Consumer routers are the security vulnerability of the year, so far

Dave Farquhar security, Servers and Networking , , , , , , ,

Today I found an article in PC World that gives a somber assessment of the state of consumer routers, like the device that probably sits between you and the Internet.

I’m glad this is getting attention. There’s a lot more to it than what’s in the PC World article, but I’ve droned enough about what’s bad about consumer routers. It’s bad now, and it’s going to get worse before it gets better. Kudos to PC World for providing a bit of an action plan.

What if you want to go beyond what PC World is talking about? I’m glad both of you asked. Read more

Why it’s a good idea to schedule your router to reboot

Dave Farquhar security ,
Why it’s a good idea to schedule your router to reboot

Many routers, notably Belkins, have a feature in them to schedule an automatic reboot periodically, usually once a week. Frequently this “feature” is there as a workaround, because something about the router’s software gets unreliable if it’s been running longer than a week. So it’s a kludge, but it keeps the thing working without a lot of effort, so the feature is there.

The respectably rock-solid DD-WRT also has the ability to schedule a reboot built in. I don’t know if it’s there to make life easier for developers, or if it’s there to deal with second-rate hardware, or if there was a time when it was necessary and they just never took the feature back out. Regardless, it’s there, though many DD-WRT stalwarts brag about never needing it because their router’s uptime is more than six years.

It’s fun to get into uptime contests, but it’s poor security. If you have a router, it’s a good idea to be rebooting it every so often, so you might as well turn on that feature, even if it costs you some pride. Read more

What am I giving up for Lent?

Dave Farquhar Uncategorized

A longtime reader noted that many years ago, I wrote about giving up something for Lent. He expressed interest in the practice, and asked what I’m giving up this time around.

To be honest, I haven’t given up anything specific for Lent for a very long time. I’m cognizant of  the season, and I’m still a practicing Christian, but I have two minds about giving up something for Lent. It serves as a reminder of Christ’s sacrifice, yes. But the tradition of using up everything you’re giving up on the Tuesday before has become rather corrupted, especially in St. Louis. Basically it’s turned into an excuse for people who have no interest in observing Lent to throw a really wild, sometimes destructive, four-day party. That, to me, is unfortunate.

I guess the other reason I don’t give up anything specific for Lent is because I gave up something for all time. Read more

Farquhar’s security New Year’s resolutions

Dave Farquhar security

As I mentioned in passing last week, I had a job interview at the end of the week. There was one question, near the end of the interview, that’s a fairly common question, but I wanted to record my answer to that question because I think it’s important.

The question: What do I see my next role being?

Fair question. I said I didn’t know for sure, but I knew what I have to do to find out. Read more

The side-smoking Marx 666 locomotive

Dave Farquhar Toy trains , , ,

One of the best steam locomotives Marx ever made was its unfortunately-named 666. I have heard, but have no way of verifying, that Marx named it that because the locomotive “smoked like the devil.” And, compared to its contemporary offerings from Lionel and American Flyer, it definitely smoked better than anything Lionel had, and at least as well as anything American Flyer had, while costing a lot less than either.

Marx also produced the 1666, a similar-looking plastic locomotive, that smoked from the sides and the top. Other than that, it’s less desirable than the 666. It’s plastic so it has that disadvantage right away–diecast metal offers a bit more presence, and since metal weighs more, it has more traction, and thus, more pulling power.

The ultimate 2-4-2 Marx locomotive would be a side-smoking 666, and it’s right there in the Greenberg guide, on page 28, valued at a $20 premium over the standard top-smoking configuration. But there’s a problem, at least from a collector’s standpoint. It never came that way from the factory. Read more

Why I set work aside for a while before calling it done

Dave Farquhar Writing , , ,

A former supervisor called me the other day. He’s having quality control issues at his new gig, and quality control was one of the things I did when I was working for him. He wanted my insight. And he was very direct with one question he asked me.

“You would always set work aside and then come back to it,” he said. “Why?”

He knew my tactic worked, but wanted to know why it worked. Read more

Linksys routers are under attack, and here’s what you can do about it

Dave Farquhar security , ,

A couple of my college buddies posted a link to an Ars Technica article about Linksys routers getting hacked. Sorry I didn’t find it myself, I’m prepping for a job interview. Excuses, excuses, I know.

Researchers have been doing this kind of stuff for at least a year, but now we’re seeing the bad guys do it. It was just a matter of time, because bad guys are going to attack whatever is easiest to attack, and consumer routers are direct-connected to the Internet and their security isn’t really all that much better today than it was when Linksys released its first router in 2000.

What’s worse is that two of the affected models, the Linksys E1000 and E1200, are no longer supported by Linksys. The answer is DD-WRT. Visit the linked page, type in the name of your router, check the version (it’s on a sticker), then load DD-WRT like you would load Linksys firmware. If you’re not comfortable doing it, a computer-savvy friend or acquaintance can do it in half an hour for you. I’m running DD-WRT on two routers myself, and put it on my mother-in-law’s router, and find there’s no comparison between it and anything any of the manufacturers are shipping from the factory.

Is its security perfect? Probably not, but it doesn’t even have the feature this exploit is using. And turning off undesirable features is the beginning of good security.

Getting past your own biases

Dave Farquhar Uncategorized , , , , , , , , , , ,

I read Andy Grove’s Only the Paranoid Survive last week. I always figured it was an autobiography or memoir, not a business book. But it’s a business book.  A very good one.

I avoided it because I didn’t like Andy Grove. I’ve never been a fan of Intel’s business practices during the 1990s and 2000s, including using payola to keep competitors’ chips out of large computer systems, but after reading this book, I’m more disappointed than anything. Whichever company had Andy Grove wins, period. No need to cheat. Read more

How I fixed an Americana (GE) anti-tip bracket that didn’t work

Dave Farquhar Landlording

I’m fixing up a house that has an Americana (a GE budget brand) gas range in it. One of the last things I did before getting the St. Louis County inspection was to check to see if it had an anti-tip bracket installed. It did, so I didn’t worry about it. The house failed inspection based on two things, basically–a dead battery in the smoke detector downstairs (funny, I installed that about two months ago), and the anti-tip bracket.

The bracket that came with this range is a little different. Rather than grab the leg like most anti-tip brackets, this one grabs a hook on the back of the stove. The problem with mine was that the bracket couldn’t reach the hook on the back of the stove. The gas line comes through the floor about an inch from the wall, so the stove can’t sit close enough to the wall for the bracket to catch. Further investigation revealed that even if the bracket could have reached, it wouldn’t have done much since it was only screwed into drywall. The stove’s weight would have pulled it straight out.

But the remedy was simple and only involved a two-foot scrap of 2×4.

Read more