Sunday, November 24, 2019

Comparative performance of Tamron SP 24-70mm f/2.8 Di VC USD / Model A007N

I purchased this lens recently, but am planning to send it back.  Experience is below for anyone considering this lens, or wondering if their copy is good or bad.

Note: this post does not review the "G2" model of this lens.

First informal tests showed up a possible issue.

Caveats:
  • Handheld,  1/1000s or higher, high ISO.
  • No, the sign is not straight. Who cares, look at the results!

0 - Uncropped example shot

f/2.8

f/3.2

f/3.5

f/4.0

f/4.5

f/5.0

f/5.6

f/6.3

 
f/7/1
Yes, I know DOF plays a part.  But still obviously a possible issue.


So, on to more rigorous testing, below.

Note: I am aware it is not fair to compare a zoom against primes, a zoom at max zoom vs. a zoom at min zoom.  However, these are the lenses I had available.   All lenses were shot wide open to make the tests as fair as possible.

All at ISO 100, tripod, 5s self-timer delay, Nikon SB-24 flash, lens VR off, lens was refocused for every shot.


Test rig

Zoom vs. Zoom:  Tamron 24-70 @ 70mm, f/2.8 vs Nikon 70-200 @ 70mm, f/2.8:

Tamron 24-70 f/2.8 @ 70mm, f/2.8

Nikkor 70-200 f/2.8 @ 70mm, f/2.8

Similar focal lengths: Tamron 24-70 @ 70mm, f/2.8 vs Nikon 50mm f/1.8 @ f/1.8:
Tamron 24-70 f/2.8 @ 70mm, f/2.8

Nikon 50mm f/1.8 @ f/1.8

Third-party vs. Third-party:  Tamron 24-70 @ 70mm, f/2.8 vs Tokina 100mm f/2.8 macro @ f/2.8:

Tamron 24-70 @ 70mm, f/2.8

Tokina 100mm f/2.8 macro @ f/2.8
 It's obvious the Tamron is far worse than any of the other lenses.  Not what I would expect for this class of lens.

To be fair, I would not expect the Tamron to equal the Nikon 70-200 f/2.8 (which is legendary), the Nikon 50mm (also legendary) or the macro prime.  But for my money, since Tamron touts this as a premium lens, it should be better than this.


Tamron @ 70mm at different apertures (target ~ 80 cm away):

f/2.8 - Poor

f/4.0 - Mediocre

f/5.6 - Excellent, tack sharp detail

OK, so the lens is capable of good performance - just look at that lovely detail at f/5.6.  So it's unlikely to be damaged or defective.  It just has crap performance below f/5.0 or so.


Again, I'm not expecting a third-party zoom to be as good as a prime, or a Nikon zoom.  But the whole Tamron value proposition is to get 80% of the performance  for 50% of the cost. This lens doesn't live up to that.

Also, the whole point of buying a fast zoom is to shoot it fast.  You can't tell me "just" to shoot it at f/5.0 or lower.  What, the athletes are going to slow down because I ask them to?


I tested the lens for front/back focus but could not discern any differences at f/2.8, even at max adjustment in a Nikon D7200,  owing to the poor image quality.  I don't think this lens is compatible with a Tamron TAP-In dock, and it's unclear if any focus adjustment will correct this anyway.

Being a G1, my Tamron was used and so perhaps was not in the best shape.  However, if you're planning to buy one, you may want to test it first.



Thursday, November 21, 2019

How to transfer Terraria data to a new Android

Amazingly complicated tutorial here.

tl;dr version:  Copy the following directories from the old device to the new:

Android/data/com.and.games505.TerrariaPaid/Players
Android/data/com.and.games505.TerrariaPaid/Worlds

I suggest you also do directory "OldSaves" as well.  On my old tablet, "Players" and "Worlds" were both empty, probably because it was running an older version of Terraria.


The entire rest of the tutorial is a walkthrough on how to copy these up to a cloud drive, and back down again.  Obviously any equivalent method will also do. 

It seems Terraria used to have a cloud save function.  I don't see it in the latest version (as of Nov 2019) and have no idea if it still exists or not.


Migrating Android "Hunt Cook: Catch and Serve" data to new device

Thanks to original poster here

I didn't get the process at first, so I rewrote it with more detail below.

Note:  If you have already started HuntCook on your NEW device, uninstall and reinstall it.  DON'T start it again (yet).

1.  Start HuntCook on OLD device.

2.  If you haven't already set it up, it may ask you to allow access to your Google account. 

You have to permit this, as this is where the backup will be stored.

3.  In the HuntCook app, go to Menu->Settings->Data Backup.

4.  Proceed to back up your data. 

-  You will need to assign a password.  Make it a simple one unique to HuntCook - you don't want a data breach goofing up your real passwords.

-  You will get a cryptic 16-character "Backup ID".  Be sure to write this code down.

-  You will also get the option to take a screenshot.  You can do so but I don't know where it is stored.

5.  On the NEW device, start HuntCook.

6.  Tap "Restore data backup" button in the bottom right-hand corner.

(It may be called something else, I forget the exact button name.)

7.  Enter the cryptic 16-digit "Backup ID" you previously wrote down.  Don't enter the spaces.

8.  Also enter your HuntCook backup password.

9.  You get prompted two or three times to allow transfer of the data from your old device to the new device.  Confirm the transfer.

HuntCook will then import the data and deactivate the game on the old device.  Your new device is ready to go.

You will be warned several times that transferring the data will prevent the transferred gameplay from being played on the old device.  However, the app is not deactivated, and you can start a new game on the old device.

Tuesday, October 15, 2019

Semi-canonical list for errors 0x80070035 and 0x80004005 on Synology NAS

Unfortunately, network problems can have a hundred causes.  This is a consolidation of the solutions found here, here, here, here and here.

I did not get them all, so if the list below fails, you may need to root through the threads yourself.  This will at least give you a head start.

Note:  These solutions are largely aimed at the situation where one (or more) network machines can browse the share properly, and one (or more) machines can't. 

These solutions do not cover Windows Server or Active Directory (AD) issues.


Error 0x80004005: Unspecified error

For this error, you can (usually) browse to the affected share via IP address (i.e. \\192.168.1.xx\share) but not by name (i.e. \\NAS\share).  It may or may not show up in Network.

This is (usually) a local DNS problem.  If you have other machines that work, your router / DNS server is OK, and there is something wrong with the DNS on the affected machine.

For this reason, I recommend you edit the hosts file first.  If that fixes it, and you only have one problem machine, you're done.


Error 0x80070035:  The network path was not found

With this, you usually can't see the NAS in "Network", or browse to it at all.

Possible solutions:

P:   NetBIOS service needed but not starting.

