Know How... 89 (Transcript)


Download and watch the episode here:
Know How... 89

NetCasts you love, from people you trust. This is Twit!

Bandwidth for know-how is brought to you by cachefly.com. This episode of Know-How is brought to you by SquareSpace. The all-in-one platform that makes it fast and easy to create your own professional website or online portfolio. For a free two-week trial, and 10% off, go to squarespace.com and use the offer code KnowHow.

And by I fix it. You can fix it, and iFixit makes it easy. With free step-by-step repair guides, high quality replacement parts, and all the tools you’d ever need. For $10 off your purchase of $50 or more go to iFixit.com/twit and enter the code KnowHow at checkout.

This week on Know-How how to bandage your heart bleed, check out a brand spanking new router and were going to tell you how to speed up your Windows 7 or 8 computer, for free.

Father Robert Ballecer: Welcome to know how, it is the twit show where we bend, build, break and upgrade. I’m father Robert Ballecer.

Bryan Burnett: And I’m Bryan Burnett.

Fr. Robert: For the next 30 minutes or so we are going to take you through some of the projects that we've been working on. Some of the quick tips that we been coming up with and talk all about a nasty, nasty Web vulnerability. You ready for that?

Bryan: Yeah, I been hearing a lot about that. And I don’t understand it at all.

Fr. Robert: Heart bleed. Okay so let's talk a little about heart bleed. When we talk about heart bleed, what we are talking about is a vulnerability with an open SSL which is a subset of SSL as we know it. It is a secure sockets layer which actually translates into TLS. When we are talking about TLS we are talking about what happens when my client makes a secure connection to a server and…. I'm losing you huh?

Bryan: Yeah. it has a catchy name. But I have no idea what you’re talking about.

Fr. Robert: Here is the problem. I think the media has been over explaining it. They like to get into technobabble. In fact we’ve been doing that too. I’ve been guilty of that, I try to explain part bleed on Padres corner, and I said I was going to do it in English and then people said…

Bryan: 30 minutes later and people still don’t get it.

Fr. Robert: So let me break it down to you. As simple as I can make it. You are a server. And that is your system memory. So that is what you’ve got - you’ve got a nice little set of jelly beans which represent the memory you have stored within your RAM. Correct?

Bryan: Quite a bit of memory in there.

Fr. Robert: All right. Now I’ve got a secure connection to you. Like Facebook. That means I get that little lock in the upper corner of my browser right? It tells me that our connection is encrypted. It is secure. But here is the problem. You cannot just keep those connections on forever. You have to be able to drop them if they are no longer in use. The problem is, the way that we make sure that you keep the connection is that we send what is called a heartbeat. A heartbeat is just a little symbol pack. It is a little bit of information that goes from me to the server and it says hey am I still here, I am still alive, don’t drop the connection. And this server is supposed to send me back the exact same thing I sent to it. So I receive it and I know the server is going to keep me alive.

Bryan: A little handshake.

Fr. Robert: A little handshake yes. All right so, this jellybean right here. This one is a heartbeat. Now what I have to do is I have to actually include this in my handshake to you, my heartbeat. But I also have to tell you in the signature how big this is. That is how this heartbeat works. Alright so I say, I am sending you one jellybean. Send me one jellybean back. So I take this and I give it to you, it goes on top of your pile of jelly beans, and then you say okay I received one jellybean and then you send it back. That is a heartbeat. That keeps this connection open so that you know I want to stay open to you. Now, every other implementation at SSL, other than open SSL, does a quick check because I have to tell you how many I’ve got and am passing, right? All other SSL will actually look at what it is receiving, will look at what you told me I was receiving, and make sure the two are the same. So if I say, here is one jellybean, it will look and say yes that is one jellybean I will send it back to you. Open SSL missed that step.

Bryan: It is too trusting.

Fr. Robert: It is too trusting. So what happens is, I can do this. I’m going to say all right this is one jellybean, but I'm sending you 64,000 jelly beans.

Bryan: It kind of looks like one jelly bean.

Fr. Robert: Yes, but you are open SSL so you don’t care.

Bryan: So I’m going to send you all the jellybeans back.

Fr. Robert: Right, exactly. So in a jellybean case that is the heartbeat.

Bryan: And the exploit is the person can do it over and over until…

Fr. Robert: I can do it over and over again, and I can just keep slowly advancing my pointer until eventually I have all of your jellybeans. All of your system memory, everything.

Bryan: All of my jellybeans eventually belong to you.

Fr. Robert: Exactly I have all your jellybeans. And that, in essence, is what heart bleed is. That is really the simplified version of what is going on in heart bleed. There is a lot of technical stuff, I actually really love it. You can actually see, they have isolated the piece of code that is responsible for the heart bleed bug. It is a fascinating read but if all you want to know is how heartbeat works, that’s it. The basics of it.

Bryan: The scary thing is that it has been around for so long, and nobody caught onto it for a while.

Fr. Robert: It has been around for two years. So it has been in the wild, no one figured to check on open SSL. Open SSL, I’m actually a big proponent of open source software. So we do peer-reviewed. Everyone looks at everyone else’s code, so it is kind of unthinkable that something like this went on for two years before anyone caught on.

Bryan: It is kind of scary but I guess we know now. And later on we will show some of the steps we can take, if you have been compromised, to secure yourself.

Fr. Robert: Because this is cool. But the real problem here is once that server has been compromised, once someone has emptied out the system memory, they could have all the encryption keys, they could have your server certificate, they could have anything that is in system memory. So if it was processing data, then they have that data. If it was processing usernames and passwords than they have your usernames and passwords. More importantly if they have those encryption keys it means that someone could do what is called a man in the middle attack where they pretend they are in your Facebook. All of someone else’s traffic would route through me, go to you and back and I get your jellybeans! And you can’t tell that I’m doing that.

Bryan: That is kind of scary.

Fr. Robert: The biggest problem is that people use the same username and passwords for multiple websites.

Bryan: Not a good idea.

Fr. Robert: Not a good idea. And you’re going to help us with that.

Bryan: I have a solution for that later on.

Fr. Robert: But before we get to the bandage for the heart bleed. I promised my fans on twitter that I would show you a quick down and dirty, easy way to get back up to 10% of your system performance if you are using windows 7, or Windows 8. Shall we take a look?

Bryan: Yes let’s do that.

Fr. Robert: Now we all like speed. We long for it. We crave it. We want it in our PCs, our laptops, our Macs, our devices. Pretty much anything that can go faster we want it to. And so, we spend a lot of money, we spend a lot of time building and breaking and upgrading and replacing all in the quest for speed. But what if I told you Windows 7 and Windows 8 users that there was a way for you to get up to 10% of your speed back? Without upgrading anything. Without replacing anything. Without really changing the way you use Windows, or even opening up the case. I know it sounds like a pipe dream, I know it sounds too good to be true, but folks this is something I have been doing since Windows 7 dropped on the world. The tip centers around two servers that are always running in the background of Windows 7 and Windows 8. The first is called remote assistance. Now technically, the feature is very very cool. It sits in the background and it waits for someone to connect to your computer and use their keyboard and mouse to show you how it’ll fix something that is going wrong with your computer. Again, a nice feature that I would be willing to bet that very few of us have ever actually used. So if we are not using it, why let it sit in the background using up your resources? This second service is called system restore. Now this actually is a very useful service. It allows you to create safe points that you can jump back to so if you warp your PC system you always have an easy way to go back to an image that was clean. Here is the problem though. Very few of us have safe system restore points. Very few of us have actually done the work to make sure that we have gotten the safe point where we want them. And so we are normally going to go back to the original factory image. So if we are going to do that, and you've got the factory install disk, if we've got the factory installed partition, we have some way to go back to how it was when we first received the computer. If that is what we are going to do, and especially I would suggest you do that if you have a virus, then why even have that running? Let me show you how to turn them off. The first thing you need to do is get to the system option and control panel. I usually just right-click the computer icon on the desktop and choose properties. Once in the system menu you will see all the stats on your computer, but to the left of the stats you will see control panel home. Along with four shielded options. Click remote settings. You will see a field for, allow remote assistant connections to this computer. Go ahead and uncheck that box and then click apply. You’ve just turned off the remote assistance server but now we need to shut off system protection. In the control panel there is a tab for system protection, go ahead and select that and you'll notice under protection setting that it will tell you if one of your drives is protected. Usually it protects the drive with the operating system but not the others. Select the drive that is protected, then click configure. Now select the radial button to turn off system protection and apply the change. That is it! You have just turned off the two background services and you will recover all the horsepower that had been going to feed those two services. Now I am sure that some of you are skeptical that you can actually get up to 10% of your horsepower back, so I ran PCMark Vantage before and after the changes. With the services on this PC scored 13394, after I ran the benchmark again making just these two changes the PC scored 14578. If you do the math, that is a 9% increase all without buying, upgrading, or installing anything. I’m Father Robert Ballecer the Digital Jesuit and now that you know how to take your horsepower back, go do it.

