I wrote a script on this but of course I forgot how it all works. The brief summary is that there is a new encryption scheme that is supposed to be better than RSA called elliptical encryption using a curve handily named ED25519. It needs at least OpenSSL 5.7 or 6.5. The other great thing about it is that it switches to using bcrypt for on disk encryption which is much better than MD5 that is used by default. You can figure out your version with:

ssh -V

Using is it a little tricky because the tools don’t work super well, but ssh.com explains at a high level, but the one liner to generate an ED25519 file is to use -t to specify the new ed25519 type, then -f to say where the file goes. I like to have a different private key for each server I logon to so that I can invalidate it. The -a says how many rounds of bcrypt to use the default is 16, so 256 will take several seconds on even a fast machine making brute forcing hard and finally the -C is the comment line that goes into the file, so as a sample. I like to use a particular form for this so I can remember what the encryption is basically the email-server and then the id_ed25519 which tells you what the encryption is, so this one liner would generate something that connects to a server called test.com

ssh-keygen -t ed25519 -f “.ssh/rich@tongfamily.com-test.com.id_ed25519” -a 256 -C rich@tongfamily.com

Once you get this encryption you should have these files, but the question is where to put them long term. Here I use 1Password to store them in a secure note, so I put in the private key, the .pub (which is the public version), the fingerprint as well. This makes it very handy to move around and it is doubly secured on disk. I also put in the password for the key itself in the 1Password.

The last step is to connect your invocation of ssh to these keys. You need to edit on your client machine the file ~/.ssh/config and add a line that looks like this so that when you get to test.com, you give it the right key. This is way more than normal. Most folks have just a single id_rsa that they use for everything, but this is more secure.

Host test.com

IdentityFile ~/.ssh/rich@tongfamily.com-test.com.id_ed25519

Then on the server side, you need to add it to create the user and then add the .pub file to the authorized key list. On ubuntu this works like this to add a new user with prompts and then add that user to the sudo list and then get rid of the actual login password so you can only get in with ssh keys (be careful about this one!)

useradd rich -d /home/rich -m

adduser rich sudo

Finally to that user, you need to add into ~rich/.ssh/authorized_keys the line which is the .pub file

Then put a passwordless sudo in by adding a file to /etc/sudoers.d with the line


The last step is not having to remember the password each time. There is a nice utility called ssh-add which does this so that it remembers your password each time. If you want to be super convenient, then you can use ssh-agent which you use when at each login by putting a .bashrc file entry like:



Well the phone wars don’t seem to be ending soon. We have 10GB+1GB for $80 and now this is down to 12GB for $80 in the new Verizon Plan, so what’s not to lose. The big change is that they are debundling purchase, so the access charge is down to $20/month but you have to buy your device. it is $15/month for everything. So here are the current best deals:


  • Version. 12GB/$80 with $20/month access charge.
  • T-mobile 10GB/$100/month with the first wo lines free


If you are an occasional user, a really amazing deal is the T-mobile $30/month pay as you go plan. You get a Sim and activate it on t-mobile.com, then you get in a month up to 4GB of data.  A new SIM is $15 from the T-mobile store for $10 from Amazon.com

And if you go over they have a no additional cost for roaming built into their plans called Simple Choice that start at $30/month.

If you just need international data, then they have a $30/month international data plan that is prepaid.

Well bluehost used to be so inexpensive, but like all service, they gradually ratchet the price. Domain registration used to be $5 then $8 and now $15 for basically doing nothing. I’ve been meaning to look at alternatives and namecheap.com seems like a decent choice. They have a lost cost privacy guard as well. So off we go.

Also as an aside, these hosting services provide huge bounties so you know they have big margins. Using cashbackmonitor.com, there is a 30% rebate for namecheap.com alone and another 20% off for transfers?!

Next up is figuring out what to do with a complete mess of hosting I have. We have one domain on digitalocean.com as a cloud hoster. This is great but is expensive ($5/month) and limited disk. Bluehost is wonderful because they have unlmited storage and unlimited emails. I looked things up and westhost might be the answer. On the other hand bluehost although owned by some massive private equity firm has been decently reliable.

It is just so hard to figure out what a good hosting service is because all the reviews are distorted by huge affiliate fees. Yoast says that he can get up to $150 per new site wow you can see how the margins are incredible. But it does seem like westhost isn’t a bad one to try.

Because there are such incredible new site incentives, you really should swap hosting services every year if you don’t mind the hassle. For instance Westhost is 50% off the first year on the site and then via cashbackmonitor.com there is another $35 off, so in fact it is nearly free the first year.


I have to say that sometimes I like the “small” release without lots of issues. El Capitan is one of them. Only problem I’ve seen so far is that Private Internet Access needs an update. 

But the new Side by side is pretty cool as are some of the gestures that are copied from IOS.

