Pentax/Camera Marketplace |
Pentax Items for Sale |
Wanted Pentax Items |
Pentax Deals |
Deal Finder & Price Alerts |
Price Watch Forum |
My Marketplace Activity |
List a New Item |
Get seller access! |
Pentax Stores |
Pentax Retailer Map |
Pentax Photos |
Sample Photo Search |
Recent Photo Mosaic |
Today's Photos |
Free Photo Storage |
Member Photo Albums |
User Photo Gallery |
Exclusive Gallery |
Photo Community |
Photo Sharing Forum |
Critique Forum |
Official Photo Contests |
World Pentax Day Gallery |
World Pentax Day Photo Map |
Pentax Resources |
Articles and Tutorials |
Member-Submitted Articles |
Recommended Gear |
Firmware Update Guide |
Firmware Updates |
Pentax News |
Pentax Lens Databases |
Pentax Lens Reviews |
Pentax Lens Search |
Third-Party Lens Reviews |
Lens Compatibility |
Pentax Serial Number Database |
In-Depth Reviews |
SLR Lens Forum |
Sample Photo Archive |
Forum Discussions |
New Posts |
Today's Threads |
Photo Threads |
Recent Photo Mosaic |
Recent Updates |
Today's Photos |
Quick Searches |
Unanswered Threads |
Recently Liked Posts |
Forum RSS Feed |
Go to Page... |
|
22 Likes | Search this Thread |
05-25-2021, 03:40 PM - 1 Like | #1 |
Audit / critique my laptop hardware / software / security setup, please?
After a troublesome, inconvenient and overall unpleasant ownership experience with an expensive HP ZBook 15 mobile workstation bought in late 2018 (resulting in HP buying the unit back at full price just a few weeks ago), I've very recently replaced said machine with a much more economical alternative from Lenovo that still meets my needs (even more so, in some respects). It's a Legion 5i 17 - specifically, model no. 81Y8003CUK - with i7-10750H CPU, NVidia RTX 2060 GPU, 16GB RAM and 512GB SSD, running Windows 10 Home. I immediately upgraded it with an additional internal 2TB Crucial MX500 SSD for data storage, and Windows 10 Pro. I'd have liked 32GB RAM instead of 16GB, but that's what was available "off the shelf" from Lenovo's UK store, and upgrading would require replacement of (rather than addition to) the installed memory modules. That aside, I'm very happy with the machine thus far... Early indications are that it's a great PC, especially considering the total outlay. I've used this laptop replacement as an opportunity to re-visit and optimise my OS and applications software setup. As such, I'd be very grateful for constructive opinions, critique and advice on my choices, since I'm still at the point where I can make changes fairly easily without messing things around too much. Note that I don't own a desktop PC, so this laptop is my main day-to-day machine. Here goes... At BIOS level, I have a BIOS password set, UEFI and Secure Boot enabled. For the OS... after some years as a linux-only user, I've made the difficult decision to return to Windows 10 as my base operating system (and I'm still a little conflicted on that). My reasons are (1) full, out-of-the-box support for my exact hardware config, (2) extended warranty being dependent on use of the supplied OS, and (3) application software availability for a range of personal interests, including photography, programming, ham radio and more. However, I'm still extremely fond of linux (I far prefer the open-source nature of it), and wanted an easy way to keep using it. I considered Windows' WSL2, but so far as I can glean the GUI support isn't quite there yet. I also considered parallel installation of a linux distro on the system drive, but eventually chose to install VMWare Workstation Player for Windows and set up an Ubuntu 20.04 VM. It seems to work very well indeed, and can even benefit from GPU hardware acceleration if required. I have two user accounts set up under Windows 10 - "admin", which has full admin rights (obviously), secured with a good, strong password; and my personal user account without admin rights, also secured with a good password and using Microsoft's PIN number feature for access (which, frankly, I'm not too sure about in terms of security). For day-to-day use, I log in with my personal user account. I would only use the admin account when necessary to complete specific tasks, and log out immediately afterwards. For virus and malware checking, I'm using built-in Windows Defender and the free, on-demand version of Malware Bytes. For the latter, I scan whenever I've installed anything. In terms of applications software... I've installed the latest Firefox as my browser, with uBlock Origin and HTTPS Everywhere add-ins (this is what I've been using for several years now). I have a Firefox account and store all of my website passwords in that, using a master password at browser level to protect access. This is another area where I'm unsure of security and best-practice, but I do need some centralised facility for passwords as I'd find it impossible to remember them all without writing them down. The websites I visit include my banking, credit card, legal, insurance and healthcare providers - so, intimately personal and vulnerable stuff. I have Firefox set up to delete history and cookies upon exit. For personal productivity, I've installed the latest stable Libre Office suite, which I've been using for years and suits me very well. For photo and image editing and management, I've installed my copy of Lightroom 6 perpetual, Adobe DNG Converter, Adobe Profile Editor, the latest