A:  Network and Sharing Center:
-  Check network is "Private" (either Work or Home).
-  Go to "Change Adapter Settings"
-  Right-click on network adapter, select "Properties"
-  Double-click "Internet Protocol Version 4 (TCP/IPv4)"
-  Click "Advanced" button
-  Click "WINS" tab
-  Change from "Default" to "Enable NetBIOS over TCP/IP"

Note:  It is best to ensure this is done on all of the network adapters - even if they are not currently being used.

---------------

P:  SMB 1.0 is needed but not available.

A:   Enable SMB 1.0 as follows:
-  Control Panel / Turn Windows Features  On and Off (or Win + R, "optionalfeatures")
-  Check one of these:
  -  SMB 1.0/CIFS File Sharing Support
  or
  -  SMB 1.0/CIFS File Sharing Support / SMB 1.0/CIFS Client

You can also try checking / unchecking "SMB 1.0/CIFS Server" and "SMB 1.0/CIFS Automatic Removal".

Note:  SMB 1.0 is insecure and has been depreciated, and is not needed by most devices.  However, older Android boxen and the like might still need SMB 1.0 enabled in order to access the NAS.

Tip:  If you can log in to the NAS by IP address, do so and check the NAS logs to see what protocol was used.  If the problem machine can reach the NAS using SMB2 or higher, you might not need to enable SMB 1.0 support.

 ---------------

P:  Synology NAS SMB service not enabled.

A:  In DSM, go to Control Panel / File Services / SMB/APF/NAS and check "Enable SMB service".

---------------

P:  Synology NAS not handling SMB correctly.

A: Disable SMB 1.0 on NAS.
-  In DSM, go to Control Panel / File Services / SMB/APF/NAS.
-  Click "Advanced Settings"
-  Reset Maximum SMB protocol to "SMB3".
-  Reset Minimum SMB protocol to "SMB2".
-  Click "Apply".

Note:  Setting Maximum above SMB2 does not seem to do the trick.  The best combo seems to be setting Minimum SMB above SMB 1.0 and disabling SMB 1.0 on the affected PC.

Tip:  If you can log in to the NAS by IP address, do so and check the NAS logs to see what protocol was used.  If the problem machine can reach the NAS using SMB2 or higher, and can log in via IP address with SMB 1.0 disabled, you do not need SMB 1.0 support on either the NAS or the PC.

---------------

P:  IPv6 not working.

A:  Network and Sharing Center:

-  Go to "Change Adapter Settings"
-  Right-click on network adapter, select "Properties"
-  Uncheck "Internet Protocol Version 6 (TCP/IPv6)"

---------------

P:  "Client for Microsoft Networks" disabled or not installed.

A:  Network and Sharing Center:
-  Go to "Change Adapter Settings"-  Right-click on network adapter, select "Properties"
-  Ensure "Client for Microsoft Networks" is present and checked (enabled)

If not present, click "Install", then "Client for Microsoft Networks".

Note:  It is best to ensure this is present and enabled on all of the network adapters - even if they are not currently being used.
 
---------------

P:  "File and Printer Sharing for Microsoft Networks" disabled or not installed.

A:  Network and Sharing Center:
-  Go to "Change Adapter Settings"-  Right-click on network adapter, select "Properties"
-  Ensure "File and Printer Sharing for Microsoft Networks" is present and checked (enabled)

If not present, click "Install", then "File and Printer Sharing for Microsoft Networks".

Note:  It is best to ensure this is present and enabled on all of the network adapters - even if they are not currently being used. 

 ---------------

P:  Out of date network drivers.

A:   Device Manager / Network Adapters / Update driver

---------------

P:  Network adapter driver corrupt.

A:  As follows:
 -  Network and Sharing Center \ Change Advanced Sharing Settings, turn everything to OFF on all profiles and options.  Save changes and close.
-  Device Manager \ Network Adapters \ Uninstall Ethernet and Wireless adapters
-  Scan for Hardware Changes to reinstall these devices and close Device Manger.
-  Network and Sharing Center \ Change Advanced Sharing Settings \ Turn everything to ON for all profiles and options - Save changes and close.


---------------

P:  Microsoft Virtual WiFi Miniport Adapter not set for proper NetBIOS operation.

A:  Network and Sharing Center:

-  Go to "Change Adapter Settings"
-  Right-click on Microsoft Virtual WiFi Miniport Adapter, select "Properties"
-  Double-click "Internet Protocol Version 4 (TCP/IPv4)"
-  Click "Advanced" button
-  Click "WINS" tab
-  Change from "Default" to "Enable NetBIOS over TCP/IP".

 Note:  It is best to ensure this is done on all of the network adapters - even if they are not currently being used.

---------------

P:  Windows Firewall is blocking NAS.

A:  Temporarily disable Windows Firewall.  If this works, you'll have to figure out how to permanently fix it.

---------------

P:  Bad login credentials stored in Credential Manager.

A:  Navigate to Credential Manager in Control Panel, or run keymgr.dll.
-  Go to Windows Credentials.
-  Remove stored credentials for affected NAS.

Note:  The NAS credentials might be incorrectly stored in "Generic credentials".

---------------

P:  Windows using outdated login information.

A:  Map NAS to a drive letter:
-  Right-click "My Computer" (or "Computer")
-  Map network drive
-  Enter NAS share using IP address
-  Check "Log in with different credentials"
-  Open mapped drive letter

This will hopefully force Windows to refresh outdated cached login information for the NAS.

---------------

P:  Bad / incorrect "Microsoft 6to4 adapter" or "6to4 adapter" drivers

A:  Device Manager / Network adapters:  Remove all "6to4" adapters.

---------------

P:  Necessary services not running.

A:  Using "services.msc", check that the following services are running:
-  Server
-  TCP/IP NetBIOS Helper
-  Workstation


---------------

P:  Network provider order wrong / Network provider registry key corrupt

A:  Check the following keys:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\HWOrder\Provider orderHKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\Provider order

Should be set to one of the following:
   RDPNP,LanmanWorkstation
  or
  RDPNP,LanmanWorkstation, webclient

Also check:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\ProviderOrder\Provider order
  and ensure RDPNP has a number lower than Lanmanworkstation


Also check:
-  Control Panel \ Network and Sharing Center \ Change adaper settings
-  Tap Alt key to unhide menu bar
-  Click "Advanced \ Advanced Settings" in menu bar
-  Tab "Provider Order"
-  Ensure  the order is:
  -  Microsoft Remote Desktop Session Host Server
  - Microsoft Windows Network
  - Web Client Network (optional, may be missing)



---------------

P:  NAS is using Guest account access.

A:  In Registry Editor (regedit):

-  HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\
-  AllowInsecureGuestAuth = 1
-  RequireSecuritySignature = 0

Note:  It is not recommended that the NAS allow insecure Guest account access.

---------------

P:  Time sync issue is preventing NAS and PC from talking.

A:  Set clock on PC.
-   On NAS:  Control Panel \ Regional Options
-  Check "Synchronize with NTP server", server to time.google.com
-  Click "Update Now".