Fr. Robert: Now Brian, you can overdo it. In fact I know a lot of people who have overdone it. They turn off all the services that they possibly can.

Bryan: Yeah, I’ve been a victim of that.

Fr. Robert: Which is good. It is good to turn off things you don’t need. But, you can go to far and suddenly there is not a service there that you need.

Bryan: And then you reboot and you wonder what the heck has happened to your system.

Fr. Robert: Right. That is why I chose these two services. These two services are actually pretty cool features. But I would be willing to gather that 99% of us have never use remote assistance. And at least 75% of us have never used system restore. So if that is the case and you are not going to use those things you might as well take them out.

Bryan: Very rarely. I was actually, this weekend thinking about formatting my computer. And system restore, I never used it and most of the stuff I backed up to external hard drive.

Fr. Robert: In for me, the only thing that really makes me think about reinstalling or going back to a previous version is if I think some way my system has been compromised, or I installed something that is messing it up. And in those instances I never want to use system restore. Because it doesn’t quite clean everything.

Bryan: And it doesn’t always fix it. Doesn’t get rid of everything.

Fr. Robert: And so I just go back to the factory fresh install. And also, I kind of like that. Maybe because I’m a Windows user but every once in a while, like every 18 months or so I like to reset everything. Not necessarily because the Windows is messed up that because of all the junk I’ve added on. And I just want to clean house.

Bryan: It is nice to just start fresh and then the way I do it, is I just add things as I need them. Like, I’m not going to use Premiere this week I will install it next week when I’m going to be editing something.

Fr. Robert: Well you know this is great. And I think I have way too many jellybeans. I ate too much system memory! But I thought this might be a good time to talk about our first sponsor. Now Brian, have you ever heard of SquareSpace?

Bryan: I have. I am a user of SquareSpace.

Fr. Robert: What do you use it for?

Bryan: I will not shamelessly plug myself, but I have a website that I use for SquareSpace. I like it because I can just focus on putting my content on the web and not worry about anything else.

Fr. Robert: What Iowans liked about SquareSpace is that it is an all in one platform. It really is a turnkey solution. Sometimes, and I will admit to this, I have a service right now that I use that just provide service, and I use someone else to provide the package that I put on top of it. I even use a third-party to give me a rock solid back of database. What if I told you that you could get all those things at one place for one price?

Bryan: I believe you, because I use it.

