2017-12-16

Stop Tracking Cookies using a whack-a-mole

Block advertising cookies, and email tracking 1-pixel graphics using this technique.  This is an admittedly a whack-a-mole solution, but it works for all software installed on your PC.  This technique is known as a DNS Sink Hole.


While surfing, websites drop tracking cookies (tracking files) on your computer and these can track where you have been and what advertisements you should receive.  These can also be used to raise prices on car rentals, hotels and air fares.


Not all cookies are bad.  Some keep you logged-in as you move from, say, one Google product to another (Gmail, Youtube, etc.).  And others, such as your bank, use them to help control the current banking session.  But a majority benefit only advertisers -- and not you.

This article discusses how you can control and tame them.

2018.01 Update: See this alternate keyliner article: Building a dedicated DNS Server Appliance for a more elegant way to use a DNS Sink Hole.  This article uses a Raspberry Pi and Pi-Hole software and I have now switched to this new design.  This article is simpler and easier to implement, but only works for one PC at-a-time.  The Raspberry Pi solution works for all devices in your network, including laptops, tablets, phones, and macs.


These instructions are for Windows 10 but will work with all versions of Windows.

A lot of the sites I visit now feature this graphic -- and I am happy to see this:



In other words, I have successfully blocked doubleCli.net from even knowing I am browsing that page.  This is neat, but a bit geeky.

New: 2017.12 - You can also use this technique to block the most common email-tracking techniques.  I have added a list of the 30 most popular email-trackers to the Host file below.



An Interesting Test - Try this:

To give you an idea about how they are being used:  Try booking a fictitious airline flight on any site, such as Delta, or Expedia.  Note the cost.  Go to another site and search that same flight's date/time, then return to the original site and look again.  You will find the cost is $15 to $20 higher.  They are trying to scare you into the purchase.  Clear your browser's cache and cookies, and reboot your router (to get a new external IP address), and search again.  The price will have dropped back down. 


This is technical article, and if you follow all the steps, it is a whack-a-mole problem, 
where you have to do some chasing.  But it is relatively easy to do, 
a bit fun, and geeky.  This is low-risk because everything can be un-done. 


1. Start Here - Drop Third-Party Cookies

All computer users, using any browser, should do this step, even if you do not follow the rest of this article.

Make your browser erase third-party cookies when the session ends.  This allows any site to create cookies as it-sees-fit, but then, when you are done, they are all erased.  This is recommended.

The settings are:  "Always accept third-party cookies" -- but set them to "Keep until you close".


Steps vary, depending on the browser. To avoid cluttering this article, see this keyliner article for Firefox, Chrome, IE, and Edge:

Keyliner link: Disable third-party Cookies.

Again, do these steps, even if you don't do the remaining steps in this article. 


2.  Research Ad Domains


Using your favorite browser, browse all the sites you like to visit.  For example, Yahoo.com, MSN.com, Time.com, Food.com etc..  Spend a few minutes browsing around.  Open an article here-and-there.  Just poke-around, loading-up your cookie inventory.

Using your browser's Options or Settings menu (see steps above), look at the cookies gathered.  You will find these in the browser's Options, "Privacy" area. 

For example, Firefox, select the hamburger-menu (tools, options), Privacy, "Show Cookies"

click for larger view

In the cookie list, look for cookies that might be advertisements and write them down in a notepad file.  For example, I found these obvious candidates after surfing MSN and Yahoo (see end of this article for a complete listing):

taboola.com
gravity.com
scorecardresearch.com
icanbuy.com
go.com
quantserve.com
babator.com
optimizely.com
dynamicyield.com
keywee.co              #Note the .co, not .com
ru4.com
imrworldwide.com
doubleclick.net
doubleclick.com
123banners.com
adforce.com
imgis.com
advertising.com
teknosurf.com
appnet.com
avenuea.com
bluestreak.com
burstmedia.com
burstnet.com
engage.com
extreme-dm.com
l90.com
stats.net
valueclick.com
websidestory.com
fastclick.net

Ignore those that belong to the site you are surfing, such as MSN.com or Yahoo.com; these are undoubtedly needed for the site to work properly.  Ignore those cookies on sites you like to do business with, such as Amazon, twitter, your bank, etc.  For duplicates, such as "cdn.taboola.com", and "taboola.com", combine into their domain name, "taboola.com".  The list is not order dependent.


3.  Install and Run the Acrylic DNS Service

This gets geeky, but the steps are easy.  Your Internet Service Provider provides Domain Name Services when your computer connects to the Internet.  The DNS resolves names, such as "msn.com" to its real internet ipaddress, e.g. 23.101.196.141.

This next series of steps installs a new DNS service on your computer.  This intercepts DNS requests at your machine and gives you a chance to insert your own values.  Sounds complicated, but it is not. 

As a technical aside, for those who know this trick, the Windows etc Hosts. file does not work well in this situation because etc-Hosts does not allow "wild-card" domain names.  Because of this, this article replaces the Windows DNS and etc.hosts with a new product.  There are many to choose, I am using "AcrylicDNS".  As a benefit, Acrylic points to Google's Domain Name Controllers.

A.  Locate the Acrylic Download

Google this search term, "Acrylic DNS", locating their home page.

or click this link, as of 2017.06:
http://mayakron.altervista.org/wikibase/show.php?id=AcrylicHome

(Note: This is now a SourceForge link.  When arriving at the download page, ignore the registration screen.)

-Select Download Setup for Windows
-Download and save "Acrylic.exe" to your downloads folder
-Open the folder (open containing folder)
-Launch "Acrylic.exe" and install, accepting all defaults

The install will not create a desktop icon or tile in your Start Menu -- there is no need because this is a background program.

B.  Configure your Network Adapter

Once installed, follow the steps on the Acrylic home page for configuration.  In the home page, scroll past the release notes and find the "How to install Acrylic" instructions.  They have well-documented steps for Windows 7 and Windows 10 -- click the link for your operating system.

In summary,
Open the "Network and Sharing Center" Control Panel
Click "Change Adapter Settings"
On your adapter(s) - see illustration directly below

Change IPv4's "Use the following DNS server addresses: "  to 127.0.0.1
Change IPv6's "DNS Server Address" to ::1  (colon-colon-one)

and

where "127.0.0.1" indicates your local PC (do not use your PC's local IP Address, you must use 127.0.0.1  (or ::1 for ipv6).

Do this for each active network adapter. 
Desktops typically only have one.  Laptops may have two, typically called 'Ethernet' and 'WiFi.'  Do not set this for your bluetooth adapter, if present.  If needed, see Acrylic's site for more detailed, and illustrated instructions.


C.  Run the Service

From the Windows 10 Start Menu (tile menu), type "Services.msc"

-In the Services list, Acrylic is probably the first on the list
-Click the service once to highlight
-Other-mouse-click the service name, choose "Start" (or Restart)
-Close the services window



Note: This starts the new DNS server.  There is no indication the program is starting; it runs in the background as a "service."

You are almost done.



4.  Edit the Hosts File

A.  Return to the Windows Start Menu (tiles menu). 

B.  Again, search for "Acrylic" in the search area

C.  Click  "Edit Acrylic Hosts File" 
(or alternately, from Notepad, File Open, "C:\Program Files (x86)\Acrylic DNS\AcrylicHosts.txt"  (your path may be different))


E.  In the opened Notepad document ("AcrylicHosts.txt"),

Scroll to the bottom
Paste all the domain names recorded from your research steps.
Add a "127.0.0.1"  and a carrot ">" to the front of each domain, one domain name per line.

