering, but they will do it to gain access and lock you out of the account in one swoop.

And you happen to use your Gmail account for the two-factor authentication and password recovery for your online banking? Guess what happens next. Oh, and you use Chrome for all your password storage and management? Guess what happens next?

Please, just don’t. And if you already did, go revoke that app/site so it cannot access your Facebook profile.

My Friends Use Those Stupid Apps, Can That Hurt Me? What Can I Do?

Yes. Your risk gets raised by having friends that use these apps. Anything that you expose to “friends” gets exposed to these sites/apps. If you have friends that do this, your best course of action is to put those friends in a group called “Acquaintances”, and then go into all your settings and set everything that was set to “friends” and change it to “Friends except Acquaintances”.

Authentication & Login Security

You should review your login & authentication options. You can use this link: https://www.facebook.com/settings?tab=security

I am not posting a screen cap for obvious reasons and instead will summarize the things you should have enabled and should not.

Choose friends to contact if you get locked out

I do not recommend to use this feature. Several years back this was a common way of gaining access to someone’s Facebook, because if you could get the person to accept as friends 3 bogus accounts which you control, then the attacker could “recover” your account by choosing those 3 friends.

I am sure this feature is much better, as it allows you to pick the 3 to 5 people, but still this just doesn’t seem smart or even necessary.

Where You’re Logged In

You should review this periodically — especially if you sense things are being sent to people from you but weren’t done by you. You can log out any sessions you don’t recognize. When in doubt, log the session out. If you have retired devices over the years, those are probably still allowed to login. You should remove them.

Change Password

Do this every few months. It isn’t as painful as you might think.

Log in with your profile picture

I do not recommend enabling this. If it is enabled, and you access Facebook from a compromised device, or a device you don’t control completely, your login could become compromised. As the saying goes, security and convenience are always competing…. you should err on the side of security.

Two-Factor Authentication

Highly recommend enabling this, and on any other service that provides two-factor auth. Two-factor authentication is simply an authentication that requires two things — something you know and something you have. Password only authentication is only one thing — something you know. If I can guess that one thing, I get in. But if you have two-factor auth turned on, I still can’t get in because I don’t have the 2nd thing — the thing you have.

Enabling two-factor authentication causes you to have to login with the username and password, and then Facebook sends you a code through SMS or Google Authenticator app, which you need to put in to complete the login process. This is when you access the service from a new PC or device, not every single time you use the service.

Two-factor auth should be used on all social media accounts becuase of the potential for damage to your image, name, reputation if your account gets compromised and control is lost. It will hurt you personally and professionally. You should also use two-factor authentication on any site or service that has access to your payment card information. Paypal, Amazon, etc. all offer two-factor authentication, as does your online banking.

Keep in mind that your mobile device becomes very important when it is the device that holds that second factor for login. This is why modern devices require biometrics. Possession of the device is not enough, because if it were device theft would be a much bigger problem.

With two-factor authentication, the bad guys can’t just steal your device to get into your online accounts — they have to also cut off your finger or pluck out an eye.

Get alerts about unrecognized logins

You should turn this on. It will send a notification to your mobile device, and to any web sessions, when a new device accesses your account. Since you have two-factor authentication enabled, that would mean someone was able to login completely. If it was you, you simply click the option “it was me”. If it wasn’t you, the first action you do is urgently logout all other sessions than the one you are on (through Facebook security settings as discussed above) and change the password. Do this quickly because if you can do that before they log you out and change the password, you will prevent the attack.

Other settings

The other settings on the Facebook Login and Security page are not terribly important and are self-explanatory.

What About Facebook Messenger? Should I Use It?

No. But if you do use it, please forward a link to this article to everyone in your contacts list.
🙂

What Should I Do Now?

Go do the same at all other social media sites, sites that contain your payment card information, the email you use as the “recovery” account for all other accounts, etc.

Get in the hait of reviewing all your security & privacy settings at least every 6 months.

Privacy Policy

This site does not track you or your personal data beyond the actions you perform here, and beyond that nothing is tracked. We sell nothing.

What This Site Knows About You

1) Most who sign-up authenticate via a third-party such as Facebook or Google. In that case, the only thing this site knows about you is your email address which is tied to the third-party authentication that you chose.

2) This site knows about what posts or pages on this site you have accessed here.

3) This site knows from what IP address you used to access this site.

