Tips & Notices – October 2018

About “Tips”:

While I’m mostly interested in things having to do with:

Computer stuff, especially small single board computers
Making money, usually via trading
Weather and climate (“Global Warming” & “Climate Change”)
Quakes, Volcanoes, and other Earth Sciences
Current economic and political events
(often as those last three have impact on money and climate things…)
And just about any ‘way cool’ interesting science or technology
Oh, and lately, cars ;-)

If something else is interesting to you, put a “tip” here as you like.

If there is a current Hot Topic for active discussion, try one of the Weekly Occasional Open Discussion pages here:

You can also look at the list of “Categories” on the right hand side and get an idea of any other broad area of interest.

This ought not to be seen as a “limit” on what is “interesting”, more as a “focus list” with other things that are interesting being fair game as well.

The History:

Note that “pages” are the things reached from links on the top bar just under the pretty picture. “Postings” are reached from the listing along the right side of any given article (posting).

Since WordPress has decided that comments on Pages, like the Old Tips Pages, won’t show up in recent comments, it kind of breaks the value of it for me. In response, I shifted from a set of “pages” to a set of “postings”. As any given Tips Posting gets full, I’ll add a new one.

I have kept the same general format, with the T page (top bar) still pointing to both the archive of Tips Pages as well as the series of new Postings via a link to the TIPS category.

This is the next posting from prior Tips postings. Same idea, just a new set of space to put pointers to things of interest. The most immediately preceding Tips posting is:

The generic “T” parent page remains up top, where older copies of the various “Tips” pages can be found archived. The Tips category (see list at right) marks Tips postings for easy location.

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tips and tagged . Bookmark the permalink.

106 Responses to Tips & Notices – October 2018

  1. Simon Derricutt says:

    Looks like the IPCC conference in Korea is demanding that all cars become electric, no fossil fuels are burnt (at least in the West, but of course China, India and a few others can burn as much coal and oil as they need to to catch up), and it has to be in place by 2020. Not long before that tipping point after which were all doomed. Doomed, I tell you…. France 24 is also relentlessly plugging the necessity to act now, and go back to the Stone Age in the West during the next year and a bit. Do not pass Go, do not collect £100.

  2. corsair red says:

    An interesting development, to me anyway. Fundamentalist preachers have been saying for centuries the Earth and mankind were doomed if we didn’t change our ways, and now here the scientists are telling us the same thing. And both groups saying the world will end in fire; well, more or less. :-)

    So, do we tell the climate change scientists they and God are on the same page? ROTFL!

  3. H.R. says:

    Heavens no!

  4. E.M.Smith says:


    So with a USA population of somewhere around 300 Million cars, almost all of them not electric, have they said where they will get 300,000,000 eCars in 1 year (2019… as 2018 is over and 2020 is when it must be completed by) and just who is going to pay for it?

    Figure $40,000 / car average (not all getting the $100,000+ Tesla) that’s roughly 300 x 40 x 1000 x million or 12 x 1000 x 1000 x 1,000,000 or 12 million million or $12 Trillion in US terms just to buy the cars. Now add trucks, buses, trains, ships, … So who’s got about $20 Trillion to spare this year? Eh? That’s for the USA alone. Rinse and repeat for the EU, Japan, etc. etc.

    @Coarsair Red & H.R.:

    Oh, no! You have got it horrible wrong! They are not on the same side as God; they think they ARE GOD! Who else can change the global climate and determine Fire & Brimstone vs Cold & Ice as our fate?

    I’d like to put a smiley on that. I really would…

  5. Larry Ledwick says:

    Too early to tell if these items are related but packages testing positive for Ricin sent to Pentagon and people sent to hospital after supecious package arrives at Ted Cruise office

  6. Larry Ledwick says:

    Ooops accidentally hit enter.

    Second link:

    Could also be fentanyl or similar compounds which would be equally lethal.

  7. Larry Ledwick says:

    Also today – looks like the Left is going to go all in this week.

  8. Larry Ledwick says:

    Houston has cleared the evacuation order for the building housing Ted Cruz campaign office.
    Houston Fire Dept
    Verified account
    22 minutes ago

    The evacuation order has been lifted for the office building at 3200 SW Fwy. All tests were negative for any hazardous substance.

  9. ossqss says:

    Cablepocalypse is upon me. Spectrum, who use to be Brighthouse or Time Warner whatever, is now pulling the plug on the analog cable signal that powers several of my TV’s. They now are going full digital which means you need a rental box from them at every TV to use their service. I have 3 alternate site TV’s that I actually use to some degree (garage, porch, spare room). Since I will not pay them a dime to support those devices, I am venturing out into the alternate universe for use of their service at no additional cost. It appears that you can load and use their application on and Xbox One and a Roku (only streamer with spectrum app) and avoid the rental box charges entirely. Their application is actually quite nice, I use it on my tablet, phone, and PC on occasion. I thought briefly about expanding my rogue Directv account (only NFL ticket and hockey with no other programming), but I would not dare invite change to my fully mobile and wholly owned and unconnected receiver, or getting more attached to ATT! The conversion takes place at month end. I will let you know how things work out.

    I have an Xbox One, but am looking at the Roku Premier + unit. I have an AC router, but have no real need/demand to use MIMO yet.

  10. philjourdan says:

    Oh, no! You have got it horrible wrong! They are not on the same side as God; they think they ARE GOD! Who else can change the global climate and determine Fire & Brimstone vs Cold & Ice as our fate?

    Sounds kind of like Islam and Mohammed. No wonder the left loves muslims.

  11. corsair red says:

    Yes, they do think they are God. However, there are other opinions about that.
    Psalm 2:4 KJV:
    He that sitteth in the heavens shall laugh: the Lord shall have them in derision.

  12. E.M.Smith says:


    I thought the Roku was HDMI output only? How do you get that into a non-digital TV?…

    I bought a 19? or maybe 21 inch TV HDMI 1080p for my office for something like $90. Just sayin’ it might be easier for some of those analog TVs to make the jump… Or just see if anyone on Craigs List is selling the “converter” boxes that were given to just about anyone years ago for over the air signal conversion…

  13. corsair red says:

    @E.M.Smith and H.R.:
    An aside, apropos of nothing, I love the words derision and derisive. Derisive laughter is the only response to a statement by any progressive.

    For regular analysis of costs and effectiveness of renewable energy, I highly recommend Manhattan Contrarian. He frequently writes on this subject, climate change, economics, and general government stupidity. Here is an example:

  14. ossqss says:

    Some of the Roku units have an additional analog out. I have adapters to go to component, composite, S-video, or even DVI if needed. Having the right (newer) version HDMI cable is important.

  15. Larry Ledwick says:

    I presume everyone here knows this is happening tomorrow near noon.
    National push notification test on digital systems.

  16. ossqss says:

    @EM, the Roku Express + is the iteration with the analog output for $30 bucks. Or you can just grab an adapter for a couple bucks if needed. I think I saw an HDMI to component for $7 at wallyworld.

    @Larry, lets see if the message actually happens this time. They cancelled it last month.

  17. E.M.Smith says:

    IIRC it was scheduled for 2:15 P.M. ET, which would be 11:15 AM here on the Pacific and about 12:15 MT

    I’m torn between just making sure my phone is off then, leaving it on to see what it sounds and looks like, or going to the library to watch the chaos ;-) (Maybe a Starbucks would be more PC acceptable…)

    Maybe there’s a local B league sporting event going on then… (But DO NOT be on the freeway then!!! ;-)

  18. Larry Ledwick says:

    I am sure this first nationwide alert is essentially a load test for the cell system, and if it happens, it will allow them to gather statistics on time delay to push all the messages, how big of a batch can they push at once on each system without locking up the system etc.

    You have to crawl before you can walk – they have been trying to achieve this sort of national real time notification system since the mid 1950’s and they finally have the technology that makes it at least theoretically possible.

