Stable patches for the “Spectre” vulnerabilities

Stable patches for the “Spectre” vulnerabilities are beginning to appear at last. If your computer is only a couple of years old you should check for a BIOS update. They’ll slow down your machine a bit but running unpatched for too long is asking for trouble.
 
It’s pretty scandalous that these bugs (Spectre and Meltdown) were released in the first place, even more scandalous that they went unreported for years and disastrous that for many people the only way to fix them now is to throw away every device that contains one of the affected processors (pretty much anything that connects to the internet) and buy new ones. I hope the CPU manufacturers are ashamed.
 

Quick guide to speeding up a laptop

It’s really easy to speed up most laptops. Dramatically.

1.   Kill most background programs

On Windows 10, press Ctrl + Alt + Del then Task Manager and select the Start-up tab. Disable all non-essential programs one by one. You may have to log in as an administrator if the button is greyed out.

Startup window

Then go to Settings > Privacy > Background apps and disable most of those. (On Windows 7 search for the command “msconfig” instead.)

On Mac OSX, go to System Preferences then Users & Groups then Login Items and click the minus button to disable each non-essential program.

OSX Login items

2.   Nix the antivirus

Believe it or not, most commercial antivirus programs do more harm than good. Uninstall them! On Windows 10 the built-in Defender will automatically activate and is just as effective with far fewer problems. (For Windows 7 search Microsoft.com for free “Security Essentials” which does the same thing.) Mac OSX also comes with enough built-in protection these days.  Now reboot your laptop and notice how quickly it starts up!

3.   Check the performance monitor

On Windows 10, open the Task Manager again but this time select the Performance tab. The graphs of CPU, Memory, Disk and Ethernet should all be pretty low now. If not, click the Processes tab to find the culprit.

Windows performance monitor

On Mac OSX, go to Finder then Go then Utilities and select Activity Monitor.

If Memory usage is high, adding some RAM is often a quick and cheap (less than £50) solution. If Disk usage is high, changing your hard drive to an SSD (solid state drive) is also cheap now and very effective – and will save battery life. We can help you buy the right ones and fit them. If CPU usage is high, fix the other two first.

OSX activity monitor

4.   Check for malware

Computers are sometimes slow due to malware. Here’s a really quick way to check if a Windows laptop is infected. Go to the “Sysinternals” site (now owned by Microsoft) and download “Process Explorer” from https://download.sysinternals.com/files/ProcessExplorer.zip. Extract the files (right click, extract all) then run procexp.exe. You will see a list of processes running on your computer (make sure all your usual programs are started – this test won’t check dormant programs on your hard disk).

Now click Options then VirusTotal.com and select “Check VirusTotal.com”. After a short delay this free service will check your computer memory against over 50 different virus checkers and report the results as a column of blue figures at the right. The number indicates how many virus checkers reported a warning (a few false alarms is normal) and the second number is the total number of checks.

Virus Total results

5.   Install an Ad blocker

This tip is specifically for browsing the internet. Most web browsers now include a “pop up” blocker by default, but you have to install a “plugin” or “extension” if you want them to block advertisements. Popular ad blockers include “AdBlock” and “Adblock Plus” – they’re very similar and easily installed, for example from https://chrome.google.com/webstore for Chrome, https://addons.mozilla.org for Firefox or https://www.microsoftstore.com for Edge (unfortunately not available for Internet Explorer, Safari or phones).

Advertisements quite often contain malware so it’s a good idea to block them for security reasons as well as for speed. Some sites rely on ads for income and won’t load unless you make an exception for them, but I still encourage you to try out an adblocker, it saves a lot of time and aggravation.

6.   Install security updates automatically

This last tip is more about security than speed, but it will save you time by installing important security patches automatically, not to mention time spent recovering from an infection. Windows will automatically update itself and Microsoft Office, but what about all your other programs? The answer is a free program called Secunia PSI that you can download from http://secunia.com/PSISetup.exe. It’s very effective and rarely causes any problems. Mac OSX users don’t need this because the App Store controls all updates.

Enjoy your fast laptop and tell your friends!

How to send something confidential by email.

Wax sealHow do you send confidential information to someone over the internet, so that only the intended recipient can read it? It’s a simple question, with a simple answer (encrypt it) that is easier said than done. When you think about it many of the emails we send could be embarrassing or worse in the wrong hands, so take a moment to find out how.

The easiest solution for most people is probably to use a trusted provider to do it all for you, rather than go through the pain of exchanging keys with all your correspondents.

  • Gmail
    The good news is Gmail already (since 2014) encrypts all messages between Gmail accounts provided you use the official Google apps or a web browser, so a lot of people are actually using encrypted email without realising it. Similarly, Skype and WhatsApp already encrypt all their communications. If you and the person you’re corresponding with both have access to Gmail accounts, use those.
  • Protonmail
    For everyone else a free Protonmail account is probably the simplest answer. You can use a web browser or their phone app to send and receive messages for free, or pay €4/month to get access to IMAP (and other extra features).