What Data This Site Sells 

Nothing. We do not sell or provide anything about your actions done here to anyone.

What This Site Tracks After You Leave This Site

Nothing. This site does not use cookies or scripts to track your activities outside the scope of using this site. This site does not try to list what other tabs you have open, what other connections your device might have to other sites, etc.

Does This Site Know My Password on Facebook, Google, Twitter, etc.?

No. If you chose to authenticate using a third-party such as Facebook, Google, or Twitter, then this site does not know what your password is on those sites.

That said if you chose not to authenticate using one of those third-parties, and instead create a user account and password on this site, and that password happens to be the same as what you used on some other site, in doing so you have done an unwise thing.

However, rest assured that this site does not store that password even in its local database.  Instead, it stores a hash of that password. To be more specific, it is a salted hash. That means even if someone gains access or a copy of our internal database, they will have a very tough time determining your password from that salted hash. I can’t say it is impossible, because nothing is.

But still, you really shouldn’t use the same password on multiple sites.

What About  Plugins This Site Uses?

This site uses plugins for various things, like integrating with social media and authentication sources. All plugins used are widely used and generally considered to be secure and not abuse your personal data.

Far Cry 5 Review by Tom C

TL;DR
Great game
UbiSoft has a lot of loyal customers but has made missteps in the past that upset millions. Specifically, the botched and severely bugged release and subsequent abandonment of Assassin’s Creed Unity left a lot of people feeling ripped off.
This release does not suffer the technical issues that tend to accompany AAA releases. I attribute that to the fact that the underlying gaming engine, Dunia 2, is now mature and battle-tested. In addition, the game does not raise the bar for hardware as much as you would expect with an AAA title. You won’t need to buy a new $400 video card to play this game with acceptable frame rates.
 
Now onto the content. I am loving it. We all knew that the game would be centered around a religious cult in a fictitious county in Montana and that the game would include in its plot some of the current controversial issues.
 
The world created does capture midwest in terms of wildlife, terrain, and culture. You can fish and hunt when you don’t feel like shooting it up against the evil cult. The only negative thing I can say is that I wish it was bigger. But you do feel like you have been transported to Montana. The visual artwork is spot on.
 
The music is simply a masterpiece and plays a big part in establishing the immersion that the game creates. It is Americana style music with a very folksy tone. But what really stands out are the hymns that are played in all the areas under the control of the cult. Very bone-chilling and they stick in your head and haunt you when you aren’t even playing.
 

Far Cry 5 provides access to helicopters and small aircraft. While that is a good thing, that is what makes the world seem too small and it is problematic to the plot. The smart thing to do, as soon as you get your hands on an aircraft, would be to fly out and go get back up and the full force of the federal law enforcement. I was curious to know how they made doing that impossible and wove it into the plot, but they didn’t.  When you fly near the bounds of the world, you can see the edge and if you fly over it, the game just respawns you. This aspect of the game needed better handling.

In terms of gameplay and mechanics, it is a Far Cry title so you do exactly what you would expect. You have to take down cult outposts, one-by-one, destroy their resources, and complete missions.

Multiplayer, although I haven’t yet tested it, is very good. In multiplayer mode, you can play with a friend and do the campaign and missions cooperatively.  There is not a smaller set of missions that are for multiplayer, like in so many titles. Really nice.

Multiplayer also has a player-versus-player (PvP) mode where teams of six battle it out in Far Cry 5 Arcade. You find the arcade machines through the Far Cry 5 world, and when you interact with them it takes you to “Arcade” mode where PvP exists and create custom maps. But Far Cry 5 Arcade mode takes you out of the world of the campaign.

Many reviewers are not impressed with the handling of the controversial points., and specifically say that Far Cry 5 fails to “say anything” about the things going on in our country right now. I don’t agree. I think it says a lot that the game was even set in the US and that it is imaginable that this could actually happen. But UbiSoft has stated their position was to have no political message. If you are looking for one, you might be disappointed. I’m not sure we should be looking to video games to make political messages.

I was surprised that the fictitious cult is not created in a denominational agnostic way, in order to avoid alienating specific followers of a specific religion, but they did make the cult label themselves as Baptists. But let us not forget that the real-life Westboro Baptist Church also considers themselves Christians and believes they are carrying out God’s work.

