tomato

Linksys isn’t the only company building insecure routers

Dave Farquhar security , , , , ,

I warned a few days ago about Linksys routers being trivially easy to hack; unfortunately many other popular routers have security vulnerabilities too.

The experts cited in the article have a few recommendations, which I will repeat and elaborate on. Read more

Do as we say, not as we did: Microsoft and standards

Dave Farquhar Software , , , , , ,

Microsoft is sniveling that mobile web sites are written with Webkit browsers in mind, because Webkit has 90% market share on tablets and phones.

For those who are over 30, the irony is nauseating. Read more

Making this WPS vulnerability even worse

Dave Farquhar security , ,

If the vulnerability in WPS that I linked and talked about this week wasn’t bad enough, some of the commenters at the always excellent Hackaday found something terrible.

Many vendors use a predictable number as the WPS PIN, and don’t even bother to make it unique on a router-by-router basis. So much for it taking a couple of hours to get into a network. Since some vendors set the PIN to something like 123456789 or 123456780 (how clever), the vulnerability may not even be necessary to get in. Just try some of the known numbers, and chances are you can be on somebody’s network in a matter of minutes.

Read more

Weekly roundup: 6 Oct 2010

Dave Farquhar Linux, Servers and Networking, Windows , , , , , , , , , ,

I used to do a weekly roundup every so often, just doing short takes on stuff that interested me as I found it. I haven’t done that in years; I thought I’d give it a whirl again. I don’t know how often I’ll do it, but it was fun.

Ars Technica says Intel’s neutral stance on Atom in servers is a mistake. Absolutely. A dual-core Atom gives plenty of power for infrastructure servers like Active Directory DCs, print servers, and other similar roles. Atoms could even handle many web server tasks.

Xeons are appropriate for database servers and application servers, but throwing them at everything is severe overkill. A lot of server tasks are more disk-bound or network-bound than CPU-bound.

I worked in a datacenter facility for several years that was literally at half capacity, physically. But they didn’t have enough power or cooling capacity to add much more to it.

The only way anything can be added there is to take something away first. Right-sizing servers is the only way to fix that. If they would yank a Xeon, they’d be able to replace it with several Atom-based servers and get a net gain in functionality per square foot and BTU.

Virtualization, a la VMWare, is an option, but one isn’t necessarily a drop-in replacement for the other.

Or, of course, Intel can sit back and wait for ARM to come in and save the day. ARM provides even more functionality per watt. And even though ARM doesn’t run Windows, it does run Linux, and Samba has reached the point where it can stand in for an Active Directory domain controller.

Is there a market out there for a domain controller that fits in a package the size of a CD/DVD drive and consumes less than 20 watts? I’m sure there is. And if Intel doesn’t want to deliver it, ARM and its partners can.

There may be some resistance to ARM, since some decision makers are nervous of things they haven’t heard of, but it should be possible to overcome that. Maybe you haven’t heard of ARM, but guess what? Do you have a smartphone? It has an ARM CPU in it. That PDA you carried before you had a smartphone? It had an ARM CPU in it. It’s entirely possible that your consumer-grade network switch at home has one in it too. Not your router, though. That’s probably MIPS-based. (MIPS is another one of those scary RISC CPU architectures.)

Put a solid operating system on an ARM CPU, and it can run with anything. I have ARM devices that only reboot when the power goes out. If it weren’t for tornado and thunderstorm season causing the power to hiccup, those devices could run for years without a reboot or power-down.

And speaking of ARM, I have seen the future.

Pogoplug is an ARM-based appliance for sharing files. You plug it in, plug USB drives into it, and share files on your home network and the Internet with it. At least, that’s how it’s marketed. But you can hack it into a general purpose Linux box.

Inside, there’s a 1.2 GHz ARM CPU, 256 MB of RAM, and another 256MB of flash memory. Not a supercomputer, but that’s enough power to be useful. And it’s tiny, silent, and sips power. You can plug it in, stash it somewhere, and it’ll never remind you that it’s there.
I’ve actually considered picking up a Pogoplug or two (they go on sale for $45 occasionally, and the slightly less powerful Seagate Dockstar is available for about $30 when you can find them) to run this web site on. Considering how surprisingly well WordPress runs on a 450 MHz Pentium II with 128 MB of RAM (don’t ask me how I know), I think a Pogoplug could handle the workload.

