Perfect Server: v19

This is the latest iteration of my perfect server. I am building this in order to consolidate and deprecate previous server inventory. Also, it includes many new best-practices which should further secure this new server. This has been updated to reflect the requirements of Debian 9.4 which are slightly different than previous versions.


The first step is to provision a new server. I use Digital Ocean. (Referral Coupon) I will be logged in as root for all of this since this is all stuff that needs to be done as root. If you don’t want to log in as root, you can instead use sudo at the beginning of each command.

(In previous versions, we needed to add new sources to install certbot. This is no longer necessary.)


apt-get update && apt-get upgrade

Now install all the packages we will need, and a few that everyone should really have which are no longer included by default;

apt-get -y install fail2ban apache2 php7.0 php-pear php7.0-mysql php7.0-mcrypt php7.0-mbstring libapache2-mod-php7.0 php7.0-curl screenfetch htop nload curl git unzip ntp mcrypt postfix mailutils php7.0-memcached mysql-server certbot python-certbot-apache man-db && a2enmod rewrite && service apache2 restart && mysql_secure_installation

You will no longer be prompted to create a mysql password when installing mysql-server. Now, you create it during the configuration command at the end of the line above.

Name Thyself

Now navigate to the virtualhost directory;

cd /etc/apache2/sites-available

Remove the default ssl virtualhost. We will be creating a new one instead.

rm default-ssl.conf

Rename the default virtualhost to the fqdn of the server. Example: Note that this is not the fqdn of the site(s) we are hosting on the server.

mv 000-default.conf [fqdn].conf

Edit the default configuration file. We need to change the admin email to your email, and change the webroot to the webroot you want to use. I like /var/www

Restart Apache and apply the changes so it knows where the files are…

a2dissite 000-default && a2ensite [fqdn].conf && service apache2 restart


Free SSL

We already set up LetsEncrypt so now we just need to run their Certbot. Once the domains are set up and pointed to the server’s ip, along with a virtualhost being configured as shown above, all it takes is running Certbot which takes care of everything.

certbot –authenticator webroot –installer apache

Certbot will ask you to enter the webroot from the previous step for validation.

Make sure to choose the most secure options as specified by Certbot.

Now you have an SSL certificate installed!


Hardening Apache

Edit our default configuration file and comment out the DocumentRoot with a # sign at the beginning of the line. You will notice LetsEncrypt has added some redirect rules. We need to modify one of them. Look for the line that looks like this, and change it as shown;

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Becomes… (Use your fqdn where it says [fqdn].)

RewriteRule ^ https://[fqdn]%{REQUEST_URI} [END,QSA,R=permanent]

Save that file and exit.

Now, let’s make sure no one can navigate to the IP of the server and access any virtualhosts that way.

cp [fqdn].conf [ip].conf && a2ensite [ip]

Where [ip] is the public ip of your server.

Now edit the newly created ssl virtualhost configuration file replace the default webroot with the one you want to use. It will be called something like /etc/apache2/sites-available/[fqdn]-le-ssl.conf. Add the following block within the virtualhost tag of the file and save it. Substitute the directory path with your chosen webroot path.

<Directory “/var/www”>
AuthType Basic
AuthName “Restricted Content”
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

Lock it Down

Let’s create a credential set for our new virtualhost. This is sort of a catch-all for any domains we point here which are not yet set up.

htpasswd -c /etc/apache2/.htpasswd [username]

You will be prompted for a password. This is very bruteforceable. My best practice is to use a very high entropy strings for both the username and the password. Typically at least 64 bits of random base 64 for each.

Apply Changes

Now restart apache


service apache2 restart

Test our changes by navigating to the public ip of the server. You should be redirected to a https url with the fqdn of the server and prompted for a username and password. If this happens, everything so far has worked!

Administrative Tools

We will need to put some tools in here so we can administer the server.


This will allow us to manage the databases we will be creating on the server. Head over to their website and get the download link for the current version.

Navigate to our new secure DocumentRoot directory and download that link.

cd /var/www && wget [link]

Now unzip it and remove the zip file we downloaded.

unzip [file] && rm [file]

Now that we have a PHPMyAdmin directory in our secure virtualhost, we need to configure it. Luckily it can do that itself! Use this command and enter the mysql root password when prompted.

mysql -uroot -p < /[unzipped phpmyadmin folder]/sql/create_tables.sql

The last thing PHPMyAdmin needs is a secret string. Edit the config file and save it as nano

Make sure to add a random string where prompted at the top of the file.

Postfix Outbound-Mail Server

We need to edit the config files for postfix and change the interface to loopback-only like so. We already set up a firewall rule to block connections to port 25, but those rules can be changed by mistake, so this will be a good second line of defense to prevent public access to sending mail through our server, while allowing us to still use it locally.

nano /etc/postfix/

Find this line;

inet_interfaces = all

And change to;

inet_interfaces =

Now edit the email aliases;

nano /etc/aliases

At the end of the file, make sure there is a line that starts with root and ends with your email, like so;


Save the file and exit. Then run newaliases to let Postfix apply the changes. Restarting Postfix is not enough because we changed the interfaces line in the config file. We need to stop and start it like so;

newaliases && postfix stop && postfix start

Now our sites will be able to send emails!

VPS Home

This is something simple I built which serves as a better index page for the secure virtual host and includes several helpful tools for diagnostic purposes. To try it out, run this command from the DocumentRoot directory.



It’s helpful to be able to access details of the server’s php installation from this directory. I like to create a file called phpinfo.php which contains simply

<?php phpinfo();

Automatic Backups

Create a new file called /root/ and add the following to it. Make sure to replace the mysql password with yours.


#deletes old backups
find /var/www/backups/www -mindepth 1 -mmin +$((60*24)) -delete
find /var/www/backups/mysql -mindepth 1 -mmin +$((60*24)) -delete

#backs up webs
cd /var/www/webs
for i in *
tar -czf “/var/www/backups/www/webs-$( date +’%Y-%m-%d’ )-$i.tar.gz” “/var/www/webs/$i”

#backs up databases
for i in `mysql -uroot -p[MySQL Root Password] -e “SHOW DATABASES;” | grep -v Database`; do
if [[ ( “$i” != “mysql” && “$i” != “phpmyadmin” && “$i” != “performance_schema” && “$i” != “information_schema” ) ]]
mysqldump -c -uroot -p[MySQL Root Password] ${i} | gzip > /var/www/backups/mysql/mysql.$( date +’%Y-%m-%d’ ).${i}.sql.gz


#fix permissions just in case they changed for some reason

chmod 644 /var/www/webs -R
find /var/www/webs/ -type d -exec chmod 750 {} +
find /var/www/webs/ -type f -exec chmod 640 {} +
chown www-data:www-data /var/www/webs -R

Now edit the crontab with nano /etc/crontab and add this line. This will automatically run that script every day at 8pm.

0 20 * * * root /root/ > /dev/null 2>&1

Make sure to give the script permission to execute.

chmod +x

Offsite Backups

The system I have used for this is no longer available. Will update when I decide on a new system.

Migrating Sites In

Move over the files for all the sites you want to host into individual directories in the /var/www/webs directory.

Now navigate to your virtualhosts directory.

cd /etc/apache2/sites-available

We created a default virtualhost file for the server and named it [fqdn].conf. This was the fqdn of the server, but not the sites it will host. Now we want to create our first hosted site. Copy the default file we made to create a new virtualhost like so…

cp [server fqdn].conf [site fqdn].conf

You can use any naming convention you like, but managing dozens or hundreds of these will become impossible if you are not naming them clearly.

Next, we need to add some new things to this hosted site fqdn. Add a new line inside the virtualhost tag like this;

ServerName [site fqdn]

And change the line which has DocumentRoot to point to the directory for this hosted site. For example;

DocumentRoot /var/www/webs/[site fqdn]

Lastly add these two blocks at the end of the file.

<Directorymatch “^/.*/\.git/”>
Order deny,allow
Deny from all

<Directory /var/www/webs/[site fqdn]>
Options FollowSymLinks
AllowOverride All
Require all granted

The first block will prevent anyone from navigating into a git repository and accessing sensitive data like credentials or from cloning the repository.

The second block will allow htaccess files or directory rewrites, and prevent directory listing. These are required changes if you want to host WordPress sites, and best practices all around.

Now we just need to enable these changes and make the site live with;

a2ensite [site fqdn] && service apache2 restart

From this point on, this new virtualhost can be copied to create new sites, rather than recreating each one from the original virtualhost file.


How To: Cheap and Unlimited Worldwide Cell Service

I will show you how to combine several products to get cheap and truly unlimited worldwide cell phone service.

Google Voice

What is Google Voice? This is a completely free service which allows you to make calls and texts from any web browser or from your cell phone, to and from your main phone number.

A long time ago, I was very frustrated about not being able to text and call from my phone while in St Thomas. This is a territory of the US which has excellent internet service in the cafes, but no service for people with US cell phone plans. It was so ridiculous and frustrating to be able to use Facebook just as easily as at home, but not to be able to call or text.

Google Voice solves this problem. I ported my same phone number I’ve had since I was 14 into Google Voice, and voila, I was able to call and text from my phone the same as before, but now I could ALSO call and text from Gmail as shown in the pic above. (This texting and calling also works in many other Google web apps like Contacts, Hangouts, Inbox, etc.) Both of these work anywhere you have an internet connection. If I am at a friend’s house in the mountains and there is wifi, I can text and call no problem. If I am in another country on data or wifi, I can text or call no problem.

In fact anywhere in the world where I have wifi or data, I can call and text from any device I am on, not just my phone! Unlike other web based texting solutions like MightyText (Which allows you to text through your phone via the web), Google Voice is truly web based. So even if your phone is off or broken, you can still use Gmail to text and call because your phone number is not tied to your phone. You can simply hook your headphones or bluetooth into your laptop and make calls and texts through the website as clearly and simply as through your phone.

For years, I have used Google Voice in conjunction with a T-Mobile unlimited data plan. I have my same original phone number still tied to my phone through Google Voice; I can still call and text just like always. There wasn’t really any noticable change on my phone, but now I can also do everything on ANY device I am logged into.

Google Fi

This is an optional step which may not work for everyone. For years, I used Google Voice without Google Fi and it was great. The only reason I am adding Fi now is because I will be spending time overseas, and at this point Google Fi is a better deal than T-Mobile based on my usage.

Google Fi is a cell phone service from Google. They send you a sim card to put in your phone which gives you service anywhere in the world. In my case, it replaced T-Mobile as the data provider for my phone. My cell phone number is still with Google Voice.


Google only officially supports people using Fi on Google phones. But Fi is a sim card. It works on essentially any device that can accept sim cards and supports the modern bands. Also Google doesn’t want you to use both Fi and Voice. They want you to use one or the other.

Google’s official documented solution for people who want to try Fi on non-Google phones is to that we should create a second Google account to use for Fi only. Sign up on the website with this second account and they will send you a sim card.

Now simply install the sim card in your phone and DO NOT install the Fi app on your phone unless you have a Google phone like a Pixel or Pixel XL.

This process is confirmed to work on essentially any modern phone from iPhones to my LG V20.

So now your phone has data anywhere in the world, and your phone number works on any device you log into, including your phone and laptop.

Further Caution

Some people have reported eventual problems with non supported phones. I have been using Fi all day today and so far I have had no problems. I will report back once I have further updates about my Fi experience.


Please let me know about your success or troubles in the comments below!

Meditation: The Difference Between Pain and Suffering and What Meditation Can Do About It

I participate in a biweekly meditation and discussion group. It is my turn to select a reading to start the conversation, and I have selected an excerpt from an excellent conversation which happened on Sam Harris’ Waking Up Podcast. The episode is a much larger conversation than just this topic, and the entire episode is super interesting. In this episode, three of the world’s leading academic experts on meditation and mindfulness discuss the evidence and research that exists for benefits from meditation and mindfulness. You can read more about their expertise and credentials here.

The section I want to share is a discussion of studies they have conducted on people suffering from depression, anxiety, and chronic pain, and the evidence suggesting mindfulness based cognitive therapy is actually more effective than medication for dealing with these problems.

The Three Main Points

  • Mindfulness means knowing that you’re knowing. It means recognizing that a thought is just a thought, a feeling is just a feeling. The default mode is letting those things define who you are, but mindfulness means learning to understand that those things are separate from who you are. This is also sometimes called meta-cognition or meta-awareness.
  • Cognitive behavior therapy (commonly just called therapy) means you don’t have to believe your thoughts and feelings. You can decide to change them. You can decide how you want to think and feel. Thoughts and feelings come from what your brain is used to, so if you choose to proactively think or feel differently, your natural thoughts and feelings will change over time.
  • The evidence suggests that combining mindfulness and cognitive behavior therapy is more effective than medicines at treating depression, anxiety, and chronic pain disorders.
    • Suffering, depression, anxiety, and chronic pain are often anticipatory emotions which are experienced in anticipation of pain which may or may not even happen. Recognizing that fact and choosing how to feel can mitigate symptoms of suffering more effectively than medicine.


These main points together can help us define goals for our meditation practices; something solid to try to do which is based on evidence. These are the things that the data show are effective at changing behaviors and improving outcomes.

Diving Deeper (Optional)

Here is the actual conversation and the definitions given in depth. Our main group conversation will be about the points listed above, but here is the rest of the interview for background.

The Experts Define The Terms

Towards the beginning of the conversation, they define mindfulness and cognitive behavior therapy as it applies to the conversation. (You can click here to listen to that section or read below 34:12)

Davidson: “Meta-awareness is simply knowing that you’re knowing. Recognizing that a thought is a thought rather than being swept away in its content.”

Goleman: “One of the main principles of cognitive therapy is that you don’t have to believe your thoughts. That’s a very revolutionary idea for most of us.”

Harris: “We should probably define mindfulness at this point…. for those who are new to the topic, … how would you define mindfulness?”

Goleman: “I think mindfulness as it’s taught in the classic traditions encourages us to take an equanimeous position amongst the comings and goings of our own thoughts, and to see them as feelings and thoughts rather than, ‘that’s me’. And to just note them without judgment or without reactivity, and let them come and let them go. That’s a very radical stance internally.”

Harris: “And so is there any distinction between what you’re calling meta-awareness and mindfulness as you just used it?”

