@tedu somewhat related, this book chapter about how an antenna failure wrecked a ship: https://ti.arc.nasa.gov/m/profile/adegani/Grounding%20of%20the%20Royal%20Majesty.pdf

Computers on boats. A thread. "Jesus that was long."

https://twitter.com/cybergibbons/status/1175359504122335234

@cybergibbons: Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence.

@cybergibbons: The crew knew it was there but didn't really know what it did - they thought it was a system installed by shoreside for monitoring. It had been installed by a third-party and the box was unlabelled. As were the wires going into it.

@cybergibbons: Business LAN was obvious. Ethernet out to a console on the bridge - not so obvious, as the crew had covered the console up. The console didn't provide any useful information but also didn't dim enough.

@cybergibbons: It's vital that equipment dims on the bridge so that you don't ruin night vision. We've seen several of these systems installed without this consideration. It's a typical case of IT people not looking at the user's needs.

@cybergibbons: Then another Ethernet connection. No idea. So, after doing a risk assessment, we unplug it and run it through a passive tap. NMEA data over UDP, being sent to broadcast. This is a typical pattern in ICS. The format of it showed it was aggregate sensor data - they began $IN

@cybergibbons: It took a fair amount of effort to work out that one of the four ECDIS was outputting the same data over serial. Only the TX line was connected. Even if RX was connected, this wasn't the bus that ECDIS consumed, so no risk. We didn't find where it was converted to UDP.

@cybergibbons: But then there was a Moxa RS485->Serial converter connected. This was totally unlabelled and immediately entered a shielded cable and then through a deck penetration. You can't use a cable tracer on these.

@cybergibbons: So, another risk assessment to "passively" sniff the bus. Why the inverted commas? By passive, I mean "not actively put traffic onto the bus". But from an electrical perspective, there is always a risk you short the bus or add some noise.

@cybergibbons: It would be very uncommon for any ship control system to react negatively to a brief interruption to a serial bus, but not unheard of. It's certainly not something to do when coming into port.

@cybergibbons: So, it turns out it's Modbus. One master reading registers from one slave. There are rapidly changing values, some more steady, some unchanging. One is 169, and we're currently underway at 16.9kts.

@cybergibbons: There are others in groups of 10, all similar numbers. The main engine is a MAN B&W 10G90ME - 10 units. Looks like mean pressure, possibly exhaust gas temp. Now this undocumented system has a Modbus connection to something that is connected to the main engine.

@cybergibbons: There's no trivial way to determine which end of a serial bus is the Modbus master and which is the slave. What's next? We can't trace the cable - it's shielded, and using a tracer on a live RS485 bus is a bad idea.

@cybergibbons: So we wait until we are in port, and get admin on the box using a USB live distro. It's running Windows and acting as a Modbus master to continuously poll a slave.

@cybergibbons: One of the side effects of using Modbus is that you can't make the bus physically read-only. You can't cut the TX, as the master needs to poll to get data from the slave. It's up to the slave to handle the "security".

@cybergibbons: The software that is acting as a Master is only reading values. But can we - the attacker - write? Another risk assessment, and we try to write a different windspeed back to a register. It sends and persists for a few seconds.

@cybergibbons: The slave accepts writes, but that doesn't mean it's acting on them. It depends on what it is and how it's configured. It took several hours to find where it ended up - 11 decks down on the main engine middle plates, going into an auxiliary serial connection on a PLC.

@cybergibbons: The main control system bus is CAN though, so this PLC has been configured to run as a Modbus slave. Unfortunately, the trail had to end here. The PLC has no available documentation and just has a serial connection - no IP. It probably needs a proprietary tool to make sense of.

@cybergibbons: More importantly, this PLC was immediately adjacent to another PLC dealing with the main engine safety systems - slowdown and shutdown. If this triggered mistakenly, the ship could lose power. If it didn't trigger, the engine could be destroyed.

@cybergibbons: That might seem extreme, but these shutdowns are absolutely vital. There are several triggers than need acting on very quickly to prevent catastrophic events happening - such as a crankcase explosion.

@cybergibbons: There is a device called an oil mist detector (OMD) on the side of the crankcase, continuously sampling the air inside. If a fine mist of oil is detected above a certain level, it may mean a hotspot is vapourising oil. This oil vapour can explode.

@cybergibbons: Bear in mind this engine is bigger than a house. A crankcase explosion could destroy the main engine, or kill crew. This is just one of many inputs to the shutdown.

@cybergibbons: That was too much risk for us, too much risk for the customer. But we'd found a Windows machine that was connected to main engine controls, and no one knew. The kicker? The Windows machine had Team Viewer running on it.

@cybergibbons: A third-party that no one really knew about had remote access to a box connected to the main engine. It turns out the commercial arrangement with the third-party stopped in 2014. Let that sink in.

@cybergibbons: Jesus that was long.