What stops me? I can build an Atom-based PC for less than $150, depending on what I put in it, and run Turnkey Linux on it. Under a worst-case scenario, Turnkey Linux installs in 15 minutes, and it doesn’t take me any longer than that to drop a motherboard and hard drive into a case. So I can knock together an Atom-based webserver in 30 minutes, which is a lot less time than it would take me to get the LAMP stack running on an ARM system.

But if I had more time than money, I’d be all over this.

A device similar to this with an operating LAMP stack on it ready to go is probably too much to ask for. A ready-to-go image running the LAMP stack, similar in form to the DD-WRT or Tomato packages that people use to soup up their routers, might not be. I think it’s a good idea but it isn’t something I have time to head up.

I don’t think I’ve mentioned Turnkey Linux before. I’ve played with it a little, and I’m dead serious that it installs in 15 minutes or less. Installing off a USB flash drive, it might very well install in five.

And it’ll run pretty happily on any PC manufactured this century. More recent is better, of course, but the base requirements are so modest they aren’t worth mentioning.

I’ve built dozens of Linux servers, but this is fantastic. Spend a few minutes downloading an image, copying it onto installation media, and chances are the installation process will take less time than all of that does.

It’s based on Ubuntu LTS, and comes in literally 38 flavors, with more to come after the next refresh is done.

They haven’t built their collection based on the current version of Ubuntu LTS yet because they’ve been distracted with building a backup service. But that’s OK. Ubuntu 8.04.3 still has a little life left in it, and you can either do a distribution upgrade after the initial install, or build a new appliance when the new version comes out and move the data over.

And if Ubuntu isn’t your thing, or you really want 10.04 and you want it now, or worse yet, Linux isn’t your thing, there’s always Bitnami (bitnami.org).

Linux appliances took a little while to get here, but they’re here now, and they work.

What to look for in a router

Dave Farquhar DD-WRT, Hardware, Servers and Networking , , , , , , , , , , , , , , ,

I revisit the topic of what to look for in a router every six or seven years. As important as it always was, I think it’s even more important today, as there are a number of underpowered routers on the market and it’s best to avoid them.

This post originated in 2010. I revised it for 2017 needs, and by the time I was done, I’m not sure much of my 2010 text was left. But that’s OK.

Read more

My 2007 trip to Chicago

Dave Farquhar General , , ,

I just got back from Chicago. I used to go there a lot, but hadn’t been since high school. Consider this my travel diary. I don’t expect it to be interesting to most people, but maybe someone else will find it useful.Lodging

We stayed at a hotel in Rosemont. The rates are much better in the suburbs, but to get to the Museum of Science and Industry when it opened at 9:30, we had to leave at 7 am. That’s counting the shuttle ride to get us close to the El station, the trip in the El with a transfer to another line, and a transfer to the bus line. So we were spending roughly five hours of our day traveling to and from the hotel.

Transportation

We used public transportation because parking in Chicago is expensive and it’s difficult to drive there. We may reconsider that in the future. It’s also possible, though, that if we stayed downtown near the things we want to do, we still wouldn’t need a car. The trip to the airport would be longer, but we only make that trip twice.

The CTA tourist pass is a really good deal, and the more days you buy, the deeper the discount. And if you make a mistake and leave the station when you meant to change lines, the mistake won’t cost you any extra money if you have the pass. If you’re paying as you go, it will.

My sister and brother in law used a Water Taxi to go from the Field Museum to Navy Pier via Lake Michigan. That was after we had split up for the day, so we didn’t do the Water Taxi thing, but they said it was a fun experience.

We flew to Chicago. I love flying, or maybe I should say I used to. I’ve flown three round trips since Sept. 11–once to and from Dayton, once to and from Orlando, and once to and from Chicago. The “random” screenings are absolutely, positively not random. I’ve been flagged each and every time. I know why. My name sounds vaguely Middle Eastern (it isn’t–it’s Scottish). As I was being patted down yet again today, a thought occurred to me as well. Why would any Arab use the name “David?” That would be like a member of the Bush family using the name “Saddam.”

My bag set off alarms, so it must have tested positive for something. Other than shampoo or sunscreen I have no idea what, but they weren’t going to tell me what they thought it tested positive for. After all, with a name like Farquhar, I might be a terrorist. Can’t trust those bagpipe-toters.

