3 ways to ssh to a PC running Windows and WSL2

There are 3 ways to ssh into a PC running Windows and WSL2 (Ubuntu):

  • Running an ssh server on Windows
  • Running an ssh server on WSL
  • Running an ssh server on Windows AND on WSL

I’ll walk you through the advantages/disadvantages of each, and conclude with a how-to of the method I prefer.

Why is this Hard?

You might think, “What’s the problem? I’ll just run sshd on Ubuntu and then I can ssh to port 22.”

With WSL2, Microsoft put Linux in a VM. That VM has its own private network. The Windows machine acts as a router for WSL to reach the outside (real) network. So WSL’s port 22 (or any other port) is not visible to the outside world. Your WSL VM gets a different IP address every time you boot, complicating matters and make it tough to set up port forwarding.

Method 1: Running ssh Server on Windows

You can install Microsoft’s port of OpenSSH server on Windows. Follow the instructions at the link. You’ll want OpenSSH server and client for the recommended solution.

Test it by opening a Command prompt and running ssh localhost. Login with your WINDOWS ID and password. You should get a PowerShell prompt.

When you login to the ssh server, the server will launch a shell for you. That shell is specified in the Registry at HKLM\SOFTWARE\OpenSSH\DefaultShell. By default, it points to C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe.

If you want to ssh to a PowerShell, it’s simple and you’re done. If you’re not running WSL, that’s probably what you want to do. But if you’re running WSL, you probably want to ssh to WSL.

This guy tells how to update the registry to have Windows’ ssh Server launch bash. It was the perfect, simple method. Then, sometime in mid-to-late 2022, Microsoft updated WSL2. It was working just fine (for me). Then, I ran wsl --update and it broke:

  • Sometimes I get a “The file cannot be accessed by the system” message.
  • I always get “Connection to MACHINENAME closed” immediately after login.

If you track down wsl.exe in C:\Users\USERNAME\AppData\Local\Microsoft\WindowsApps, you’ll see that it is zero bytes. This happened when Microsoft moved WSL into the Microsoft Store. It isn’t a symlink, but it functions sort of like one. But you can’t launch it from ssh server. It is a known issue.

Method 2: Running an ssh Server on WSL

You can install sshd on Ubuntu. Follow the instructions at the link. You’ll want OpenSSH server for the recommended solution.

Test it by opening a bash prompt and running ssh localhost. Login with your Ubuntu ID and password.

This works very nicely, except you cannot connect to your ssh daemon from anywhere except a WSL session. That’s not very useful.

I won’t provide the details, but you could:

  • Update the Windows firewall to permit incoming connections to a port. (If you’re also running ssh server on Windows, you’ll need to choose a port other than 22!)
  • Set up port forwarding from your Windows machine to a port on your WSL machine.
  • You’ll have to update that forwarding on every reboot, because WSL assigns a different IP address to your WSL machine after a reboot.
  • You’ll need to get your WSL machine started before you can connect to it.

It can be done. People are doing it. It is a lot of work, it is complex, and it is fragile.

Method 3 Part 1: Running ssh on Windows AND WSL

Conceptually, you will ssh to the Windows ssh server, and then you’ll ssh from there to WSL. You’ll use Windows as a “jump server” to connect to WSL. Once setup, it is robust and flexible. This is the recommended method. I’ll go into some detail.

  • Install ssh Server on Windows, per the applicable link above. Test it by connecting from a Command window by running ssh localhost. Then go to another machine and ssh into your Windows machine. Confirm it works. Remember to use your Windows PASSWORD and not your Windows PIN.
  • Install sshd on WSL, per the applicable link above. Test it by running ssh localhost from a bash shell. Then test by running ssh localhost from a Command prompt. (You should get a bash prompt when you connect.)
  • On WSL, edit /etc/ssh/sshd_config (NOT ssh_config – sshd_config) and change # Port 22 to Port 2022. Restart sshd, and test by running ssh localhost -p 2022 – first from bash and then from CMD on your Windows machine.
  • Run a proof-of-concept: ssh from another machine to your Windows machine; then ssh from your Windows machine to WSL. Make sure it works before proceeding. (We will automate the jump-server relay connection, to make it transparent.)

Method 3 Part 2: Automating the Jump Server

For this example, I’ll assume you have two Windows PCs named “HusbandPC” and “WifePC”, and that there is a user named “husband” on HusbandPC and a user named “wife” on WifePC. The only WSL account is for user = “wife”. We’re going to name the WSL on WifePC “WifePC-wsl”. (Yeah, that matches my setup, with names changed to protect the innocent.) I’m going to ssh from HusbandPC to WifePC.