versions of Darktable, RawTherapee, GIMP and Faststone Image Viewer. I'm no longer a regular Lightroom user, but since I own the software and it has some unique capabilities or conveniences for some of my photography gear, it's good to have it available - plus, the Library management still beats any open source alternative I've tried. For video editing, I've installed the latest kdenlive. I'm not a video guy, but I've recently been playing around with it and I've a hankering to try some more in the coming year. This open source tool seems to be more than capable of supporting my modest requirements and abilities unless (or until) I reach a considerably more-advanced stage. For programming, I've installed Microsoft VSCode and several plug-ins (for a variety of languages and targets), Arduino IDE (C development for supported micro-controller boards), and Mu (for quick-and-dirty Python development specific to BBC Micro:bit and Raspberry Pico boards). I've installed numerous system utilities - AOMEI Backup (free version), VeraCrypt, FileZilla, VNC Viewer, PuTTY terminal emulator, and the already-mentioned VMWare Workstation Player. I've also installed Argyll CMS which I'm using with my Colormunki Display colorimeter to profile the (almost) 100% sRGB gamut display, and my external BenQ monitor. On the subject of VeraCrypt... all of my personal and/or confidential files - anything at all that I wouldn't want others to access - I have stored in one or more VeraCrypt encrypted virtual drives, using a six-word password generated randomly from the EFF word list. I can remember the password, but have also given it to both a close, trusted family member and my oldest friend, just in case I should forget it and need access. I could have used Windows' BitLocker to secure my drives, but still don't entirely trust it. In any case, I like the fact that my encrypted virtual drive is a portable entity that I can backup or copy individually to other physical drives or devices as necessary. Regarding AOMEI Backup... After looking at native Windows backup options, I decided that I preferred the basic features in AOMEI. I've configured it so I can run occasional on-demand system and data drive image backups, and automated daily data drive sync backups, all to my 4TB Western Digital Passport external HDD. I then copy these to a seperate USB HDD (which I intend to replace with another 4TB unit soon). I don't yet have an off-site or cloud backup capability, and I'm considering whether that's something I really need (for my photos, I don't really care too much... but for my personal documents, I suspect I do). That's about it... I can't think of anything else worth mentioning (though I'm certain I'll remember something critical quite soon ). I'd welcome opinions, critique, advice, alternative viewpoints on any or all of the above. I think I've established a reasonable hardware, OS and software configuration, security and backup strategy for my personal needs, but if I can improve it in any way, I'd be very much open to - and grateful for - any suggestions! Thanks in advance Last edited by BigMackCam; 06-05-2021 at 10:47 PM. | |
These users Like BigMackCam's post: |
05-25-2021, 04:08 PM - 1 Like | #2 |
Moderator Site Supporter |
Gosh Mike, that sounds very good. I'm looking at a Z book right now. What went wrong with yours? |
These users Like MarkJerling's post: |
05-25-2021, 04:23 PM - 1 Like | #3 |
Reading through there Mike, it looks like you've put a good deal of thought into your choices (not sure I can agree on the choice of Windows however ) and it all looks relatively secure. Running Ubuntu in a virtual machine probably makes more sense if you tend to use both OSes, as it's much more practical than dual booting when your computer is powerful enough. I'd recommend taking a deep look into WSL, as though I haven't used it myself, I've heard some pretty great things about it. Two other points that come to mind: First, I'd be hesitant to put banking passwords and such in the browser - this doesn't auto fill I presume, but rather you have to use your master password for it to input the password on the web page? If so, I guess that's probably secure, but I do not know if Firefox stores the passwords in plain text, or encrypted as a password manager would. Second, if you intend to use your laptop outside of home (such as at a cafe with unsecured WiFi) I'm unsure how strong Windows default firewall is. On my laptop, I locked down everything as tight as possible (on Linux) as I'm often using networks where I'm unsure of their security in place - though not right now, stuck at home with everything going on you know | |
These users Like bertwert's post: |
05-25-2021, 04:44 PM | #4 |