For example:
taboola.com becomes

127.0.0.1         >taboola.com

See file illustration, below, where carrots are greater-than-symbols

where:
127.0.0.1   - redirects all traffic for this domain to your local PC, bypassing the net.  The traffic will not be able to resolve and it will simply die, with nowhere to go.  The advertising cookie or advertisement will not appear in the browser.  This was your goal!

The carrot (greater-than-symbol) >taboola.com  - acts as a wild-card, saying all addresses ending in this domain.  Acrylic supports wild-cards whereas the Windows etc.Hosts. file does not.  This is why you installed Acrylic.

Use spaces after the 127.0.0.1 to make a cosmetically pleasing look to the file.  Make them as wide as you want, but use at least 3 spaces. 

My AcrylicHost.txt file looks like this:

Click for larger view
F.  Save and close the file.

Below, is a copy-and-paste version of my blocked domains.  You are welcome to copy.  


Restart the Service

With every saved-edit in the AcrylicHost.txt file, you must manually restart the services (or reboot) for the changes to take effect. 

A.  Start, Run (or Windows-R), type "Services.msc"

-In the Services window, locate the Acrylic DNS Service.
-Highlight Acrylic
-Restart the Service, as illustrated 



Testing

In your browser's Privacy area, clear all cookies.  Re-browse MSN, etc., and then re-examine the stored cookies.  None from the hosts file will be there.  You have blocked them.  They cannot track you.

Effects

You can be aggressive with the hosts file, adding hundreds of entries.  If you block domains that drop cookies, they will quietly and unobtrusively fail and you will never even know the attempt was made. 

If you block a domain that is presenting an advertisement or banner ad, the ad will not appear on the page and instead it may display a red-X or a short text saying "server cannot be reached".  In effect, this is similar to ad-blocking.  This can make some pages look strange -- but no ads from that domain!

Be careful about blocking all domains.  You usually cannot block domains/cookies that drive the site itself (eg. MSN.com, Yahoo.com).  If you block >Facebook.com (go ahead and try this; remember to restart the service), you will not be able to open any pages on Facebook.  This is an effective way to block sites.

Changes to the host file affect all browsers simultaneously.  No additional work is required.

By default, Acrylic uses Google's DNS servers for all name resolutions, bypassing your ISP's domain services.  Google is a trustworthy source for DNS and I like the idea of this change.  By using Google for your DNS, your ISP will have a harder time slipping-in their own advertisements into your data-streams.


Un-Installing

For documentation, use these steps to undo everything and return to a standard Windows setup:

1.  Open the Network and Sharing Center control panel:

2. Select "Change Adapter Settings"
3. Select your Ethernet Adapter, Properties
4.  Select "Internet Protocol Version 4 (TCP/IPv4)
     Properties
5.  Change from "Use the following DNS Server Addresses" to
     (*) Obtain DNS Server Address Automatically
6.  Select "Internet Protocol Version 6 (TCP/IPv6)
     (*) Obtain DNS Server Address Automatically
7.  In Control Panel, Programs and Features, Un-install Acrylic DNS.
8.  Reboot



Here is my current AcrylicHosts.txt file.   Now includes email tracking pixel vendors!  When pasting, you may need to change all ampersand-GT's to >
 
I will change this often.  Last Edited 2017.12.15.

#############################################################################
#                   #
# IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS #
# PROXY SERVICE IN ORDER TO SEE THEIR EFFECTS.        #
#                   #
# This is the AcrylicHosts.txt file.          #
#                   #
# It contains predefined mappings between domain names and addresses the #
# same way the native Windows HOSTS file does but with a few upgrades.  #
#                   #
# The format is: IPADDRESS DOMAINNAME1 [DOMAINNAME2] [DOMAINNAME3] ...  #
#                   #
# Where IPADDRESS is in dotted-quad notation for IPv4 or in colon-separated #
# groups for IPv6 and DOMAINNAME1, DOMAINNAME2 and DOMAINNAME3 are strings. #
#                   #
# Domain names can contain wildcard characters '*' (matches zero or more #
# characters) and '?' (matches exactly one character):      #
#                   #
# 127.0.0.1 ad.* ads.*              #
#                   #
# Domain names can be regular expressions if starting with a '/' character: #
#                   #
# 127.0.0.1 /^ads?\..*$              #
#                   #
# Note that there's no final '/' at the end of a regular expression. More #
# info about the regular expression engine and its syntax can be found at: #
#                   #
# http://www.pcre.org/              #
#                   #
# A '>' character at the beginning of a domain name is a convenient #
# shortcut for representing all domain names ending with what follows after #
# that character. For example an entry like this one:      #
#                   #
# 127.0.0.1 >google.com              #
#                   #
# Is equivalent (and internally is expanded to) an entry like this one:  #
#                   #
# 127.0.0.1 google.com *.google.com           #
#                   #
# When using wildcard characters or regular expressions you can specify #
# exceptions like these for example to filter out all ads.* like domain #
# names except for the ads.test1 and the ads.test2:       #
#                   #
# 127.0.0.1 ads.* -ads.test1 -ads.test2          #
#                   #
# For easier maintenance of HOSTS files coming from multiple sources it is #
# also possible to "include" external HOSTS files using the following #
# syntax (the line must start with a '@' character followed by a space and #
# then by a relative or an absolute file name):        #
#                   #
# @ AcrylicHostsGroup1.txt             #
# @ AcrylicHostsGroup2.txt             #
#                   #
# A line starting with the '#' character (and everything after it if it's #
# found within a line) is considered a comment and therefore ignored.  #
#                   #
# Note: If all domain names are provided in ascending order Acrylic will be #
# able to load them much faster (avoiding a costly sort at the end of the #
# load and parse process).             #
#                   #
#############################################################################
# Restart Acrylic services with any change

