Sunday, July 20, 2014

You Deserve Privacy

There's a growing movement not only to take away your privacy, but to convince you that taking your privacy away is no big deal. You've probably heard some of the arguments, like "why do you need privacy if you have nothing to hide?" and so forth.

First, look at who is saying these things and notice that they have a vested interest in trashing your privacy, whether it's governments or corporations. Both want to erode your privacy for different reasons but the net effect is the same. So are their rationalizations. It all boils down to hollow rationalizations: It's to improve your shopping experience! It's to catch terrorists and pedophiles! Think of the children!

But it's all BS. There's no evidence that bulk data collection or corporations aggregating data on you has done anything but trample your rights in the name of some cause, or worse, in the name of profit.

I am here to tell you that everyone deserves privacy. It's even built into the Fourth Amendment, which guarantees us the right against unreasonable search and seizure. The next time someone gives you that line about "if you have nothing to hide", hand them a slip of paper and ask them to write down their personal banking information. Yeah, I thought so. Everyone has something to hide, and everyone has something to lose when their privacy is trampled on.

You deserve privacy. The fact that bad people use technology to do bad things has nothing to do with you, the law abiding citizen. And the fact that taking away everyone's privacy could make it a little easier to catch those bad people also has nothing to do with you. The Constitution does not say "unless terrorism" or "unless quarterly results".

It's time for all of us to collectively reject the notion that if you want privacy, you must be a terrorist or pedophile. The more people who don't reject that philosophy, the easier it gets for the masses to believe the socially engineered lie--the lie that we do not deserve privacy.

Saturday, July 19, 2014

E-Commerce Spammers

In the course of creating an e-commerce site for my outdoor blog, I noticed something really strange. Only a few minutes after setting up my Drupal Commerce Kickstart software, users started registering. Which is strange because the new domain does not point to the server yet. The spam bots must be connecting straight to my IP address.

I do have my outdoor forums pointed to the server, so maybe it's the same spammers that normally attack and try to spam my forums. Maybe those robot spam toolkits have the ability to register with e-commerce sites as well as Internet forums and blog comment pages.

It seems really sophisticated but I'm not sure what an attacker has to gain by registering for an e-commerce site. Either way it's clear that I will have challenges running an Internet store that I never considered.

A long list of robots waiting to shop from my store?

Thursday, July 10, 2014

The Scam of Most VPN Services

Having a VPN (virtual private network) service is one of the few things you can do to actually increase your privacy. While it won't shield your activities from people and governments with massive resources, like some TLA (three letter agencies), for the most part it is a very effective privacy tool.

Over the last few years I have used a few different services, I have noticed that most of the ones that offer month-to-month billing have a flaw in their systems that they have no desire to fix. The subscription-based services which auto-bill you every month for the most part don't have this problem, but I'm not one to trust a company until I have some experience with them, so I always start month-to-month on these services.

Example


Let's say that I pay on 1/1 for a full month, which gives me a period of service from 1/1 to 2/1. But on 1/20 the service starts spamming my email, informing me that my month is about to expire. So I pay the service on 1/20 and think everything is fine and I'm good until 3/1, right? Wrong. Now on 2/10 I'm getting those spam emails, telling me my service is about to expire on 2/20. Where did those 10 days go?

The answer is they took those 10 days of service from you. If you call or email to complain, chances are they will credit your account those 10 days. But they won't fix the problem, and next month you'll be in the same boat. What's worse, if you don't say anything or don't notice it, they will happily keep shorting you service. Once company refused to credit me the difference so I was forced to file a PayPal claim.

I can hear someone saying "just let it expire before you pay it again" but nope, most of these services charge you a late fee if you let it expire first.

Solutions?


1. Use a subscription-based  VPN service that auto-bills you every month and keep an eye on them.

2. Use a VPN service that doesn't charge you a late fee if you let your service expire.

3. Use a VPN service that lets you pay in advance but defer the activation until after it expires.

Conclusions


I've been writing this type of computer billing code for insurance companies for decades, and it's not rocket science. The logic to bill and adjust for money by date is very straightforward. No, the real reason these companies do it is because they can. They assume right off the bat that you are doing something shady by using their service, so you will not complain too loudly. So they have no incentive or reason to fix the problem, which probably makes them a lot of money.