Fr. Robert: Which is why we are proud to say, SquareSpace is a sponsor of Know How. Now what do you want to do? Do you want to publish a website? Do you want to make it easy for your clients to see your portfolio? If so, you need to use SquareSpace. It is a great way to share a weekend project blog or provide the ability to jumpstart a site startup project. With a professional looking site and the ability to quickly and easily take orders and sell creations. Now some of the reasons that you will love SquareSpace would be that they are constantly improving their platform. They are not one of these companies that just sells you the service and then leaves you alone. They are always adding new features, new designs, and even better support. They also offer flexibility. This is important for DIY-ers, the core audience of Know How. There are sets of tools to create your own website, without code. From design tools like layout engine and the logo Creator. A platform for customization and especially if you know enough code to get under the hood, since the developer platform is super robust. SquareSpace also has beautiful designs, they have 25 templates for you to start with. And recently added a logo Creator tool which is a basic tool for individuals and small businesses with limited resources to create a simple identity for themselves. Now SquareSpace is also easy to use. But if you want some help, SquareSpace has watched And email 24 hours a day seven days a week, but I almost guarantee you you’re not going to need it. They have a completely redesigned customer help site for easier access to health and to give use self-help articles and video workshops but in my experience it is so easy, and so intuitive that those things are good to have, but you’re not going to have to break them out. SquareSpace makes your projects that much easier. SquareSpace also gives you e-commerce. Now available for all subscription plan levels, including the ability to accept donations which is good for nonprofits. Cash, wedding, and school fundraisers. It starts at just eight dollars a month and includes a free domain name if you sign every year. Now the new SquareSpace Metric app for iPhone and iPad allows you to check site stats like page views, unique visitors and social media followers. With a blog app you can make text updates, tap and drag images to change layout, and moderator comments on the go. Even their code is beautiful. We all know that SquareSpace looks beautiful on the outside but what is also amazing is that the code inside is beautiful too. I’ve actually taken a look at it. It is just so well done, their auto generation tools are spot on. SquareSpace takes as much pride in their back end code as they do in their front end design. That just tells me that they pay attention to what they are doing. Now, again, hosting is included. They take care of that so that you don’t ever have to pay a separate subscription feed to keep your blog. You pay one fee, each month and be done with it. So here is what we want you to do. We want you to try SquareSpace. With a free two-week trial, with no credit card required, start building your website. Now when you decide to start up your SquareSpace make sure to use their offer code KnowHow to get 10% off and to show your support for Know How. We thank SquareSpace for their support of Know How. A better website awaits. Start with SquareSpace.

Fr. Robert: Now Brian, we talked a little bit about heart bleed. We talked a little bit about how to speed up our Windows machines. Now, I want to know if there is a way to protect myself from those nasty, nasty vulnerabilities I find on the Internet.

Bryan: Now fortunately there is. And it is probably something you should have done even before heart bleed came out. And that is to use different passwords for different websites, something that I am ashamed to say that I have used the same password for multiple sites. I've used throwaway passwords and usernames and things like that. It is not a good idea.

Fr. Robert: It’s true, it’s true. The sad part is we all, at a base level, understand why we should be using different passwords. But it is so difficult. If you are using 20 or 30 different web services with everything from your social media to your credit cards to your banking and vacation websites. Whatever it might be. It can be a pain to remember the different password that you chose. Even have, like me, each password is sort of an information to the next one. It is still too easy to forget. So I will admit, a couple of websites out there have the same username and password.

Bryan: Well the problem with that, I’m gonna tell you about it. It is called LastPass. It is something that a lot of people here at the studio use. I know Leo has. And Steve Gibson on Security Now has personally vetted it. If he says it is okay, I’ll go with what he says. But if you want a more in depth explanation you can definitely check out twit.tv/SN for Security Now. They did a couple of issues about heart bleed and LastPass. Which is what we are going to be showing here. This is just their little advertisement for the product but basically it is the service that you use one password to unlock your password vault. And then that is where you keep all your encrypted passwords. This is all done locally and from the way Steve was explaining it is that LastPass doesn’t even know what your passwords are. It is all done locally on the machine. So the only person that has access to your passwords should be you. Just don’t forget your one main password that you use for it. So we will just run through a quick set up of what to do. you can use it for free, but there is a $12 fee if you want to use some of their other premium services that they have. We’ll just go through it will quick. If you look at my laptop, this is their website it’s pretty basic to use. When you download it, what it will do is it will install itself as an extension on your browser. So I use chrome, I use Safari, Firefox. As an extension for all of those products. It also does mobile devices. So it runs just on basically everything. Windows, OSX, Linux, and as far as mobile OS’s, it runs on iOS, android, blackberry, Windows phone.

Fr. Robert: Actually, I installed LastPass not too long ago. It was before heart bleed, I wanted to give it a go. It surprised me how easy it was to install.

