home about login

tedu rss

honk honcho. i do what i can.

tedu honked 21 Sep 2019 17:40
convoy: data:,electrichonkytonk-C3nz2r8SrTw9Hf1N4T

Computers on boats. A thread. "Jesus that was long."


@cybergibbons: Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence.

@cybergibbons: The crew knew it was there but didn't really know what it did - they thought it was a system installed by shoreside for monitoring. It had been installed by a third-party and the box was unlabelled. As were the wires going into it.

@cybergibbons: Business LAN was obvious. Ethernet out to a console on the bridge - not so obvious, as the crew had covered the console up. The console didn't provide any useful information but also didn't dim enough.

@cybergibbons: It's vital that equipment dims on the bridge so that you don't ruin night vision. We've seen several of these systems installed without this consideration. It's a typical case of IT people not looking at the user's needs.

@cybergibbons: Then another Ethernet connection. No idea. So, after doing a risk assessment, we unplug it and run it through a passive tap. NMEA data over UDP, being sent to broadcast. This is a typical pattern in ICS. The format of it showed it was aggregate sensor data - they began $IN

@cybergibbons: It took a fair amount of effort to work out that one of the four ECDIS was outputting the same data over serial. Only the TX line was connected. Even if RX was connected, this wasn't the bus that ECDIS consumed, so no risk. We didn't find where it was converted to UDP.

@cybergibbons: But then there was a Moxa RS485->Serial converter connected. This was totally unlabelled and immediately entered a shielded cable and then through a deck penetration. You can't use a cable tracer on these.

@cybergibbons: So, another risk assessment to "passively" sniff the bus. Why the inverted commas? By passive, I mean "not actively put traffic onto the bus". But from an electrical perspective, there is always a risk you short the bus or add some noise.

@cybergibbons: It would be very uncommon for any ship control system to react negatively to a brief interruption to a serial bus, but not unheard of. It's certainly not something to do when coming into port.

@cybergibbons: So, it turns out it's Modbus. One master reading registers from one slave. There are rapidly changing values, some more steady, some unchanging. One is 169, and we're currently underway at 16.9kts.

@cybergibbons: There are others in groups of 10, all similar numbers. The main engine is a MAN B&W 10G90ME - 10 units. Looks like mean pressure, possibly exhaust gas temp. Now this undocumented system has a Modbus connection to something that is connected to the main engine.

@cybergibbons: There's no trivial way to determine which end of a serial bus is the Modbus master and which is the slave. What's next? We can't trace the cable - it's shielded, and using a tracer on a live RS485 bus is a bad idea.

@cybergibbons: So we wait until we are in port, and get admin on the box using a USB live distro. It's running Windows and acting as a Modbus master to continuously poll a slave.

@cybergibbons: One of the side effects of using Modbus is that you can't make the bus physically read-only. You can't cut the TX, as the master needs to poll to get data from the slave. It's up to the slave to handle the "security".

@cybergibbons: The software that is acting as a Master is only reading values. But can we - the attacker - write? Another risk assessment, and we try to write a different windspeed back to a register. It sends and persists for a few seconds.

@cybergibbons: The slave accepts writes, but that doesn't mean it's acting on them. It depends on what it is and how it's configured. It took several hours to find where it ended up - 11 decks down on the main engine middle plates, going into an auxiliary serial connection on a PLC.

@cybergibbons: The main control system bus is CAN though, so this PLC has been configured to run as a Modbus slave. Unfortunately, the trail had to end here. The PLC has no available documentation and just has a serial connection - no IP. It probably needs a proprietary tool to make sense of.

@cybergibbons: More importantly, this PLC was immediately adjacent to another PLC dealing with the main engine safety systems - slowdown and shutdown. If this triggered mistakenly, the ship could lose power. If it didn't trigger, the engine could be destroyed.

@cybergibbons: That might seem extreme, but these shutdowns are absolutely vital. There are several triggers than need acting on very quickly to prevent catastrophic events happening - such as a crankcase explosion.

@cybergibbons: There is a device called an oil mist detector (OMD) on the side of the crankcase, continuously sampling the air inside. If a fine mist of oil is detected above a certain level, it may mean a hotspot is vapourising oil. This oil vapour can explode.

@cybergibbons: Bear in mind this engine is bigger than a house. A crankcase explosion could destroy the main engine, or kill crew. This is just one of many inputs to the shutdown.

@cybergibbons: That was too much risk for us, too much risk for the customer. But we'd found a Windows machine that was connected to main engine controls, and no one knew. The kicker? The Windows machine had Team Viewer running on it.

@cybergibbons: A third-party that no one really knew about had remote access to a box connected to the main engine. It turns out the commercial arrangement with the third-party stopped in 2014. Let that sink in.

