Windows Certificate Store Permissions

The Windows certificate store, especially private key permissions, has caused no end of misery for people the world over. I recently discovered something that seems to get around private key permission nonsense. I’m not sure why, but it works. Note this only works with .NET Framework 4.6 or later.

Suppose you already have an X509Certificate object called “cert”. Running this code once you have the object seems to magically make permission issues on the private key disappear (note you need “using System.Security.Cryptography;”):


X509Certificate2 samecert = (X509Certificate2)cert;
RSA rsaobj = samecert.GetRSAPrivateKey();
((IDisposable)rsaobj).Dispose();

If you’ve dug enough into the code or documentation enough to understand what’s going on here, please comment. I have a few ideas but nothing I could write coherently about right now. I sort of suspect this was always the way it was supposed to work…

HIPAA Rule Change — guns and mental health

I decided to dig through the HIPAA rule change issued by Health and Human Services 2016-01-06. I’ve read a lot of concerns about how your shrink will report you to the FBI, and lots of other crazy ideas. Here are some facts.

This rule doesn’t change who is prohibited from purchasing a firearm. All it does is provide a mechanism whereby health providers who possess knowledge about someone who is prohibited from buying a firearm under existing law may report that information to the FBI’s background check system (NICS). That’s it. Your doctor or shrink cannot report you to NICS for taking antidepressants or other drugs, or even talking about suicide. A “lawful authority” must make a determination that you are mentally incompetent before the information can be reported to NICS. This is purely a bookkeeping rule to help make sure that existing information is reported to NICS.

The rule is published on the HHS Website. Here is the most important bit:

This final rule applies only to covered entities that function as repositories of information relevant to the Federal mental health prohibitor on behalf of a State or that are responsible for ordering the involuntary commitments or other adjudications that make an individual subject to the Federal mental health prohibitor.

And if you’re wondering what the “Federal mental health prohibitor” is:

Among the persons subject to the Federal mental health prohibitor established under the Gun Control Act of 1968 and implementing regulations issued by the Department of Justice (DOJ) are individuals who have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs, as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease.

The rule linked to above includes a lot of discussion about the current state of reporting and how the current rule was arrived at. It’s enlightening but dry.

Ford EEC-IV computer on bank-fired EFI trucks

I spent 3 + hours trying to get my truck to run a cylinder balance test…I finally decided that it just wasn’t going to do it, and on further research I discovered the cylinder balance test is only available for Sequentially Fuel Injected (SEFI) engines. The older Ford trucks are all bank-fired. Bank-fired means the injectors fire in sets of four (on the V8) instead of each cylinders injector firing at the appropriate time.

Also, the order of operations for reading codes on my truck seems to be a little different than most of the tutorials I found. I have a 1987 F-150 (302/5.0L), and this is the order of operations for the Key On Engine Running (KOER) test:

1. Set up the voltmeter (analog works best–I wasn’t getting good reads with my digital voltmeter). there are lots of other sites that tell you exactly which pins to short and connect to for the test.

2. Start the engine. After a few seconds you’ll get the engine ID pulse–it should be the number of cylinders divided by two (e.g. four pulses for a V8)

3. After the engine ID pulse you have ten seconds (or so a lot of sites say….I did these things in about five seconds) to do the following:

-Depress the brake pedal
-turn the steering wheel 1/4 turn left and right (some sites say 1/2 turn one direction….I’m not sure it matters as long as you turn it enough to give the sensor a pressure reading)
-press and release the overdrive switch if you have one (I don’t)
-A lot of sites say to do the dynamic response test (briefly press the throttle to WOT) here. I didn’t find to be the case. My ECU asks for it later.

4. About 70 seconds after you start the engine, you’ll see a single pulse. This is the ECU asking for you to briefly go WOT for the dynamic response test (just push the pedal all the way down and let go).

5. Shortly after this (within 10 seconds) you should start getting codes in the usual fashion. You’ll see a code 77 if you didn’t do the dynamic response throttle press when it was requested.