For whatever reason, UbiSoft decided to include microtransactions. You can use real money in their store to buy silver bars in the game which can be used to get access to weapons and such without having to earn through the game missions. Completely optional and harmless, but still I wonder why. It just makes the game look greedy and nickel and dimey.

As I said before the immersion is deep and the tone and themes are haunting. There are some disturbing visuals throughout the game that really drives this home.

Bottom line: Highly Recommended

Windows Hello – Biometric Login

With the latest Windows 10 update you can now login to your PC with biometrics, using either fingerprint or facial recognition. In Why would you want to do this and what should you be concerned about?

First, to address any concerns about putting your fingerprint on a device, fingerprint scanners and login systems do not store an image of your fingerprint. What happens is a sensor reads the tiny bumps and valleys and computes a mathematical formula based on those bumps. The mathematical formula is called a “hash”, and a hash is simply computing a big number for some object, such that no two objects will result in the same hash, and the hash function is one way. What this means is that even if someone were to get ahold of the hash of your fingerprint, they cannot work backwards from that has and construct your fingerprint.   Lastly, the fingerprint hash is unique to the system you are logging into, so someone can’t grab your fingerprint hash from your PC and use it to log into your phone.

Why would you want to use biometrics? Because it offers convenience, because you don’t have to type a password to login, and because no one can guess your password or brute force hack like they can with password.

Which is better — fingerprint or facial recognition? The answer really depends on the facial recognition scanner. Some facial recognition systems have been fooled by using a picture of the person’s face.  This is not good when you consider your picture is likely available to anyone via facebook — which incidentally is one reason you should not make your profile picture a close-up of your face showing great detail and especially your eyes. This is also why you shouldn’t visit those sites that analyze your face and tell you which celebrity you most resemble — because it is bullshit and also because those sites are gathering facial scans. Face it, you don’t look like Brad Pitt and the site you let scan your face to tell you that is going to sell your face scan.

Fingerprint login has been fooled in some rare cases, but in general you can be assured someone isn’t going to be able to login to your PC using a beer mug you touched, or a picture of your finger. However, as we see in plenty of video games and movies, if the information you are securing with your fingerprint is wanted that badly, all they have to do is cut your finger off to get access. Incidentally, this is another reason to not prefer facial recognition — you can live without a finger but not without a head.

You don’t have to buy a new PC to get biometric login with Windows 10. For under $20 you can buy a usb dongle that plugs in and you are up and running. Just make sure the fingerprint scanner you buy is designed for and compatible with windows hello.

If you want to go the facial recognition route, unfortunately your existing webcam has very little chance of being a windows hello compatible device. If you were going to buy a new one anyways, then I suppose this might be a good way to go.

Beyond simply logging in, you can look forward to windows hello being able to integrate with applications and sites in the near future. This is where the real benefits will kick in, when you can set gmail to require fingerprint login., or your online banking.

For extremely sensitive information or system access, you wouldn’t want to change from password to biometrics. Better would be to require both. This is called two-factor authentication, and is the best way of controlling access because in order to get in the individual needs something they have (the finger) as well as something they know (the password or pin code).

Two-factor authentication is available on a lot of sites today, but it is not convenient because you have to put in a  password, then check your phone for a text message with the code, and then enter that.  With biometrics, two-factor authentication becomes a lot simpler and convenient, and therefore people will adopt it.

Protecting Your Family Online Using DNS Filtering

Ideally, children’s online activities should be actively supervised by an adult, but the reality is you can’t be everywhere all the time. Each household has typically at least three Internet-connected devices, and kids have tablets and smartphones in their hand for hours. Schools are transitioning to online for assignments and handing in work. So how do you keep your child from accessing content that they shouldn’t, such as pornography, hate sites, sites that provide instructions how to build a bomb, sites that tell your child how to get high off of cough medicine, etc.

There are many software solutions out there, such as Net Nanny et. al, The problem is you have to install, configure, and manage software controls on your computers, your child’s Android phone, the family tablet. While that is doable, it is time-consuming to set up and to maintain; but you will likely find you can’t cover all the connected devices. For example, a hand-held gaming system like the Nintendo DS3 is Internet connected, and your child can install software like YouTube to access content. How do you control or protect against that?

The best approach is to centralize the controls at a single point — where all the connected devices get out to the public Internet. For most people, this will be a wireless router. This router is typically set up to hand out IP addresses and configuration to all the device in the home, and among those configuration bits is a setting called Domain Name Services (DNS) address(es). Put simply, when you access a site by its Internet name, such as www.microsoft.com, something called a DNS server has to translate that Internet name into an IP address.