I’m thinking the next time, we should consider Amtrak. Chicago is a 45-minute flight from St. Louis, but the TSA told us to get there 3 hours early because of security. Figure 3 hours sitting at the airport, whatever time the plane has to sit waiting to take off, the time in the air, and the drive to the airport, and you’re up over the 4-hour mark. Amtrak is about 5 1/2 hours. It’s longer, but it’s a lot cheaper (I found a rate of $88 for two adults round-trip) we won’t get as much guilty-until-proven-innocent treatment, we can carry more baggage, and as far as I can tell there are a lot fewer silly restrictions on what we can take. Since my wife is a diabetic, we have to keep some food with us at all times, which meant we had to buy a bunch of food at the only place within walking distance of the hotel. The quality of what we could get wasn’t very high, and the prices were double or triple what we would have paid close to home (think $5 for a box of Cheerios). And we had to throw away our leftovers since we couldn’t put them in our carry-on luggage. I guess there’s a bomb recipe somewhere that calls for Cheerios and apples. Oh, wait. No, bringing outside food in might hurt the airport’s profits. But we’ll call it “security” because that sounds better.

Driving is an option, of course, but I can’t drive to and from Chicago for $88 in a Honda Civic.

So I’m thinking Amtrak, and put the savings toward staying in a hotel in a less out-of-the-way place.

Things to do

As far as things to do, the City Pass is a good deal. For $50, you can go see the observatory, the Han*censored* Building viewing deck, the Shedd Aquarium, the Field Museum, and the Museum of Science and Industry. If you see four of those, you more than pay for the booklet. Plus you don’t have to wait in line. That can save you a couple of hours per attraction all alone.

We’d buy the City Pass again.

Where to eat

What’s the point of going to Chicago if you don’t get pizza, right?

We tried Gino’s East one night on a tip from a friend of my brother in law. Of course it’s good. The place has been around since 1966.

But we got to talking pizza with the bus driver as we were en route from the Museum of Science and Industry to the Han*censored* Building. He told us to try Giordano’s. As luck would have it, there was a Giordano’s within walking distance of the hotel.

Now that I’ve done some digging, I think Giordano’s was the place we tried back in 1989 on our second trip to Chicago.

I liked them both. They were both distinctive, and neither is something I should eat on a regular basis if I want to continue to weigh about 145 pounds. But on a future trip I wouldn’t mind eating dinner at one and then doing dinner the next night at the other.

I remember the very first time my family went to Chicago was in 1985. We wanted to get Chicago style pizza, and somehow or other we stumbled on this place called Perry’s. I have absolutely no idea where it was. I found a website for a place on Devon Avenue in Park Ridge by that name that’s been around since 1967, and the menu features the Gutbuster, which I vividly remember Dad pointing out to me on the menu in 1985. So it’s possible this was the place.

Being our first experience with Chicago-style pizza, Perry’s is now a family legend. And you know how legends go. They get bigger with each passing year. I think within a couple of months the pizza in our memory had become a foot thick, or at least six inches. And nothing we’d had before, and nothing we’ve had since was half as good.

Part of me would love to find Perry’s again, but part of me thinks it would be best to just let legends be legends.

For lunch, a good choice is the nearest hot-dog stand for a Chicago-style hot dog. Let me preface this by saying I normally do not eat hot dogs. I don’t care much for the taste, and I know they’re one of the least healthy things on the planet for you to eat. But I liked these. A traditional Chicago-style dog has onion, tomato, pepper, pickle relish, mustard, chile pepper, and celery salt served on a poppy seed bun. If you put ketchup on it (the person at the counter won’t), the ghost of Mike Royko will come haunt you, and he’ll undoubtedly have some other disgusting ideas for things you could have put on the hot dog instead.

I wouldn’t eat them on a daily basis due to health concerns, but I’ll eat one every time I go to Chicago from now on.

Shopping

There aren’t many places on the Magnificent Mile that I can afford to walk into, let alone shop at, and I’ve never been much for shopping anyway. I hear Chicago has lots of really great train stores. I stayed away from those, putting my short-term financial goals ahead of my hobby.

But if you like to shop, there are tons of places to do it.

03/05/2001

Dave Farquhar General , , , , , ,

Dual CPU blues. I’ve had my dual Celeron-500 apart for a while, for reasons that escape me, and over the weekend I finally got around to putting it back together. At one time this would have seemed an impressive system–Aureal Vortex 2 audio, TNT2 video, dual 500 MHz CPUs (which I’m actually running at around 510 MHz because I bumped the FSB speed up to 68 MHz, within the tolerance levels of most modern peripherals), and 320 MB RAM. But let me tell you–it’s a lot faster than it sounds. The 733-MHz Pentium IIIs at work used to make me jealous. No longer. I’ll put my dualie 500 up against them any day of the week.

