Brendan’s Blog

The small physical size and low cost of USB based flash disk drives, or USB Drives, often exposes confidential information due to theft and loss. The growing memory capacity on these drives increases the problem as more data is stored for longer periods of time.

I use my USB Drives frequently, as do many mobile professionals. I categorize my usage into two basic functions:

• Storage – Storing my files for later reference, often with a PC which is not my own.
• Transfer – As a mechanism to copy files from one PC to another.

When evaluating encryption methods I considered how a given encryption product would impact the use of a USB Drive for both functions. For example, since I frequently use my USB Drive with PCs I do not own, I cannot use a product which requires a typical software installation on a PC to use.

I also sometimes lend my USB Drive to others temporarily – typically when transferring files from one PC to another. The encryption product needs to allow a third party to still use my USB Drive without knowing how to use the encryption software.

Another consideration was cost. A low to no-cost solution is usually preferable, not only because it does not require an initial investment, but it also facilitates easy testing and rapid adoption.

I settled on a product called TrueCrypt which, for now, seems like the best tool suited for my use. Its license provides for free use for both non-commercial and commercial purposes. Version 4.2a for Windows is around 1,388KB in total size which includes documentation.

Main Features:

• Creates a virtual encrypted disk within a file and mounts it as a real disk.
• Encrypts an entire hard disk partition or a storage device such as USB flash drive.
• Encryption is automatic, real-time (on-the-fly) and transparent.
• Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
  • Hidden volume (steganography – more information may be found here).
  • No TrueCrypt volume can be identified (volumes cannot be distinguished from random data)
• Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: LRW.
• Further information regarding features of the software may be found in the documentation.

I create an encrypted disk volume within my USB Drive, rather than encrypting the entire device. The encrypted volume is used to store all protected data. When the encryption software is not used, the encrypted volume simply appears as a large file which cannot be accessed. Naturally this file can be deleted, however, the data within the file is protected from unauthorized access.

I leave unencrypted free space on the USB Drive for use when transferring files from one PC to another. This allows the USB Drive to be used for file transfers without using the encryption software at all.

TrueCrypt can certainly be used in many other ways and for many other purposes. I simply find the USB Drive to be an easy use-case.

Everyone has different television viewing habits and preferences. Some don’t have a TV at all and there are times that seems appealing. My viewing habits can be summarized as follows:

• I don’t watch TV every day.
• I only watch TV using a DVR
• I only watch pre-recorded shows (except occasional sports.)
• I usually skip commercials and sometimes even boring content within a program.
• Most of my TV watching is late, when the kids are asleep.

Until recently I had been a DirecTV customer for over ten years. Their service was consistent, reliable, and reasonably priced. That changed when I decided to upgrade our primary TV to an HDTV set.

Several months ago I purchased a 42″ HDTV set from Costco. I chose Costco because they provide a 90 day return policy (in case I was not happy) and an excellent price.

None of my DirecTV receivers supported HDTV content, so I called to inquire about an upgrade. I was quoted an unreasonable (in my mind) cost for a new HDTV DVR box, with two additional unreasonable conditions:

1. I wouldn’t own the box. Even though I would need to pay hundreds of dollars for the new box, I would have to return it with no refund if I decided to leave DirecTV.
2. A 2 year term agreement. Like cellular companies, DirecTV wanted to lock me into their service exclusively for the next two years.

I called ComCast (my local cable provider) and ordered service from them. They promptly installed an HDTV DVR and lots of high-definition content with no one-time charges, and a lower monthly cost than DirecTV. Unfortunately I found ComCast’s TV service to be unreliable. Over the course of two months we logged a half-dozen service calls. Channels would dissapear from my line-up, the On-Demand service would quit working, and the picture quality would sometimes degrade to where it was unwatchable. Many technicians came out, but none could fix the problem which was “upstream”‘ somewhere.

I then checked out DishNetwork. Dish provided a dual-tuner HDTV DVR (ViP 622) for my primary set, and a standard dual-tuner DVR (DVR625) for our second TV. I ordered Dish through a reseller instead of directly ordering it from Dish. The reseller allowed me to specify which DVR boxes I wanted and had a promotion for discounted premium channels.