Davidson: “…In the classical traditions, mindfulness often has some additional components in addition to the ones [Goleman] described. It includes remembering to bring a certain view to every encounter. And what does that mean? Well in part it means recognizing that every human being shares the same wish to be happy and to be free of suffering.And also a view that has an altruistic intent. The disposition to help relieve the suffering of others whenever it’s encountered. And remembering to bring that conviction, that stance to every encounter is also part of mindfulness.”

The Reading

This conversation starts at 49:53 and continues to 54:30. You can listen to it here or read it below;

Harris: “Let’s talk about a few categories of human suffering and you can tell me the state of the literature on the utility of mindfulness in particular as a remedy. What do we know about depression and mindfulness at this point?”

Goleman:”Well there, it’s  mindfulness in tandem with cognitive therapy, mindfulness-based cognitive therapy. Which meta-analyses suggest can be as effective for mild and ordinary depression as are medications. Also for anxiety disorders, it seems to have the same amount of efficacy [as medications].”

Davidson: “I think that most of the work with depression has in fact been focused on mindfulness based cognitive therapy. And where it’s particularly effective is in reducing the likelihood of depressive relapse. That’s where the best data are. So if you take an individual who has had a history of depression — and one of the things we know about depression is that it’s a recurring illness — teaching a person mindfulness based cognitive therapy when they are admitted has a dramatic impact on the likelihood of relapse. In fact, it’s the one case where mindfulness based intervention is actually more effective than medication.”

Harris: “So this is in preventing or reducing the likelihood of relapse.”

Davidson: “Correct. And this is for depression and not bipolar disorder.”

Harris: “So what about pain perception and the problem of chronic pain which obviously links unhelpfully with the problem of opioid abuse which is so in the news now.”

Davidson: “I think we need to make an important distinction between pain and suffering. The neuroscience literature has helped us to understand  the different parts of neural circuitry involved in pain processing that are related to pain more explicitly itself, versus the suffering that often occurs as a consequence of the initial pain. With regard to the impact of meditation, the data show that the circuitry involved in the more emotional components of pain, the suffering component can be modulated much more strongly than the sensory features of the pain itself. Here is where I think mindfulness and related practices can make an important difference.”

Harris: “So this distinction between pain and suffering, lets say a little bit more about that because it’s highly counter-intuitive to people. What are your findings there, or what are the findings of meditators in general there?”

Davidson: “Well there are two kinds of findings. One is that during the anticipation of pain, we see the activation of parts of the neural circuitry associated with pain. We can see in the laboratory that when a person is told that they are going to be receiving a painful stimulus in the future, the circuitry involved in pain processing is activated in response to the innocuous queue that simply informs them that a painful stimulus will be occuring. In situations of chronic pain, we often encounter something quite similar where a person is anticipating for example that when they start walking, they will start feeling pain. And that activates aspects of the pain matrix itself even though they may not have begun to walk the actual triggers might not have been activated. The parts of the pain matrix that are activated during those anticipatory periods are parts that are associated with suffering; more the emotional components of pain rather than the sensory components of pain.”


Is Unconditional Love Possible?

I attend a bi-weekly meditation group and this was the prompt for the discussion this week. I decided to type out my thoughts and include an example from my life before I head to the meeting this week.

What Is Love

Love is one of the places the English language suffers from rudimentary vocabulary. The Ancient Greeks had six words for the different kinds of love. Today, we lump them together and scare ourselves out of using the word for fear of implying the wrong thing.

“You can’t love another until you love yourself.”

I think an important place to start is defining the word for oneself. In my case, I start with self-love. As the old saying goes, “You can’t love another until you love yourself.”

But what does self-love mean? I have done a great deal of reading on this topic and I have answered the question for myself; self-love is being kind instead of unkind to yourself when the person you are (or were) is different from the person you want to be.

Through this lens, it’s easy to look at other people. Every example I’ve come up with in daily life where I get upset or frustrated with someone is because something they are doing is different than what I want them to be doing. Conflict in traffic, politics, and relationships often fulfil this definition for me. In fact I haven’t found any examples where I am upset at someone and this is not the reason why.

Being unkind instead of kind to someone who is not what you want them to be will do nothing to change them.

So what is the reaction when one is angry? I think the default response is to try to punish the other person into being what you want them to be. Phrased this way, it’s obvious that this won’t work. Being unkind instead of kind to someone who is not what you want them to be will do nothing to change them. In fact, attacking someone will only cause then to resent you and your motives and to defend themselves rather than analyzing themselves. Attacking someone can not make them change.

Fundamentally, I define love as a verb, not a noun. For me, it means choosing to be kind instead of unkind when someone is different than I want them to be.


This is another hard word to define. I choose to think it means valuing love as a chosen behavior when loving is hard, or not the first reaction we have.

Whenever I feel myself becoming upset or frustrated with someone, I try to ask myself how I can be loving towards this person as opposed to unloving, meaning how can I be kind instead of unkind in reaction to them being different than I want them to be.

This is fundamentally tied to the eternal philosophical conflict between prescriptivism versus descriptivism.

