This month, Jon explains how he raised a 36TB Lacie unit from the dead and went on to do battle with the Microsoft call centre scammers.
This month, Jon explains how he raised a 36TB Lacie unit from the dead and went on to do battle with the Microsoft call centre scammers
Afew months ago, I mentioned how one of my long-serving Promise Thunderbolt RAID arrays had died. I’d tried a new disk, tried rebuilding, but it felt terminal to me. As a replacement I ordered the Lacie 6Big 36TB unit, which has the new Thunderbolt 3 connectors. Fortunately, the Apple Thunderbolt 2 to 3 adapter can be used either way around, and I soon had it up and running on my ageing iMac 5K.
Everything was fine, although I’m slightly annoyed by the time taken for it to boot and appear on the Thunderbolt bus. It means I have to wait a few seconds or so before logging in, because I have a large Dropbox installation held on the array. If the array isn’t ready yet, then Dropbox throws a wobbly and tells me that its data has disappeared. But this isn’t a big issue – I timed it, and my Promise array boots from cold in about 30 seconds, whereas the Lacie takes around 60 seconds.
All was going well right up to the point at which, one afternoon, the Lacie disappeared from my desktop. All the lights were out, and it didn’t respond to power off/on, or pressing the front panel button. It was, as far as could be seen, completely dead.
Now I will admit, to my shame, that I started moaning out loud about Lacie power supplies. It’s true, and even admitted by its staff, that they went through a bad patch a while back, with some Chinese-manufactured power supplies that would randomly expire. I got through three, if I remember rightly. I thought everything had been sorted out and that the company had put these issues behind it. But here I was, with a new 36TB unit with a dead power supply. I wasn’t amused.
I dialled the Lacie support line and spoke to a very polite lady – I think she was in the Netherlands. I took her through the issues, and she agreed the drive had indeed expired. I had two options: I could send back my unit and Lacie would send me a new one; or I could do an advanced replacement, whereby the company had my credit card to charge me if I didn’t send back the dead unit. I went for the advanced replacement offer because I wanted to get it working as soon as possible. Delivery was due in a few days.
The following day, I noticed that the Thunderbolt cable end plugged into my iMac 27in 5K was a little loose. I pushed it home and, to my complete surprise, the Lacie woke up and booted. Intrigued, I tried shutting it down, and pulled out the Thunderbolt cable. I then tried to start it up again. It was completely dead. Push the cable back into the iMac, and the drive sprang to life.
It seems that the Lacie unit is utterly immobilised until there is some signal on the Thunderbolt bus. It doesn’t matter about the power switch on the back. It doesn’t matter
“Why is this stuff so hard? You just need to think in the way a customer would”
about the illuminated button on the front, which resolutely stays dead when there’s no Thunderbolt signal.
By comparison, the Promise array works as you’d expect. Press the front power button and the unit powers up – yes, the status stays orange until there’s a working Thunderbolt connection, but you’re reassured that the array itself is working.
To have designed a 36TB array that won’t give any sign of life until there is a working Thunderbolt connection takes a particularly perverse form of engineering. Such an array could be holding a copy of your latest blockbuster movie. Or a whole heap of data – 36TB is a lot of storage. I contacted Lacie’s UK PR team and told them how disappointed I was with this engineering solution – they promised to pass on the comment.
It does raise an obvious point. If we’re to have devices designed for professional operation, then it’s about time we had professional-grade connectors. I love Thunderbolt, and have done so since it was a twinkle in Apple and Intel’s eye called LightPeak. But to have a non-latching connector is just stupid, and Intel has really dropped the ball here with Thunderbolt 3.
Worse still, Lacie needs to understand that switching a power switch to the on position must result in some sign of life. To leave a unit looking utterly dead will result in the customer assuming that the unit is, indeed, completely dead.
Why is this stuff apparently so hard, and why do people keep getting this sort of stuff wrong? It isn’t difficult: you just need to think in the way a customer would.
Chrome SSL
The Chrome browser has just been updated to version 68. There’s a significant change in this version of which you should take note. Chrome is part of a big push to move all HTTP traffic to HTTPS. In other words, to ensure that all websites support an
encrypted end-to-end connection between your web browser and server.
