Computing life lessons

[TylerM4]

18 years now I've been doing desktop computer support full time for a living. Lots I've learnt in that time. Here's my life lessons I wanted to share.

Embrace change but do it wisely:
You don't need to be an early adopter, but resisting change is a poor decision. Install windows updates, move to windows 10, etc. Delaying puts you at risk and is just that - delaying. You're either going to need to learn how to use a new version of windows sometime or give up on using a computer completely. Might as well embrace that change, get the benefit of new features while avoiding risks associated with old versions (security vulnerabilities). Delaying is a fools game and gets you nothing. Having said that - you don't want to be cutting edge. I recommend waiting 1 year before adopting a new OS, 1 month before installing application updates/patches unless there's an active exploit.

Install a Solid State Disk (SSD)
When it comes to computer performance there's no better "bang for buck" than installing a SSD. Thinking of buying a new computer because yours is getting too slow? A SSD will extend the life of your computer by another couple of years easy - just make sure your OS is installed on that disk.

Backups folks - backups
It still amazes me that people don't backup their data. Your computer can be replaced, you apps re-installed, but your data is priceless. Just spend the $100 on an USB hard drive and copy your data once a month. So many people I've encountered have to learn this the hard way.

It's cheaper to game on an Xbox/playstation/nintendo
Yes, a high end PC will have better graphics, but you pay for it - bigtime. You're much better off to buy a cheap PC for surfing the net and a gaming console for gaming. The consoles last longer with less cost and problems. I only recommend a PC for gaming if you're a hardcore gamer. Otherwise, a console is the better option.

Do you really need a laptop?
It still amazes me that number of laptops that don't leave the desk or kitchen table. Unless you need that portability you're far better off to buy a desktop PC. Desktop PCs are cheaper, have better performance, and are more reliable. Portable DVD players are a great option if you want to watch movies the 3 times a year you go on a trip/camping.

There is no magic software
Internet speed booster, Scan your registry for problems. browser toolbars.. whatever the case. At best these apps are snake oil - more often they're malicious or inundate you with advertisements. Stick with an industry recognized antivirus software and avoid the rest.

Don't be afraid to experiment
You can't wreck a computer by playing with settings. In fact - that's the best way to learn. Just backup your data, that's the only thing that cannot be easily re-installed/fixed.


I'm sure I'm forgetting something. Anyone else want to share their own tidbits or wisdom?

[Jlabute]

Sounds good to me! That is sound advice and it sums up all the important stuff.

1) I would maybe amend just one thing... I had a customer who had two computers, with working SQL data on PC#1, and all SQL data backed up to PC#2. After a lightning storm, both machines were dead and the HD from one machine had to be rebuilt to get the data off. $800. Whether it t is USB storage , or secondary PC, or network storage, perhaps electrically disconnect it after making backups. Keep it in your safe if you have one.

2) stay away from the $30 case/PSU combo if you're building your own PC. I've seen cheap cheap power supplies blow up in flames, and hit all other system components with voltage spikes.

3) Don't hate Microsoft. Windows is an amazing O/S. There have been many makes/models of computer hardware with inherent issues.

4) Don't give much weight to the 'upgradable system' statement. What-ever motherboard/ram/etc you have this year, won't like come close to anything next year or even be compatible with it.

5) make sure your monitor allows you to read comfortably without straining your eyes. Laptops are coming with higher resolution displays in the 12" and less area... somethings may be hard to read.

[neilsimon]

Generally agree, though in these times, online backups may be a better bet for many. If your house burns down, at least you have an online backup.

Older hardware can often be given a new lease of life with Linux. Perfect for that laptop which just doesn't work well with the most recent software. But, if you've never done this kind of thing, prepare to spend some significant time on it.

SSD is the biggest improvement for performance, but memory can be a close second. Running a system which needs just a little more RAM can be a painful experience.

A modest PC can play lots of games, and the PC gaming industry is much more varied than the console ones. If you don't need to most amazing whiz-bang graphics, you can probably find lots of cheap or free games for your PC which are still lots of fun.

There are lots of Free Software applications out there, and some of it is perfectly adequate or better for most people's needs, but be careful, there are some "installer tools" which will install adware with the software you want.

Kodi is a great addition to a laptop for those who travel for work.

If you get stuck with a problem, Google it. That's what many "experts" do anyway. The difference between you and them is that they know how to phrase the search and they know where to trust for answers.

If you use your computer a lot, don't cheap out on the things you use to interface with it, including screen, keyboard, mouse and speakers. That doesn't mean you should spend a lot, but these are more important than a fancy case or slightly faster CPU.

Again, if you use your PC a lot, can afford it and your PC can take it, get a second monitor. It increases productivity significantly. Second-hand monitors are usually perfectly good. Even a third monitor is beneficial.

[TylerM4]

Great additions! Thanks guys.

[36Drew]

I make heavy use of "cloud" storage. I used to use Dropbox - now I use OneDrive (I have an Office 365 subscription). My wife is an Apple user and has iCloud storage in addition to the OneDrive storage she gets with my family subscription - and uses both in much the same way that I do.

I sync all of my documents, photos, etc. in OneDrive. I'm able to share links to those files with friends/family as needed. If I replace my computer, my files are synced back. My PC (laptop) is merely a vessel. Windows 10 very conveniently syncs my profile configuration options as well.

[kumazatheef]

Couple tweaks because some things are just personal preference:

* Some games just can't be played on console.
* Some software reduces lag, thus does boost internet speed.

[neilsimon]

Browsing with fewer ads is generally faster and the sites tend to look better, therefore if you use Chrome or Firefox, you should almost certainly use Adblock Plus or uBlock Origin.

LastPass can make multiple passwords easier to manage and safer too. Particularly in recent times with a few high profile sites being hacked, sharing passwords is a very bad idea. LastPass allows you to avoid that. Just be aware that if you forget your master password, you could lose all of your passwords.

Chrome and Firefox are generally better browsers than the rest (yes, I know the rest have improved)

VLC is pretty good at playing most media files, and is free.

[36Drew]

LastPass can make multiple passwords easier to manage and safer too. Particularly in recent times with a few high profile sites being hacked, sharing passwords is a very bad idea.

LastPass is awesome. Two-Factor Authentication is also a thing. Embrace it, wherever possible.

[Jlabute]

Storing to cloud is great. I also like to have a full image of my working computers in case everything needs to be completely restored. I've used Acronis True Image up to this point. It has come in handy a few times for when I've needed to replace a dead hard drive. My network storage is also Mirrored.

[kumazatheef]

LastPass can make multiple passwords easier to manage and safer too.

LastPass is awesome. Two-Factor Authentication is also a thing. Embrace it, wherever possible.

Would strongly recommend against LastPass ... they've had too many high-profile compromises due to bad code architecture. ex: https://www.theregister.co.uk/2017/03/2 ... rabilities
Go with something like Dashlane, KeePass, or Bitium.

[36Drew]

LastPass can make multiple passwords easier to manage and safer too.

LastPass is awesome. Two-Factor Authentication is also a thing. Embrace it, wherever possible.

Would strongly recommend against LastPass ... they've had too many high-profile compromises due to bad code architecture. ex: https://www.theregister.co.uk/2017/03/2 ... rabilities
Go with something like Dashlane, KeePass, or Bitium.

I think you're mistaking "compromises" with "vulnerabilities". There were two incidents where LastPass staff found unusual activity and felt there were problems to be addressed. The link you posted was an example of a vulnerability report that had no in-the-wild exploits - merely a proof-of-concept provided by the security researcher who reported the vulnerability.
As well, LastPass is very open on their own blog about what has been discovered, and what remedies have been put in place.

KeePass is also a great piece of software - but it's a desktop app. Sometimes I like to be able to pull up my secure notes on my phone, or from my work laptop. You can't do that with KeePass very easily. As well, KeePass has had their own share of vulnerabilities as detailed on their own website.

Dashlane has also had vulnerabilities reported with their own browser plugin as well as with their service. So has 1Password, along with Bitium.

Hint: Password security, Authentication, and Identity are hard to do right. Each of the pros has their own challenges, and I think each of them are doing just fine.

Also - Two-Factor. I see you glossed over that. I hope you use it.

[kumazatheef]

Also - Two-Factor. I see you glossed over that. I hope you use it.

2FA good. Better as app than SMS due to possibility of spoofing ... better?
(figured wasn't a requirement to respond to each point).

I think you're mistaking "compromises" with "vulnerabilities".

When it comes to security, do we really wanna argue semantics that teeter-totter between "known problem someone can exploit" and "don't worry, they haven't exploited it ... yet".

