2021 06 16                                                      SECURITY 

OK So far the new computer will have: 

• CPU: AMD Ryzen 9 5950X CPU, 16 cores & 32 threads 
• Motherboard: ASUS ROG Crosshair VIII Dark Hero, PCIe 4.0 and more 
• Windows 10 Pro, full version, USB 

  

But first some words about security: BitLocker is Microsoft's full-disk encryption facility, and it works. The computer must be and will be BitLocker compatible. It turns out that BitLocker has almost no impact on performance, even gaming performance, so that's not a downside. I think that the the mobo (motherboard) should probably have a header for a TPM (Trusted Platform Module), and the "Dark Hero" does. I'm not certain about actually using a TPM though, because I think that the CPU or the firmware may also provide the necessary BitLocker functions. If so, the separate TPM module would not be necessary. In fact, last I looked, new ones with the right updates were kind of hard to find. On a previous computer I enabled BitLocker with a tiny USB flash drive and no TPM. Important point: Even if the mobo is compatible and everything is in place, BitLocker doesn't have to be enabled. 

 

If you're not a BitLocker (or Microsoft) fan, or you don't have the Professional version of Windows, an excellent alternative is VeraCrypt, an open-source and thoroughly-audited facility which has both a full-disk encryption mode and a file-encryption mode. In fact, the best security may be found with a combination, where BitLocker is used to encrypt the whole disk, and the most precious individual files are further encrypted with VeraCrypt. Examples: A lawyer's client files, an engineering company's proprietary designs, the computer owner's social security numbers, bank accounts, and website logon passwords. I do use both BitLocker and VeraCrypt, plus several more. 

 

Please do not use the same password for BitLocker and VeraCrypt, or for anything else. That would entirely defeat the additional security. That's what a password vault is for, and there are some very good free ones.

 

In addition to BitLocker and VeraCrypt, there are other very useful encryption facilities. For example, I use Macrium Reflect to back up entire disk drives, and those output files can be encrypted. I'm sure that some of the competitive backup facilities can do the same. There is also a free and widely-used zipping app called 7Zip which is better than the Windows zipper in several ways, especially because its zipped output files can be encrypted. Here is a partial list of a few handy encrypting apps:

• BitLocker (requires Windows 10 Pro) 
• VeraCrypt (replaces TrueCrypt) 
• 7Zip 
• Macrium Reflect (or competitors) 
• KeePass (password vault, or competitors) 
• EFS (Windows "encrypting file system") 
• Lots more ... 

Macrium Reflect

Please PLEASE do not lose your BitLocker keys! Or your VeraCrypt passwords or PIMs, or any other encryption keys. There is likely no recovery except for your backups, and only then if the backups are UNencrypted or you know THEIR keys. Losing the keys is the same as a disk crash. Obviously, it's not a clever plan to keep the only copy of your encryption keys WITHIN the encrypted files. Please please write the keys on paper, or in a file within an UNencrypted DVD or flash drive, and keep that in a safe place, like a bank safe deposit box or your best friend's top dresser drawer, several miles away. Note: If you have more than one disk, you will have more than one key. You must save all of them. 

No matter what you think, the keys are not safe in the residence (or office) where the computer is located. Period.

 

Here is an only-slightly tongue-in-cheek list of risks to keeping the keys in the residence: Theft, computer virus, ransomware, fire, flood, lightning, hurricane, tornado, sinkhole, earthquake, termites, C-drive failure, other drive failure, smoked motherboard, smoked CPU, BitLocker failure, other encryption failure, Covid-19, another pandemic, asteroid impact, ultra-Plinean volcanic eruption, lunar cataclysm, black hole consuming the earth, gamma-ray burst, nuclear explosions, coronal mass ejection, sun going nova, or bad luck. 

 

The point is: Some of these could actually happen, and some WILL happen to some people who don't have their keys. Please don't be one of those. My residence is not safe, and neither is yours.

 

There is no rule against keeping the keys in multiple places. It's a really good idea. 

Backup is even (far) more important than encryption, and we have said little about it here. There is much more to be said about security, but saved for another time. 

The next post will get back to building a computer.

2021 06 13

What computer shall I build this time? I'm a retired guy with an appreciation for excellence and (maybe) enough budget to do excellence. My computer experience started in 1962 with the University's Control Data 1604 using a magnetic tape operating system. Indeed, even though that computer cost a million dollars, disk was still a dream. My how times have changed.