6. On bank-fired EFI trucks, no amount of fooling around at this point will get you a cylinder balance test. It’s just not available on this system. I think this is because the test works by shutting off fuel to a specific cylinder, and that’s not possible on a bank-fired system.

Hope this helps someone….

Motorcycle chain alignment

I seem to have a hard time with this, and I’m too cheap to buy this tool:

http://www.motionpro.com/motorcycle/partno/08-0048

(I’m also not entirely sure how effective it would be…I’ve heard mixed reviews). Anyway…the best thing I’ve found so far is from this post by user Syscrush on SVRider:

http://forum.svrider.com/showpost.php?p=1147779&postcount=12

What I like to do is tighten the left adjuster first until the chain tension is right, then put a straightedge on the sprocket and tighten the right adjuster until the face of the straightedge that’s against the sprocket lines up with the inside edge of the inner sideplates on the chain.

Seemed to work well for me….better than other methods I’ve tried, anyway.

Online Backup Solutions

I have been evaluating online backup solutions. Currently I backup to an external hard drive. This has two problems:

1. I backup manually and via a script. I don’t do it very often.
2. All backups are onsite. It’s been years since I burned a DVD and dropped it at my parents’ house.

So, I finally decided that I needed automated and offsite backups. After a week and half of research and testing I decided to purchase Mozy.

Read on if you want a more comprehensive review. There are many offerings out there right now. Wikipedia has a list:

http://en.wikipedia.org/wiki/List_of_online_backup_services

I only looked into a handful of these, and looked especially closely at the two major players–Carbonite and Mozy. I should also note I’m running 64-bit Windows 7.

I’ll go over Carbonite and Mozy first, then mention the other services I looked at. Keep in mind that my requirements may not be the same as other users so your mileage may vary. I was looking for a very simple solution–simple because I am lazy and won’t do backups if it takes any effort, and simple because I wanted a product that I could recommend to less technical friends and family.

Carbonite generally had slightly better reviews than Mozy, and seemed the front runner for a while (I had the trial installed for about a week). However…in the course of my research I discovered that it excludes certain file extensions from all backups unless you tell it to include them. Including them is a manual process (there is no “hey please backup everything I tell you” button). To their credit, they do mention this on their website (mostly), and will send you an exhaustive list via email if you ask (I asked and they sent it to me promptly). Here is the help article where they talk about this:

http://cp-carbonite.kb.net/article.aspx?article=1069&p=3

To be fair, the automated backup sets in mozy only back up certain files, similar to what carbonite does. However, if you tell mozy “back up this folder”, it will back up everything in that folder. If you tell Carbonite to backup a specific folder, it will happily exclude a bunch of files by default. Video files are not backed up by default in Carbonite, either, which seems pretty bad to me–how many people have digital camera movies on their computers, or videos from their phones? Here is the default Mozy policy for automated backup sets:

http://support.mozy.com/docs/en-user-home-win/faq/concepts/backup_sets_default_contents.html

Anyway, these exclusions were pretty much a deal killer for Carbonite. Remember how I said I want a simple solution because I’m lazy? That extends to setting it up–if I say “back up this folder”, I don’t want to have to worry about whether or not certain files in that folder are getting backed up. Same thing if I am recommending a backup product to friends or family–I just want them to be able to check a box to make sure the videos of their kids first steps are backed up.

As far as retention of deleted files, Carbonite and Mozy both have deleted files available for 30 days after you remove them from your computer.

Backup with Mozy was much faster than with Carbonite. However, I was on a free trial with Carbonite so that could have affected the speed. And honestly, I’m not terribly concerned with the speed at which the initial backup occurs (I’m backing up about 40GB).

The test restores I did with Mozy (~1.7gb) during the free trial had some issues–about 400 files didn’t make it back. Eventually I got them via a “web restore”. This is a clumsy method but it did get all the files back–and that’s what’s really important in a disaster recovery scenario. I emailed Mozy support about the restore issues and they seemed fairly responsive but also seemed to give mostly “reading from the binder” responses. This was expected considering who their target audience is. UPDATE: I did another restore with mozy on a different computer, this time 2.8GB but a smaller number of files, and didn’t have any problems restoring via the Mozy client.