Bryan: I used it for about four years now and I have about 180 sites that I use it for. So whenever I go on a new site, I have my regular email that I use, and it has a great password generator. So when you do install it, it'll just pop up as a little extension in the top right corner of your screen, it looks like a little red asterisk. I’ve got my vaults which I’m not going to open!

Fr. Robert: Oh, come on! Open it! What could possibly go wrong?

Bryan: Well you can actually see my passwords. Even if you go into that where you’re going to edit a password. I’ll go into my kick starter as an example. You see the interface, this is if you went into a website to edit it click if I click that then you will see my password. But I’m not going to do that right now. But anyway, so you’ve got your vaults and in some of the settings it is pretty basic.

Fr. Robert: And one of the things I thought about LastPass is it is a really good way to organize your sites. Even beyond the password stuff. I don’t think most people realize how many places they've left credentials on. Especially if you are really just starting out. You throw your username on this you through your username on that before you know where it… I've come back like three years later and realized I asked have an account somewhere! If I had had LastPass set up that way than I would know.

Bryan: Is a very good way of keeping track of the sites that you’ve made usernames for and then also when you come to a site.

Fr. Robert: LastPass gets rid of all that.

Bryan: If I go to the website, say kick starter here you get to the website then LastPass fills out the username and password for you. But of course as I do this live nothing loads up because of our great Wi-Fi.

Fr. Robert: Okay here is a question that I know a lot of people have. Which is, wait a minute! I’ve always been told to never write my passwords down. I’ve always been told that I don't want to have one file that has everything in it. Because the people get that file they’ll have everything. So you are consolidating everything into one place right?

Bryan: There is that danger that you are putting all your eggs in one basket. But it is a lot better than trying to write them down.

Fr. Robert: And also I will say this, we are at the point where we have so many usernames and so many passwords and remember you should be using unique usernames and passwords for everything that the security benefit of having them all different, having all your usernames and passwords unique outweigh the disadvantages of having everything contained in one space. It is encrypted, someone will need to know the password for last pass and have access to your device. You do have to weigh the pros and the cons, but I would say by far it is worth it to make sure that even if one website gets compromised it is not going to affect everything else.

Bryan: Right. One thing that it does that is really nice, is that it will audit your sites to give you a security score. So read through your list of sites and your passwords, find the duplicates. Last night I went through mine, because my score was not great, my score was 51.2% and I was…

Fr. Robert: Wait. How does that score?

Bryan: How does that score?

Fr. Robert: Yeah, what does 51.2% mean?

Bryan: That’s how secure my list of websites and passwords is. it goes through and if it finds a duplicate password for a website, or a password that doesn’t have any numbers or symbols, that gives you a really low score on that password. Or when you use a completely random generated password that Last Pass gives you.

Fr. Robert: Actually that is something we should talk about in concert talking about LastPass keeping unique user names and IDs. If you are going to use a service like LastPass, there are a few other services that do in effect the same thing, if you are going to be using that you no longer need to remember passwords. You remember the one password from LastPass, and everything else can be absolutely gibberish. I know I always use passwords that are a combination of something I know or something I’ve randomly generated. Bout with something like LastPass you don’t have to memorize that you can make it truly strange. Special characters galore, capitals, lower cases, letters and numbers. It doesn’t really matter because I’m not going to have to type it in. I can just use last pass to drop it in the site when I need to access it.

Bryan: Right. So when you go to a site to make a new password or change your password, it is really easy to generate new passwords. If you look up here you can even change the number of characters that you use in your password when you generate one. And these are just completely random and it shows the strength of the password and stuff. A lot of times when I use these passwords on a website it is like a really great password, completely random. You can use special characters, make a pronounceable, it gives you all kinds of options for that sort of thing. I usually just use a random password to say that and if you are worried about when you are making a new account make sure to copy it real quick. Then make your account and double check after you have created your new profile for that site. Sometimes I made a generated password for a site and I forgot to save it. But fortunately LastPass does have a file where it shows recently generated passwords. That is a quick tip that helps.

