Tuesday, January 27, 2009

Security Theater

The plant I'm working at is shutting down for good, and we are getting all the computer gear ready to go elsewhere. Computers that will be disposed of outside the company need to have their hard drives wiped.

Wiping the drives is absolutely a reasonable precaution. For non-geeks: Merely erasing a drive, or even formatting a drive does not actually delete the data on the drive, it merely marks the place the data was as available for re-use. The right software can recover most of the data. Wiping actually writes new data to the entire drive, so recovery programs can only recover the new data.

A single-pass wipe makes the data unrecoverable for all practical purposes. It is theoretically possible to recover some data from these drives, but only with extreme expense, and (I believe) only on certain types of older drives.

We are required to use a Department of Defense 7 pass method. On a good drive of moderate size for its era, this takes about 2 hours per drive. On an old, worn drive it may take days.

If the data is so sensitive that a single-pass wipe isn't secure enough, then the data should have been protected throughout its life--the computer it was on should not have been connected to the internet, should not have had the ability to make unrestricted copies of data on CD, floppy disk or USB drive, and the computer itself should have been well-protected from theft. Using a 7 pass wipe without other safeguards is essentially like putting a vault door on the front of your house, without reinforcing walls or windows.

Things like this come about in a burocracy when the person mandating standards isn't using their own money or energy--private examples of unfunded mandates.

Saturday, January 24, 2009

More on my broken pipes

I've started working on replacing the section of pipe that broke. I'm astounded at how many different, independent problems this section of pipe had. I think this missing chunk of valve is the result of freezing. It may have been the immediate cause of the water, but it wasn't the only problem. This is the cold side. When I cut the valve loose, this joint pulled apart completely. (It is pulled apart about 1/4 inch here). When you sweat a copper joint, you need to clean and flux both sections. Done properly, the solder will wick deep into the joint, wet both surfaces, and make a very strong joint. It is surprisingly easy. Done wrong, you wind up with something like this--you can see bare copper between the ring of blobby, corroded cold solder joint. I'm amazed it held at all. This is a section of galvanized steel pipe attached to a brass elbow connecting to copper pipe. When connecting copper to galvanized steel, you should use a dielectric joint--basically a section of insulator between the two metals, to prevent galvanic corrosion. Obviously, brass isn't a proper insulator. It doesn't really matter which one was the cause--If it didn't go this week, one of the other ones would have let loose soon.

Friday, January 23, 2009

More election machine trouble

A computer log should tell what happened on a system. Most servers can track nearly everything--Who logged on, what files were changed and by who, what files were viewed. The limit is essentially the size of the log and the speed of transactions. Election machines need logs too--Both to make sure they work properly, and to make it more difficult to tamper with the system undetectably. Logs should be simple, and there is little excuse for logs to be anything but plain English text files. The data flow is slow enough (in computer terms) that virtually everything should be logged. In a recent election in Humbolt county California, there were irregularities. The logs form the GEMS voting machine turned out to be completely indecipherable, even with assistance from Premier. Something happened that affected the totals, but the logs don't match either the results or the paper records made by election officials. It should be incredible that Premier shipped a system like this, but based on past performance I'm not surprised. What is shocking is that this flaw was not found by the election boards before the systems were put in use. Election boards need security experts to advise them. If they are dealing with computers, they need computer security experts. I've said before--Election machines should have at least as much accountability as an ATM. There needs to be two methods of making the count. If the errors are random, it is bad enough. If the errors are weighted in a particular direction, or if they allow undetected tampering, it is a huge problem. A reputation as bad as Premier should not be able to get contracts.

Thursday, January 22, 2009

A different "digital" watch

A jump-hour watch is one that has a dial like a calendar telling the hour. They have been around in various forms since the pocket watch era, although early models more often had a standard minute hand. It wasn't until the early 70's when electronic digital watches were introduced that the jump-hour "mechanical digital" watches became popular. These were made with conventional tooling, without the investment necessary to switch to true electronic digitals The minute dial is mounted in place of the minute hand, and turns an hour ring during the last few minutes of every hour, with the same sort of mechanism as on calendar watches. Better jump hour watches would have an instant hour change. Some cheaper "mechanical digitals" had hours that moved continuously rather than jumping. Known as wandering hours, they were notoriously difficult to read quickly. This is a Lucerne jump-hour digital from the 70's, with typical features of this style watch. Inexpensive, with a Roskopf pinlever movement. The Roskopf movement was the first mass-produced pinlever movment from the late 1800's, Similar in market position to the Timex, quality varied because the patents were long expired and the movements were made by many companies. Although Roskopf is often used interchangeably with pin lever, not all pin lever movements are Roskopf--A key feature of the Roskopf design is an over-sized mainspring that covers the center of the watch, requiring a modified method of running the hands. Although there were jeweled versions available, they typically used "advertising jewels" placed where they could get the count up to 17 the easiest, rather than where they would do the most good. These movements often have an extremely loud tick. Although I've seen quite a few Lucerne watches, I'm not sure if Lucerne is a real brand or not--I suspect it is like "Geneva", not eligible for trademark and used by many companies. It is generally on fairly cheap watches.

Wednesday, January 21, 2009

Burst Pipes

I went down to check on laundry last night, to find running water on the basement floor, and all over the unused downstairs bathroom.

Our house was two apartments that we combined to one. I'm working on getting them back to two so I can rent downstairs. My latest project is doing the necessary utilities to move the washer and dryer to the attic. In the meantime, they are still in the basement.

It turns out that the hot water pipe for the tub in the bathroom broke. Someone used a brass elbow to transition between copper and galvanized. The galvanized was very corroded.



I don't know if it froze, or if the corroded area let go on its own, either are possibilities. I think it froze, because there's also part of the valve that has broken.

I turned off the hot water to the downstairs which slowed the rushing water to a trickle, but didn't stop it. No other valves except the whole-house valve, so I shut that off. I was able to find a plug, cut the offending pipe and plug the end at midnight so I could turn the water back on to the rest of the house.

...except this morning, there was still a slow drip from the cold side of the tub valve. That area looks corroded too, and there is evidence that something in the area has been leaking for a while--More than likely what I thought was splashing from the tub damaging the floor was actually that leak. Cut the supply pipe to that area as well, plugged the end, and it seems to be drying out now.

We have a partial basement, and the leak was over crawlspace. Luckily it is a fairly deep crawlspace. Unluckily, the leak made a nice bed of mud, and there are years of odd junk that have been tossed into the crawlspace. I think I'm going to put off repairs until that drys out.

Monday, January 19, 2009

For Christmas, my brother takes his son to the dollar store to pick gifts out. I like that, since Christmas should be primarily for the kids. Jack is currently 3.

This Christmas, Jack picked a mug out for my wife:

Not that fascinating, except for the bottom:



He picked the "Oralia" pattern. My wife's name is Oralia...According to my brother, he had no assistance in his picks.

Sunday, January 18, 2009

Intrepid Ibex second attempt

When I tried upgrading to Intrepid Ibex, I had problems that were annoying enough to go back to Hardy Heron. Unfortunately, I hadn't made a copy of my home folder before the upgrade, so I wound up with config files from both versions. The biggest problem that bothered me was flash being unstable--However, this followed me back to Hardy. I finally deleted the config files and reinstalled Flash to cure it.

I decided to give Intrepid another try, but this time backing up my home folder and doing a fresh install, rather than an upgrade.

So far, so good. Sound worked from the beginning, and I haven't had any problems with flash. Dual screen is working great, and I'm not getting the odd lines from the last time. I've intentionally tried to trigger the keyboard bug, and can't.

The previous instructions for installing XMMS didn't work, but I found this:

http://launchpadlibrarian.net/111734...uild2_i386.deb

Worked perfectly.

It has only been a couple hours, but so far all is well. I'm moving config files over as I need them rather than moving the whole home directory--this way if I have a config issue, I've got a better chance of knowing what it is. It is nice having dual monitors at home, especially since I tend to watch computer video rather than television--I can keep the video on one screen while working on the other.

Friday, January 09, 2009

LED watches

The first LED watch was the Hamilton Pulsar in late 1971, with full production in 1972, retailing for well over $1000. This was an economic disaster for Hamilton--Most of the first versions were returned, and an entirely new module installed. The first LCD watches came out within a year, and not long after got backlights. It wasn't long before the price of LED watches dropped by 98% I found this one today at a flea market, with dead batteries, excellent condition, and including the manual. There was also a similar gold one. Really good price if all it needs is batteries, not great if it is actually broken. I took a chance, and with the installation of 2 new batteries, it works fine. Nearly new, with few signs of wear. The case says Compu Chron by Unisonic. The manual says Austin Watch Company. The module inside says Sanyo. The price tag says K-mart. Gee--I got less than $5 off a 30 year old watch with dead batteries....:)

Thursday, January 01, 2009

Media bias

Virtually everyone I've known, either in real life or on the internet who has first-hand experience with a newsworthy story says the media got it substantially wrong.

In some cases, it appears that they don't even try.

Compare this news story

Rocky River: Metroparks visitor settles dog fight with gun

with this version:

Dog Killed: Family Pup Shot Execution-Style While Walking With Owner In Metroparks.

From what I've been able to figure out: A man with a concealed carry license was walking his lab puppy in the park. Another man was walking a rotweiller, apparently an adult dog. The rotweiller got loose--According to its owner broke loose chasing a small animal. The rotweiller attacked the lab puppy (confirmed by the police) and after unsuccessfully trying to break up the fight, the lab's owner shot the rotweiller twice.

In my admittedly biased viewpoint, the first story is a bit anti-gun, but it at least includes more of the relevant facts.

The second version is astounding in its bias. No mention at all that the rotweiller attacked the other dog, or even that the shooter had a dog--Making it sound like the gun owner shot a loose puppy for no good reason, then ran away. (it is more likely he ran due to his "duty to retreat" from a confrontation with the rotweiller owner) Old photos and video of the rotweiller as a puppy, making it appear that the dog was still that size.

It would have been reasonable to bring up the legality of shooting the rotweiller-It isn't a perfectly clear situation since the rotweiller was attacking another dog, but I think the lab's owner will be able to claim he was in fear for his own safety, making his actions legal.

(HT to David Codera)