    I am sure many cell systems will lock up at least for a while with the message load. Wide area code red push notifications have noticeable delays as they walk all the numbers taking something like 20 minutes to reach all the phones in the warning area. I assume this will be similar but, it will basically be a simultaneous nation wide code red.

  19. E.M.Smith says:

    Per Roku:

    Hmmm…. I could use a component out for some odd things. One of my “issues” with my Roku is no way to record anything. The HDMI standard is designed for the purpose of preventing recording. So I have a few VCRs and no input. Sigh. (Yes, I know, 480i is not anything after 1080p but for recording “news” or similar stuff, who cares?)

    FWIW, there’s a way to split HDMI so one device (TV) validates “I don’t record”, and then the other HDMI goes to your DVR and it records whatever it wants as you are past the authenticate step. This requires a particular (older) HDMI spec. 1.4? Something like that. I just don’t care enough to go down that whole “build a signal stealing rig” path just to record a few bits of fluff…

    Well, given that, the Roku is now my favored way to watch TV. Especially if you already have a Cable authorization code so you can get all the cable channels. I’d strongly recommend getting one for one of your TVs and just playing with it / trying it out while you decide on the other 2. It is portable so you could move it from TV to TV for a while while you decide on how many… or alternatives. Having cable AND a Roku you will have more media available than anyone on the planet who doesn’t have their own (private / pirate) satellite dish (the 9 foot kind…)

  20. E.M.Smith says:


    Oh Darn! I was hoping to watch the whole stadium jump at once ;-)

  21. ossqss says:

    @EM, the composite, not component, would certainly provide for a VCR connection. It appears to be a 1/8 3 way jack to the RCA connections for audio RL and composit video. Upon further comparisons, I am going to go that route (Roku express +) initially for full flexibility/compatibility at $35 with both cables included, and a free month of HULU which I have not tried yet. We shall see as it is in stock at wallyworld right down the road!

    I did like the better remotes (tv power and volume capable, and some a headset connection) on the higher units, but figure to test first since I will need more than one if it works.

    A side note, I have viewed some recently discovered ways to add Kodi to Roku also, and not just screen mirroring.

  22. ossqss says:

    Well here is an interesting Roku twist. It appears I can have full remote control via the mobile app. If that is the case, I can install my device where i have an RG6 amplified distrubution point that was for my 2nd Directv reciever (which is dead) which went to all my TVs as an RF cable connection (channel 3). So I may be all set with one remotely placed Roku. Yes, I have a bunch of coax in my attic, but it all works, including amplified line level video out to all my TVs from my CCTV system.

  23. E.M.Smith says:

    Yes, the app works nicely. I managed to have a remote make percussive impact with part of my car (don’t ask…in the trunk) and it decided to stop working. So now my tablet is my remote for one of the Roku devices.

    It will actually control all three that I have ( it politely asks which one on the network you wish to control) and only once have I taken remote control, by mistake, of the one the Spouse was watching in another room… (Note to self: It is fun to give devices cutesy and misleading names like Penthouse and PlayRoom but it can make it hard to remember which device that is a few months later…)

    Near as I can tell the devices and the tablet (phone) must be on the same network and the Roku must be sending out some kind of “here I am” notice every so often. Some kind of ID packet. In theory, if you bridged that network (even via a VPN) to some remote site, you still ought to be able to control the Roku. So some future day I want to try encapsulating video in routed packets, and then bridge the video and the Roku control to somewhere very remote and see what latency does to things. Essentially you ought to be able to put the Roku on a Slingbox like arrangement and have control from your remote digs. I think.

    And oh, yeah, composite, component, slip of the fingers… I thought composite… doesn’t that count? ;-)

  24. Tim. says:

    Tim Berners-Lee is re-creating the www.
    Seems he’s fed up with the take-over by big money.

  25. ossqss says:

    Well, I implemented the Roku today with success and some identified deficiencies.

    I am using the Roku Express +, which provides the composite output to my RF modulator. I amplified the signal out to support four connected TV’s with no issue. Works like a charm with minimal degradation of picture quality aside from format on the 4×3 units being truncated slightly, at least on the Spectrum app and Amazon Prime that I tested. I set up resolution for 16×9 initially. So, all in all, it fully replaces the coming need for having to rent a cable box when the all digital spectrum conversion comes. All good there and TWD was better close up on 4×3 after you already watched it ;-)

    One item that did come to the surface is it cannot support the component and HDMI output on the Roku device simultaneously. Plug the HDMI in and it cuts off the composite out. No biggie as I would rarely need to use in on the Sony Bravia mother hen TV since the Xbox is there already along with the primary DVR cable box. BTW, I am using the service USB on the DVR as a power supply port for the Roku to thwart Spectrum from forcing my hand and not having to plug anything else in to power the Roku. LOL, Oh the irony!

    So, instead of being force to pony up for boxes for my non-box TV’s at month end @$11.99 each, I spent $35 and fed 4 of them accordingly, permanently, with everything I get from Spectrum on a cable box. That is gonna pay for beer moving forward. That is my story for SWMBO, and I am sticking to it!

    There ya have it. I am off to pop a top of off a cold one!

  26. ossqss says:

    BTW, all “On Demand” functionality is in play with Spectrum also. Apparently, as part of the wallyworld purchase, I get a month of Hulu with cloud storage and unlimited screens for the Roku, whatever that means. I consider it a bonus, and will drink to that too ;-)

  27. E.M.Smith says:


    Pop one for me while you are at it! Congratulations!

    Now you get to wade through the several thousands of Roku channels and decide which all is crap and what few are gems… There are also “hidden” channels (often for R or more rated content but also things like private company channels) along with loads of “local news” from all over the planet (in many languages) and TED talks and YouTube and … well, lets just say I’m around a year+ into it and still have not sampled all the FREE channels… no where near starting on the pay channels other than the Netflix we had before and the Amazon Prime we got for “free” when we signed up for cheap shipping and “there it was”… (before we had the Roku and didn’t have a use for it…)

    Top 50 Roku Channels (has a popup):
    A rather complete listing by name:
    Private Channels guide:

  28. ossqss says:

    Thanks for the links and guidance EM! I have touched the Roku channel on youtube and garnered some insight also, including less obvious sites. The test has worked well, and now I ponder the rational behind the Roku Ultra memory slot for additional storage. Let alone that Kodi item mentioned earlier. We shall see soon ;-)

  29. E.M.Smith says:

    Each channel is a custom application (even if small) while playback has some buffering. How many channels can be added to your active list is limited by memory. Now I had about 400 channels and still had not come close to filling the memory on my Roku Stick, and started deleting channels just as I could not get around to watching them all (even to decide if I wanted them).

    So I don’t think you will have a memory problem. But if you do, that’s what the slot if for. I think. ;-) Unless your device has other interesting features mine doesn’t….

    My advice? Lay in a couple of cases of beer and plan on a long weekend of checking out channels. You will likely need to do that a few dozen times to get done ;-)

    It will depend a bit on what you like. News? Easy to identify. Quirky things from around the world? Takes longer… “Just Netflix and Ted Talks”? Done in 5 minutes. Sampling all of them? Likely a lifetime effort as new ones are added faster than I have time to check them out…

  30. E.M.Smith says:

    On my Roku just checked the “just added” channel listing. 339 channels. Just added.

    Even if they age a month before leaving the list, that’s about 10 / day…
    Under “Streaming Channels” in your main menu are where most channels are located. In some of the sub-headings you have channels by main topic or type:

    Movies & TV group is 1238 channels
    Music is 395
    Apps is 69 – Hey, it claims to have a FireFox! Going to be hard to use without a keyboard…
    Educational – 216 (including TED, Smithsonian, NASA…)
    International – 216 also from all around the world
    Kids & Family – 491
    Lifestyle – 397
    News & Weather – 453
    Religious – 1914 (many small churches broadcast their services. Wife gets Mass when she can’t make it to church via a few Catholic stations at different times)
    Science & Tech 95
    Special Interest – 586 (Looks like that’s where the “grindhouse” and soft porn is located)
    Sports – 538 (Big names like ESPN, Fox, MLB and little local teams too)
    Travel – 259
    Web Video – 152 (Including YouTube, Viemo, Yahoo, etc.