Fr. Robert: Now, I will say this. Maybe I know someone who has done black hatting in the past. Just someone. And there are some tools out there that are really really good at taking a password list and checking them against all major sites. It is a batch file, you dump a bunch of data in it tries it out against everything. There are options, in some of the better tools that will tell it to ignore obviously random generated passwords. Because if they see something that looks like a completely randomly generated password, then the chances are they’ve used randomly generated passwords for all their sites. So that is a low hit. So actually it will move those to the back. The ones that this person always focused on were the ones that looked like words. The winds that looked like some sort of pneumonic phrase at the person was using because then I know they probably use that on multiple sites.

Bryan: And I would not use your master LastPass password for anything else.

Fr. Robert: So! Pro tip: do not use your LastPass password, the one password you absolutely need to protect is your LastPass password. That doesn’t go anywhere. That one stays in your head.

Bryan: And the final nice thing about LastPass, there are alternatives out there but we are going to focus on LastPass right now. And that is the mobile app for LastPass. So a lot of my apps on my phone I’ve made a password basic because one-on-one my phone I want to type it in real quick. Now couple weeks ago LastPass updated and you can use it to login to whatever app you want to use. So I logged out of Instagram, for example, and I generated a new password last night for it which I could not type again even if I really wanted to. And so now that I've gone into the app LastPass pops up with this little pop up here, so I don’t even have to go into the last pass to save it.

Fr. Robert: So you give it the master password and it automatically fills in the password for that site?

Bryan: Right. So long as I can remember my master password, which I'm going to type in right now.

Fr. Robert: You know what would be good though? If we had a program that saved your password for your last spat!

Bryan: You think so? LastPass for your LastSpat?

Fr. Robert: We get it. We understand. So you type in your master password and it is going to automatically fill in the password for whatever site you are currently on. And actually, I have to say the mobile integration for LastPass is probably second to none.

Bryan: So now, I can fill the form with my Instagram password. And now I can login. That makes it really easy for logging into your mobile apps. So I use it for everything now.

Fr. Robert: We are probably going to have to revisit this subject because, and can there are other services out there. How much does last pass costs? LastPass is $12. A dollar a month is what they say.

Fr. Robert: We have to satisfy everyone in there, I know there are people in the chat room who used One Pass. And One Pass is…

Bryan: $34.95 a year? And there is another one… Key Pass?

Fr. Robert: Key pass, Which works. I’m not going to knock open source. I kind of like the interface on key pass. I know there are a lot of people who say no.

Bryan: I’ve been using LastPass for a while and it is not terribly expensive, for the convenience it allows me.

Fr. Robert: You use what you trust.

Bryan: Yeah. Steve Gibson gave it his thumbs up and that was all I needed. It is a lot better than what my grandma used to do which is type in my passwords to in a document and then save it to my desktop with the title Passwords.

Fr. Robert: That always works!

Bryan: You can’t do that anymore grandma.

Fr. Robert: Actually I have a family member who used to put her passwords into an email draft and just leave it in the draft so she would always know it was there.

Bryan: Oh yeah, so secure. Good idea.