---------------

P:  Corrupt registry keys.

A:  In Registry Editor (regedit.exe):

-  Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
-  For a 64-bit system, create a QWORD called LocalAccountTokenFilterPolicy
-  For a 32-bit system, create a DWORD called LocalAccountTokenFilterPolicy
-  Set  LocalAccountTokenFilterPolicy to 1.


---------------

P:  Jumbo frames not working.

A:  Network and Sharing Center:
-  Click Change adapter settings.
-  Right-click adapter, select Properties.
-  Networking tab
-  Click "Configure" button
-  Advanced tab
-  Select Jumbo Frame and disable


---------------

P:  NAS name not resolving to IP address.

A:  Edit the hosts file to link the NAS name and IP address manually.

---------------

P:  Security policy options incorrect.

A:  Using GPEdit.msc or secpol.msc:

-  Local Computer Policy -> Windows Settings -> Security Settings -> Local Policies -> Security Options

    Microsoft Network Client:
        Digitally sign communications (always)    DISABLED
        Digitally sign communications (if server agrees) DISABLED

    Microsoft Network Sesrver:
        Digitally sign communications (always)    DISABLED
        Digitally sign communications (if client agrees) DISABLED

Note:  gpedit.msc and secpol.msc do not exist in Windows 10 Home Edition by design.

---------------

P:  Bad files / settings in Sync Center.

A:  Start the "Sync Center".
-  Click on Manage Offline Files
-  Click View your offline files
-  Under computers, select the server and hit delete to remove it.

Note: If you've never messed with Sync Center, it is likely that there will be no offline file settings to delete / modify.

---------------

P:  HomeGroup not managing connections correctly.

A:  In Network and Sharing Center \ Change Advanced Sharing Settings\HomeGroup connections, turn off "Allow Windows to manage homegroup connections (recommended)".

Note:  If you're not using a Homegroup type network, Homegroup settings will not be shown, and this is not your problem.

---------------

P:  Two computers with the same hostname.

A:  Event Viewer
-  System logs
-  Search for Event ID 4321. It will tell you another computer with IP address x.x.x.x does not allow you to use the same hostname.

If there is no such event logged, this is not your problem.

---------------

P:   Client for Microsoft Networks corrupt.

A:  Uninstall Client for Microsoft Networks, reboot, reinstall, and reboot.

Note:  Windows 10 prevents this from being done via the GUI, and this could mess up your system worse than it already is.  For this reason I have not done it and I don't know the correct process, you'll have to find it yourself.

---------------

P:   File and Printer Sharing for Microsoft Networks corrupt.

A:  Uninstall File and Printer Sharing for Microsoft Networks, reboot, reinstall, and reboot.

Note:  Windows 10 prevents this from being done via the GUI, and this could mess up your system worse than it already is.  For this reason I have not done it and I don't know the correct process, you'll have to find it yourself.




Sunday, October 13, 2019

The telephone company analogy for understanding your network

Networking using Phone Number Analogy

This is a simple guide to understanding basic networking, firewalls, port forwarding, servers and VPNs, using the analogy of telephone numbers at a small business.

I hope this will be useful to anyone who is troubleshooting connectivity issues in their network.


Single PC

You're a small business owner, with a 1-room office (computer).  You set up a phone number with you phone company (internet service provider, ISP) to get calls.  Your phone number (internet IP address) is publicly available and you accept all incoming calls.

Single PC Security

Things are not ideal since bad actors are tying up your phone line and trying to mislead your employees into sabotage.

So, you hire a security guard (firewall) who screens all incoming and outgoing calls (packets) at the office door.  He stops anything that looks wrong, and lets the rest through.

Obviously, the guard needs to be told when new employees (programs) are added.  Otherwise he will block their calls by accident.  This is usually done by flagging new outgoing calls as they happen and asking for a confirmation they are OK.

Note that all modern computers include a built-in software firewall.



Multiple PCs (Network)

Your business grows to multiple offices (computers) in one building.

You still only have one phone number, so calls no longer go directly to each office.  You hire a receptionist (router) that has a switchboard.  These handle all incoming and outgoing calls (packets) for the entire business (network).

The reception system (router) usually has three parts:

-  A receptionist that routes each incoming call to the right office;
-  A switchboard that allows calls to be connected through; and
-  A security guard that watches for bad incoming and outgoing calls (firewall).




Your receptionist/switchboard (router) will obviously connect any outbound calls (ougoing requests / outgoing packets) without any instructions.  There means there is no need to set up anything special for calls you initiate.

This includes things like normal web browsing, FTP, e-mail, etc.  This is the reason most people don't need to worry about setting up special settings in their routers for "ordinary" computer stuff.

Note this includes torrenting.  Torrenting software both makes outgoing calls, and listens for incoming calls.  Just doing outgoing calls is not ideal, but it is enough to make it work.




However, all incoming calls come through the single main number.  Your receptionist (router) does not know which office to connect it to.  Anyone calling for a specific office (accounting, finance, etc.) will not get connected.
 
Therefore, anyone looking for any of your services where they call you (incoming connections / incoming packets) will not automatically find the correct office (computer) in your business (network).

This applies to any service that you provide from inside your own network.  Examples include:
-  Web services (web server)
-  File transfer services (FTP server)
-  Media streaming services (Plex server, etc.)
-  Game servers (Minecraft server, etc.)
-  Torrenting software (uTorrent, qbitorrent, etc.)

Basically, if it has "server" in the name, and it's within your network, the outside world can't find it.

Again, the exception is torrenting.  Most torrenting software will work without port forwarding using just outgoing calls.  But it works better when you also allow incoming calls to connect through, because you get more connections faster.



To solve this and let others connect to you, you need several things:

1.  You assign local phone numbers (local ip addresses) to your offices (computers).  This allows calls into your business phone number (internet IP address)  can be connected to the right office (computer).

2.  These local numbers can be changeable (dynamic) or unchanging (static).  To keep calls from going to the wrong offices, we obviously want fixed local numbers (static ip addresses).


3.  You have to give your reception (router)  instructions on what to do with each kind of call.

Nobody outside your office knows your local numbers.  However, there is a default list of extensions (ports) that usually correspond to each kind of office.

So:
-  To call your web site, they dial your phone number (internet IP address) plus extension 80 (port 80, http);
-  To call your FTP site, they dial your phone number (internet IP address) plus extension 21 (port 21, ftp);
-  To call your email, they dial your phone number (internet IP address) plus extension 110 (port 110, pop3)

and so on.

This lets your reception connect each kind of incoming call to the right local phone number

Unfortunately, there is no way to use just your internal phone numbers - they are hidden behind your switchboard, and are not standardized.  As callers can't dial direct, they have to use the extension numbers (port numbers) instead.




This process of matching the incoming call extension (port) to the right internal office number (internal ip address) is called port forwarding.

As you might imagine, port forwarding is very simple.  It's just a table that says this extension number (port number) gets connected to that internal phone number (internal IP address), which is permanently assigned to a specific office (computer).


From this, it is obviously a bad idea to have two offices (computers) that have the same extension (port forwarding).

For example, say you get a call for extension 80 (web server), but two offices (computers) have that extension (port).  What does your receptionist (router) do?

-  Connect only one office?  What if it's the wrong one?
-  Connect it randomly to one or the other? That doesn't work!
-  Connect it to both? How will the customer know which to listen to?

For these reasons, you can only designate each extension (port) to one office (computer).  (In other words, you can only port forward each type of packet to a single internal IP address.)


This means that if you have a web site office (web server), all of the web sites will need to live in that office (on that computer).  Similarly, you can only have one FTP server, one Plex server, etc.

Of course, some businesses have more than one.  Figuring out how to deal with this restriction is, arguably, a significant part of network administration.


There are cases where two different programs, on two different machines, want to use the same extension (port).  This can be a big problem.

Fortunately, most software makes outgoing calls, which are always OK.  It's only software that receives incoming calls that's a problem.  And having a semi-standardized list of extensions (ports) mitigates this problem.


Network Security

Of course, you also obviously have to tell all of the security guards (firewalls) in the chain to let the calls through.  This includes any guard in each office (local software firewall) plus the guard at reception (router firewall).

When you give your reception (router) the port forwarding instructions, the guard at reception (router firewall) will naturally see it and will let through any such calls automatically.  However, the guards in the offices (local software firewalls) don't get to see this, and so have to be told separately.

From this, it is tempting to turn off one or more firewalls, since they are theoretically redundant.  This is not a great idea since more firewalls mean more protection, but it can be done. 

If any given guard (firewall) is stopping the call from connecting, that port is said to be closed (blocked).  If all the guards are allowing the call through, the port is open.  Open ports ring through - blocked ports do not.



VPN

There may come a time when you no longer want the world to know your phone number (external IP address).

This is usually done for privacy reasons.  If your phone number is public, it is possible for your phone company (internet service provider) to listen in.  Some people don't like this.

To prevent this, you hire a call forwarding service (virtual private network, VPN).  From then on, all calls go through them.

To facilitate this, you change your published phone number (internet IP address) from your real number to the number of the call forwarding service (VPN).  Anyone trying to call you will be calling them instead, hiding your real phone number.


Forwarding can be handled at one of two places:


-   At the phone in each individual office (computer).  You need to place a special forwarding agent (VPN program / application) in each office (computer) to accomplish this.

-  At your main reception (router).  You just instruct your reception (router) to connect all outgoing calls to the forwarding service (VPN).  This covers your entire business (network) in a single step.

You can also tell reception to route only a block of internal offices through the VPN, and connect all other calls normally.



After setup, the process for outgoing calls is:

-  You call a special encrypted phone line at the forwarder (VPN).
-  They connect you through to the external number.
-  The call ID at the other end shows the number of the forwarder (VPN), not your real phone number.


As the forwarder handles calls for thousands of businesses, this process ensures that nobody can tell which outgoing calls are yours.  And as calls are encrypted, nobody can listen in.

This obviously works fine for all outgoing calls.  Aside from setting up the VPN service itself, nothing more is usually needed.


Incoming calls, however, are a different story.

Remember, you changed your phone number (internet IP address).  Customers are now calling your call forwarding service (VPN), and not you.



The forwarder handles thousands of customers.  So if they get a call at their own phone number to any given extension (port), they do not know who it is for.

For example, say they get a call for extension 80 (port 80).  Out of their thousands of clients, who is this for?  They can't know, so the call fails to connect.


Remember, the caller does not know your number - they only known the number of the VPN.  That is the point.  So the caller can't identify you to the VPN either.

This occurs from outside, and randomly, so you can't handle these with an outgoing call.  There is also no way to call them back since you never saw the incoming call in the first place, plus they might not even be listening anymore.

This means that if you use a VPN, any services you offer - web, FTP, game, etc. - will automatically be blocked, even if everything else is OK.  This is obviously a big issue.


To fix this, you have a few options.

1.  You can specifically tell your call forwarder to send extension calls to you.  This is known as VPN port forwarding.

Obviously, connecting specific calls to you is at odds with making you anonymous, and is technically challenging.  So not every VPN provider offers port forwarding, and those that do often require special setups.  Sometimes you have to manually reconfigure the VPN client daily (or so), which can be a pain.

Note that is not usually possible to set up VPN port forwarding at your reception (router), because it won't support it.  It's just too complex for consumer-grade routers.  You usually must use the software VPN application on the affected machine.


2.  You can stop using the VPN for the affected machines.  That is, your servers will have to live outside the VPN.

This is why you will often hear of people that have excluded certain machines from VPN service.  These machines are typically servers that can't work behind the VPN.

This works well if your server is separate from your working machine.  The server can live outside the VPN, but your personal machine can stay in, keeping your personal web traffic anonymous.

As most services are really simple, it is very easy to get a separate machine to use as your server.  For web and other simple stuff, almost anything will do.

Game and media servers are more complex.  However, these benefit from being outside the VPN since VPNs slow you down.


3.  For intermittent operation only, you can turn off the software VPN client on the affected machine.  This leaves you outside the VPN to do what you need to do, after which you can turn it back on.

This is cumbersome but is OK for some things.  For example, if you need to use a specific application that does not work well behind the VPN - maybe video conferencing - but only sometimes, turning off the VPN can be an easy solution.


4.  You can move your services to a machine outside your network.

For example, you can move your web hosting from a local network machine to a hosting service.  This outside service will not using a VPN, so no problem.

This obviously doesn't work well for game servers, and not at all for remote access, media or file services.  Those services need access to your local files by definition, and can't readily be moved to an offsite service.


5.  You can install the affected software on a separate machine that lives outside the VPN.

For example, maybe you set up video conferencing only on your laptop, and move it outside the VPN.  You keep your workstation on the VPN.

This means that you have to do all your video conferencing on your laptop, which may be inconvenient.  But your workstation is still protected by the VPN full-time, which is convenient.


At the end of it all, remember that VPNs just ensure privacy.  You will need to decide how important that privacy is, relative to the difficulty of setting up the software you need.






Tuesday, September 24, 2019

In defense of the bunch-of-disks backup for NAS servers


As storage gets cheaper, more and more people are using NAS devices.

Many of these are relatively small (6-10 Tb).  These can be backed up on a single external USB hard drive.

However, many exceed 20 Tb, and there are a lot of people out there running 40 Tb or more.

Of course, these people purchased their NAS specifically for the very high capacity, redundancy and fault-tolerance of these devices.  Many run two-fault-tolerant arrays, dual redundant power supplies, dual UPS, and at least one hot spare.  They are as bulletproof as possible.