* Your #apconf entertainment is now ready *
ActivityPub Conference 2019 Prague, dox Praha :

13 #Videos – Intro, 2 keynotes & 9 #awesome talks
@apconf
https://conf.tube/accounts/apconf/videos

76 #Photos
@apconf
https://pixelfed.social/apconf

Will update the page soon …
https://redaktor.me/apconf/

Please spread the word.
#ActivityPub #Conference #Federation #Video #datamaze

Looking forward to see you all again in person, for example @fosdem

Made it to the old town square, that was tough.
Roma_1569081197596_KHFP7ECDRF.j…

https://t.co/dwXh7QvlPF

Belts

Isn't it beautiful.
Roma_1569074915855_C8YXQQ9OZY.j…

Oh, wow, Air Force almost did the thing. #freedomball

Need to add keyword filtering to image descriptions too now. :)

I have no idea what's going on in this post. Nor do I want to. Please excuse me, my brain is full.

https://devblogs.microsoft.com/oldnewthing/20190920-00/?p=102907

Be sure to test this! jcs@ has done the seemingly impossible, in addition to further refining the pledges for Firefox, and adding new pledges for the GPU process, he's also done the heavy lifting to add unveil(2) support! Reducing the very broad {r,w,c}path filesystem access.

#OpenBSD

RT @jcs@twitter.com I've been working on enhancing the security of OpenBSD's Firefox port over the past couple weeks and would like some wider testing https://jcs.org/patches/ff-port-unveil6.diff

Ok, I'll spoil the surprise. The Legato Prestoserve was an SSD long before there were SSDs. It was an sbus add in card for #sparc machines with a whopping two (2) megabytes of nonvolatile storage. It was sold as an NFS accelerator. You'd add it to your NFS v2 server (v2 was unfortunately synchronous) and #SunOS would use it to record writes that hadn't hit disk yet.

It's long obsolete, but driver support lives on in #openbsd, although it presents as a simple (small) block storage device, and won't automagically zoom up your NFS.

[honk intensifies] #NintendoSwitch

Some computer file system stuff.

Some time ago there was a research operating system called Sprite. They developed a file system called the log structured filesystem (LFS). LFS was later ported to BSD (although it's unclear how well it ever worked) and lived on for a time in NetBSD.

Many of its ideas reappeared in the write anywhere file layout (WAFL) with snapshots by NetApp. Back when NetApp was a big deal, and NFS transaction performance was a thing you'd pay money for. (Random search term: Legato Prestoserve)

After this came ZFS (NetApp sued Sun for this) and a variety of other similar filesystems.

Today's prize winner is the guy complaining that link's awakening costs $60 but breath of the wild only cost $59.99.

Choosing to interpret all "delete this" posts with C++ semantics.

The optimizer will now convert calls to memcmp into a calls to bcmp in some circumstances.

What? LLVM, what are you thinking?

Power lunching.

Pictures of round seals.

https://twitter.com/chirumisu23/status/1044037104651534337

tmp_media_1568903543862_0.png

it's good that AP is simple enough that an interested individual like tedu can essentially run his own implementation

Going though my Computer History Museum photos and I found the original copy of this 1971 Telnet system diagram from RFC 158. Now you can compare the charming pencil on lined notebook paper to the official scanned version that's been the only one available for decades.

I love this stuff, it reminds me that the internet was invented by humans jotting things down on whatever paper was at hand and not godlike programmers planning everything exquisitely.

https://write.as/365-rfcs/rfc-158

Spend five minutes looking for some files before remembering they're on another computer. Spend another twenty minutes searching for them before realizing they're on an unmounted filesystem.

Clumping. For Men.

https://gothamist.com/arts-entertainment/fidi-man-clump-will-get-you-amped-day-deal-making

@lain here:

When the build fails because the ld command line was too long, the errno is E2BIG. One may choose to interpret this as a statement about more than just the system call.

Guess we now have fuzzers preempting CVE embargos: CVE-2019-14821 embargo got lifted because syzkaller (Linux syscall fuzzer) found and reported the same KVM bug.

https://lkml.org/lkml/2019/9/17/133

Some approximate #honk stats:

4939 lines of go
379 lines of html
224 lines of css
178 lines of js

"Perceptive Perl hackers may have noticed that a for loop has a return value, and that this value can be captured by wrapping the loop in a do block. The reward for this discovery is this cautionary advice: The return value of a for loop is unspecified and may change without notice. Do not rely on it."
- perlsyn(1) man page

That's a style of documentation I enjoy reading.

Need to make sure meme support is still working...

In case you were curious, it is possible to travel from El Paso to Winnipeg by public transportation. Apple maps found a way. (Google insists that you fly.)

Well here you go I have found the best wikipedia page of the week.

https://en.wikipedia.org/wiki/Thagomizer

And it looks to be an especially strong contender for best wikipedia page of the month.