127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain

127.0.0.1    >123banners.com
127.0.0.1    >l90.com
127.0.0.1    >adforce.com
127.0.0.1    >advertising.com
127.0.0.1    >agkn.com
127.0.0.1    >appnet.com
127.0.0.1    >avenuea.com
127.0.0.1    >babator.com
127.0.0.1    >bananatag.com   #email tracking
127.0.0.1    >bluekai.com
127.0.0.1    >bluestreak.com
127.0.0.1    >burstmedia.com
127.0.0.1    >burstnet.com
127.0.0.1    >cirrusinsight.com  #email tracking
127.0.0.1    >clearslide.com    #email tracking
127.0.0.1    >clipix.com
127.0.0.1    >contactmonkey.com  #email tracking
127.0.0.1    >demdex.net
127.0.0.1    >deskun.com      #email tracking
127.0.0.1    >didtheyreadit.com  #email tracking
127.0.0.1    >doubleclick.com
127.0.0.1    >doubleclick.net
127.0.0.1    >dynamicyield.com
127.0.0.1    >engage.com
127.0.0.1    >exelator.com
127.0.0.1    >extreme-dm.com
127.0.0.1    >fastclick.net
127.0.0.1    >filepicker.io
127.0.0.1    >g2crowd.com      #email tracking iko system also velocify
127.0.0.1    >getnotify.com     #email tracking
127.0.0.1    >gigya.com
127.0.0.1    >gmelius.com      #email tracking
127.0.0.1    >gobankingrates.com
127.0.0.1    >go.com
127.0.0.1    >gravity.com
127.0.0.1    >hubspot.com      #email tracking
127.0.0.1    >icanbuy.com
127.0.0.1    >imgis.com
127.0.0.1    >imrworldwide.com
127.0.0.1    >intelliverse.com    #email tracking
127.0.0.1    >keywee.co       #Note the .co, not .com
172.0.0.1    >livehive.com      #email tracking
127.0.0.1    >mail-track.com     #email tracking
127.0.0.1    >minute.ly
127.0.0.1    >newtonmail.com     #email tracking
127.0.0.1    >nr-data.net
127.0.0.1    >optimizely.com
127.0.0.1    >outbrain.com
127.0.0.1    >outreach.com      #email tracking
127.0.0.1    >pagefair.com
127.0.0.1    >pixelsite.info     #email tracking
127.0.0.1    >pubexchange.com
127.0.0.1    >quantserve.com
127.0.0.1    >remail.com       #email tracking
127.0.0.1    >remail.io       #email tracking
127.0.0.1    >rlcdn.com
127.0.0.1    >rocketbolt.com     #email tracking
127.0.0.1    >ru4.com
127.0.0.1    >salesloft.com      #email tracking
127.0.0.1    >sidekick.com      #email tracking, now hubspot
127.0.0.1    >saleshandy.com     #email tracking
127.0.0.1    >scorecardresearch.com
127.0.0.1    >stats.net
127.0.0.1    >streak.comp
127.0.0.1    >sync.optimatic.com
127.0.0.1    >taboola.com
127.0.0.1    >teknosurf.com
127.0.0.1    >tinypass.com
127.0.0.1    >toutapp.com      #email tracking
127.0.0.1    >tru.am
127.0.0.1    >valueclick.com
127.0.0.1    >velocify.com      #email tracking Velocity Pulse
127.0.0.1    >voicefive.com
127.0.0.1    >websidestory.com
127.0.0.1    >w55c.net
127.0.0.1    >yesware.com      #email tracking



# or copy details from here.   Restart Acrylic services with any change

127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain

127.0.0.1       >123banners.com
127.0.0.1       >l90.com
127.0.0.1       >adforce.com
127.0.0.1       >advertising.com
127.0.0.1       >agkn.com
127.0.0.1       >appnet.com
127.0.0.1       >avenuea.com
127.0.0.1       >babator.com
127.0.0.1       >bananatag.com      #email tracking
127.0.0.1       >bluekai.com
127.0.0.1       >bluestreak.com
127.0.0.1       >burstmedia.com
127.0.0.1       >burstnet.com
127.0.0.1       >cirrusinsight.com    #email tracking
127.0.0.1       >clearslide.com       #email tracking
127.0.0.1       >clipix.com
127.0.0.1       >contactmonkey.com    #email tracking
127.0.0.1       >demdex.net
127.0.0.1       >deskun.com           #email tracking
127.0.0.1       >didtheyreadit.com    #email tracking
127.0.0.1       >doubleclick.com
127.0.0.1       >doubleclick.net
127.0.0.1       >dynamicyield.com
127.0.0.1       >engage.com
127.0.0.1       >exelator.com
127.0.0.1       >extreme-dm.com
127.0.0.1       >fastclick.net
127.0.0.1       >filepicker.io
127.0.0.1       >g2crowd.com            #email tracking iko system also velocify
127.0.0.1       >getnotify.com          #email tracking
127.0.0.1       >gigya.com
127.0.0.1       >gmelius.com            #email tracking
127.0.0.1       >gobankingrates.com
127.0.0.1       >go.com
127.0.0.1       >gravity.com
127.0.0.1       >hubspot.com            #email tracking
127.0.0.1       >icanbuy.com
127.0.0.1       >imgis.com
127.0.0.1       >imrworldwide.com
127.0.0.1       >intelliverse.com       #email tracking
127.0.0.1       >keywee.co              #Note the .co, not .com
172.0.0.1       >livehive.com           #email tracking
127.0.0.1       >mail-track.com         #email tracking
127.0.0.1       >minute.ly
127.0.0.1       >newtonmail.com         #email tracking
127.0.0.1       >nr-data.net
127.0.0.1       >optimizely.com
127.0.0.1       >outbrain.com
127.0.0.1       >outreach.com           #email tracking
127.0.0.1       >pagefair.com
127.0.0.1       >pixelsite.info         #email tracking
127.0.0.1       >pubexchange.com
127.0.0.1       >quantserve.com
127.0.0.1       >remail.com             #email tracking
127.0.0.1       >remail.io              #email tracking
127.0.0.1       >rlcdn.com
127.0.0.1       >rocketbolt.com         #email tracking
127.0.0.1       >ru4.com
127.0.0.1       >salesloft.com           #email tracking
127.0.0.1       >sidekick.com            #email tracking, now hubspot
127.0.0.1       >saleshandy.com          #email tracking
127.0.0.1       >scorecardresearch.com
127.0.0.1       >stats.net
127.0.0.1       >streak.comp
127.0.0.1       >sync.optimatic.com
127.0.0.1       >taboola.com
127.0.0.1       >teknosurf.com
127.0.0.1       >tinypass.com
127.0.0.1       >toutapp.com            #email tracking
127.0.0.1       >tru.am
127.0.0.1       >valueclick.com
127.0.0.1       >velocify.com           #email tracking Velocity Pulse
127.0.0.1       >voicefive.com
127.0.0.1       >websidestory.com
127.0.0.1       >w55c.net
127.0.0.1       >yesware.com            #email tracking



Related article:
See this alternate keyliner article: Building a dedicated DNS Server Appliance using a Raspberry Pi and Pi-Hole software.




Excel - Trim formula not working - Solution

Excel - Trim formula is not working.  Leading or trailing spaces not being removed from Trim.  Other formulas are working correctly.

For example, =Trim(A1) was not working, or was not working as expected.  Leading or trailing spaces remained.

Likely Issue:
The "space" character is not a true (ascii 32) space.  It is a non-breaking-space, probably from MSWord.


Likely Solution:

=Trim(Substitute(Clean(A1),CHAR(160),""))

where:
A1 is the cell that needs to be trimmed.

CHAR(160) is a "non-breaking space" (a "hard space")
In unicode:  U+00A0
Also may be displayed as  a acute (a')

Also known as hex 20 A0, \u00A0,  &#160


Diagnostics:

The code can be discovered with these formulas, the first for leading spaces, the second for trailing:

=CODE(MID(A1,1,1))   Show leading spaces - code
=CODE(RIGHT(A1,1))   Show trailing spaces - code


"Mid-string, starting at position 1, for a length of 1"



Comments:
For a while, I thought this was a problem with the new version of Excel that was recently installed.
 

Some browsers detect this as white-space and others do not.  This may be dated information, but IE 7 and 8, and Safari 3.2 do not treat this as a white-space-character.  Source.

Vaguely related articles:
Excel - Formatting Phone Numbers
Excel - Dates showing as 1905

Excel - Parsing First and Last Names
Excel - Parsing City-State-Zips
Excel - Return First / Last Word  - SuperTrim


2017-09-02

ZYXEL C1100Z DSL Modem Setup

How To:  Manually setup a Zyxel C1100Z DSL vDSL Modem

Setting up a DSL modem/router is easy.  You can follow the vendor's installation steps, which sometimes require installing software or connecting to a setup-website or you can follow the steps in this article.

These steps are more complete than the vendor's and will take about 20 minutes to complete.  Almost all DSL routers and cable routers follow similar procedures.  Use these instructions for new or re-configured devices.


Note: The instructions in this article should be used when the DSL router has multiple workstation ports (1-4). If your DSL modem has only 1 (yellow) port, see the EA2700 article, below.