    So yeah, a lot of beer to get all of them even watched for 5 minutes each.

    The good thing is that for many you will find they are pay channels and you don’t want them that much. So most of the major sports channels are that way. For others, once you’ve seen one “grindhouse” channel and know what they are ( I didn’t…) it’s pretty quick to decide not to sample too many others. (Cliche long legged women in Nazi Style leather bodice with hat, riding crop, and boots, mediocre acted, is surprisingly not all that interesting after 5 minutes of WT?)

    Other whole blocks get skipped for things like not having kids anymore, or not using your TV as a radio. (Though there are a couple of retro-stations that are fun, one with full recordings from somewhere in Florida? with commercials from the period and all; then another is all your local FM stations…) So with a bit of work you can prioritize a few hundred in a couple of categories to check out.

    Be prepared for disappointment. A lot of the channels are duds. The chamber of commerce in Lodi. The web cam watching an intersection somewhere. Someone putting up their canonical collection of old VHS tapes of shows where copyright has expired. Others are quirky but fun. Like the “Virtual Irish Pub”. Somewhere there’s a pub and they record stuff and performers… But it takes a while to get through the junk to find the gems.

  31. Simon Derricutt says:

    Maybe a few others will find this funny, too. tells us that the Shetland Islands must be shown in the correct relative position to Scotland rather than being put into a box on the map with separate lat/long lines. Result is that the map will show a very large amount of sea and not much detail on the islands themselves. A pretty ridiculous thing to make a law about, and the unintended consequences are all detrimental.

  32. LG says:

    The BIG HACK : Chinese Infiltration Of Apple, Amazon And The CIA

    Short version:

    Bloomberg’s revelations, which reported on an ongoing government investigation into China’s use of a “tiny microchip” that found its way into servers that were widely used throughout the US military and intelligence infrastructure, from Navy warships to DoD server farms. The probe began three years ago after the US intelligence agencies were tipped off by Amazon. And three years later, it remains ongoing.
    Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
    During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
    Elemental also started working with American spy agencies. In 2009 the company announced a development partnership with In-Q-Tel Inc., the CIA’s investment arm, a deal that paved the way for Elemental servers to be used in national security missions across the U.S. government. Public documents, including the company’s own promotional materials, show that the servers have been used inside Department of Defense data centers to process drone and surveillance-camera footage, on Navy warships to transmit feeds of airborne missions, and inside government buildings to enable secure videoconferencing. NASA, both houses of Congress, and the Department of Homeland Security have also been customers. This portfolio made Elemental a target for foreign adversaries.

    A sizable portion of its engineers were native Mandarin speakers. One of Bloomberg’s sources said the government is still investigating whether spies were embedded within Supermicro or other US companies).
    But however it was done, these tiny microchips somehow found their way into Supermicro’s products. Bloomberg provided a step-by-step guide detailing how it believes that happened.
    A Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.
    The microchips were inserted at Chinese factories that supplied Supermicro, one of the world’s biggest sellers of server motherboards.
    The compromised motherboards were built into servers assembled by Supermicro.
    The sabotaged servers made their way inside data centers operated by dozens of companies.
    When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.
    In espionage circles, infiltrating computer hardware – especially to the degree that the Chinese did – is extremely difficult to pull off. And doing it at the nation-state level would be akin to “a unicorn jumping over a rainbow,” as one of BBG’s anonymous sources put it. But China’s dominance of the market for PCs and mobile phones allows it a massive advantage.
    One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location – a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.”
    But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.

  33. llanfar says:

    2LG Apple, AWS deny. Apple says likely misrepresentation of 2015 story of a single server found to have malware with nothing taken.

  34. Larry Ledwick says:

    The only good thing about the Chinese “Big Hack” is that it has been outed and with President Trump’s efforts to MAGA the two circumstances will likely lead to a move to bring sensitive production back home where it would be much more difficult to compromise systems at the hardware level.

    It will also presumably lead to the military / government developing hardware audit processes and equipment to verify that equipment purchased for the most sensitive applications is actually manufactured as designed.

    When you think about the complexity of what the Chinese accomplished they had to have their fingers in the pie at the time the devices were designed or very shortly after, or have a specialty unit that can do extremely rapid prototyping production of those specialized chips. Not to mention have invested years in pre-planning development and testing of the hack enabling add on hardware, as a generic black box device that could simply be inserted in the appropriate trace on a mother board with little likelihood of upsetting normal operation of the device that would flag the existence of the hack.

  35. E.M.Smith says:


    Sometimes folks have to run headlong into the wall before they see it. As folks start getting maps with nothing but water and a blob on them, they will complain and be told about the law… eventually enough people will say “What is this crap?” and the one guy in a position of power who pushed for it will die, and then it will be reversed…

    Until then a foot note saying “Shetland is in a box so you can see something other than water and a small blob of land” will give enough cover…


    Nice to know about that specific one. Nice guide to some specifics to avoid.

    I saw such a “hardware attack” while working at a company a few years back. Different hardware though. They ordered a decorative USB Thumb Drive for a promotion. Cute little character images on it. In testing, 1 in 10 was found to be infested with a subtle virus that would “phone home”…

    A few years before that it was found that a percentage of those “electronic picture frames” sold cheap all over the place were similarly infested. ANYONE who plugged one into a PC to load some pictures also inserted a virus back into their PC, which then “phoned home” and asked for more directions…

    This is why I trust NO hardware from China unless it has been examined, tested, and run on a network with a good IDS / IPS box watching its traffic.

    I buy NO “electronic picture frames” or any other similar devices. I trust boards and systems widely used by embedded systems folks and “hackers” as a fair number of them run some kind of packet sniffer on their network while debugging boards (so even a 1 in 10 will be spotted by someone…).

    Even there, there are risks. Was your Nikon camera made in China? Some of the lenses are, but I don’t know about the current camera bodies. How many photographers run an IDS / IPS system? When Odroid makes their boards in Korea, do they use ANY chips made in China? Probably…

    So this is a huge issue (general hardware exploits), it is an active exploit, it has been in play on various hardware for at least a decade that I personally know of and it will not end.

    Describing it as a “unicorn” is stupid. Toss a billion sticks in the river and a few WILL make it to Seattle. It is a smart statistical attack. How many folks got a random USB stick and took it to work to upload a file, or used it to take some work home? This is part of why I like using SD cards in an adapter instead. The USB attack is known to be in play. SD cards are still a risk, but many more of them are used in gear that is of no interest in agencies (so value of the hack is less) and many more are inspected by hackers and embedded systems guys (so probability discovery is higher).

    I make an exception for the R.Pi just because it is designed in Britain and used by millions of folks mostly for things that are “uninteresting” to the Chinese Communists. Odds are very high any hardware hack would be spotted and value of the hack is very low. It does not make me comfortable to make that exception, so I’ve also explored the Korean boards (Odroid).

    This is also one of the big reasons I run Linux / BSD. Pretty much every hardware exploit I’ve heard of has been a virus aimed at Microsoft OS versions and PC hardware. 99%+ of that risk is dodged by just not using that OS and hardware. (This will change over time, and for “server exploits” like the one described in the above comment, the percentage of Linux is higher so the percentage of non-PC non-MS exploits deployed will be higher).

    Were I running ANY government TLA, I would require that 100% of hardware bought be American Made with 100% American sourced parts. Even then I’d require 100% of it be booted up on an isolated network with the best IDS / IPS (Intrusion Detection System / Intrusion Protection System) available, along with a nice real time display packet sniffer running and an experienced network guy looking at the screen. After a few dozen they will know exactly what normal looks like and when the one that’s different shows up it will stand out…

    We KNOW we are under electronic assault from China.
    We KNOW they are using both software and hardware exploits.
    To NOT test all the gear to find where it IS happening is just stupid.

