Thursday, December 31, 2020

Things I wish I had known about pfsense before buying my box

1.  pfSense does not generally support more than one network connection per LAN.

That is:

Most off-the-shelf routers have one WAN port (for internet) and multiple LAN ports (for your stuff).  You can plug any/all stuff into any/all LAN port(s) and it just works.

pfSense is not like this.  It expects to have one WAN port and one LAN port.  That's all.  

If you want more, you're supposed to use a network switch.  This may seem counterintuitive, but switches do everything in hardware and are actually faster. 

This means there is really little need to buy a pfSense box or NIC with more than two Ethernet ports (at extra cost).  It won't use the extra ports by default; they are NOT plug-and-play.  In fact, they won't even work until you set them up!

I wish I'd realized this, as I purchased a pfSense box with six ports, which cost more.  I didn't realize the extra ports weren't intended to be plug-and-play for one LAN.

It also means that if you need more than 1 LAN port, you really should invest in a switch as well.  This obviously costs in addition to whatever hardware you are purchasing to run pfSense itself.


However:

A.  If you have already invested in a multi-plug box and want to use the extra ports, you can use the extra ports via bridging.  

pfSense gurus hate this, but it's useful for lots of things - especially if you have good pfSense hardware that can handle the extra load without a big speed penalty.  See here and here.

 

B.  If you have a managed switch that supports Link Aggregation (LAG or LAGG), you can gang multiple ports on your pfSense box to multiple ports to your switch.  

It probably won't speed anything up, but why not?  Can't hurt!  See here.

 

C.  If you can wrangle multiple subnets, you can assign the extra Ethernet ports to their own subnets.  

(If you don't know what that means, don't try.)


Now, a lot of the Qotom boxes (and similar) come with four NIC ports by default, and that's fine.  Same for a lot of popular NIC cards.  Just don't expect the extra ports to be immediately usable like on a Linksys or Netgear.


Sunday, December 6, 2020

How to set up a better separate parental control network for your kids using the Synology RT1900ac router

Again, this is to set up a private, separate, controllable network to implement parental control for the kids, without affecting the main network.

First, don't do what I did here and use a Netgear with Circle built in.  The Synology is SO much better.

Very briefly: set the Synology in bridge mode, then set up Safe Access for parental control.

Basically:

1.  Get an RT1900AC or other Synology router.

2.  Boot it up, go to router.synology.com.

3.  Set it to Access Point mode.

4.  Give it a unique SSID.

5.  If you want, set it to a static IP address.

6.  Let it start up.  If you haven't already, plug it into your "first" router.

7.  Go to router.synology.com or the static ip:8000 to get to the web interface.

8.  Go to "Safe Access" and set up the profiles/settings you want.

9.  If you want, download the app "DS Router" for mobile management.

OK, I probably got the order wrong.  You get the idea.

Compared to using the Netgear, it's soooooo easy.  Everything works: logging, history, filtering, off times, bedtimes, the mobile app, everything.

And there's no subscription fees.  Unlike Circle.  It just works.

Surprisingly, the router started blocking illicit requests from my son's tablet.  It seems there is some hidden process that is trying to ping X-rated websites.  It wasn't him and I can't find any bad apps with Bitdefender, so it's either a bug in Synology (which I doubt) or some really sneaky nasty.  Circle never caught it.

Notes:

-  Leaving tabs open on a PC will cause the PC to drain their time quota,  even if they're not actually using the PC.  The same doesn't happen for tablets or Chromebooks as they're battery-operated and a lot more frugal with their Wi-Fi usage.

-  Pausing the Internet will also cut off all access to everything upstream of the Synology access point, including any NAS devices.  So: no access to stored music, video, or files.  This could be a pro or a con, depending on your needs.

-  The Synology app supports pause, editing of filter level and time-based access, and rewards.  Pretty much just like Circle.

Regrettably, the Synology doesn't support renaming devices, and doesn't allow you to discover the MAC access of some devices directly, which makes setup harder than it needs to be.  These are the only areas where Circle has an edge, but it's not nearly enough to make Circle better.

You could also (obviously) use the Synology as your main router, in which case kids will have LAN/NAS access without having internet access.  

I didn't do this because I have a bunch of port forwarding already set up in my main router, had limited time, and plan to swap my main box for pfsense later.  Keeping the Synology as a parental support bridge made more sense.

But the RT1900ac looks like a very capable router - easily as good as the R7000 Nighthawk I already have.  I wouldn't be scared to swap the Synology in as my primary router.  

It even supports OpenVPN to allow PIA, NordVPN, ExpressVPN or whatever other service you prefer.  Parental controls AND OpenVPN client in a single box!

Ironically, the person who sold me the Synology has also had problems with Circle Gen 1.  So I'm not the only one.

Obviously I highly recommend the Synology routers over the Circle.

Monday, November 30, 2020

My first week with Circle (1st Gen) on Netgear

 So Circle sent me a cheery email about my "first week with Circle!".  

However, it feels like a lot longer than a week, and I haven't exactly felt cheerful.

Yes, OK, my setup is unconventional.  It's likely the source of many of my issues. 

But, in the last week:

•  I've found that Circle is not logging Usage or History, and does not enforce time limits.

•  Circle is not filtering correctly. 

•  It is unclear if it is enforcing SafeSearch.  It seems to be, but it's hard to tell.

•  Rewards are limited to the current day.  You can set "Extend/No Time Limit", "Late/No Bedtime", or "No Offtimes".  You cannot set an increased amount of time for future days.

•  Circle notifies you of new devices appearing on the network, but tapping the notification just makes the Circle app hang.  This is obviously different behavior from every other app out there.

•  The Circle 1st Gen app has forgotten my premium subscription twice, forcing me to unsubscribe, uninstall the app, reinstall, and resubscribe.  Twice.

[Update]:  OK, three times.  So far.

•  The first time, Circle forgot ALL of my setup, and I had to re-enter every single device, profile and setting.  It seems backup is not automatic; rather, you have to manually back up the 1st Gen app.  I didn't realize this since Circle touts their cloud-based accounts as crash-proof and the backup option is buried at the bottom of the "Manage" menu.

•  Backups appear to be local to the mobile device running the Circle app.

•  The second time 'round, the app asked me for a passcode, but couldn't send it to me, making it useless.  I had to change DNS settings in my primary router to get it to work.

•  When I did get the passcode, it wouldn't validate.

•  For some dumb reason, the passcode is not available in the router UI, nor can it be sent via email.  And it seems to change, meaning you can't just write it down for future reference.

•  After reconfiguration, everything connected except for Chromebooks.  Rebooting and changing DNS on the Chromebooks didn't help.  It took a reboot of the Circle router itself to fix the Chromebooks, which was not obvious.

•  Circle no longer supports the Circle Go app for 1st Gen, meaning there is no parental control off of the local Circle Wi-Fi.

From this, about the only thing that works properly are time-based schedules (Bedtime, Off Time, and Rewards thereto), and Pause.  Everything else seems broken.

Again, my setup is weird, and probably unsupported, and I freely admit that many of my troubles are caused by this.  But even when it's working, the limited Rewards, broken core functionality, and constant forgetting of premium features has driven me nearly to the breaking point.

I may bite the bullet and get a Circle Home Plus (2nd Gen) device, and use it as intended - that is, directly attached to my primary router.  But after perusing the Netgear support forums, I'm not hopeful that it will actually do what it's supposed to do.  