So there’s the head-to-head. Honestly, if it weren’t for the default file exclusions, it would probably be a toss-up between carbonite and Mozy.

Other services I looked at:

I considered crashplan. They offer unlimited backup at a similar price point to Mozy and Carbonite, but the “free” client is ad supported and it costs $60 for the “pro” version. This was enough that I didn’t even try them.

I installed idrive on one computer. The interface was hideous and complex and I promptly uninstalled it. I would not recommend this to my non-technical friends.

I briefly played around with Jungledisk. You pay per GB for their client to store data with Amazon S3–If you store 20GB or less it is similar in price to Carbonite and Mozy. It seems like a decent system–I decided not to go with them mostly for cost reasons.

SOS online backup had great magazine reviews but awful user reviews. I steered clear. It was also more expensive than other services. One feature SOS touted that other services do not have is unlimited versioning of files (within the limits of your storage space, of course).

Iron Mountain has an online backup service. This is the company we use for off-site tape storage at work. They seem very professional and I expect their online backup service is excellent. I can’t afford it, though; $9/month for 2 GB of backup. If I had mission critical data I would look at Iron Mountain first.

Backup Integrity: From what I’ve been able to ascertain, the online services use RAIDed trays of disks and no off-site backups (I suspect this would not be the case for Iron Mountain, but I haven’t contacted them). If a disaster (earthquake, fire, etc) wiped out the datacenter, and then your local drive crashed, you’d be out of luck. Statistically, the odds of this are pretty low, but it’s something to keep in mind. A backup to an external drive every six months or so isn’t a bad idea, even if you’re using one of the online backup services.

Feel free to post any comments on your own experiences.

Diving

I bought a drysuit earlier this week, and went diving with it today. These pics are from suiting up for the drysuit orientation Matt gave me. Diving a drysuit takes a little bit of extra training, mostly in what to do if you start getting air in your feet (because you can end up rocketing to the surface if you don’t take of that problem real quick). I have to say it was slightly amusing popping out of the water fins first looking like the Michelin man.

Sailing

I went sailing today. We (Andrew Cheung and I) took out the I-14. The I-14 is a fairly high performance dinghy (read: go fast). It’s a little trickier to sail than most of the other boats the yacht club has, so we capsized it a few times. At some point we capsized near the 520 bridge and someone driving by on the bridge decided to call the Seattle harbor patrol and report some poor drowning sailors.

So Andrew and I are halfway back to the Waterfront Activites Center when we see the Harbor patrol with lights on speeding in the opposite direction, where we’d been earlier. Then we start seeing aid cars and fire trucks show up at the Waterfront Activities Center. The Harbor Patrol boat finally came back up behind us and asked if we’d been “tipped over” by the bridge earlier. Anyway, as we got closer to the dock all the people on shore realized that we didn’t need rescuing and got back in their trucks and left.

So yes, one boat, two aid cars, and one firetruck. Other members we ribbing us because they’d only had a single aid car and a firetruck show up when they capsized near the bridge.

Anyway, so that was my adventure for the day. In other news, I’m still peeling from not wearing sunscreen weekend before last. Melanoma, here I come! Also, my submersible marine VHF radio appears to be truly submersible (I hear they aren’t always).

Sabbath Mode

I discovered an article on engaging “Sabbath Mode” on an oven today while trying to find a user’s guide online. What is Sabbath Mode? Well:

Quote below from:
http://www.wordspy.com/words/Sabbathmode.asp

If you have a relatively new oven, you may not know that it has a built-in safety feature that automatically shuts off the oven after 12 hours or so. This is sensible, but it has been problematic for Jews keeping kosher on the Sabbath and on Jewish holidays because they’re forbidden to turn ovens (or any electrical appliances) on during that time. However, it is permissible to use electrical appliances that are already on. Hence the need for a Sabbath mode that keeps an oven on at a specified temperature for as long as it’s required. The cook can whip up a meal prior to the Sabbath or holiday and then leave it in the always-warm oven until it is ready to be eaten.

This innovation first appeared in KitchenAid ovens back in 1994.