Wait, for reals, Merriam Webster only just now added rhotic to their dictionary?

New dictionary words: they and coulrophobia

Mein Gott, these guys at karaoke night trying to sing 99 luftballons and absolutely butchering it.

Checking something in the activity spec on my phone, as one does.

Didn’t know Slack was available since 1992

curl 7.66.0 – the parallel HTTP/3 future is here

In with the new...

Disable HTTP/0.9 by default

...and out with the old.

Okay, so I think the Times's hard hitting investigation into how women #poop makes more sense in the context of its workplace behaviors series (in the style section).

https://www.nytimes.com/spotlight/the-office-an-analysis

There's also this interactive monstrosity, which spun up all my laptop's fans in quick order before I closed the page.

https://www.nytimes.com/interactive/2019/09/17/style/the-office.html

In a day filled with bad takes, I've found the worst. Enjoy.

“Earth will be changed forever when Amazon introduces high quality streaming to the masses,” said rock icon Neil Young.

This is, technically, a fully functional faucet.

@lanodan
Frakes had back issues. It was more in character to have the Riker character mount the chair like a pony than to have him wincing in pain

@tedu We're going Erste Allgemeine Verunsicherung, okay

Clearly what this database needs is another database inside it.

Starship Troopers meets Red Dawn, basically.

The government sent out a message: Kill them all.

Flamethrowers, chemicals and heavy boots are some weapons of choice.

https://www.wsj.com/articles/spotted-lanternfly-vs-pennsylvania-the-bug-is-winning-11568732683

There comes a time in the life of every sql database when the senior architect says, damn the torpedos, we're going EAV.

If you're like me and like to run systat(1) on #OpenBSD. ​

https://marc.info/?l=openbsd-tech&m=156873852710901&w=2

>1729 comments

Ah, finally, an HN thread absolutely stuffed full of nuanced and stimulating intellectual discussion.

Idea: a new social network where users can cancel their posts before submitting them.

New blog post: the boring person behind a one technology internet company

The hard part of update support is you want to edit the original markdown input, not the processed html that lands in the database. If only the #ActivityPub spec had hinted one should save the source. Oh wait, it did!

@tedu@honk.tedunangst.com looks like it worked out of the box on microblogpub 😸

Live fire testing of Update activity. This post has been updated. #KMFDR

I am only just today learning that plants are a popular office decoration at MIT.

https://blog.plover.com/2019/09/16/#free-coffee

Every once in a while, friendica decides, you know what, how about I send you an identical Update for the same note every 20 seconds for the next ten minutes. Just another day in fedispace.

2019/09/12 05:39:58 unknown Update activity
2019/09/12 05:40:17 unknown Update activity
2019/09/12 05:40:39 unknown Update activity
2019/09/12 05:41:01 unknown Update activity
2019/09/12 05:41:22 unknown Update activity
2019/09/12 05:41:41 unknown Update activity
2019/09/12 05:42:03 unknown Update activity
2019/09/12 05:42:21 unknown Update activity
2019/09/12 05:42:42 unknown Update activity
2019/09/12 05:43:00 unknown Update activity

TIL there is a giant squirrel living in India and it's full of color and pretty as feuk

Just look at those fluffy paws 😍😍😍

Big brother didn't have enough servers to track all the students at the football game, but next week they're going to 10x capacity to handle the load. hashtagProblemSolving

https://www.nytimes.com/2019/09/12/sports/alabama-tracking-app.html

In browser UI separation continues to be terrible, not actually separate things. I do not like browser extension password managers, despite the convenience.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1930

Damn. Ric Ocasek has left us. #cars #classicrock #rip

https://www.cnn.com/2019/09/15/us/ric-ocasek-the-cars-lead-singer-death/index.html

Hackers was released 24 years ago today.

A retrospective: https://www.avclub.com/hackers-may-have-been-of-its-time-but-it-was-also-ahea-1798230815

Another source referred to the case as “serious spy s–t.”

The internet needs more conspiracies like this.

https://twitter.com/DavidLarter/status/1173021438602883073

@DavidLarter: The attack on the Saudi oil field was a false flag perpetrated by Denmark in an effort to drive up oil prices, thereby driving more countries toward wind energy and thereby benefitting Danish wind energy company Vestas, which makes windmills.

@DavidLarter: The attack is also designed to rope the United States into a conflict with Iran, which is the fall-guy state in the scheme, thereby distracting the United States and drawing it away from it's designs on Greenland.

@DavidLarter: See, anyone can conspiracy theory on the Internet!

@DavidLarter: This conspiracy was brought to you by three minutes of googling who makes windmills

@DavidLarter: 🤣

Warriors of Ras™ (1983)

Lol, apparently Verizon's new 5G plan is to roll it out in NFL stadiums. Seems like a narrow market. Can't imagine many people switching services or upgrading phones as a result.