Related article:
Keyliner: Linksys EA2700 Wireless Router - First Time Setup


Overview:
Your setup may not have optional devices.  However, I recommend using a separate wireless router because it has more capabilities and speeds than the wireless built into the DSL:

click for larger view


Basic Setup

1.  Wire the network in this fashion:

Click for larger image
a.  Plug the green RJ11 phone cable into the phone-wall jack. 

Plug the other end of the green RJ11 phone cable into the new DSL modem's "green" port.
Do not use a DSL line filter or DSL line dongle on the green line.

b.  Plug a (yellow) RJ45 network cable into any one of the four yellow ports, and plug the other end into your desktop or laptop's wired network jack.  This is a temporary connection for the setup.

If your workstation does not have a wired network jack, use the DSL modem's wireless for the setup, but this is not recommended.  It is easier to use a wired connection and the rest of the article assumes this.

c.  Connect the Router's power.

While the router is powering-on, do the following on your workstation or laptop:

-  Assuming you are using a wired connection: turn off your workstation's wireless antenna (especially if using a laptop.  Desktops may or may not use a wireless connection). 
See the system tray; click "Wi-fi" to disable. This forces the workstation to connect to the wired network.


- If you are using the DSL modem's wireless to configure the network, use the broadcast SSID and password printed on the side of the modem.

d.  Reboot your workstation to obtain a new IP address.

Note:  Your workstation will probably get an IP Address of 192.168.0.2


2.  Get the DSL Login credentials

From when the DSL line was first installed, you will need the DSL login credentials. This is the DSL circuit-login and is not the computer's login or any other login normally typed.  Usually, this is on a letter mailed to the house and is labeled PPP or PPPop login information.  If you have this, skip to step 3.
 
If you do not have the login credentials, continue

a. When rebooted, launch a browser and (at least with Century Link), the router will take you to a site, offering to login.  Using a recent phone bill, login with your ISP's account number and go through other screens to prove your identity.  Once you succeed, Century Link will display your DSL credentials.  Record the values; you will need them below.  Naturally, logins are case-sensitive.

If you still cannot find your DSL PPP login, contact your ISP.

Century Link / Qwest: 877.348.9005 or 888.777.9569
ATT 877.722.3755
Verizon 800.567.6789


Continue with the Setup

If you launched a browser (with CenturyLink), it will take you to a website, where you can follow the instructions on how to setup your modem.  Although the offered instructions are good, it does not actually do anything to your router -- the site is essentially an electronic tutorial and can be ignored in favor of these steps.

3.  Assuming you have rebooted the workstation, launch a browser and type this address:

192.168.0.1

You should be presented with this login page:



Type Administrator UserName:  "admin"
Type Administrator Password:  (see sticker/label on side of modem)

The UserID and password are case-sensitive.

If you do not get this login screen, confirm the yellow network cable is in one of the DSL Router's yellow ports - and not in the LAN/WAN port.  (Or, if you are using a wireless connection, confirm you connected to the wireless network printed on the router's label.)

Bad Password:  If you cannot login because of a bad password, the modem has a different password than sent from the factory (you would have done this previously). If the password is lost, the modem can be factory-reset by powering on the modem, using a paper-clip to press and hold the Reset button for 10 seconds.  Release the reset button, wait a minute, then try the login again.



4.  From the Zyxel main menu, select Quick Setup.


From step 2, type the DSL circuit login credentials. 
Your domain may be different than illustrated.
 
PPP Username:  *****@something.net
PPP Password

(uncheck [ ] Hide password; keeping you from having to type the password twice)

Change the "Custom Realm" pull-down menu, changing to your ISP's domain name.  For example, mine was changed to "@qwest.net"; yours may be "@CenturyLink", etc.  If your domain is not listed, leave as "Custom".

Click "Apply"


5. In "Advanced Setup", change the Administrator Password,

Recommended:  Change the administrator password to something you will remember.  The password must have upper and lower-case, a number, and a special-character -- which is odd, because the factory password is not so-restricted.

Consider this keyliner article: Password Schemes.  

Record the new password on the modem's label, and in your login documentation.  If you lose this password, you have to re-do all of these steps to recover.


6.  In the "Utilities" menu, click "Upgrade Firmware".

Follow the on-screen instructions.  You will basically download a firmware file, browse to it, and apply.  This is recommended.

As of 2017.09.01, Zyxel C1100Z's latest firmware is CZW0034.12.010.16.
If your version is older, it should be upgraded.  Return to this menu once or twice a year for upgrades.


7.  In the "Utilities" menu, set the Time-zone and Daylight Savings Time.


8.  Configure Wireless settings - even if you intend to disable this device's wireless.  This way, if you ever need to enable this part of the network, it will be pre-configured and ready to use.

In the "Wireless Setup" menu, set a new SSID broadcast name.

Change the network SSID name from "CenturyLinkxxxx" to a name of your choosing.  For example, my network is called "WolfhouseDSL".

If you have another, downstream wireless router, this name cannot be the same as the other router's SSID.  I append "DSL" here so I can tell the two apart.

Change the WPS PIN to a value you will remember.  Write this down.  This is used for automatic workstation setup, which some people like to use.

In "Wireless Security", change the Security Key/Passphrase to a string your will remember (this is the connection/passphrase for people to log into the wireless network).  Make sure this password is different than your Admin password.  Make it memorable.  For example, I use "wolfy DSL 1979".

Record this in your documentation.


9.  Decision:

If you have a second, wireless router (illustrated as 192.168.0.2), let that router handle the wireless traffic and disable the DSL modem's wireless.  I call this second router a "downstream router" and it will be faster and more capable than the wireless built into the DSL modem. This is recommended.

Because the DSL modem has 1-4 available ports, the downstream router will have special setup steps, documented in the next section. 

Caution:  If you are using Wireless to configure the DSL router, leave the wireless enabled until you are done with all configuration steps.  

If you are using a wired connection right now (to setup this network), and have a second, downstream wireless router, disable the Zyxel's Wireless now.  In the top-menu, "Wireless Setup," click "Disable"

Even if the Zyxel's Wireless is turned off, you can still connect wired desktops and laptops to the four yellow ports.


10.  Change the DHCP address range

Make this recommended change, moving the Zyxel's DHCP address pool from .2  to .10 -- giving room for other routers and hard-coded devices.

In the top-menu, Advanced Setup, choose the left-nav, "DHCP Settings"

Change the "Beginning DHCP address" from 192.168.0.2  to 192.168.0.10
Change the "Ending DHCP address" from 192.168.0.50     to 192.168.0.100

Optionally: I like to set the Lease Time to 3 days, although the 1-day default is acceptable.

"Apply" the changes.

The router is now configured and ready for use.


Secondary Wireless Router Wiring Changes


If you have a secondary wireless router (illustrated above as 192.168.0.2), do these wiring steps.  These steps will place all devices on the same subnet and the steps are a bit counter-intuitive.  Skip this entire section if you do not have a downstream router.

In summary, change the wireless router's IP address to a Static "192.168.0.2" address, then disable DHCP.  This is a one-time setup, just to get the new router on the proper network.