HTTPS is, of course, effectively mandatory for any website that has a sales function or handles credit card details. It would be unthinkable to enter card details into a website that was on an HTTP connection.
The move to HTTPS for everything is interesting. It helps to ensure that all traffic is much harder to monitor in the middle of the connection. Only the client browser and the server session have keys to unlock the encryption. What’s in the middle is just a bunch of binary noise, when viewed from an outsider’s perspective.
You’ll have noticed most websites moving over to HTTPS for everything, and they bounce your http://www. myserver.com/ request over to https://www.myserver.com/ automatically for you.
With this move, Chrome highlights an HTTP server connection as being “not secure”, and tells you that “You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.” All valid points, of course. Hopefully, in the future the browser will give a much sterner warning about HTTP content. And it would be nice if the other major browsers followed suit.
Update on 3CX cloud
A special shout out to 3CX running as a hosted cloud service. I’ve been using this for some months now, having transitioned from my trusty in-house HP Microserver. It just works, and works very well. It costs pennies to run, and the management console is a delight to use. As far as I can see, this is a solved problem, and is something I can quietly ignore moving forward. Which is precisely the sort of IT solution I’m coming to love in my grumpy old age.
Hosting iPerf on Synology
Sometimes, it’s useful to have a tool for measuring throughput on your network. One of the best out there is iPerf3. It’s open source and available for just about every platform under the sun. The best place to go for code is iperf.fr, which hosts links and code for almost everything.
One piece that was missing, which intrigued me, was for the Synology NAS boxes. I’ve mentioned before that I’ve mostly standardised on Synology boxes in the lab. They work, and I really like the range of capabilities they bring. They’re a modern answer to the small-business server that Microsoft touted a decade ago – and, indeed, it’s curious to see how companies such as Synology and QNAP have simply eaten the Redmond lunch since then. I can’t think of anything I could have done on a Windows Small Business Server that I can’t do better today on an appropriately specified Synology box.
So I was on the lookout for an iPerf client/server for Synology. Well, one user has done all the heavy-lifting and created a set of SPK install files for Synology for you. First, you need to know what the platform is, in terms of hardware and OS that your Synology is running.
Once you’re armed with this information, go to jadahl.com/iperf/
DSM_6.2 and download the appropriate package. Installing it is easy, using the standard package installer. Getting it running requires you to remote login with a command prompt, and then to fire up the installer. There’s a range of command switches available, and you can use the package as client or a server. Or leave it running in the background.
I’ve found it invaluable to have on the network to check out Wi-Fi speeds and other throughputs, and if you have a Synology NAS then I suggest you install it and try it out. It would be good if it were packaged up with a nice graphical UI, but it works just fine at a command prompt for the time being. It was free; I’m not complaining.
Beware the Microsoft scams
You know the phone call is going to end in tears when the lady, speaking with a heavy Indian accent, tells me she’s from Microsoft – and that she’s phoning about my computer, which has some viruses on it.
I’m sure I don’t need to tell seasoned PC Pro readers that this is a scam, an attempt to extort money from you. But if this comes as a shock, here’s the simple answer: Microsoft doesn’t call you by phone about malware on your computer. It’s so prevalent as a scam that Microsoft even has a page on its website covering it: pcpro. link/289scam.
The methodology is clever. Tell you that you have a problem. Get you to download a remote takeover tool. In my case yesterday, this was the legitimate AnyDesk tool. When you run it, they can take over your desktop, claim to find all sorts of problems and then get you to hand over money to “fix” these “problems”. It’s a scam.
“Synology boxes are a modern answer to the smallbusiness server that Microsoft touted a decade ago”
Yesterday, they called when I was in the middle of a business meeting. We were due a coffee break, so I put the call on speakerphone for the amusement of my staff. I played along for a good 20 minutes or so, but made sure I didn’t hand over the session number in AnyDesk to the caller, ensuring there was no way into my computer.
In the past, these scammers have targeted only Windows customers, and have hung up when you indicate you have a Mac. They didn’t ask, but worked it out because I downloaded
ANYDESK.DMG not ANYDESK.EXE – DMG being the disk image installer package format for macOS.
Undeterred, they tried to get me to connect. I said I was suspicious that they were using third-party remote access to get into my computer, and wouldn’t they normally be using one from Apple?