Plus, I'm anticipating my router to be smart enough to prevent the ARP poisoning used by Circle.  And I'm quite frankly sick of troubleshooting this thing.


Monday, November 23, 2020

How to set up a separate network for your kids that uses the Circle by Disney or Circle Home Plus

Update: Several of the features of Circle, such as filtering, usage tracking and time limits are not working.  As many others have reported similar issues, I don't know if this is a result of me setting it up as a second router or not. 

Update:  Circle has now "forgotten" my premium subscription three times.  Again, I don't know if this is related to my setup or not.

Update: Router was not picking up time server. Steps below have been updated.

Given these issues, I don't recommend trying the setup below unless you are willing to take a lot of time to troubleshoot it.


I bought a used router that - unexpectedly - had the Circle parental control functions built-in.  I wanted Circle anyway, so it was a bit of luck.  But it wasn't exactly obvious how to set it up.

 

Problem:  You want to set up a Circle network without having all your devices on it.  Or: you want a separate network for your kids, managed by Circle.

Reason: 

•  You're worried about the Circle slowing down your network.  

•  The Circle is easier to set up with only a few devices connected to it.

•  You just don't like the idea of ARP spoofing your entire network. 

•  You have extra hardware lying around, may as well use it.

•  You want a hardware off button for your kids internet access.

•  It just seems easier.


Easy options:

1.  Router with Circle (Gen 1) built-in.

Pros:  Cheap, easy setup, only one additional device.

Cons:  Off-network / location app discontinued, so no management off-network and no location function; at-home management only.  Gen 1 may not be supported for too much longer (although Netgear seems to think it will stick around).

2.  Second router with stand-alone Circle device.

Pros:  Supports Circle Home Plus (Gen 2), meaning newer features (off-network / roaming device control, location) work. 

Cons:  You need to buy a stand-alone Circle device, at additional cost.  Using two routers in sequence is very much not recommended, meaning you will not find any support.

 

Note that (1), above, seemed an easy and obvious solution at the time, but it's not.  It is actually really hard to get a second router to play nice with the first router.

For these reasons, I actually recommend you go with either (2), above, or a "standard" single router with an attached Circle Home Plus, rather than trying to set up a second router for Circle functions.

However, this might be useful for someone wanting to try out Circle, or for those that want Circle separate from their "regular" network.


Circle-Enabled Router

The below is only a summary, and assumes you know how to access/configure a router.   

Unfortunately, you do need to leave the Circle router in "router mode".  Setting it to be an access point, bridge or repeater will disable the parental controls, making it a pointless exercise.  

This leaves us with cascading two routers, which is (again) not recommended.

 

Steps:

a.  Go buy a second-hand Netgear router with Circle (1st Gen) built in.  (An R7000 / AC1900 should cost around $40.)

b.   IP address:  this is a tough one.

All internet advice says to set it to a unique static IP address on the same network (i.e. 192.168.1.2).  However, there have been reports that Netgear routers not accept an address intended for internal LAN (such as 192.168.x.x, 10.0.x.x, and 169.254.x.x) as a static WAN address, so this may not work.

From this, if in doubt, use a dynamic IP for the second router.  The Circle router should accept whatever address is handed out via DHCP.

If you try a static IP and it doesn't work, reset the router by holding the reset button for 7 seconds, then start over.

c.  DHCP: also a tough one.

All internet advice says to turn off DHCP on your second router.  But this doesn't seem to work in this scenario.  So you may need to leave DHCP on.

d.  Assign the Wi-Fi network(s) unique SSIDs.

e.  Plug the WAN port of the Circle router into a LAN port on the old router.

f.  Access the new router from a mobile device:

  •  Connect the mobile to the Wi-Fi SSID of the new router

  •  Access it using http://www.routerlogin.net

ff.  Go to Administration/ NTP Settings and set a time server. Don't use Netgear default.  Use an IP address (i.e. 216.239.35.0) and not a domain name (such as time.google.com).  

fff. VERIFY TIME SETTINGS WORK SURVIVES AFTER REBOOT.  If it doesn't, your premium features will repeatedly disappear.

g.  Enable "Parental Controls".  (The top one, not the bottom one.)

h.  Hit "Apply".

i.  Hit the link for app download / account setup.  (Note: this will NOT work from a PC, hence the need to do steps (e) onward from a mobile.)

j.  Install the Circle (Gen 1 / First Gen) app.

k.  Run the app, sign up.  

l.  Sign up for the free plan.

m.  Connect a device to the new router wifi and make sure it all works.

The above worked for me on a Nighthawk R7000 with Circle built-in.  

 

Notes:

•  I did have problems accessing the router consistently.  Changing the IP address made it inaccessible a couple of times.

•  My router appears to be weird, in that I (usually ) can't log in to the router via the direct IP address (i.e. 192.168.1.2).  Instead, I have to connect to the router Wi-Fi, then go to http://www.routerlogin.net.

•   Part of the access problem is that when you plug the Circle router into your old router, you are using the WAN port.  

This means access requests come from the WAN side. not the LAN side.  This falls under "Remote Management" (i.e. access by the outside world), which is disabled by default.

To enable, go to Advanced / Advanced Setup / Web Services Management.  The correct access URL will be 192.168.1.xxx:8443, or something like that.  The correct port will be shown on the router page.

•  If you leave DHCP on, the router should start issuing new IP addresses for a different network (i.e. 10.0.0.x).  

This seems to work fine, but will mean devices in the original network space (i.e. 192.168.x.x) will no longer be visible >by name< to the Circle-managed devices.  They should still be accessible by IP address.

•  You can also (obviously) turn off the built-in Circle (Gen 1) hardware and plug in a Circle Home Plus (Gen 2) device any time you want to. So there is an upgrade path.


The below steps I've not personally tried, but hopefully they will work. You may need to adopt steps above as well.

 

Circle by Disney or Circle Home Plus (stand-alone devices)

a.  Buy or use any compatible router (list is here), provided it has an access point (AP) mode built-in.

b.  Set up the router as a wireless access point (WAP), with a unique SSID.  (Do not use the existing SSID from your existing router!)

c.  Optionally, configure the router with a unique IP address (i.e. 192.168.1.2).

d.  Plug the WAN port of the new router into a LAN port of your existing router.  Make sure it works.

e.  Set up the Circle Home Plus per the manufacturer's instructions.  Associate it with the new SSID from the new router.

This setup should set up the Circle to manage only devices connected to the SSID of the second router.



Sunday, November 15, 2020

My experience with ExpressVPN

 TL;DR:  It's not good.

Fed up with PIA, I decided to try another VPN.  I thought it might be easiest.

I wanted Hotspot Shield, but the fact that they log personally identifiable information, don't support pfsense and have no live support were deal-breakers.  I wanted it set up immediately.

 

I decided to bite the bullet and go with ExpressVPN.  

More expensive, but most said they were next fastest, they had 24/7 support and supported DD-WRT (for now) and pfsense (for future).

 

I ponied up and got a login.  I had to run their app momentarily to find the fastest server, then I set it all up.

Any it worked!  All my smart devices reconnected, all my strange connectivity issues went away. 

 

However, I couldn't find the nameservers for secure DNS protection.  I asked their chat, and they didn't know what I meant.