Countless variables contribute to the makeup of any person. Maybe I have an idea of who I want to be or who I want other people to be, but I can not control every variable. In fact the only variables I can control are my own behaviors, and then only with great difficulty. Luckily my own behavior can be a very impactful variable.

Without Love

I had a close friend in high school who had a difficult relationship with his father, a neo-nazi. His father had recently come back into his life after a long absence and my friend was very excited to have a father once again. He started trying very hard to fulfil his father’s expectations and build a closer relationship.

My friend was very conflicted between wanting to have this relationship with his father based on fulfilling his paternal expectations, and with the consequences for the other relationships in his life if he were to follow the path of radical xenophobia and bigotry. I felt very strongly that he was making the wrong choices in following his father, and I tried very hard to change his mind. Over and over, every time we talked about it, he would eventually agree with me and come to the realization that he needed to get away from his family and start over somewhere with better people around him. But over and over, he didn’t follow through with walking away. He wanted a father in his life more than he wanted to be a good person.

I moved away after high school and we drifted apart. A couple years ago, I read in the newspaper that his body had been found in a dusty gutter. He was beaten to death in the street. The reports say he choked on his own blood while people watched and did nothing to help, did not call 911. They just let my friend lay there and die. He had crossed the wrong line, did the wrong thing, said the wrong thing to the wrong person and it cost him his life. I picture him imagining his dad’s satisfied reaction as he did whatever he did that cost him everything. As he lay there in the street choking to death on the taste of blood, I can only imagine him finally deciding he had made the wrong decision in following his father’s path.


I have decided to crop out his face and not identify him for obvious reasons.

I really wish more people in his life had tried to be understanding and tried to be kind rather than unkind when he said or did the often evil things he did. I really believe he would have eventually come around and become an ally. He would have had an incredible story to tell of escaping the dark and evil side of the generation that’s on its way out.

I think about him all the time and how conflicted he was, whenever I see someone do something that upsets me. I try to picture the reasons why they are the way they are and what sort of choices I can make to be understanding and be loving, rather than the alternative.

A Sad Tale of Two Fishes

CJ Trowbridge

Micro Econ


A Sad Tale of Two Fishes

Prompt: Why do salmon populations face extinction the world over while goldfish populations face no such danger?

As someone who grew up in the mountains of Southern Oregon and experienced first-hand the bleeding edge of Salmon conservation efforts, this issue is close to my heart. Wild Salmon populations all over the world face extinction because of negative corporate and public externalities. One of the leading problems historically has been poor design of hydroelectric-dams providing power to home energy markets. These dams can interrupt Salmon runs and prevent them from reaching their spawning grounds. This is literally the definition of genocide: an entire generation of a population is prevented from reproducing before they die.

More recently, these issues have been addressed in many places around the world, and populations are sometimes on the rise. Another negative externality which threatens wild Salmon populations is habitat destruction through pollution or other means. In some shocking cases, physical barriers are put down by people trying to deliberately sabotage or destroy populations in order to later avoid officially responding to conservation efforts during planned future development.

In contrast, Gold fish are a common fancy pet which have spawned a large and macabre market. Many people buy them in order to treat them as a disposable and temporary pet for children who put them in enclosures they cannot possibly survive in and without correct filtration or food in place. Goldfish will often live short and tortured lives, starving or suffocating because of improper equipment and then they are frequently replaced by sadistic and irresponsible parents, ambivalent to the harm they are causing to these animals. A large industry exists to create an endless supply of these animals for children and parents to negligently kill.


Quit Your Mediocre Job And Get An MBA

Going to college is an investment, but many people assume that just any college is a good investment. I know a lot of people who have gotten liberal arts bachelor’s degrees and ended up stuck working in restaurants for years, unable to find a real job. This example is a waste of an education. All that money and time spent and they are no better off than someone who didn’t go to college at all. And they probably have debt to pay back.

I decided to wait over a decade to go to school until I decided what I wanted to do and came up with a coherent plan to actually get a return on this huge investment.

If you find yourself working a mediocre job which you hate, then maybe it’s time to do more. So what would happen if you just quit your job today, take out student loans, and go to school for an MBA?

According to research done by US News in 2016, 88% of students who get an MBA find a job within three months making an average of $126,919. That’s the average. Consider the average person for a moment and ask yourself whether you’ll be ahead of that curve. According to Bloomberg, the average person triples their previous salary when getting an MBA from ~$50k to ~$145k.

Cold Turkey

Imagine quitting your job today and starting the path to your MBA tomorrow.

To save money and improve your chances of getting into a good school, you decide to start by finishing the IGETC and at a community college. If you’re not working at all, then tuition is free, and you will get about $3k/semester in financial aid. Let’s assume you take out about $20k in student loans along with that financial aid to cover living expenses while getting through and IGETC. This number is deliberately high; my own amount was much lower. And I went full-time at two different community colleges to speed up the process.