On HusbandPC – the one you want to run ssh client on – do the following:

  • FIRST, delete any “localhost” entries from .ssh/known_hosts. ssh can’t tell the difference between YOUR localhost and someone else’s.
  • ssh -J husband@wifepc wife@localhost -p 2022
    • That tells ssh to use wifepc as a jump server, to connect to port 2022 on localhost, which will be WSL.
    • Make sure that works before continuing.
  • THEN, delete any “localhost” entries from .ssh/known_hosts. ssh can’t tell the difference between YOUR localhost and someone else’s. (Yeah, you did this earlier, but then you connected to localhost and you need to clean up again).
  • Edit ~/.ssh/config on HusbandPC (NOT config.txt) and add lines like the following, replacing UPPERCASE items (HOSTNAME should be the Windows host name):
    Host wifepc-wsl
      Hostname 127.0.0.1
      Port 2022
      ProxyJump wifepc
    

    This says that when you run ssh wifepc-wsl, it will connect to ssh on wifepc (port 22 by default) and then use it as a jump server to ssh to 127.0.0.1 (port 2022). That would work if your user ID is the same on wifepc and wifepc-wsl, but suppose it is not…

IF your user-ID is not the same on client, jump-server, and HOSTNAME (e.g. your UID is “husband” on wifepc and “wife” on wifepc-wsl), you’ll need a more complex config file:

Host jump-server
    HostName wifepc
    User husband
Host wifepc-wsl
	Hostname 127.0.0.1
	User wife
	Port 2022
	ProxyJump jump-server

Test it by running (from your client machine) ssh HOSTNAME-wsl. You’ll have to enter login credentials on the jump server and then the WSL instance.

PROBLEM:

BUT… If you use this to connect via 2 jump servers, ssh can’t tell the difference between “localhost” (or 127.0.0.1) on one server vs the other, in the known_hosts file. You need to use HostKeyAlias to put a UNIQUE host name in known_hosts for each “localhost”. So continuing with HusbandPC and WifePC, assume you need to ssh into wifepc-wsl and husbandpc-wsl:

Host jump-server1
    HostName husbandpc
    User husband
Host husbandpc-wsl
        Hostname 127.0.0.1
        User husband
        Port 2022
        HostKeyAlias localhost-husbandpc
        ProxyJump jump-server1
Host jump-server2
    HostName wifepc
    User husband
Host wifepc-wsl
        Hostname 127.0.0.1
        User wife
        Port 2022
        HostKeyAlias localhost-wifepc
        ProxyJump jump-server2
Host localhost
        Hostname 127.0.0.1
        port 2022
        HostKeyAlias localhost-real

This tells ssh to save certificates in known_hosts using alternative names for the various localhosts (i.e. localhost-husbandpc, localhost-wifepc, localhost-real).

No Passwords

Set up password-free login on both the jump server and HOSTNAME-wsl. You definitely want it enabled on the jump server. Note that the id_rsa.pub on your jump server is used to gain passwordless access to HOSTNAME-wsl.

sshd Quits After One Connect

sshd sometimes quits. I think the issue is that when there are no foreground processes running WSL shuts down. I’m not at all certain about that.

I used Task Scheduler to run “C:\Windows\system32\wsl.exe sudo cron” at the primary-user’s Windows login. I also ran “sudo systemctl enable ssh” at a bash prompt. (I previously used visudo to edit sudoers, granting passwordless sudo to my primary user.) That seems to ensure that cron AND sshd are constantly running.

Reminder About WSL Instances

Each Windows user gets his own WSLs. (Not exactly, but close enough.)

If Windows user winuser1 launches WSL and starts sshd, you get a DIFFERENT file system than if winuser2 starts sshd.

winuser1 can have linuxuser1 and linuxuser2, and winuser2 can have a DIFFERENT linuxuser1 and linuxuser2.

TurboTax Student Information Worksheet, Line 18, Used for Exclusion

There are two kinds of TurboTax users – those who just complete the interview as best they can, trusting TurboTax to get everything right, and those who want to understand every number so they’re. This story is for the latter. It deals with the “Part VI - Education Expenses” section of the worksheet.

Parents of children in college, will encounter the “Student Information Worksheet” in TurboTax 2020. This is where TT looks at all the possible ways to deal with your college expenses. It uses the numbers from this worksheet to pick the best tax strategy for your situation.

Columns

Part VI is a large table. Think of it as a static spreadsheet. (It is a spreadsheet that you can’t update directly.)

I’m going to look at just a subset of the columns of this table. The omitted columns are similar to columns I do cover.