Fr. Robert: Again you use what you trust. Speaking of who you trust, iFixit. Now we here on the show are big fans of iFixit. They have been with us from the beginning, big guests. They understand what we are trying to do it know how. We are trying to be able to hack. We are trying to upgrade. We are trying to be able to open things up so that we know how they work, and iFixit gets it. IFixit is a free online repair manual and tool kit for everything. They have more than 10,000 repair guides for everything from electronics like your smartphone, tablet, and game console to your home appliances, your clothing and even your bike. They also have foolproof instructions to fix all your stuff. If you shattered your iPhone screen, need to repair the red ring of death on your Xbox, or swap the battery on your galaxy S3, iFixit has got you covered. With their parts, tools and their repair guides to make it easy. Now today we are introducing two new iFixit tools. The pro-text screwdriver set and the magnetic project mat. Now you've seen the magnetic project map, it is this wonderful device that lets you stick your screws on it and make a little sharpie or dry erase marker next to it so you know where it’s going. But this is the thing that is got me excited. This is their smaller version of the iFixit toolkit. It is all the tools you need, but with half the space. Now the ProTech screwdriver set is a one screwdriver set to rule them all. You get 15 screwdrivers specifically chosen for the iFixit teardown. These drivers can handle more than 90% of electronic repairs. Designed for heavy use and delicate precision which means that you can get those really hard to reach small specialties screws and also cranked down whenever you need to get onto a stuck bolt. Their black oxide texts increased retro ability and corrosion resistance and a flex blade swivel top design for added precision. Now their custom tool room makes this a handy portable toolkit for amateurs and professional action also can service alike. And, of course, like most iFixit stuff it comes with a lifetime warranty. You break one of these babies in the line of service and iFixit will replace it. Now this comes for $59.95 which is actually a steel when you consider everything that we've been able to do with these toolkits. If you've ever seen a project on Know-How, 99% of the time it has been using these drivers, these tools from an iFixit toolkit. That is why we like them. They are not just a sponsor, they are our tools of choice. Now here is what we want you to do. We want you to try iFixit. We want to see it may be they are the source for all the tools, repair guides, and information you need to tear down the electronics that you are trying to upgrade. Right now with iFixit you can fix it yourself. Visit iFixit.com/twit for more than 10,000 free step-by-step guides. IFixit also sells every part and tool that you’ll need. Enter the code Know-How at checkout and you will save $10 on any purchase of $50 or more. That is iFixit.com/twit. We thank iFixit for their support of Know-How.

Fr. Robert: You use IFixit all the time right?

Bryan: I just like to take things apart sometimes. Not necessarily am I able to put them back together. But iFixit makes it super easy.

Fr. Robert: One of the things I really like in the larger kit are those sponges. I will admit I am a barbarian when I take things apart. I normally just put a flat screwdriver in there and kind of crank it until something breaks. Or it opens up.

Bryan: You know when you come back with a handful of those USBs from the conventions? I like to just pry those apart and see how the memory is is it just on the board or do they have little SD cards? So I have a little iFixit screwdriver that I use for that.

Fr. Robert: It is always nice to have a sponsor that gets you. And I get I fix it gets us. Now you know who else gets us? Routers.

Bryan: Yeah. I see you got some links to some of these.

Fr. Robert: We’ve got a little bit of the old hotness. This was the previous gold standard for everybody running the DDWRT. And that was like an open source router. I think I got this may be five or six years ago. It was a while back. This is one of the original WRT 54G’s. one of the first versions. Now the nice thing about this router is that it came with enough firepower to make it run DDWRT. That is the open software source project that we've been running on the show anytime we want to do something with IP cables or DNS mask. It runs on lower end routers but gives you some of those high-end routing features. Very cool, and also very geeky. Now here is the problem. Although I love the DDWRT on a big system, it is kind of limited. You are kind of shoehorning full source router software…

Bryan: Into like a little body.

Fr. Robert: It is so tiny. This one was 2.4 GHz only, so that is 80211 BG. It also did only 10, 100 ports. You had a port for the lan. And it also had 4 MB of flash storage, which was a lot for back then. And 16 MB assisted memory, but then on later versions they dropped it down to eight.

Bryan: It might be time to retire the old guy.

Fr. Robert: It might be time to retire. These are great, as a matter of fact there is one running underneath the desk right now. But Linksys has the new hotness. This is the new Linksys WRT 1900 AC. Not check this out. It is 2.4 and 5 GHz continuously. So there are two separate radios in there, but you can run both at the same time. For a lot of routers out there that will let you run under 2.45, this one will let you run them concurrently. It also has 80211 BG and AC. It has a beam forming tech which means it can use its four different antennas to do this creative interference so that you can steer a beam towards a particular device. I love that. Now for gigabit LAN ports and 1 GB line port so you are going to get line speed for most of your networks. It also has, instead of 128 Hz processor in the original WRT this one has a dual core 1.2 GHz CPU, it also comes with 128 MB of flash versus four. And it comes with 256 MB of DDR three system memory verses 16 and eight.

Bryan: Okay. So little bit of an upgrade!

Fr. Robert: This is the new hotness. It looks mean. It is angry! Bert was saying he liked it just because at the mean profile, and it is a little on the pricier side.

Bryan: Yeah, that was what I was going to ask next.

Fr. Robert: You’re looking at $250.

Bryan: Actually that’s not as much as I thought it would be. $250 and how long do you think this router will last you for?

Fr. Robert: Well you know, when you think of the fact that we are still using this, six or seven years later?

Bryan: If you can use this for even half that time is worth it.

Fr. Robert: It’s a deal. But here is the big thing. All those specs are great. there is a lot of routers with those specs. But this is what is different about the new hotness from Linksys. They were recently acquired by Belkin. They have designed this to run open source. So, we hacked these devices, these old routers. They weren’t meant to be, they were meant to run the proprietary software. This has been designed from the ground up to give you the worst power, then memory, the processing, and all those external inputs. This one has USB 3.0, has you set up to give you all the things you need so that you can really go to town with DD WRT or any other open-source routing software.

Bryan: Even looking through the little vents on this it looks like a little PC in there. It’s got fans and everything.

Fr. Robert: Well that is essentially what it is, right? This is a Linux PC inside of a router chassis. The inclusion of you sat at an USB three actually makes me think I really want to test this. I want to run it through its paces. And see what kind of transfer speeds I’m going to get over this thing. Because there are a lot of routers that allow you to plug in external storage devices, but the speed isn't all that great. I think with these ports I can actually pull off some serious transfers.

Bryan: We should probably do some gaming with it too. Just to test out the wireless right?

Fr. Robert: No, there will be no gaming on this router.

Bryan: No gaming?

Fr. Robert: No. Just kidding. There’s going to be a lot of gaming. We are going to run this through its paces. As we are want to do on Know-How, we are not satisfied with the PR paper. What I just described to you are all the specs, the specs are great, the promises great. But for the next couple of months we are actually going to run this in a real network. And if it passes muster I think it is going to be the new hotness that is going to power the Know-How desk.

Bryan: And if it doesn’t pass that iFixit kit is coming out to see what it looks like on the inside!

Fr. Robert: Actually I’m probably going to do that anyway.

Bryan: You would!

Fr. Robert: Brian, we have had an action-packed show. We gave a lot of description of heart bleed that I think people can actually understand.

Bryan: And how to patch up your heart bleed.

Fr. Robert: And also because it’s got jellybeans.

Bryan: Anytime we can involve candy on the show… now every time someone eats a jelly bean they’re going to get it.

Fr. Robert: We've also told people how they can get some free performance back from their Windows PC. And we’ve shown them probably the next standard hotness open-source routing.

Bryan: Yeah, because you’re drooling a little bit.

Fr. Robert: I haven’t been excited by a router in a long time. But this is kind of cool. So that is a lot. Where can the folks find out the information about these products and those things that we showed them?

Bryan: Well, Padre they can find that on twit.tv/KH where we keep all of our episodes and our show notes. We will have links to the episodes I mentioned, and where to download software and all of our notes you will find on the show page.

Fr. Robert: You can also email us but we don’t answer emails. So instead of doing that why don’t you go ahead and follow us on twitter right? If you follow us on Twitter you’ll be able to ask us for things that you want featured on the show and send us snarky comments, we normally respond. You can find me on twitter.com\padreSJ.

Bryan: And I’m @cranky_hippo.

Fr. Robert: Our prized possession is not our show notes, our prize possession is our Google plus community. 6000+ active users, I am always blown away by the kind of discussion that goes on in there. Just this morning someone posted this question. He wants to build an immersion ring. So he wants to take a computer and put it in mineral oil or some other nonconductive liquid. I remember doing those back in the day. This is why I love this community. They just always tinker and I like tinkerers.

Bryan: I’ve been going to the community. There are some awesome projects. Their versions are a lot better than some of the things that we had made. There is some cool stuff on there.

Fr. Robert: Speaking of those projects, next week is a feedback episode. So we are going to be going through the Google plus page, we're going to be pulling out the best questions, the best projects and we are going to show them right here. So be sure to get your comments into our Google plus page, make sure you get your questions in there so we can answer them next week. Well, until next time, I’m Father Robert Ballecer.

Bryan: And I’m Bryan Burnett.

Fr. Robert: And now that you know it, go do it!