Digitiser of Film Original Poster | Thanks, Mark I'm sure there are things I could do better or might have missed (given my level of knowledge), but I guess it's a decent start... Long story, but I'll give you the semi-condensed version The model I bought was the ZBook 15 G5 with 4k DreamColor display and built-in colorimeter. First, the DreamColor LCD panel wasn't particularly consistent in luminance across the screen, and suffered from considerable edge blooming and backlight bleed, mostly noticable only at high brightness levels... but I could have lived with that, given that I never adjust my display above 120 cd/m2. Next, the fans were always running at full tilt. That was eventually resolved with firmware and Windows updates, but it took months. Then, the sound output developed major problems... it was heavily distorted, stuttering and echoing - not just on YouTube videos, MP3 music and Skype, but even Windows system sounds. Strangely, this didn't occur when running linux... it was only under Windows 10, which suggested drivers. They re-installed the old Windows 10 release and drivers (as at time of purchase), but the problem persisted... so they replaced the sound module, but still no dice. They then replaced the entire motherboard, and that solved the problem, even with updates to the latest Windows 20H2 build. Hoorah! Except that, after that, the DreamColor calibration went crazy. It kept reporting that the 100 cd/m2 target couldn't be reached, with a minimum of 134 cd/m2 achievable... however, the display was clearly at minimum brightness, and when I tested with my Colormunki Display colorimeter and Argyll CMS, the actual brightness was 43 cd/m2. So they replaced the colorimeter, but the problem persisted. The machine then went off to HP's service facility in Poland where it had a completely new display and colorimeter combination fitted. When it arrived back to me - one whole month later - it still had exactly the same calibration problem. There were other issues too regarding OS-level performance and reporting problems with the various HP utilities and bloatware aimed at corporate users, but they weren't deal-breakers. It was the DreamColor calibration problem that blew it for me, especially since I'd paid a considerable premium for that. This all happened over a period of months, and while the machine was still under a three year extended, on-site premium warranty. Eventually I (politely) demanded a new, tested, replacement machine of equivalent or better specification, or a full refund under the Consumer Rights Act 2015. It took a few weeks of back and forth negotiation, but HP were pretty decent overall and finally opted to refund in full (more accurately, they bought the machine back). The last I saw of that PC, it was on its way to the Czech Republic for further repair attempts My new Lenovo obviously isn't the same level of machine as the ZBook, but it's well-spec'd, solid enough and runs way quicker than the ZBook (probably due to lack of bloatware). The display isn't a patch on the HP, but it's ample for my needs - and at 17" it's a better size for me, given that my eyes aren't as sharp as they used to be Everything runs as it should, the fans barely ever kick in, and the temperature monitoring shows it runs nice and cool. Really, for what I paid, it's a very decent unit... Not a mobile workstation by any means, but it's a fast, capable, well-sorted machine... |
05-25-2021, 05:03 PM | #5 |
Moderator Site Supporter |
Wow, what a drawn out and frustrating saga! I'm looking at a (17") Z-book to replace my 17" Elitebook which is getting quite old.
|
05-25-2021, 05:23 PM - 1 Like | #6 |
Wow Mike, that does sound like a saga. At least HP came to the party (eventually). Dell hung me out to dry and wouldn't budge and did everything they could to avoid their obligations under The Trade Practices Act. Consequently I'll never buy another Dell product for as long as I breathe. PS. Good to see you back Mike. Last edited by carlb; 05-25-2021 at 06:07 PM. | |
These users Like carlb's post: |
05-25-2021, 05:32 PM - 1 Like | #7 |
What I would consider a potential issue with laptops when putting some computing stress on them for a longer period of time are the thermals which could lead to throttling and loss of performance for longer lasting tasks. I would seriously consider some kind of laptop cooling pad to extend not only the time the cpu can do its thing unthrottled, but also perhaps the overall lifespan of the laptop. I don't think this should prevent anyone with physical access to the machine from doing anything. There are several ways to reset such a password. Not sure about the Windows account PIN/passwords though. As for your photo software, the only name that rings some bells for me (in a negative way) is Adobe, although most of my scepticism against them might come from the Flash Player and the Acrobat Reader (I have changed to using SumatraPDF at some point, but I'm really not sure if it is still considered as safe as it was when I started using it). Wasn't there some kind of breach relating to Lightroom? This brings me to add this recommendation: haveibeenpwned.com It collects data from breaches that have been released to the public, and you can enter your mail address and it will tell you if and if so in which breach the mail has been included. In addition to that, regarding security of mail addresses or rather the mail accounts, as someone who at the beginning of his online life had used the same, not particularly safe password for many different services, didn't change that for certain services over the years and consequently got "hacked", there is one thing I had done that saved me in this instance: I had connected the compromised mail account with a different mail account as a security measure, and could regain access to the compromised account through the connected account and reclaim everything. Is that considered some kind of 2FA? I think so. For anything that might be important to you I would