For this article I will not shame the bad services I have run across, because they almost seem to be universally bad. What I will say is that my current VPN service BolehVPN allows me to wait until my service expires to re-up with another payment. They also let you defer the activation of your payment for up to 60 days, so I can pay for it when it expires, and then just activate the next billing period when I'm ready.

There are a whole lot of folks out there who have a personal or profitable interest in shaming you into believing that you are not worthy of privacy. You must be hiding something, right? We're all hiding something. I doubt anyone has their banking site passwords taped to their front door. You deserve privacy, and the folks who have a vested interest in profiting from it or taking it away will do everything they can to make you feel like a second class citizen.

The answer is to hold these shady companies accountable for screwing you over 10 days of service at a time. You are not a second class citizen. Treat them how you would treat your phone or cable company and don't cut them any slack for assuming you are too ashamed to ask for your money back!


Saturday, July 5, 2014

How To Recover Data From a Dead Computer

2.5 inch laptop IDE drive with USB adapter
2.5 inch bare laptop IDE drive with USB adapter
I've seen it happen with friends and acquaintances. They are working on a novel, or a big presentation or something big, and then suddenly their computer craps out. Now, these people all usually have one thing in common: at the time their computer crashed, they did not have a current backup. This article is for those people. Since I'm a software guy, I look at hardware with all the fascination of a toaster as long as it's working. So if your data is backed up, revert to the backups unless you have some compelling reason to recover the data.

Send it Back?


At this point you are probably thinking that since you have a brand new laptop with a 5 year warranty and all the extra coverage you can buy. That might be great for keeping your hardware working, but it won't protect your data. When you send a system back, you can definitely request that they recover the data on it. They may even charge you an extra fee to attempt to recover your precious data. They'll even sound really positive and upbeat about it. But in my experience, about 100% of the time they will make no attempt and just apologize that they were unable to recover it. I've seen it happen too many times in my career with too many people, most of the time knowing the data was recoverable. The irony here is that most of the time when you ask them to recover data, they just assume you are saying the hard drive is bad and they give you a new one, which obviously doesn't have any of your data on it. So when you get it back, it's too late to run any kind of data recovery software because your data is somewhere else.

Equipment Check


Philips Screwdriver: Before you start, you are going to need a couple things: a good Philips Screwdriver to start with. Lately I like the Wiha brand. You get what you pay for, but either way most people can dig up a Philips screwdriver. Note for a laptop that it will be a much smaller Philips like a #0.

Flathead Screwdriver: Sometimes you may need a flat head screwdriver or the flat of a pocket knife blade to lift a laptop drive enough to slide out.

USB Adapter: There is a special type of cable adapter which turns a bare hard drive (laptop and desktop) into an external USB drive. You are probably already familiar with external USB storage devices like those little flash drives and portable hard drives. If not, then maybe you are out of your element here. With this cable, you can turn any bare drive into an external USB drive you can then plug into any computer or device capable of reading a USB storage device. This means you can even recover your data from a smart phone or tablet!

As an alternative to the adapter, you can also get a docking station that sits on your desk and lets you drop in any bare desktop or laptop hard drive. It's a neat device, but unless you handle a lot of bare hard drives, you probably don't want it sitting on your desk.

Do It Yourself


Your valuable data resides usually in a single place on your computer: the hard drive. These days that drive can even be solid state and you may have an SSD drive with no moving parts. Both are functionally the same: small boxes inside your computer which store your data. If your computer stops working, your hard drive may still be fully functional. This article will assume that your computer has failed but left the hard drive intact, which is usually (but not always) the case.

If your hard drive turns out to be damaged, you still have a few options, but this discussion is beyond the scope of this article and may be addressed in future posts.

IDE or SATA?


The two main types of drives you will find in most computers are IDE and SATA. I won't bore you with details, but suffice it to say that SATA is newer and faster and will usually be found on any system newer than 2004-ish. For the purposes of this article, it really doesn't matter which, because hopefully you will buy the adapter that does both.

You can still find this older style IDE-only adapter below for cheap. I use it for old laptop drives and have long since lost the power supply it came with.

IDE to USB Adapter


I've had this kit below for several years and will pretty much read any drive.