The steps vary by manufacturer, but in general:

a.  Unplug the wireless router from all other network wires.

b.  Plug your workstation's wired Ethernet cable into any yellow-port on the wireless router (similar to how you connected to the Zyxel DSL router).  Or use wireless to connect to this device; see the owner's manual for the default SSID broadcast name. 

c.  Reboot your workstation to get a new IP Address.

d.  With a browser, login to the wireless router's admin page, using the default router's address.  See the router's owner's manual, but usually:

192.168.1.1  or
192.168.100.1

Login with (the published default password).  For example, see this article for more detailed instructions:
Keyliner: Linksys EA2700 Wireless Router - First Time Setup

e.  In the advanced settings [Local Network], disable DHCP

This is important: Do not allow this router to give out IP addresses; this will conflict with the Zyxel -- even if you pick a different DHCP range.

f.  In Connectivity, "Internet Settings," set the router's internal IP Address to a hard-coded (Static) IP address:

Static IP:        192.168.0.2
Subnet Mask:      255.255.255.0
Default Gateway:  192.168.0.1
DNS 1:            8.8.8.8



where  "0.2" is on the same network as the DSL router (the third octet)

where .2 is below the DSL's router's starting DHCP Address Range  (which was moved to .10 - .100) in step 10, above.

where 192.168.0.1  is the same IP Address as the Zyxel DSL router

where DNS1 is "8.8.8.8".  This is Google's DNS server - as good of an address as any.  Your ISP would prefer you use their DNS server, but Google's is safer.   (Some ISP's slip-stream their own content into data-streams.)

Apply the changes.  When you do, you will temporarily loose connectivity to the router.
Continue with the next steps.

g.  Power off the downstream router.

Then, run a network cable from one of the DSL router's 1-4 ports, into the downstream router's 1-4 ports -- any port, on either side will work (illustrated above with a yellow cable).  Do not use either of the WAN/LAN ports -- you want this router to be on the same network as the main DSL router, and because of this, you cannot use the WAN/LAN ports.

h.  Move your workstation's Ethernet cable to any free-port (yellow) port, on either device.  I like to move the cable back to the DSL modem's 1-4 ports.  Again, avoid the white WAN/LAN ports.

i.  Again, reboot the workstation to get a new IP Address.  Yes, this is a drag.

j.  Once connected, open the browser and type this IP Address:  192.168.0.2 (the downstream Wireless Router's address) -- and again, login to the router's admin pages.  (Note: you can now also login to the DSL's router's admin by using the 0.1 address.)

Make these additional changes (see the Linksys article for more details):

- Set a memorable SSID -- make this different than the DSL's SSID -- example: Wolfhouse5G
- Set a Network password (for wireless access):  wolfy house 5G
- If the router has a second channel (e.g. 2.4ghz), SSID:  Wolfhouse24G
- Set a second password (for wireless access):  wolfy house 24G

If the router supports a third channel Guest network (most do):
- Set the SSID broadcast to "Wolfhouse Guest"
- Set the guest password (for wireless access): wolfy house guest

k.  Finally, change the Router's (admin) password, to a value of your choosing.  Write this down.

The wireless router's setup is complete.


Optional Switch

If you have an optional 8-port switch, illustrated above, do the following.

- Run a (yellow) network cable from any of the yellow 1-4 ports on the DSL modem to any yellow 1-8 port on the switch.  Do not use the WAN/LAN ports.  For minor performance reasons, you should not run the network cable from the downstream wireless to the switch; instead, go directly to the DSL modem's 1-4 ports.

-power-on the switch; you are done.  No software configuration required.


Analog Devices

If you have a land-line phone, the phone can be plugged into the Zyxel's phone jack and no DSL filter is required for this connection.  If you have other analog phones or analog phone devices, such as phone-based alarm systems, satellite receivers, answering machines, etc., you must use a DSL line filter on each of those jacks.  These will have to be purchased separately and can be found anywhere analog phones are sold. 


Printers, TVs

With printers and an internet-connected TV, I recommend running wired Cat-5 network cables.

If you can, run a wired connection for the printer; it is less of a hassle -- many printers (especially Brother printers) dislike it when the wireless router moves to a different channel after a power failure.  A wired connection prevents these types of problems.

Related article:  Keyliner Brother Wireless printer fails after power failure.

And, because of DHCP, printers tend to move around and get new IP addresses when they reboot.  This is a pain and it forces you to re-build printer connections at each workstation.  Regardless if wired or wireless, set the printer to a fixed or static IP address.  From the printer's main panel, set a hard-coded IP Address.  I like to use these settings:

Static IP Address:  192.168.0.200
Subnet Mask:        255.255.255.0

Default Gateway:    192.168.0.1

where 192.168.0  is the same network as the Zyxel DSL router.
where .200 is an address outside of the DSL Router's DHCP range.
where 192.168.0.1 is the Zyxel's IP Address

Similarly, I also set the TV/Roku to a fixed address:  192.168.0.210  (keeping the number below .254).  Because it is such a high-bandwidth device, the TV should be on the wired network.  I always smile at people who buy a 100mb high-speed network connection for their house and then run the TV over a 10mb wireless network.


Power

Sometimes, after a power failure, these routers loose their gourds and have to be re-configured.  Save yourself the hassle and buy a small battery-backup UPS for the network devices.  Plug the DSL modem and downstream routers and switches into the UPS.  Make this separate from the PC's UPS.

Most UPS's have two sides:  A battery-protected side and a simpler surge-protection side.  Be sure to use the battery side.

When powering on the network.  Power-on the DSL modem first.  Wait a minute, then power on the other devices.


Final Network Test

From any workstation, wired or wireless, running on the new network, open a browser and make one last connection to the new Zyxel router:

192.168.0.1

Login with your new admin credentials and confirm you can reach the configuration menus.  You should be successful. Then open a browser session to something like www.google.com.  The page should display.

If you have a downstream wireless router (illustrated above), now would be a good time to turn off the Zyxel's internal wireless.  From any workstation, return to the 192.168.0.1's configuration screens and disable.

Using any workstation, confirm you can get to the downstream wireless router's admin screen by typing this address:  192.168.0.2

If all this works, you are golden.


Record Keeping

It is embarrassing and painful to lose your router's passwords.
Write this information in a safe place because if the Internet is down, you can't exactly jump on the net to find your contact information.  Don't wait to do this because you will forget.

ISP Name: ______________________________________________

ISP Technical Support Number: _____________________________

DSL PPP Login Credentials: _________________ /  _____________

DSL/ISP Account Number: _________________________________
(Often the home phone number.  If no home phone, see bill for separate account number)

DSL Modem Model Number: _______________________________

DSL Modem IP Address:  192.168.0.1 ________________________

DSL Modem Admin Login:  admin / __________________________

DSL Wireless SSID Broadcast Name: _________________________ [  ] Disabled

DSL Wireless SSID Password: _______________________________ [  ] Disabled

Downstream Wireless Model Number: _________________________

Downstream Wireless Router IP Address:  192.168.0.2 ____________
(Optional, if you have a separate Wireless router; see below)


Downstream Wireless 5G SSID: ______________________________


5G Password: _____________________________________________

24G SSID: _______________________________________________

24G Password: ____________________________________________

Guest SSID:  ______________________________________________

Guest SSID Password: _______________________________________

Printer IP Address:  _________________________________________



Related articles:
Reset Linksys Wireless Password
Linksys EA2700 Router First Time Setup
Installing a NetGear DM111PSP ADSL Modem


2017-08-08

Microsoft Sculpt Wireless Mouse less accurate


I have found the Microsoft Sculpt Wireless Mouse is less accurate than either a wired or traditional wireless mouse.  I suspect the reason is the mouse transmits over bluetooth and is encrypted.  The encrypted traffic slows the mouse down.

I do not have scientific proof, but I know my experience and it has taken a long time to reach this conclusion.  You may not notice this problem in normal word-processing or browsing work.