definitely use 2FA if offered. Regarding the backups, I've heard many stories of systems failing, people relying on the regularly generated backups and then realizing that the backups were also compromised or couldn't be restored properly. So the question is: did/do you test those backups regularly? Otherwise in times of need you might experience a nasty surprise. Also: friends and family sound trustful, but are you sure that THEY did not write it down somewhere in order to not let you down in case you have forgotten it? Common advice is to always keep all your software up-to-date because of potential security issues, but with the major iterations of Windows I like to wait some time before installing those because they regularly break things, be it audio drivers or printers or even worse... I think Windows Pro gives you the edge over Home here because you get to choose to delay those updates. It's a thin line between naively stumbling through the web and all its potential security issues, and being overly protective bordering paranoid schizophrenia. I would rate your setup as rather the latter than the former, but I want you to understand that I mean this as a compliment. Better to be safe than sorry. e: and I want to reiterate the advice that @bertwert already gave: do not store passwords to anything related to money anywhere else than in your brain. Last edited by ehrwien; 05-25-2021 at 05:42 PM. | |
These users Like ehrwien's post: |
05-25-2021, 06:58 PM - 1 Like | #8 |
Hey Mike, everything you have done sounds like you are on top of it. Could I just suggest that you check your cookie settings, and prevent 3rd party cookies from gaining entry to your computer, if you haven't already. The bad guys are always a step ahead of the good guys with security issues.................................. Hackers Are Stealing Your Cookies - Panda Security Mediacenter | |
These users Like Unregistered User 8's post: |
05-25-2021, 10:37 PM - 1 Like | #9 |
Moderator Site Supporter | Regarding AMEOI Backup... After looking at native Windows backup options, I decided that I preferred the basic features in AOMEI. I've configured it so I can run occasional on-demand system and data drive image backups, and automated daily data drive sync backups, all to my 4TB Western Digital Passport external HDD. I then copy these to a seperate USB HDD (which I intend to replace with another 4TB unit soon). I don't yet have an off-site or cloud backup capability, and I'm considering whether that's something I really need (for my photos, I don't really care too much... but for my personal documents, I suspect I do). |
These users Like MarkJerling's post: |
05-26-2021, 01:09 AM - 1 Like | #10 |
Great to see you back Mike. Your new laptop sounds like an impressive machine that'll hopefully future-proof you for a few years. I'm another reluctant convert to Windows 10 on a newish i5 desktop, after finally accepting at Christmastime that my ancient Atom 330 based Windows 7 machine wasn't up to even basic web browsing anymore. At least it's Windows 10 Pro so I'm avoiding the daily hell of endless updates. Since Windows security is clearly a major concern for you -- as it should be -- have you considered using Faronics Deep Freeze or one of the free equivalents such as Toolwiz Time Freeze? I've been using Faronics since as far back as I can remember, and I can't imagine running a Windows machine without virtualising the C: drive and always browsing the web inside a self-destructing sandbox. | |
These users Like Dartmoor Dave's post: |
05-26-2021, 02:49 AM - 1 Like | #11 |
Digitiser of Film Original Poster |
Thanks, everyone, for the excellent and thoughtful suggestions thus far (and the nice welcome back - you folks are most kind ). I've already addressed (or made risk-assessed compromises on) several of the points raised, but there are some interesting items mentioned that I'll definitely research further... specifically: - Looking into WSL / WSL2 more deeply for my linux requirements - External thermal cooling - NoScript browser add-in - Double-checking my cookie prevention in Firefox (I believe it's set correctly, but I'll check) - Alternative password solutions for financial / confidential accounts - Off-site data backups - Faronics Deep Freeze and alternatives for secure recovery - Sandboxing my browsing activity These are all great points that I hadn't considered or, at the very least, given enough thought to. Regarding passwords for financial and other critical, confidential accounts, I have too many to store and retrieve in my head alone - hence why I'm currently using Firefox's password manager. Firefox encrypts the passwords, and I have a primary password set so that they can't be retrieved without entering this. My banking and credit card providers further limit access using 2FA, sending one-time pass-codes to either my phone or chosen e-mail account before access is granted. This seems reasonably secure, yet I'm still not 100% comfortable with my overall approach. I guess one alternative would be to store my passwords in a file in one of my VeraCrypt encrypted virtual drives, and look them up manually as required. That would be nowhere near as convenient, but potentially more secure. My VeraCrypt volumes are 256-bit encrypted, and protected by a randomly-generated, six-word password based on the EFF long word list. My reason for being OK with sharing this approach here is that such a password has 2.2107392e+23 possible combinations. Using any currently-available technology, it would take many years to crack using brute-force. Unless, that is, I'm missing something? Thanks once again for the excellent feedback Last edited by BigMackCam; 05-26-2021 at 02:59 AM. |