    Most companies and the Government are very stupid. They will NOT pay for security. I’ve been fighting that battle, and losing, for about 25 years now… At best you can get funding for about 80% of what is needed, and that only happened after laws were changed to make a big liability risk for companies leaking PII (Personal Identifying Information). Things also improved after Target got whacked and a few other Big Name leaks got Big Fines. It still isn’t enough, though. Thus the ongoing leaks discovered. (For those discovered, there are many more not discovered). This is why I do not hand over ANY information to companies or the government that I can avoid handing over. It WILL end up in China. Only question is when.

    Over the top? Well, my full bio and resume is in China as I applied (and was cleared) to work at The Federal Reserve Bank. Those records were in the Federal employee clearances database that was hacked by China. (The US Gov. gave me 2 free years of credit monitoring to “fix” it…)

    So I’ve been on this from both side. Active defense and victim via lazy or incompetent others.

    I’m very glad I’m no longer on the line as the guy who must keep the site secure. I have an unblemished record that, IMHO, can no longer be achieved. When I was “on the line”, hardware was made in the USA and all the crap Microsoft et. al (Prism Program) put in software to make it leak to our TLAs was not in place. As of now, IMHO, if you run Microsoft Windows or use any hardware / software from other Prism participants, you can not make your site secure. Active Java, Java Script, etc. just make a bad situation worse. I suspect SystemD is in the same mold. Thus my “rotate the shields” and “frequent flushing” procedures and using “strange hardware and OSs”… Just step off the main line of attacks and keep hiding behind a different tree…

  36. E.M.Smith says:

    A review of the “Elemental” server that is one of the hacked boxes:

    It’s a video encoder / server box. Would tend to be in the center of high speed networks and unlikely folks would notice a MB of added odd network traffic on a GB to TB scale server…

    The “Supermicro” motherboards at the center of the issue:

    Your basic Wintel type MB that could end up in any and every Intel based server. So looks like the Chinese are still focused on the PC / Intel / Windows center of the market.

    Looks like 2006 was the start date, so maybe I’ll keep my old boxes around a bit longer ;-)

  37. Larry Ledwick says:

    The other issue people might not realize is the simple man power ratio. With 1.42 billion people china can throw 4 research engineers at every engineer on our side. So for each guy trying to protect our stuff they can counter him with 4+ people looking for holes. Given their interest in AI I would not be surprised if they have AI tools to dig into systems and look for vulnerabilities.

    So many components are built out of building block chips that are produced in massive quantities it becomes cost effective to develop hardware compromised versions of chips which are produced in million lot quantities and included in just about every system.

    Things like network interface chips which you know by definition will have direct access to the data streams, or GPU processors which will have very low level access to the system.

  38. E.M.Smith says:

    From that Zerohedge article:

    As one government official reminds us, the extent of this attack cannot be understated.

    With more than 900 customers in 100 countries by 2015, Supermicro offered inroads to a bountiful collection of sensitive targets. “Think of Supermicro as the Microsoft of the hardware world,” says a former U.S. intelligence official who’s studied Supermicro and its business model. “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”

    But perhaps the most galling aspect of this whole scandal is that the Obama Administration should have seen it coming.

    Well before evidence of the attack surfaced inside the networks of U.S. companies, American intelligence sources were reporting that China’s spies had plans to introduce malicious microchips into the supply chain. The sources weren’t specific, according to a person familiar with the information they provided, and millions of motherboards are shipped into the U.S. annually. But in the first half of 2014, a different person briefed on high-level discussions says, intelligence officials went to the White House with something more concrete: China’s military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies.

    And thanks to Obama having dropped the ball, China managed to pull off the most expansive infiltration of the global supply chain ever discovered by US intelligence.

    But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies.

    Note that the “900 Customers” were not end customers. They were computer system makers buying motherboards to put into their systems… sold to orders of magnitude more end customers.

    So yet another connection between the Dims and the Chinese… Obama admin “dropping the ball” or deliberately leaving the gate open? Also note this is a GLOBAL hack as systems went all over the world. Not just aimed at the USA, but any company or government anywhere. Yet Another Reason this is no unicorn and rainbow… it’s strategic grab of data from anywhere in the globe.

    Further down:

    Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. “Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
    Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.

    Why I’m very very uncomfortable with “Management Engines” and remote management facilities.

    OK, this confirms this exploit is not applicable to systems like the Pi using non-managment engine like CPUs. Also note that it does a ‘phone home’ to systems elsewhere… Now it is possible for those to be in the USA, but that exposes them to capture by US TLAs. Much more likely is they are located in China or in places China has large influence. So one bit of “sanitation” is simply to put a routing rule in your boundary router that “grounds” all traffic to countries where you do not have any interest. Really, ask yourself: Do I have ANY real need to talk to China, Russia, Mongolia, Pakistan, Iran… heck even most of Africa and chunks of South America. So why do you let your router send packets there?.

    It is “trendy” to “think globally” and it was discouraged by “management” types (who were paid or played by whom?…) to put in place such traffic limiting rules; yet they are a very useful thing. Simply put: IF you refuse to route traffic to places you do not normally go, you block exploits using that location too. (It would still be possible for them to use a local VPN to get past that, but for hard coded IPs in a chip that doesn’t work unless they did the VPN in advance, which is possible but unlikely as it is another pointer back to them when our TLA goes and asks who owns the VPN service in use at the CoLo…)

    One other bit: Often data exfiltration and “phone home” pings are sent without any request for an ACK (acknowledgement) of receipt. If it gets there, fine. If the phone home works, you will be sent a “here’s what to do” command anyway. This is usually done via UDP (that just sends data and hopes) not via TCP (that sends data, insists on confirmation of receipt, and re-transmits if it doesn’t get the ACK). Unless you really need to run UDP services over the internet, just shut off the UDP stack at your router… (this can disrupt some services – things like time information that is not resent as it is out of date then – so make sure you don’t need it…) IF you need UDP to a particular place for a particular service, ONLY allow it in the router ACLs (Access Control Lists) for that site for that service on that port…

    Folks who do “defense in depth” like that, working at router, DNS, firewall, ACLs, IDS / IPS, hardware vetting & testing, OS selectivity & testing, segmented networks by function, etc. etc. levels can be pretty sure they are safe even if some “crap” gets into their network. It is just a matter of IF there is a way to do some defense you DO IT. 100% of any possible defense gets done. To be exploited, the attacker needs to line up some holes to get out. You try to make zero holes. The more things you do, the less likely they can “line up the holes” and get in or out.

    Complex? PITA? Oh Yeah. But also essential…

  39. ossqss says:

    Well the Roku gift keeps on giving. I found the NFL Sunday Ticket on it, which I subscribe to via Rogue Directv, and it works. Now I have basically replaced my dead Directv box also. The beer bucks keep adding up fast!

    I would say the mobile remote is a must as you can type on the phone or tablet keyboard , or use voice functions, when searching for stuff or logging in other info. Additionally it appears you can use your phone/tablet headphones instead of the TV speakers for private or quiet listening (have not tried the PC). The memory slot and USB port mentioned is only on the Roku Ultra and can be used for playable media, and additional storage for Roku. I would guess I could attach a USB HD and access stored media, but I can do that through my AC router already. I am gonna explore Kodi adds soon, aside from the screen mirroring option.

  40. ossqss says:

    Dang, forgot this link in my prior comment about the mobile app.

  41. LG says:


    Apple, AWS deny. Apple says likely misrepresentation of 2015 story of a single server found to have malware with nothing taken.

    Please Note;

    Bloomberg based its story on interviews with 17 anonymous sources, including 6 former government intelligence officials. One official told BBG that China’s long-term goal was “long-term access” to sensitive government secrets.

    In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information.
    The companies’ denials are countered by six current and former senior national security officials, who – in conversations that began during the Obama administration and continued under the Trump administration – detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information.

  42. E.M.Smith says:

    That Bloomberg article has it’s moments ;-)

    Elemental servers sold for as much as $100,000 each, at profit margins of as high as 70 percent, according to a former adviser to the company. Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.