Now it’s time for a four year school, BUT since we did IGETC and Assist, we’re already halfway done. Let’s assume we decide on a mid-range state school like San Diego State University and a bachelor’s that actually has job potential like engineering, marketing, or computer science rather than something pointless like psychology or art. There are cheaper options and more expensive options out there, but the important thing is to get a degree that is actually going to mean something to an employer, otherwise what’s the point?

According to, average cost (Includes tuition, room and board, supplies and other expenses) for in state students at San Diego State University is $28,224 minus an average financial aid award of $11,400. So that’s $16,824 per year. Since we did the IGETC and Assist at community college, we’re only spending two years here which comes out to a total of $33,648 which goes onto a student loan.

Alright so now our total loan principal is $50,648 and we have a valuable bachelor’s degree. Time for that MBA.

Bloomberg has really comprehensive research on this, and they put the average cost of an MBA in the US at just $53k plus living expenses. There is no financial aid for Masters students so let’s add another $20k in debt to cover living expenses while we are doing the Master’s program.

Now we have our MBA and debt of around $123,648.

Less Debt Than Income

Remember from above that within three months on average, MBA grads will be making an average of $126,919/year. We could pay all of this debt off the first year if we are as frugal as we have been while in college, or more likely we will spread it out over the next few years and enjoy some of the fruits of our labor. The point is that this amount of debt is trivial for an MBA grad. On average, the total amount of debt is LESS than the starting annual salary.

Having student loans and paying them off is a  great way to demonstrate you are creditworthy. Once you get past the educational hurdle and triple your income, you will be able to do things you never could have before.

Just Do It

It’s scary to leave the comfortable routine and reinvest in one’s future, but it makes sense for anyone smart and capable to make a choice like this, especially if they are tired of wasting time doing mediocre work for mediocre rewards. Life is too short!

How to Remove Viruses and Tune Up Computers FOR FREE

This guide explains hot to remove computer viruses including adware, spyware, and malware. It explains how to prevent reinfection, and how to do regular tuneups and maintenance in order to keep your computer running smoothly.

This guide is only for people using Windows:

  • Such as Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 8.1
  • or Windows 10.


This entire process should be completely free. At no point in this process should you pay any money or agree to any trials. All of these tools have a free option. They also have a paid option which usually comes with a free trial. Many of them will try to trick you into agreeing to a free trial of the paid version instead of using their free version. Be very careful never to select a free trial. Always stick with the free version.

These are the same tools professional technicians use while charging hundreds of dollars in labor. There is no actual cost for removing adware, spyware, or malware. Virus removal itself is always a free process. You pay for the time of the person doing it. If you can follow these steps and do it yourself, your time is worth those hundreds of dollars!

Also: If you don’t follow my directions here, you can mess up your computer or end up accidentally paying money for something that should be free. If you follow my directions, there should be no cost and no potential for damage. But I obviously do not accept responsibility for any damage to your computer or loss of information. If you feel unsure about a step in the process, send me an email! I’m happy to help. You can reach me at

Step 1: Remove Viruses

Within the realm of virus removal tools, there are several categories. The biggest one is probably spyware which watches your activity and sells your information to third parties, then there is adware which shows you popups and ads. Third there is true malware which is the most insidious because it will often install other things like adware and spyware, or even more malware. Malware also includes things like Ransomware or Cryptolocker which encrypts your computer and holds it for ransom. We will need to use several tools together in order to effectively target all of these categories of viruses.

First, install and run THE FREE VERSION of Spybot Search and Destroy. When you click on “Download” under the words “Free Version,” you will go to another page where you will need to again look for the “Free Edition” button and NOT the free trial of a paid version. Install and run this program and let it remove anything it wants to remove.

Second, install and run THE FREE VERSION of Spybot Search and Destroy. When you click on “Download” under the words “Free Version,” you will go to another page where you will need to again look for the “Free Edition” button and NOT the free trial of a paid version. Install and run this program and let it remove anything it wants to remove.

Third, install and run THE FREE VERSION of SUPERAntiSpyware. This page uses the same tactics to try to get you to agree to a free trial of a paid version. Do not do that! Find the completely free version and download, install, and run that version only.

Fourth, we will install and run THE FREE VERSION of MalwareBytes. This is a very powerful and popular tool which focuses on heavier malware more than things like adware and spyware. Run it and let it remove anything it wants to remove.

At this point, we need to check in with our progress. If all three of these programs found and removed infections, we need to continue to heavier virus removal. If not, we can skip ahead to the next step, “Preventing Reinfection.”

Heavier Infections

This step is not necessary unless all three of the previous tools found infections. It is important to run those tools first, because they will almost always deal with all the issues. If all three of the previous tools found problems, then we need to use this heavier tool.

Note: this tool can sometimes cause issues with drivers and internet connectivity. Use it at your own risk.

The nuclear option in virus removal is called Combofix. It is also a free tool which is very effective at removing all kinds of viruses, but it can very occasionally cause other problems with the computer which may need to be fixed afterwards. These are typically small things that often correct themselves. Personally, I use this all the time and I know most of my technical friends do too, but it is important to say that using it comes with some risk.