Installation was $49 (which the reseller offered to waive in exchange for a long-term contract.) Installation required two dishes on my roof. One provides all of the standard definition content, the other provides VOOM HDTV content. The installer did a great job concealing the cables running down my house, and patching the wires into my existing wiring.

A couple months later I am very satisfied with Dish. Like DirecTV their service is consistent, reliable, and reasonably priced. There is lots of HDTV content (currently more than either ComCast or DirecTV offer in my area.) The DVR interface/remote is very easy to use and even includes the 30 second commercial skip feature I had to reprogram every time my old Tivo lost power.

Update: Last weekend a storm damaged something and caused one of our two TVs to stop working.  I called Dish support and did basic troubleshooting over the phone.  It was quickly determined that my “switch” was bad.  A service technician was dispatched and showed up on Tuesday.  They replaced the dish LNB which has the multi-switch integrated.  This fixed the problem.  No charge to me for the visit.  Not bad.

Most financial experts recommend keeping some quantity of cash savings available for emergencies. Up until a few months ago I kept my cash savings in standard Certificates of Deposit with my credit union. CDs provide a modest interest return, but make quick access to the funds painful with early withdrawal fees. I did a little research for a good alternative and found GMAC Bank. Its interest rate returns are better than CDs and there are no “early withdrawal” penalties.

GMAC Bank offers a “Money Market Savings” account which earns a very competitive interest rate, currently 5.30% APY. Deposits are FDIC insured and can be made via mail (postage-paid envelopes are provided at no cost), ACH, or wire transfer.

After opening your account you will receive a small order of checks and a VISA Debit/ATM card. ACH transfers of funds from GMAC to your normal bank account are free and take ~24-48 hours.

There are a few minor catches (of course) but I could easily live with all of them.

• Minimum balance of $500 to avoid monthly charges
• Maximum of 3 check/debit card transactions per month
• Maximum of 6 withdrawals, or transfers to other accounts, per month
• No local bank branches you can go visit

The GMAC Bank web site is simple and secure. From the web site you can do basic account management such as reviewing transactions or initiating a deposit or withdrawal (via ACH.) GMAC Bank will also download transactions to Quicken or MS Money.

You can open an account online or by phone.

• Open an account online
• Open an account by phone: 1-866-2GMBANK (1-866-246-2265)

One of the things that both my wife and I do on the Internet is shop. I tend to buy consumer electronics, she tends to buy clothes for our daughters. We both have found techniques that work for us. I can only speak for me, so if you’re looking for how/where to buy clothes, this article isn’t going to help you much.

1. Look for product reviews. Before a purchase, I use Google to find product reviews of the items I am interested in. A simple search such as “review netgear wpn824” will locate several useful sites.
2. Check the manufacturer’s web site. Frequently it will contain feature overviews, suggested retail pricing, information about a newer models/versions, and perhaps even an electronic copy of the user guide.
3. Compare prices. Once I have selected a specific product to buy, I use two web sites to look for price comparisons. The first is http://shopper.cnet.com/ which specializes in consumer electronics and frequenty includes product ratings and review. The second is http://www.pricegrabber.com which has a wider variety of items, but doesn’t contain product reviews. Both sites allow you to compare total price after shipping by entering your zip code.
4. Purchase with a Credit Card. I make nearly all of my on-line purchases with an American Express charge card. The credit card adds several types of protections such as a purchase protection, return protection, extended warranty, fraud protection, and dispute resolution. While debit cards or PayPal may provide some of these features, I prefer the convenience and features of my American Express card. Your preferences may vary of course, as credit cards are not for everyone.
5. Use Low-Cost Shipping. If you really need a product quickly, you are often best-off buying it at a store. The premium cost of overnight or two-day shipping is rarely worth the cost to me. So what if the new CD/Book/Mouse gets here in 5 days instead of 2. I’ve obviously lived just fine without it so far…. what’s an extra three days?
6. Consider Used. People tend to either love or hate eBay. I have purchased many used items so far, and only gotten ripped off once (on an original XBox.) Usually new products are more expensive (after shipping) on eBay than they are at other places, but used products can be much cheaper. If you are buying CDs, movies, or books consider using Half.com. I have had nothing but great experiences here.
7. Check for rebates and coupons. I have found that the Hot Deals forum at FatWallet.com has great information on some items. I frequently perform a search here for my item before I buy it elsewhere.