  • Total - This column lists all the education expenses, scholarships, credits, without filtering. These are the raw numbers.
  • American Opportunity Credit (AOTC) - This column is the subset of values from the Total column which are eligible for the AOTC. For example, you might have $200 of fees in the Total column, but ony $100 of those fees would be eligible for the AOTC. In that case, you’d have $200 in Total and $100 in the AOTC column.
  • Lifetime Learning Credi (LLC) - This column is the subset of values from the Total column which are eligible for the LLC.
  • etc.

Other than line 18 (“Used for exclusion”) the numbers in the non-Total columns have nothing to do with one another. If you have $200 in the Total column, all of the other columns are capped by this value. But if you have $100 in the Total column for AOTC, it has nothing to do with the number in the LLC column. If you change your data in a way that increases the AOTC number to $101, that won’t take $1 away from LLC.

Rows

  • Lines 1-12 get totaled, to create line 13.
  • Lines 14-18 totaled totaled, to create line 19.
  • Line 19 gets subtracted from line 13, to create line 20.
  • Line 20 shows, for each category (AOTC, LLC, TFT, 520), how much $ could be squirreled away there.

Important: You can’t use all of the values in row 20. For example, if you take the AOTC, you can’t also take LLC. If you have $1000 in row 20’s AOTC and you also have $1000 in row 20’s LLC, TurboTax is going to use one of those values and not the other. It will pick the one which results in the lowest tax bill.

Row 20 is the bottom line, so to speak. The lines at the top of the chart are adding up expenses, the lines in the bottom of the chart are subtracting the amounts somebody else paid, and line 20 is how much expense TurboTax could charge to that column.

When you’re looking at the chart, it is easy to get confused as to which cell goes with which label in the “Description” column. Follow the “…….” from the description to the underscore for the appropriate row.

Gray Areas

The big gray blocks prevent you (or TurboTax) from entering numbers which don’t apply to that column. e.g. Room and Board is grayed out for AOTC and LLC because you can’t pay for room and board with AOTC or LLC.

Where Do the Numbers Come From?

  • Row 1: Tuition = 1098-T data entry. In a simple world, this number would come from “Box 1 - Payments” on your 1098-T. If you clicked on the blue link, “What if this is not what (student name) paid to this school?”, row 1 comes from that field.
  • Row 2: Fees = ?
  • Row 3: Books, supplies, equipment = This comes from your answer to the prompt for how much you spent on books, etc. which must be purchased from the school. Look closely. The “Paid to other…” is part of the NEXT row in the table.
  • Row 4: Paid to other… Books, supplies, equipment. This comes from your answer to the prompt for how much you spent on books, etc. which need not be purchased from the school.
  • Row 5: Other course related = ?
  • Row 6: Room and board. This comes from the number you entered for the room and board prompt. * What? You didn’t see a room and board prompt? Yeah, it is hidden. * Enter 1099-Q data via: Federal Taxes > Deductions & Credits > ESA and 529 qualified tuition programs (Form 1099-Q)
    • THEN enter “Expenses and Scholarships (Form 1099-T)” from Federal Taxes > Deductions & Credits
      • It will be accessed via “Other Education Expenses”
      • I’m guessing they do it this way because the only part of your taxes where R&B is relevant is accounting for your 529 distribution (the 1099-Q). IF you have a 1099Q, then the R&B via “Expenses and Scholarshps” is relevant.
  • Row 7: Special Needs Expenses. This is what you entered at the corresponding prompt.
    • Tip: I had some fees which the 529 plan could reimburse (without generating a tax liability) but AOTC could not. I couldn’t find a way to tell TurboTax that these fees should be excluded from AOTC. Then I discovered that Special Needs Expenses are eligible for 529 but not AOTC.
      • This worksheet does not get sent to the IRS. It merely captures the calculations TurboTax did.
      • I entered the non-AOTC fees as Special Needs Expenses, even though my child has no “special needs.” TurboTax did the desired calculations, I paid the right taxes, and the 529 plan reimbursed these pseudo special needs.
  • Row 8: Computer expenses = ?
  • Row 9: QTP/ESA = ?
  • Row 10: Academic Tutoring = ?
  • Row 11: Uniforms = ?
  • Row 12: Transportation = ?
  • Row 13: Total qualified expenses = This is the sum of rows 1-12.
  • Row 14: Refunds = This comes from the number you entered for the refunds prompt.
  • Row 15: Tax-free assistance = ? (I don’t know the exact prompt, but this is where the Georgia Zell/Hope scholarship shows up.)
  • Row 16: Deducted on Sched A = ? You probably won’t get anything here, if you’re taking the standard deduction.
  • Row 17: Used for credit or deduction = ?
  • Row 18: Used for exclusion
    • (I hate row 18.) TurboTax makes up this number. Taking the AOTC column as an example.
      • Suppose you have $500 listed. It means TurboTax is voluntarily taking $500 which could go toward AOTC, and not applying it to AOTC.
      • Why on Earth would it do that?
      • Because by giving up that $500 for AOTC, it can applying it more effectively elsewhere.
      • Elswhere, I said that the columns were independent except row 18. This is why.
      • See “Mythical Row 21.”
  • Row 19: Total adjustments = This is the sum of rows 14-18. These are values which reduce the expense which is eligible for the corresponding column.
  • Row 20: Adjusted Qualified Expenses. Row 13 minus Row 19. This is how much expense TurboTax could charge to that column. When TurboTax puts a number in row 18 (Used for exclusion), it is doing so in order to lower this value for the column.