It’s up to geeks like us to help people with technology. So the next time someone emails you something confidential in plaintext that really should be encrypted, gently remind them by giving them your protonmail address or a public key with some instructions like these http://www.techadvisor.co.uk/how-to/…tmail-3636950/

Before you ask, I’m phil.mckerracher@protonmail.com

Exchanging documents that are too large to send as an email attachment is also a problem. Again, the easiest solution is probably a trusted cloud provider like Google Drive, Dropbox or OneDrive. Using 7-zip to compress the document with a password is better than nothing.

How to fix incoming email delays

Waiting for computer

Do your incoming emails sometimes arrive late, delayed by minutes or even hours? I found it really annoying when it happened to me, especially when trying to sign up to websites that required a response to confirmation emails before letting me in. I’ve even travelled to a cancelled meeting because of email delays.

Here are the most common causes, and what to do about them.

POP3 connection

If you retrieve your email the traditional way using the “POP” or “POP3” protocol, your mail program probably only checks for new messages every 30 minutes or so. This is called “polling” or “pull” email. It introduces a variable delay, often up to an hour.

How to tell if you’re affected: Check your mail program settings to see what protocol it’s using. Also, if clicking a “Send/Receive” or a “Refresh” button causes delayed messages to instantly appear, this is a likely cause.

What to do about it:  Change to use the more modern “IMAP” protocol (or Microsoft Exchange) instead of “POP”, if possible. As well as effectively giving you instant “push” email delivery, this allows you to synchronise mail between different devices, organise messages into folders, train your spam filters and gives you a backup.

If  your mail provider doesn’t offer IMAP, you may be able set up a simple forwarder to send all your incoming messages to a provider who does (e.g. a free Gmail account).  It’s also possible to change your DNS settings (specifically your “MX” records) to reroute your mail without an extra forwarding step, but that usually requires a subscription to a service (for example, G Suite).

If that isn’t possible, try setting the delay to a shorter value in your mail program settings. Check with your mail host first though, because some will block you if you poll too frequently.

Greylisting

Greylisting is a simple and effective anti-spam technique that works by initially refusing incoming mail from unrecognised sources and waiting for a redelivery attempt. The problem is, it introduces unpredictable delays in the process, which can occasionally be severe (a day or more).

How to tell if you’re affected: Ask your email provider if they use greylisting.  You can also examine timestamps in your email headers to deduce where delays are happening if you know how.

What to do about it: Ask your email provider to disable greylisting, or do it yourself if you have access to a hosting control panel. You will probably have to enable an alternative spam filter or forward your mail to a different account with a filter, otherwise you will be flooded with spam.

Misconfiguration

Incorrect DNS settings are a frequent cause of mail delays, in my experience. In particular, “MX” settings typically point to a different host or IP address than the “A”, “AAAA” or “CNAME” records for a domain, which is confusing. Even worse, once such a mistake is corrected, it can take many hours for the DNS changes to propagate and even longer for email senders to attempt redelivery, which means you may continue to see random delays for a couple of days.

It’s also really easy to misconfigure a mail server or client, resulting in a “forwarding loop”, “open relay” refused delivery or other problems that cause mail senders to blacklist you for a while. A simple change like setting an out-of-office notification can trigger a problem that may not be immediately apparent, and may take days to fully resolve once fixed.

How to tell if you’re affected:  Send test messages to yourself from another mail account and check for bounce messages. If you don’t understand them, forward the bounce messages to someone knowledgeable using “forward as attachment”. You can also test your mail settings using MX Toolbox.

What to do about it: If you have recently changed your DNS or mail settings, get someone to check them. Otherwise, contact support at your mail hosting provider. Be patient once problems are corrected to allow fixes to take effect.

Does your browser sometimes show you the wrong website? Fix it quickly!

Do you sometimes click on a link in your web browser and find that the site you are taken to is completely different from the one you expected? It can happen quite innocently if a site has moved to a new address, perhaps due to a company takeover. It can also simply mean the old site has gone and the domain has been bought by a squatter, in which case you may see a page full of advertisements. More worryingly, it could mean that your internet router has been hacked – try swapping the router. But the problem I’m talking about here is a known limitation of old browsers on encrypted connections.

Green padlockYou may have noticed that many websites now make you use a secure connection  – with a green padlock, and https instead of http in the address.

The reason is simple – without encryption, anyone can snoop on your connection and see your passwords, which is disastrous if you’re shopping online or even just checking your email. Worse still, hackers can redirect your connection to a convincing “phishing” site without your knowledge. Encrypted connections prevent that.

The problem was, until recently every secure website needed its own separate IP address and security certificate, which was expensive and difficult to set up (IPv4 addresses are in short supply). That all changed in 2016 because Microsoft finally retired the old versions of Internet Explorer that required separate IP addresses, and because an organisation called Let’s Encrypt started offering free automated certificates. Problem solved.