However, they are not perfect.  So it only makes sense to try to have a last-resort backup of everything that's on a NAS.

So - how do we do that?


Options are limited:

1.  Go cloud storage.  Yeah, great if you want to spend $200+ per month.

Oh, and all those "hacks" for "free / unlimited" options - they're either gone, going, or never worked anyway.

2.  Buy a second NAS and mirror it.  Great if you want to spend $3,000 to $5,000 on a new NAS plus hard drives to fill it.

3.  Tape.  Great if you want to spend $2,000 on a used tape drive.  Paying $50/tape is not bad, if you can afford the drive.

4.  Buy a smaller NAS and backup only "critical" stuff.  Defeats the purpose.

5. Backup to a rented box in a data center.  I don't even know how much that costs - likely lots - but just try uploading 50 Tb over your connection.

That leaves just one option: back up to a bunch of hard drives.  It is quite possibly the cheapest and most robust solution.


Despite this, I see lots of people bash this solution mercilessly.  So I wanted to present my take on it.



Like anything, this solution obviously has disadvantages:

-  Yes, you will lose some data if a drive fails.  However, you will also lose data if a NAS, RAID array, USB drive or a tape fails, so that is hardly a flaw unique to this solution. 

There is no software that will let you easily copy vast amounts of data across multiple hard drives.  Such "spanning" is inherent in CD/DVD writing, and can be done for USB sticks, but doesn't work for hard drives.  This makes for a lot of somewhat tedious manual copying.

[Note:  Handy Backup claims this feature is "coming soon".]

-  Incremental backups are a practical impossibility.  So plan to spend some time annually - and over the course of some weeks - re-copying all of the data you copied last year.

-  It seems slow.  (Though I doubt it is much slower than other solutions.)


It also has a lot of advantages:

1.  Simple:  It's easy.  A little tedious, but any computer can copy files.  There is no need for special software or complicated data-processing techniques.

2.  Robust:  Assuming you avoid encryption and compression, if you lose one drive, all the rest of the data is OK.  There is no risk of breaking an archive or backup format by losing a single chunk.

Now, obviously, losing any of your last-resort backup in an actual disaster situation would be A Bad Thing.  But not as bad as losing 1 drive of a 10-drive set that does not function without that one drive.

Similarly, bad sectors or other similar faults on one drive - or even multiple drives - does not affect the larger backup set.  Yes, you will lose files, but you won't lose all the files in the set.

3.  Cheap:  This uses only hard drives plus some means to connect them (USB or SATA dock) - which many people who run NAS systems will have lying around anyway.  No expensive bits like a NAS or tape drive.

For a little extra boost, re-use all those older - but still working - hard drives that you retired from your NAS boxen.  Sure, you may end up with a stack of 20 drives - but it's cheap!

4.  Capacity:  Spinning rust drives have the highest data density of any data storage device on the market, storing more in less space and for less money than anything else.  Plus, the $/Gb gets cheaper by the month.

5.  Expandable:  Add more drives anytime.

6.  Flexible:  Use whatever drives suit - mix and match at will.  You can even use a mix of SATA, USB and NAS drives.  Can't do that with tape (or, at least, not as easily).

7.  Portable:  Drives can easily be moved offsite, to a safety deposit box, stored in a safe, or whatever.  Storing in ideal conditions is relatively easy.  Bringing the drives to the restore point - wherever it may be - is also very easy.

8.  Durable:  While it's not recommended you test this, modern hard drives can survive horrific drops and other abuse with zero damage.  Old-timers will faint from shock before the drives actually give up.

9.  Protectable:  Drives can be easily protected against drop, ESD, fire, water, etc.  A Nanuk 935 will hold ten 3.5" SATA HDDs, making them almost indestructible.   For extra protection, consider a fireproof safe, or just go offsite.

10.  Compatible:  You don't get any more standard than a SATA disk and a GPT boot table.   No matter what changes in technology we might have, these drives are going to be machine-compatible for years, if not decades, in the future.  (Try that with your Zip, Jumbo and  DAT drives.)

11.  Universal:  Tou can read these drives back on any machine, right now.  No need for a special tape drive, special software to decompress or de-archive, or anything.

OK, at worst, you'll need a USB dock or USB drive case that can be picked up at any store, anywhere, anytime.  With that, any computer - be it Windows, Mac or Linux - virtually anywhere in the world will be able to read and restore your backups right now.

12.  Reliable:  Some say that a hard drives will retain data only 1.5 years in storage - others say 5 years is fine, or maybe even 10-20 years, or possibly even longer.  This simply won't be any issue if you refresh data reasonably often - say, annually.

Other than that, spinning drives don't tend to break when they're not spinning, and these drives will spend 99% of their life in an inert state.  So the drives are likely to physically last an extremely long time.

13:  Redundancy:  Spread the risk by storing critical data multiple times on multiple different drives, or storing multiple backup sets in different locations.

A lot of "critical" data is actually really small - documents, PDFs, and the like.  Even photos don't take up that much space unless you're a photo hound.

So, it's usually easy to copy what you really can't live without onto every drive of a backup set, and you won't even lose hardly any capacity.  You net 5-10 copies for the price of 1, essentially.  (Try that with your backup software.)

14.  Isolation:  Offline cold-storage drives are air-gapped and are not susceptible to ransomware or other threats. 

Ransomware sucks, but it's not going away, and you can still get pwned even if you do absolutely nothing to prompt infection yourself.  So you'd better have cold backups somewhere.

Yes, some data will be out of date, and yes, you will lose some of it.  But would you rather lose some - or all?


This solution isn't for everyone, and it's obviously suited best for those that need a last-resort, just-in-case copy of vast amounts of relatively data.  Kind of a roll-your-own, personal Amazon Glacier.

But, for anyone needing to backup tens of terabytes reliably, without the need for instant restore, and without access to corporate-grade hardware, this looks like the best choice to me.


You should permanently install a USB boot / backup drive on your PC

I mean, why rummage through your box of unused drives when it's too late?  Create a UFEI boot drive now, plug it into an unused (and fairly inaccessible) USB port on your PC, and you're ready to go whenever.  Makes backup and recovery a lot easier.

Taping the boot shortcut key for your PC to your monitor won't hurt, either.

So far, the boot environment of Macrium Reflect seems to work pretty well.

I don't like their file naming system, but I can live with it.

I haven't actually tried a bare-metal restore with it yet.

Tuesday, September 17, 2019

Blinking lights of death on constantly rebooting Synology Rackstation (or Diskstation)

Problem: Synology Rackstation (or Diskstation) reboots endlessly.  Power LED blinks, ALERT LED blinks.  Some drive LEDs green, most are red (or orange).  One drive LED might blink indicating drive activity.  LAN connection LEDs are dark (inactive).  No access. 