There were two incidents where LastPass staff found unusual activity and felt there were problems to be addressed. The link you posted was an example of a vulnerability report that had no in-the-wild exploits - merely a proof-of-concept provided by the security researcher who reported the vulnerability.

Does that mean we should trust something that has a horrible flaw, but hey "no bad guys have used that flaw yet"?

Listen, I get it: software is preferential and they all have their respective bugs (documented or yet-to-be-discovered) ... I'm just saying, LastPass has had a couple fundamental bugs (like: don't show the password) that, as a security-minded user, calls into question my trust of their system ...

Hint: Password security, Authentication, and Identity are hard to do right.

Are we talking "hard": as an end-user keeping things safe, or as a company's whose product's sole purpose is to do security?

Ultimately, hopefully it's just a matter of time before more systems support something like YubiKey.

[36Drew]

When it comes to security, do we really wanna argue semantics that teeter-totter between "known problem someone can exploit" and "don't worry, they haven't exploited it ... yet".

Yes - the semantics are important. Companies pay bounties to have whitehats analyze and find vulnerabilities. Responsible companies not only fix their vulnerabilities, but are open and transparent about what's going on. When you see a report that some researcher has found and reported a vulnerability (the exact issue you pointed out, by the by) - that was exactly what happened.

Listen, I get it: software is preferential and they all have their respective bugs (documented or yet-to-be-discovered) ... I'm just saying, LastPass has had a couple fundamental bugs (like: don't show the password) that, as a security-minded user, calls into question my trust of their system ...

Every single product you listed has had a couple of fundamental bugs. You use yours. I"ll use mine. I don't really care, either way. But to point at bug reports (knowing exactly how that whole ecosystem works) of one product, and completely ignoring the bug reports from the other products, and using that as an excuse to discount one over the other is dishonest.

Are we talking "hard": as an end-user keeping things safe, or as a company's whose product's sole purpose is to do security?

Hard, as in if your employer decides that they're going to write their own SAML provider and 2FA system - you're doing it wrong from the beginning. I expect a company, whose product's sole purpose is to do security, to be constantly undergoing security reviews, be constantly remedying any found vulnerabilities, and be open and transparent about what they're doing. Both as an end-user and as a professional.

[kumazatheef]

Yes - the semantics are important.

Context is king. My point about arguing semantics for security is this: when a flaw is found, whether it be vuln, 0-day, full-on security breach ... it is worth analyzing the flaw in the context of the product ... and throw in a cynical "why didn't the company catch it first" ...

But to point at bug reports (knowing exactly how that whole ecosystem works) of one product, and completely ignoring the bug reports from the other products, and using that as an excuse to discount one over the other is dishonest.

Fair, so here's a couple run-downs ... granted a few months out of date ...
https://www.theregister.co.uk/2017/02/2 ... ment_apps/
Not all bugs are created equal ... thus when summary includes things like "Plaintext Password" or "Hardcoded Master Key", they are worthy of a closer look.

Mate, clearly we both have expertise in this area, I'm not looking for a flameware in as much as I am looking to go in against a Sicilian when death is on the line ... this thread is about "Computer life lessons" and some recommendations were provided.
Based on my experiences, I recommend for or against software due to history and trust ...

[kumazatheef]

Embrace change but do it wisely:
You don't need to be an early adopter, but resisting change is a poor decision. Install windows updates, move to windows 10, etc. Delaying puts you at risk and is just that - delaying. You're either going to need to learn how to use a new version of windows sometime or give up on using a computer completely. Might as well embrace that change, get the benefit of new features while avoiding risks associated with old versions (security vulnerabilities). Delaying is a fools game and gets you nothing. Having said that - you don't want to be cutting edge. I recommend waiting 1 year before adopting a new OS, 1 month before installing application updates/patches unless there's an active exploit.

I'd say patches should be much sooner than 1 month, depending on the software, even day-after ... a minor update could probably push that a bit more, but if someone's actively using certain software then at least keeping an eye on the updates is key.
Once took a look at setup for a family member (back when they could coerce me with food) and there were 24 updates waiting to be installed ... "miraculously" all their problems were cured. Up-to-date on patches also helps secure things.
To your later point about backups ... if at worst a patch update changes things that you don't like, then can go and pull the backup.