Tuesday, August 28, 2007

When USB ain't

There was an (non)incident at SANS Virginia Beach yesterday that irks me more and more as I continue to think about it. It involves manufacturers "adapting" industry standards (and, no, it's not the old embrace and extend rant). Each student in the wireless class was issued a set of survey "gear" which included a USB-based GPS interface.

One student had a high-end laptop with a number of USB ports on the side and back surfaces. Upon plugging the USB GPS into the side port, he noticed that the LED was quite dim (where other students' LEDs were bright). Thinking that he might have a bad GPS (they're available online for about $35.00), he borrowed the next student's GPS. Upon plugging it in, it too showed a dim LED.

End result: two fried GPS's. Cause: Turns out the manufacturer modified the power spec for the side port, to allow for USB DVD drives.

I won't say who the MFR (feel free to use both definitions of that acronym) is, but you can bet that their entire line of products won't be on my list of prospective buys when it comes time to buy a new laptop. I shouldn't need to worry about my laser mouse burning a hole through the desk (and my leg). MFR's: stick to the dang specs! If you're going to modify a connector's spec, modify the connector too!

Sunday, August 26, 2007

SANS Va. Bch.

If anyone's attending SANS Va. Bch. (this week), give a yell. A few of us from the area are also attending.

How high?

Get a bunch of geeks together, 2/3's of which are licensed hams, all of which are experimenting with 802.11, and invariably the question comes up, "What would we need to do to stand up a wifi connection between our houses?" For once, I provided amazement by figuring out how high the antenna towers would have to be using only a web browser.

The trick is determining exactly where your two end points are. For most U.S. cities, this is easy:

  1. Go to Maporama.com and enter your address in the "MAPS" box in the upper left, then click on the little orange arrow on the bottom right of the box
  2. Maporama may present a list of possible sites. If so, find yours and click on it.
  3. The lat/long for your site will be in the "INFORMATIONS" box under the map. Write that down.
  4. Repeat the above step for your other end point.
  5. Put your lats and longs into a lat/long distance calculator to get the distance
  6. Divide your distance in half and use a Fresnel zone calculator like the one at RadioLAN. (Hint: the Fresnel zone is largest at the mid-point.)(Don't forget to use 2400 MHz!)
  7. Divide the results by 2 to get the minimum height of your antennas.
  8. Keep in mind that this assumes no obstructions between the two antennas and that both antennas are the same height. If the obstruction is nearer one of the antennas and/or the antennas are different height, the math is a bit more complicated.

    The above does make for a good off-the-cuff W.A.G. though.

Saturday, August 25, 2007

You can't do that!

More in the ongoing silliness that is part of the SCO trials... Is SCO really telling Novell that you can't drop the charge against us?

Amazing. If Novell were a police officer and SCO a suspicious looking character whom Novell stopped near an alley, I think that SCO would be subject to a sobriety test after stating something like that.

You can't make this stuff up.

Thursday, August 23, 2007

Unintended consequences?

Lawmakers are currently working on a bill called the "Truth in Caller ID Act of 2007". I have issues with it in that:
  • it is vaguely worded. "Inaccurate" and "misleading" are undefined, meaning they are left up to interpretation, both by law enforcement and the legal system (meaning that it will be up to case law to determine the definition).
  • the wording of the law allows for a non-judicial entity to interpret the law
  • the law does not define who is allowed (or how) to monitor the Caller ID "system" (Remember, it is a loosely worded protocol agreed upon by a collection of "peered" communications companies)(Does the fact that I own/manage/use a number of Asterisk boxes make me a communications entity? An infrastructure owner? Am I POTS (see below)?)
  • it strikes me as being worded like a statute (no need to prove intent) (but hey, I am not a lawyer so...)
  • it is intended to protect an insecure protocol (with poor implementations) that was never intended to be employed as a legal form of identity
  • Caller ID is not a universal service
  • There's no definition of "POTS". POTS stopped being 100% analog lines and hardware switches decades ago.
  • the wording of the law protects only a specific industry (POTS)

It is this last issue that caused the title of this post. Given the move away from POTS to IP-based services (POTS has been losing ground to special purpose (usually smaller) carriers for years. Vaguely worded laws get enforced in all manner of ways unintended by their authors. I think that this law may just push various user communities (industries in particular) away from POTS. (i.e., Caller ID will be whatever the company wants internally.

Organizations like autonomy in controlling what they have, especially internal infrastructures. I don't see this as improving organizations' relationships with "the phone company". Think about it. Anyone receiving a phone call from any one of 400,000+ phones internal to Microsoft (as an example) will probably only see "Microsoft" in the Caller ID, even though the capability is there to show "S. Jobs" (or whomever).

[Yeah, I know he doesn't work there.]

Hmmm... This may create a niche industry for Caller ID interfaces (internal call recipients see one thing, external another).

Monday, August 20, 2007

Congratulations Matt and Michelle!

Congratulations Matt and Michelle! For those that didn't attend, their wedding was this past Saturday. For those that did attend, I believe the pictures will be developed some time after their return from Vegas, so you have about a week to come up with "alternate" stories. (heh)

Matt/Michelle: I wish you many happy years to come!

Wednesday, August 15, 2007

Spook Country

Almost forgot: Spook Country came out last week. For those that don't recognize the title, it's yet another good William Gibson book.

I've been attempting to read it only in dribs and drabs, putting off any heavy reading until I'm on a 12-hour trip coming up in the near future.

