Posts by Paul Crawford

Re: Long ago.

We have 5 nominally identical machines used for "industrial control" use, all around 6 years old now. But one of them turned out to crash at roughly 2-6 month intervals. Memory tests, etc, revealed nothing. Second time it happened it was at 9.30pm on a Friday night while I was out for a beer or three and I had to persuade the security guy to let me in and up to the top floor to push the reset button.

After that we put watchdog daemons on all of them (and quite a few other machines as well) and in practically every case it has saved physical intervention to restore operations.

Top tip - edit your settings so the machine just fixes any file system anomalies and continues, and is not sitting there prompting you to decide on the action. For example:

http://xmodulo.com/automatic-filesystem-checks-repair-linux.html

In general most modern file systems will be OK for any automatic repair, if not then you were going to have to reformat and restore your backup anyway...

Re: You're Doing Corporate WiFi Wrong

Any sane company has at least two wifi systems: one for user's own phones / visitors / IoT crap / etc, and a 2nd (or more) that is more locked down and only for approved corporate devices that need to access internal systems.

Re: A wavelength of 200 ... metres

It was on 200kHz originally, but shifted a LONG time ago to be 198kHz as a multiple of the 9kHz AM band spacing.

We still have an old QuartzLock 2A off-air frequency reference that provides an accurate 10MHz from that LW transmission. Shows a little of the general wobbles (about 3E-8 at 1s interval) and day/night changes though, but if compared to the recent very stable GPS-based QuartzLock E8000 reference they agreed to better than 1E-10 over a day or two averaging.

Re: Good idea.

A major factor is there is no root account. So you have to guess both the account name(s) that have sudo rights AND a matching password. If you ever look at your SSH/auth logs without any tight IP restrictions you will see lots of attempts to log in with names such as: root, admin, pi, test, oracle...

Remote use?

I find the argument that home users are "used to Windows" is odd these days, most non-technical folk I know of use tablets and rarely touch a laptop/desktop (gaming aside). At one point MS argued that the stable and predictable GUI was a big reason to stick to them, and for Win95/98/NT/2k/XP (without the Fisher-Price style, which was a simple option to select) that was true. But given the general fscking of the user interface over the last decade or two (from 'the ribbon' the the disaster that was win8) that is long gone.

Sure you can lock down a remote device, but that would not be a home user's device but a corporate laptop. Who would allow their work to administer and lock down their own laptop? To restrict the pr0n-browsing opportunity?

Re: david 12

It is true you could install a 3rd party NTP build for Windows for some time now (e.g. from Meinberg), but it has taken a LONG time for Microsoft to get with decent time-keeping.

But you are wrong about 90s UNIX systems, we had Sun machines in the mid 90s that had microsecond format clock reporting (via gettimeofday() calls) even though I think they actually used the RTC oscillator so had 30.5us tick steps from the "watch crystal" used behind them. So better than 100us there. However, it is possible that older Linux boxes were millisecond ticks but I did not have much experience of those until the mid 2000s by which time they were us resolution.

Also this was in a university setting so we had a 2Mbit WAN and reasonable delay stability in the 90s, though of course small businesses and home use was still often dial-up until the 2000s and that would set a significant limit on time setting.

Re: Updating

Also what guarantees that the upgrades in 5-10 years will still fit the storage on budget IoT devices built now?

Re: Is it important?

Point is with FTTP there is no practical bandwidth limit on the infrastructure: change the end point transceivers (assuming enough backbone capacity) and you can get 1GB or possibly 10GB symmetric speeds. At least and order or more of magnitude faster than last-run over copper.

Russia has viable opposition parties?

Re: 2FA?

Another big factor (if you pardon the pun) is the number of people using their phone for both the internet access part (i.e. user-name/password entry) AND for the 2nd factor (e.g. text message code) so once again the phone becomes a single point of failure in security terms.

Re: Symptoms of misguided policies

You are right about "collateral costs" but also we can look at the biggest addictions (smoking and alcohol) and see how they are managed around the world. Generally they are legally available so the quality is mostly 'safe' but with restrictions on sale, use (e.g. smoking bans in public buildings in many places), and advertising along with various campaigns to promote more responsible use.

Now it is not a complete success but overall it seems to be better to manage and tax it than to have prohibition and funding organised crime.

Re: unfortunately...

You seem to make the common mistake of thinking of the EU as a single body.

The EU commission is largely made of gov wonks and tend to do the same sort of shady back-room deals that most governments do, but at least their masters can join the tabloids in blaming the "Evil EU" for making them do what they were lobbying for in the background anyway. Just like the UK gov and the telco data retention directive, for example. These are the ones trying to put a plaster on the current EU-US deal.