IDE to USB/SATA Adapter With Power Supply 1

IDE to USB/SATA Adapter With Power Supply 2

Below is a bare IDE laptop drive from an older laptop I chucked in the trash.

2.5 Inch IDE Laptop Drive

Below is a desktop SATA drive. You can tell a SATA drive by the small cables.

3.5 Inch Sata Desktop Drive

Below is an older IDE drive, which you can tell by the big ribbon style cable.

3.5 Inch IDE Desktop Drive

Pull the Hard Drive


So now you have the proper equipment and you know what you are in for. Let's get the hard drive out.

The only thing resembling a difficult part of this task is pulling the hard drive from your computer. This may be daunting to some folks who have never done it, but keep in mind that all modern desktop and laptop computers are designed so that components like the hard drive are easily accessible. This is not the case for smaller devices such as tablets and phones, but for actual computers, the hard drive is almost always going to be easy to get to with just a screwdriver.

Desktop: I'ts usually much easier to pull a drive from a desktop computer. As you are looking at the computer from the front, you will want to remove the left panel. Now look at that panel from the back of the computer and it will usually be held on by 1 to 3 Philips screws. One of those screws might be a thumb screw you can take off with just your fingers, and in some cases it's just one thumb screw holding that left panel on. Either way, take off whatever screws are there and try to slide the panel toward the back. Since there's so many different brands of computers, the panel could be different: it could swing out or fold up or there may not be a separate panel.

With the inside of the case accessible, you should see some sort of "cage" or mounting bracket with a hard drive in it. If it's a newer SATA drive, it will have two little cables coming out: a power cable and a data cable. Very carefully remove both these cables to start with. If it's an older style IDE drive, it will have a much larger ribbon cable and an older style power connector. Same concept: very carefully disconnect the drive.

Now the only left is to physically dismount the drive. The problem is that some manufacturers have wonky rail mounting and other ways to make it easy to remove the drive, and they are all different. Most of the time the drive will be mounted with 2-4 Philips screws, and in some cases you will need to remove the right panel to get to those mounting screws. Some manufacturers will mount the drive in such a way to remove it without taking both panels off. What you need to do is spend a few minutes just looking at it and most of the time it will be obvious how to remove the drive. Keep in mind that this is not rocket science, and most computer repair technicians are not who I would characterize as rocket scientists. So bear in mind when you are looking at the mounting, that it's designed for a kid at McDonald's to easily remove it--don't over-think it.

Laptop: It seems like every laptop is slightly different, but functionally the same. You take off a back panel which exposes the hard drive and you unmount it. Once the drive is exposed, you will usually only find one or two screws securing it. From that point, on most laptops, the drive will just slide out of its little dock and then pop out of the case. Be very careful with any connectors because they are usually much more fragile on laptops.

Below is a photo of my wife's HP Pavilion laptop, with the hard drive circled. To take the hard drive out of her laptop, there's just one screw holding the sliding back panel. Once the panel is off, the drive comes out easily.



Recover The Data


Getting the bare drive out is the hard part. Once you have it in your hands, you can now recover the data by hooking it up to an adapter. For some configurations like the IDE laptop drive below, you don't need the power supply that comes with the adapter since it gets its power from the USB port. Larger desktop drives will need the power supply plugged in.

The setup below is like a geeky portable drive. It's only 80GB but that's still lots of photos.

2.5 Inch IDE Laptop Drive with Adapter

Once you have the adapter plugged in, your setup acts just like any USB storage device. You can copy data from the drive, format it--do whatever you want. At this point you should consider buying a proper portable drive to backup your data. I like the smaller ones that have a laptop drive inside because they don't need a separate power supply to lug around, though they are usually not as fast as their bulkier desktop cousins.

Conclusions


I know people who carry old computers from city to city, year after year because it has some old photos or documents on them and they still haven't gotten around to doing anything with it, and their procrastination doesn't allow them to just send it to me. Usually I have the drive out in a minute or two and copying data to something easy to access, like a drop box account. It's normally very painless to get your photos from a dead system. Usually it's some high failure component like the computer's power supply, motherboard or CPU. Every once in a while the hard drive itself fails and at that point you're pretty much screwed for easy recovery. There are data recovery shops out there which can pretty much work miracles when it comes to recovering your data from a damaged drive, or even a piece of a drive platter.