I'm going to make (another) very hot, dual-purpose, world-class (if consumer-grade) Windows 10 desktop computer.

New Computer with RGB (LED) Fans
Photo by Don

Last February, 2021, I fired up a really nice new homebuilt desktop computer with an AMD Ryzen 9 3950X CPU, the gamey little brother of the Ryzen 9 5950X CPU, which is is arguably the hottest silicon on today's market. Both CPUs sport 16 cores and 32 threads with speeds that make them appropriate for BOTH gaming and content creation. At the time, I bought the 3950X instead of the 5950X to avoid scalper's prices and sellers with odious reputations. That computer is working very well, thank you, but perhaps I'll upgrade to the 5950X soon anyway. The ASUS mobo and everything else will support the big brother.

Now I want to build another new computer just because it's fun to build hot computers. I don't really have any use for it yet - perhaps I'll sell it, or use it and sell the first one. Cost is an issue, but performance is a bigger one. Here are some features that are already pretty much decided:

Photo by Don

Processor: AMD Ryzen 9 5950X. I'll get one somewhere, maybe two. Prices are coming down and the sellers are looking more reliable. In fact, BREAKING NEWS, last week (June 5, 2021) Amazon was selling these from their own warehouse to prime members, with 3-week delivery, at the AMD list price of $799. Today they aren't, though. Sigh. Guess I should have snagged one when I could have. Yep. 

More BREAKING NEWS - I just ordered one from Amazon Prime with delivery in July. $799.00 Sold by Amazon, shipped by Amazon. And just now I hear that delivery will be in June after all. I like Amazon.

ASUS ROG Crosshair VIII Dark Hero,
 Image borrowed from Amazon

Motherboard: ASUS ROG, X570, exact model to be determined. TUF? STRIX? Crosshair? What kind of a name is "Crosshair" anyway? (oh, it's a rifle sight). Or "Strix" for that matter (a mythical bird of ill omen). I choose ASUS only because I have some experience with ASUS. Most of that experience is good, though not all. Is there a better mobo? Comments invited. Maybe this isn't so very decided after all. Having done some searching, I'd probably choose the same board that I bought before, the ASUS ROG Crosshair VIII Hero, though I was advised online not to waste my money on "that brick." 

Looking further, however, I'm now attracted to the newer ASUS ROG Crosshair VIII "Dark Hero" mobo. It's more expensive yet, but has every feature of the plain ordinary brick plus Wi-Fi, and seems somehow simpler and more straightforward. In particular, it doesn't seem to need its own fan to cool the X570 chips. It's just cool all by itself. $433.89. BLT (ShopBit.com).

More coming soon ...

Which Flash Drives Are Best for Backup?

The most appropriate form of backup depends on the type of threat to the files. For example, a permanently-connected hard disk backup drive will protect against failure of the primary disk drive, but not necessarily against fire, flood, theft, viral infection, ransomware, you get the idea.

Online backup protects against most of those but it can be painfully slow and, in my own experience, may fail when recovery is required.

I do create monthly backups on archive-quality Blu-ray M-Discs, and keep those in safe places, but would like something more frequent and current.

How about a nightly flash-drive backup that I can carry with me if I like? Below are tests of some drives. All prices are Amazon Prime:

Corsair Voyager Vega (CMFVV3-128GB) USB 3.0 128GB Ultra Compact Low Profile Flash drive $53.99

Of the drives that I tested this is easily the best, though also the most expensive. I like the very small size, making it perfect for a complete backup that can be carried inconspicuously in a pocket, a wallet or purse, briefcase, shoe, wherever. A bright little blue activity light flashes during data transfer. The drive seems to get a little warm during transfer, but not hot.

Using a USB 3.0 port, the flash drive writes data at about 432 megabits per second (Mbps), which is about 9% of the 5,000 Mbps USB 3.0 standard.  My recent backups are 25 zipped files running about 77 GiB (82.6 GB) total, and the transfer is completed in about 25 minutes.

Using a USB 2.0 port with the same drive, the write speed is about 205 Mbps and the whole task takes about 54 minutes, more than twice as long as when writing from a USB 3.0 port. Maximum theoretical data transfer speed for USB 2.0 is 480 Mbps, so the flash drive is actually writing at 43% of theoretical. Not bad, but I'll stick with USB 3.0.

