Posted by jpluimers on 2018/04/13
Cables that really work well: [WayBack] BensonApproved – USB Type-C
Related to USB-C charging cables: not always as good as you’d think.
–jeroen
Via: [WayBack] [Q] Goeie USB-C kabel(s)? Ik ben op zoek naar een goeie usb-c kabels, liefst een beetje betaalbaar. Als ik bijvoorbeeld bij de Mediamarkt kijk (I know,… – Roderick Gadellaa – Google+
Posted in Development, Hardware Interfacing, Power User, USB, USB-C | Leave a Comment »
Posted by jpluimers on 2018/04/09
Great tool for opening electronics. Use with care as it’s metal.
[WayBack] iSesamo Opening Tool – iFixit
via: Teardown of an IKEA Koppla USB power supply.
Posted in Hardware, LifeHacker, Power User | Leave a Comment »
Posted by jpluimers on 2018/04/06
Seems like a good USB power supply:
Posted in IKEA hacks, LifeHacker, Power User, USB | Leave a Comment »
Posted by jpluimers on 2018/04/06
When using SSD drives on Linux, mind the discard option in mnt and the fstrim command: [WayBack] Solid state drives in Linux: Enabling TRIM for SSDs | Opensource.com
–jeroen
Posted in *nix, *nix-tools, Hardware, Power User, SSD, Trim | Leave a Comment »
Posted by jpluimers on 2018/03/31
I both understand the [WayBack] Urgent security advisory – MikroTik and the users reluctant to upgrade: Mikrotik has a history of updates breaking existing behaviour and underdocumenting features and release notes.
The attack is over the www or www-ssl services which by default run on port 80 and 443. You can see on which networks they are bound using this example from the terminal:
> ip service print where name=www
Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 www 80 192.168.71.0/24
192.168.171.0/24
192.168.124.0/24
> ip service print where name=www-ssl
Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 www-ssl 443 192.168.71.0/24
192.168.171.0/24
192.168.124.0/24
Note that if your device was infected, not all upgrades will remove the infection on all machines (even though it is mentioned in the FAQ below!). This is one of the “underdocumenting” aspects I mentioned.
There is no way to officially check if your device is infected. If you suspect it is and cannot upgrade to 6.41.3 or more recent, then you need to use [WayBack] Manual:Netinstall – MikroTik Wiki to wipe clean your router and re-install.
Be careful which version you upgrade to:
Somewhere in the middle of page 2 of the above post [WayBack], this is slightly addressed:
1) Upgrade to 6.38.5 fixes the botnet scanner and removes it.
2) Upgrade to 6.41.3 fixes SMB vulnerability.
Later this morning further below on page 2 of the above post [WayBack] it was elaborated more:
I recommend that you re-read all the posts from “normis”. Seems that we are going into circles.
1) Winbox port is used only to find out that this is RouterOS powered device (Winbox is not affected by vulnerabilities that we know of);
2) WWW service (“/ip service”) is used in order to “hack” your router if Firewall did not drop connections to this port (affected service was Webfig which by default is running on port 80, but you can change port under “/ip service” menu and then this other port must be protected). For example, “/ip firewall filter add chain=input action=drop in-interface=WAN connection-state=new”;
3) Issue with SMB is completely another thing but the same rules apply. If device (in this case SMB port) is protected by firewall, then no one can use this issue in order to mess up with your router. Usually attacks come to your router from public Internet (not from LAN) and in normal situation SMB access is not open for public Internet;
4) There is not and will not be an official way to gain access to routers shell.You will be safe from both of these issues if you upgrade your routers (6.38.5 for WWW issue and 6.41.3 for SMB). In order to upgrade many devices at the same time – you can use MikroTik tool called The Dude or use scripts.
From the above post, at least read the FAQ:
FAQ:
What is affected?
– Webfig with standard port 80 and no firewall rules
– Winbox has nothing to do with the vulnerability, Winbox port is only used by the scanners to identify MikroTik brand devices. Then it proceeds to exploit WEBFIG through port 80.Am I safe?
– If you upgraded your router in the last ~12 months, you are safe
– If you had “ip service” “www” disabled: you are safe
– If you had firewall configured for port “80”: you are safe
– If you only had Hotspot in your LAN, but Webfig was not available: you are safe.
– If you only had User Manager in your LAN, but Webfig was not available: you are safe.
– If you had other Winbox port before this: you are safe from the scan, but not from the infection.
– If you had “winbox” disabled, you are safe from the scan, not from the infection.– If you had “ip service” “allowed-from” set to specific network: you are safe if that network was not infected.
– If you had “Webfig” visible to LAN network, you could be infected by an infected device in your LAN.How to detect and cure?
– Upgrading to v6.38.5 or newer will remove the bad files, stop the infection and prevent anything similar in the future.
– If you upgrade device and you still see attempts to access Telnet from your network – run Tool/Torch and find out a source of the traffic. It will not be router itself, but another device in local network which also is affected and requires an upgrade.
–jeroen
Posted in Internet, MikroTik, Power User, routers, Security | Leave a Comment »
Posted by jpluimers on 2018/03/29
I will probably need the netstat/tcpdump/wireshark tricks here in the future: [WayBack] Troubleshooting Bitbucket Cloud MTU/MSS issues – Atlassian Documentation
via: [WayBack] Atlassian Bitbucket Status – Network maintenance; MTU/MSS changes coming
–jeroen
Posted in Communications Development, Development, Internet protocol suite, Network-and-equipment, Power User, TCP | Leave a Comment »
Posted by jpluimers on 2018/03/07
It was fitting to bump into [WayBack] Packet Sender is a good tool when debugging protocols…” Written by Dan Nagle… – Lars Fosdal – Google+ on the day presenting [WayBack] Conferences/Network-Protocol-Security.rst at master · jpluimers/Conferences · GitHub
It also means that libssh2-delphi is getting a bit more love soon and will move to github as well after a conversion from mercurial.
Some of the things I learned or got confirmed teaching the session (I love learning by teaching):
certbot client”, so you might want to look into different [WayBack] ACME Client Implementations – Let’s Encrypt – Free SSL/TLS Certificates especially if you run nginx on Alpine Linux (but note you then need [WayBack] license_update.patch\acme-client\community – aports – Main aports tree to avoid [Archive.is] [400] does not match current agreement URL – Help – Let’s Encrypt Community Support)Here is some more info:
–jeroen
Posted in Communications Development, Delphi, Development, Encryption, Hardware, Harman Kardon, Home Audio/Video, HTTP, https, HTTPS/TLS security, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), OpenSSL, Power User, Security, Software Development, TCP, TLS | Leave a Comment »
Posted by jpluimers on 2018/01/25
tik4net – Connect from .NET C# application to mikrotik router via ADO.NET like API or enjoy O/R mapper like highlevel api.
Source: CRUD examples for all APIs · danikf/tik4net Wiki
[Archive.is] C# API – tik4net on GitHub – Page 2 – MikroTik RouterOS
–jeroen
Posted in .NET, C#, Development, MikroTik, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2018/01/15
Not just a great overview for the season, but also a good overview on what the state of the art in various SSD products is: [WayBack] Best SSDs: Holiday 2017.
Recommended reading when you are looking for SSDs
–jeroen
Posted in Hardware, Power User, SSD | Leave a Comment »
Posted by jpluimers on 2017/12/22
A kind of repeat of a 6 year old post, as by now this has much more information: [WayBack] hardware rec – When to stop using a hard drive? What rules/software apply? – Super User.
It is a continuation for another drive of my 2011 post hard drive – When to stop using a HDD? What rules/software apply?.
Basically I was unlucky receiving a brand new drive that appeared exceptionally slow and doing some ticking.
So I ran these on it:
–jeroen
Sorry for the “missed schedule”, but WordPress.com is acting up again:
Since I ran this machine on Windows and I didn’t have time to run locally, these are the tools I used:
Posted in Hardware, LifeHacker, Missed Schedule, Power User, SocialMedia, WordPress | Leave a Comment »
The Wiert Corner - irregular stream of stuff 