Solution:  Try powering it off, pulling all drives, peripherals and RAM, and rebooting.  (Don't forget any USB peripherals, like a UPS.)

If the Power/ALERT light behavior persists, and it doesn't return to a solid-on Power light in about a minute - your Rackstation is dead.

Or, at least, it took Synology support chat < 60 seconds to conclude mine was dead.  Maybe you will be more fortunate.


Synology would not confirm in my case, but I can't help but think the dreaded Intel C2000 bug could cause this.

BAD NEWS:  Unless your unit is in warranty, or covered under the Atom +1 year extended warranty, you are SOL.

GOOD NEWS:  Your data is most likely OK!  You can (carefully!) plug the drives in to a new NAS and all your stuff should still be intact.



Monday, April 29, 2019

VLC Media Player suddenly has choppy video

Problem: VLC "Vetinari"stutters / plays choppy video when older versions played just fine.

Solution:  Go to Tools \ Preferences \ Input/Codecs  and set "Hardware-accelerated decoding" to "Disable".

Wednesday, April 10, 2019

Things I learned when setting up hardware keys for Google accounts

Here are some items that are potentially useful to know when setting up a hardware key (i.e. Yubikey) for online security.

1.  Yubikey is grossly overpriced.  HyperFIDO has fully compatible keys at a quarter of the cost, and they even protect the USB plug contacts - something Yubikey does not do.

(Why most key makers choose designs that expose the USB contacts, I will never understand.)

They also have a mini version.  Reviews say it is not as well built, but at this price, you can afford to buy spares.  Plus it comes with a cap to keep grunge out of the USB plug.

Unfortunately, they don't have a Bluetooth / NFC version.  For that you should consider a Feitian at half the cost of a Yubikey.

[Update]:  I have noticed that some services work with Yubikeys, but don't work with other FIDO-compatible keys.  This is a problem on their end.  I've had good luck with companies fixing their issues once I point them out.

2.  You can't use Firefox for setup.  You can use Firefox for ongoing use, but to set up, you must use Google Chrome.

3.  With Google, you can add many keys.  I was able to add five to my Google account.  If there is a limit, I've not found it yet. 

This is most excellent since you can have multiple keys for difference purposes (desktop, laptop, travel) plus pre-registered backups stored in a safe place for when you lose/break your primary key(s).


4.  You still need your passwords.  Hardware keys supplement passwords, but - currently and somewhat oddly - do not replace them.

5.  Phone/text verification is fairly secure, but not as secure.  After you enroll your keys, you should consider removing your mobile as an option for 2-step verification.


As far as I know - and I've not yet tested - for ordinary two-factor authentication, you can use a physical key for your desktop, but you do not absolutely need one for your mobile.  I intend to find out as soon as I can.


If, however, you enroll in the Google Advanced Protection program, you (apparently) must have at least one key for your mobile.  This usually means a Bluetooth or NFC key, though USB-C keys are also available.

[Update]:  I've only been asked to use my mobile (NFC) key a couple of times.  Usually when I'm off my WiFi network and signing in to some new service.

Other notes:

- Adding and removing keys is a snap.

-  The LED light on the Mini is fairly bright.  There is an LED on the Titanium also, but it is not obtrusive.

Thursday, April 4, 2019

Additional options for repurposing old Android

Further to my previous post, I have found XWidget to have a lot of good options for information displays on old Androids.

New development of XWidget has reportedly stopped, but the app still works fine.  Rainmeter is (presumably) intended to replace it, but it doesn't (yet) work on Android.

The free version allows you to access a fairly good library of free widgets.  If you want the others (such as something from this massive collection by jimking) you need to pony up a couple of bucks.

Despite the developers insistence that it was possible to transfer downloaded widgets to Android, I could not make it work. XWidget would not connect to my phone (yes, I checked the driver).

[Update 2019-04-06]:  The .XWP files for Xwidget are nothing more than zip/rar archives.  You can open them directly with WinRAR and extract the working files without the need to install the PC application, as described below.

Original text:

"My workaround was to unpack/install the widget on the PC and copy to the Android, as follows:

-  Download the XWidget package to PC.

-  Double-click to invoke the XWidget desktop and install the new widget.

-  Locate the unpacked widget in C:\Users\[username]\Documents\XWidget\Widgets

-  Copy the widget directory to the Android at Internal storage\XWidget\Widgets

-  Start the XWidget app and hit "Refresh" from the three-button menu."


jimking (and others) have an extensive collection of widgets not available in the XWidget gallery, but available for direct download.  As does yereverluvinuncleber.  I imagine there are many more.

XWidget even allows some simple editing directly on the phone.  So if the layout or elements are not to your liking, it is possible to move/add/remove them until the widget is more to taste.


Examples below, all from jimking (thanks, Jim!).  The top one is my current favorite for a tablet (8" or larger).






Wednesday, April 3, 2019

Using an old Android phone or tablet as a wall/desk clock and/or weather station

No shortage of sites telling us we should be re-purposing old phones rather than junking them.

I wanted to make a wall clock / weather station.  Easy, right?

Nope.

Many issues, including:

-  The phone did not support a landscape home screen, meaning widgets were out.

-  Most weather apps looked like crap.

-  Many weather apps also did not rotate into landscape.

So, several things to fix.  Very frustrating for what should have been a trivial thing, took much longer than I expected.

As I wanted landscape mode, that meant an app and not a widget.  I tried out 10-12 weather apps and was not happy with any of them in landscape; most of them did a bad job of using all the available real estate.

Some solutions:

1.  Install Nova Launcher.  This allows most any phone/tablet to have a landscape home screen; it also hides the status bar.

(It can't hide the home/back buttons - that's part of the OS.  But it does everything else.)

2.  Now that I could do landscape widgets, I tried several out.  I found the best displays came from Weather & Clock Widget for Android.

Options include a proper big clock, very nice icons, and several full-screen widgets.  Also, the widgets scale well to landscape aspect, with the various elements getting larger.  Many widgets don't scale up when you make them bigger.

Transparent Clock and Weather was second-best.  Its widgets don't scale up well.

Beautiful Widgets was third; the default themes are horrible, but using a different theme and hiding the background (in the widget settings) helps a lot.

[Update]:  It seems the screens on my clocks are burning in, like old plasma screens.  It's not obtrusive (so far).

3.  For wall mounting, I considered making a shadowbox, then buying a magnetic mount.

In the end, though, I realized that these were overcomplicated.  A couple of Command adhesive strips is all you need.

If you want a clean install, use the Command snap-fastener strips.  These are normally used for picture hanging but will work just fine.


(Yes, you do need to plug it in.  It won't look bad if you place it near something else that is already plugged in, like a landline phone, computer, etc.)

For a desk, all you need is a stand, or maybe a wireless charger stand.