Since my meeting break was over, I said I thought they were scammers. This resulted in a blast of expletives about me doing rude things to my mother. I replied that since she had passed away some 13 years, I thought this was going to be difficult, but I could ask the church to dig up her coffin? The line went dead.
I confess that last time they called, I was better prepared. I was sat in front of a test host computer, running VMware Fusion. Windows 10 sat running in a highly network lockeddown VM. And the computer sat by itself on its own FTTC physical network, airgapped from anything important, because I was testing antivirus software using real malware test files.
I wish I’d screen-grabbed that session. I actually gave them access to control the Windows 10 VM. And then kept dropping malware bombs into the system from outside, as they were attempting to clean up my system. I kept the unsuspecting caller busy for nearly an hour that time, as they battled to understand from where this malware was appearing. They had no idea I was just injecting it in for my own amusement.
Obviously I can’t recommend any sort of “feeding the tigers” here, unless you happen to have an entirely sacrificial setup in a virtual machine, hosted on a completely separate network – and you know what you’re doing. However, to my shame, I admit the amusement factor was undoubtedly high.
These people are convincing and have a carefully crafted script. You and I might not fall for this, but it’s down to us to tell family members that it’s a scam. This is especially important for those who aren’t computer literate, and maybe of the older generation. If you do nothing else today, send a short email to family members to remind them of this, and to follow the simple rules: don’t download anything, and simply hang up the phone.
Dashlane VPN
I got the updated Dashlane version 6 a few days ago. Dashlane is a password management tool – there are numerous such tools out there, and 1Password is another well-regarded product. I moved from 1Password to Dashlane well over a year ago. To be honest, I can’t remember the reason for the change, but I know I was intrigued by the facility by which Dashlane can change a password on a website for you. It doesn’t work on all sites, but it’s useful on those where it does work.
Dashlane 6 brings new features, but the one that made me sit up was the provision of free VPN tunnelling built into the tool. Just turn it on, and you have a VPN tunnel from your computer to a Dashlane end-point. You can’t set the location of the end-point yourself, unlike other tools, but I’m not particularly bothered about that. Simply getting yourself from a place you feel insecure to a known and trusted end-point is a worthwhile improvement. You might not trust the coffee shop you’re in, or the hotel internet connection where they try to inject HTML into your browsing. A VPN can, and should, protect you from that.
Dashlane states it “...uses the Hotspot Shield technology to power the VPN. This means that your encrypted internet traffic is routed through servers hosted by our
partner, AnchorFree (provider of Hotspot Shield).” So that’s the underlying provider.
Worth having? For sure, if you don’t have a VPN tunnel of your own. For myself, I have all of my devices set up to VPN tunnel back to the lab, using the Cisco Meraki security appliance as the end-point. But many SME or home users don’t have that luxury, or find the usually hopeless setup and configuration in home routers to be a real stumbling block.
So the provision here of a VPN tunnel in Dashlane is a nice addition. It seems to work well, and I’d certainly consider using a VPN tunnel any time I’m connecting to a Wi-Fi network that I don’t own or administer myself. That means coffee shops, public Wi-Fi, hotels, conference centres. I wouldn’t bother if my phone was connecting directly to 3G/LTE onto my telco – I’m somewhat happier to trust them.
Blogs and podcasts
Finally, a small shout out to the PC Pro crew and its fortnightly podcast. You can partake through the mixlr.com/ pcpro channel. Podcasts last around an hour, and take place every fortnight on a Thursday. They even sometimes manage to drag me in, providing I’m not otherwise tied up.
And a shout out to my old mate, Richard Tubb, who does an SME podcast at tubblog.co.uk/blog. He persuaded me to talk with him on his blog for over an hour about all sorts of stuff, and it was huge fun. I believe it should be published around the date that you get this (early September). Hopefully, I didn’t ramble on too much.
We used the Zoom Internet meeting tool ( zoom.us), which worked without any glitches or stumbles. I’ll certainly be looking at Zoom again in the future for other purposes.
Richard also recommended the Sennheiser PC8 USB telephony headset, which has a boom mic. It connects via USB, and just worked out of the box on my MacBook Pro. Sound quality was good, and for less than £30, it’s a bit of a steal. If you’re looking for a headset with mic, then this might well be a good buy for you too.