These users Like BigMackCam's post: |
05-26-2021, 02:53 AM | #12 |
Digitiser of Film Original Poster | If I were buying an HP machine again, I guess I would avoid any unusual or specialist options, and pick a specification that's fairly vanilla. From everything I've read and heard, the DreamColor version of the ZBook 15 G5 I owned wasn't sold in large volumes, and it's possible it was never a fully-sorted combo. If I'd gone for a standard display version, I might still be using it now. If you decide to replace your Elitebook with a more recent or current business-range model, do watch out for all the HP utilities and bloatware. They really hit resources and performance, if my ZBook was anything to go by, and the numerous notifications and secure access features get in the way. A clean, bog-standard Windows 10 re-installation would be my recommendation; then - if you must - add any specific HP utilities you really need. My mid-range Lenovo is, by comparison, almost devoid of bloatware... McAfee trial (which I uninstalled immediately), and Lenovo Vantage - a configuration and information dashboard utility that gives easy access to performance, graphics and some BIOS settings. It's very good and surprisingly lightweight, so I chose to keep that installed. Oh, and there's a Lenovo Legion wallpaper pre-installed Other than that, it's just plain old Microsoft Windows 10. Thumbs up to Lenovo Last edited by BigMackCam; 05-26-2021 at 03:32 AM. |
05-26-2021, 04:24 AM - 1 Like | #13 |
I had a look at what the EFF says about this list and it seems that there are no uppercase characters, no digits and no special characters, but the average word length is 7? So that's 26^42 = 2.68 * 10^59. But a random attacker doesn't know there are no digits or special characters, so more like 70^42 = 3.12 * 10^77 Of course you are right that this should not make a difference today as it would be much easier for someone with sufficient criminal energy who is interested in your secrets would rather force you to tell them the password, but let's not go there | |
These users Like ehrwien's post: |
05-26-2021, 04:41 AM - 1 Like | #14 |
Moderator Site Supporter | I wouldn't necessarily let my isolated experience put you off, Mark. There's a lot to like about the ZBook machines - the build quality is really excellent, ease of access to the internals and upgradeability (at least on the mobile workstation models) is unparalleled, modules and components such as RAM, GPU and SSD are all top-notch corporate-level choices, and the additional on-site support I paid for was, in fairness, first-rate (provided, in the UK, through a contracted third-party called Hemmersbach). If I were buying an HP machine again, I guess I would avoid any unusual or specialist options, and pick a specification that's fairly vanilla. From everything I've read and heard, the DreamColor version of the ZBook 15 G5 I owned wasn't sold in large volumes, and it's possible it was never a fully-sorted combo. If I'd gone for a standard display version, I might still be using it now. If you decide to replace your Elitebook with a more recent or current business-range model, do watch out for all the HP utilities and bloatware. They really hit resources and performance, if my ZBook was anything to go by, and the numerous notifications and secure access features get in the way. A clean, bog-standard Windows 10 re-installation would be my recommendation; then - if you must - add any specific HP utilities you really need. My mid-range Lenovo is, by comparison, almost devoid of bloatware... McAfee trial (which I uninstalled immediately), and Lenovo Vantage - a configuration and information dashboard utility that gives easy access to performance, graphics and some BIOS settings. It's very good and surprisingly lightweight, so I chose to keep that installed. Oh, and there's a Lenovo Legion wallpaper pre-installed Other than that, it's just plain old Microsoft Windows 10. Thumbs up to Lenovo |
These users Like MarkJerling's post: |
05-26-2021, 04:42 AM - 1 Like | #15 |
Lenovo on the other had has been a dream to work with when it comes to any of the issues we have had. | |
These users Like DeKay's post: |
|
Bookmarks |
Tags - Make this thread easier to find by adding keywords to it! |
access, account, backup, drive, hardware, password, software, system, user, windows |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Question about processing software and hardware... | Johnboyas | Digital Processing, Software, and Printing | 5 | 11-26-2014 10:15 PM |
US audit finds weakness in Pentagon controls for Iraq funds; $8.7 billion missing | johnmflores | General Talk | 5 | 07-28-2010 08:42 AM |
Suggestion for a calibration software/hardware? | Javaslinger | Digital Processing, Software, and Printing | 8 | 01-29-2010 07:01 PM |
Hardware critique please? | fillerupmac | Post Your Photos! | 8 | 07-16-2009 12:32 PM |
Please Critique My Lighting Setup | mattrickman | Pentax Camera and Field Accessories | 6 | 03-06-2009 05:41 PM |