Mythical Row 21: The table would be much clearer if TurboTax appended a row 21. This imaginary row would be the amount from row 20 which TurboTax actually applied to this column’s category.

  • e.g. If your Total column was $1000, and TurboTax applied $300 of that Total to AOTC and $700 to your 529 plan, it would have these numbers in row 21.
  • e.g. Since you can’t use the AOTC and the LLC for the same student in the same year, your row 21 will have a zero in one of these columns, even if row 20 has $2000 in each of these columns.

If you are trying to make sense of the table, create your own row 21. The numbers in row 21 will be less than or equal the same column’s numbers from row 20.

Disclaimer: Any of this information could be totally wrong. It is not tax advice or legal opinion. It just describes what I think is the way to make TurboTax do what I wanted.

Compressing and Trimming DV Files

I used to own a MiniDV camcorder. When you copy video from one of these, you wind up with a “.dv” file on your computer, and the video is 720x480. (That was considered high res in its day!)

.dv files are only lightly compressed. i.e. They are very big. I wanted to compress to .mp4 using H.264 compression, using a compressor that prioritized quality over size reduction.

Tinkering around with Handbrake, I found I could get videos indistinguishable from the .dv master, using the “Fast 480p30” preset. I decided to use the next step up, to try and avoid future regret, so I’m using “HQ 480p30”. That preset also adds surround sound, which is silly for home video, so I’m using the preset with audio overriden to discard the surround sound track.

OK. So I compressed a bunch of .dv files down to about 15% of the original size. Great, right?

But then I noticed that some of them had long black section at the end. I wanted to cut those off. So my goal became, “Trim the junk and compress.” Somewhere along the way, my requirement morphed into “split every .dv into individual scenes and compress each scene.”

I wanted to trim the junk before compressing, because if I edited the compressed file, even just to trim it, some NLE (non-linear editors) will uncompress and re-compress it, and that degrades quality, because video uses a lossy compression algorithm.

That meant I needed to edit .dv files, and very few NLE programs still support .dv. Unless otherwise noted, these were tested on a Mac running Big Sur, in late 2021.

  • Davinci Resolve - won’t load .dv files. (Otherwise, it looks like a fine NLE.)
  • VirtualDub (Windows) - does have “direct stream copy” to avoid re-compressing, but it doesn’t open .dv or even .mp4 files.
  • QuickTime X - can open .dv files but can’t save them as .dv files. They will be re-compressed using H.264 video codec. (That might actually accomplish my goal, but I can’t pick and choose the compression level.)
  • avidemux - can’t open .dv file.
  • Premier Elements 2022 - can’t open .dv files
  • Handbrake - You can tell Handbrake to convert only a section of a file from .dv to .mp4.
    • And you can control the compression paramenters.
    • But there’s no GUI for selecting the start/stop frame.
    • The big problem is that if you play the video and pick the start/stop time, Handbrake only starts/stops at approximately the location you specifiy. It was off by a second or two.
      • That means that you are likely to end up with a brief flash of the NEXT section at the end of every cut. That will be irritating down the road.

Here’s what I decided to do:

  • Convert the entire 13 GB .dv file to high quality .mp4.
  • Make a copy of the .mp4 for each scene on the video.
  • Use Avidemux WITHOUT re-encoding to trim the MP4 to the precise start/stop frames. When setting its parameters, it is important to use the following, to avoid re-compressing:
    • Video Output = Copy
    • Audio Output = Copy
    • Output Format = MP4 Muxer
  • The Avidemux parameters are per https://help.presentations2go.eu/editing/CutwithAvidemux.html
  • I timed them, and the copy-to-output happens too fast for it to be re-encoding.

WYSIWYG Markdown Editors 2021

Despite its limited control of formatting, I’m doing most of my doc in Markdown, due to its ubiquity and cross-platform presence. I have a few must-haves for editing Markdown.

I will use a WYSIWYG editor.

I certainly can edit with vi, but that’s not where I’m putting my energy. Presentation is important – even when editing. For most of my doc, I want to see a close approximation of the final product while I’m editing it. I do not want to be switching between edit mode and preview mode. I do not consider “side-by-side” edit mode and preview mode to be WYSIWYG.