Here are some examples of what you can do with Nova plus Weather & Clock Widget / Transparent Clock & Weather on a typical 5"-ish phone.  My preferred layouts are at top.  The top one is for a weather station by the door, while the second one is a kitchen clock.








How to get an old Android to use a landscape home screen

Lots of sites tell you that you should be "re-purposing" old Android phones into something useful.

I admit there are some useful things they could do.  Various kinds of clocks and weather forecasters are obvious; also a remote control for your smart thermostat or lighting.

However, none of these sites deal with the main difficulty for many of these.  Which is, of course, old Androids do not rotate the home screen into landscape.

This caused me no end of frustration (well - OK, several hours - but it felt endless) when I wanted to make an old phone a wall clock/weather monitor.

One way to fix it:  Use Nova Launcher.  It supports landscape home screens, even on older devices.

Google Launcher also did so, but is apparently discontinued.  It also populated the home screen with extra crap that Nova does not have.

Nova can also get rid of the quick-access apps and the status bar.  It can't get rid of the home/back buttons, as those are part of the OS.


Monday, January 14, 2019

Useful things every parent should carry (EDC for Parents)

Everyday carry (EDC) has a bad rap.  Those who "practice" are either doomsday 'preppers', have a peculiar fascination with the subject in and of itself, or both.  Both approaches come off as crazy.

Still, here are some items that I think are useful for any parent of small(er) children to always have around when you're out and about:

1.  A keychain flashlight, like a Nitecore Tube.  I've spent more time looking around dark schoolyards, classrooms, gyms, etc. for mittens, hats, toys and water bottles than I care to recall.

2.  A tiny pair of folding scissors.  I've lost track of the number of tags, threads, etc. I've cut off with these.  I like the old, crappy bent-metal kind.

3.  An ordinary plastic shopping bag.  Good for unexpected school / daycare crafts, projects, gifts, books, homework, etc. etc..

4.  Big Band-aids; better for larger scrapes at the playground or camping.  (Or small ones, at least.)

5.  Spare change or small bills.  Good for those "I forgot I needed a dollar for school today" problems.

6.  A safety pin.  Good for last-second / emergency / temporary fixes to special clothes/costumes, bags, backpacks, etc.

7.  A small comb or brush.  Very useful for school photo day, school plays, special occasions, or whenever your kid looks embarrassing.

8.  A spare blank check.  Very useful when you have to sign up for something today, either because you forgot or didn't see/get the notice.

These range from very cheap to practically free.

A little duct tape doesn't hurt, if you don't mind taking the time to:

-  Find/buy some flat duct tape;
-  Find/buy a small, portable roll; or
-  Wind some around a spindle yourself.  I recommend using an eye lag screw, which is the kind used for drop ceilings.

Friday, January 11, 2019

Samsung Galaxy S9 / S9+ suddenly stops making phone calls after firmware update

Situation:  You've had a Galaxy S9 or S9+ for a long time with no issues.  You have not installed any new apps recently.  No app updates have occurred.

However, after a Samsung firmware update, the phone will (very frustratingly) no longer make voice calls.  It will attempt to dial and give up after 10-30 seconds without ringing through. 

Booting to safe mode does not help, but does remove all your widgets.  (ARGH!)


Possible solution:  The firmware update has enabled voice-over-LTE (VoLTE) calling support, but your carrier / access point doesn't support/allow for it.

To fix, go to Connections -> Mobile networks -> VoLTE calls and disable VoLTE calling.


You should be especially suspicious of this feature if you are using a femtocell or cell phone boost device.  These devices probably don't support the newer VoLTE feature.


Oh, and hey to Google - F-you for removing all my widgets in Safe Mode.  My God, you couldn't have saved their previous state somewhere to restore afterwards?  Seriously, that is SO HARD?

Saturday, January 5, 2019

Difficult-to-answer questions on the Insta360 One X 360 degree action camera

Here are some of the questions I found it difficult to answer regarding the (relatively) new Insta360 One X action camera.  That is, they required more research than I would have thought necessary.

Many of these relate to indefinite shooting outdoors.  This involves the use of an external power source, as well as waterproofing / weather protection.  The primary application is filming motorcycling in uncertain weather conditions, where it is not practical to stop and dismount the camera every time there is a drop of rain.

For reference, on my last trip, we were rained on for 11 hours straight returning home.  We were utterly soaked, and any non-waterproof camera would have been ruined.



External Power

Q:  Where is the damn USB port?

A:  It's on the left side of the camera, near the base.  See here.


Q:  What kind of USB port is it?

A:  It's a micro USB.  The camera comes with a short USB-A to micro-USB adapter cable.


Q:  Does the One X charge and operate from an external power source?

A:  Yes, it does.  The camera will charge and operate from external power, allowing indefinite shooting times.

(Reference here, here, here.)


Q:  Will the camera run without the battery on an external power source?

A:  All sources say NO, but this user was able to use the One X with no internal battery on an XT power bank. 


Q:  What current capacity is required for the external power source?

A:  I read one reference - which I can no longer locate - that stated you needed a 2A source.  Lesser sources may not fully supply the camera and result in the battery running down even though it is plugged in.


Note that many external USB battery packs are limited to an output current below 2A.  These types of packs may not fully power the One X.

There are references to a similar problem affecting the Sony FDR-X3000, which is a non-360 action cam.  So, though I don't understand the behavior, it is evidently possible.

Admittedly, this one does not make sense.  As the 1200 mAh battery lasts 30-60 minutes, one would expect a 20-40 mA draw - not a 2A draw.  Even accounting for "bursty" current consumption when writing to the SD, 2A seems excessive.

Plus the camera would likely overheat at such draws, which it does not, and users would likely be complaining that some battery packs don't work, which they are not.

(This reference cites the battery chargers at 2A, but that is not the same thing.  Obviously you want to charge the batteries as quickly as reasonably possible, but that has nothing to do with camera current draw.)




Q:  Does the software stitch out the USB cable?

A:  Surprisingly, it seems it (mostly) can.  Not quite fully, but the cable is mostly invisible.  At worst, it should be quite easy to work around.

I would recommend using a right-angle plug and taping / arranging the cable directly to the body of the camera in order to minimize exposure, as shown in this video.

Astute viewers will note the bike owner used a USB cable with a fat ferrite core near the plug.  This was actually the USB adapter cable that ships with the camera (see 3:30 of this unboxing video), to which he presumably added a USB extension cable.  Even with this relatively giant core, the One X software eliminates nearly all of it.

One should be able to get a lower-profile USB cable third-party, in which case it might be fully stitched out.  The ferrite will be unnecessary since the longer cable will (presumably) only be used for power, and not data transfer.

(Sample video here.)

Note that all videos from "A Bike Thing" shows his bike lights strobing.  This is an artifact of the video recording process, and is not happening in real life.




Venture Case / Dive Case

Q:  Does the Venture Case / Dive Case include a 1/4" tripod mount?