Turns out, ExpressVPN doesn't support this.  They do allow manual configuration (on DD-WRT or whatever), but they don't provide IP addresses for their secure nameservers.

They asked me if I wanted to use the app instead, I said no.  (Because I'm not setting up the app on every device owned by my kids, wife, etc., that's why.)

Reflashing the router is also an option.  No thanks.

We mucked about for a while.  They really didn't know what to do.

 

After some messing around, their suggestion was to set my router DNS to use 0.0.0.0 for all the DNS servers.  

This appeared to work, and I had connectivity - but left my router admin panel unavailable!  I couldn't see, change, or access anything, which was extremely frustrating.  Almost everything broke, and I couldn't fix it, and it was BAD.

I still don't know why, and never will.  But fifteen tense minutes, one hard reset, and a (painless) restore later, it was fixed.

Fortunately, I had a recent router backup, so I was able to restore the router settings.  But I was extremely unhappy for those 15 minutes, and it was almost sheer luck that I had a recent router backup to use.

 

Now, DNS leaks alone were not necessarily enough to make me quit ExpressVPN after only an hour.  And ExpressVPN did fix all of the connectivity problems I was having with PIA.

But:

-  Torrents were 25% slower than PIA.  Definitely not a boost.  This was the opposite of what I expected.  

-  Not understanding or supporting DD-WRT?

-  Not even knowing what pfsense was?

-  And borking my router?  

Come on. 

 So:

  • Incomplete / inadequate support for DD-WRT / pfsense
  • Seemingly slow torrent speeds  (for me)
  • Not-so-knowledgeable tech support that (somehow) managed to bork my router
  • High cost

Not impressed. 

Maybe if I get brave enough (and time enough) I'll try out NordVPN.  Faster downloads are a perk I'm willing to give up at this point.

Saturday, November 14, 2020

PIA did it again - Oddball problems with VPN

 

As of Nov 14, it appears PIA has stopped working again:

  • Play Store not working (on some devices, OK on others)
  • YouTube not working (on some devices, OK on others)
  • Can't connect to BBC.com, CNN.com, but can connect to most other sites fine
  • Smart home devices offline (ecobee, Honeywell, etc) 
  • Honeywell Home: Endless loading

Of course, nothing changed on my end, and everything works just fine outside of PIA.  Mobiles also work outside of router-based PIA with the PIA app.

See here for the original saga.  Seems they can't keep their network stable for more than 3 months at a time now.  Awesome stuff, those Next-Gen servers - a real improvement!

Strangely, the new problems are not as widespread or consistent as before.  One device has no YouTube, but others do.  One device can't access CNN or BBC, but others do.  A third device has no Play Store, but others do.

One constant is the smart home devices.  As before, they are connected, but cannot reach their home servers.  The ecobee is the most obvious example, as it can even ping ecobee.com but cannot connect.

Changing from AES-256-CBC to AES-128-CBC helped some devices with some problems, but other problems persist.  They're extremely annoying at best and extremely frustrating at worst.

PIA did try and claim blacklisting, but the affected devices work fine on the PIA app.  It's only router-based setup that has issues.

[Edit]:  OK, to be fair, I am using an ancient version of DD-WRT.  My router is business-critical so I don't screw with it.  Possibly I can pick up an open-box special and try flashing the latest, and/or switch to pfsense once my new box arrives.

[Update]:  I tried ExpressVPN, and it worked fine.  I had some issues and didn't stick with them, but there were no problems with connectivity per se

[Update]:  I was able to get a second router and re-flash it to the latest DD-WRT.  After this, PIA appears to be functional again, but I have not had time to test it on all devices.  So far, one Windows PC and my ecobee thermostat are happy on the VPN; the rest have yet to be tested.

Thursday, September 3, 2020

The rampant success of #SupportBlackBusiness

To "The unintended consequences of #SupportBlackBusiness" -  Vox, Sept 3, 2020


"Brittney Winbush, founder of the wellness company Alexandra Winbush, had her first $10,000 sales day in June. Rather than purely elated, though, she was anxious. “Will this last?” she wondered."

Every small business owner wonders this.


"afraid to make long-term business decisions based on good faith, as history has shown these moments of reckoning rarely linger."

Long-term decisions are always a risk, especially for small businesses.  This is not at all unique to this moment.


"A reported 41 percent of Black businesses had been shut down in April due to Covid-19."

As Tim would say: compared to what?

Per Forbes, 73,000 businesses have closed due to the pandemic.  The Washington Post says 100,000, and CNBC says up to 7.5 million are at risk.  

So: How does the 41% of Black-owned businesses compare to the overall percentage of businesses closed due to COVID?

Or:  What's the overall percentage of Black-owned businesses overall?  (I wonder if it's around 40% of all businesses.)

Sure, 41% sounds scary.  But scary numbers without any context are meaningless.

(Also, isn't it a truism that two-thirds of all small businesses fail within a few years?  Just sayin'.)


"Black businesses had been denied loans and other buffers the government had put in place while big, mainstream businesses were offered millions."

It is entirely possible this is true, but this isn't evidence.  It's just stated that this is, full stop.

And why, exactly?  Is it because they're Black-owned?  Or are there other reasons?

It also seems almost equally certain that White-, Asian- and publicly-owned businesses have also been denied loans as well.  How many, we don't know.  Maybe the same?  More?  Less?
 

"The challenges that Black businesses face are more fundamental than cashflow.”

OK, possibly true.  But again, hardly unique to Black-owned businesses, and no evidence to back it up..


"The reality, too, is that many small Black businesses, due to their size, aren’t equipped to handle such surges."

This is true for any business around and about that size.  White, Black, Latino-owned - that makes absolutely no difference whatsoever.

This reminds me of the UPS commercial about the new company that gets too many orders.  Hardly ANY business can even so much as double in capability overnight, much less a 5x to 10x increase.  Again, NOT unique to Black businesses in any sense whatsoever.


"Although such deluges can result in capital and growth, until customers adjust expectations and push for structural reform that enables Black businesses to grow, these calls will always feel inadequate."

Dramatically increased sales IS growth.


“$10,000 is so little to some in the entrepreneurial world, but this money was giving me the capital cushion to hire someone, restock, and just grow,” she says. For Winbush, this was a testament to the disparities that Black entrepreneurs, especially Black women entrepreneurs, often face."

Potentially true.  I would like to think that banks will go where the money is, but according to her, that isn't happening.  I can't say it isn't or it is, and the article again does nothing to inform.  It just says it's true, doesn't even bother to cite a specific example.

If this were true, would it be so difficult to do an article about how Black-owned businesses are being unfairly denied the financial tools they need due to rampant discrimination by angel investors and/or banks?  If it's as widespread as all that, should be pretty easy to do.


"She worried about whether this interest would convert to consistent sales; she noticed that a majority of the people who were creating these lists weren’t even making purchases themselves."

Oh Lord, so what?  Free advertising!

No, seriously.  If you put an ad on the bulletin board at the local sewing club, and heard people talking about it at the coffee shop, you'd be happy, even if most of those people didn't themselves buy.  Buyers are undoubtedly best, but getting the word around is essential to finding those buyers.


“People are posting these Black-owned businesses without even researching to see what they do and what they support. It’s the same list going around. I’m not just a ‘Black-owned business.’ There are a lot of interesting things about me and my business besides my identity,” says Subrina Heyink, of Subrina Heyink Vintage."

Yes, you sell things.

OK, you probably "stand for" things, "believe in" things, or "support" things too.  That's lovely.  

But, your business exists to sell stuff.  By definition.  The rest is just image and window dressing.


"She declined interviews at the time and asked to be taken off lists once she realized that many of the people who were sharing them were doing so mindlessly, in what felt like tokenism."

Coming from a fellow small business owner, that's just idiotic.  As in "You absolutely have to be shitting me" idiotic.  No sane small business owner would EVER turn down free advertising.


"She says that some of the white influencers sharing these lists were part of a racist fashion industry that had previously hurt her business: a former fashion editor, who had once mocked Heyink for taking an activist tone on her platform, had added her to an Instagram list of fashion businesses to follow. This upset Heyink, so she asked for her name and business to be edited out of the Instagram post."

OK, absolutely.  If one wants to stand on principle and decline such advertising, of course they can.  It's a free country, after all, and people can do what they want.  

But that's still a stupid business decision, and it's entirely on you.  YOUR principles cost YOU money - nothing to do with COVID, customers, or anything, and the consequences are anything but "unintended".  YOU own that.


"More important than these lists, says Heyink, is the prospect of structural support in the form of mentorship for Black business owners, particularly Black women entrepreneurs. She says her business saw growth earlier this year when she was given the capital and mentorship to grow, and the accompanying knowledge that she could fail and try again."

All entrepreneurs take risks.  Again, not at all limited, much less unique, to Black-owned businesses.

And, if entrepreneurial Black women are all looking for mentorship, couldn't they mentor each other?  With all the free social media tools available, they can't get together?

OK, maybe there are not a lot of them.  But surely there are more than two, and that's a start.


"Still, the lists that she had been added to brought new customers her way, and she wasn’t about to let the demand overwhelm her."

Finally, someone who is taking advantage of success instead of whining about it.

And to be clear, this IS success.  Not an "unintended consequence".  This was always the entire point of starting the business in the first place.


"To prevent blowback from delays in shipment or bad reviews, she communicated to customers about her business operations, informed them about limitations that come with small businesses run by Black women, and adjusted her inventory — listing only as many items as she could afford to fulfill without falling into extreme fatigue."

So, she declines new customers and still gets piles of new customers?  Good on her!

No, really - good on her.  She's making the most of her success, entirely correct.  Excellent management of the situation.

But it's still success.  Not "unintended consequences".


"...10,000 orders between May 30 and June 1. These orders were mostly for titles which had been selling out everywhere, forcing publishers to reprint. The company did not have the manpower to fulfill that many orders and so came the backlash from customers accusing the owners of theft and fraud."

Yes, the difficulties of success.  But they're in much less danger of going under now, aren't they?

So which is it - are Black-owned businesses always screwed and eternally doomed to die, or are they suddenly riding a new market wave to more success than they can handle?  Can't really have it both ways, you know.


"The owners posted a statement to customers after complaints: “We are also receiving a number of disheartening emails asking us to cancel orders and refund payments, criticisms about how slow we are and that we have poor customer service because we have not answered an email. We do hope each and every one of you who has shown us support by purchasing through our website believe we are not accepting your money with the intention to keep it and not send out your orders.”"

Yes, the problems of success.  Seems like they're dealing with it as well as they can.

Although - OK, I'm not at all suggesting that they were somehow able to predict, cope with, or even manage such an incredibly large volume of unexpected orders - but don't most bookstores sell what's in stock, and put the rest on backorder?  Sounds like a rather large hole in their ordering system.


"The small company had channeled money into manufacturing products for the collaboration, and thus the drop resulted in uncertainty and precarity despite the company’s popularity."

What?  Small businesses take financial risks?!?  What a discovery!  What insight!! Give the author a Nobel RIGHT NOW!

OBVIOUSLY applies to every business, ever, anywhere.  Ownership has zero to do with it.


"Community rallying and hashtags not only brought Telfar and Gap to a resolution, but also catapulted the bag to new heights of demand, with the item selling out mere minutes after being released."

So - rampant success is now the problem?

Seriously - every other novel / unique item that sells out in minutes is reported as an unqualified success.  But this Black-owned business enjoys the same success and suddenly it's an issue?


"This was cause for celebration, yet brought with it resale bots and profiteers who wanted to capitalize off the attention a Black business was getting.  These problems created complaints from consumers, with some even accusing the company of creating false scarcity to drive demand. The company tried to address this by launching a “bag security” program allowing customers to preorder the bags they wanted."

Well done.  And - well, done then.  It's sorted.  And very easily, it sounds.

Tim would also (undoubtedly) point out that this is market forces at work, raising prices to cope with scarcity.  This really cannot be avoided in any meaningful sense.


"Other Black-owned businesses like golde and Hanahana Beauty also switched to a preorder model, following an influx of orders."

Yes, entirely sensible when demand exceeds supply.  The pure economist would say the prices should rise, but putting stuff on backorder works too.  

But every mail-, phone- and internet-order business has done this for simply ages. Exactly why is this suddenly a huge issue for Black businesses in particular?


"Faced with the pandemic and consequent shipping delays, she applied for a Paycheck Protection Program loan — with apprehension, due to past refusals she had gotten applying for loans as a Black small business owner. After waiting weeks to hear back and getting no response, she moved on."

This asserts without proof that she was denied the loan simply because she was Black.  Maybe, maybe not.  Some kind of evidence would be ni... oh, wait, we said that.


"Around this time, she began to appear on lists of Black businesses to support. Abena was excited, she says, because the majority of the lists — including one on BeyoncĂ©’s website — reflected an understanding of Hanahana’s mission."

OK, missions are great.  But sales are usually better.  Your mission doesn't pay the bills, sales do.


"Business got even better, but in July, the company announced that it was taking a “sustainable work vacation.” Making items available for preorder had helped Boamah, but it wasn’t enough. She realized that the company couldn’t produce or fulfill enough orders at the rate things were going, and it was important for her to keep in line with her company’s mission of sustainability and transparency. Despite the allure of new revenue, she took a break so the team could rest"

So business is good enough that she can put everyone on holiday, AND get free money?  

Perhaps these consequences were unintended - or, at least, unforeseen - but what sane business owner WOULDN'T want such luxury?

Lord knows I would sure like to be able to tell my customers to come back later in a couple of weeks, just so I can take it easy for a while.

Or, put another way - just what is she thinking?  She has UNPRECEDENTED demand, and should be moving heaven and earth to score as many of those sales as she can possibly get.  Not go off for a little lie-down after hugging Gaia.

Of course, she didn't do that at all, as the last line reveals:

"hired new team members, and applied for grants, many of which had only become available to her after the pandemic and uprisings started."

She's expanding both her team and her financial resources, presumably as fast as she possibly can.  Which is, of course, the correct and sensible response.


"Even after orders are completed, Black business owners have struggled with how to navigate shows of appreciation; many are making sure to restate their gratitude for fear of driving away customers, some of whom have implied that for them, #SupportBlackBusiness is an act of charity."

Yes, corporate image is a bitch.  But for everyone, not just them.

Seriously, how many big businesses have put their foot in it lately?


"Still others are figuring out exactly how to openly discuss the ways the influx of attention has affected operations, for better and for worse."

Oh dear God.  