I require GUI support for tables.

I will often print a paper copy.

Shucks, I carry a paper copy of my most-frequently accessed Markdown document to the tops of mountains. Printing is important.

Page margins are important. Typora on my Mac prints an almost 2” top of page margin on the first page, and insists on 1” margins elsewhere. Typora on my Windows PC prints a 1” margin all around. I’m not typically putting this stuff in a binder. I want to be able to set my page margins from 1/4” to 1”.

I use Mac, Windows, and Linux.

I need to edit, view, and print documents on all of these OS.

What does that leave me?

  • Mark Text:
    • WYSIWYG.
    • Can set page margins by mm.
    • Handles YAML front matter and user CSS.
    • Seems adequate. Printing is a little cumbersome, but it works. No user CSS.
  • Typora:
    • WYSIWYG.
    • Creates excessive page margins on macOS and does not enable 1/4” page margins on Windows.
    • Handles YAML front matter but not user CSS.
    • Seems adequate, except you’ll have to print with something else (e.g. Pandoc).
  • That’s really it for WYSIWYG. Other “WYSIWYG” seem to be side-by-side.

Typora is justifyably popular, but the huge, uncontrollable page margins are a deal-killer for me. I had been planning to buy licenses for all my machines when it comes out of beta, but the page margins are a known issue with to path to resolution.

Mark Text feels clunky by comparison. I could use Typora to edit/view and Mark Text just for printing, but I’m on a “kick” to reduce complexity in my life, and two programs is twice as complex as one.

I think that means Mark Text is the lesser of evils.

Solved: Alexa Echo Unable to Play Tunes By Artist

Alexa started offering a “station” every time I asked her to play tunes by an artist or to play a particular tune.

After a little investigation, I discovered it was one Echo impacted, out of the 5 in our home. Somehow, the one device seemed not to know we had a subscription that would permit us to request particular tunes. (I think it is our Prime subscription. I don’t think we have a deluxe music subscription.)

Rebooting the device and checking the software for the latest version did not change its behavior.

At any rate, the solution was to deregister and re-register that Echo. To do so:

  • Browse to https://alexa.amazon.com and login, if necessary.
  • Select “Settings”
  • Click on that particular Echo device, from the list of devices.
  • Scroll down to the “About” section and click “Deregister”.
  • Confirm that is what you want to do.
  • Now run and fetch your phone, because Registering can only be accomplished via the Alexa app on your phone.
  • Give the Echo 3 minutes to restart. If it hasn’t restarted on its own, power cycle it.
  • The Alexa app on your phone should prompt you to register the “new” device. Follow the wizard as it walks you through registering.

Why I'm Moving to IDrive

… despite it not meeting my requirements.

I need sync among my Win/Mac/Linux machines. I need off-site backup. I need on-site backup. I actually have all this right now, but it has too big a footprint.

I can sort of keep it going, but there is no way my wife would ever spend the effort, if I were temporarily disabled. I’m skeptical I could keep it going when I reach age 80. I need something simpler. And right now, my on-site backup is a beast of a server with triple-RAID for data and two-drive RAID for the OS. This is nuts.

My requirements:

  • Zero knowledge - Non-negotiable. The vendor doesn’t store files unencrypted and doesn’t have the encryption key.
  • Multiple sync folders. e.g. Not like OneDrive where everything to sync lives inside a “OneDrive” folder.
  • Mac/Win/Linux-386/Linux-ARM - my Mac, wife’s Windows laptop, a Linux server, a future Windows laptop for me.
  • Affordable. I’m flexible on the definition
  • Performance. Uploads/downloads happen quick enough for my 2TB of data. Software is low CPU/disk demand.
  • Selective sync. If I have 2 computers sharing an online folder, some files to sync with one and some with the other.
  • 3rd party backup. I can back it up to a 3rd party so I don’t need a local backup.
  • Supported.
  • Simplicity. Can I manage it when I’m 80? Can my wife get files out of it when I’m dead?

Nobody meets all of these as of April 2021. SpiderOak and Tresorit come pretty close. They are zero knowledge and multiple sync folders. At $288/year for 2.5 TB, Tresorit is more than I want to pay. SpiderOak is bearable at $150/year for 2TB, but if I grow beyond that, the next stop is $320 for 5TB. They don’t support Linux-ARM and they don’t support 2FA for web logins! Wow. I didn’t even know I needed to add that to my requirements.

iDrive looks like it meets all the requirements except multiple sync folders, for $70 per year for 5 TB, with first year under $10. Somebody even made it work with Linux-ARM. You might think you could get around the multiple sync folder issue with symlinks, but it simply ignores them. Some nut cases on the web suggest putting the real folders in the sync folder and linking to them from the other place you need them. Try that with subfolders of your /etc and let me know how it works for you!

