systems_glitch

I started repairing an old 486-based industrial system today, which uses a 486 SBC in a passive ISA backplane. Most (but not all!) consumer hardware uses a RTC with a little CMOS RAM and an external battery and crystal, but potted modules are common on industrial/embedded hardware. Unfortunately this one uses a DS1387, for which there is no modern replacement. Several other people have repaired the DS1387 and posted writeups on the process. Here's my rebuild: http://www.glitchwrks.com/2017/07/27/ds1387-rebuild I used a CR1225 and holder due to space restrictions, here's the final result:

Ancient Sun hardware revival continues! The recent pick-up of Sun hardware included a bunch of "lunchbox" form factor machines (SPARCstation IPC and IPX machines). All of the IPX machines worked, but both IPC machines had dead power supplies. Opened them up to find a bunch of leaking Chemicon and Elna capacitors. I don't know if this is a capacitor plague/counterfeit thing (both are good brands, and were rated 105C) or what. Anyhow, I wrote up the recapping process here: http://www.glitchwrks.com/2017/07/24/ipc-recap I've included a list of part numbers with original capacitor values, as well as a cross-reference to current production Nichicon substitutes. Both supplies work fine, and both SPARCstation IPCs are now functional Here's a pic of the inside of the supply, after recapping: I went ahead and replaced all capacitors except the line-side filter cap. The smaller ones looked OK, but I figured I might as well do all of them, since I had it open, and capacitors are cheap.

Heh, there's a thought! SunOS has a lot of unpatched, exploitable stuff, like RCEs in the rlogin daemon Every now and then I think about trying to put up an old box running an old OS for shell services for some of the vintage computer crowd (a lot of people seem to want to telnet to something and run IRC on their vintage machine)...but then I think about how insecure these old boxes are, and figure if anyone is still scanning for this stuff, it'd be a total maintenance nightmare!

I picked up a big heap of old Sun gear recently, all SPARC32 era stuff. There were two SPARCstation 2 pizzaboxes in the lot, one which worked fine. The other had been parted out -- no RAM, hard disk, or cards, other than an old bwtwo SBus black and white framebuffer, with essentially useless ECL output. Turns out that this one had a cache controller in that weird fibre module format that Sun liked, with tiny unprotected flying leads. Here's one out of a SPARCclassic (note, it's a SPARCv8 CPU, not a cache controller...same style package): I had tried straightening the pins with an X-acto knife and a 40x loupe but couldn't get it to boot. I decided to have one more go at it today, before giving up and parting the machine out. Turns out there was a pin bent and pushed under another pin, which wasn't obvious except from exactly the right angle. I used a bit of 28 gauge Kynar wire to poke it out. Success! I plugged in a disk from another Sun and booted SunOS 4.1.3 just to make sure it was really alive. It was, so I decided to make it a permanent fix and blob some cyanoacrylate glue (superglue) on the pins to protect them from future mushing and fingerpoking. Before: After gluing: And, just to be sure the glue didn't mess anything up, back into SunOS 4.1.3: So, this one dodged the scrap bin and lives on! Now, what do you do with a 40 MHz SPARC32 machine with 4 MB RAM...

This happened this morning: Apparently the floppy drive had a pretty much dead short in it. Apparently the supply on the bench either doesn't have a functioning shutdown circuit or it's high enough wattage that it didn't see this as a problem. Now the shop stinks of burning wire.

Not very in-depth, but an interesting read if you don't know about the old microwave relay system: http://hackaday.com/2017/07/10/horns-across-america-the-att-long-lines-network/