EVERY business, big and small, White or Black, has operational problems.  That these problems are realatively new due to newfound success isn't a problem to be shared with your customers - it's cause for celebration, because now you're moving up in the world.  Smiling in front of the clients while working your ass off behind the scenes is the definition of small business.


"“Some Black business owners are scared to share the realities we face,” Winbush says, “because they don’t want to seem unprofessional, as coming off as unprofessional could negatively impact your business.”"

Just so.  This is Marketing 101 - make it look easy, come off calm, cool, and capable - while hiding all the hard work, frustration, and endless issues.  Regardless of what you sell - coffee, clothes, or conversation - that's exactly what you're being hired to do.

Honestly, I've never heard people whine so much about success.


Sunday, August 30, 2020

Notes on the JBL Cheetah 11101 (truck) and 21101 (buggy)

These are hobby / basher grade 4WD cars.  They are a step up from toy-grade cars like the WLToys lineup, built and priced accordingly.  

They are not the toughest cars ever but are (reportedly) pretty decent.  Crashing any car from great heights onto concrete is likely to break it - these are no exception.

Do note these cars - and especially the 120A models - are rather beyond mere toys, and use extremely powerful motors.  The young, unwary or careless could easily hurt themselves, lose a finger, etc.  Use caution!

Basic specs:

  • 1/10 scale, 4WD
  • 515mm long
  • 3S, 4000 mAh battery, T-connector (a.k.a Deans), 15min
  • 3670-2500 kv motor.
  • 80A (80 km/h) or 120A Hobbywing ESC (100 km/h)
  • All-metal gears.
  • Part-metal chassis.
  • Oil-filled dual-rate (progressive) shocks.
  • 17mm wheel hex
  • 135 / 145mm diameter / 75mm wide tires w/foam
  • LED lights 

 Note: This car is NOT a rebadged Vikar Bison or DHK Zombie.

User manual:  RCGroups 1, RCGroups 2

Transmitter:  120A versions: KTH-91900G [Manual:  RCGroups]

 

Model differences:

Car (21101):  This model is technically the "21101", though most refer to it as a "Cheetah".  Has rear wing and different wheelie bar.  Most find the wing/bar break off easily on bad landings.  Dirt/pavement combo tires.  Car is sometimes available in a package with two batteries.

Truck / truggy (11101):  No wing, "inverted" wheelie bar that tends to not break (as easily).  Sand tires that reportedly don't do quite as well on pavement.  Old models had substandard wheel nuts that could come off, but newer ones (since mid-2017) don't.  Review, review 2.

Changing from car-> truck (or vice versa) involves changing not only the shell, but the mounts for the shell, as well as the rear wheelie bar. 


Model similarities:

-  All models are available in with 80A or 120A ESC.  The 80A is often called "original" or "version 1".  The 120A is sometimes called the "upgrade" version, "version 2" or "Extreme".

-  Most parts are common between the "old" 21101 car, the "new" 21101 car, and the 11101 truck.


Related models:

-  J3SPEED : Street / on-road tires, new controller, metal slipper mount.  Also 120A with 3670-3200kv (36*70mm) motor, so faster.  Drive axles may be thinner. (Review, Discussion thread)

 

Year-on-year differences:

  • 80A models had Flysky controller (4xAA) with throttle limiting.  120A models have different controller without throttle limiting.  It may be possible to bind a Flysky GT3C (with limiting) to the later models.
  • Original 11101 trucks had different wheel nuts that tended to spin off.  These were changed to the same 10mm hex nuts as used on the 21101 car.
  • Drive shafts (CVDs) were thin / weak, were upgraded around Q1 2018.


Known issues:

  • 80A ESC and steering servo are NOT waterproof. (experiences in snow are mixed)
  • 120A might be waterproof, but might also be just "splash-proof".
  • Check all screws BEFORE running for first time.
  • 21101 wing / wheelie bar breaks easily.
  • Tires may become unglued due to high available torque.
  • Drive shafts (dogbones) tend to bend.  Easy to upgrade. 
  • Some screws are threaded into metal parts and will back out over time.  Use Loctite.
  • Wheels are difficult to remove, especially the first time.  Heating with a hair dryer seems to help.
  • All screws METRIC, most screws are hex head (i.e. allen keys)
  • Differential output cups weak.


 Known non-issues:

  • "Crackling" sound from rear at low speeds - this is normal behavior for the brushless motor.
  • Transmitter range sometimes isn't the best.  Video to help fix
  • It is definitely possible to destroy the car in stock form.

 

Parts and upgrade info

Many upgrade parts are available (JLB, Aliexpress, Aliexpress 2, Banggood, MonkeyHobby).

General:

  • It is possible to upgrade to 4S batteries, but beware of exploding tires.  
  • You also risk damaging your transmissions, especially the front gearbox.
  • Most people say the surest way to break parts is to run 4S.

Motor:

  • Stock: JLB 3670-2500kv (Banggood)
  • Upgrade: Racerstar 4068 brushless motor 2650 kv
  • Motor heatsinks: Heat sinks for 530 or 540 motor size appear to work
  • Motor fan: Banggood (picture), Video

ESC:

  • 80A (upgrade to original 80A, downgrade from original 120A): Gearbest , Banggood
  • 120A:
  • Note: people have tried spraying CorrosionX into the receiver and ESC to add a bit of waterproofing.  The effectiveness is unclear.

Servo:

  • 10kg (or more) servo recommended
  • Upgrade: 
  • Some users report the Futaba S3003 works fine, even though it is "weak"
  • Some people report the TowerPro MG995 works fine (video)
  • Note: some report all-metal steering improves the turning angle over the stock plastic parts.

Steering:

  • Metal upgrade (Banggood, Aliexpress)
  •  Note: some report all-metal steering improves the turning angle over the stock plastic parts.

Wheels/Tires:

  • Pro-Line Badlands 3.8 wheels/tires do fit. (Pro-Line)
  • Can use 1/8 tires with 17mm hex (i.e. GoolRC)
  • BSR Berserker 1/8 wheels fit.   (Hobbyking)
  • ZD Racing 1/8 wheels with 17mm hex should fit (unconfirmed).  (Banggood
  • Wheel nuts are M10.

Wheel bearings:

  • Wheel hub bearings 10x15x4mm. 

Battery:

  • 3S 4000 mAh
  • Length: with spacer foam 138mm, without 148mm.
  • Tray is 49mm wide (some say 51mm)
  • Height limited by body shell.
  • 260g

Pinion:

  • Pinion must be 32 pitch!
  • Stock: 15T: Aliexpress
  • 13T: Aliexpress (13T, 14T, 15T)
  • 17T fits.
  • 18T is reportedly too large, it interferes with one of the motor mount screws.  Can be made to fit with appropriate grinding.

Spur gear:

  • Stock: 52T
  • No known upgrades

Shocks:

  • Stock oil is likely 400 wt
  • People report good success with 800 wt
  • Note: weights in the range of 15-70 are "non-standard" USA weights.  Weights in the 200-800 range are the same oils rated using "standard" weight ratings.

CVD:

  • Reported as:
    • Original: 8mm
    • Second: 6mm
    • "Upgrade": 10mm 
  • "New", "upgraded" version (reportedly): Banggood
    • Note: these were upgraded back in 2018, photos may not be correct.  
  • There is reportedly a "hardened" version (as of 2019), but this is unconfirmed.

Slipper clutch:

  • Metal upgrade: Banggood
  • Note: it is not typically necessary to adjust the slipper. 