But most of the time, the drive can be dismounted and your files copied just like any other storage device. You can even buy a portable laptop or desktop sized enclosure and turn your orphaned drive into a proper external storage device!


Saturday, June 28, 2014

Does Formatting The Hard Drive Erase My Data?

Someone was asking this on an Internet forum I frequent and I was re-reading it, I realized that my reply actually made sense, so I decided to share it to a wider audience in case anyone else finds it useful.

Formatting the drive doesn’t necessarily mean that the data is gone. And a quick format most definitely does not erase the data. Also, deleting the partition does not remove any data.

If you want to know for sure it’s gone, use a third party utility that actually erases the drive byte-by-byte, sector-by-sector. Some apps will even overwrite each byte several times with a different “pattern” value, because in some cases it might be possible to recover data even after it’s properly erased.

A good clue on how effective your erasure is by how long it takes. To erase a drive, a software application has to write every sector on the drive, and to do that takes a long time on large capacity drives because there’s just so many dang sectors. It should take about as long to erase a drive as it does to fill it with data. Anything where you press a button and it says “done” a minute later is only overwriting a few sectors—the data could still be recovered.

Think of the partition and directory information as maps to your data. If you delete the maps, the drive appears to the operating system to be empty, and that’s good enough most of the time. The drive functions the same. As you put data on the drive, the “maps” are rebuilt for your new data, and the old data is overwritten one file at a time.

Which also means 10 years after you format it, some data from the old format could still be there. The recovery tools and procedures are very sophisticated. It may not be what you want to hear, but if you even have a little sensitive or private data on there, I wouldn’t part with it other than to toss it or destroy it.

In the old days (80’s and early 90’s), formatting the drive erased it completely. It pretty much had to because hard drives weren’t as reliable and the format had to check for bad sectors and take them out of the pool. But as time went by, drives became larger and more robust, and nobody wanted to wait 2 hours for the drive to format. And now it’s probably the least of your privacy concerns. Your private data is more likely to be scraped off your Internet connection than your physical drive.

The best way to keep your data private is to encrypt the whole damn drive with something open source like TrueCrypt. Once the power goes of and the drive un-mounts, the thing is a brick without the password. Make sure to use older versions of the software as it’s probably been compromised as of a few weeks ago by some TLA (three letter agency) but the older versions should be fine.

It’s a hassle typing your password for every drive every time your system reboots, but once the power goes off, you know it’s secure. Of course there’s lots of ways to compel people to cough up the password

Tuesday, June 24, 2014

Battery Capacity Tests

Recently I got this Opus BT-C3100 "analyzing" charger. This charger can test the actual capacity of a wide range of rechargeable battery chemistries, including NiCD, NiMH and Li-ion chemistries. For the most part the bigger name batteries deliver at least the capacity they promise, but it's good to keep them honest. There are also off-brands which can perform as good or better than their big name counterparts, or fall horribly short.

Photo of some of the batteries being tested, such as Olight, AW, Efest and LG


This post will be updated as I test more batteries.

ProductChemistryStatedActual# SamplesLowHigh
DLG 14500 Flat TopLi-ion7507514734759
Eneloop XX AANiMH25002480424552496
eFest 16340 IMRLi-ion5505774555594
AW RCR123ALi-ion7505594556565
Olight 14500Li-ion7508014788821
Sanyo UR14500P 14500Li-ion8408194808825
Ultrafire AA NiMHLi-ion35004084373431

NOTES:

  • AW is supposed to be the best money can buy, so it's a little disappointed to see the test results of the first batch of batteries I bought.
  • Normally I don't buy Ultrafire batteries, which are considered to be crap. But they do make a few decent models, and this battery had over 400 reviews with 5 stars! They must have been switched out to fakes at some point.

Gallery



Tuesday, June 10, 2014

Life Without Net Neutrality

Behold, the future of the Internet without Net Neutrality. We are very close to this being a reality. The problem of course is 'regulatory capture' where an industry under regulation provides a career path for folks in charge of overseeing regulations for that industry.

Simply put, the policy makers in charge if Net Neutrality are ex-lobbyists with a vested interest in seeing it fail and will be hired again as lobbyists the day they leave office.