Except that a lot of people are still hanging on to Windows XP (unwisely, because it’s now very insecure and a big target for hackers). Internet Explorer on Windows XP can’t handle secure sites on shared addresses (it doesn’t support “SNI“) which means it will show you completely the wrong site.

Solution

The solution is simple – use Chrome or Firefox (or even Microsoft Edge) instead of Internet Explorer. As a bonus, modern browsers allow you to install an Ad Blocker to make your browsing much more pleasant. Since ads can contain malware your browsing will be more secure (and faster) as well.

Getting a Sony Vaio laptop working on Windows 10

Kudos to user “paloseco” for his very helpful post on the NotebookReview forum about upgrading a Sony Vaio Z series laptop to Windows 10. Also to users “ComputerCowboy”, “Treofred”, “psyq321” and others for the related instructions for hacking the BIOS and INF files. How did we survive before the internet allowed sharing of information like this?

Negative kudos to Sony for shamefully not supporting a laptop that is only (gasp!) 6 years old, effectively forcing most users to use insecure software.

Why we use WordPress or Drupal

This incident affecting the owner of a popular site who used “site builder” software from his hosting company is a good example of the downsides of this solution – you can’t (easily) upgrade the site, archive it or move it to another host.

If you use a well-supported content management system like WordPress or Drupal there are tools to help you upgrade and migrate. We recently upgraded another site that had stopped working because it used a mix of old systems (Joomla, Magento, phpBB, CiviCRM, WordPress) some of which no longer worked properly in Ubuntu 16.04 LTS. We moved it all to WordPress without losing content, using standard plugins. Keeping it updated or moving it to a new host is no longer a problem.

Quick guide to personal email addresses

A personal email address that matches your own name or business name is obviously a nice thing to have – something like me@myorganisation.com or firstname@lastname.me instead of  nickname99@internetprovider.com. It looks more professional, it’s easier to remember and it doesn’t change every time you change your service provider. Here’s how to set it up in a nutshell.

personalemail

1. Choose a domain name

The domain name is the bit after the ‘@’ symbol in an email address and after ‘www’ in a website address. If you already have a website you can use that domain and skip this step, otherwise you will need to search for an available domain at a registrar such as namecheap or gandi.net and pay them a fee, typically only about £10/year.

This used to be a frustrating process because everyone wanted a ‘.com’ domain and all the good ones were taken by squatters. These days there are many better alternatives such as ‘.uk’ or ‘.me’ so it’s a lot easier to find a good name. Try to get something short and memorable and avoid any name that might be confused with another person or company, unless they are inactive.

The bit of the address to the left of the domain name is supplied by you and can be anything you like, using uppercase or lowercase letters, numbers, dashes, underscores and hyphens – but no spaces or other characters. You can have several different addresses going to the same mailbox if you like.

2. Choose where to store received messages

If you already have a mailbox you’re happy with (plenty of storage, reliable, good spam filtering, accessible anywhere) and you don’t want to keep your new address completely separate, you can simply forward all your new emails to your old address and skip to the next section. A btinternet account would usually be fine for this, for example.

If not, I suggest you sign up for one or more free accounts at a provider like Gmail or Outlook.com and forward all your messages there.

Separate accounts help to keep things organised and minimise the risk of accidentally replying to the wrong person or from the wrong address.  For example, it’s usually a good idea to keep work and personal email accounts separate so you can set different signatures, different rules and it doesn’t matter if you change jobs. Nevertheless you can often achieve the same things all in one account just by using folders and filters if you need to.

A combined account saves having to set up multiple accounts and passwords on all your devices and constantly switch between them to get new messages.

I do NOT recommend the traditional solution of storing messages temporarily at the domain registrar or web host and retrieving them on your PC using the ‘POP3’ protocol. One problem is you can lose messages if you go on holiday and your mailbox fills up. Also there can be a delay of up to an hour in delivering messages. You also risk losing your entire message archive if your PC crashes. Finally, it’s difficult to train the spam filter if a message is misclassified.

If you need more storage than the free plans offer you could pay for a Google Apps account.

3. Choose how to send outgoing messages

Technically it’s possible to use your existing mail account and simply change the “From” address in any message you send so it appears to come from your new personal address, but I do NOT recommend this. The problem is, spammers have misused this ability so much that many spam filters will block delivery. Even if it’s delivered, it may show as coming from your new address “on behalf of” the existing address, which is probably not what you want.

It’s better to send your messages through an outgoing ‘SMTP’ server that is specifically configured to send messages from your new personal domain. Your domain registrar or web host may offer this for free – if not, you could pay for a Google Apps account and use that or we can supply one.

If you find that outgoing mail is not reliably delivered, check with your host that the ‘SPF’ and ‘DKIM’ records are correctly set and use a tool such as mxtoolbox to check that the IP address of the SMTP server is not blacklisted.  We specialise in solving such problems.

If you want to send messages to a mailing list with many members, you will need to use special software such as Dada Mail or CiviCRM or an external service like Mailchimp to limit the sending rate and handle bounces and unsubscriptions.