Test Equipment Anonymous (TEA) group therapy thread

[bd139]

The only way to combat this scenario, that I have seen used in practice, was figured out in the 1970s in Multics. You attach security labels to all your files, you attach security labels to all your terminals, someone who logs into one of those terminals gets their security labels (and of processes they run) downgraded to those of the terminal. Try and display a 'secret' document on a 'restricted' terminal - system stops you (and logs it). If you have 'secret' graded terminals you put them in a room with an ugly, uncompromising guard outside who relieves you of any cameras, notebooks etc. and strip searches you on the way out to check that you haven't found a way to write the recipe for Kentucky Fried Chicken down the inside of your thigh.

Security is, first and foremost, a people problem and always will be; attempts to solve it with just computer technology will fail. Encryption is only ever good for ensuring that stuff is secure when it's being transported through, or stored in, somewhere that isn't secure. Proper 'secret' level security is always expensive.

Yep spot on. I built a DMS years ago based on that principle but with some extensions for time-windowing access, working groups and better auditing

Multics also had all those, and more. Multics is still worthy of study for hints of how to do things from a security perspective now (53 years after its first delivery). It was designed as a computing utility (utility in the sense of the electric company et al) in the days when people only foresaw large centralised computer systems. As such it was designed to be used by mutually distrustful groups, and to achieve military grades of security - it was the first system to get Orange Book B2 accreditation. It had many worthy and well thought out features (like a system security administrator role account that couldn't do anything except run the security tools). Starting point for finding more: https://multicians.org/security.html.

Interesting. My knowledge of Multics is minimal past it being thoroughly dead. But it's the ideas that are important. Will go and read.

I'm trying to nail down a copy of "The ARPANET Sourcebook" at the moment which is the current historical study activity.

Whoops!    The whole recent tendency to throw whole big third party subsystems (e.g. Tomcat) into products is just asking for trouble.

Yes agree there. That is one thing that attracts me to Go as an ecosystem. Apart from the built in memory management, concurrency primitives, channels and history of clue behind it, it's just one cohesive lump you have to deal with. It always generates a single platform native binary and you don't have to pull any 3rd party dependencies in at all. So many nasty issues like that avoided.

It just needs a kernel and userland.... 

[Specmaster]

So one of my Fluke 8800A's needs a minor repair. The 200mV/200 ohm range LED is intermittent. Sometimes comes on, sometimes doesn't, and even sometimes randomly flashes. So today I figured I'd pull it apart and see what's up.

Wouldn't you know it. The manual that I have is complete EXCEPT for the schematic of the display panel.  So off to Artek Manuals and pay the $8 USD for a download. At least I know it will be a good copy and complete. But they "lock down" their PDF's and you can't copy/paste pages or portions of pages and drop into a separate file. Oh well.     

Perhaps this can help you:

https://www.wikihow.com/Unlock-a-Secure-PDF-File

You can also get very usable results using the snipping tool to screencap directly from your .pdf viewer.

mnem
 

Where does one find this alleged snipping tool? 

Edit, Artek Manuals responded and gave me the download link within 20 minutes of placing the order. Can't ask for better service than that. 

Some of those schematic companies tell you not to post it on the internet, or to give a copy to anyone because they claim that they have encoded the files with a unique code that even when printed, can still identify you as the leaker of the file. 

[bd139]

Some of those schematic companies tell you not to post it on the internet, or to give a copy to anyone because they claim that they have encoded the files with a unique code that even when printed, can still identify you as the leaker of the file.

That's one reason I won't deal with them. They are parasitic scum.

A number of years ago I got into an argument with one of the companies after buying a copy of the Korg Trinity Pro service manual for £20 to repair one which someone had filled up with cannabis detritus. Well I immediately uploaded it to a forum which no longer exists. About a month later I got a rather inflamed email from then demanding £500 in compensation for leaking their served document or they'd sue me. At first I was worried. Then I thought about it and put it into context that they were basically running the same business as those hooky fuckers selling DVDs behind the local supermarket back in the mid 00's. I replied with this fact and suggested that I should probably refer the matter to the police as I would with them. They kindly let me off on that occasion (ha ha ha cunts) and I vowed never to put money in their pockets ever again. I'd rather the manuals burned.

[med6753]

So one of my Fluke 8800A's needs a minor repair. The 200mV/200 ohm range LED is intermittent. Sometimes comes on, sometimes doesn't, and even sometimes randomly flashes. So today I figured I'd pull it apart and see what's up.