I recently bought an APC AP9211 MasterSwitch, which is a remote controllable 8-outlet PDU. It's got 8 switchable standard outlets so you can poweron/poweroff/reboot machines remotely. It came with an AP9606 web/SNMP management card, which is usable in a bunch of older UPSes and such. The AP9211 is an older unit, but switching power on and off isn't very complicated, and the newer units mostly boast features I don't really need (built in power meters, "too much current" type alerts, et c.), so I bought a cheap AP9211 online. It of course came with an existing, non-reset configuration. The official guide sez to use a serial cable to reset passwords, but I didn't have a USB -> RS232 adapter on hand, so I looked for known vulnerabilities in the management card, and found this little gem: http://mccltd.net/blog/?p=36 Looks like you can dump the EEPROM over a telnet session using a master password that the factory uses to configure new systems (setting things like MAC addresses). I fired up tcpdump and power-cycled the unit to try and figure out what IP/subnet it was configured for. Got an ARP request and grabbed it -- 10.24.40.18/16. Sure enough, telnet in, enter any username and the master password, and you end up in debug firmware! I was able to get the existing password from EEPROM and log in. I could see maybe having this feature on the console port of the management card, but it sure does seem short-sighted to put it on the telnet interface! I wonder how many of these things are still in service -- betting quite a few, since the management cards work in a bunch of different APC products, and things like the MasterSwitch don't really become less useful with age.

The industrial ones are usually opto-isolated and should stop something like a USB Killer. That's what the datasheets say anyway, I've never purposefully tried to destroy one

Yeah, there are USB isolators you can get from industrial suppliers that will protect your machine, too (used to prevent a catastrophic failure on a machine tool from blowing up the control system). I would probably just grab the cheapest throwaway laptop in the parts heap/thrift store/whatever and use it, if I were going to check these out. Another thing to look at is local geocaches. I've found a few on hikes that had USB drives in them.

I have actually seen a dead drop embedded in a wall in Cambridge, MA, near the MIT campus (shocking, right?). I did not dare plug my own piece of equipment in there I've heard of people building "wifi throwies," like the LED graffiti thing (LED + battery + magnet, they stick to ferrous surfaces and...well, stay lit up for a while). The idea was to take something like an ESP8266 and a lithium cell, attach a sufficiently strong magnet, and stick it somewhere public. Being an embedded wifi module, they were probably only serving text or static HTML.

Yeah, I'll drop stuff on my website sometimes, as well. The thing with the print shop is, they have *horrible* Internet to start with, so you may or may not be able to download a file if it's more than 1-2 MB. I'm usually printing large electronic schematics in 11x17" tabloid format, so the flash drive is advantageous there. I don't really use them for booting much anymore, though I will load Slax (Slackware based live distro) on a drive for testing now and then. Mostly I netboot stuff for new installs, it's faster and you don't have to mess around with iffy embedded BIOS USB boot implementations. Sometimes 5.25", sometimes 3.5"...but I also have a few systems that are still using 8" floppies Some of it is hard sector too, where the sector start boundaries are marked by a number of physical holes punched in the disk.

I still use flash drives to take stuff to untrusted computers -- for example, when I take something to the print shop to be run off in large format. These types of places (print/copy shops, library, et c.) don't run a primary business of having safe, secure computers, and they let you plug in and run pretty much anything, so I will typically use a flash drive to take files, then nuke it when I get home. I don't log into anything on those computers, I've seen people at the print shop logged in with their cloud storage, email, whatever. Seems like a great way to get keylogged or your session cookie swiped or something. For moving stuff around between computers I trust, yeah, I don't really use flash drives anymore. Ironically I do still use floppies -- but that's only because part of my business is legacy systems repair/maintenance.

It looks like Digium is running their own Git server, under which DAHDI is hosted: http://www.asterisk.org/downloads Might see about sending them a PR or diff patch.

Remember when we did these? Digium TDM400P with 2x FXS modules for $25 shipped: http://www.ebay.com/itm/172738692091 Show off your 1337ness with a Digium backpack! http://www.ebay.com/itm/292141171683 Soekris 4801 Router/Firewall/Embedded platform, probably not enough RAM for full pfSense nowadays but they run old copies of m0n0wall and straight OpenBSD great: http://www.ebay.com/itm/232390594351

Tried a DVD drive last night, it doesn't like it as either master, slave, or cable select. I unplugged the hard disk and stuck a bootable Slax CF card in the CompactFlash slot. Looks like it comes up as master on primary IDE, so you can't use the CF and IDE master at the same time. A lot of CF cards won't work as a master with an IDE slave, so probably you ought to pick one or the other. Anyway, Slax boots fine, identifies all of the Ethernet interfaces, and all of the Ethernet interfaces work (grab IP/IPv6 addresses and will communicate). I have memtest86+ on that CF card too, so I let it run for several passes. Seems to be completely stable with the 933 MHz CPU and 256 MB RAM.