Just out of curiosity, I tried my CPU stress test from last week on it. No matter what I did, I couldn’t get CPU usage up to 100 percent. I’d top out at about 96 percent. I’m not sure if that’s because of the dual CPUs or because I’m running Windows 2000 on it instead of NT4. I’m sure a complex Photoshop filter could max both chips out, but that’s not what I do. I fired up Railroad Tycoon II, and it was unbelievable. CPU usage hovered around 60 percent and it was smooth as silk, even with the more system-intensive scenarios from the Second Century add-on pack.

Unfortunately, the golden age of inexpensive multiprocessing is over, at least for now. Current Celerons won’t do SMP. I understand why–Intel doesn’t want you to buy two cheap CPUs instead of one expensive one. Like I said, I’ll take my dual 500s over a P3-733 any day of the week. A P3-733 costs about $200. My 500s were 40 bucks a pop. So, unfortunately, to get dual processing these days, you have to get a pair of P3s, which will start at about $140 apiece for a P3-667. The least expensive SMP board I know of is the VIA-based Abit VP6, which sells for about $140. So you’re looking at about $450 to get into dual CPUs by the time you get the board, CPUs and fans. That’s not an outrageous deal, but seeing as an Abit BP6 and a pair of Celerons with fans used to set you back about $350, it’s a shame.

If AMD can ever work through the problems they’re having with the AMD 760MP chipset, it’ll help a little but not as much as you may think. The AMD-based boards will be expensive–expect them to start at $200 or possibly even $250– because they use a different bus that requires a lot more pins and a lot more added expense. So while you’ll be able to multiprocess with $60 CPUs again, you’re looking at higher up-front cost. The least expensive dual-Duron rig will only cost about $50 less than the least expensive dual-P3 rig. But the dual-Duron rig stands a decent chance of outrunning the dual-P3, because the clockspeed will be higher, and the CPUs each get their own path to all the relevant buses.

And I’ve reached a new low. Last night I had a craving for a burger. So I did what any self-respecting part-time vegetarian who didn’t know any better would do: I went on a quest to find soyburgers. My friend Jeanne, who says I stole the idea of giving up meat for Lent from her (and maybe subconsciously I did) warned me they won’t taste like meat. And I’m pretty sure my dad–whose idea of four servings of vegetables a day was the pickles and ketchup on two hamburgers, beef of course–was rolling his eyes at me from Upstairs (If God has a sense of humor, which wouldn’t surprise me, He opened the portal so Dad could get a good look at the look on my face after the first bite).

And? Well, I guess soyburgers aren’t too much of an atrocity. Better than McDonald’s? Well, yeah, but then again so’s the cherry-flavored flouride treatment at the dentist’s office. They’re somewhere between beef and imitation bacon bits in both smell and taste. You definitely want to put other stuff on it to distract you–I got some good pickles, some good mustard, and ketchup, and wished I’d gone further. Hmm. Lettuce and tomato, no question. And I’m wondering if alfalfa sprouts would be good on a burger? I’m also wondering where you buy alfalfa sprouts. Oh, and get REALLY good rolls.

I can probably develop a taste for them, but it will definitely be an acquired taste. There was a time, back before I realized I wanted to live past age 27, when I could eat real hamburgers two meals a day for weeks at a time and be perfectly happy–and jokingly wondering why I didn’t eat them for breakfast too. That won’t happen with the soyburgers. I think what’s left of my package of four should get me through Lent.

Oh yeah. They aren’t as good as the real thing and they cost a lot more. What’s up with that? I thought stuff that was lower on the food chain was supposed to be cheaper. I guess that’s only when it’s not being marketed to SUV liberals. (Psst. Marketing tip: SUV liberals like unbleached paperboard. The paperboard that went into my packaging is definitely bleached. And lose the plastic wrap on the burgers. SUV liberals hate that. Good move on putting two burgers per plastic bag though–you’re at least thinking a little. But you gotta go all the way. That’s why they put two “Be Kind to Mother Earth” bumper stickers–printed on unbleached material, of course–on their Ford Excursions.)

I think I’ll be eating a lot of mushroom ravioli for the next few weeks, if I can ever find someplace that sells it again. You’d think in St. Louis, of all places–where there are almost as many good Italian restaurants as there are stop signs–you’d be able to find mushroom ravioli. I guess true blue St. Louisans like beef.