Lexar JumpDrive S75 (LJDS75-128ABNL) USB 3.0 128GB $33.29

Second in price, second in performance.  This flash drive has the same 128GB nominal capacity as the Corsair, but is physically much larger (see image), the largest I'm testing, and far from wallet size. Using USB 3.0 it writes at about 293 Mbps and finishes the 77 GiB job in about 37 minutes. It doesn't seem to get warm. It does have an activity light. If size is not an issue, it's a less-expensive alternative to the Corsair and about 2/3 as fast.

Patriot Tab Series Micro-Sized (PSF64GTAB3USB) USB 3.0 Flash Drive, $17.99 for 64GB, no 128GB version currently available.

Though it hardly seems possible, this drive is even smaller than the Corsair. It doesn't get hot. It has no activity light. The 64GB version can't take my entire backup, but a transfer of about 40GB yielded a write speed of about 169 Mbps, or 21 MB/s.

Sandisk Ultra Flair USB 3.0 32GB (SDCZ73-032G-G46) Flash Drive High Performance, $29.99 for 128GB.

This drive is a big disappointment. I previously held Sandisk in high esteem, based on prior experience, but this drive is WAY over-hyped. A lot of ballyhoo about high-speed USB 3.0 performance (even in the name), but it heats up and actual performance falls off dramatically after a minute or two. A 24 GiB transfer achieved a rate of about 166 Mbps, finishing in a little over 20 minutes. Lots of marketing, not so much product. It might be OK for some applications, but not for this backup. By comparison, the Corsair finished the same 24 GiB task in less than 8 minutes.

It gets hot to the touch when writing, and warm even when idle. No activity light. Note: Testing was done on 32GB models, not the 128GB model. I believed the hype and bought several, but they perform badly and I won't be buying anything more from Sandisk. Ever.

Testing platform:

The computer used for these tests is a two-year-old ASUS H170-Pro motherboard with an Intel i7 6700 3.4 GHz Quad-core CPU and H170 chipset running Windows 10. Five USB 3.0 ports and two USB 2.0 ports are available at the front of the system. The C: drive is an SSD, but only 4GB of the backup data comes from C:, the rest coming from Seagate SSHD hard drives on SATA 6.0 Gb/s ports.

More about the backup:

All of the tested flash drives are bootable on this system (and several other systems). In particular, they are intended to be used as Macrium Reflect Rescue media, with backup files then written and rewritten to them as desired.

All are USB 3.0. In my opinion, USB 3.1 is an unnecessary enhancement in a backup application unless the destination drive is actually able to write at speeds of at least 1 or 2 Gb/s, and no flash drives are that fast yet. Be wary of the 3.1 hype.

Read speed was not measured on any of the drives. They are backups, and if all goes well I will never have to read from them except very occasionally to verify that they are written correctly.

Prices are what I actually paid, and may change at any moment, most likely down.  This technology is moving fast, and no doubt new devices will soon make these obsolete.

CyberPower CP1500AVRLCD UPS Review

Love the Hardware.  After four days (!), the UPS works exactly as hoped, or even better.

The software, not so much.

Hardware:

We have one nice, new home-built desktop computer and several laptops, all on a network.  The UPS serves three purposes, in order of importance:

• Avoid harm from bouncing, flickering, up/down/up power failures like those we experienced several times last Monday.  Those erratic fluctuations put sensitive computers, disk drives, and disk data at serious risk.  I've had an older computer fail because of a simple down/up power outage.  Was it the power supply, the mother board, CPU chip, what?  Spare me!  Last Monday's repeated power failures resulted in an effort by Windows 10 to "repair" the SSD on this new desktop during one of the several reboots.  Was the repair successful?  I may never know, but was inspired to buy a UPS.
• Keep the network running, including the internet (DSL modem).  The laptops mostly laugh at power problems anyway, being battery-powered already, so all they need is the Wi-Fi network to continue unaffected for a while.
• Allow work on the desktop to continue undisturbed through short power outages.  That's why I bought a 900-watt UPS for a 110-watt load.  For any given load, a higher-rated UPS is likely to have bigger batteries, which will last longer when the power goes off.

