Electric Kettles in the US? More power, please.

TL;DR, Get 1500 watts minimum electric kettle in North America. Lower than that is useless, might as well use your microwave.

There is a reason that electric kettles are common as dirt in the UK and not in North America. Power. Well, actually voltage. Most of the kettles in the North American market are under powered because of the 120V standard. A higher wattage for the US (1500 watts or more) kettle comes close to eating up a 15 amp kitchen circuit all by itself. It’s worth it to commit that circuit1, especially if you have a newer (30 years) kitchen with multiple kitchen counter circuits required by code.

Lower power kettles (under 1500) take way too long to bring the water to boil. Other methods become faster, if not easier.

I have a 15 year old Krups model that is 1750 watts at 120v2. This is the highest power rating I’ve seen on a standard kettle available in the US. That’s on the hairy edge of acceptable for an American circuit, but I gladly commit that circuit to the kettle alone. I love the time and temperature it buys me. For any volume, it is 50% faster than my microwave and even more than that vs the stovetop.

The UK uses 240 volts as a standard. Therefore, they can have much higher power kettles. Due to their voltage, the UK has 3000 watt kettles for ~$40. That 3000 watt kettle uses twice the voltage and the same number of amperes as US voltage 1500 watt kettles. It is the number of amperes that matters to your circuit protection system, whether fuse or circuit breaker.

A 3000 watt kettle can boil water at an amazing rate. It’s almost as if it were on demand, especially for smaller amounts of water.

So that’s why every UK household has an electric kettle and loves it and Americans can’t figure out why you would ever want one. Voltage and Amperage. By the way, the same exact thing is going on with certain other countertop appliances, such as waffle irons.

For more information on how the UK is different than the US in regards to power, here is a very interesting video on the UK power plug. It is arguably the best in the world.

Notes:

1 – “Commiting a circuit” here refers to while the kettle is in operation only. I use it enough during the course of a day that I can’t use anything else of any importance on that circuit if I want the kettle available at all times without thinking about electrical load. YMMV due to how you use your kettle and other devices that may be on that circuit at other times.

2 – I like this thing so much that after it went off the market years ago, I purchased a spare on ebay to use when the first one dies. That was 7 years ago. I still haven’t had to use the spare one. The current kettle has been used for over 10,000 cycles or thereabouts, estimating 2 cycles (or cups of tea) a day for 15 years.

 

 

Change to IoT Router – Needs a couple of trap routes

Well, my IoT router was working just fine until I installed new firmware for my main router. For whatever reason, the new firmware is treating that special 255.255.255.252 network that we put together for 192.168.1.1  and 192.168.1.2 as a big old standard class C (255.255.255.0).

We can fix that.

On main router, add two static routes:

192.168.2.1 netmask 255.255.255.255 gateway 192.168.1.2 metric 5 if LAN
192.168.2.0 netmask 255.255.255.0 gateway 192.168.1.254 (some non-existent IP address) metric 10 if LAN

On  the IoT (secondary router), also add two static routes:

192.168.1.1 netmask 255.255.255.255 gateway 192.168.2.1 metric 5 if LAN
192.168.1.0 netmask 255.255.255.0 gateway 192.168.2.254 (some non-existent IP address) metric 10 if LAN

 

How do I set up a second Wi-Fi router just for guests or IoT?

I happened to see this question on a forum and this is an extended version of my response.

The forum answers went on for 3 or 4 pages, with varying success. Some used blacklists, some used static routes, some used filters, some went as far as getting to the command-line of the router and typing in firewall rules by hand.

My answer is actually pretty simple, and there is only one trick to it.

So let’s assume that you have a working router with real devices like phones, computers, printers, tablets, and other things that you don’t mind having on your main network. You want to have a secondary network for your connected imbedded devices that you really don’t want on your regular network.

Let’s also assume that you have another Wi-Fi router lying around, or you are willing to spend some money to get a new router.

The neat thing here is that we shouldn’t have to make any changes to your existing, working router. All of the configuration we will do is on the secondary router we are adding.  You don’t have to destroy your current working network to get the new additional network up an running.

The first router we will call Router 1 MAIN Network Router. The second router we will call Router 2 IoT (or guest) Isolated Network Router.

Let’s also say that the standard LAN network address for your current working router is 192.168.1.1. This changes by router manufacturer. Some use 192.168.0.1 instead. Just remember that when you look here. I originally wrote this up with both options listed (192.168.1.1 or 192.168.0.1) but it got very confusing. If there is any demand for it, I will gladly repost this with the other numbers.

So here we go.

Connecting the the routers together

Connect one end of an Ethernet cable to a LAN Ethernet port on Router 1 and then connect the other end to the WAN Ethernet port on Router 2.

