Author Topic: Test Equipment Anonymous (TEA) group therapy thread  (Read 14549422 times)

TERRA Operative, SashPlane, Gertjan, Wolfgang, MVSantos and 21 Guests are viewing this topic.

Offline Carl_Smith

  • Frequent Contributor
  • **
  • Posts: 288
  • Country: us
    • MegaMicroWatt - Carl Smith's Blog
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12575 on: June 30, 2018, 03:35:44 am »



Just remember that these little guys are for where you need a soft touch... a few ounces of pressure is all they produce. Not like the $4 plastic Bucket o' Clamps from Horror Fraught that clamp tight enough to break themselves.

These clips are also a good emergency source of 100mm-150mm pieces of spring steel wire when you need to fabri-cobble something together real quick.

mnem
*Clip-ily*

Ha.  I have one of those "tube of clamps" but I think mine came from Menard's, our local Midwest US home improvement store.  I think there's only two left in the tube.  It's like these things have a radioactive half-life.  Every time I needed to use some, I found that some had exploded in the tube. They can't take the pressure of their own springs and eventually pop themselves apart.  I started putting together good clamps from the good halves of the exploded ones, but most of those have self destructed as well.  Guess I shouldn't complain though, I probably got them free with one of Menard's rebates.

 

Offline mnementh

  • Super Contributor
  • ***
  • Posts: 17541
  • Country: us
  • *Hiding in the Dwagon-Cave*
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12576 on: June 30, 2018, 04:28:41 am »
Yeah...

these used to be one of Harbor Frigg-it's loss leaders; back in the day they were actually 'glas-filled nylon, and you got a plastic bucket of them the size of a coffee can (and a few of the bigger 4-5" clamps in there) for $7.99 or $4.99 every few weeks when they had a parking lot sale. Last few years they've been these horrid little things... I just put the metal bits in the bolt bin when they explode and throw the rest away.


mnem
*Toddling off to ded*
alt-codes work here:  alt-0128 = €  alt-156 = £  alt-0216 = Ø  alt-225 = ß  alt-230 = µ  alt-234 = Ω  alt-236 = ∞  alt-248 = °
 

Offline Specmaster

  • Super Contributor
  • ***
  • Posts: 14483
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12577 on: June 30, 2018, 07:53:19 am »
@bd139
I assume that you purchased this via Amazon? if so will you be leaving a feedback and mini review for them as so far no one else has bothered to do so  :wtf:

I think the clue as to why they are so good is in the description "Metcal PS-900 Production Soldering System" it is designed for use in an industrial setting rather then the home in the hands of the average hobbyist, but then you do more than your share of production prototypes in pursuit of your goal.

Looked at the price and I can get quite a few T12's for that much, or as I did recently, a really cracking 200MHz combiscope that performs and looks like it has just been taken out of its box for the first time. That should last you a lifetime I reckon, so I guess that you'll eventually get a round to building the T12 up from its kit and keeping that as  back up should the unthinkable happen with the Metal?  :-+
Who let Murphy in?

Brymen-Fluke-HP-Thurlby-Thander-Tek-Extech-Black Star-GW-Avo-Kyoritsu-Amprobe-ITT-Robin-TTi
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12578 on: June 30, 2018, 08:06:42 am »
Was cheaper on RS than Amazon. My Weller iron retails at more than the Metcal does at the moment.  :scared:

Honestly the Weller paid for itself over and over again with repair returns etc. Metcal does that plus the forward engineering stuff better.

If it blows up, RS will sort it. They replaced a 3 year old BNC cable the other week after a "well I could always start shopping at Farnell" speech :-DD
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12579 on: June 30, 2018, 08:50:09 am »
eBay scammer is back this morning.

Going to add some rules to my scripts to skip hacked sellers. The same images appear so will take SHA256 of some sample item images and then add any sellers who that appears on to my seller shitlist. Not going to bother reporting. Joy to pipelining as I can just add another step here.

Hopefully their image encoder is deterministic and idempotent.
 

Offline BillB

  • Supporter
  • ****
  • Posts: 615
  • Country: us
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12580 on: June 30, 2018, 11:17:31 am »
eBay scammer is back this morning.  ...

Last night I was perusing eBay and stumbled upon a small volume seller of apparently eclectic overstock items.  He had just listed a bunch of things including a new(open box, other) bench meter with 1 more digit of precision than what I already have at a very good price.  He only had 1 stock image (used from another auction I'm sure) and a bit of description also copied I'm sure. 

I immediately smelled a scam, and decided to message the seller to ask if he had real pictures of the item for sale, not expecting a reply.  But, a little while later I got back 4 pictures of a new looking meter in a beat up box!  :D

After partially convincing the wife that the extra 9 at the end of the string of 9's is important, and with a 15% ebay coupon I decided to buy it.  If this is a scam, it's a very good one, but I guess its worth a little time to find out.  :-//
       
 

Offline Specmaster

  • Super Contributor
  • ***
  • Posts: 14483
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12581 on: June 30, 2018, 11:43:01 am »
eBay scammer is back this morning.  ...

Last night I was perusing eBay and stumbled upon a small volume seller of apparently eclectic overstock items.  He had just listed a bunch of things including a new(open box, other) bench meter with 1 more digit of precision than what I already have at a very good price.  He only had 1 stock image (used from another auction I'm sure) and a bit of description also copied I'm sure. 

I immediately smelled a scam, and decided to message the seller to ask if he had real pictures of the item for sale, not expecting a reply.  But, a little while later I got back 4 pictures of a new looking meter in a beat up box!  :D

After partially convincing the wife that the extra 9 at the end of the string of 9's is important, and with a 15% ebay coupon I decided to buy it.  If this is a scam, it's a very good one, but I guess its worth a little time to find out.  :-//
       
Yeah, your protected by Ebay if its a scam. I wonder how long it will be before they remove protection if scams increase. They need to up their efforts to prevent scammers getting on Ebay in the first place.

From mobile device so predictive text might have struck again [emoji83]

Who let Murphy in?

Brymen-Fluke-HP-Thurlby-Thander-Tek-Extech-Black Star-GW-Avo-Kyoritsu-Amprobe-ITT-Robin-TTi
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12582 on: June 30, 2018, 12:45:22 pm »
To be fair they're pretty good now. They could easily force 2FA on paypal and ebay accounts though. That would kill all the hacked accounts dead.
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12583 on: June 30, 2018, 01:20:42 pm »
eBay scammer is back this morning.

Going to add some rules to my scripts to skip hacked sellers. The same images appear so will take SHA256 of some sample item images and then add any sellers who that appears on to my seller shitlist. Not going to bother reporting. Joy to pipelining as I can just add another step here.

Hopefully their image encoder is deterministic and idempotent.

I forget to look for him. I meant to check for him early to get the reporting out of the way and clean up the world to avoid TEA false positives. That's what really gets me: "Ooo? Shiny! Cheap! Oh damn, him again." Just looked now and no sign of him, so someone else must have knobbled him early.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 19280
  • Country: gb
  • Numbers, not adjectives
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12584 on: June 30, 2018, 01:26:36 pm »
To be fair they're pretty good now. They could easily force 2FA on paypal and ebay accounts though. That would kill all the hacked accounts dead.

Er, no. It would make it more difficult, though.

"Identity" is a known "hard problem". See the governments repeated attempts to introduce identity manangement - when you look at the details the "how it fails" use cases multiply and the "can be used for" cases diminish. It reminds me of the old adage, "If you think encryption will solve your problem, you don't understand encryption ans you don't understand your problem".

The credit card industry doesn't even try to authenticate identity - it, very sensibly, authenticates transactions.
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Offline BillB

  • Supporter
  • ****
  • Posts: 615
  • Country: us
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12585 on: June 30, 2018, 02:09:21 pm »
To be fair they're pretty good now. They could easily force 2FA on paypal and ebay accounts though. That would kill all the hacked accounts dead.

Er, no. It would make it more difficult, though.
...

I see the trend of many commercial and govt entities using 2FA, though.  It would be more of a PITA for the user base, but requiring an authenticator app/code challenge should certainly lower the number of stupid user password hacks, shouldn't it?
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12586 on: June 30, 2018, 02:12:06 pm »
To be fair they're pretty good now. They could easily force 2FA on paypal and ebay accounts though. That would kill all the hacked accounts dead.

Er, no. It would make it more difficult, though.

"Identity" is a known "hard problem". See the governments repeated attempts to introduce identity manangement - when you look at the details the "how it fails" use cases multiply and the "can be used for" cases diminish. It reminds me of the old adage, "If you think encryption will solve your problem, you don't understand encryption ans you don't understand your problem".

The credit card industry doesn't even try to authenticate identity - it, very sensibly, authenticates transactions.

If they forced 2FA (I should say MFA) and reauthentication before listing it covers both scenarios in this case. As long as one factor is physical ie a security token then that stops non possessors using intangible secrets which have been obtained or are shared. This leaves the rubber hose as the only remaining vector which you can’t defend against.

Credit cards are completely different. And also wonky as fuck in the authentication side of things. On front office / POS, identity is number one. It’s very difficult which is why there’s a lot of assurance cycles burned up front followed by risk management followed by protection of identity when you have managed to develop a comprehensive profile. Do I want to sell a plan to Bob. Is Bob actually Bob? Is it the same Bob as the other 76 Bobs we have? Identity management is my bread and butter for ref.

There’s no encryption used at a conceptual level here; only in typical token auth scenarios.

Tl;dr: if they have a physical TOTP/HMAC token or less good an app, then it forces them to provide one more bit of information before doing something potentially fraudulently using something an attacker doesn’t have possession of.

To be fair they're pretty good now. They could easily force 2FA on paypal and ebay accounts though. That would kill all the hacked accounts dead.

Er, no. It would make it more difficult, though.
...

I see the trend of many commercial and govt entities using 2FA, though.  It would be more of a PITA for the user base, but requiring an authenticator app/code challenge should certainly lower the number of stupid user password hacks, shouldn't it?

It does. It’s good enough to kill nearly all of these class of attacks dead in the water.

Edit: also it’s good enough to shift liability away from the technology provider. “Well you entered the token value. Were you in possession of the token? Oh no? We can’t help you then”
« Last Edit: June 30, 2018, 02:13:50 pm by bd139 »
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12587 on: June 30, 2018, 02:13:49 pm »
Well the issue isn't absolute identity, it's relative identity i.e. "Is this the same person that opened this account", which is a much simpler problem. The government's identity problem exists because they are fixated with absolute identity instead of just authenticating entitlement/authority (e.g. using driving licences as a proxy form of personal identification instead of just using them to authenticate that someone is actually qualified to drive). Ninety-nine times out of a hundred in practical situations one doesn't need to actual establish an individual's actual identity, just "is this the guy who paid" or "is this the bloke who left this here" and so on.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12588 on: June 30, 2018, 02:14:41 pm »
Government uses identity heavily already as well. HMRC for example. And they use 2FA! (Via sms)

Edit: also passport office, DVLA etc.

Gov needs one data source which is the problem. Gov.uk SSO was getting there. They hired one of the guys I fired about a decade ago amusingly.
« Last Edit: June 30, 2018, 02:17:26 pm by bd139 »
 

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 19280
  • Country: gb
  • Numbers, not adjectives
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12589 on: June 30, 2018, 02:51:19 pm »
To be fair they're pretty good now. They could easily force 2FA on paypal and ebay accounts though. That would kill all the hacked accounts dead.

Er, no. It would make it more difficult, though.
...

I see the trend of many commercial and govt entities using 2FA, though.  It would be more of a PITA for the user base, but requiring an authenticator app/code challenge should certainly lower the number of stupid user password hacks, shouldn't it?

It will introduce new forms of attack, e.g. via unprotected SS7 traffic for SMSs etc.
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12590 on: June 30, 2018, 02:58:48 pm »
SS7 is a shit. Need to turn off 2G and 3G networks. Diameter on 4g isn’t much better by option as no one bothers with IPSec. Total shit show. Instagram is more secure.

Hence TOTP/HMAC app.
 

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 19280
  • Country: gb
  • Numbers, not adjectives
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12591 on: June 30, 2018, 03:02:10 pm »
Edit: also it’s good enough to shift liability away from the technology provider. “Well you entered the token value. Were you in possession of the token? Oh no? We can’t help you then”

Ha! You beat me to it.

Of course that is the reason passwords and PINs are there as well!

Never forget the infamous Halifax and Munden (sp?) case. Ex-policeman objected to phantom withdrawals from Halifax account, they prosecuted him for fraud and he went to jail. The essence of the case was that the (infallible) Halifax records showed he had entered the PIN. Years later it was found to be an inside job.

No doubt there will be a lot of half-baked thoughts about identity. If you want much  less half-baked reasoning, then read comp.risks. That is low volume, high SNR, and has been going for 30 years. It always makes fascinating reading about how things don't work - both obviously and subtly. It is the only newsgroup that I reckon all IT and engineering professionals should read.

I read it via the original distribution mechanism, usenet. The archives are available at http://catless.ncl.ac.uk/Risks/ as is a RSS feed.
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12592 on: June 30, 2018, 03:08:55 pm »
A quick heads up: Anybody in the UK who has been getting Metcal envy the last day or two, https://www.ebay.co.uk/itm/oki-metcal-ps-900-soldering-iron-stand/173387210284 - used PS900 outfit, £100 buy it now.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 19280
  • Country: gb
  • Numbers, not adjectives
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12593 on: June 30, 2018, 03:09:30 pm »
SS7 is a shit. Need to turn off 2G and 3G networks. Diameter on 4g isn’t much better by option as no one bothers with IPSec. Total shit show. Instagram is more secure.

Hence TOTP/HMAC app.

That's a simplification, of course :)

If you've ever seen a diagram trying to represent all the interconnected systems in a telco, you would start gibbering. There is a whole sub-industry devoted to allowing telecos to interconnect X with Y by introducing a new proprietary "shim" layer.

I'm sure the finance industry is just the same.
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12594 on: June 30, 2018, 03:19:32 pm »
A quick heads up: Anybody in the UK who has been getting Metcal envy the last day or two, https://www.ebay.co.uk/itm/oki-metcal-ps-900-soldering-iron-stand/173387210284 - used PS900 outfit, £100 buy it now.

Not a bad price. I did see that and thought I’d buy a nice shiny untouched one :D

SS7 is a shit. Need to turn off 2G and 3G networks. Diameter on 4g isn’t much better by option as no one bothers with IPSec. Total shit show. Instagram is more secure.

Hence TOTP/HMAC app.

That's a simplification, of course :)

If you've ever seen a diagram trying to represent all the interconnected systems in a telco, you would start gibbering. There is a whole sub-industry devoted to allowing telecos to interconnect X with Y by introducing a new proprietary "shim" layer.

I'm sure the finance industry is just the same.

Telcos are a nightmare. I am in regular contact with someone who has to fight off the state level entities constantly attacking their core infrastructure. Billing is where telcos go to hell. That’s a tangled web of crazy.

As for finance, going back to 2000ish that was true but bear in mind we are heavily risk managed now after numerous high publicity “events”, things are in pretty good shape across the board. If you look at the backers you will find 1/5th of the staffing these days are security/audit/architecture. Everything is highly modular and carefully decoupled and there are API and integration standards. Plus stuff like Xignite. Most shims you see are aggregators that provide insight or info on other data sources.
« Last Edit: June 30, 2018, 03:21:51 pm by bd139 »
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12595 on: June 30, 2018, 03:23:04 pm »
If you want much  less half-baked reasoning, then read comp.risks. That is low volume, high SNR, and has been going for 30 years.

I'm having one of my "where did the time go?" moments. I used to be a regular contributor to comp.risks (and cypherpunks) when it had been going for a few years, 6 or 7, which seemed long established at the time. Those were the days, you could have open, public discussions on Usenet with luminaries like Whitfield Diffie and Bruce Schneier without getting drowned out by noise. Sigh...
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Online tggzzz

  • Super Contributor
  • ***
  • Posts: 19280
  • Country: gb
  • Numbers, not adjectives
    • Having fun doing more, with less
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12596 on: June 30, 2018, 03:29:58 pm »
If you want much  less half-baked reasoning, then read comp.risks. That is low volume, high SNR, and has been going for 30 years.

I'm having one of my "where did the time go?" moments. I used to be a regular contributor to comp.risks (and cypherpunks) when it had been going for a few years, 6 or 7, which seemed long established at the time. Those were the days, you could have open, public discussions on Usenet with luminaries like Whitfield Diffie and Bruce Schneier without getting drowned out by noise. Sigh...

comp.risks is still excellent, and Schneier still contributes. Can't remember when Diffie last contributed. Ross Anderson occasionally contributes.
There are lies, damned lies, statistics - and ADC/DAC specs.
Glider pilot's aphorism: "there is no substitute for span". Retort: "There is a substitute: skill+imagination. But you can buy span".
Having fun doing more, with less
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12597 on: June 30, 2018, 03:36:54 pm »
If you've ever seen a diagram trying to represent all the interconnected systems in a telco, you would start gibbering.

I used to have a small Ericsson switch operating as an International/Carrier Preselection/VOIP gateway amongst the mixed misch-mash of things that I had to manage after my ISP had acquired three others and a small voice operator over a two year period. I used to drink, a lot.

Telcos are a nightmare. I am in regular contact with someone who has to fight off the state level entities constantly attacking their core infrastructure. Billing is where telcos go to hell. That’s a tangled web of crazy.

Fortunately back in the days I was doing this, the spooks hadn't yet cottoned on to how useful to them the Internet would be.

You are so right about telco billing. I just cannot understand why they find it so hard to go from a bunch of CDRs (call detail records) to accurate bills. Back in the day I seriously gave some though to going into the Telco Billing Software business because I knew a dozen people who would bite my hand off to get hold of a decent billing package.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12598 on: June 30, 2018, 03:43:06 pm »
Some of the telcos worked out just not to bill people like that. Giffgaff etc. CDRs are subtractive from a standing amount and that’s it. Want itemised? Forget it. Oh what, millions saved! :)

The analog in the finance sector is commission management. That’s a world of hell. Usually held together with some VB written by a burned out crack addict.
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Test Equipment Anonymous (TEA) group therapy thread
« Reply #12599 on: June 30, 2018, 03:43:46 pm »
If you want much  less half-baked reasoning, then read comp.risks. That is low volume, high SNR, and has been going for 30 years.

I'm having one of my "where did the time go?" moments. I used to be a regular contributor to comp.risks (and cypherpunks) when it had been going for a few years, 6 or 7, which seemed long established at the time. Those were the days, you could have open, public discussions on Usenet with luminaries like Whitfield Diffie and Bruce Schneier without getting drowned out by noise. Sigh...

comp.risks is still excellent, and Schneier still contributes. Can't remember when Diffie last contributed. Ross Anderson occasionally contributes.

I'm on occasional drinking terms with Ross and some members of his team(s), I bought Whitfield his first ever pint of Fuller's ESB a few years back and sadly Bruce and I have only been the same room long enough for me to just have time to stop him, shake his hand and introduce myself for the first time about twenty years after we first corresponded.

Anybody got a syringe I can use to squeeze the magic smoke back into this?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf