Damn it, but computers have become really complicated

[Professor Video Games]

The big square chip is a power FET...it basically converts one DC voltage to another (big like that because it handles a lot of current and potentially heat as well). The little guy is probably a capacitor...you can tell by the labels next to every component. Like Cxxx is a cap and Rxxx is a resistor. Regardless, it would take more than some amateur soldering to fix it...the traces (ie wires in/on the board) are probably fried and getting that FET removed/replaced would be a pain in the butt, plus who knows what else got killed without visibly burning up. Sadly it's off to the scrap heap for that poor guy.

[SecretAsianMan]

All rounder with AC support - ASUS Dual-Band Wireless Router (RT-AC56U) (Wirecutter write-up)

 

All rounder with N support - ASUS RT-N66U Dual-Band Wireless-N900 Gigabit Router

 

I have the RT-AC66U, which as one would expect is the AC version of the RT-N66U.  I believe it actually used to be the previous Wirecutter recommend before they changed to the 56U.  I really like it.  The range is excellent, it reaches all 3 floors of my house and isn't even centrally located.  I haven't messed around too much with custom firmware but the one it comes with is pretty good.  Just a warning, if you do get a recent ASUS device, make sure you update the firmware right away.  There was a security bug that let people access any kind of storage attached to it.

[JonCole]

I think they changed their recommendation because the AC56U is more affordable ($120 vs $170) and doesn't trade off too much for that price (mostly the range, a slight decrease in speed) while still preserving dual-band and AC.

[SecretAsianMan]

You're probably right.  I'm still happy with my choice and I'm sure they're both good.

[JonCole]

Oh yeah. Every time I've cheaped out on a router, I've regretted it. I bought a N66U after fiddling with both a mid-range $50-ish ASUS router and a N56U, and love it. I will either buy a AC66U or a Nighthawk when I finally make the AC plunge.

[Dewar]

I'm definitely in the market for a nice expensive one. I've cheaped out before and it's rarely worth it.

 

Edit: We're living in a fairly small townhome, so I don't think range will be a big deal. I think I'll go in on that Wirecutter recommendation, they've never steered me wrong before.

 

Edit2: But the AC56U isn't available direct through Amazon, so maybe I will splurge on the AC66U.

 

Edit3: Or maybe a used one from the Amazon Warehouse.... decisions decisions.

[JonCole]

Weird, it was just available earlier today. Perhaps if you wait a couple days they'll get a restock.

[Codicier]

The big square chip is a power FET...it basically converts one DC voltage to another (big like that because it handles a lot of current and potentially heat as well). The little guy is probably a capacitor...you can tell by the labels next to every component. Like Cxxx is a cap and Rxxx is a resistor. Regardless, it would take more than some amateur soldering to fix it...the traces (ie wires in/on the board) are probably fried and getting that FET removed/replaced would be a pain in the butt, plus who knows what else got killed without visibly burning up. Sadly it's off to the scrap heap for that poor guy.

Thanks for the info, I'd assumed it was junk but was curious what the post mortem was so I could make sure it didn't happen again with the new setup.

The rest of the parts arrived today, unfortunately I didn't get nearly as much installed as I wanted to because one of the motherboards screws threading was knackered so i had to spend a hour removing the little git, then salvage a replacement spacer from a old case I had in the attic.

I eventually installed the new heatsink, and am now going to bed nervous that the damn huge things gonna somehow tear the CPU from its sockets and come crashing down in the night.

Assuming it doesn't and assuming I didn't damage the motherboard in some way while removing the errant screw I'll be booting it up tomorrow and running a few temperature tests to check I've got the heatsink seated properly.

Actually is there anything else I can do in addition to running a mild stress test & checking the temps that the CPU has to tell whether the heatsink is seated correctly?

I'm also a little worried about the GPU it's the first one I've had which is so darn huge, and it feels like its gonna mess up the airflow, anyways first I need to get this baby to boot up.

Assuming it does will post a pic for advice on cabling and airflow.

[Codicier]

Ok everything installed, this is what I hope the airflow should be like

[JonCole]

If you still want the AC56U, it's $90 on Newegg with promo code - http://slickdeals.net/f/6843456-asus-rt-ac56u-dual-band-wireless-ac1200-gigabit-router-90-newegg?src=pdw

[Sno]

So heartbleed's really scary, maybe the scariest security hole the internet's ever seen.

 

These two articles sum it up fairly well. (Other reports indicated that the attacks can even be directed to compromise the site's main encryption keys.)

A lot of bigger and more critical sites are reporting that they've closed the vulnerability, but it had existed for two years and it's potentially been exploited for months. Steam, in particular, has apparently been hit pretty hard. (I've seen people even advising to completely reset steamguard, claiming that secure session tokens may have even been compromised, not just passwords and personal information.)

The other scary part here is that if you go around resetting your passwords, there are only very limited ways to know which sites were vulnerable and which sites have since closed the vulnerability. You can do your due dilligence and be just as at risk as before. That's where the real damage is going to happen, over the next few weeks while smaller websites lag to patch the vulnerability.

How about the idlethumbs sites?
 

[SecretAsianMan]

Heartbleed really is a frightening thing, but it's made me really glad I use Lastpass.  Especially since they built a tool to tell you if any of the sites you use were compromised.

[Sno]

How does lastpass work? What does it do?

[JonCole]

I guess it's as good a time as any to remind people:

• try to use unique passwords for every website - a password generation/storage service like 1Password or LastPass can make this way easier
• enable 2-factor authentication wherever possible - this makes it so logging into a site requires two methods of proving you're you, both the password (which seemingly is easier to get every day now by the bad guys) and a unique code generated by a hardware/software solution or sent to you by SMS, phone call, or email; check http://twofactorauth.org/ to find what websites offer this feature
• don't store financial information in websites/services whenever possible

There are already several articles trying to compile what websites have confirmed that they've implemented the patch, because you really won't gain much by changing passwords for a site until they do deploy that patch as Sno said. I suppose that the best advice is just to keep an eye on the services you use and report any unusual activity whatsoever.

[JonCole]

How does lastpass work? What does it do?

 

LastPass is a cloud-based password storage/generation tool. When you create a login for a site, it offers to generate a password for you using any number of criteria (characters and/or numbers and/or symbols and/or caps and/or number of characters/numbers etc) then stores the password and username in a file that's encrypted and decrypted locally before being synced to LP servers. The software also has a number of handy features like notifying you if the password you're using for one site is not unique between your database of stored passwords, and in this case a new feature that notifies you if you should update a password after a Heartbleed-compromised site has patched their servers. It offers quite a few multifactor authentication options, including physical code generators and hardware keys.

[SecretAsianMan]

It's also worth mentioning that Lastpass is free, with a premium option for additional features such as use on mobile devices and additional 2-factor options.  The premium option is a subscription service that's relatively cheap, $12/year I think.  Lastpass can autofill additional information besides usernames/passwords such as name, address, credit card numbers and banking info, etc.  Even though it uses cloud storage, the information is encrypted and decrypted on your computer as JonCole said, so even if their severs are compromised all any hacker will get is encrypted gibberish.  Not even Lastpass themselves have access to the decryption keys.  There are extensions for Chrome, Firefox, etc. that will let you access the tools without needing the website.

 

1Password is a similar thing I think, but I've never used it so I honestly don't know.

[Professor Video Games]

Password databases are a definite must. If cost is an issue, there's also KeePass, which is a free, open source password database. I don't think it's quite as feature rich as LastPass (which I haven't used so I can't say for certain) but it gets the job done. I have my database full of crazy autogenerated passwords and keep it synced across devices with Dropbox. There are plugins for desktop browsers to allow autofilling and the Android client I use, Keepass2Android, is pretty good.

 

Aside from that LastPass tool, is there anywhere that is tracking what sites are vulnerable and which have been fixed? I'd like to have somewhere I can type in "google.com" or whatever and see if it's good now.

[Codicier]

After hearing the various exploits of the hat mafia from the thumbs on various episodes the fact that steam is among the list make's me worried.