Tuesday, August 25, 2020

Private Internet Access (PIA) Next-Gen servers break apps and smart home devices

 Problem:  After restoring your PIA connection from after it broke using router-based VPN, you do not have full connectivity.  

Specifically, none of your smartphone apps or smart home devices work properly.

  • Your router IS connected to the VPN
  • You ARE using the correct encryption, port, and ca.crt combination
  • They DO have a working internet connection
  • They CAN see the internet
  • They DO work outside the VPN

But they can't log in to, or access, their respective servers through the VPN:

  • Gmail: Useless "View more" link that does nothing
  • Banking apps: Can't log in
  • Starbucks: Endless "Finding stores"
  • Ecobee:  "Trouble connecting to your device"
  • Honeywell Home: Endless startup
  • Ratuken Kobo: Endless accessing "My Books"
  • Smart Life: Endless startup
  • Lastpass: Password vault is empty
  • Roblox: Endless loading
  • Minecraft: Can't join multiplayer servers
  • Terraria: Can't join other players 
  • Pixel Guns 3D:  No multiplayer available
  • Ecobee thermostat: Pings "ecobee.com", but "unable to connect to web servers".
  • Lyriq water leak detectors: Permanently offline 

etc, etc, etc.

Oddly, Windows PCs work.  Chrome, Maps, and Play Store work.  Some other apps work.  Many don't.

PIA confirmed the cause was "resolvers for [the] legacy network" - i.e. on their end.


Solution (for router-based VPN only, this example is DD-WRT):  

0.  Follow this guide exactly.

1.  If your OpenVPN does not even try to connect, try removing this line from Additional Config:

 pull-filter ignore "auth-token"

It should at least connect now, but you will still have app/device issues as noted above. 

Note: This bug appears to affect only very old versions of DD-WRT.  If you can upgrade your firmware, you likely should.

2.  Set your router DNS to:

  • 10.0.0.241
  • 10.0.0.242

3.  Change to a "Next-Gen" server.  These all end in "privacy.network".

Examples:

  • us-california.privacy.network
  • ca-montreal.privacy.network
  • uk-london.privacy.network

4.  You have to try different encryption / port combinations, to see what works.

For example, I used AES-128-CBC SHA1 on port 1198, using "ca.rsa.2048.crt".  It did not work, resulting in the app/smart device issues.

I then changed to AES-256-CBC SHA256 on port 1197, using "ca.rsa.4096.crt".  That worked fine.

 You don't need to reboot your DD-WRT router (but you do need to hit "Save", then "Apply Settings"), and resolution will be more-or-less instant.  When you hit a "good" setup, you will know it.


 The above did work on OpenVPN 2.3.  Newer DD-WRT builds have 2.4, hopefully it works for that too.

 Similar steps should fix Tomato, ASUSWRT, Merlin, pfsense, whatever.  (I hope.)



This was the result of several days back and forth with PIA tech support.  Only their eventual fix has kept me with them, as I was just about to pull the trigger on NordVPN.

However, I can't help but say their NextGen rollout is a bit of a dumpster fire:

  • These problems should not be occurring.
  • They certainly should not be dumping people off perfectly good connections that have been flawless for years for reasons unknown. 
  • Their router setup guide was not updated in advance of NextGen rollout, which is dumb.
  • Their support staff seems unable to readily support the NextGen rollout, which is even dumber.
  • Tech support actually told me I had to figure out the NextGen settings by interpreting the '.ovpn' file for my preferred PIA server, which is dumbest of all, as that is not support.

 It's almost like they never saw the NextGen transition coming. Which is just shoddy business.

Yes, I know there was a merger.  So either they had to changeover with little to no warning, or they forgot about their massive upcoming server changeover because of new business cards.  Either way, it's crap for the customer.


Tuesday, August 18, 2020

Private Internet Access (PIA) suddenly stops working

Problem: PIA stops connecting.  No changes on your side.  DD-WRT.

Error: N VERIFY ERROR: depth=1 error=certificate has expired: C=US ST=OH L=Columbus O=Private Internet Access CN=Private Internet Access CA emailAddress=secure@privateinternetaccess.com
20200818 14:33:13 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)

Solutions:

1.  Your router time setting is wrong.  Try re-setting or selecting another NTP server, just to be sure.

2.  PIA changed something.  Seems they did so recently (August 18, 2020).

If (2), your only real solution is to completely re-set up your DD-WRT router using the latest settings.  Instructions are here.

Note:

-  Specific protocols now need specific ports.  Be sure to get the right port/.crt combination.

-  PIA added a line to "Additional Config":

pull-filter ignore "auth-token"

This line completely borked my ability to connect - DD-WRT wouldn't even try.  Taking it out fixed it, I don't know why.  It may be because my DD-WRT is old.

I was also unable to connect using Blowfish, although I suspect that was the new config line above.


Saturday, August 15, 2020

Cleaning white landscape rock to like-new condition

 Problem:  I want to re-do my landscaping, but want to re-use the existing rock.  The old rock has gotten brown and yellow stains on the bottom - can I clean it?

TL;DR:  No, you can't.


As far as I can tell, the rock is called "Crystal White".  Mine looks to be about 1" / 25mm size.

Over time, it develops brown and/or yellow "staining" on the bottom.  This is likely due to oxidation.  

This means taking up and re-laying down the same rock doesn't work, since half the rock will be discolored instead of nice and white.  As this rock is hard to find and potentially expensive, I wanted to re-use the same rock instead of throwing it away.

It may seem obvious that you can - or can't.  Some people report success in "cleaning" their rock.

I tried the following materials to eliminate the discolorations:

  • Barkeepers Friend (oxalic acid)
  • Stainless Steel cleaner
  • TSP (premixed / ready-to-use)
  • CLR (straight)
  • Palmolive dish detergent
  • Glass cleaner (ammonia)
  • Muriatic acid
  • 70% alcohol
  • 20% chlorine bleach
  • 50% chlorine bleach
  •  Toilet cleaner (hydrochloric acid)

All were soaked for at least 24 hours.

 None of these had any cleaning effect.  CLR made the rock stink and turned the veins yellow, and muriatic acid dissolved the rock:

 


None of the other cleaners had any meaningful effect.

So, if you have this type of rock, don't bother trying to clean it for re-use.


Saturday, August 1, 2020

Vantec NBA-200U external USB sound adapter unable to output 7.1 ANALOG audio from Nvidia Shield via Kodi

TL;DR: As title.  The Vantec will NOT output 7.1 ANALOG audio from an Nvidia Shield TV / TV Pro using Kodi.

It will output 5.1 audio via optical S/PDIF (Toslink).  And it will play most 6.1 and 7.1 video files through that interface. 

You will probably even hear sound through your rear surrounds while playing those files, so you may think that you are actually getting 7.1 sound. 

But you're NOT, because optical S/PDIF is NOT capable of sending 7.1 audio due to bandwidth limitations on that interface (as everybody should know by now).  Most likely your receiver is doing some smart sound processing without you even realizing it.


My receiver is old, and does NOT handle sound via HDMI.  And I figured if I'm upgrading, why not move from 5.1 optical to 7.1?  So I needed 7.1 ANALOG sound. 

The Vantec is supposed to do that by outputting 7.1 sound via four 3.5mm audio jacks.  You use 3.5mm-to-RCA cables to connect these to the analog inputs on your audio-video receiver (AVR).

Obviously, this means you need an AVR that has such inputs.  I have a Pioneer VSX-1016TXV, which has dedicated 7.1 analog inputs.

 (OK, laugh all you want, but it works great.  I'm NOT spending $500-$1,000 for a new HDMI-audio receiver when my existing stuff works perfectly well!)



Once I realized what I needed, I did my homework.  Nvidia recommends the Vantec

So, Vantec to the rescue.  I plugged it in, Android installed it silently.

Except, no matter what, it didn't work.


Here's what DID happen:

1.  At best, all I could get was stereo sound.  In many instances, I got ticking / buzzing only, or no sound at all.

2.  If I tried to play a file the Vantec didn't understand, it often locked up (activity LED stopped). 

It would then refuse to output anything - even stereo or 5.1 - until it was reset, or the Shield was rebooted.  This occurred on nearly all Dolby 7.1 and DTS 7.1 test videos, and (maybe) even a couple of 5.1 test videos.

3.  The Vantec would lock up even on files it should have handled, such as "U-571" in 'standard' DTS Digital Surround 5.1 (i.e. not DTS-HD 7.1 or DTS-HD MA 7.1).  This occurred when using either analog 7.1 out and optical S/PDIF out.


 For reference:

-  The problem is not with my AVR - I checked the multichannel 7.1 inputs, and they work perfectly.

-  The problem is not with my files.  I tried them on my old Minix box, and they work perfectly, including on 5.1 channel test videos.  On the Shield, the 7.1 analog outputs simply do not output anything to anything except for front left/right.

-  The problem is not with passthrough settings.  Using identical settings, optical S/PDIF works (including 5.1 surround), but analog 7.1 outputs do not.

-  The problem is not with the Shield USB.  I tried both, they were both set to always-on, and I even tried setting USB to max performance.  No dice.


There are a bunch of other devices like the Vantec on the market.  Most use the same C-Media chipset, so I don't think any of them will work any better.

I debated keeping the Shield TV Pro since it is faster, x265 capable, and will work as a Plex server.  But having the Vantec lock up on random files is a no-go for me, much less the family.


So, my advice to anyone with an old setup that does not handle HDMI audio is:

-  If you want S/PDIF, the Vantec basically works, and you should get the ability to play back 5.1, 6.1 and 7.1 files via Toslink optical (in 5.1 only).  But be prepared for it to malfunction / lock up if it 'sees' something it doesn't grok. 

-  If you want 7.1 analog out, do NOT buy a Shield TV.  There is no way to get analog surround sound out of it using commonly available USB sound card adapters - regardless of what a few Amazon commentators might say. 


Other devices based on the same chipset may or may not have the same issues.  I don't know, and I'm not spending the time to find out.


However, if S/PDIF / Toslink optical floats your boat - and you can get a USB adapter that doesn't tend to lock up - these are the settings that worked for me:

Shield:
-  Dolby audio processing ON
-  Available formats to MANUAL
-  Set all available formats to ENABLED
-  Stereo upmix is ON

(Note that "Forced volume" can be set ON or OFF, but it won't work.  It only works for HDMI audio, not for USB audio. )

On Kodi:
-  Number of channels: should not matter, mine was 2.0
-  Output configuration: Optimized
-  Pass-through ENABLED
-  Dolby Digital AC3 capable receiver ENABLED
-  Dolby Digital AC3 transcoding DISABLED
-  [if shown] Dolby DTS capable receiver ENABLED

On receiver:
-  Sound source set to digital / optical

With these, I was able to play:
-    Dolby Digital 5.1
-    Dolby Digital Plus 7.1
-    Dolby TrueHD 7.1
-    Dolby TrueHD 7.1 Atmos
-    DTS Digital Surround 5.1
-    DTS HD MA (Master Audio) 7.1

(These were the reported formats - can't be 100% verified.)

However, channel-check videos showed that the surround channels of Dolby Digital Plus 7.1, Dolby TrueHD 7.1, DTS-HD MA 5.1 and DTS-HD MA 7.1 did not come through.  They were undoubtedly downmixed to 5.1 to get through the optical interface.


Other variations on this may also work.  For example, you could try setting the Shield audio formats to "Automatic", just to see what happens.

For that specific setting, I suspect the formats that will be output may be limited by whatever is hooked to your HDMI.  If you have a new TV that supports "everything", the Shield will likely output everything.  If you have a projector or other device that doesn't support certain audio formats, the Shield might detect this and prevent certain audio formats from playing.

Note the last paragraph above is 100% pure speculation on my part, based only on the fact that the "Automatic" setting didn't seem to work well for me.  (I have an Epson projector and old AVR, neither of which handles HDMI sound.)




Saturday, March 14, 2020

Sharing files from Synology NAS without Quickconnect, Cloud Station or Synology Drive

I needed a way to allow people to download photos.

Things I tried:

 -  Icedrive, but the photos are RAW, so very big - making cloud is a bit slow and clunky.  Plus I hit the free storage limit, which took simply ages to fix.  I wanted a solution where I could share files direct from my NAS without a lot of tedious uploading and syncing.

-  I tried setting up separate private folders in Photo Station for this, but I didn't like that solution.  Photo Station isn't made for that.  It's messy and wrong.


-  I read that you could share via File Station, but it needed Quickconnect.  I wasn't keen on using Quickconnect for several reasons, not least of which was the Quickconnect URLs look really amateur.

-  I also researched Synology Drive A LOT.  It does support public links, and would do this.  But it is so heavily focused on collaboration and synchronization that it just seemed wrong for me.
 


As it turns out, you can easily generate and send public links to your NAS files using your own domain name or IP address.  That's what I wanted.

(Possibly this is so blindingly obvious that everyone knows about it, and I just missed it somehow.)


This assumes:

-  You have a domain name that points to your NAS, or
-  You have a static IP in your router, or
-  You have a router-based dynamic IP setup that doesn't change often.

Steps:

1.  If not already done, forward ports 5000 and 5001 to your NAS.

2.  If you have an external IP already set up, go to Control Panel / External Access / Advanced and put your domain name, static IP or current dynamic IP in "Hostname or static IP".

Obviously, if your IP is dynamic and it changes, you'll have to change this field manually.  Doesn't happen often these days.


To share:

A.  In File Station, right-click any file or folder, select "Share".

B.  The "Shared link" will come up. 

Because you filled in "Hostname/Static IP" in (2), above, your link will include your NAS external domain/IP address.  (Otherwise, it will contain your local server name, which is no good externally.)


C.  Optionally,  you can set "Validity period" (for time limits), "Enable secure sharing" (for password protection, or "Get QR Code" (if you think a QR code will somehow be useful).

D.  Send the "Shared link" to anyone (by email or whatever).  Obviously, if you've set up a password, send that too.

Your recipient can then click the link and be taken directly to the correct folder within your NAS, where they can download the files.


To be clear, this is sharing - as in download-only access.  The recipient can't delete, edit, upload or modify, and it doesn't support things like video streaming.  If you want to do those things, use Synology Drive (or Video Station or Plex for streaming support).

You will note there are no special security settings for this; you don't need to disable anything.  The NAS treats your public user like any other user.


As a "bonus", you can go to [yourdomain.com]:5000 or [your.ip.address]:5000 from any web browser, and log into DSM remotely, just like you would at home.