Keyliner Review:  Microsoft Sculpt Ergonomic Keyboard and Mouse Review.


Mouse:

I was reluctant to use this mouse because it was so large and ungainly.  It gets tepid reviews, even on Microsoft's site, but I learned to like the mouse, then to dislike it. 


A picture about the mouse is worth a thousand words.  Once I learned this, I understood the mouse:




In the end, I was surprised; this mouse is noticeably more comfortable than other mouse or trackpad I have used.

If you have an existing wireless mouse, abandon it and use the new mouse. Two reasons: 
  • The mouse is comfortable.  You will be surprised.  
  • The USB transmitter/dongle handles the keyboard, number pad and mouse. No sense taking up another USB port for a second transmitter for a different mouse.

Follow-up:

I have found this particular wireless mouse is less accurate than wired mice.

I find I am subtly overshooting or undershooting the intended target, and often have to orbit pixels.  Definitely not a problem with a wired mouse.   It turns out this problem is well-known in gaming circles.

Not all wireless mice have this problem.  Because this mouse is encrypted, I suspect it takes it longer to calculate the position. The effect is barely detectable, but it noticeable if you are skilled; especially in drawing programs.  The encryption cannot be disabled so there is no way to test this hypothesis.

I have since abandoned the mouse, but kept the reviewed keyboard.

2017-07-20

HP35s Scientific Calculator with RPN

Review: General review of HP's RPN calculators and why you should switch. I just bought a new HP35s.

HP35s Scientific Calculator (RPN)

Author's note: Although this article is dated, first written in 2009, I smiled today as I reviewed it and decided to re-publish it.  I am still using these same calculators!

This is a digression from the usual computer topics. If you need to calculate more than simply adding and multiplying numbers, consider using an HP "RPN" calculator. In this short article, I will explain why this type of calculator is better than a standard "Algebraic" calculator.

(Illustration: My new calculator and my daughter's statistics text book)

Consider this formula. Using your current calculator, compute the result:


Questions:
  • Did you get the right answer the first time?
  • Did you write down intermediate answers?
  • Did you type parenthesis?
  • Were you confident, as you entered the numbers, that you were on the right track or did you have to wait for the final equal-sign before you were done?

Now try this formula:



Again, the same questions:
  • Were you confident?
  • Did you see the intermediate results?
  • Did you have to save values into Memory (M1), (M2)?
  • Did you type a boat-load of parenthesis?

My daughter, with her expensive TI calculator, tried these formulas several times, and was not confident in her results.

Here is the surprise:

With an HP (RPN) calculator, you would get the correct answer the first time. You would have a high degree of confidence, knowing each intermediate step was reasonable -- with results displayed as the formulas were being typed.

For example, on the HP, you would see the following:


- As "2+3" is typed, the calculator would show "5"
- As "4+5" is typed, "9" is displayed
- and when multiplied together (2+3) x (4+5),  "45" appears in mid-formula.

RPN calculators show intermediate results and there are no parenthesis, nor do you need to store values in "M" (memory) -- the calculator handles this for you.   


What is RPN?

RPN stands for Reverse Polish Notation. The gist is this: Enter the formulas in the same way as-if solving with paper and pencil; solving from left-to-right, inner-parenthesis first, using "My Dear Aunt Sally" (multiplication and division before addition and subtraction). These are the same rules learned in 3rd-grade.

RPN keystrokes are different than an algebraic calculator.

With RPN, type the first number, then press ENTER.  Type the second number. 
After the two numbers are typed, press the function (add, subtract, etc.). 
Of interest, there is no "Equal" key.

This works to your advantage. The most horrendous function can be typed and never is a parenthesis or intermediate save needed.

Using the first example, the keystrokes would be this:

2 (Enter, separates this first number from the second)
3 +
The calculator shows the intermediate result: 5

4 (Enter, separates this from the above "5" *)
5 +
The calculator shows the intermediate result: 9
x (times)
The calculator shows: 45
Sqrt
The calculator shows the intermediate result: 6.708

Without pressing other keys, begin the second part of the equation by typing:
6 (Enter *Technically, this ENTER is not required because the SQRT resolved)
7 + .... etc.
completing this part the same as the first.

Once the second section is completed, press "+", adding the two blocks together.
Results:  21.5743

At each stage, intermediate results are displayed.  The keystrokes are counter-intuitive, but after practicing for ten minutes, you will never forget and will never want to go back!

I have used HP's RPN for so many years I can no longer use a "standard" calculator and I am embarrassed when forced to -- I can only solve the simplest equations on those types of calculators -- Algebraic calculators now seem completely foreign.


Choosing an HP Calculator:
  • HP makes both Algebraic (press "Equals) and RPN calculators (press "Enter") -- be sure to pick the right model.
HP divides the world into two types: Financial and Scientific.

Bankers, investments, and real estate, choose a Financial calculator (12c).
Otherwise, choose the Scientific calculators (even if you are not a scientist).

Here are my recommendations:

Scientific/Non-business Calculators:
HP33s ($40.00) low-end calculator - chicklet keyboard 

If you can, buy the 35s; it has a better keyboard.

HP35s ($60.00) Recommended

HP50g ($150.00) Graphing (now dated)

HPG8X92AA (graphic)  I will be buying this calculator next (update: now bought, but not reviewed):







Business: (Interest/PMT/Financial)
HP12C ($70)

This is an Industry Standard calculator for all financial users. HP reviewed this calculator a few years ago and decided, even after 30 years of production, nothing needed changed. This same calculator, with the same features, has been produced since then. Remarkable.


Look and Feel:
These calculator are pleasurable to use. The buttons "feel" substantial; with a solid, satisfying 'click' when typed. People who use HP calculators rave about the keyboard -- it is unlike any other calculator. When HP has made some cheaper models, with cheaper keyboards (the 33s, for example), users revolted.

I believe all of the scientific calculators are programmable (you can write your own functions, automating common tasks).

These calculators never die. My first HP11c is now approaching 30 years old, and I still use it several times a week. I think I've changed the batteries three times in all those years.  It uses standard watch batteries.

My other HP calculator, which sits at home, is a 20-year-old HP32s and I only recently replaced it with a newer 35s for no other reason than I wanted to see what the new calculators looked like.

In short: If you are in school, or if you need to do a bit more than common math, spend a few dollars, get a quality calculator. Take twenty minutes studying the first couple of chapters in the manual, and you will never go back to those old, stinky, run-of-the-mill calculators.  

 

2017-07-04

Windows 10 Wired Network named after Wireless

How-to: Change the Network Name in Windows 10

I noticed my Windows 10 network name was showing my Wireless network when it should be showing the wired. 


This made me believe my desktop, which has both a Wireless Network and a standard wired RJ45, was using the wrong card. 

After disabling the computer's wireless card (see Control Panel, Network and Internet, Network Connections), and rebooting, it still reported the original Wireless name.  This proved I was using the wired connection -- but the name was wrong.

If you login to the Wireless router's admin panels, you will not find a broadcast name for the Wired connection.  Nor will you find a way to change the name in the Network Sharing Center, nor in the TCP/IP adapter settings.

The name is only exposed in the Registry.

How did this happen?  The first time the workstation connected, it connected via Wireless and placed the name into the Registry.  Switching to the wired connection maintained the same profile and name.

 
Renaming the Network Connection

1.  Start, Run (Windows-key-R), "Regedit.exe"
 
2.  Tunnel to this key:

HKey Local Machine\Software\Microsoft\Windows NT\CurrentVersion
    \NetworkList\Profiles

Multiple network connections may exist, each listed with a GUID {CBSA1321...}.