I think I can get around the requirement for multiple sync folders. The files I sync with every machine are mostly kleinfelter-file-cabinet – a collection of ‘documents’ I share with my wife. Almost everything else I sync is synced with my server, where they get backed up locally and sent to my off-site backup provider electronically. I might like to sync some of my project folders, but they could be moved into a single sync folder.

iDrive handles backups separately from sync. You can backup from multiple source folders. To configure backups, launch the iDrive app (via “Start iDrive” on the menu bar icon). You can select all the folders you want via the “Change…” button. (Why can’t they let you add sync folders similarly?)

So I think I can live with everything to sync in a single sync folder, with backup of my other files. If I find otherwise, for Mac/Win/Linux-386 there is https://www.insynchq.com/pricing which says it adds features such as multiple sync folders (at the cost of increased complexity). Linux-ARM is SOL here, but my Linux ARM box will be solely used for backup. See this site for iDrive ARM backup tips.

rclone makes many things possible, but the complexity is off the charts, and it really only supports 1-way sync. They are very clear that setting up 2-way syncs risks data loss. I might wind up using rclone on my Linux-ARM because I can set up 1-way backup to run once a day and then forget it (except to confirm it is really still running).

I could use rclone to encrypt storage at OneDrive or any other unencrypted site via its “crypt” feature, but the complexity is just too much.

iDrive performance is pretty good. I observe upload is 12 MB/s. That’s 166,666 seconds for 2 TB; 2778 minutes; 46 hours; 2 days. That’s not bad. I got a response from their support in about 3 hours, so that’s tolerable.

SpiderOak Notes

  • Zero knowledge
  • Many sync folders
  • At $150/$320 for 2TB/5TB they are pricier than iDrive. Too pricey if I exceed 2TB.
  • They are otherwise a very fine solution
  • Their web site looks like consumer file sync might not be a big part of their marketing strategy any longer

OneDrive Notes

  • Not zero knowledge.
  • Single sync folder. Symlinks in the sync folder are screwy. The may sync from Microsoft to your computer but not vice versa. Looks like they use the Windows version of inotify, and that doesn’t work across symlinks.
  • At $100 per year for 6 users and 6TB, with free Word, Excel, Powerpoint, its a bargain, but since they don’t have iDrive’s work-around for backup, and they don’t protect my files with zero knowledge, I just can’t use them.
  • Must use 3rd party for linux. No apparent Linux-ARM.
  • boxcryptor encrypts. They do have Linux support (see “portable version”). It adds complexity.

Sync.com Notes

  • Multiple sync folders not supported and they don’t have iDrive’s work-around. They might work with symlinks, but they say it is unsupported.
  • $96/year for 2TB and $120 for 3TB is affordable.

Google Drive Notes

  • Not zero knowledge.
  • Multiple sync folders not supported and they don’t have iDrive’s work-around.
  • Too expensive beyond 1TB, and I need 2TB minimum. $240/$1200 for 2/10TB.

Dropbox Notes

  • Not zero knowledge.
  • Multiple sync folders not supported and they don’t have iDrive’s work-around.
  • Dropbox: via help.dropbox.com - “As of mid-2019, Dropbox no longer follows items outside of your Dropbox account that are linked to by a symlink.”

Other Candidates:

  • Tresorit, zero knowledge, many sync folders, at $288 for 2.5TB they are too rich for me.
  • Sync.com, zero knowledge, one sync folder but no iDrive-style work-around, $96/$120/$180 for 2/3/5TB
  • GoodSync, not zero knowledge, unknown sync folder count
  • CrashPlan, not zero knowledge, backup only, $120 for ‘unlimited’ storage
  • Syncplicity, not zero knowledge, unknown sync folder count, tiny storage limits
  • Jungle Disk, zero knowledge, unknown sync folder count, only trivial storage sizes listed
  • KeepVault, zero knowledge, unknown sync folder count, $1300 for 2TB!
  • Resilio, P2P only

Summary

So backup of any folder, single sync folder (ugh!), zero knowledge, affordable, performant, Win/Mac/Linux-386/Linux-ARM.

How to Find the MAC of Your Amazon Smartplug

Sometimes you need to know the MAC address or the IP of your Amazon Echo Smartplug. Here’s how to find it.

If I ruled the universe, the MAC address would be printed on the side of the smartplug. I don’t, so it isn’t.