Sunday, August 12, 2007

Vista's Firewall

I guess the paradigm "advanced" is actually a relative term, at least when it's applied to the firewall included in MS Vista. This SANS paper points out a number of short-comings at the same time proposing that it may eventually "provide the perfect solution".

Oh come on! It's just a packet filter, and a poor one at that! They've tied Layer 4 to Layer 7 (specific applications have specific ports) but somehow skipped everything in between (protocol matching, state tracking, etc.). Where's the ability to add functionality (modules) as needed? How about some decent logging facilities?

While I do see the need to keep it simple (the majority of users can't configure a firewall, much less a WWVB-controlled clock), I disagree with the authors in that this is an absolutely royal piece of dung. This has less functionality than one of the pre-1.0 versions of ipchains (hint: a decade ago).

The majority of third party firewalls have much more capabilities. Unfortunately, only those companies who pay tribute to the OS maker are allowed to run their firewalls on Vista. "Advanced" is a relative term in this case because MS gets to filter its competitors.

And before I get accused of MS bashing again, the technology is not what is at issue here. This is "innovation" (i.e., salesmanship) from the marketing department (i.e., putting lipstick on the domestic Sus and expecting someone to kiss it). Anyone want to call "shennanigans"?


For Edwin, here's a list of AP firmware replacements.

Saturday, August 11, 2007

WRT54GL and Kamikazi

Yesterday was definitely NOT "my day". I ended up: chasing escaped dogs (not mine), blowing out the porch light, splitting the crotch in a pair of dress pants, stepped in dog poop, and arriving at work to find that the A/C had quit. To top it off, a coworker and I managed to semi-brick a pair of WRT54GLs late yesterday by trying to install OpenWRT Kamikazi on them. (Hey, nobody reads ALL of the docs!) (For those that don't know, Kamikazi doesn't work on the GLs yet.)

In any case, after a number of failed attempts to reflash the APs, we gave up and went home. This morning, reading deep within the docs, I discovered the following method for pushing WhiteRussian RC6 on top of Kamikazi:

  1. Grab openwrt-brcm-2.4-squashfs.trx from the OpenWRT site. It is a generic firmware for just about any Broadcom chip set-based AP.
  2. Assuming that you have a Linux box, put that file in the root directory of your web server. I also changed the name of the file to openwrt.trx (for simplicity.
  3. Boot the AP into failsafe mode (Press either the front or back reset buttons after the DMZ LED lights up. Hold it in until the DMZ light starts flashing.)
  4. Telnet to (your box has to be within the 192.168.1.x IP range). Note: it may do nothing for a moment. This is because the AP is attempting to perform a DNS lookup, for which there is none. Just let it be. The DNS query will time out and the command prompt will show up.
  5. Run the following command: "wget -O - | mtd -e linux -r write - linux" (without the quotes and use the IP for your box). Again, it will stall while the AP attempts to do a DNS lookup. Let it be, it will start moving again. Once the file is fully downloaded, DON'T DO ANYTHING!!. The AP will write the firmware to memory and then reboot itself. It'll be safe to use once the power light stops flashing and the DMZ light goes out.
  6. Point a browser at to be sure it's working. Click on Status (or one of the other options). It should prompt you to enter a new password for root.
  7. Click on the "System" link at the top to take you to the System Settings page. Change boot_wait to "Enabled". Click "Save Changes". Click "Apply Changes". (You may want to SSH or Telnet into the box to verify that the boot_wait is enabled (Use "nvram show|grep boot").
  8. Not to jinx things, but it may be a good idea to re-reflash the firmware with a dedicated version of OpenWRT, using the TFTP method.

After that, it's up to you. Visit the OpenWRT Wiki for ideas.

Thanks to whoever it was that added the trick to the OpenWRT's Installing - OpenWrt page. Jon Dowland, maybe?

Put on your hard hats!

Psst! Hey! Wanna watch a company implode overnight? Of course, various journalists have different views of what the loss means to SCO: certain journalists make it appear as a small loss, others are closer to the mark. I think in the coming months we'll see a company ripped to shreds by customers, investors, and lawyers (probably not in that order though).

I wonder if any criminal cases will arise from this. Civil cases most definitely.

Update: the first link above (to Groklaw) is offline at the moment, probably due to a massive number of people trying to read about the decision.

Wednesday, August 8, 2007

Asterisk Users Conference Call

Found the following in Bloglines this morning: the Asterisk Users Conference Call, a weekly conference call (Talkshoe feed included) for Asterisk users. I won't be able to participate much due to the time of day that it's held, but I'm definitely going to check out the archives.

Monday, August 6, 2007

Prime Time Tonight

For those using my URL hack (for SageTV) to display what's on TV for specific channels, here's a new twist: If you add "starthr=20" somewhere after "EpgGrid?" you get to see tonight's primetime listing... I've added the notes to the "Customizing the SageTV web interface menubar" wiki page.

Saturday, August 4, 2007

Startup script for SageTV

I finally got around to building a proper startup script for SageTV and dropped a copy in the wiki. Please keep in mind that this works on my Mandriva-based setup. Your mileage may vary. Mangia!

Friday, August 3, 2007

San Diego

Apologies for the lack of posting. I was in San Diego for a conference and neither hotel had useable wireless. I did manage to introduce a coworker to Frys Electronics and, for myself, picked up a couple more 54GLs and some really crappy VoIP boxes to play with. More about them later.