Home computer security recommendations
I recommend you keep your Windows OS patched and be sure to update all the software you use. I run Windows Defender for antivirus and malware in conjunction with securing my browser and using a DNS that filters malicious sites.
I don’t recommend third party security/network software. If you feel better running a third party product, stick with something like Bitdefender,
I also recommend running ‘beta’ releases for the major browsers (links below) and use a public DNS service that filters malware. I typically use Cloudflare, Quad9, and Hope this helps.
Beta links for Chrome, Edge, and Firefox
Google Chrome Beta
https://www.google.com/chrome/beta/
Microsoft Edge Beta
https://www.microsoft.com/en-us/edge/download/insider?form=MA13FJ
Mozilla Firefox Beta
https://www.mozilla.org/en-US/firefox/channel/desktop/
Quad9 DNS
https://quad9.net/
Cloudflare 1.1.1.1
Speed up your online experience with Cloudflare public DNS resolver.
https://developers.cloudflare.com/1.1.1.1
OpenDNS
DNS SERVICES FOR YOUR HOME OR SMALL BUSINESS.
https://www.opendns.com/home-internet-security/
OpenDNS
Free for: Personal or business use for Enhanced DNS; personal use only for other home and family services
DNS addresses: 208.67.222.222 and 208.67.220.220
“FamilyShield” DNS addresses: 208.67.222.123 and 208.67.220.123
Internet speed tests
With more people streaming and general Internet use increasing, I get questions about measuring home Internet performance. I recommend using the three sites listed below. I have them in the order I prefer and have comments regarding each site.
Cloudflare – more technical detail and appears very accurate, no ads.
Netflix – change settings to enable more technical detail and save your configuration, very accurate, and no ads.
Ookla – similar accuracy as Cloudflare and Netflix, but less technical detail and *littered* with ads.
Cloudflare Speed Test
https://speed.cloudflare.com/
Netflix Speed test
https://fast.com/
Ookla Speed test
https://www.speedtest.net/
Windows endpoint security recommendations
Friends and family have asked about antivirus and security recommendations. This is a quick summary of my best practices to keep your desktop or laptop secure.
Keep your system updated. Set Windows Update to run automatically or manually run it weekly. Pay attention to Microsoft Patch Tuesday.
Antivirus – I recommend using Microsoft Defender. There are others, but the consumer version of Defender is solid, it is less likely to impact other programs, it doesn’t impact performance, and combined with other safe computing practices is a solid antivirus/malware solution.
Browsers – Edge, Chrome, Firefox, all are secure. I recommend installing the beta channels for all browsers. They have proven to be very stable, and you avoid ‘day zero’ exploits.
Browser add-ons – install an ad blocker. Don’t think twice. Install an ad blocker, and make sure it’s uBlock Origin, the one with this logo:
Home network update – Meraki to Netgate
I avoid frequent changes to my home network. My stated goal is to design and install a reliable, secure network and keep it updated, but otherwise leave it alone. About five years ago, I took advantage of a Cisco program for free Meraki software for completing a professional certification class and exam. Now the program has expired, and I needed to replace the MX64 security appliance.
Moving from a commercial security device to a consumer product, I wanted to get something simple, but flexible. I’ve always been interested in open-source products, and considered ‘rolling my own’ firewall, but finding cost effective, silent (fanless) computer with multiple gig Ethernet ports in the current (Nov 2022) market was a challenge. Also, there’s still a huge supply chain issue that I expect through 2023 and I don’t want to buy from China. Not a nationalist issue, but I don’t trust security appliances from China (https://www.dhs.gov/news/2020/12/22/dhs-warns-american-businesses-about-data-services-and-equipment-firms-linked-chinese).
Selection Process
Super simple – I looked at consumer products and found they weren’t flexible enough for my use, some products were discontinued, others are on back order. I wanted to spend under $300 and narrowed the search to Ubiquiti Networks and Netgate (pfSense). Ubiquiti availability was an issue, and Netgate was less expensive, so I went with the entry level Netgate 1100.
Although the GUI lagged during the installation, subsequent configuration changes and overall performance of the device has been good. I’ve updated the default configuration by disabling IPv6, not using VPN or packet inspection, using PiHole on a spare Raspberry Pi instead of using Netgate services.
I would call this a ‘prosumer’ product – you can’t install and use this product without reading the manual and understanding the basics of TCP/IP networking. However, it’s much more flexible than the average consumer product and using pfSense open-source software provides greater security and longer support life (IMHO).
Performance
Performance is equivalent to the Meraki MX64. We have >20 devices on our home network including three Roku devices streaming 1080p (not 4K). If you plan to implement low level security, ad blocking, and other features, consider the 2100 model.
Recommendation
-
Pros
- Good security appliance for home networks with under 500 Mbps Internet service
- Simple installation and silent operation
- Better security and longevity than consumer products at this price point.
- Performance is good
-
Cons
- Install is not just “click next” – you need to read the manual!