Wouldn't you know it. The manual that I have is complete EXCEPT for the schematic of the display panel.  So off to Artek Manuals and pay the $8 USD for a download. At least I know it will be a good copy and complete. But they "lock down" their PDF's and you can't copy/paste pages or portions of pages and drop into a separate file. Oh well.     

Perhaps this can help you:

https://www.wikihow.com/Unlock-a-Secure-PDF-File

You can also get very usable results using the snipping tool to screencap directly from your .pdf viewer.

mnem
 

Where does one find this alleged snipping tool? 

https://support.microsoft.com/en-us/windows/use-snipping-tool-to-capture-screenshots-00246869-1843-655f-f220-97299b865f6b

Also PowerToys, because fukkin' awesome: https://github.com/microsoft/PowerToys

https://www.howtogeek.com/665780/all-microsofts-powertoys-for-windows-10-explained/

And the old Image resizer PowerToy for those still flogging Win-not-10:  https://www.bricelam.net/ImageResizer/

mnem
*occasionally useful*

The snip and save to paint works. Thanks. 

The 20MEG and 200mv/200 ohm LED's share same voltage source so they are turned on by grounding them. The 20MEG LED works fine so problem is on the ground side. Now that I have a good schematic should be an easy fix.

[mansaxel]

(I am having this argument with someone at the moment who wants everything covered but went purple when I suggested I'd just take a picture of the screen with my phone  )

Not a bad example of the old dictum: if you think encryption will solve your problem then you don't understand encryption and you don't understand your problem.

There's another layer to that which has appeared recently: If you think decryption will solve your problem then you don't understand encryption and you don't understand your problem.

So someone wants to MITM all TLS traffic because they don't trust humans. They forget that it increases the risk ten-fold for legitimate traffic and by the time the event has occurred, the data has been exfiltrated anyway and lastly that the entire system is flawed when it comes to information classification anyway. I suggested they fixed the latter but that means an ego needs to be kicked.

I've worked with top secret systems. As far as systems security goes, encryption plays a part, but not by MITMing, by far. You have to do a lot of very tedious work -- by the book --  to keep things secure, and you can't slip. Still, you end up having to trust the humans in the system.  Which means you'll have to vet all humans. (And of course, you still audit them.) It is a ton of red tape, and I admire those who manage to get work done despite the system.

[med6753]

Boy do I feel dumb. "Print Screen" and paste to Paint does the same thing as the Snip tool. I use that often to capture a browser page. 

[Cerebus]

Interesting. My knowledge of Multics is minimal past it being thoroughly dead. But it's the ideas that are important. Will go and read.

I'm a rarity, someone who actually got his hands on a Multics system. I had access to the Multics installation at Brunel University back at the start of the 80s. It was a huge 2 processor system with 8Mb of core and supported a whole university - I've got an emulator here that will run in the background without me noticing it while it happily runs the same sort of load as a whole campus back in the day. Apparently running the simulator on a Raspberry Pi 2 gives similar actual performance to the original room sized hardware.

I keep meaning to have more of a play with it beyond running it up, logging in and going "Cool, that looks really familiar". I used to have most of the paper system documentation, which took a lot of begging and scrounging and took up several shelves - nowadays it's all downloadable as PDFs.

[bd139]

I've worked with top secret systems. As far as systems security goes, encryption plays a part, but not by MITMing, by far. You have to do a lot of very tedious work -- by the book --  to keep things secure, and you can't slip. Still, you end up having to trust the humans in the system.  Which means you'll have to vet all humans. (And of course, you still audit them.) It is a ton of red tape, and I admire those who manage to get work done despite the system.

Yes. I've worked in and have an excellent track record of designing the same class of systems and that's one reason I got the job I have. However it turns out that some companies have cultural problems that can't be fixed. They want them to be fixed but find the process changes and money inconvenient.

mnem posted the real problem earlier:

https://xkcd.com/2030/

There really are two castes in software engineering and one of them needs to stop existing.

Boy do I feel dumb. "Print Screen" and paste to Paint does the same thing as the Snip tool. I use that often to capture a browser page. 

I usually print screen, paste in to ms paint, crop with select then Ctrl+Shift+X, then copy the whole image, then Ctrl+V it onto IMGUR's home page. Sooo easy

[bd139]

Interesting. My knowledge of Multics is minimal past it being thoroughly dead. But it's the ideas that are important. Will go and read.

I'm a rarity, someone who actually got his hands on a Multics system. I had access to the Multics installation at Brunel University back at the start of the 80s. It was a huge 2 processor system with 8Mb of core and supported a whole university - I've got an emulator here that will run in the background without me noticing it while it happily runs the same sort of load as a whole campus back in the day. Apparently running the simulator on a Raspberry Pi 2 gives similar actual performance to the original room sized hardware.

I keep meaning to have more of a play with it beyond running it up, logging in and going "Cool, that looks really familiar". I used to have most of the paper system documentation, which took a lot of begging and scrounging and took up several shelves - nowadays it's all downloadable as PDFs.

Interesting. That was pretty large at the time. My first exposure to a proper multi-user system wasn't until very early 90s unfortunately. That was, purely by chance at Brunel. I had an interview and the lecturer whos name I forget and myself talked more about Unix than anything else and he showed me the joys of it. He had a Sun, I believe a 3/60 on his desk. That may have shaped my eventual migration away from electrical engineering because I probably spent more time pissing around with that than actually going to lectures and learning "boring laplace shit".

I had no idea they had a Multics system there.



Don't get me started on computer simulation. That's another rabbit hole 

Someone elsewhere just offered me a Z80 "quidboard" so called because they were a fairly well featured Z80 board for £1 sold by Birketts. I am considering taking it. Another rabbit hole because it has two serial ports and an exposed bus. That means MP/M .... 

Edit: current reading: BBN Report 1822 .... http://bitsavers.trailing-edge.com/pdf/bbn/imp/BBN1822_Jan1976.pdf

[BU508A]

Book recommendation about "Security Engineering":

Ross Anderson - Security Engineering (Third Edition)

https://www.cl.cam.ac.uk/~rja14/book.html

Interesting to read, even if one is not in the software developing business.

[tggzzz]

Book recommendation about "Security Engineering":

Ross Anderson - Security Engineering (Third Edition)

https://www.cl.cam.ac.uk/~rja14/book.html

Interesting to read, even if one is not in the software developing business.

Anything by Ross Anderson is worth reading.

Ditto Peter Neumann, the moderator of the Usenet group with the highest signal to noise ratio, comp.risks
https://www.amazon.co.uk/Computer-Related-Risks-Peter-Neumann-1994-10-28/dp/B01FIX2V7S

[Robert763]

Some of those schematic companies tell you not to post it on the internet, or to give a copy to anyone because they claim that they have encoded the files with a unique code that even when printed, can still identify you as the leaker of the file.

That's one reason I won't deal with them. They are parasitic scum.

A number of years ago I got into an argument with one of the companies after buying a copy of the Korg Trinity Pro service manual for £20 to repair one which someone had filled up with cannabis detritus. Well I immediately uploaded it to a forum which no longer exists. About a month later I got a rather inflamed email from then demanding £500 in compensation for leaking their served document or they'd sue me. At first I was worried. Then I thought about it and put it into context that they were basically running the same business as those hooky fuckers selling DVDs behind the local supermarket back in the mid 00's. I replied with this fact and suggested that I should probably refer the matter to the police as I would with them. They kindly let me off on that occasion (ha ha ha cunts) and I vowed never to put money in their pockets ever again. I'd rather the manuals burned.

Do you mean "Them" generically or Artek in particular? Artek are not your average manual seller. They have quality product and only sell manuals they have permission for or there is no copyright for. They don't sell stuff that is already in he public domain like US military standards either. 

[mnementh]

Some of those schematic companies tell you not to post it on the internet, or to give a copy to anyone because they claim that they have encoded the files with a unique code that even when printed, can still identify you as the leaker of the file.

mnem
 

[bd139]

Some of those schematic companies tell you not to post it on the internet, or to give a copy to anyone because they claim that they have encoded the files with a unique code that even when printed, can still identify you as the leaker of the file.

That's one reason I won't deal with them. They are parasitic scum.

A number of years ago I got into an argument with one of the companies after buying a copy of the Korg Trinity Pro service manual for £20 to repair one which someone had filled up with cannabis detritus. Well I immediately uploaded it to a forum which no longer exists. About a month later I got a rather inflamed email from then demanding £500 in compensation for leaking their served document or they'd sue me. At first I was worried. Then I thought about it and put it into context that they were basically running the same business as those hooky fuckers selling DVDs behind the local supermarket back in the mid 00's. I replied with this fact and suggested that I should probably refer the matter to the police as I would with them. They kindly let me off on that occasion (ha ha ha cunts) and I vowed never to put money in their pockets ever again. I'd rather the manuals burned.

Do you mean "Them" generically or Artek in particular? Artek are not your average manual seller. They have quality product and only sell manuals they have permission for or there is no copyright for. They don't sell stuff that is already in he public domain like US military standards either.

No this was a now defunct audio specific manuals company, the name of which I can't remember. It was a one man outfit that I reckon spent most of his spare time googling for people sharing "his" manuals.

Mauritron are bastards though 

[Specmaster]

Some of those schematic companies tell you not to post it on the internet, or to give a copy to anyone because they claim that they have encoded the files with a unique code that even when printed, can still identify you as the leaker of the file.

mnem
 

Oops you never noticed that the phone was in movie mode when taking that selfie did you 

[Specmaster]

Some of those schematic companies tell you not to post it on the internet, or to give a copy to anyone because they claim that they have encoded the files with a unique code that even when printed, can still identify you as the leaker of the file.

That's one reason I won't deal with them. They are parasitic scum.

A number of years ago I got into an argument with one of the companies after buying a copy of the Korg Trinity Pro service manual for £20 to repair one which someone had filled up with cannabis detritus. Well I immediately uploaded it to a forum which no longer exists. About a month later I got a rather inflamed email from then demanding £500 in compensation for leaking their served document or they'd sue me. At first I was worried. Then I thought about it and put it into context that they were basically running the same business as those hooky fuckers selling DVDs behind the local supermarket back in the mid 00's. I replied with this fact and suggested that I should probably refer the matter to the police as I would with them. They kindly let me off on that occasion (ha ha ha cunts) and I vowed never to put money in their pockets ever again. I'd rather the manuals burned.

Do you mean "Them" generically or Artek in particular? Artek are not your average manual seller. They have quality product and only sell manuals they have permission for or there is no copyright for. They don't sell stuff that is already in he public domain like US military standards either.

No this was a now defunct audio specific manuals company, the name of which I can't remember. It was a one man outfit that I reckon spent most of his spare time googling for people sharing "his" manuals.

Mauritron are bastards though 

You nailed it right there, that was who I was referring to.

[Robert763]

What are these guys on
www.ebay.co.uk/itm/Tektronix-TDS-5054-Digital-Phosphor-Oscilloscope-500MHz-5GS-s/392915691658
Used i.e. fully working 
It's been discussed before on here that the connector damage is almost cetainly deliberate.

[bd139]

What are these guys on
www.ebay.co.uk/itm/Tektronix-TDS-5054-Digital-Phosphor-Oscilloscope-500MHz-5GS-s/392915691658
Used i.e. fully working 
It's been discussed before on here that the connector damage is almost cetainly deliberate.

Same guys who cleaned our DC out. Run a human conveyer with the last guy at the end throwing it into the back of a transit. Damage is incidental and beyond comprehension by that type of person.

Tend to look like this, but with more Adidas.

[ch_scr]

[...]
I usually print screen, paste in to ms paint, crop with select then Ctrl+Shift+X, then copy the whole image, then Ctrl+V it onto IMGUR's home page. Sooo easy

There is a free tool called "Greenshot". It allows for fine grained customization of the "Screen Printing" experience.

It may display a crosshair with a little magnifier so you can select excactly the rectangle part of the screen you want and  auto save it with a predetermined naming scheme when pressing CTRL-PrntScr

It may paste the active window into an email when pressing Alt-PrntScr.

Or  a n y t h i n g  else you may want. Very flexible, easy to configure. Really saves time when doing a few screenshots.

[mansaxel]

Interesting. My knowledge of Multics is minimal past it being thoroughly dead. But it's the ideas that are important. Will go and read.

I'm a rarity, someone who actually got his hands on a Multics system.

I had no idea they had a Multics system there.

<snip>

Edit: current reading: BBN Report 1822 .... http://bitsavers.trailing-edge.com/pdf/bbn/imp/BBN1822_Jan1976.pdf

The must-read on Multics security is this one: https://www.acsac.org/2002/papers/classic-multics.pdf

I've never worked with Multics, but of course I've read that paper, not the least because I've also read The Elements of Networking Style by Mike Padlipsky, which is /very/ dated but still needs reading, because it teaches us a lot of the basics of interfacing -- how and when to make things abstract and decoupled, in order to be able to gain freedom of movement behind the interface.

[bd139]

[...]
I usually print screen, paste in to ms paint, crop with select then Ctrl+Shift+X, then copy the whole image, then Ctrl+V it onto IMGUR's home page. Sooo easy

There is a free tool called "Greenshot". It allows for fine grained customization of the "Screen Printing" experience.

It may display a crosshair with a little magnifier so you can select excactly the rectangle part of the screen you want and  auto save it with a predetermined naming scheme when pressing CTRL-PrntScr

It may paste the active window into an email when pressing Alt-PrntScr.

Or  a n y t h i n g  else you may want. Very flexible, easy to configure. Really saves time when doing a few screenshots.

Snipping tool pinned to taskbar is option three:

1. Win + 6
2. Ctrl + N
3. Draw square
4. Ctrl + V it wherever

[Cerebus]

Interesting. That was pretty large at the time. My first exposure to a proper multi-user system wasn't until very early 90s unfortunately. That was, purely by chance at Brunel. I had an interview and the lecturer whos name I forget and myself talked more about Unix than anything else and he showed me the joys of it. He had a Sun, I believe a 3/60 on his desk. That may have shaped my eventual migration away from electrical engineering because I probably spent more time pissing around with that than actually going to lectures and learning "boring laplace shit".

I had no idea they had a Multics system there.

If you'd walked up past the Maths block, past the Sports Barn and Halls and up to the north perimeter road, turned right and looked into the first set of ground floor windows you saw on the left you'd have seen the back of a SparcStation 1+ and an early RS/6000 - that was my desk in the "Science Park" (if you can call two buildings a Science Park).

Ah, freshers in the bottom of the Maths Block. Where do you think I learned Nadsat?

[nixiefreqq]

Well I guess it time to decide what to do with the Thurlby PL310 after all the flipping time I've spent on it and the trouble its been, so I'll just have to put it on one side and wait for the time being........ until I need to use it. Yes that does indeed mean that its fixed and working again and ready for active duty, the little beauty...

Okay... so what eventually was the culprit...? Or are you working up a big post and gonna leave us hanging 'til the big reveal...? 

mnem
he would never do that.

haha, yeah, the culprit was ME.

you sir are my new hero.

not because you screwed the pooch.

and not because you eventually found where you had fecked the family dog.

you are my hero because you fessed up to it.

most commonly folks would have gone with "trouble cleared while testing.....no trouble found."

none of that bullshit for you!

[ch_scr]

[...]
I usually print screen, paste in to ms paint, crop with select then Ctrl+Shift+X, then copy the whole image, then Ctrl+V it onto IMGUR's home page. Sooo easy

There is a free tool called "Greenshot". It allows for fine grained customization of the "Screen Printing" experience.

It may display a crosshair with a little magnifier so you can select excactly the rectangle part of the screen you want and  auto save it with a predetermined naming scheme when pressing CTRL-PrntScr

It may paste the active window into an email when pressing Alt-PrntScr.

Or  a n y t h i n g  else you may want. Very flexible, easy to configure. Really saves time when doing a few screenshots.

Snipping tool pinned to taskbar is option three:

1. Win + 6
2. Ctrl + N
3. Draw square
4. Ctrl + V it wherever

Do that 50 times in a row and you will be happy to have a way to skip even one step in that dance, let alone three.

[ch_scr]

Well I guess it time to decide what to do with the Thurlby PL310 after all the flipping time I've spent on it and the trouble its been, so I'll just have to put it on one side and wait for the time being........ until I need to use it. Yes that does indeed mean that its fixed and working again and ready for active duty, the little beauty...

Okay... so what eventually was the culprit...? Or are you working up a big post and gonna leave us hanging 'til the big reveal...? 

mnem
he would never do that.

haha, yeah, the culprit was ME.

you sir are my new hero.

not because you screwed the pooch.

and not because you eventually found where you had fecked the family dog.

you are my hero because you fessed up to it.

most commonly folks would have gone with "trouble cleared while testing.....no trouble found."

none of that bullshit for you!

You are right, it serves as an example in perseverance and honesty to us all.