Router 1 MAIN Network Router Settings

There should be no changes needed here, as long as things match up closely enough.
WAN Address:ISP provided address
WAN Network: ISP provided
WAN Subnet mask : ISP provided
LAN Address: 192.168.1.1
LAN Network: 192.168.1.0
LAN Subnet mask: 255.255.255.0
DHCP server DNS: Whatever you use (either ISP provided or user-specified DNS servers or 192.168.1.1)


Router 2 IoT (or guest) Isolated Network Router

Nothing here is default.
Everythng has to be set by hand.
WAN Address: 192.168.1.2
WAN Network:192.168.1.0
WAN Subnet mask: 255.255.255.252  This is the key element
WAN Gateway: 192.168.1.1
WAN DNS: 192.168.1.1 only
LAN Address: 192.168.2.1
LAN Subnet mask : 255.255.255.0
DHCP Server DNS: 192.168.2.1 only

Your particular router may ask for the network in slash notation, which is normally like 192.168.1.0/24 for a standard Class C network. The key element here would be 192.168.1.0/30. Most routers I know of ask for a subnet mask notation, not slash.

 


What’s going on here

  • The WAN subnetting on Router 2 stops the routing of 192.168.2.xxx to anything but 192.168.1.1 on that subnet.
  • The 255.255.255.252 subnet mask is limited to 4 total addresses, two of which are eaten up in administration.
  • So this .252 subnet only allows traffic between 192.168.1.1 and 192.168.1.2 on the 192.168.1.0 subnet as far as Router 2 (and anything behind it) is concerned.
  • Here is link that describes this .252 network.

    Ping Examples

  • Client MAIN1 has in IP address on the Main Network of 192.168.1.100.
  • Client IoT1 has in IP address on the IoT (or guest) Isolated Network of 192.168.2.100.
  • LAN side of Router 1 has in IP address of 192.168.1.1.
  • LAN side of Router 2 has in IP address of 192.168.1.2.
  • WAN side of Router 2 has in IP address of 192.168.2.1.

MAIN1 can ping google.com.
MAIN1 can ping LAN side of Router 1.
MAIN1 cannot ping WAN side of Router 2.
MAIN1 cannot ping LAN side of Router 2.
MAIN1 cannot ping IoT1. MAIN1 can’t see IoT1.

IoT1 can ping google.com.
IoT1 can ping LAN side of Router 2.
IoT1 can ping WAN side of Router 2.
IoT1 can ping LAN side of Router 1 (required to get out to Internet).
IoT1 cannot ping MAIN1. IoT1 can’t see MAIN1.

So both MAIN1 and IoT1 can each see the Internet but they can’t see each other. Job Done.

Here is screenshot of the Router 2 WAN setup page, based upon an ASUS router. Your page may vary, but the information required will be very similar.
asus_wan_router2.jpg

BIND and DHCP – More of an adventure than it should be.

Running DNS and DHCP together should be easy.

It is in Windows, for instance. One would load the services, preferrably on an AD, and everything works together. DHCP updates DNS. DNS provides what DHCP needs. All nice and neat. One doesn’t even have to tell either service that the other exists. It figures it out.

Not so much on Linux. First off, they are completely separate services. I don’t have a problem with that. The problem comes when trying to get them to work together, where DHCP can update DNS with its lease information. There are keys to be handed over, journaling files to be written, plus SELinux and standard file access issues.

Once it works, it’s just fine. But getting it there can be interesting.

For instance, the named service entry in init.d reverses out a very important SELinux boolean. I set the variable by hand with setseboolean -p named_write_master_zones 1, which allows named to write DNS entries in a master zone. That’s pretty important to be able to do. Then I go to start named and the messages log tells me that the named_write_master_zones was set to 0 by root! Huh? What’s up with that? For some reason, the init.d entry always toggles the value. So I edited the init.d entry so that it always sets it to 1. This could cause other problems down the road if I ever turn this server into the secondary DNS server. I’ll burn that bridge when I come to it.

There goes an hour of my life I’m not getting back.

FTP for Windows – FileZilla is the way to go.

Windows IIS comes with an FTP component. I wish it didn’t. Because it is there, one would be tempted to use it. Do not succumb to this temptation. Pain and misery will ensue.

First off, IIS FTP is painfully slow. You can actually feel it in your bones how slow it is if you have used anything else. Second, it is completely dangerous. Here is what I mean by that. IIS FTP uses real Windows user names for authentication. It’s possibly to use the same real user and password as on the startup screen on your domain-cotrolled desktop or laptop.

This means that anyone can use FTP to attempt to locate usernames and passwords that work all over YOUR network! Yikes. Even worse, the bad guys will attempt to find your DOMAIN ADMINISTRATOR username and password. This is a search for the keys to the kingdom. It is possible to limit the exposure, but by default any user could be at least exposed as being a valid username, even if that user can’t login to FTP.