I say "bonus" because there were (I think) a couple of old versions of DSM that had security bugs with this kind of access, and exposing any interface to the 'net is a security risk.  I recall I wasn't at risk since I had no remote access enabled on my NAS at the time.


I think I will go get a new domain name specifically for my new file sharing links, just because I can.

Monday, January 27, 2020

The marketing practices of Soda PDF

While I hate to diss on a Canadian company, I am (still) pretty mad about this one.  Mad enough to bother posting this 2 weeks later.

For those considering Soda PDF as an Acrobat alternative, it seems pretty good.  It's also possible to pick it up for considerably off the "retail" price, making it seem like a good deal.


However, what is mentioned nowhere on their site is that the price is not a one-time purchase.  It is, rather, an annual subscription.

They claim this to be a "misunderstanding", but this is obviously intentionally deceptive on their part.  Their site does not state that the price is for an annual plan

It is mentioned in the checkout process, where the item purchased is listed as a "yearly plan".  So they can argue it's your fault for not noticing.  But these are two very small small words on a fairly busy ordering page, making it easy to miss.



There are also additional items:

1.  Certain features - such as digital signatures and OCR - are not included in the base subscription price.  Rather, these are add-on modules.

Aside from some asterisks and a footnote on their main page, I was unable to find any mention of:
  -  Which features are available only as add-on modules; or
  -  How much each add-on module costs.

Nobody fails to mention these things accidentally, making these omissions obviously intentional.

Now, some people like that they can pay only for the features they need.  But the utter lack of transparency is concerning.

2.  The only mention I saw about actually buying these add-on features is during checkout, where you get a pop-up offering you a feature "bundle" for a discounted price.

However, this is another annual subscription.  This is not mentioned in the pop-up.

The bundle price is usually very small, enticing you to go ahead.  And as soon as you click on "Add to purchase", the purchase completes, with no option to review the new bundled items you just selected. 

You could argue that it is "obvious" that the add-on is a subscription since the base product is also a subscription.  But it's not obvious that the base product is a subscription, so that's not an argument.


3.  They do list their desktop "edition" software, but it is on a separate site that is almost impossible to find from their ads and landing pages.  I found it entirely by accident, and only after I had accidentally purchased the annual subscription-based plan.

4.  Their purchase form has a checkbox that says "I agree to receive email communications about this service."

Ummm - what "service", exactly?  It doesn't say.

The implication is obviously that you should check that box to get your bill / invoice, activation code, or whatever.  But I unchecked it and still got those.

What it actually seems to mean is that you're signing up for their newsletter and promotional emails.  Which is certainly not clear.


With all of the factors above, it's my opinion that Soda is being intentionally deceptive.  They're doing almost everything they can to get you to buy the subscription, but doing just enough to make it your fault if you do so unintentionally.


Lest you argue, you can compare against the Foxit PhantomPDF site, and the Wondershare PDFElement site, both of which clearly lay out one-time and subscription options on the same page.  Cloud storage providers, such as pCloud, Icedrive,  and others also manage this trick, which is quite obviously not difficult.



You could always say I'm just mad about losing $50.  Except I didn't - I did get a refund.  Yet I remain pissed.

If I used such tactics in my business, I would not only lose clients, I would be strung up by my professional association for being unethical.  Too bad the same isn't going to happen to Soda.



I'm not saying their software is bad.  But be sure you read the product description very carefully, and know what you're getting before you complete that purchase.

I utterly loathe subscriptions and so asked for a refund.  After some very unsubtle prodding as to how great the subscription model is, and can we offer you a discount, they eventually refunded my purchase.

If you're still interested, and as far as I know, their stand-alone, one-time-purchase desktop program is called "Soda PDF Edition".  The page was here, and don't forget the little "Add OCR" button at the left.  But it's much more expensive than their ads would indicate.

Saturday, January 11, 2020

Be wary when renewing your NEXUS card

Google search results may show results such as "www.nexus-card.com" at the top of the search listings. 
These companies are NOT the CBSA - they are private.  They charge $100-$125 on top of the actual government fee of $50 $USD.

You do not need to use such a company to acquire or renew a NEXUS card.  So, that's basically $100 for nothing.

When renewing, be sure you're dealing directly with the government.  Correct renewal link here.

Tuesday, January 7, 2020

How to install Kodi advancedsettings.xml file on a Chromebook

On a PC, putting an advancedsettings.xml file in your Kodi directory is easy.  Copy and paste via Windows Explorer, done.

Same for an Android box or tablet.  Copy and paste using "My Files" or anything similar, done.


On a Chromebook, not so much.  Chromebooks hide the OS files.  Copy & paste is not possible.

However, it is possible to put an advancedsettings.xml file into Kodi on a Chromebook.


NOTE: This guide assumes you know how to point Kodi to another device that holds your advancedsettings.xml file, such as a USB stick, external hard drive, internal storage, or whatever.  If you don't know how to do that, go away and find out.

(Hey, you may as well.  You're probably going to need that same info to set up your video sources later.)

Steps:

1.  Make your advancedsettings.xml file. 

Here is a really simple file.  All it does is exclude certain directory names - like "Extras" - from being scanned into the Kodi library.

<advancedsettings>
  <video>

    <excludefromscan>
      <regexp>Extras</regexp>
      <regexp>Featurettes</regexp>
    </excludefromscan>

    <excludetvshowsfromscan>
      <regexp>Extras</regexp>
    </excludetvshowsfromscan>

  </video>
</advancedsettings>


Yes, you could regex the hell out of it.  But it's, like, 12 lines long.

You can obviously modify as you see fit - see the guide here.

 2.  Put it somewhere that is accessible by your Chromebook. 

This location might be:
-  a USB stick
-  an external hard drive
-  an SD card
-  a network location

or whatever.



3.  Go to the Play Store and install Kodi on your Chromebook.

4.  Run Kodi.

5.  Before you do anything else, go to Settings / File Manager.  Guide here.

Why?  Per the wiki:

"The File Manager allows the maintenace of files from within Kodi on platforms that have no underlying and easily accessible operating system."

Sounds like what we need.

6.  On the left-hand side, open "Profile directory".  This is the place where advancedsettings.xml needs to go.

(No, you can't really verify that.  But don't worry, it is the right spot.  And even if it wasn't, you can't really bolix up Kodi or your Chromebook by copying this kind of file to the wrong spot.)

7.  On the right-hand side, open "Add source".  Point it to wherever your "advancedsettings.xml" file currently lives.

Note:  I can't tell you exactly how to do this since it depends on your storage device (USB stick, network, etc.)  If you don't know how to do this, go away and find out, and come back.

7.  Click/tap on your advancedsettings.xml file in the right-hand pane, and hit Copy.

Note: Exactly how you copy depends on your OS (Windows, Android, etc.).  It's done via the "Context" menu, known as the right-click menu under Windows.  Right-clicking on the file name usually works.  For touch devices, press & hold may work.

8.  Change to the left-hand pane, and hit Paste.

Note: Exactly how you paste depends on your OS (Windows, Android, etc.).   Right-clicking in the left-hand pane usually works.  For touch devices, press & hold may work.


That's it - you've copied your advancedsettings.xml into the right Kodi directory.  Restart Kodi and the new settings should be in effect.

You can now go ahead and set up your sources.  The items excluded by your advancedsettings.xml file will naturally be excluded, as intended.