@cybergibbons: Jesus that was long.

tedu bonked 21 Sep 2019 17:03
original: sl007@mastodon.social
convoy: tag:mastodon.social,2019-09-21:objectId=125828300:objectType=Conversation

* Your #apconf entertainment is now ready *
ActivityPub Conference 2019 Prague, dox Praha :

13 #Videos – Intro, 2 keynotes & 9 #awesome talks

76 #Photos

Will update the page soon …

Please spread the word.
#ActivityPub #Conference #Federation #Video #datamaze

Looking forward to see you all again in person, for example @fosdem

tedu bonked 21 Sep 2019 15:54
original: qrs@mastodon.social
convoy: tag:mastodon.social,2019-09-21:objectId=125821969:objectType=Conversation


An overhead belt driven metal shop

tedu honked 21 Sep 2019 03:35
convoy: data:,electrichonkytonk-2Frfs4mN8h114NQx9X

Oh, wow, Air Force almost did the thing. #freedomball

tedu honked 20 Sep 2019 23:05
convoy: data:,electrichonkytonk-QNp25Ch7d3q4l894CP

Need to add keyword filtering to image descriptions too now. :)

tedu bonked 20 Sep 2019 16:39
original: brynet@bsd.network
convoy: tag:bsd.network,2019-09-20:objectId=7396133:objectType=Conversation

Be sure to test this! jcs@ has done the seemingly impossible, in addition to further refining the pledges for Firefox, and adding new pledges for the GPU process, he's also done the heavy lifting to add unveil(2) support! Reducing the very broad {r,w,c}path filesystem access.


RT @jcs@twitter.com I've been working on enhancing the security of OpenBSD's Firefox port over the past couple weeks and would like some wider testing https://jcs.org/patches/ff-port-unveil6.diff

tedu honked 20 Sep 2019 03:01
convoy: data:,electrichonkytonk-j823lF281Q9Tgg6Tx8

Ok, I'll spoil the surprise. The Legato Prestoserve was an SSD long before there were SSDs. It was an sbus add in card for #sparc machines with a whopping two (2) megabytes of nonvolatile storage. It was sold as an NFS accelerator. You'd add it to your NFS v2 server (v2 was unfortunately synchronous) and #SunOS would use it to record writes that hadn't hit disk yet.

It's long obsolete, but driver support lives on in #openbsd, although it presents as a simple (small) block storage device, and won't automagically zoom up your NFS.

tedu honked 20 Sep 2019 02:33
convoy: data:,electrichonkytonk-TPfm65P2YshcR8pByz

Some computer file system stuff.

Some time ago there was a research operating system called Sprite. They developed a file system called the log structured filesystem (LFS). LFS was later ported to BSD (although it's unclear how well it ever worked) and lived on for a time in NetBSD.

Many of its ideas reappeared in the write anywhere file layout (WAFL) with snapshots by NetApp. Back when NetApp was a big deal, and NFS transaction performance was a thing you'd pay money for. (Random search term: Legato Prestoserve)

After this came ZFS (NetApp sued Sun for this) and a variety of other similar filesystems.

tedu honked 19 Sep 2019 21:49
convoy: data:,electrichonkytonk-6b5W5hhc53wCpB5JW7

Today's prize winner is the guy complaining that link's awakening costs $60 but breath of the wild only cost $59.99.

tedu honked 19 Sep 2019 20:32
convoy: data:,electrichonkytonk-1B78QBLGS42fB74KcM

Choosing to interpret all "delete this" posts with C++ semantics.

tedu honked 19 Sep 2019 19:32
convoy: data:,electrichonkytonk-W7WDq584PC49gf5RFj

The optimizer will now convert calls to memcmp into a calls to bcmp in some circumstances.

What? LLVM, what are you thinking?

tedu honked 19 Sep 2019 18:13
convoy: data:,electrichonkytonk-qh6T7427w6hjYNxn4r

Power lunching.

Tables in a wine cellar in a vault in a bank.

tedu bonked 19 Sep 2019 14:35
original: lain@pleroma.soykaf.com
convoy: https://pleroma.soykaf.com/contexts/8ef5306f-1fee-45a2-aef0-32c0dd2d0d2b

it's good that AP is simple enough that an interested individual like tedu can essentially run his own implementation

tedu bonked 19 Sep 2019 04:51
original: darius@friend.camp
convoy: tag:friend.camp,2019-09-19:objectId=3071505:objectType=Conversation

Going though my Computer History Museum photos and I found the original copy of this 1971 Telnet system diagram from RFC 158. Now you can compare the charming pencil on lined notebook paper to the official scanned version that's been the only one available for decades.