There is hope here, in the form of FileZilla Server. It is fast, it uses its’ own list of users, not the local computer’s or the domain’s, and you can set individual user directories with per-user rights. It’s quite simple to set up and has a great Windows FTP client available. And it’s free, but you can make a donation to the cause.

vsftpd FTP server with MySQL Authentication

I like FTP servers. Everyone should have one or two. Don’t know why I like them so much. I just do. They make me feel all techie.

Given the choice, I will usually install vsftpd on a Linux box. Fast, secure and stable. One thing I don’t like to do is to create real Linux users just for those folks who are going to use FTP or HTTPS logins. It’s a pain and a security risk. I almost always use virtual users when I install FTP servers.

A virtual user in this case (as in most,) is a username and password that can be used for service (such as FTP) that does not really exist on the system. It will exist only in a database in mySQL. Even if a username and password are discovered, only the FTP service (or specific other services you identify) will be affected. And it will only affect those areas where that virtual user has access on the FTP server.

Another huge advantage is that you could have almost limitless numbers of users. An additional user is just an entry in a database. There are no new system-wide rights additions or changes, no new groups to maintain, no linux home directories to maintain, just new subdirectories to one existing directory. All this will run on one single, limited access Linux user. Nice and fast. Nice and safe.

For more detailed information on doing this yourself, I have a drupal-based WIKI on this here:https://tboland.homelinux.org/drupal/?q=node/11

Things you need to do NOW

Get a firesafe for your house that you can move in a hurry.This is pretty straightforward, but it’s not just for the regular reasons. It forces you to go through your important stuff and limit it to the “I can’t live without this” stuff. Living in earthquake country, I prefer a portable safe (though a little less secure) because we never know if we will be able to get back into the house. This is also true in flood and fire prone areas. It all comes down to which you fear most – mother nature or the bad guys.If you are really paranoid, you could get a really big one that bolts to the house and another smaller one that fits inside it with the “grab and go” stuff. That would solve both issues (mother nature and bad guys) but adds expense and complexity. Adding complexity means that you are less likely to actually to do it. That’s bad.Make sure that your firesafe is also rated for water resistance. You know that’s probably coming after the fire, right? It would be a bummer to have your firesafe withstand the onslaught of the heat and fire, only to have the contents destroyed by the water that’s used to save it.Things to keep in firesafe

  • Car titles
  • Cash (limited)
  • CD’s of important pictures,
  • Birth Certificates
  • Kid vaccination records
  • insurance docs
  • USB thumb drive with encrypted and password protected account and password information on it. I use KeePass, which is Open Source, free, and excellent.
  • Copy of wills, trusts, and medical powers of attorney

Some of this stuff could be in a safe deposit box, but there may be times when safe deposit box may not be available at the same time your house isn’t. Like aforementioned earthquakes and floods and fires and other large scale disasters.Get a shredderUsing a shredder can be fun it it’s own odd way, but it also lets you be free of more things than you imagine. Once it’s shredded, it is gone out of your life. There is no going back, and it is no longer worth your time to worry about it. Make sure it cross-cuts into little pieces rather than into anything that looks like strips. Strips can be re-assembled pretty easily. One that handles CD / DVD media and credit cards is nice, too. But you can’t dump that stuff in the recycle bin with the paper.If you have a large amount of history that has to be shredded, include that in your shredder purchasing decisions. Thinking that history is just a one time thing means that you may never get it all shredded. This is because you will kill your shredder or it will just take too darn long to do and you never complete the history portion of the shredding project. I know. Been there. I used 2 shredders to get through our history – luckily, Anne had a shredder, and I had one also. The big shredder would overheat and then I would switch to the little one. When that little one overheated, the big one had cooled down enough to do some more. There were times when both shredders were overheated. I easily shredded more in the history portion than I will in the next 10 years or normal use, maybe 15 years. There were extenuating circumstances for the amount of history I had to shred, but you get the point. Getting too small a shredder could be more of a mistake than getting too big a shredder.Placement of shredder is important. It should be right next to where you do your bills and sort your mail. We use the dining room table for this, so one of the shredders lives in the dining room. Silly from an interior design pespective, but exactly correct for the way we actually live. There is no longer a pile for stuff to be shredded. Once I got through the history, there was no longer a need for the pile. It goes from table to shredder directly. Ot at least that’s the plan. I’m pretty good at that, but other parties involved may not be. But I take care of it quickly so it doesn’t build up. Things I shred:

  • All paid standard monthly bills and statements. Once I am done with it, it’s confetti.
  • Paycheck stubs (WAY too much information to leave lying around)
  • Those horrendous 0% interest for 6 months checks from your credit card company (evil, evil, evil.)
  • Almost anything that came in the mail and has my name and some other number of any sort – even if made up by the sender.
  • Old checks and deposit slips.
  • Other junk mail to add bulk and pieces. This makes it harder to reassemble because not everything is important. I like to shred at least as much junk as real stuff.
  • Anything Anne needs me to.

The ability to let go and shred something is more emotional that one might think. Do you fear not having the item versus the bad guys versus what it takes to manage all that paper? It can be a strange little dance. You have to come to terms with it. That’s why I am the shredder in the house. Get a safety deposit boxThis is the place to keep the heirloom stuff, more documents that you really only need access to every so many number of years. I actually don’t have one, but it is because I feel better about having access to the firesafe. That’s a crazy thing, I agree, and that’s why I am adding safety deposit box to the list. You either have to get one or come to terms about not getting one. I am a jerk and a hypocrite for not doing it, but I realize this.Getting the firesafe and shredder is one trip to your local big office supply store, or Costco or even Walmart or Amazon. Not so much money ($100 to 200) should do it. The safe deposit box is a call to the local bank to see if they have any there and then a trip down there, some paperwork and some fees. Painful.Why do this?All of this will help you feel a little more in control and a little less crazy because you know you have done something that makes sense. You can’t control the big bad world, but you can put a little bit of your own life together. That’s just as important as any level of protection you are getting from the firesafe, shredder and safe deposit box.

Can't remember as many telephone numbers as you used to?

It’s not just you. The difference in the ability to remember 7 digits, chunked into 3 and 4 digit chunks (123-4567) versus 10-digit chunked into 3-3-4 (123-456-7890) is HUGE! Nobody can remember phone numbers any more. This explains the panic when:

  • you can’t find your PDA, or your organizer
  • your wireless phone dies and you have to replace it and you can’t get your contacts off of the old one
  • you leave the wireless phone in the car for five minutes.

In case you are interested in this kind of thing, here are some links with more information on the subject:

  • This is from Norway, which uses different telephone number “chunking”, but has some really neat information on memory, digits and chunking.
  • Even more is here, specifically about memory and the “magic number seven“.
  • Original source material, Miller 1956, The Magical Number Seven, Plus or Minus Two: Some Limits on our Capacity for Processing Information as html or pdf

Tom

What I don’t write about here

Because this blog was related to work originally, and still is to some degree, I am specifically staying away from certain topics. They are the big three. Religion, Politics, and Sports. It’s very interesting to me that these still are the big nasties when it comes to open dialog and discussion. We can talk about just about anything except these three things. Actually, I stay away from sports because I am just not that adamant about it. Nothing against it, just don’t care that much to get all riled up. I may make the odd reference to certain beliefs, but only as a clarification of another point. It is not there to create controversy. That’s not the point of this blog. If you remember, this is a demonstration blog for someone who needed to see how a blog operated. In the range of things to do on a company blog, staying away from unnecessary controversy is pretty high on the list. The other reason is that I just don’t want to. There is so much division and derision when speaking on these topics that I don’t think that it is useful anymore. I am not trying to go down the middle here. I am in full-on avoidance. Pretty wimpy, I guess. I can live with that. Tom

What I learned from Anna Kournikova

I certainly didn’t learn anything about tennis from her. What I did learn is that in certain areas, computer training gets trumped by human nature, just about every time. In the words of Robert Heinlein, “Never try to teach a pig to sing. It only wastes your time and it annoys the pig.”

Many moons ago, there was a computer virus called Melissa that required users to open up an attachment to an email. There was this big sturm und drang all over the place in corporations and offices and the media all over the country about not opening email attachments you weren’t expecting. Big push on this. Not three months later, the Anna Kournikova virus comes to town where you have to do the same thing, open the attachment.

These viruses (virii?) used classic, hard core, brute force, social engineering. Melissa was also known as the I love You virus, where you received an email purportedly from someone who loved you and they sent you something nice. The Anna Kournikova virus was much simpler – it promised nude photos. You can’t get more basic than that, now can you?

What it taught me is that people are not very good at learning something in the virtual world and applying it in the virtual world. They thought these two things were different, while every network admin in the world saw these as exactly the same thing. This is not something that gets trained very well. Some people get it, most people don’t.

What this means to me is that I am loath to teach computer users too much about their computers because it ends up not being a good use of any one’s time. If something is important to them or their jobs, they will find a way to do it. That might include asking me – and that is great!! I am there in a shot for training like that. But if it is a conference room full of people who are required to do it, the only thing anyone gets out of it is possibly the free sandwiches and soda.

I am not saying that people can’t be taught computers; I am saying that most people will figure it out on their own, or not. They have to have the first step of motivation and action. Without that, training is pretty much a waste.

As far as viruses and spam are concerned, I have three levels of virus protection enforced on email, and two on everything else. There is no user intervention. I don’t tell them what or how I deal with viruses unless an individual asks.

Tom