- Lots of online chatter about performance issues using third party packages
Home Network
Netgate running statistics
Internet speed
Comcast – 300 Mbps download, 12 Mbps upload
PiHole update – certificate error
Attempting to update PiHole from the command line, I received the error below:
[i] Downloading and Installing FTL…curl: (77) error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
[✗] Downloading and Installing FTL
Error: URL https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-armv7-linux-gnueabihf not found
[✗] FTL Engine not installed
Unable to complete update, please contact Pi-hole Support
I searched the /setc/ssl/certs folder and didn’t find anything out of the ordinary.
Updated CA Certificates:
sudo update-ca-certificates
After this, re-running pihole update worked correctly.
Obituary – Maureen Begley
Maureen A. Begley (nee Burchill), age 91, of Chillicothe, Ohio, formerly Moorestown and Mount Laurel, NJ, passed away on March 10, 2022. Wife of the late Paul E. Begley, Sr. Mother of Paul (Barbara), Kevin (Pauline), Dennis (Sherry), the late Michael (Vicki), and Brendan Begley. Grandmother of Sarah, Katherine, and Megan Begley, Bradley Edwards, Stacy (Begley) Adams, and Sean Begley. Great-grandmother of Nicholas and Nathan Edwards, and Michael Joseph Adams III. Sister of the late Elaine Corcoran. Aunt to many, many nieces and nephews.
Maureen graduated high school at age 16 and started working for AT&T and eventually RCA where she met her future husband. An accomplished gardener, bridge player, and animal lover, she traveled extensively, including trips to Alaska, Egypt, Antarctica (via east and west coasts of South America), China, the Galapagos Islands, and Ireland to visit family. After her children were grown, she started college, studied accounting, and completed her associates degree. After which she worked for a Atlantic Disposal and later started her own bookkeeping company with several local small businesses until she retired in her late 80’s.
Relatives and friends are invited to attend her viewing and visitation on Friday evening, March 18th 6-8pm at Mount Laurel Home for Funerals, 212 Ark Rd, Mt Laurel Township, NJ 08054. Funeral Mass Saturday morning, 10:30am at Our Lady of Good Counsel, 42 W Main St, Moorestown, NJ 08057. Interment following in Calvary Cemetery, Cherry Hill, NJ.
Mount Laurel Home for Funerals
https://www.mountlaurelfuneralhome.com/
Out Lady of Good Counsel Parish
Calvary Cemetery
Cherry Hill, NJ
https://southjerseycatholiccemeteries.org/locations/
Comcast Internet issues
We ‘cut the cord’ and shifted from DirecTV to Internet streaming in 2019, and, like almost everyone else, I’ve been working from our home office since March 2020. A few months ago, we started to see buffering issues with the TV, and more recently reconnect/timeout issues with VPN connections and Teams calls. At first the cable modem looked OK, and I optimized our internal network (Meraki MX/Switch and Google Wi-Fi) because I hadn’t touched it in three years. No real improvement, so I purchased a new Motorola MB7621 cable modem because the SB6183 was five years old. No change, BUT I noticed the event logs were getting flooded with “T3 timeouts” (reference screen shots below).
I contacted Comcast support via chat, who realized this wasn’t a ‘reset your cable modem’ issue, and they gave me a link to schedule a call back. Fifteen minutes later, I was on the phone with Charles. He didn’t see any issues on his side, and I asked about connecting my old cable modem. We re-registered the old modem, and as soon as he did, he saw errors on the line. At that point, he scheduled a technician to come to the house.
The technician was very good. I showed him how the cable was routed to the house, and he tested the underground cable and determined it needed to be replaced. He also shifted the coax ground from the water pipe to the electric box as that’s the current best practice because newer homes are shifting from copper plumbing to PEX. With that in place, he tested the connection to the cable modem and found that was out of spec as well!
After replacing the connections end-to-end, I see ZERO errors on the cable modem, and with that no buffering, dropped connections, and faster transfers (OS downloads, for example).
Comcast gets beat up a lot, but my customer service experience was exceptional. Fingers crossed the follow-up is as good – they need to bury the temporary cable, but I’m sure it will be just as smooth.
MB7621 Error Logs
SB6183 Error Logs
We bought a 2017 Chevrolet Bolt EV
A 2017 Chevy Bolt EV has replaced my beloved 2005 Saab 92x (aka Saabaru, a Saab badged Subaru WRX) and the best car I’ve ever owned.
When I started researching cars to replace the Saab, we considered buying new and used gas cars, but the market is crazy between supply chain issues and escalating prices. Our newest car is a 2016 Subaru Forester, and we expect to keep it for another 12 years. As we considered EV’s, we feel the landscape will be very, very different in 5-10 years, so we weren’t keen on buying a new car now and we started to look at used EV’s.
In 2014 we leased a Honda Fit EV. It was a Honda special lease program, and we received a free Level 2 charger (we paid for installation). We returned the car because our needs changed and there was no buy-out option for the lease. However, two years with an electric-only car made us EV evangelists (well, maybe I’m the evangelist). For reference, the Honda Fit had a 20 KWh battery, 100 HP, and published range of 80 miles and used a Level 2 charger which we installed in our garage.