3.  Within the Profiles folder, click each GUID until you find the network in question.

4.  On the detail side, illustrated below,

Change the Description to a new name
Change the Profile Name to a new name

5.  Close the Registry Editor to save changes.
Click for larger view


The change takes effect immediately, but the System Tray will not update until the next reboot.

In my case, I changed from "wolfhouse24G" to a more generic "wolfhouse".   For this workstation only, both the wired and wireless will show this same name.



2017-06-28

File MD5 Checksum - How to tell if a file has changed

File MD5 Checksum - How to tell if a file has changed
File MD5 Report - Batch MD5 Reporting
File MD5 Batch Inventory

A file's MD5 Checksum can tell you when a file has been modified from the author's original version.  For example, when downloading a program from the Internet, developers often will give you the file's MD5 check-sum -- your version's MD5 could be compared with the author's to see if there was a change.  MD5's can be considered as a "thumbprint" -- a summary representation of the file's contents.

For example:  MD5: 9f-46-58-ef-3d-fe-76-45-65-61-f0-d3-a7-f3-62-bc

Seeing a file's MD5 checksum, sometimes called a 'hash,' requires software.  I have written two handy utilities, one of which is a batch/command-line program (this article) and the other is a much simpler MD5 Windows viewer. 

keyliner link:  Windows Midy5 MD5 Viewer

MD5 Batch Inventory Program

This utility can report the MD5-hash for a single file.  But more interestingly, it can keep track all MD5's in a directory -- keeping a mini-inventory.  With this, you can tell when a file has been added, changed or even if deleted! -- regardless of the filename or date-time-stamp.

2021.11 Update:  Updated program to .dotNet 4.8


Problem at the Office:

At the office, I had a directory of photographs that are weekly refreshed by another system (employee photos).  Each week the entire inventory was replaced.  Original filenames and sizes remained the same, but because the files were re-downloaded each week, the date-time-stamp changed and all files had a new date.  I needed a way to tell which files were different. 

This Keyliner utility resolved these problems.  It is able to tell if the same-named, same-sized photo contained different contents, even though every file technically changed.  It can also tell who is new and who has been deleted. 

It works like this:  If the photo were truly changed, it gets a new MD5 (remember, we have to disregard the date-stamp and the file-size)  A one pixel change in a photograph, changing a white pixel to light grey, resulted in this MD5 change:

Original file:
MD5: 9f-46-58-ef-3d-fe-76-45-65-61-f0-d3-a7-f3-62-bc
MD5: 54-d3-9d-69-07-1a-9f-d9-92-1c-1e-2b-54-42-de-a4
One Pixel changed file^


a huge change in the MD5.

Features:

  • Show a specific file's MD5 check sum, using this command-line

    FileChangeMD5.exe file=filename.ext
     
  • Optionally, using a configuration file, report on all file-changes within a directory, showing
    -Changed Files
    -New Files
    -Deleted Files

  • It keeps track of changed files by using a text-based database
  • Output is an ASCII tab-delimited file (default name: "Inventory.MD5") 
  • Runs in Batch or interactive command-prompt mode
  • Runs unbelievably fast; directory is parsed in sub-seconds
     
  • Can report, grouping by changed-status, or by filename
     
  • Free, no charge, no registration, no nags
  • Simple EXE - No installation required
  • No registry changes; no databases
     

Example Output:

This shows the inventory of all files in a directory (C:\Temp).  Notice the Status column:  "nochange", "changed", "new", and "deleted".  Each file's checksum/MD5 is listed:

Click for larger view

This file can be consumed by other software, parsing for the Status Column. 

Optional Inventory Reporting:

If the config file's "InventoryReport" field is populated with a file name, a secondary inventory report is generated.  The is a simplified report, showing only the type of change and the file name.





Individual File MD5 Checksum

The utility, without any configuration or setup, can report a single file's MD5 checksum, showing the results to the console. 

This example shows the MD5 hash for the file named "C:\Temp\file-01.txt"

Click for larger view

To view a single file, run the program from a Command prompt.
Use this command: 

filechangemd5.exe  file="C:\path\somefile.ext"

where the keyword "file=" is required. 
use quotes around the path and filename.

Better, use a second keyliner utility, which is a Windows-based program:
Link:  Midy5


Download and Installation

To install this program, download the .exe and place in any folder on your hard disk.  Double-click the .exe to run - no installation required.  This program is a DOS program and would prefer to run from a command prompt.

Since keyliner cannot afford a signing certificate, you will be prompted that the file is not safe (being downloaded from the internet).  Click "more information" and allow the program to run.




Follow these steps for a more professional installation:

Using the .exe from a download folder, or copying to a (my Documents) folder is a quick workaround for various Windows 10 and 11 security concerns.  Some vendors recommend this, but these folders are inappropriate for executable software.  Instead, the program should be copied to Program Files so it gains the protection of other Windows security features. Total time: about a minute.

A.  Download this Keyliner utility, from Keyliner's GDrive:

Link:FileChangeMD5 Download Folder


This utility is free for all personal and commercial use.

No registration.  No logging in.  No email.  No nag screens.

Ironically, it has this MD5: 54-d5-e7-f6-59-7a-96-6b-6c-0e-f8-90-ac-95-b9-5d

When downloading, different browsers behave differently.
You will be prompted the file cannot be scanned.  Click "Download anyway"

Microsoft Edge:

Prompts "FileChangeMD5.exe" was blocked because it could harm your device. 

"Click See More" and allow the download.  With Edge, the file will appear in your Downloads directory with a random name, "Unconfirmed 780359.crdownloaded" (name varies).  

Rename the file to "FileChangeMD5.exe".


B.  Mark the program as safe-to-run:

(This step may not be needed if downloaded by Edge and you clicked "More / Download Anyway")

Using File Explorer,
right-mouse-click the downloaded (and re-named) .exe
Select "Properties"
Check [x] Unblock.  This removes the "mark of the web." 

                 Click for larger view

* Only do this if you trust keyliner *and* only if downloaded from keyliner's public GDrive. 


If "Unblock" is not visible, it has already been unlocked (by Microsoft Edge).
Once [x] Unblocked is clicked, this security menu disappears.

  C.  Create a Program folder to hold the program:

Using File Explorer, Create a working folder
C:\Data\
Create a sub-folder  C:\Data\Monitoring  or any similar folder)

If saving to "C:\Program Files"  or "C:\Program Files (x86)", see below for advanced installation ideas.  C:\Program Files is protected by Windows security.  If you use Program Files, always use a separate INI file -- it cannot assume the current directory.  Details below.  Saving the exe in a less-protected folder (c:\data, or C:\downloads is simpler), but with that said, I run mine from Program Files.


D.  Copy the .exe to a working Data folder:

Using File Explorer,
Copy/paste the .exe from the temporary/download folder
to C:\Data\Monitoring

Do this copy as a two-step, copying from the download folder into a working folder.  For this program, it should not be directly downloaded to C:\Program Files without following the advanced steps, below.  Besides, Windows security will not let you download directly into Program Files (technically, you will not be able to remove the "mark of the web").


E.  Run the program and build a default configuration file:

From a temporary directory:
Click Start, (type, no quotes) "CMD"  (launching a command prompt)
C:  (enter)
CD \Data\Monitoring  (enter) 
FileChangeMD5.exe  (enter)

This generates a default INI file in the same folder.  See file: "FileChangeINI.md5"  (named oddly, by design)  You must have rights to write the file in this directory.

See below for command line parameters and how to edit this file.


F.  Testing:

To see the MD5 of an individual file, type this command, where this command is checking the MD5 of itself:

FileChangeMD5.exe file="FileChangeMD5.exe"



Bulk Monitoring and Configuration:

To inventory a list of files in a directory, and to watch for any changes, edit the default configuration file.  Build as many configuration files as needed, for as many monitoring directories as needed.

G.  Edit the sample configuration file, built in Step E. 

The file arrives in the same directory as the executable.

Default INI file "FileChangeINI.MD5"      

Using Notepad
* Modify "FileDirectory"  from  C:\Temp  to a directory that you want to monitor.
* Optionally modify "InventoryReport" and "UpdateInventory" with a pathed location.
The example assumes the current directory.

Close and save the configuration file.

Click for larger view


Notes:  
The configuration file "FileChangeINI.MD5" is an INI file, but does not use an INI file-extension.  Reason:  Files with an ".MD5" extension are ignored by this utility and will not appear in their own inventory.  "MD5" files, can live in the same directory as the files you are inventorying.

If the sample INI file did not generate, you do not have enough rights in that directory.  Run from a DOS prompt to see the error message.  Likely issue:  See below, Advanced Installation 



Bulk TESTING:

Create a test "FileDirectory" (C:\TEMP) and populate the folder with expendable files.

1.  From a Command Prompt (DOS prompt), re-launch the program

C:
CD\Data\Monitoring\FileChangeMD5
FileChangeMD5.EXE  (it will use the default FileChangeINI.md5)

or
FileChangeMD5.exe  C:\<path>\filechangeINI.md5

Notes:
When launched, the EXE looks in the current directory for a config file, unless told otherwise.

Notes:
Optionally move the config/INI file to any directory, any name.
Launch with this command line: 
FileChangeMD5.exe C:\mypath\myconfigINI.MD5

Results:
This runs the program and builds a base-line inventory database of the (C:\Temp) directory.



2.  View the Results

Start, run "Notepad.exe"
Tunnel to the directory where the Program/INI was installed, or to the path specified in the INI.  File

Open this inventory file:  "Inventory.MD5"

* "Inventory.MD5" is the inventory of changed files and the first-time run is the base-run. 
Notice how the first-time run always shows all files as "New".


     Close Notepad.

C.  Run the executable a second time (with no file changes)

Using Notepad, re-open "Inventory.MD5"
All files now show as "unchanged" 
e.g. no changes to the base-inventory since the last run.



D.  Edit any or change any file in the inventory directory (C:\TEMP), making an innocuous change. Save the change.

Delete a different file
Add a new, unexpected file

E.  Run the executable a third time.

Using notepad, open file "InventoryReport.MD5" 
Note file changes in the status column:

   

To Force a re-inventory of all files in (C:\TEMP), setting a new base-line:

1.  Erase file "Inventory.MD5" and re-run the program.
     All files are re-detected as New.

To Force a single-file to be detected as "changed"
(for example, you need a downstream routine to re-process it), do the following:

1.  Using Notepad, open the current inventory file:  "Inventory.MD5"
 
2.  Edit the file's MD5 hash, changing to any random number.
     Changing only one digit is enough to invalidate the checksum

Click for larger view

3.  Re-run the program.  The file will show as a forced "changed"


Advanced Installation Notes:

Microsoft has restricted "C:\Program Files (x86)" and "C:\Program Files" from unsigned, and un-installed programs. 

If you are like me, you really want your utility programs in these folders, where they are protected.  The trouble is, the program wants to write a default configuration INI file in this same area.  Resolve with these steps:

Build a default FileChangeINI.MD5 control file:

A.  Temporarily copy "FileChangeMD5.exe" to a data folder (such as MyDownloads, C:\data, etc.)

B.  Launch the program one time (double-clicking).  It will have enough rights to write its default configuration file, "FileChangeINI.MD5" -- or copy the file from below and avoid the temporary steps.

C.  Move the executable, "FileChangeMD5.exe", back to your favorite ("C:\Program Files\Util", etc.) folder. 

D.  From the temporary copy's directory, move the newly-constructed INI file, "FileChangeINI.MD5" to any directory of your choosing, anywhere but C:\Program Files.

For example,  C:\Data\Jobs\FileChangeINI.MD5

E.  Edit the INI file, making two changes:

Set "InventoryReport" and "UpdateInventory" paths to a location where you have update rights; typically any location other than C:\Program Files.  For example, C:\Data\Monitoring

Set "FileDirectory" to the folder you want to monitor.

;FileChangeINI.MD5 Configuration File
FileDirectory     = C:\Temp             //Search this directory
FileMask          = *.*
LastRunInventory  = C:\Data\Monitoring\Inventory.MD5
InventoryReport   = C:\Data\Monitoring\InventoryReport.MD5
UpdateInventory   = TRUE


with this, the executable can live in C:\Program Files, and the inventory files can be directed to a folder where your normal Windows account has update rights>

F.  Launch with this command line, pointing to the INI file above:

C:\Program Files\Util\FileChangeMD5.exe  C:\Data\Jobs\FileChangeINI.MD5

The Executable can live in a protected directory.
The INI is in a known location, anywhere on the disk.  It points to an updateable area.
The Last-run Inventory file lives where you have rights T
he searched-File-Directory (C:\Temp) can be anywhere.

This solves the restrictive Windows security, without having to grant rights to odd places.



Command Line Options

This utility is best run from a DOS Command prompt and is designed to be run in a batch, automated, mode.  Except for the single-file report, the program will not pause or stop for user input.

A configuration file (FileChangeINI.MD5) controls how it behaves and where results are written.  All filenames can be pathed.  For example, the program can be configured to look at a server's UNC path, and store the inventory reports on a different drive, and the INI file could live on a third drive, as long as all are accessible by the user running the code.

Each time it runs, it overwrites previous inventories and reports.

Command line options:

FileChangeMD5.EXE  (no parameters)

Assumes the current directory contains the default-named
FileChangeINI.MD5 configuration file.

If FileChangeINI.MD5 does not exist, it will generate a default INI.
The INI will point to c:\Temp as a sample.
This assumes your Windows account has update rights in this folder.


FileChangeMD5.exe  C:\Path\FileChangeINI.MD5

Launches using a manually-specified configuration / INI file 
The INI file does not have-to-have an .MD5 extension, but is recommended.
If specified on the command line, the INI file can be any name, any extension.


FileChangeMD5.exe  C:\Path\FileChangeINI.MD5 FALSE

Runs in test, but does not make changes to the Inventory.


Possible Command Line Error:

When trying to run a single-file MD5 check, it is easy to forget the keyword "file=". 
The result is messy and the program will be confused, reporting "Warning: Unexpected value in prefs INI..."

Click for larger view

Bad Command line: 
FileChangeMD5.exe  C:\somefile.ext

Proper command line:
FileChangeMD5.exe  file="C:\somefile.ext"


I hope you enjoy using this program.  Drop me a note and tell me how you like it.

Version history:
1.00 - Initial release
1.01 - Added command-line /?  and /help logic
          Improved bad INI file detection with clearer error messages
          Improved missing file= parameter detection.
          Improved error message texts for Configuration/INI errors

2022.02 This program is way-overkill for a basic MD5 check.  I wrote a new Windows utility that is easier to use, but is not able to inventory an entire directory.

Link:  Midy5



Related keyliner Programs:
BullDozer -- a batch file delete program
Prize Select Raffle Program