There are many options and technologies to consider when planning a wireless network at your home. Products available today are much easier to use, and even less expensive, than in the past. I’ll describe a few factors that I consider to be the most important, and what I happen to use along with them. I will start with an overview of what is needed for a wireless network. A network consists of an Access Point and one or more wireless clients (e.g. Desktop and/or Laptop PC.) In the diagram below, the Access Point is physically connected to a router and modem for Internet connectivity. Frequently router and access point functionality is combined within one device. The modem (cable, DSL, or Satellite) is what connects your network to the rest of the world.

Wireless Compatibility

An international standards organization (IEEE) defines the 802.11 standards that most wireless vendors comply with. You must ensure each of your devices supports the same standards or they will not work together.

The wireless standards most commonly used in the US consumer market are as follows:

The newer protocols offer higher speed and range, but at increased cost. Some products use proprietary enhancements to the standard protocols which are only helpful if all of your equipment is from the same manufacturer. I use a “G” based network, though I may consider upgrading to “N” once I have computers that support it.

Security

Security mechanisms within the wireless network standards are used to both keep data private encryption, and keep unauthorized clients from connecting to your network. Three standards are common, with the newest standard (WPA2) offering the best protection. The WEP standard is very weak, as a malicious user can compromise a network protected only with WEP very quickly.

To provide the greatest protection you should implement the newest standard that all of your devices support. In addition to the access point, all of your wireless clients must support the encryption standard you use. If you have some older devices they may not all support the latest standards.

Home networks generally rely on a pre-shared key (PSK) to control access to an encrypted network. So in addition to specifying the use of WPA or WPA2, you will need to define a “key.” Anyone with this “key” will be able to access your network, and its data. The best keys are long, and not something a neighbor or acquaintance may be able to guess. I recommend one of two options here.

1. A long pass-phrase. A long passphrase is made up of several easy to remember words and/or numbers that would not be easy to guess. For example: “thethreelittlepigsbuilt3houses” Pick something long and unique to you.
2. A long random string. There are several password generation programs and web sites. You can try this one (at GRC) to generate a key such as “7BF9A06F64C3722F70E9173F1CC400C5E2B7″. Since this is more complicated, you will generally save the key electronically, and simply cut/paste it to type it in when needed.

MAC Filtering

Most access points support a feature called MAC filtering. Wireless network interfaces on client PCs are pre-programmed with a unique MAC address. With MAC filtering you tell your access point to ignore traffic from other wireless clients. This may seem like a security setting, but it is possible to bypass this protection by listening for traffic from your home and manually setting another network client to use the same MAC address. MAC filtering isn’t a bad thing, but it should only be used in concert with encryption.

Service Set Identifier (SSID)

When you configure an access point, you are prompted to enter an SSID. The SSID is your “station identifier” or name. This is not a password or a secret. Your access point typically broadcasts this value to advertise the presence of your wireless network. I recommend changing the default value to something else — you can decide if you want a name that lets your neighbors know whose network it is, or if you want to use a word/value that only you find meaningful.

My Network

I use a Linksys WRT54G as my router/firewall. The Linksys firewall is running 3rd party software called DD-WRT to provide enhanced features such as Quality of Service (QOS). I disabled the wireless features of the Linksys, and use a Netgear WPN824 as my wireless access point. I chose the Netgear because the MIMO feature greatly increased the range of my wireless network. Using only the Linksys, the wireless network reliably worked in only two rooms of my house. With the Netgear I can use my network anywhere in my house — I have even used ittwo houses away.