If you view your router’s list of connected WiFi devices, and you look at just the smart-plug devices, you’ll see something like:

Name IP MAC
AmazonPlug3EXM 192.168.1.199 cc:9e:a2:00:21:07
AmazonPlug2EAM 192.168.1.157 cc:9e:a2:00:11:01
AmazonPlug4RPQ 192.168.1.59 cc:9e:a2:00:16:04
ESP_20BC42 192.168.1.202 3C:71:bf:18:32:44

Knowing it is “AmazonPlug4RPQ” isn’t much help. I need to know things like:

  • Which switch controls my fan?
  • Which switch turns on the Christmas tree lights?
  • Which switch turns on the bathroom nightlight?

My router’s device page shows how long it has been since a device received its DHCP lease. I walked from smartplug to smartplug, unplugging and re-plugging each device. I made a note of the sequence of my visits. Then I returned to the router DHCP lease time. All of the smart plugs had a lease which started less than 10 minutes ago. I noted the duration for each lease, and paired them up in the same order as my visit list. Viola!

If your router does not show the DHCP lease duration, here’s plan B:

  • ping each smart plug by IP address, to confirm they’re all online.
  • Unplug one smart plug. Ping each smart plug IP address, and see which one disappeared.
  • Plug the smart plug back in. Wait 10 seconds. Confirm it now pings.
  • Repeat the process for each smart plug.

If you have a label maker, print labels with each MAC address and label your smart plugs. Don’t bother to label with the IP address, because that can change over time, if your router has a whim. MAC address is permanent.


Keyword fodder: Amazon plug, Amazon smartplug, Amazon smart plug, Amazon Echo Plug, Amazon Echo Smartplug, Amazon switch, Amazon smart switch

Choosing a Bank

I recently had occasion to take a close look at my bank. Nothing wrong with my bank per se, but I chose it about 30 years ago and my situation and banking has changed over the years.

I want:

  • “High interest savings” - I’m going to put 3-6 months in an FDIC insured account in case there’s a major market melt-down. This covers everything except government melt-down.
  • Checking - I want my checking and savings at the same bank for easy inter-account shuffling.
  • Another free checking account elsewhere in case my main bank gets frozen. I’ll send my ACH debits and P2P e-transfers through here.
  • Free “Bill Pay”.

Candidates:

There are many good banks. I’m focusing on:

  • Alliant
  • Ally
  • Discover

These are all highly-rated by consumer reports and Reddit seems positive about them. There are others, but I want:

  • Full range of services
  • Among the higher savings rates
  • Among the higher customer satisfaction
  • Very good web site

“Very good” in all of these – not necessarily the best in any one category.

Detail Shopping List

Checks - no clear winner; Discover maybe a tad better

  • No per-check/per-transaction fee
    • Alliant: yes
    • Ally: yes
    • Discover: yes
  • How many free paper checks
    • Alliant: First ‘box’ free. (Reportedly 100 checks.)
    • Ally: Free. (Reportedly in lots of 20.)
    • Discover: Reportedly free forever
  • Criteria for no-fee checking
    • Alliant: $0 minimum balance; at least one electronic deposit per month; electronic statements only
    • Ally: $0 minimum balance
    • Discover: $0 minimum balance

Savings Account - no clear winner; Discover maybe a tad better

  • Interest rate on savings, Jan 1, 2020
    • Alliant: 1.62%
    • Ally: 1.6%
    • Discover: 1.7%
  • Criteria for no-fee savings
    • Alliant: electronic statements only
    • Ally:
    • Discover:
  • Current Savings rate with $1000 initial deposit, $100 minimum balance
    • Alliant:
    • Ally:
    • Discover:
  • How long to transfer from savings to checking
    • Alliant:
    • Ally:
    • Discover:

Bill Pay - no clear winner; Ally maybe a tad better (because people really like their web site).

  • Free Bill Pay
    • Alliant: some reports it is ‘clunky’
    • Ally: yes
    • Discover: yes
  • Bill Pay Uses MY account number or 3rd party:
    • Alliant:
    • Ally:
    • Discover:

Web Site - Ally

  • Transfer between accounts via web site
    • Alliant:
    • Ally:
    • Discover:
  • Web site quality:
    • Alliant: “It’s decent, a lot less buggy than my last CU’s app but there are definitely some room for UI improvements.” “Alliant has a dated website.”
    • Ally: “Ally has a sweet app/website”. * https://www.thebalance.com/best-online-checking-accounts-4158695 = “one place where Ally stands out is its online transfer options”
    • Discover:

e-payments - no clear winner

  • ACH Limits:
    • Alliant: Reportedly, can only push $25K/day and pull $100k/day.
    • Ally: Reportedly, Ally allows $150k push and $250k/pull.
    • Discover:
  • Works with Google Pay:
    • Alliant: Yes, via debit card.
    • Ally:
    • Discover:
  • Zelle
    • Alliant: no (work-around: Google Pay via their debit card)
    • Ally: yes
    • Discover: yes
  • Can I EFT to/from Schuler instead of Zelle. Can I do the allowance via ACH? (Or is Google Pay better?)
    • Alliant: Bill Pay paper check
    • Ally:
    • Discover:

Security/Fraud-prevention

  • 2FA
    • Alliant: yes, opt-in
    • Ally: yes, SMS
    • Discover: yes, SMS or email
  • Per-transaction text/email
    • Alliant: yes
    • Ally: “If you want to get instant push notifications about transactions you have to download a second app the goes with the first main bank app. This second app let’s you set push notification settings and control your debit card. “
    • Discover: ?
  • Other Security:
    • Alliant:
    • Ally:
    • Discover: When I set up Vanguard for ACH, Vanguard made micro-deposits to Discover overnight. Discover sent me an email at 4 AM to notify me of the deposits, explained they were typically for setting up ACH, and told me to contact them if I’d not done this.

Mobile Banking

  • Limits on mobile deposits
    • Alliant: $50,000 per day
    • Ally: $50,000 per day
    • Discover: $10K/day and $25K/month ($5K/day and $10K/month for first 90 days)

Service/Support

  • US-based call centers? Discover=Y, Ally=?, Alliant=?
    • Alliant:
    • Ally:
    • Discover:
  • Phone support hours
    • Alliant: 24/7
    • Ally: 24/7
    • Discover: 24/7
  • Online chat hours
    • Alliant: Can’t find chat. Phone oriented.
    • Ally: 24/7 - I waited < 2 minutes for a chat on New Years Day at 5 PM
    • Discover: Can’t find chat. Phone oriented.

ATM

  • 3 nearest ATM
    • Alliant: Allpoint (all over the place)
    • Ally: Allpoint (all over the place)
    • Discover: Allpoint + Moneypoint (all over the place)
  • Reimbursement/fee for other ATM
    • Alliant: Free at multiple networks; Up to $20 reimbursed
    • Ally: Free at Allpoint; up to $10 reimbursed
    • Discover: Free at Allpoint and MoneyPass; $0 reimbursed

Teen Checking

  • Alliant: Nerdwallet likes their teen checking. But, “The account also imposes low daily limits of $100 on cash withdrawals and $300 in spending.” When child turns 18, account converts to a standard checking account. But the joint account owners remain the same unless you apply for change. Maybe sign up for this WITHOUT a parent account?
  • Ally: Nothing at all. Can’t even open a joint account with teen.
  • Capital One 360 MONEY: Frequently cited as a ‘best’ teen account, but it does not allow writing checks.
  • Discover: ????
  • SunTrust: 4 years free; joint account with a parent if under 18.

Other

  • Current promo and criteria
    • Alliant:
    • Ally:
    • Discover:
  • Bonuses
    • Alliant: Reportedly can deposit cash at ATMs.
    • Ally: “Ally has a more modern website and mobile app. Ally’s mobile app also has a second card control app that you can use to disable your debit card, restrict transactions amounts and types of transactions as well as region lock purchases to only occur near your smart phone”
    • Discover:
  • Gotchas
    • Alliant: Not part of the national credit union network; cannot do Alliant banking at other credit unions. But someone says you CAN deposit at ATMs.
    • Ally:
    • Discover: Their debit card is Discover, not MasterCard/Visa.
    • Discover: New accounts (1st month) hold deposits for 7 business days.

Same UID in Docker Container and Host

Sometimes, it is convenient to have a UID in a Docker container match the UID in the host. You can’t do it all the time and it isn’t everyone’s cup of tea, but here’s how I made my MySQL user ID and gr

First, I always create a build script. i.e. Don’t just build your container from a Dockerfile via a straight command line. I call my build script “build-me.sh”. I also always use docker-compose. Tha

Here’s code from build-me.sh:

if ! id -u mysql ; then
    sudo groupadd -g 400 mysql
    sudo useradd -Ms /bin/false -u 400 -g mysql mysql
fi
MYSQLUID=`id -u mysql`
MYSQLGID=`id -g mysql`

If there is not already a mysql user, we’ll create one with UID and GID 400. You could use another number. I’ve just standardized on that one. Then, whether or not we created a UID, we retrieve the c

Here’s the build statement:

docker-compose build --build-arg MYSQLUID=$MYSQLUID --build-arg MYSQLGID=$MYSQLGID

And here’s an excerpt from Dockerfile:

FROM ubuntu:18.04
ARG MYSQLUID
ARG MYSQLGID
...
RUN id mysql || ( sudo groupadd -g 400 mysql &&  sudo useradd -Ms /bin/false -u 400 -g mysql mysql )
RUN apt-get -y install mysql-server