I used Tunnelblick for a while, but it kept hanging Yosemite and this seems to work better. The main thing is to switch to TCP connection for things like mail. I also usual up the security because what the heck why not on these fast machines.







Man, those guys are smart. They now charge $10 a month for a modem and an additional $10/month for a wifi access point built in. So what’s a person to do. Well, just buy your own modem and then hook it up and you get rid fo the charge. Comcastapprovedmodems.com has a list and the Netgear CM600 is pretty cool. It bonds 16 channels so that it will be 600Mbps downstream (wow) maximum and even though many areas only have 8 channels for bonding and 4 upstream.

  • Netgear CM600. This thing is only $99 and when you compare it with the budget Motorola Surfboard which is only 8 channels down, so why not future proof a little.


The main thing is that if you have a comcast telephony system you are really hosed. The main model is an Arris TM822G/CT for $120 and there are compatibility issues. Note that there is some strange compatibility issue with different models for different carriers.

Well the cost of these accessories has really collapsed, but here are the must haves:

  1. Tempered Glass screen protector. The glass is so strong now I don’t know if you really need one, but it for just $7 from Tensdar, you can get a tempered glass protector and never worry about it. We usually get two per phone. Amazon has a about 1 million of these (probably all from the same factory in china), but you want 9 hardness. Note that the maxboost one is the best seller and appears to be slightly thiner at 0.2mm which is nice for $7.
  2. Clear case for $11 from Trianium. I’ve never really understood why you buy such an incredibly beautiful phone and then put it into a case, so these clear plastic TPU cases see great. They offer good drop protection and you can see your phone. There is even a style that is a bumper with tempered glass on each side for even more clariy.
  3. Wallet case. There is one reason to cover your phone up and that is so you can stick your drivers license, card key and one credit card. Amazing how often that is all you ever need. A good plastic case really works well (I had one that used a neat rubber cloth holder, but this gets loose and the cards come out). igeeksblog.com has a good review, but it is hard to go wrong with the #1 seller on Amazon called the Vault Slim for $10 or Vault Slim for iPhone 6s Plus for $15.

Finally some optional but useful items:

  1. Waterproof bag. If you are ever near the water these work well if a bit clumsy but way better than a bulkly Lifeproof case. $8 from JOTO
  2. Bluetooth headphones and sport band. For those of us who run all for $30 total from G-cord for the headphones and band
  3. Reticam tripod mount since the iPhone is so good now, you can use it for shoots and the tripod is nice to have

Man this is way more complicated than it should be, but to summarize if you want to edit your google documents offline here is what you have to do from PCMag.com

  1. Use Google Chrome
  2. Make sure the Google Docs offline extension is loaded

  3. If you have multiple google account (eg home and work), then you have to setup a profile in Google Chrome for each

  4. Then if you are using Google Apps, login as system administrator and make sure that Apps/Google Apps/Drive/Offline is enabled

  5. Got to https://google.com/docs in google chrome and select the gear icon and make sure offline is enabled.

  6. Login to google.com on google chrome before you leave the land of the internet

  7. Now your documents will be store offline

Makes me realize how simple it is to just click on a pptx or xlsx from Google Drive and have it just work.

Well digilloyd and mingthein are both saying it, with the improvements in Sony, it looks like a goto place for the pros. The A7Rii looks like the ideal landscape high resolution system and Zeiss lenses, but then the question is what is the long term path to make sure your lenses last a lifetime even as the cameras you choose don’t. Here’s a recommendation:

  • Buy Nikon F lenses. These have the longest flang distances so can fit with adapters on Canon or Sony or just about anything else like the upcoming Flooglemeier 2020 Superlense (lol!)
  • Spent the dollars on amazing lenses quality that will last a lifetime because lenses are just about at their very best now whereas bodies are continuing to improve at an incredible rate

  • Use a 16:9 or Novoflex adapter to get from Nikon to Canon has focus confirmation with the Dandelion chip. But you can’t autofocus on Canon. OTOH, if you think that Nikon or Sony will win then this isn’t a problem.

  • Nikon to Sony E Mount via Metabones. This provides autofocus and everything.

So the perfect system today would be (with no dollar limits):

  • Nikon D810 still the best by a hair

  • Sony A7R II for most uses

  • Zeiss as much as you can afford prime at 50mm

  • Nikon 200mm F/2.8. An incredible incredible lense

I had not realized how many fixes were in there…but thanks to Tom’s Hardware that is clear:

  • Six digit PIN. You should move to that or use Touch ID

  • Two factor authentication. You need to have another device to login to El Capitan or iOS 9. Although a pain, it is very secure.

  • LibreSSL vs the buggy OpenSSL variety.

  • App Transport Security. Although google dislikes it because it disables ad networks (draw your own conclusions on that).

  • Mac address randominization for more privacy

  • Signed Safari extensions (finally!)