The simplest and easiest way to prevent devices in your home from allowing people to connect to sites with adult or questionable content is to rig DNS to not allow translating those site names to IP addresses. Back in the day, to do this you had to setup your own DNS server then figure out how to rig it to exclude sites you disallow, and then you had to continually add sites to the list. A lot of work to do and to maintain.

These days there is a free service that does all this for you, called OpenDNS, which has recently been acquired by Cisco but continues to be a free service.  You simply reconfigure your router’s DHCP service to not give out your Internet Service Provider’s DNS address(es) and instead to give out the DNS address(es) for the DNS servers from OpenDNS.

The below link will take you to the OpenDNS site where you sign up for the free service called Family Shield. You set your router to hand out the DNS addresses that the site gives you, and that is it. The DNS servers are setup to block the sites that contain porn, illegal activities, etc. For most people this is all you need to do:

https://www.opendns.com/setupguide/?url=familyshield

The default plan will block the most blatant things you don’t want your kids to access, such as porn and illegal activities, but perhaps you want to block sites having to do with hate, bomb building, or you don’t even want your kids on social media. You can create an account, which is still free, and then fine tune the settings for your household and specify exactly what you want to be blocked.

While customizing the settings can certainly allow you to block more, the blocking is all or none. Using the categories, you can block all of social media but that would include Facebook. If you want to block most but allow a few sites within that category, you use the feature to specify individual domains to either allow or deny.

Obviously, the more domains you add manually to either include or exclude, it can become unmanageable.

There are ways to circumvent DNS protection. Using DNS blocking, it would still be possible to view any site if your child knows, or can obtain, the IP address and use that address. This isn’t terribly hard to do, but isn’t something most kids will be able to do.

Another way to circumvent would be to change the network adapter settings to put in a DNS server other than the one your router is handing out. But under windows 7 and up, in order to do this the user would need to have administrative rights to the PC, and you should not be giving your kids admin rights to the PC.  There is no valid reason your kids need admin rights. Any game or software that needs it, shouldn’t be allowed. You should be installing and updating software.

Once you give admin rights to your kids, they will be able to circumvent any controls pout into place, and be able to download and install malware and spyware.

Raspberry Pi Cluster — “Why To” Guide

This will be more of a “why to” guide and not so much of a “how to”, and certainly not a step-by-step on the setup of an individual pi. A good place to start for setting up and individual pi is the Raspberry Pi sit at: https://www.raspberrypi.org

A single Raspberry Pi v3 has enough compute power to be a decent general purpose Linux box, run a Linux Apache MySQL PHP (LAMP) stack to run a website, or be a streaming media server by running OSMC. But what a single Pi can’t do is all of the above at the same time handling a respectable workload.

Back in the day, techies would run a few Linux boxes in their den  or closet, usually re-purposed desktop PCs that were once very powerful desktop or gaming systems but then became inadequate for those purposes. While you can still do this today, you have to consider the cost of powering a full desktop or gaming PC 24/7. When you consider that, plus the cost of the air conditioning, and the noise, and the physical footprint these antiquated PCs take up, it no longer makes sense to do that.

Also, in the event of an extended power outage — such as what we experienced with Hurricane Sandy — you need your infrastructure to take up as little electrical power as possible. Running your services on low powered Pis versus antiquated desktops, you can run longer on UPS; and if you end up living on generator for weeks, your stack of Pi’s will take up negligible load on your generator.

I should clarify that the word “cluster” in the context of multiple Pi’s doesn’t end up being one big Linux box that runs across the Pi’s. It is simply a handful of Pi’s with services distributed across them.

I run three Pi’s, or now I suppose four as of today, with the workloads split out as follows:

  1. One Pi V3 running OSMC acts as the streaming media server for the living room entertainment center.
  2. One Pi V2 running a LAMP stack, plus wordpress, and is what is serving up this page right now for you.
  3. One RP V2 running RasPBX , which is a distribution that specializes in making your Pi run Asterisk and FreePBX  so you can have a full enterprise level phone system, complete with voicemail, conference bridges, etc.
  4. My newest Pi V3 will be a general purpose box and playpen.

Usually you acquire multiple Pis over time buying one, then another, then another, etc. Over time you end up with a pile of Pis just hanging about and a mess of cables. Or perhaps you bought a case for each one, but you find they don’t stack well and still are a mess that is hard to manage.

To solve that problem, I recommend the Dog Bone case by Geaux Robot, sold at Amazon here: https://www.amazon.com/GeauxRobot-Raspberry-Model-4-layer-Enclosure/dp/B00MYFAAPO

This case will accommodate four (4) Raspberry Pi’s model 2 or 3. They also offer a 2-pi or 3-pi version. This will keep your Pi’s stacked neatly and nicely as a single unit, while providing good airflow for cooling and it looks nice and techy.

Next, you need to consolidate all those power cords. If you bought a power cord for each Pi, then you find that they don’t work nicely with a UPS power strip and take up too many slots. Now, you do need a UPS, but there will be more on that later. If you buy a powered USB hub that can provide 2A of power to each port, then you can plug that USB hub into your UPS, and plug the pi’s into that via UPS cords. The net result is you end up with only one power port on your UPS for the entire stack of Pis.

I used this, which is a power port designed for delivering power, not a USB hub: https://www.amazon.com/gp/product/B0115MVRO4

I condensed my stack of Pi’s onto this power source as well as three NetGear switches, so that all of those devices consume only one port on my UPS.

Why do you need a UPS? Because the Raspberry Pi ‘s SD card can become corrupt if power is cut without a graceful system shutdown. What that means is if you lose power, your Pi may not boot and you have to spend time recovering the image — or starting with a new one and reconfiguring your services.  Plus, your Pi’s will become an integral part of your home infrastructure which you don’t want to lose service if it can be avoided.

Before I move off the topic of power, it is important to point out that stable power is critical. If your power source cannot provide at least 15.A  to each Pi, you run the risk of the Pi locking up, crashing, rebooting, etc. Again, this would run the risk of corrupting the SD card of the Pi, because the reboot would be without a graceful shutdown.

For the network, you really should get a 5 or 6 port gigabit switch. That would be 4 ports for the Pi’s and another that uplinks to your other switches. You can, of course, just plug the Pi’s into an existing switch if you happen to have enough ports available. But segregating the Pi’s onto their own small switch is cleaner because you can strap the dog bone case to the switch and handle and manage as a single unit. Usually you buy, or make your own, very short patch cords.

A word about wireless — avoid it if you can. You can use it of course, but each Pi will lose signal every so often, or you will end up with your wireless net oversaturated. Over the past couple years I have re-worked my home infrastructure to put all infrastructure back on wired Gig-E, as well as networked cameras and desktop PCs and gaming rigs, and the only things consuming wireless are the mobile devices and everyone is happy and fast.

I recommend using the “Raspian Lite” image instead of the default image, which includes the X windows GUI and desktop environment. If you install that, you will play with it long enough to realize it isn’t a viable desktop environment for everyday use, and then you spend time figuring out how to uninstall all that bloat. I recommend to install the lite version and then only install on top of that the services you really want and need.

Typically the only thing I install, other than the packages required for the services planned (Apache Httpd, MySQL, etc.) is webmin in order to  manage and administer the system.

You may have picked up that I do not have firewall services running on any of the Pis. I love pfSense, but as far as I am aware it still is next to impossible to make run on an ARM based Pi. It might be possible these days, but just not something I want to spend time on. I run pfSense on a dedicated Zotac C Series CI323, which is a mini x86 system that is fanless and draws little power.

None of my Pi’s are directly on the public Internet, but I do have firewall rules to pass the traffic that is appropriate to each service on the pfSense firewall.  Therefore I do not talk much about security here, but it is very important to consider. I personally would not put a Pi directly onto the public Internet, but that doesn’t mean it can’t or shouldn’t be done. But if you go that route, be extremely diligent managing and applying patches and hotfixes, strong password, and some form of protection like fail2ban.

Star Wars Battlefront – Ripoff of the Year?

star-wars-battlefront-box-art-01-ps4-us-06apr15Every year there is at least one massive failure in the PC gaming industry where a game is released with a long list of serious bugs that make it clear that meeting deadlines to capitalize on market hype and the holiday gifting wave with little to no concern of quality. There have been entire studios driven out of business because of releasing a poor product, with MicroProse’s botched release of “Falcon 4.0” being a prime example. The title “E.T.” for the Atari 2600 goes down in history as being the biggest video game failure of all time and is being blamed for the video game crash of the 80’s. Is “Star Wars Battlefront”, released by Origin (a division of EA), going to go down as the biggest failure of releases in the November-December period of 2015?

Clearly, if you are a game studio that has secured license rights to release the next Star Wars title which happens to coincide with the release of the next film in the franchise, you know you are well positioned to earn serious revenue for your company. So you set out to communicate your vision with the teams you have hired to deliver your vision. It goes without saying that the graphics must be stunning (and that is the case). It should also go without saying that the game should be fun and keep you engaged, and the general consensus is that after about 30 minutes it simply becomes “boring”. It should also go without saying that the game should work, and the bug list is quite long and the severity of the bugs is quite alarming.

The list of common technical problems and workarounds, as of Jan 4th is published here: Common gameplay issues and workarounds for Star Wars™ Battlefront

You can see that pretty much aspect of the game is flawed for all platforms. My favorite is for “Technical hang or game freeze” with the recommended workaround “Restart your game.” What that basically means is if you happen to find the game enjoyable and devote time to playing, it might hang or freeze at any time and you have to restart. Nice.

Game controllers don’t work, there are video problems, and connectivity issues. I bought the game for my 8-year-old son, and after an hour of playing, he was already playing something else. When I asked his opinion of the game he said: “it freezes and glitches too much”. Keep in mind a custom built a gaming system based on an AMD-6300 CPU and nVidia GTX-950 GPU, and whatever the issues are it isn’t the computer.

There you go. Did entire teams of EA not test the product? Did they not do focus groups? Or did they know all the problems but needed to release it despite the serious issues in order to cash in on the Star Wars bonanza?

It is a common tactic to release and hope your audience will be patient and wait for the patches. The problem is that once the game is released the studios downsize their staff. It can take months of patches to get most of your customers happy, as was the case last year with UbiSoft’s “Assassins Creed Unity”.

Please note, “Star Wars Battlefront” are registered trademarks and property of Disney and EA and I have not been authorized to use their trademarks or the image in this article, especially since my review is less than flattering.

Tom C’s 10 Steps To Make Your Windows 10 Upgrade Succeed

For weeks, your windows 7/8 has probably been nagging you to upgrade to Windows 10, and perhaps you have been hesitant to take the plunge because of the media reports on how “buggy” windows 10 is. This article will help you prepare for this upgrade in a manner that lowers risk and makes it a good experience.

It is a normal part of the operating system new release life cycle for a major OS release to contain major bugs. Providing the ability to do an in-place upgrade of as previous version of the OS, and not having to re-install all the apps, increases the complexity of the roll out simply because the previous OS may have been patched/hacked (by OEM or the user) in ways that the new OS doesn’t know how to handle. To put it bluntly, upgrading a sick operating system often results in a sick operating system. In order to prevent issues during your upgrade experience, you need to do the following:

1) Perform due diligence that all your hardware devices are supported with either drivers for windows 7 or there are windows 7/8 specific drivers. Be very cautious of hardware that has only a driver that targets Windows XP architecture, and consider what that means to you if that device doesn’t work in windows 10.

2) You should not have to worry too much about applications from major vendors (Microsoft, Adobe, etc) but applications that are grown by individuals or indie publishers (who may not even be around anymore and the software was last built in 2008) need to be considered as a risk — what does it mean to you if those apps no longer work?

3) Make sure your storage hardware is supported in Win 10! Yes, this technically falls under item 1, but you need to be sure that your storage is expected to work in Windows 10. If you have a motherboard that supports RAID, and have a bay full of drives configured under that RAID technology, if Windows 10 does not work with that RAID technology you will face a huge issue — your disk will appear to be missing or empty, and windows 10 might assume it is a blank disk and format it!

If your storage device is external and connected via USB, then also perform due diligence that your computer or motherboard maker provides USB drivers that work in Windows 10 — or be certain the computer’s USB ports don’t need a special driver. This is mostly a concern if your computer/motherboard supports both USB 2.0 and 3.0, usually there is a proprietary driver involved which is provided by the motherboard or chipset maker.

If your storage hardware is just an internal standard SATA drive you shouldn’t have any issues.