    Not even a smiley on it… just a cold humor line …

    I wonder if there will be / is a CERT advisory out on how to figure out if your Supermicro MB is compromised, or not… Looks like a global review of hardware is needed:

    Today, Supermicro sells more server motherboards than almost anyone else. It also dominates the $1 billion market for boards used in special-purpose computers, from MRI machines to weapons systems. Its motherboards can be found in made-to-order server setups at banks, hedge funds, cloud computing providers, and web-hosting services, among other places. Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards—its core product—are nearly all manufactured by contractors in China.

    The company’s pitch to customers hinges on unmatched customization, made possible by hundreds of full-time engineers and a catalog encompassing more than 600 designs. The majority of its workforce in San Jose is Taiwanese or Chinese, and Mandarin is the preferred language, with hanzi filling the whiteboards, according to six former employees. Chinese pastries are delivered every week, and many routine calls are done twice, once for English-only workers and again in Mandarin. The latter are more productive, according to people who’ve been on both. These overseas ties, especially the widespread use of Mandarin, would have made it easier for China to gain an understanding of Supermicro’s operations and potentially to infiltrate the company. (A U.S. official says the government’s probe is still examining whether spies were planted inside Supermicro or other American companies to aid the attack.)

    Wonder how many H1B visa folks work there… Just sayin’…

    Looks like Apple is still working about like it was when I was there. Careful, inspecting things, and watching the network traffic closely:

    Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI but kept details about what it had detected tightly held, even internally.

    That “odd network traffic” means their IDS lit up… and “firmware problems” means the Engineers were looking at the firmware. Just what they are supposed to be doing.

    IMHO this indicates that Apple found the problem, not that they were impacted by it. It sounds like Engineering found it, not I.T., and likely at an evaluation stage well before production.

    Also looks like the strategy of being on low value target hardware has confirmation as useful:

    As recently as 2016, according to DigiTimes, a news site specializing in supply chain research, Supermicro had three primary manufacturers constructing its motherboards, two headquartered in Taiwan and one in Shanghai. When such suppliers are choked with big orders, they sometimes parcel out work to subcontractors. In order to get further down the trail, U.S. spy agencies drew on the prodigious tools at their disposal. They sifted through communications intercepts, tapped informants in Taiwan and China, even tracked key individuals through their phones, according to the person briefed on evidence gathered during the probe. Eventually, that person says, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.

    As the agents monitored interactions among Chinese officials, motherboard manufacturers, and middlemen, they glimpsed how the seeding process worked. In some cases, plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.

    The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks, according to two people briefed on its activities. The existence of this group has never been revealed before, but one official says, “We’ve been tracking these guys for longer than we’d like to admit.” The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

    Nice to have that confirmation…

    Apple, for its part, has used Supermicro hardware in its data centers sporadically for years, but the relationship intensified after 2013, when Apple acquired a startup called Topsy Labs, which created superfast technology for indexing and searching vast troves of internet content. By 2014, the startup was put to work building small data centers in or near major global cities. This project, known internally as Ledbelly, was designed to make the search function for Apple’s voice assistant, Siri, faster, according to the three senior Apple insiders.

    Documents seen by Businessweek show that in 2014, Apple planned to order more than 6,000 Supermicro servers for installation in 17 locations, including Amsterdam, Chicago, Hong Kong, Los Angeles, New York, San Jose, Singapore, and Tokyo, plus 4,000 servers for its existing North Carolina and Oregon data centers. Those orders were supposed to double, to 20,000, by 2015. Ledbelly made Apple an important Supermicro customer at the exact same time the PLA was found to be manipulating the vendor’s hardware.

    Project delays and early performance problems meant that around 7,000 Supermicro servers were humming in Apple’s network by the time the company’s security team found the added chips. Because Apple didn’t, according to a U.S. official, provide government investigators with access to its facilities or the tampered hardware, the extent of the attack there remained outside their view.

    So Apple was mostly using this stuff for Siri, then when they planed to ramp up found the problem (among others) and backed out of the deal. Nice to know. The article makes it sound like Apple was already hacked, but I’m not seeing it that way. Looks like they were likely getting clean hardware in small volumes and only when the size went large did production get outsourced to those sub-manufacturers, the problems showed, and Apple shut down the buys. Good Apple!

    But didn’t squawk about it and said it was for other reasons so the TLAs could swim back upstream and identify the bad players. Normal and customary operations.

    Then, of all the thousands of systems shipped, only 30 companies didn’t have enough “defense in depth” to get actually hacked:

    American investigators eventually figured out who else had been hit. Since the implanted chips were designed to ping anonymous computers on the internet for further instructions, operatives could hack those computers to identify others who’d been affected. Although the investigators couldn’t be sure they’d found every victim, a person familiar with the U.S. probe says they ultimately concluded that the number was almost 30 companies.

    I’m now a little bit proud of my fellow Geeks ;-) Despite a pervasive hardware hack, from THE biggest maker of motherboards, shipped all over the place: only 30 folks failed to block it via one way or another…

    Then this interesting bit – some chips are embedded between the layers of the boards:

    A notable exception was AWS’s data centers inside China, which were filled with Supermicro-built servers, according to two people with knowledge of AWS’s operations there. Mindful of the Elemental findings, Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered. In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips. That generation of chips was smaller than a sharpened pencil tip, the person says. (Amazon denies that AWS knew of servers found in China containing malicious chips.)

    So anyone having just the PCBoard fabbed in China is at risk now, too.

    Over the decades, the security of the supply chain became an article of faith despite repeated warnings by Western officials. A belief formed that China was unlikely to jeopardize its position as workshop to the world by letting its spies meddle in its factories. That left the decision about where to build commercial systems resting largely on where capacity was greatest and cheapest. “You end up with a classic Satan’s bargain,” one former U.S. official says. “You can have less supply than you want and guarantee it’s secure, or you can have the supply you need, but there will be risk. Every organization has accepted the second proposition.”

    And there is the problem. “Fast, Good, Cheap – pick any two” has not gone away, and folks with a bonus tied to financial returns always assure “cheap” is one of the two. Then time to market assures “fast” is the other one. “Good”, and that includes secure, gets the short end of the stick and then inside the “Good”, all other performance factors tend to get an advantage due to “competitive performance pressures” from the market.

    Things will stay that way until the end customer demands more security and will pay for it.

  43. philjourdan says:

    UDP (53) is used for DNS (unless the returned record is too large, then it switches to TCP). Be very careful about shutting off all UDP.

  44. E.M.Smith says:


    You probably already know this, but you can “cast” stuff from your phone / tablet to the Roku. I’ve done pictures, but I think video works too. (IIRC I did a YouTube once, but it was a while ago and a lot of water over the neurons since then.. or maybe it was whiskey ;-)

    I’ve not exploited it much, but it has promise in many ways. Essentially marrying a tablet to the Roku gives you an exponential expansion of capabilities. The whole internet becomes a TV feed along with your “disk” and anything you can mount to the tablet from your home network. Media server anyone? ;-)

    Just realize that the year or two it takes to pick through all the channels available becomes decades with all the other storage and internet options added in… Selectivity becomes critical. Know what you want before you go looking for something or first thing you know you will be watching Ukraine’s Got Talent in Ukrainian… (I’ve actually done that… 8-}

  45. E.M.Smith says:


    Oh yeah… I have a dedicated internal DMZ based DNS server… I allow UDP inside, and it gets special access to outside being in the DMZ… Things you do from habit having done it for decades and forget about the impacts on folks who don’t… My bad.

    It is UDP direct from inside to outside at the default GW that gets turned off.

    But you ought to have a DMZ for any outward facing services ( I have an internet proxy server there too) and you ought to have a dedicated internal DNS server and… ;-)

  46. ossqss says:

    Having watched the final episode of lost in space after who knows how many years now, I am sold on Roku! Oh the Pain!

  47. jim2 says:

    ossqss – re XBox One. Do you have XBox Live? What games do you like?