 

Just a quick question for SAM (or anyone else who knows) regarding lastpass and similar things, are the randomly generated passwords hidden from the end user? or would i be able to get my pen & paper out note down the generated password and lock them away somewhere irl if I so chose to?

 

uh oh guys, bad news!

 

 

Edit:

 

https://lastpass.com/heartbleed/

 

is scaring the hell out of me >_<

 

big old list i found during my subsequent freak out

 

https://gist.github.com/dberkholz/10169691

[Sno]

Password generators always just seemed to me like an extra vector for something to go wrong.

Anyways, lastpass also has a web tool for checking websites. (That appears to have updated since i last looked at it, it's significantly more useful now.)

Edit: Codicier beat me to it, looks like.
 

I've seen a lot of news sources make inqueries to various companies and... It's all very ambiguous. Particularly with a lot of the larger services like Google, it seems like parts of the network have been addressed while fixes are still pending for other servers.

[JonCole]

After hearing the various exploits of the hat mafia from the thumbs on various episodes the fact that steam is among the list make's me worried.

 

Just a quick question for SAM (or anyone else who knows) regarding lastpass and similar things, are the randomly generated passwords hidden from the end user? or would i be able to get my pen & paper out note down the generated password and lock them away somewhere irl if I so chose to?

 

also guys, i have some bad news!

 

uhoh.jpg

 

Randomly generated passwords are not hidden, you can even generate again and again if you think the result of a generation is not "random enough" for you. I've committed the randomly generated strings for my banks and email addresses to memory, just in case I don't have access to LP for any reason.

[SecretAsianMan]

Yeah, I also have a few key passwords committed to memory.  When the password is generated, it is shown to you so you can decide to keep it or generate a new one.  Even after the password is chosen and saved, you can go into your vault and click "Show Password" so that you can see what it is instead of getting ********.  There's also an option to download a local backup in various formats, such as an encrypted file or a csv/excel file.

 

At least that's how it works in Lastpass.  Can't speak for the others.

[Bjorn]

Password generators always just seemed to me like an extra vector for something to go wrong.

 

 

Yeah, any software management of passwords has always had me worried as just something else to possibly go wrong.  Theoretically I understand how something like LP is secure...but I still have this nagging distrust of any solution like that?

 

Though Heartbleed is making me rethink that option. 

[SecretAsianMan]

Yeah, any software management of passwords has always had me worried as just something else to possibly go wrong.  Theoretically I understand how something like LP is secure...but I still have this nagging distrust of any solution like that?

 

Though Heartbleed is making me rethink that option. 

 

I can totally understand that concern but until someone presents me with a better and more secure option I'm going to stick with it.

[Professor Video Games]

Thanks for the web tool link.

 

The KeePass password generator is definitely configurable. You can select what character sets are allowed and the length then save them off as templates for future use (plus more complicated stuff I don't understand). It lets you view saved passwords at any time but I'll bet all these tools allow that. The most important thing with these things is that your primary database password is a quality one since it's the key to the castle.

[SecretAsianMan]

Thanks for the web tool link.

 

The KeePass password generator is definitely configurable. You can select what character sets are allowed and the length then save them off as templates for future use (plus more complicated stuff I don't understand). It lets you view saved passwords at any time but I'll bet all these tools allow that. The most important thing with these things is that your primary database password is a quality one since it's the key to the castle.

 

Lastpass definitely does this too.  You can set the length, use of numbers, letters (both upper and lower case), and special characters, and even toggle avoiding pronounceable passwords.  It also does a quick check of the password's strength as they're generated.

 

And yeah, picking a strong master password is very important.  Two-factor authentication is also a must.  I use Goggle's authenticator on my phone, but Lastpass has options for other forms, including paper or usb thumb drives (some of them are premium only).

 

One more neat thing you can do with Lastpass is sharing.  Sharing requires both parties to have a Lastpass account.  It lets you share login access to a website with another person WITHOUT revealing the password to them.  If that person is smart enough, they can figure out ways to reveal the password but you can revoke the shared access at any time.  I've found this useful for families.  I shared my Netflix account with my father this way.

 

I'm doing a lot of promoting of Lastpass; I swear I'm not getting paid by them for it.  I just really like the service.