4) Make sure you have enough disk space. The windows 10 in-place upgrade process will make a backup of your windows 7/8 configuration so that you can roll back if needed (must rollback within 30 days). Obviously this requires disk space overhead. As a general rule of thumb, you should have 50GB free before considering an OS upgrade.

5) Uninstall programs that you don’t really use much., or you can reinstall without too much hassle. Why rely on the in-place upgrade process to migrate apps that take 20 seconds to reinstall?

6) Ensure your existing OS is healthy. The details for this would be a separate long article, but suffice it to say that a sick Windows 7 or 8 might make your Windows 10 upgrade fail miserably without any way of rolling back.

7) Uninstall your antivirus. They always say to do that before installing any piece of software, and no one does, but invoking an in-place upgrade to uplift your OS isn’t something you’d want to risk your antivirus intervening and shutting down critical processes and failing the upgrade.

Also, I’ve seen cases of the antivirus not working very well after an in-place upgrade, and removing and re-installing after windows 10 upgrade fixed that.

Obviously, you should also make sure your system is free of virus and malware.

8) Backup your “My Documents” to a cloud service or backup device. The in-place upgrade should not harm your files, but why chance it?

9) Don’t forget to consider drivers from the OEM PC maker, especially on laptops, such as hotkey services or power management. If there are not windows 10 versions of your hotkey service, then once you are on Windows 10 the vendor specific buttons on your laptop or keyboard may not work. Windows 10 should handle power management, but some devices like Netbooks that rely on aggressive power management might not have the battery longevity that you had prior to upgrading to Windows 10.

10) Make sure your wireless network adapter is expected to work in Windows 10, and has a Windows 10 or Windows 7/8 specific driver. Yes, this falls under  item 1, but pay particular attention here because if you upgrade to windows 10 and upon booting the wifi card does not work, Windows 10 may not handle that very well.

I saw this on a system, and the first boot into windows 10 it ran extremely slow and was unusable.  Once the windows 10 drivers were installed it was fine. But achieving this was difficult because the system was bogged down so much. It literally took 2 minutes each time you click something or type a key for it to take effect, and the start menu did not function at all so it was hard to get to the “control panel” or “device manager” to remove the drivers and then reinstall.

Post install — once you have done the above and invoked the install and it has completed, your first order of business is opening device manage and making sure you have no yellow or red exclamation’s, all your devices are listed, and then checkout your system thoroughly.

If your system is not performing well, reboot it (properly) as I have seen it happen many times where the first session was very slow but a reboot fixed it.

Once you are convinced everything works, install your virus software and re-install the apps you may have removed in the process above. Invoke “Windows Update” and force it to look for updates, apply them, and reboot if needed.

If you find your Windows 10 does not work well, e.g. slow, crashing, etc. and you can’t resolve the issue then you are left with two options: reset the windows 10 or roll back to Windows 7 or 8.

Resetting windows 10 would basically blow away all the apps and the windows 10 installation (which was upgraded from a previous version) and install a clean windows 10.  However, if you choose this option, you lose the ability to roll back to your previous OS. Take this option if you are confident you are to remain on Windows Otherwise, invoke the roll back and hope that works.

If you are unable to get Windows 10 working despite your best efforts, visit http://www.ubuntu.com

Chat Transcript With a Game “Key” Reseller That Sold Me A Tainted Key

Below is the chat log of my discussion with a third-party PC game “key” re-seller, after a key sold from them was invalidated by the game publisher and the ability to play was terminated. This is how I chose to handle a key reseller that obviously sold a key they were not legally entitled to sell and ended up getting banned, knowing full well they would try to blame the game publisher and point me to them for recourse.

You’d be suprised how many people get suckered into such a scam, and then allow the retailer to give them the run around, refuse to refund, etc.

 

I have redacted the representative’s name and replaced with “Customer Service Rep”, and the company name is replaced with “<Company Name>”.

Customer Service Rep:
Customer support
Chat started
Thomas Carlisle
The game key I procured through your site has been banned by the manufacturer (Ubisoft), and I am sure this has to do with that the key was not properly procured from the manufacturer. Who can help me by issuing an immediate refund? Thank you, Tom Carlisle

Customer Service Rep joined the chat

Customer Service Rep:
hi

” I am sure this has to do with that the key was not properly procured from the manufacturer” ?

have you heard this from them regarding your particular key?