  48. jim2 says:

    Here’s an interesting bit of FUD. The Slashdot article is stressing because the EPA will now require any science used for regulations to publish data and methods. Oh, the PAIN!

  49. ossqss says:


    I do have Live, but primarily for my son. I have, however, been caught playing, Fallout, Watchdogs, Just Cause, and Halo ;-)

  50. Jon K says:

    What, no Rocket League? That’s what I play with my kids when I have time to get on for a few minutes.

  51. jim2 says:

    ossqss says:
    5 October 2018 at 4:33 pm

    I have an XBox 360. Started playing on it with my son way back when and we had a blast playing team Gears of War together. Also played some Call of Duty ones together. He left the house with his XBox so I had to buy one :)

    I like playing COD Ghost Team Death Match. A accomplished player gets high 20 kills per game and I get mid-10’s. Oh well, I’m old or something, but I try. He and I can still play together on XBox Live and do.

    I also have COD II. That is the realistic settings WWII one. And very hard on veteran setting.

  52. jim2 says:

    On the gaming front, there is one other one I really enjoyed called Portal. You have a gun that creates two different holes in objects, like walls and floors. One is the entrance and the other an exit. Let’s say you are standing on a platform. You can make an entrance hole on the floor and an exit high up on the wall. Then you jump in the hole in the floor and shoot out the wall. When you do this, you are seeing it as if you actually did it, so you are in motion. Sometimes you have to create holes literally on the fly. It’s a hoot and the puzzles are a lot of fun.

  53. jim2 says:

    Portal video:

  54. H.R. says:

    Here’s one under Computer Stuff,” so I guess it goes on this thread.

    I keep getting a helpful popup that says, “Speed up browsing by disabling add-ons.” The option is to click to go to the add-on list or use the X-in-the-corner to close the popup. There are no “Remind me later” or “Do not notify me again” options.

    I’ve always just hit the X and closed the popup, but a couple of weeks ago, I finally got annoyed enough to click to go to my add-on list. I got there and I have NO add-ons!

    I clicked done or whatever and exited. No luck, the popup keeps coming baaaaack every time I open a browser. (I use Bing once a day to check the news crawler and to look at the Picture Of The Day. I really like their selection of images. I use Firefox with Duck Duck Go for searches the rest of the time. The popup appears on both. I’m running Windoze 10, Classic mode as I don’t have a touch screen.)

    I don’t know where the “disable useless popups” application resides. I have made a half-assed effort to find where I can disable that popup, but with no luck. Does anyone know off the top of their head where I can turn that @#$! popup off?

  55. jim2 says:

    I turned off stuff like that by installing Linux :)

  56. H.R. says:

    That did it for me, jim2. 👍👍 Thanks!

    That link describes how to do it when you’re in the standard mode. The instructions were not applicable to the classic view. BUT… the link did get me headed to the right place as terms and labels used are the same for either view. I had been looking in the wrong places and for some odd reason, searching on ‘notifications’ on my computer didn’t get me to the same place that your link led me to. I was probably starting my searches from the wrong place.

    It turns out there are 3 toggles to turn off notifications, and I only had 2 of them toggled to ‘OFF.’ Toggling the last one to off seems to have done the trick.

    Thanks again.

  57. jim2 says:

    HR – HTH!

  58. Larry Ledwick says:

    Ooops Russian GRU accidently outed several hundred of their staff.

  59. Larry Ledwick says:

    This is an interesting move, by California, one of the few times I actually agree with something they have tried to do.
    Forcing manufactures to put strong unique passwords on routers or force the user to do so when first used.

  60. E.M.Smith says:


    Like all nice ideas, making it mandatory for too broad a reach breaks it:

    The range of devices that the law covers is incredibly broad: It’s any device that connects to the internet, directly or indirectly, and has an IP address or Bluetooth address.

    So this will be a PITA for support staff (unless a backdoor is included… that would defeat the purpose) as all those “how do I get in” can’t be answered with “hit reset and login as admin password “fubar”. It means there will be thousands of more support calls as folks toss the documentation and a year or two later forgot the password. It means all sorts of folks using things inside private isolated networks will need to keep a booklet of exotic passwords written down.

    One example: My 2 old WiFi Routers used for internal only and R&D station work only. What’s the password? Something simple to non-existent and a reset makes it “password”… I LIKE it that way.

    Then there’s the broadness of it. Your car with an internet download of maps? Now it will need a password. Think that’s going to work out well “going forward” when most folks have trouble just setting stations on their radio? What do you do when your car computer gets locked out because the password was forgotten? Just buy a new car? Or will the default after reset password be printed under the hood? (Great for car thieves)…

    Will every Raspberry Pi shipped with a WiFi dongle be required to have such a password? How do you install it? When I buy a clock that I intend to never connect to the internet but (for some silly reason) has that as an option – will I need a password to set the time? SD Cards contain a tiny 4 bit computer in them running a minimal Linux – if placed into a device that attaches to the internet will they, too, fall under this law and require a password? What about your camera? Your watch? Your picture frame for digital pictures? Your bluetooth headset? (They ‘indirectly’ connect to the internet…) Just watch the lawyers line up…

    I’m already in password overload just from various companies that demand I have an ‘account’, so despite it being horrible practice, I’ve started to keep a log file of site and passwords. (No, I do not let any browser save passwords…)

    Simply put, it is once again a “one size fits all” non-solution that removes choice and ability to customize from the consumer.

  61. Larry Ledwick says:

    Oh I agree with the problems you mention, I just like the intent of making people conscious of good security practices. Like you say the clueless will forget and just toss the device or will write down the password and stick it on the bottom of the modem, or there will have to be some complex reset (hold down shift cntl with caps lock and hit F1 F5 F9 3 times each in 10 seconds) forced reset method, or like in the old days take the bottom off and move jumper #3 to position #5 and then back.

    At least, unlike most of their legislative moves they are trying to accomplish something useful.

    Unfortunately human nature tends to work against that unless the individual is personally motivated.

  62. tom0mason says:

    So this guy has something to sell Brain Rehabilitation —

    Would be so nice if it works to improve society and prevent and rehabilitate criminals, etc. Hey it might even get the ulta-lefties to actually think about personal rights and responsibilities.

  63. LG says:

    They have no honour
    They lie.
    And the yellow stream media is conplicit.

    Nancy Pelosy on merchandising smear.

  64. ossqss says:

    Rule of thumb for passwords. 13 digits with alternate characters in specific locations and roll the last few characters in a sequence you can remember if you are forced to change them periodically. Segregate if needed by type with a consistent pattern. Nobody can hack a 13 character password with one alternate character in a few years. I use one base password with variants for different application access by type. The purpose is to keep it consolidated and easy to remember, but yet highly secure.

  65. E.M.Smith says:

    A simple sentence of length makes a stronger password than a letter salad and is much more memorable. Unfortunately, various sites have divergent requirements for character salad…
    “Really, let me in. Now!” Is a strong password; but then somebody demands a number and frequent changes and screws it up.

    Personally, I like using a digit for word sentence then. “Time 2 LET ME IN!! Now please” great until the demand to change it… and the three wrong lock out…

    I’ve used the variations trick. I had to go to writing them down anyway to avoid the lockouts on infrequently used sites. I change the base phrase a couple of times a year, so 13 months later trying to test which one of 12 it might be gets the lockout…

    There isn’t any ideal method… FWIW I once used keyboard patterns… like V up and down…


    Easy to remember start letter and pattern…

  66. Larry Ledwick says:

    I prefer pass phrases or variations on simple patterns but my backup is to use an encrypted password manager with a very very strong passphrase.

  67. ossqss says:

    I hear ya EM, but I have have many passwords that require modification every 45 days, and don’t let you use the last 10. Hence the rolling mod.

    A bit of a Roki update on my RF adaptation as it related to the HDMI/Component exclusivity. I purchased one of these items for convenience (instead of having to unplug the HDMI cord when the local TV was in use).

