systems_glitch

Moderating Team
  • Content count

    1,977
  • Joined

  • Last visited

  • Days Won

    77

Everything posted by systems_glitch

  1. I was going through the visitor logs today; lots of views, few posts/comments. If you're here regularly and checking out the forums, post a response to this thread and let us know!
  2. I started repairing an old 486-based industrial system today, which uses a 486 SBC in a passive ISA backplane. Most (but not all!) consumer hardware uses a RTC with a little CMOS RAM and an external battery and crystal, but potted modules are common on industrial/embedded hardware. Unfortunately this one uses a DS1387, for which there is no modern replacement. Several other people have repaired the DS1387 and posted writeups on the process. Here's my rebuild: http://www.glitchwrks.com/2017/07/27/ds1387-rebuild I used a CR1225 and holder due to space restrictions, here's the final result:
  3. Ancient Sun hardware revival continues! The recent pick-up of Sun hardware included a bunch of "lunchbox" form factor machines (SPARCstation IPC and IPX machines). All of the IPX machines worked, but both IPC machines had dead power supplies. Opened them up to find a bunch of leaking Chemicon and Elna capacitors. I don't know if this is a capacitor plague/counterfeit thing (both are good brands, and were rated 105C) or what. Anyhow, I wrote up the recapping process here: http://www.glitchwrks.com/2017/07/24/ipc-recap I've included a list of part numbers with original capacitor values, as well as a cross-reference to current production Nichicon substitutes. Both supplies work fine, and both SPARCstation IPCs are now functional Here's a pic of the inside of the supply, after recapping: I went ahead and replaced all capacitors except the line-side filter cap. The smaller ones looked OK, but I figured I might as well do all of them, since I had it open, and capacitors are cheap.
  4. Heh, there's a thought! SunOS has a lot of unpatched, exploitable stuff, like RCEs in the rlogin daemon Every now and then I think about trying to put up an old box running an old OS for shell services for some of the vintage computer crowd (a lot of people seem to want to telnet to something and run IRC on their vintage machine)...but then I think about how insecure these old boxes are, and figure if anyone is still scanning for this stuff, it'd be a total maintenance nightmare!
  5. I picked up a big heap of old Sun gear recently, all SPARC32 era stuff. There were two SPARCstation 2 pizzaboxes in the lot, one which worked fine. The other had been parted out -- no RAM, hard disk, or cards, other than an old bwtwo SBus black and white framebuffer, with essentially useless ECL output. Turns out that this one had a cache controller in that weird fibre module format that Sun liked, with tiny unprotected flying leads. Here's one out of a SPARCclassic (note, it's a SPARCv8 CPU, not a cache controller...same style package): I had tried straightening the pins with an X-acto knife and a 40x loupe but couldn't get it to boot. I decided to have one more go at it today, before giving up and parting the machine out. Turns out there was a pin bent and pushed under another pin, which wasn't obvious except from exactly the right angle. I used a bit of 28 gauge Kynar wire to poke it out. Success! I plugged in a disk from another Sun and booted SunOS 4.1.3 just to make sure it was really alive. It was, so I decided to make it a permanent fix and blob some cyanoacrylate glue (superglue) on the pins to protect them from future mushing and fingerpoking. Before: After gluing: And, just to be sure the glue didn't mess anything up, back into SunOS 4.1.3: So, this one dodged the scrap bin and lives on! Now, what do you do with a 40 MHz SPARC32 machine with 4 MB RAM...
  6. This happened this morning: Apparently the floppy drive had a pretty much dead short in it. Apparently the supply on the bench either doesn't have a functioning shutdown circuit or it's high enough wattage that it didn't see this as a problem. Now the shop stinks of burning wire.
  7. Not very in-depth, but an interesting read if you don't know about the old microwave relay system: http://hackaday.com/2017/07/10/horns-across-america-the-att-long-lines-network/
  8. Remember when we did these? Digium TDM400P with 2x FXS modules for $25 shipped: http://www.ebay.com/itm/172738692091 Show off your 1337ness with a Digium backpack! http://www.ebay.com/itm/292141171683 Soekris 4801 Router/Firewall/Embedded platform, probably not enough RAM for full pfSense nowadays but they run old copies of m0n0wall and straight OpenBSD great: http://www.ebay.com/itm/232390594351
  9. I recently bought an APC AP9211 MasterSwitch, which is a remote controllable 8-outlet PDU. It's got 8 switchable standard outlets so you can poweron/poweroff/reboot machines remotely. It came with an AP9606 web/SNMP management card, which is usable in a bunch of older UPSes and such. The AP9211 is an older unit, but switching power on and off isn't very complicated, and the newer units mostly boast features I don't really need (built in power meters, "too much current" type alerts, et c.), so I bought a cheap AP9211 online. It of course came with an existing, non-reset configuration. The official guide sez to use a serial cable to reset passwords, but I didn't have a USB -> RS232 adapter on hand, so I looked for known vulnerabilities in the management card, and found this little gem: http://mccltd.net/blog/?p=36 Looks like you can dump the EEPROM over a telnet session using a master password that the factory uses to configure new systems (setting things like MAC addresses). I fired up tcpdump and power-cycled the unit to try and figure out what IP/subnet it was configured for. Got an ARP request and grabbed it -- 10.24.40.18/16. Sure enough, telnet in, enter any username and the master password, and you end up in debug firmware! I was able to get the existing password from EEPROM and log in. I could see maybe having this feature on the console port of the management card, but it sure does seem short-sighted to put it on the telnet interface! I wonder how many of these things are still in service -- betting quite a few, since the management cards work in a bunch of different APC products, and things like the MasterSwitch don't really become less useful with age.
  10. The industrial ones are usually opto-isolated and should stop something like a USB Killer. That's what the datasheets say anyway, I've never purposefully tried to destroy one
  11. Yeah, there are USB isolators you can get from industrial suppliers that will protect your machine, too (used to prevent a catastrophic failure on a machine tool from blowing up the control system). I would probably just grab the cheapest throwaway laptop in the parts heap/thrift store/whatever and use it, if I were going to check these out. Another thing to look at is local geocaches. I've found a few on hikes that had USB drives in them.
  12. I have actually seen a dead drop embedded in a wall in Cambridge, MA, near the MIT campus (shocking, right?). I did not dare plug my own piece of equipment in there I've heard of people building "wifi throwies," like the LED graffiti thing (LED + battery + magnet, they stick to ferrous surfaces and...well, stay lit up for a while). The idea was to take something like an ESP8266 and a lithium cell, attach a sufficiently strong magnet, and stick it somewhere public. Being an embedded wifi module, they were probably only serving text or static HTML.
  13. Yeah, I'll drop stuff on my website sometimes, as well. The thing with the print shop is, they have *horrible* Internet to start with, so you may or may not be able to download a file if it's more than 1-2 MB. I'm usually printing large electronic schematics in 11x17" tabloid format, so the flash drive is advantageous there. I don't really use them for booting much anymore, though I will load Slax (Slackware based live distro) on a drive for testing now and then. Mostly I netboot stuff for new installs, it's faster and you don't have to mess around with iffy embedded BIOS USB boot implementations. Sometimes 5.25", sometimes 3.5"...but I also have a few systems that are still using 8" floppies Some of it is hard sector too, where the sector start boundaries are marked by a number of physical holes punched in the disk.
  14. I still use flash drives to take stuff to untrusted computers -- for example, when I take something to the print shop to be run off in large format. These types of places (print/copy shops, library, et c.) don't run a primary business of having safe, secure computers, and they let you plug in and run pretty much anything, so I will typically use a flash drive to take files, then nuke it when I get home. I don't log into anything on those computers, I've seen people at the print shop logged in with their cloud storage, email, whatever. Seems like a great way to get keylogged or your session cookie swiped or something. For moving stuff around between computers I trust, yeah, I don't really use flash drives anymore. Ironically I do still use floppies -- but that's only because part of my business is legacy systems repair/maintenance.
  15. It looks like Digium is running their own Git server, under which DAHDI is hosted: http://www.asterisk.org/downloads Might see about sending them a PR or diff patch.
  16. Tried a DVD drive last night, it doesn't like it as either master, slave, or cable select. I unplugged the hard disk and stuck a bootable Slax CF card in the CompactFlash slot. Looks like it comes up as master on primary IDE, so you can't use the CF and IDE master at the same time. A lot of CF cards won't work as a master with an IDE slave, so probably you ought to pick one or the other. Anyway, Slax boots fine, identifies all of the Ethernet interfaces, and all of the Ethernet interfaces work (grab IP/IPv6 addresses and will communicate). I have memtest86+ on that CF card too, so I let it run for several passes. Seems to be completely stable with the 933 MHz CPU and 256 MB RAM.
  17. I picked up a MultiTech Systems RouteFinder RF600VPN router/firewall/VPN thing for really cheap recently. It's a 1U rack mountable device with three Ethernet ports, serial, USB, modem, and a VGA connector. The VGA and USB suggested it was probably an x86 compatible thing that could be repurposed to run pfSense/opnsense/plain old OpenBSD. I had time to take it apart today, did not disappoint: Plain looking beige 1U box Nice front panel status readouts though, interfaces helpfully labeled LAN, WAN, DMZ. Ports! The VGA was a tipoff that there was probably an x86 PC inside. Oh look, an x86 PC! It's a custom motherboard but it uses a standard Intel chipset, Socket 370 CPU, 168-pin SDRAM, 44-pin 2.5" IDE hard disk, and has a free PCI slot and CF slot. CPU was a 566 MHz Celeron, replaced with a random 933 MHz P3 I had which works just fine. I upgraded the RAM from 128 MB to 256 MB. Looks like the Ethernet interfaces are real Intel eepro100 devices! Should make for a good router/firewall. There are keyboard/mouse PS/2 ports hidden inside. Oddly enough they don't seem to like a keyboard plugged in. A USB keyboard works fine, though. You can see a floppy drive header to the right of the PS/2 ports, and a modem module below the ports. The red jumper to the upper-left appears to be a "turn the power on" jumper -- it won't power up without it. I suspect it's for a front-mounted power switch, which this model doesn't use. Hardware summary screen, internal hard disk is 15 GB. Oh look, it's loading Linux with LILO... Apparently this used to be the router for some city hall. "But glitch, you seem to have root!" Yeah...the root password was set to "admin." Everything's on default. That's as far as I've gotten with this, next thing I'll do is probably dump the hard disk (or just swap it out) and get ready to put something better/more modern on there. I'll probably plug in a CD drive and try booting Slax Linux (Slackware-based Live CD).
  18. Oh, I've taken the DNS record out by this point. Basically, there are things out there that treat DNS records like they're always clean text that can just be shoved into whatever without sanitizing. I'd set up a DNS resource record that did Javascript XSS in the browser when a particular DNS record was displayed. The rDNS on 2001:470:1f07:b75::1337 is still present, if you go to the tool in the second link and paste in that address in the IPv6 rDNS lookup, you'll see a bold hi! on your screen. I'll set up the hax.bv.theglitchworks.net address again if you guys want to see how that works.
  19. Apparently someone else thought about this a few years ago, but I was working on my Dynamic DNS project last night and thought, how many websites grab DNS or reverse DNS information and just pass it to the browser, unescaped? Apparently nonzero: https://dig.whois.com.au/dig/hax.bv.theglitchworks.net Click the button The following site works for both forward lookup on hax.bv.theglitchworks.net and reverse lookup on 2001:470:1f07:b75::1337 http://www.webdnstools.com/dnstools/dns-lookup-ipv6 Another example of how no external data should ever be trusted!
  20. link to the Hack a Day article: http://hackaday.com/2017/01/19/autodesk-moves-eagle-to-subscription-only-pricing/ Feeling pretty good about that decision to move to KiCAD with the 4.0.0 release
  21. You sure do forget all the little tricks and keyboard shortcuts in a hurry! Don't trust bulk pack bargain bin CD-Rs with important data?! I've got a few spindles of Verbatim archival grade stuff for work and really important permanent backups. Stuff that changes some times gets put on Magneto-Optical cartridges.
  22. Since getting the HP 420 squared away with a proper mirrored ZFS volume, I've been working on getting to the point where I can shut down my old workstation, which was still limping along running a few applications, like my Dynamic DNS widget. I needed somewhere to run things like the Dynamic DNS system, and leave a tmux running for persistent IRC. I don't have a server rack up yet, so my old VM hosting box is currently offline. It's really too loud to run out in the main workshop area (you can hear it upstairs, the workshop is in the basement). Until then, I dug into the junk bin and put together a server: The case is a massive Lian Li aluminum ATX server case. I picked it up at a local tech surplus auction for, I think $10, with a power supply and a DVD drive. It looks kinda silly with so little hardware in it: The motherboard is an Intel Desktop Board DP43TF from a machine I built in probably 2009 and dismantled in 2010 or 2011 -- it developed a RAM error and I stole the Xeon CPU out of it to use in something else. The CPU is an Intel Core 2 Duo E4300, 1.8 GHz LGA775, 2 MB cache, that came from a computer we found in the trash that had exploded motherboard caps, but a good CPU and RAM. Power supply came from a friend's junk PC that I was given when he replaced it. There's no onboard video on the DP43TF so I've got a GeForce 8800GT stuck in there for the console at the moment 8 GB DDR2 came from another junk PC someone gave me. DVD drive and WD RE4 250 GB drive were on the spare parts shelf. I updated the BIOS to the 2011 release (was the original 2008 release) which is supposed to improve stability. It's currently running OpenBSD 6.0 AMD64, with various applications deployed to it with Capistrano (manages your deploys over plain SSH). Telephoney is going to send me a less power hungry PCIe card with VGA so I can get the GeForce 8800 out of there! I've though about finding another Xeon X3360 (quad core, 12 MB cache) for the board -- that's what I originally ran in it, and it's the fastest thing it will support, but it doesn't really seem worthwhile since this box is pretty old and should be temporary anyway.
  23. Oh man, board layout with AutoCAD We had some legacy products at previous jobs where the layouts were all AutoCAD from back in the DOS days. Using a real EDA tool makes life *so* much easier!
  24. That's the approach I go with -- small, highly portable laptop, let the desktop do the heavy lifting. Works out being cheaper anyway, since you can get beefy off-lease workstations for good prices. My poor Lenovo X201 laptop is nearing retirement though!
  25. Ouch! You can tell the iMac's thermal management was definitely designed to try and keep the fans off. The ones at the office got uncomfortably hot on top before the fans would come on. I guess most iMac owners don't use them the way programmers use them, or something.