All our keys are purchased from suppliers who have been operating in the gaming industry for many years

Thomas Carlisle:
What I mean by that, is your company has most likey sold me a key which was not rightfully GDK’s code to resell. Yes, I heard from them, in that my game has been removed from by account and when I try to re-autorize the code I am told it is banned.

Respectfully, GDK needs to refund me and work out your issue with Ubisoft.
Customer Service Rep:
Thats true, we will indeed be following up on this issue with Ubisoft. We have all your order details so we do not require any further information from you

We will be in touch as soon as we are able to

I am creating a new ticket from this chat transcript under your name

Thomas Carlisle:
No, I want the refund so I can procure through Ubisoft now.

Customer Service Rep:
Im afraid that is not possible

Thomas Carlisle:
I am not looking for delays. Unlless this issue can be resolved within the next few hgours.

Customer Service Rep:
surely you understand that we cant just process instant refunds without investigating claims

Thomas Carlisle
IF there is nothing you can do, expect that my extremely popular blog site will have articles detailing this issue to warn other consumers, and I will find where your legal entity is and file a claim in small claims. Is $30 really worth it?

Customer Service Rep:
no it isnt worth it at all

And I dont really see why that would be necessary

I’m trying to explain to you that this issue will be handles with the utmost urgency

Thomas Carlisle:
I’ve offered to give you a few hours to get to the bottom of it. That is more than enough time for someone at <Company Name>  to contact Ubisoft and fix it. BUt I am not really comfortable that this will be resolved.

Customer Service Rep:
but as with most businesses refunds cannot be processed without due investigation on our part as

time in usa
Thomas Carlisle:
If <Company Name> rightfully owned the code to resell, it should take a phone call to Ubisoft. I am sure Ubisoft has procedures in place not to cut off paying customers through authorized resellers.

Customer Service Rep:
Its a little unfair to ourselves to be threatening us with all sorts of public blog threats and such

but as you say it isnt worth it

Thomas Carlisle:
You can investigate and get back to me, but we both know that isn’t likely going to happen. I am not going to spend the next several days waiting for this to get sorted out.

Customer Service Rep:
we are a small company who trust our large suppliers with their end of sourcing stock and such responsibilities

We will follow the whole issue up with them

Thomas Carlisle:
Being in your type of business, you must understand that when an issue like this happens to your customers, it doesn’t look good. If <Company Name> is doing legit business, you should have procedures in place to handle this type of situation.

Customer Service Rep:
We would have appreciated a chance to actually investigate this as we’ve not had this complaint from anyone but nevermind. I’ll send your request to the person incharge of refunds immediately

It should all be sorted within half an hour at the most

If you paid by Paypal you’ll get email confirmation when it is sorted

Thomas Carlisle:
Payment was through moneybookers, as that is where the site took me to pay.

Customer Service Rep:
We are no longer with Skrill and are processing all payments solely Paypal at the moment. Do you have a Paypal account we can refund to instead?

We’re in the process of moving card processor to Nochex

Thomas Carlisle:
Was moneybookers being used on 12/29? The reason I ask is perhaps I ended up at a site masquerading as <Company Name>? DO you show and order number #### to me?

Meant to type “do you see an order #####”

Customer Service Rep:
Yes that definitely looks like an order number from our store. We’ve only switched from Skrill/Moneybookers this month

Thomas Carlisle:
OK, then at least it is the right place. I am sorry if <Company Name> is in legit business, but you must realize many discount game key sellers are not legit. So this type of issue really raises brow. If you can get Ubisoft to activate the key promptly, that woudl be a good resolution. If not, then yes I’d like to refund.

Customer Service Rep:
Not to worry, I can understand your concern

As I said we’re more than happy to send you the refund if you can let us know how best to do so

Thomas Carlisle:
I do have a paypal account. What do you need, the account number?

Customer Service Rep:
We are a UK based business so seeing as it is after 11pm here, such issues as contacting Ubisoft would be handled by the morning staff

Just your paypal email

Thomas Carlisle:
The paypal is linked to ##############

Customer Service Rep:
thanks, i’ll be right back

Hi

All done

Please check your Paypal and confirm

Thomas Carlisle:
Yes, thank you for making this right. Your company should follow-up with Ubisoft and find out why your key got banned. If <Company Name> is not considered authorized by Ubisoft you will see a lot of these

Customer Service Rep:
Yes we will most certainly be doing so first thing in the morning
Thomas Carlisle
Have a good week end