    It should be here Monday for testing. I am quite suprised the resolution from the modulated signal to 4 TV’s is very good (obviously not HD, but better than cable), with the exception of the oldest tv (really old tube tv) getting a humm from screen overlay graphics on a few news channels.

    I am sold on the Roku cable box solution. I just watched several episodes of (youtube) and the picture was great on the big Tv. In fact, I am buying the Roku Premier+ tonight (if it is online yet) as it just came available as a Wallyworld exclusive today. Heck the HDMI 2.0 cable that comes with it has to be worth 10 bucks, but how long is it?

    My next test will be using this at alternate locations/networks, neighbors, to see what changes. In particular with cable services. They cut me down when not on a home network with my mobile stuff. BTW, I am electing to go with the non stick versions due to signal and possible space issues on some locations. These non-stick things are tiny, but can be moved with a short HDMI cable attached (not so with a stick) to improve WiFi reception in some situations.

  68. E.M.Smith says:

    45 Days? GAK! Yeah, rotate the shields… systematic roll…

    On the Roku:

    Glad you like the results. I’ve liked mine enough to buy 3 of them…

    Can’t you plug the stick into an HDMI cable? It’s just an HDMI plug, so a plug to socket extender cable ought to work… if anyone makes one. FWIW, I’ve got 2 sticks and one not. Not seen much difference between them.

    Yup, they exist. $6:

    Looks like you can go several hundred feet with active stuff:

    $43 for 50 meters.

    AV Access 165ft HDMI Extender Over Single Cat5e/6a/7 Ethernet Cable,with IR Control,Support 1080P 60Hz, ESD Protection,Mounting Ear

    【FullHD 1080p60Hz】This HDMI extender supports uncompressed signal up to 50meters Using Cat5e/Cat6/Cat7/RJ45 Cable with a Lossless Transmission. Picture’s quality reset button allows You to adjust Picture’s quality to Match Cat Cable Length, which gives you a Great Picture.

    【IR Function Supported】With built-in Wideband IR Control, Easy Control a DVD player or other HDMI Video Sources from the Monitor.【EQ button】 If can not get video signal, simply press the EQ button on the front and the extender will automatically detect the cable for suitable channels.

    【Ultra slim】Extender Dimension:12.6*1.7*5.4 CM. Compact Design make it Easily installed on the back of Television;Threaded Power Port can Tightly Lock the DC Power Plug and All Interfaces are in one side for Simply Installation.

    【High Reliability】Built-in Surge/Lightning Protection;Superior ESD(Electro-Static Discharge) Protection: +/- 8KV(Air-gap discharge ) +/- 4KV(contact discharge ),which can offer Preventing Lightning Strikes.No Driver Needed, Plug and Play,Which Makes the Extender Durable.

    【High Compatibility】This HDMI extender Can Do a Really Good Job with your PC,PS3/PS4,DVD Player,Satellite Box,Cable Box,Android Box etc;Ideal for Digital Signage,HomeTheater,Boardrooms,Workshop,Seminar,Classrooms,Conference,Gaming,Video Production etc. 1-Year Warranty, and easy-to-reach friendly customer service (AV Access) .

    Don’t know exactly what I’d do with one… maybe if I had a TV far far away and no WiFi to it?

    BTW, you can chop off all the stuff after the item id letters “B00QV3THB8” in this case, as it is mostly stuff that identifies the search used or platform or similar stuff that will be different for another person. So your link would become

    The Roku with an optical remote is a little more picky about pointing the remote at it (or at least in the general direction) while the RF remote seemed to have trouble in a friends apartment (where there were lots of competing WiFi and such signals).

    In all cases my TVs have a USB port so I just plug the power into that. Turn on the TV it turns on the Roku…

  69. E.M.Smith says:


    Just go around to watching that Pelosi link. OMG, she flat out says demonize with falsehoods and get the press to report it to validate it.

    I tried to save the video but whatever that site is, the tool I usually use said it doesn’t support saving from them. Oh Well, I’m sure it’s going to be saved somewhere…

  70. LG says:

    @ E.M.Smith:
    Multiple Youtube clips of Pelosi’s ‘wrap-up smear’.

    It may be easier to archive from any of those links.

  71. Larry Ledwick says:

    Here is the twitter link:

    For those that think the left is engaging in “good faith” protest, they are clearly not.
    It is all malicious spin – in their own words, a tactic – a propaganda sales job trying to sell a bogus reality.

    Anyone to takes a Democratic smear seriously is a fool, falling for the con man’s pitch.

  72. Pouncer says:

    For Larry Ledwig, on text to speech — is there a site that does the reverse, and captures a YouTube or other video lecture and converts the speech into text? Not just closed caption, but ignores the images and presents a string of words, sentences, and paragraphs?

    I can read about 600 words a minute but most speech is around three times slower. I would very much like to enjoy thinking about a ten minute read for 20 minutes than invest a half hour trying to gather a point …

  73. E.M.Smith says:

    @H.R. & Larry:

    Thanks! Nancy and the Wrap Up Smear now preserved forever as an MP4 somewhere in cyberspace ;-)

  74. E.M.Smith says:


    I don’t know about any of them, but a web search turns up many:

    Check in a a deaf help center and they will likely know what ones work.

  75. Larry Ledwick says:

    Related to the wrap around smear idea we have this medial reported confirming that some of the viral moments were in fact stage managed by paid protesters just as President Trump asserted.

  76. Larry Ledwick says:

    From twitter the originator of the “walk away” movement is re-releasing his video

    Brandon Straka (The Unsilent Minority)

    I am re-releasing the #WalkAway video that launched the campaign. Please share far and wide for all who haven’t yet seen it. It’s an important message for all to hear going into midterms.

    Walk Away video youtube

  77. ossqss says:

    @EM, the switch was simply to keep the HDMI from connecting to a TV when it was turned on, till it was desired. Push button on/off is easier for the others involved. The new Roku + item hit the store today. We shall see!

  78. E.M.Smith says:


    I’d “missed it” but there’s an important point the articles miss:

    There is a world of difference between buying some boards and using them in a critical place; and then more difference be them being in use and it being an effective “hack”.

    One must watch carefully for subtle differences of meaning being blurred into a “story”.

    I have no doubt Apple bought Supermicro boards that were infested with the judas chips.
    I have no doubt Apple powered them up and they may even have been put into limited service in a Siri location.

    None of that is “being hacked”.

    The chips needed a way to Phone Home to work. Were I designing Siri, I’d have set the system up in such a way that that could not happen and any attempt would be discovered when it happened.

    I believe that is exactly what Apple did. Remember that they discovered the chips and took action on them, including canceling a large order (after given the OK by the Feds who were tracing things back up stream). That’s hardly being “hacked”. That’s setting a counter trap.

    So the news papers want a confused story that leads folks to think everything from Apple internal finances to iTunes downloads to Apple Store and Apple Pay were infiltrated by Chinese hackers and information stolen. The reality looks to me to be more like ONE system, Siri, was at risk, and even there the layered protection caught the risk very early on; likely before the first system went live. Then Apple called the FBI and folks pretended nothing bad was happening while the FBI (and other TLAs) went off to follow packets and crawl upstream into the logistics stream. SOP.

    I don’t for a minute think Apple lost one byte of information. They were very sharp folks when I left there and I’ve seen no evidence they’ve gotten sloppy since. As Siri was still under a lot of development at the time (preparing for the big data center full of SuperMicro boards) it is pretty much given that the group I was in (Advanced Technology Group) was involved and had the systems on sniffers as they tested their functions prior to installation making sure things were performing as expected for high loads. Then their IDS / IPS lit up on some strange packets and the rest is as in the news. I’d give that scenario very high odds of being what happened.

    In the labs and on the desks of ATG engineers it was common to see new products as a semi-assembled mass of boards and wires spread out with all sorts of electronic monitoring and testing gear plugged into test points and networks. It is very hard to get through that and keep something secret… That’s why I emphasize wanting to use boards for my personal use that go to the hands of real hardware guys ( the real “hackers” as opposed to the system “crackers” that are called hackers in popular use) building systems and installing a new port of an OS. They find this kind of stuff.