Connected to the UPS are: (1) Computer; (2) Monitor; (3) DSL modem/router and WAP; (4) Network switch; (5) 3TB network drive; and (5) Speakers. According to the UPS display this array pulls 117 watts when the computer isn't very busy.  The sealed lead acid batteries in the CyberPower CP1500AVRLCD are rated at 9 ampere hours and 24 volts, for a nominal 216 watt-hours.  Thus my computer and the rest of the load might theoretically run for a maximum of 216/117 = 1.8 hours, or 108 minutes.

In practice the computer can pull much more, going up to 220 watts when the CPU gets really busy.  Moreover, there are inefficiencies in the UPS, and of course the UPS won't allow the battery to run all the way down, so I'd be content to get half of the 108 minutes.  Almost an hour, that's enough.  We live in a suburban city, and rarely experience outages longer than an hour anyway.  Indeed, when I unplugged the UPS from the wall, everything ran normally for 68 minutes, more than expected, even though I was actively using the computer throughout that time.

So the UPS works surprisingly well and I'm happy with the hardware.

Software:

The software is called Power Panel Personal Edition:

Nothing comes with the unit - no DVD or thumb drive in the box.  You have to find the software on the CyberPower web site, then download it.  Here is the link for the  CP1500AVRLCD Model.  Click on the Downloads tab.  The unit does come with a USB cable, providing the data connection between the computer and the UPS.  And see update below - that cable may be all that you need.

The Power Panel Personal Edition looks nice, with displays of power source, battery capacity, and estimated run time.  However, going into the Configure options and exploring a bit more, it turns out that the software INSISTS on automatically shutting down the computer AND the power to all device at some point.  Yes, the software will turn the UPS completely off!  You can choose whether this is a few minutes after the AC utility power failure, or a few minutes before the batteries will fail altogether, but those are the only two choices and it's going to happen.  When it does, everything goes down, including the network, in my case.

This is exactly the opposite of what I want in a UPS.  Power should stay UP as long as possible.  The software offers a brief (10 second?) popup window allowing the shutdown to be aborted, but you'd better not miss it!  I especially want this to work when I am not around.

When we have an AC utility power failure here, we really don't know when it will be back.  How about an option to shut down the computer, but not the UPS, when half of the power is gone?  Or a third, or two thirds?  This would allow the network to keep running, and for much longer than it would run with the computer and monitor drawing power.

Further, there is risk of data loss.  Much of the time I have applications open (e.g. VeraCrypt volumes, the Mail app) that shouldn't be open when the computer shuts down - they should be closed first, or data integrity is imperiled.  What is really needed is a way for the computer to interact with the UPS - to know whether power is coming from the line or from the battery, for example.  Perhaps a command-line script that could be launched when the UPS switches to battery power.  Power Panel Personal Edition provides no such hooks.

There is another version of the software, Power Panel Business Edition, which appears to be free, and which may have more functionality.  Perhaps someday I'll look into that.  In the meantime I will uninstall Power Panel Personal Edition.  The UPS itself has a very nice front panel which tells me what I need to know.

I've also developed a command-line script that detects whether the scanner and laser printer are both off line, indicating that AC utility power has been lost.  If so, the script waits for a programmable number of minutes (now 15) and then offers the user (me) an optional graceful shutdown.  It shuts down the computer (but not the UPS) if the answer is Yes or if the prompt times out after 5 more minutes.

Update 2016 February 27:

Since installation and uninstallation of CyberPower's Power Panel Personal Edition software, the standard Windows laptop battery-level indicator icon appears in the taskbar of the desktop computer if the USB cable is connected from UPS to computer.  Further, when the AC utility power fails and the UPS switches to battery, the computer recognizes that, displays the "percent full" battery status, and employs the special power options for turning off the monitor and/or shutting down when on battery, just as if the computer were a laptop.

I don't know if the battery-level icon showed up before the Power Panel software was installed - I didn't notice it.  It probably showed up as soon as the USB cable was connected and the CyberPower driver downloaded.  In any case the normal Windows power options, now present with the Power Panel software gone, are preferable to those offered by the Power Panel software.

My system still wants advance warning of a pending shutdown though, so that the shutdown can be done gracefully.  Therefore the command-line script mentioned above is still in place.  I've tested the software by unplugging the UPS, so now I'm almost (not quite) hoping for a real power failure.