Krehn Solutions

My SSD is near capacity. What can I do?

Category: News
Published on Saturday, 27 June 2015
Written by Raymond Krehn

I see this question a lot and it actually bothered me that my 120 GB Solid State Drive (SSD) was near full capacity despite the fact I install almost everything on a secondary drive. I try to keep only my Windows installation on the SSD for incredibly fast boot times. If you're unfamiliar with the SSD, here's a simple comparison with the same computer by ASUS:

SSD is the new up-and-coming technology for data storage. Unlike the regular hard drive that most people have, it doesn't use a disk and thus no spin motor. It simply uses integrated circuits, so it makes it much faster than the HD.

Ever since the horrible Windows Vista, Microsoft has stored backups, restore points, and installers into your computer. This isn't necessarily bad. Backups and restore points are very useful if you have a virus or after an update the computer becomes unusable. Installers are the same thing, just at an application level. If you want to keep any of this information, then you should only do section A of this article and ignore section B.

Section A

  1. The first step would be to try Disk Cleanup utility automatically included in Windows. Go ahead and click that link to a wonderful tutorial by Microsoft.
  2. The next option is using CCleaner (Crap Cleaner). Don't worry, it's free, but you can upgrade if you really want to. This software searches your computer for data files no longer needed, temporary files, duplicate files, amongst other... well, crap. They have a wonderful tutorial series if you need it. 
  3. What about defragmentation? This only works for hard drives. Defragmentation moves information that is needed towards the middle since disks spin faster there. It moves unneeded files towards the edge. Since SSD's don't have a disk, this has no use!

Section B

I highly recommend downloading a disk size scanning software like WinDirStat (also free) to help dive deep into what is causing data consumption. Many of you will find two folders of interest in particular: winsxs and Installer under the Windows directory.

I got bad news and good news for you. The good news is that both of these directories can be moved. The bad news is that you probably shouldn't. Remember how I mentioned earlier about Microsoft referencing installation files and what not for backups? Well if that information is gone, how will you backup anything?

However, Microsoft does have some fancy linking technology that we can take advantage of. We can basically force Windows to believe that those files and folders are there even if they're not. I'll start with Installer:

  1. Start off by creating a backup folder on another drive. For this example, I named mine D:\Backups\Installer
  2. Open command prompt 
  3. Type: "robocopy C:\Windows\Installer D:\Backups\Installer" - The second directory should be your backup folder. Hit enter.
    Robocopy is a neat Microsoft built utility that copies massive amounts of files almost instantly
  4. When that's done, type: "mklink C:\Windows\Installer D:\Backups\Installer" (or the backup folder) and hit enter.
    This nice feature is creating the actual link so Windows thinks that the installation files are where they should be
  5. You may now delete the C:\Windows\Installer folder

Now you will notice a huge amount of capacity restored to your SSD. But, what about winsxs folder? I highly don't recommend it. It is possible, however. While you have WinDirStat open, I would recommend digging into other folders you may not find necessary, especially those under Users first. Typically, there is a lot of temporary stored data in the Users\AppData folder. CCleaner should've cleaned some of this stuff if you ran it beforehand.

I hope this helps!

Password Manager LastPass Security Breach

Category: News
Published on Tuesday, 16 June 2015
Written by Raymond Krehn

 "LastPass, a company that offers users a way to centrally manage all of their passwords online with a single master password, disclosed Monday that intruders had broken into its databases and made off with user email addresses and password reminders, among other data."

But, you probably shouldn't worry too much. LastPass utilizes AES 256-bit encryption on your device with the lastest PBKDF2 algorithms. I'll go more in-depth of these shortly, but what you really need to know is that since the data is encrypted on your device, by the time it arrives on the LastPass servers in what they call a vault, they don't even know what your passwords are. They'll need to know your salt encryption key to even begin exposing your password. Before this, however, anyone looking at your passwords will need to know your master password, which is also encrypted. If you have two-way authentication, you'll have to approve their access to your vault. 

Can you explain these terms?

I first started talking about AES 256-bit encryption. AES stands for Advanced Encryption Standard and 256-bit is the block size (length of data). Block sizes can come in a variety of numbers like 128 or 192, as long as it's a 32-bit number (multiple of 32). As with most things, the higher the number the better. Since LastPass uses 256-bit, it takes advantage of 14 cycle repetitions where it replaces one key with another key. So imagine the letter "a" being changed to another letter like "b" and "c", only 14 times. So what determines what letter it gets replaced with? Your master password, which only you (should) know. The video below shows an example of this in detail.

What's PBKDF2 and what does it have to do with salt?

PBKDF2 stands for Password-Based Key Derivation Function 2. It is a pseudorandom number that takes the input of your salt and the password to create a derived key. Salt, then, is a completely random number that alters your password through a system we call hashing (more terms, I know). Salts make using a using a dictionary of pre-determined encrypted passwords, called a rainbow table, more difficult. The primary purpose behind a hash function is to mix up your password to make it look like it isn't a valid word. So a hash function will mix a randomly generated number (salt) and merge it with your master password, thus making your password rather difficult to read if the person looking at it doesn't have both the salt and password. However, it's not impossible. A person with the right rainbow table (basically translation dictionary of your hash) can still figure out your password. With enough processing power it may only take a few years. This is where PBKDF2 becomes useful. It requires both the salt and password, plus additional iterations to be created. Here's an example of one:

DK = PBKDF2(PRF, Password, Salt, c, dkLen)

DK is generated derived key, PRF is a pseurandom function of two parameters, c is the number of iterations, and dkLen is the output length. 