Then you have the MEPs who actually do a public debate and (mostly) democratic vote as they don't have much of a party-political goal scoring agenda like most lower houses. These are the ones who seem to be standing up for individual rights, just a shame our own MPs seem to care for none of it.

It would be even better had we (the UK) not voted in wasters like Farage who, whether you are pro-EU or anti-EU, did SFA to help any UK interest in any debates or votes.

Re: 'The seemingly misbehaving app is the default messaging tool on Samsung's Android devices'

But at least they can't send back via the aerial, so by keeping the pointless fsckers off your network the hack would at worst brick the thing.

Re: £40 uputronics GPS

I think my PI + Uptronics GPS board can work stand-alone (no internet, though normally I use the 4 ntp pool servers as well) using Ubuntu with the PPS enabled. My ntp.conf has this setting:

# Add the NMEA driver using GPRMC (1) and 9600 Baud (16) mode.

# Also tell it to assume 117ms delay on RS232 and also to enable the 1pps correction using 'flag1'

server 127.127.20.0 mode 17 prefer minpoll 4 maxpoll 4

fudge 127.127.20.0 time2 0.117 flag1 1

Also needed to edit /etc/init.d/ntp to add on start the commands to create symlinks:

cd /dev ; ln -s ttyAMA0 gps0 ; ln -s pps0 gpspps0 ; cd /

Re: If you talk in your sleep

Last time I got my hair cut the lady doing it was chattering away about an "OK Google" type device and that it was in her bedroom. I pondered on what it might have heard (as she had just mentioned her boyfriend) and she went a very deep shade of red.

Apparently she never thought of it listening!

Better the Devil you know?

@ 2Nick3

Just how much was she being paid?

What degree of training did she have on the capabilities (or otherwise) of the "automated driving" system?

No, fitting seat belts is just common sense.

Some really old cars don't have any points you can sensibly attach belt mechanisms to (or are so valuable as "original" you don't want to and don't drive much either), but probably most cars post 1950s are OK. In fact many had them as extra cost options until the law changed to mandate them, first for front seats and then also for rear.

Re: obvious solution ...

Very true, but as always the problem is the same: money and convenience.

Some hospital staff need external internet access, and also internal. But no one will do a red/blue network and separate terminals for air-gapping it, or even a properly thought out system on common networking to have logically separate VLANs, white listed web sites, strongly sandboxed applications, etc, etc, because they already have a running and generally working system and don't want / can't tolerate the disruption of a massive overhaul.

Re: Can someone explain.....

Exactly, and it survives typical software scans for tampering or a re-install.

It is probably much much simpler and its why x86 persists, why Windows RT was doomed, and why practically all phones use ARM chips: Software.

No one really wants to recompile, test (yes, I know its a novel concept), debug and support existing software for a new product hardly anyone uses. And so the new product remains hardly used.

Re: Hard as I try...

and mandatory programming standards

There's your problem right there.

The problem is the "need for speed" and the fact the world+dog now expects to run javascript in web browsers. So the malicious code comes from any web site that is vaguely compromised (such as advert channels) and that today is "normal". Web browsers can (and partly may do) things to disrupt timing which is the underlying exploit route, but I doubt they are willing to break stuff that is already out there to shore up hardware design flaws.

Most likely their core developer efforts are about removing useful browser functions (firefox) or adding spying (chrome) instead, but then I'm a cynical bastard at heart.

Re: French!!!!!!

I also have a love-hate relationship with the French: I love drinking their wine, hate eating their snails!

Re: We need a backup system

Keep them in a plastic tube then? Should improve the hang of one's trousers.

Just like the Spinal Tap airport security scene...

Probably team up with FIFA or the directors of the European Patent Office?

Re: FS@*! Windows

If any of said neighbours are attractive then you might also have the grumbleflick problem solved as well that way.

Re: cock shots

Here is the truth about cock shots from Red Dwarf:

https://www.youtube.com/watch?v=0ofl_UP3apM

Turning off IPv6 will earn you geek creds if you are doing it specifically to avoid VPN leaks.

The fact that it is 2018 and VPNs leak on IPv6 is a rant for another day...

Re: hmmm

I wouldn't trust a LED, there is certainly some way to remotely deactivate it.

If the LED is simply a software status indicator then it is worth SFA. But correctly engineered the LED would be fed direct from the switched power to the webcam/microphone so it is an unambiguous indicator of the device being usable.

Sadly that is not how most things are done these days :(

Re: Plain text rudder commands is not a problem in itself

Maybe if insurance companies start to take notice of this sort of shit then maybe the shipowner might be forced in to using network segregation and a decent VPN for ship-related access?