Flash forward to 2021. Our EV criteria was a minimum range of 200 miles, a four door hatchback large enough to fit our taller than average family (I’m 6’3″ and 225 lbs.). Looking at used cars, we quickly came to the conclusion that 2017 Chevy Bolt EV’s coming off lease looked like a the best choice for us. We also saw the battery recall putting a dead stop to all resales. At the same time, used Tesla’s were increasing in price and various discounts and promotions for new EV’s were expiring.
One month ownership notes
The Chevy Bolt EV isn’t a Tesla Model 3, but it’s a great EV, a solid car, and a used 2017 Bolt EV Premier is a great value. The batteries and motor are sourced from LG and the balance of the car was designed and assembled by Chevrolet. The controls are familiar, good ergonomics, good visibility, and I particularly like the utility of the car. The rear seats can be folded flat with one hand, and there is a rear storage area behind the rear seats that is covered, but the cover and false floor removed to provide a 12-18″ bin for extra storage. The Premier trim comes with roof rails, and we purchased cross bars for bicycle and roof racks.
-
Chevrolet Bolt EV 2017 details
- 2017 Bolt EV Premier with all features except a sunroof (which we would not use)
- Premier comes with DC fast charge option (55kW)
- 27,000 miles
- Energy Saver A/S SelfSeal 215/50R17
- Safety features like blind spot detection, front and rear cameras
-
The Good
- Driver seat adjustment and leg room is great for tall drivers. Leg room and headroom for four is good.
- Overall ergonomics are solid, and we like the tray between the front seats and door storage.
- The Bolt EV HP and torque are amazing. It’s just fun to drive.
- Range is quite good – well over 200 miles with normal driving and less than full charge.
- 200 HP with no turbo lag and a single speed transmission is addicting, and I’ve been driving a WRX for 16 years.
- “Single pedal driving” – with the transmission in “Low”, you can use regen braking to bring the car to a complete stop.
- Safety features, including a wide-angle rear-view mirror option that uses rear cameras.
- Remote start, auto dimming rear view mirrors, automatic headlights, and other convenience features.
- Bluetooth is rock solid and in-car calls are much better than our Subaru because the Bolt is so quiet.
-
The not-so-good
-
2017 model has 2017 tech
- Android Auto requires a USB cable (versus wireless)
- Waze beta has issues although Google Maps works as designed.
- Wireless charging ‘pocket’ too small for Pixel 4XL
- DC fast charge limited to 55kW, where newer EV’s are as high as 150kW, which limits long road trips.
- No spare tire, sealant, and air pump, we also have AARP road service.
- Ride is a bit harsh, mostly due to energy efficient, low profile tires.
- Front seats are a tight fit, but not bad.
- The arm rest is an interference fit for me but has a lot of storage and removable tray.
-
Personal Letterhead
With email and other forms of electronic communication, no one may care about writing letters, but I’m starting to write letters to friends and family. I wrote many, many letters in college. Phone calls were pretty expensive in the mid-late 1970’s, and freshman year there were only six phones in our dorm. As we emerge from our COVID induced isolation, I appreciate my network of friends, family, and coworkers who have supported me over the years, and I think a letter is more personal and permanent than email.
Two sites that have influenced me are “Letters of Note” and “Letterheady” (links below, worth a look).
Letterheady
https://www.letterheady.com/about
Letters of Note
https://lettersofnote.com/about/
Today is World Password Day
Tips I’m sharing with family and friends. I use a password manager (LastPass) and MFA for all accounts that have monetary or business value (including Amazon, Google, all accounts that involve money).
Password Recommendations
- The smartest choice for all users is to pick unique passwords for every site.
-
Password managers are ideal for people in the habit of re-using passwords, because:
- You only need remember one (strong) master password to access all of your stored credentials.
- If you don’t trust password managers and have trouble remembering complex passwords, consider relying instead on password length.
-
Focus on picking passphrases instead of passwords.
- Passphrases are collections of multiple (ideally unrelated) words mushed together.
- Add numbers and special characters if required – example: Eat figs daily99!
- Passphrases are not only generally more secure, they have the added benefit of being easier to remember.
-
Enable Multi-factor Authentication (MFA) for all accounts that support it (bank, credit cards, Amazon, Google).
- This approach adds a second step to the sign in process, usually in the form of a confirmation text sent to your phone, a security question, or a token provided by authenticator apps.
- MFA provides another layer of security to your password that doesn’t rely on you to remember anything.
-
Finally, there’s absolutely nothing wrong with writing down your passwords, provided
- You do not store them in a file on your computer or taped to your laptop
AND - Your password notebook is stored somewhere relatively secure – not in a purse or car, but a locked drawer or safe.
- You do not store them in a file on your computer or taped to your laptop
Reference Links
World Password Day 2021: ‘123456’ is still a bad idea
https://www.acronis.com/en-us/blog/posts/world-password-day-2021-123456-still-bad-idea
The Wages of Password Re-use: Your Money or Your Life
https://krebsonsecurity.com/2021/05/the-wages-of-password-re-use-your-money-or-your-life/