A:  Yes, they both do.  The Dive has a 1/4" socket built-in, while the Venture has a GoPro-like mount with the socket at the base.

Presumably this is so the Venture can be used with the various existing GoPro mounts on the market, as well as allowing relatively easy removal/replacement.  There is no need for these capabilities with the Dive Case since you don't need quick R&R underwater.


Q:  Does the software fully eliminate the Venture Case from the footage?

A:  Yes.  However, stitch lines may become slightly more prominent.

Note you must select the software option to stitch for the Venture Case, or else the case will be visible.  See this video for an example of what happens if you stitch incorrectly.  (I do not know if this occurs in camera or in post.)

(Reference here.   Sample videos here, here, and here.)



Q:  Does the software fully eliminate the Dive Case from the footage?

A:  No - the base of the Dive Case is still visible, and you have to work around it - that is, you will need to avoid pointing the perspective at the bottom of the camera.  Otherwise the case is fully invisible.

If you hold the stick a bit low, it is still possible to get a clear view of the operator (i.e. yourself, the diver) during your dive.

(Reference here.  Sample videos here, here, here, here, here. If video links don't work, see original Facebook post here.)


Q:  Can you use an external power plug with the Venture Case?

A:  No, as there is no opening in the Venture Case for an external power plug.

If you want to do this, you'll have to drill a hole in the Venture Case and somehow seal up the opening.  There are no known examples of anyone doing this (yet).

Hopefully Insta will come up with a Venture Case that includes an optional port that mates to a waterproof USB cable, like the X-PWR system for the GoPro.  No comparable system yet exists for the Insta360 One X.

For those interested in such modifications, see this video for how the Venture Case operates.  The camera battery compartment is on the latch side of the case, while the USB port is on the hinge side of the case.

There are no good views, but it may be possible to permanently mount a USB cable into the Venture Case and seal it up with silicone, while still allowing the camera to be inserted and removed.  This is not confirmed.


(Reference here.)

Q:  Can you use an external power plug with the Dive Case?

A:  No.  For obvious reasons, modifying the case for this capability is not recommended, as the resulting hole will never be able to seal against water pressure.

Dive time is typically limited to 45-50 minutes, at the most, due to tank limitations (novices or especially active swimmers may get only 30 minutes).  Only experience will tell if the 30-60 minute battery of the One X will be enough to handle an entire dive.

(Reference here.)


Q:  Does the Dive / Venture Case support a TF card extension cable?

A:  This is not mentioned by Insta and is unknown / unsupported.  In theory, the camera will not know that there is an extension cable, but the speed of the card might be compromised.

The thin profile of the extension cable may allow the Venture to seal even with the cable poking out; in practice, your mileage may vary.

The Dive case is unlikely to seal well under water with a TF cable poking out.





SD Card / Recording Time

Q:  What kind of SD card do I need?

A:  You need a microSD card of V30 speed class or better, formatted to exFAT (FAT64).  Inferior cards will not be able to handle the data dump from the camera.

Some sources claim the One X has an unlimited card size, but Insta states that the maximum size is limited to 128 Gb.

Note that microSD and TF (originally known as TransFlash) cards are functionally identical.

An excellent rundown of recommended and compatible cards can be found here.  Other recommendations here.


Q:  How big of an SD card do I need for my recording time?


A:  Without a camera in-hand this can only be estimated.

The One X (at 5.7k) has a data rate in between that of the original One (4k, 8.125 MB/s) and the Pro (8k, 43.75 MB/s).  Various sources list it as 100 mbps (12.5 Mb/s) or 2 streams of 60 mbps.

Anecdotal estimates place a 60 minute video at 43 Gb, indicating that actual bitrate is closer to 100 mbps.

Assuming about 100 mbps, that is approximately 12.5 MB/s, 750 Mb/min, or 45 Gb/hr.  Giving recording times of:

-  32 Gb card:  42 minutes
-  64 Gb card:  1 hour 25 minutes
-  128 Gb card:  2 hours 50 minutes


Unfortunately, this video shows an actual One X, set to 5.7k, with a 32 Gb card, having an estimated recording time of 30 minutes, not 42 minutes.  64 Gb and 128 Gb cards would top out at 1 hour and 1.5 hours, respectively.  Suffice to say that extended recording in 5.7k is really not possible.


This seems to be typical of 360 cameras.  This Gear360 shot (reference here) shows a 4k Gear using a 128 Gb card having a 4 hour recording time, rather than the predicted 4.7 hour time.  The One X would probably get the same 4 hours when set to 4k.


IF the One X supported 256 Gb and 512 Gb cards - which it seemingly does not - the recording times would be about 5.5 hours and 11 hours, respectively.  These would be suitable for all-day touring, and cards are not even that expensive.

It is unknown if the camera will actually function with such cards, or if a firmware update may come that enables large-card support.  If one was being uncharitable, one might suspect that Insta deliberately limited the recording time to push users towards the far more expensive Pro models.


Note that 360 Rumors stated that the recording time was limited by file size to 30 minutes.  This was apparently fixed by a firmware update.

Time-lapse video should substantially extend this time, provided you want time-lapse at all.  There is an example of a 6 hour time-lapse video, shot with unknown settings on a 128 Gb card.

This video shows an actual One X with a 32 Gb card allowing 5,500 JPG (not RAW) photos when set to 18 MP.   However, the camera appears to take 2 shots per photo, doubling the storage per shot.  That's 45 minutes at 1 second intervals, or 3 hours 49 minutes at 5 second intervals, when doing time-lapse in photo mode.

That's with a relatively puny 32 Gb card, and using JPG.  RAW and larger cards will obviously change this.




Q:  Can I use an SSD instead of an SD card?

A:  There is no indication anywhere that the One X supports an SSD.  To get that, you need to pony up $5k for a Pro model.


Other

Q:  How does the Bluetooth remote work?

A:  Sample video here.


Q:  What does timelapse look like?

A:  Sample video here.


Q:  What do embedded statistics / GPS overlays look like?

A:  Sample videos here, here and here.

The camera must be wirelessly connected to a phone - or, maybe, the new GPS remote - to receive GPS data while filming.  This will cut battery life.

There is little data available on how the GPS overlay works.  I don't know if the overlays are added post, or are embedded in the video in real time.  Which is, I don't know if they can be optionally added after or are forever embedded in your video.


An idea for an alternative waterproof / weatherproof case is here.


Other references:

Insta360 One X on motorcycle
Insta360 One X motorcycle mount example
More motorcycle mounting options
Philip Bloom review of One X 
A good critical video comparing the One X to the GoPro Fusion
A good critical video on what is / was wrong with the One X

Special thanks to:

- Steve at A Bike Thing for his helpful series of videos on using the Insta360 One X for motorcycling.

360 Rumors for what is possibly the most complete information source on the One X available today.