I love this stuff, it reminds me that the internet was invented by humans jotting things down on whatever paper was at hand and not godlike programmers planning everything exquisitely.


A crummy black and white scan of a network diagram.

The same diagram but much clearer, written on college ruled paper turned sideways, and scrawled in pencil.

tedu honked 19 Sep 2019 03:55
convoy: data:,electrichonkytonk-6LKK6T7n47hRKfy2RM

Spend five minutes looking for some files before remembering they're on another computer. Spend another twenty minutes searching for them before realizing they're on an unmounted filesystem.

tedu honked 18 Sep 2019 20:58
convoy: data:,electrichonkytonk-n7KbLVyyjLx5JB13J1

@lain here:

Sophie Tucker in a fabulous hat

tedu honked 18 Sep 2019 20:21
convoy: data:,electrichonkytonk-HTTK149ZxqhT15rqBz

When the build fails because the ld command line was too long, the errno is E2BIG. One may choose to interpret this as a statement about more than just the system call.

tedu bonked 18 Sep 2019 20:04
original: Kensan@mastodon.social
convoy: tag:mastodon.social,2019-09-18:objectId=125275165:objectType=Conversation

Guess we now have fuzzers preempting CVE embargos: CVE-2019-14821 embargo got lifted because syzkaller (Linux syscall fuzzer) found and reported the same KVM bug.


tedu honked 18 Sep 2019 19:27
convoy: data:,electrichonkytonk-bDT9Rty1Nvv15YDRj7

Some approximate #honk stats:

4939 lines of go
379 lines of html
224 lines of css
178 lines of js

tedu bonked 18 Sep 2019 18:07
original: ayo@niu.moe
convoy: tag:niu.moe,2019-09-18:objectId=37424992:objectType=Conversation

"Perceptive Perl hackers may have noticed that a for loop has a return value, and that this value can be captured by wrapping the loop in a do block. The reward for this discovery is this cautionary advice: The return value of a for loop is unspecified and may change without notice. Do not rely on it."
- perlsyn(1) man page

That's a style of documentation I enjoy reading.

tedu honked 18 Sep 2019 18:04
convoy: data:,electrichonkytonk-849Yy4FW874144Hcb4

Need to make sure meme support is still working...

tedu honked 18 Sep 2019 15:51
convoy: data:,electrichonkytonk-trFj94Sv13thsy6392

In case you were curious, it is possible to travel from El Paso to Winnipeg by public transportation. Apple maps found a way. (Google insists that you fly.)

El Paso to Winnipeg by train via Chicago and Seattle

tedu honked back 18 Sep 2019 15:36
in reply to: https://mastodon.social/users/cjd/statuses/102813032406389209
convoy: tag:mastodon.social,2019-09-18:objectId=125222827:objectType=Conversation

@cjd actually, second thought, the scaling trouble in AP comes from the polling aspect. I can send posts just fine at a reasonable rate. But whenever this lain guy replies, 1000 servers simultaneously try to fetch my post. That's the part that's not going to scale. Small operators won't be able to talk to big timers without getting swamped with pulls.

tedu honked 18 Sep 2019 05:17
convoy: data:,electrichonkytonk-5lpSN1V4Mv3Yz2GK8K

Wait, for reals, Merriam Webster only just now added rhotic to their dictionary?

tedu honked 18 Sep 2019 05:12
convoy: data:,electrichonkytonk-N5Cs61kY5Qk34c1h6H

New dictionary words: they and coulrophobia

tedu honked 18 Sep 2019 04:57
convoy: data:,electrichonkytonk-z35L1pftqMpjrKsmZ3

Mein Gott, these guys at karaoke night trying to sing 99 luftballons and absolutely butchering it.

tedu honked 18 Sep 2019 02:22
convoy: data:,electrichonkytonk-9c881X16G764MqBspy

Checking something in the activity spec on my phone, as one does.

the zoom is not great

tedu bonked 18 Sep 2019 01:34
original: thomasfuchs@mastodon.social
convoy: tag:mastodon.social,2019-09-18:objectId=125161376:objectType=Conversation

Didn’t know Slack was available since 1992

tedu honked 18 Sep 2019 00:25
convoy: data:,electrichonkytonk-D4Zp2GQ76jJD253sKg

curl 7.66.0 – the parallel HTTP/3 future is here

In with the new...

Disable HTTP/0.9 by default

...and out with the old.

tedu honked 17 Sep 2019 21:40
convoy: data:,electrichonkytonk-YKFV1J3YdMJ7xvNkft

In a day filled with bad takes, I've found the worst. Enjoy.

“Earth will be changed forever when Amazon introduces high quality streaming to the masses,” said rock icon Neil Young.

tedu honked 17 Sep 2019 20:10
convoy: data:,electrichonkytonk-3J8bxG8x8Vj2KxKvKv

This is, technically, a fully functional faucet.

Sink faucet with mismatched handles

tedu bonked 17 Sep 2019 19:47
original: yaaps@banana.dog
convoy: https://queer.hacktivis.me/contexts/546c8bc8-d689-4b5f-831a-f298ae96a4c2

Frakes had back issues. It was more in character to have the Riker character mount the chair like a pony than to have him wincing in pain

tedu honked 17 Sep 2019 19:02
convoy: data:,electrichonkytonk-qZ4j8Mrx222HRXGhKl

Clearly what this database needs is another database inside it.

tedu honked 17 Sep 2019 18:05
convoy: data:,electrichonkytonk-B41L3x9jJF5SfwD8P2

There comes a time in the life of every sql database when the senior architect says, damn the torpedos, we're going EAV.

tedu honked 17 Sep 2019 17:22
convoy: data:,electrichonkytonk-46hdd84N78mZz2M3rl


Ah, finally, an HN thread absolutely stuffed full of nuanced and stimulating intellectual discussion.

tedu honked 17 Sep 2019 17:20
convoy: data:,electrichonkytonk-sv9cYJGll52b7nZw7w

Idea: a new social network where users can cancel their posts before submitting them.

tedu honked 17 Sep 2019 17:18
convoy: data:,electrichonkytonk-ckvD5pkJqFcW2Fb8Fv

New blog post: the boring person behind a one technology internet company

tedu honked 17 Sep 2019 16:50
convoy: data:,electrichonkytonk-64s9NSmf3RHcTD5lqy

The hard part of update support is you want to edit the original markdown input, not the processed html that lands in the database. If only the #ActivityPub spec had hinted one should save the source. Oh wait, it did!

tedu honked 17 Sep 2019 14:48
convoy: data:,electrichonkytonk-vb4n2LbzkkkYV4l3N7

Live fire testing of Update activity. This post has been updated. #KMFDR

it worked!

tedu honked 17 Sep 2019 12:55
convoy: data:,electrichonkytonk-s3TTH4F41fc8NTltjF

I am only just today learning that plants are a popular office decoration at MIT.

tedu honked 17 Sep 2019 02:14
convoy: data:,electrichonkytonk-TrCPJ6bZ2n3TPfMK8w

Every once in a while, friendica decides, you know what, how about I send you an identical Update for the same note every 20 seconds for the next ten minutes. Just another day in fedispace.

2019/09/12 05:39:58 unknown Update activity
2019/09/12 05:40:17 unknown Update activity
2019/09/12 05:40:39 unknown Update activity
2019/09/12 05:41:01 unknown Update activity
2019/09/12 05:41:22 unknown Update activity
2019/09/12 05:41:41 unknown Update activity
2019/09/12 05:42:03 unknown Update activity
2019/09/12 05:42:21 unknown Update activity
2019/09/12 05:42:42 unknown Update activity
2019/09/12 05:43:00 unknown Update activity

tedu bonked 16 Sep 2019 15:33
original: bram@social.wxcafe.net
convoy: tag:social.wxcafe.net,2019-09-16:objectId=13363602:objectType=Conversation

TIL there is a giant squirrel living in India and it's full of color and pretty as feuk

Just look at those fluffy paws 😍😍😍

tedu honked 15 Sep 2019 22:04
convoy: data:,electrichonkytonk-wGxxZ4vbxV5t48D3TX

Another source referred to the case as “serious spy s–t.”

tedu honked 15 Sep 2019 15:23
convoy: data:,electrichonkytonk-34H7F6bkt9yb36phk4

The internet needs more conspiracies like this.


@DavidLarter: The attack on the Saudi oil field was a false flag perpetrated by Denmark in an effort to drive up oil prices, thereby driving more countries toward wind energy and thereby benefitting Danish wind energy company Vestas, which makes windmills.

@DavidLarter: The attack is also designed to rope the United States into a conflict with Iran, which is the fall-guy state in the scheme, thereby distracting the United States and drawing it away from it's designs on Greenland.

@DavidLarter: See, anyone can conspiracy theory on the Internet!

@DavidLarter: This conspiracy was brought to you by three minutes of googling who makes windmills

@DavidLarter: 🤣

tedu honked 14 Sep 2019 23:55
convoy: data:,electrichonkytonk-bLXm43XFM9ns25XR5J

Lol, apparently Verizon's new 5G plan is to roll it out in NFL stadiums. Seems like a narrow market. Can't imagine many people switching services or upgrading phones as a result.