Step 2: Preventing Reinfection

The best way to eliminate viruses from your life is to prevent them in the first place.

Things To Avoid:

Only use Chrome or Firefox to browse the web. Never use other browsers. They are slower and less safe. Internet explorer, Safari, and Edge have all been compromised regularly and they have a reputation for letting infections into your computer without even asking your permission. Using a safe browser makes it much easier to have better habits that will prevent infections.

Never download anything. This may sound extreme, but it is practical. As a student, I often need to view documents from professors. But there is almost always an option to preview the file without downloading it. Look for these kinds of options and avoid downloading anything under any circumstances.

If you must download something, check it before opening it. I love the free tool VirusTotal. Bookmark it! This is a simple website which lets you check any file for viruses. They will check the file with over a hundred different antivirus programs and then give you the results in just a few seconds. Any time I have to download something, I always use this tool to check it before opening it.

Avoid Disreputable Antivirus Programs. Norton and McAfee are the obvious examples. These old-fashioned programs cause far more problems than they solve. They are not effective at removing viruses, and they clutter up your computer with unnecessary resource-wasting garbage. Kaspersky Antivirus is a front for Russian spies. This is not a good tool to use, and has been banned by the US Government as it was recently used by the Russian government to steal classified documents. Read all about it in the news.


Runtime Protection

If you have a pattern of behavior that contributes to regular virus infections, then it is critical to have some kind of antivirus running all the time checking anything that is going on on the computer to make sure there are no infections. This is called a “Runtime” antivirus because it runs all the time. Personally, I do not use any runtime antivirus, and I never have any problems. But that is because I know how to avoid them. If you do have problems, you need a runtime antivirus to protect you.

The free tools we installed above are not runtime antiviruses. They run only when you click on them, not all the time.

If you have Windows 10, the antivirus which is built in is probably more than adequate to keep you safe from infections. If you’re not sure what version of Windows you have, you can hold down the Windows Key on your keyboard, and press the “Pause Break” key at the same time. A popup will appear that explains what version of windows you have.

If you don’t have Windows 10, you should probably use a runtime antivirus. This should always be free. You should never pay for any antivirus tools.  Often times, that will just lead to them trying to sell you more things, and not giving you any better protection than you get for free. You can read reviews of the top free antivirus programs here.

Critical: you can not use more than one runtime antivirus at the same time. If you have Windows 10, stick with what it comes with. If not, pick one of the top rated free runtime antiviruses listed below. I recommend Avast.

Here are the current top three free runtime antiviruses according to PC Magazine:

  1. Avast
  2. AVG
  3. Bit Defender

Just like with before, make sure to only agree to the completely free version and not the free trial of the paid version. AVG will still keep trying to sell you the paid version forever. For that reason, I don’t recommend them, though they are the second most popular option.

Backup Your Important Data

Use a free service like Google Drive or Dropbox. They will make a folder on your computer where you can put all your important documents like photos and tax information. They automatically back it all up for you for free, and give you access to your data from their website. These tools will often also alert you if you get a serious infection on your computer which puts your important documents at risk.

In the future, if your computer crashes or is infected by severe malware, you will not lose your important documents. I can not stress this point enough.

Step 3: Regular Tuneups

This is the easy step. We should probably all be doing this once or twice a month, and always after any virus removal. This too should always be completely free and none of these tools should be paid for. Always click the free option and never the free trial of the paid option.

First, install and run CCleaner. It will remove any temp files, extra cookies, etc from your computer and help it to run faster and have more free space.

Second is THE FREE VERSION of Spybot Search and Destroy. We already installed this in the first step, but in case you did not, install it now. When you click on “Download” under the words “Free Version,” you will go to another page where you will need to again look for the “Free Edition” button and NOT the free trial of a paid version. Install and run this program and let it remove anything it wants to remove.

Last is THE FREE VERSION of MalwareBytes. This too was in the first step so you may have already installed it. Run it and let it remove anything it wants to remove.

Now your computer should be running smoothly and virus free!

If you have any questions, let me know at and I’m happy to help.

The Coming Dawn

When I left a previous job a few years ago, it was because I felt like there had been a dramatic decay in the quality of the people around me. Typically, that company has a very values-driven culture where people are strongly bought into the ideas and principles of service and commitment to quality.

In downtown Portland, I met unbelievably incredible people who I will always look up to, who happened to be coworkers at this company. In Sacramento, the story was different. I found that the same quality people were less common or not present. I was surrounded instead by people who did not care at all about the values and principles underlying the organization.

I quickly became exhausted trying to lead in that kind of environment.

I get the same feeling today with politics and our national leadership. It’s hard to think of anyone in the executive branch who seems to care about what they are doing, or to make any attempt to do it well or to do it based on facts and principles. This theme and idea have spread across a great many parts of my perception of the world around me. I feel the same exhaustion when I read the headlines on the newspapers in the morning. It is like all the smart people have disappeared, and the show is being run by unopposed morons. Advocating for criminal behavior has become a commonplace practice for politicians; from sexual assault to pedophilia, etc. That alone is incredible.

Today, I randomly crossed paths with an old friend who rose to power in the area since I left, at this company I had worked at. This person is one of the most values-driven, principles-driven, and competent people I have ever met. We spoke at some length, and they talked about purging those people I mentioned before. This old friend was very enthusiastic about the satisfaction they felt at removing incompetent people and replacing them with competent people, restoring the commitment to values and principles. They could not have known how satisfying and looked-for those comments were. I have not stopped thinking about this conversation all day.

Rather than feel fatalistic about the disgustingly incompetent national leadership we endure today, and the emboldened and resurgent cult of ignorance and bigotry, I will try to look forward to the coming purge and do everything I can to encourage values-driven and principles-driven people. Corruption, incompetence, moral cowardice, and anti-intellectualism will destroy themselves in the light of day. We need only wait until sunrise, and continue to reinforce the motifs of truth that will become the spark of first-light.

Product Review: Xiaomi Mi ANC USB-C Earbuds

I’m really into minimizing the things I carry with me, and getting the most out of them. The Xiaomi Mi ANC Earbuds are a perfect match for both those goals. They are an amazing pair which I will keep in my everyday carry for the foreseeable future.

These earbuds are replacing a previous pair I used. The old pair were bluetooth noise cancelling earbuds. There were a few major problems with them which apply to all bluetooth earbuds. For one, they still have a chord connecting them to each other, so the dream of removing all chords falls short.  Secondly, they have to be recharged, and there is no way to use them while they are recharging, so it’s sort of Russian roulette every time you need them. And if they’re dead, you’re out of luck.

Personally, I use earbuds for listening to class lectures, audiobooks, podcasts, and music.  I need them to work when I need them, so I decided my next pair would ideally not be rechargeable, or at least it needs to work while I am charging it. But I still really enjoy the noise cancelling feature. I sometimes use noise cancelling without even listening to anything, just to alleviate little distractions around the room.

Enter Xiaomi Mi ANC Earbuds;

First Impressions

The Xiaomi Mi ANC Earbuds are very pretty. The chord is braided nylon and the buttons and earbuds are black titanium. They come with lots of different size options for the earbuds themselves, and with a fancy carrying case which I will never use.

Second thing to notice, they do not have a 3.5mm jack, it’s USB-C! I guess I buried the lead. This is the most exciting part for me. They will never need to charge, because they are powered through the connection to the device. The black piece shown at the bottom of the picture is the buttons. This includes play/pause and forward/back for music, answering calls, etc as well as a button which can turn the noise cancelling on and off.

Noise Cancelling

I have used lots of different noise cancelling headphones over the years ever since the very early bose pairs which were only allegedly mobile-friends and in fact not convenient or comfortable at all. Of all the pairs I have tried, the Xiaomi Mi ANC Earbuds are by far the best for noise cancelling. I am always amazed and momentarily shocked when I take them out or turn them off and realize how much noise they are removing.

After I first started using them, I thought to myself that the way they work seems unusually good. When you turn on the ANC (Active Noise Cancelling), the effect is immediate, but then they seem to take a moment to try other strategies on sounds which are not cancelled easily, like loud fans or electrical sounds. The quality of the noise cancelling then improves as it seems to try additional strategies to combat these other sounds. It seems like they must use some kind of learning algorithm to do this, but I have not found anything in the documentation which explains this.

Sound Quality

A little background on my earbud testing qualifications; I have been a professional sound engineer and DJ for over 15 years and tried lots and lots of headphones across the spectrum from studio monitoring headphones to $4 earbuds.

I have listened exclusively with these for the past few days. I listened to music, podcasts, audiobooks, and even watched Blade Runner. The quality is amazing. I am very happy with my purchase and very glad to recommend these to everyone!

Defining Evil

This is an important word which serves to define the things we ought not to do. I choose to accept Philip Zimbardo’s very studied definition;

Evil is intentionally acting or causing others to act in a way that dehumanizes, harms, or kills innocent people.

The top two reasons people or groups become evil are the delegation of authority and othering.

Nazi soldiers tried for war crimes often said they “were just following orders.” This is the number one way people become evil according to Zimbardo’s research.

The number two way is Othering or using dehumanizing language to excuse evil actions. For example, “I hate stupid people” doesn’t really mean anything, and it is an easy way to give yourself an excuse to say or do any horrible thing to another person.

There is a REALLY GREAT interview of Zimbardo by Tim Ferriss which explores his decades of research into exactly how and why people or groups of people become evil versus heroic under pressure. I encourage everyone to listen to this important interview and try very hard to avoid being evil. If you would like a TL;DR, I gave a speech about it at Sierra College.