  79. Larry Ledwick says:

    President just officially demanded the FBI investigate snooping on his campaign.
    Now we know why Rosenstein had a talk with Trump on the plane during this last flight.

  80. E.M.Smith says:

    I wonder if Trump collected some leverage on Rosenstein and in the “talk” gave him a choice of “with me or against me” and Rosenstein chose wisely…

  81. E.M.Smith says:

    Reading between the lines of that Fox article it sure looks like Trump is starting the counter investigation into the Deep State actors. Then the loud squealing about protecting “sources” from the Democrat Operative side sure smells like he’s on target.

    Looks to me like there’s going to be interesting news headlines just before election day ;-)

  82. ossqss says:

    @EM, don’t forget the value of his knowledge moving forward once onboard.

  83. LG says:

    @ E.M. Smith,
    @sundance of CTH, has been conducting a thorough analysis of all
    things SPYGATE in his blogs.
    Collection of links in reverse chronology.

    The players:



  84. Larry Ledwick says:

    Another article on compromised Chinese manufactured hardware that gives a bit more info. In this case they found an Ethernet network interface that appeared on the network to be two devices, but since both identified as being on the same server it could pass through the fire walls as trusted traffic.

    The other interesting thought that came to mind while reading this is all this publicity is aimed at supermicro – what if this is a targeted attack to take down the stock prices of that company?

    Given the strangle hold the Chinese have on component manufacturing it would be very reasonable to assume others have the same sort of problems (Huawei, Juniper networks ) etc. have already been identified as untrustworthy or compromised)

  85. Larry Ledwick says:

    Looks like the Bloomberg hardware hack story is getting some push back. Question is this just hand waving to confuse the issue, legitimate nit picking on details of the story, of trying to maintain cover for enforcement and investigation steps.

    Given all the known cases of hardware hacks on things like thumb drives discussed in the past, we know for a fact such efforts have been an on going effort for many years, should be no surprise that someone actually managed to sneak a hardware hack through the system.

  86. E.M.Smith says:


    We have:

    “In the situation Bloomberg describes, the so-called compromised servers were allegedly making outbound connections. Apple’s proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity. Nothing was ever found.”

    My presumption was based on that “security tools” kit having caught something in time, and no foul happened then they punted to the Feds.

    This assertion is “nothing happened”.

    2 choices:

    1) It happened and is being denied to let the sting play out. Very Plausible.

    2) Story is wrong. Also very plausible.

    No way to choose absent more evidence.

    What I’m happy about: The Apple statement confirms their IDS / IPS is looking for that stuff. Just what I’d expect (and what I’d do…) . Unknown bit: This was directed at Siri and was pre-production in discovery. It is possible the Engineers caught it and that it never reached legal or IS&T Production… We did a LOT of stuff in ATG that never got communicated to legal or IS&T… I never told them about our Russian Hacker or the bounce off us to the Mil site in Hawaii..

    So I’d add the 3rd choice of “It happened, only a few folks know”… and it’s most likely IMHO.

  87. Larry Ledwick says:

    Well at least the new administration is giving lip service to protective measures against EMP and GMD effects on the power grid. It will of course depend on if this is just a dog and pony show or if they actually plan on taking specific concrete steps but it at least raises the issue to public discussion.

  88. jim2 says:

    If you didn’t explore the Mouser site, there is a lot of good stuff there. Here is a table of open source boards with a list of attributes. Expand it to the right as it opens in a narrow view that doesn’t display all the copious information.

  89. LG says:

    In other news,
    DOJ put on a big show about more industrial espionage against China.

    A Chinese Ministry of State Security (MSS) operative, Yanjun Xu, aka Qu Hui, aka Zhang Hui, has been arrested and charged with conspiring and attempting to commit economic espionage and steal trade secrets from multiple U.S. aviation and aerospace companies. Xu was extradited [from Belgium] to the United States yesterday.

    “Innovation in aviation has been a hallmark of life and industry in the United States since the Wright brothers first designed gliders in Dayton more than a century ago,” said U.S. Attorney Glassman. “U.S. aerospace companies invest decades of time and billions of dollars in research. This is the American way. In contrast, according to the indictment, a Chinese intelligence officer tried to acquire that same, hard-earned innovation through theft. This case shows that federal law enforcement authorities can not only detect and disrupt such espionage, but can also catch its perpetrators. The defendant will now face trial in federal court in Cincinnati.”

    “This unprecedented extradition of a Chinese intelligence officer exposes the Chinese government’s direct oversight of economic espionage against the United States,” said Assistant Director Priestap.

    Yanjun Xu is a Deputy Division Director with the MSS’s Jiangsu State Security Department, Sixth Bureau. The MSS is the intelligence and security agency for China and is responsible for counter-intelligence, foreign intelligence and political security. MSS has broad powers in China to conduct espionage both domestically and abroad.

    Xu was arrested in Belgium on April 1, pursuant to a federal complaint, and then indicted by a federal grand jury in the Southern District of Ohio. The government unsealed the charges today, following his extradition to the United States. The four-count indictment charges Xu with conspiring and attempting to commit economic espionage and theft of trade secrets.

  90. Larry Ledwick says:

    I stumbled across a new online news source focused on the middle eastern countries.

    It proports to be a “trusted” news source, at first blush it does not have a rabid agenda I can pin down so it may in fact be what it claims (or it could be very well done spin control for someone – will have to watch it for a while to see.

    Like the old Al Jezera it appears to have deep connections and good sources (in fact it may be an Al Jezera 2 )

    Example features: (this is the feature that led me to them)

  91. E.M.Smith says:

    Had I world enough and time,,,,
    ohers need to do the dig here… all I can do ATM is offer praise to the diggers,,,

  92. ossqss says:

    Always wondered if mobile browser youtubes would populate?

  93. E.M.Smith says:


    Well, I finally got the time to read that very long article in your link. There’s something good can come form a round of insomnia ;-) Wow is all I can say.

    Lays out all the whos hows and whens. You can really see how the web worked.

  94. LG says:

    Of biogeochemical dynamics and Climate


    In a study published today in Nature Climate Change, lead author William Riley demonstrates how to improve climate models to more accurately represent land biogeochemical dynamics. Using a new global land model they developed and integrated in DOE’s Energy Exascale Earth System Model (E3SM), Riley and his team found that plants can uptake more carbon dioxide and soils lose less nitrous oxide than previously thought. Their global simulations imply weaker terrestrial ecosystem feedbacks with the atmosphere than current models predict.

    The new Berkeley Lab study found that by not properly accounting for what plants do at night and during the non-growing season, climate models may be underestimating the terrestrial carbon sink and overestimating nitrous oxide release, the latter by 2.4 gigatons of CO2-equivalent per year. “This number is substantial compared to the current terrestrial carbon sink,” Riley said, anywhere from roughly one-quarter to more than 100 percent, depending on the year.


    In this study, Berkeley Lab researcher Qing Zhu, a co-author of the paper, conducted a meta-analysis of 120 experiments of short-term nitrogen uptake by plants to test their new global land model, named ELMv1. “We also compared observations of nutrient uptake at nighttime versus daytime and across non-growing seasons,” Riley said. “We’re pretty confident that the basic mechanisms in the model are correct and this meta-analysis and individual site observations back that up.”
    They found that a significant portion of nutrient uptake takes place in the absence of photosynthesis as plants and microbes compete for nutrients. “The amounts vary a lot by latitude, but in the higher latitudes, such as the Arctic, roughly 20 percent of plants’ annual nitrogen uptake occurs outside the growing season. That goes up to 55 percent for nighttime uptake in the tropics,” he said. “That’s a huge deal for plants and will facilitate atmospheric carbon uptake, and it’s currently completely ignored in most climate models.”

  95. LG says:

    Dan Bongino interviews George Papdopoulos.
    An eye opener.

  96. Pingback: Tips & Notices – November 2018 | Musings from the Chiefio

Comments are closed.