The Wireless network in your home is probably setup with WPA2, which looks a lot like this:

DK = PBKDF2(HMAC−SHA1, your password, your ssid, 4096, 256)

It makes finding the password much more difficult, but not impossible. This brings me to my next point: You probably should change your master password. I wouldn't worry too much about your password vault getting looked at by the wrong people, but I'd rather play it safe than be sorry by changing your master password. It will make your current PBKDF2 unreadable by non-privy eyes.

Article Source

Let's Talk About Peer-To-Peer Lending

Category: News
Published on Monday, 30 March 2015
Written by Raymond Krehn

A synopsis:

Peer-to-Peer lending is when individuals loan money to other individuals who need loans.

An Analogy:

Remember when Napster first existed? The idea was that you had a song on your computer that was typically in a format known as mp3. You most likely listen to mp3s to this day through programs like iTunes, Spotify, Google Music, Pandora, etc. With Napster, you shared this song with other people through its software. This was the first time we started using the phrase, "peer-to-peer" on a daily basis. You are a peer, and you're providing your favorite songs to another peer, or group of peers, people just like you. Peer-to-Peer lending works in a very similar way. But, instead of songs you're using money. 

Why would anyone lend money to another person? What's the catch?

Interest. If you go to a bank and ask for a loan, assuming you're approved, you'll get an interest rate attached to that loan. In Peer-to-Peer lending the bank is removed from the equation and replaced with other peers that we call investors. These investors are willing to lend people their money and as a return they'll get the principle (the original loan amount) and the interest back. Since the bank is removed the investor gets all the proceeds.

Who needs these loans?

A lot of people have multiple credit cards and want to pay them off and consolidate their debt with one monthly payment. For example, if John Smith has four credit cards and he's getting behind on payments, he may end up paying about 15% on interest trying to catch up. If John takes out a loan large enough to pay off all four credit cards, not only will he have one payment, but the interest on that loan may be half the percent of the credit card interest. Other people cannot get approved for a variety of loans such as an auto loan, new business loan, home improvement, or even a home mortgage due to too many pre-existing loans, lower income, or lower credit score.

What if they don't pay?

Not everyone will pay and that's definitely a risk an investor will have to take. However, each Peer-to-Peer vendor does their best to contact the person with the loan within the grace period to ensure they're going to pay. They'll even go as far to attempt to readjust the length of the loan, work out a payment plan, and if worse comes to worse, they'll work with a collection agency. From my experience, if they're still unable to pay at this point then they've declared bankruptcy and declared economically unfeasible to recover. This is a huge deal and can destroy your credit score, so most people avoid this as much as possible.

How often does this happen?

Rarely. It's considered a Charge Off at this point. As of this writing, I have over 500 notes (loans) and only 20 have been charged off. To relieve your anxiety further, these 20 had a total value of $302.84 when they were loaned. $164.55 was paid back before they were charged off.

 What about the other 480 notes?

  • 19 aren't issued
  • 365 are current
  • 5 are in a 15-day grace period
  • 0 are 16-30 day delayed
  • 8 are 31-120 days delayed, and will probably be charged off

 Okay, so 28 charged off might be bad. Why risk it?

Focusing on the negative aspect still? For these 8 notes, $140.64 was the principle amount, and I've recovered $90.91 of that. That's about 64% of the funds recovered. So let's look at everything on a whole level: I've invested $9,000 dollars. Keep in mind, only $8,000 was invested less than 6 months ago. To this day, I've received $1,320.06 in interest alone. Total payments with interest is $6,459.56. This puts me at about 8.35% interest per year. Let that sink in.

How do I minimize risk?

One solution is not putting all your eggs in one basket. I will give notes out in the amount of $25 - $50 each. Other investors may use different amounts to fulfill the full loan amount.

Thankfully, a lot of these vendors provide open API (Application Protocol Interface). What this means is that it is essentially a library with books where people can go in and read the book. After they read the book, they will be able to tell other people about the book and even refer to it. API is the book in this context, and the people telling the stories are developers. Developers have the ability to use the API and produce interesting results. So, why should you care about API? Developers will take all the statistical data from these lending sites and provide information. Take a look at lendstats.com. You will notice that with the API provided by Lending Club and Prosper can provide interesting statistics like who the top lenders are.

It gets better. Nickel Steamroller is a site that lets you determine what kind of interest rate you can expect given certain filters. For example, you can see that people with an income less than $30,000 will have more than a 8% loss rate, or how many will be charged off. People with 0 credit inquiries have a loss 4.63% as opposed to people with greater than 3 inquiries have 10.64%. 

One thing to take in account, though, is that the lower loss you're willing to take will typically equal to less of an interest rate. It helps to balance out your account where you have some risky investments, and some conservative investments.

Who are these vendors?

There are several, but the two largest are Lending Club and Prosper. Go ahead and give it a try.

Here's a screenshot of my account: