| William Unruh <unruh@invalid.ca>: Oct 17 06:22PM > The wps_supplicant ain't delivered as APK, so you will need a firmware > update. On most GNU/Linux phones it's a package (rpm/deb), so that could > be pushed out without a firmware update. I am pretty sure it is not firmware, but it is part of the Android package, if that is what you mean. Ie, it is a system program/daemon. How to replace it I have no idea, esp since it is probably altered by either Google or by the phone manufacturer. So you are probably right that it requires them to ship a replacement. |
| "s|b" <me@privacy.invalid>: Oct 17 10:36PM +0200 On Mon, 16 Oct 2017 20:55:25 +0200, s|b wrote: > Still waiting for an update for my TP-Link Archer C7 router. If I > understand all this correctly, then I'll also need an update for my > Nexus 5X? TP-Link is waking up, so it seems: [Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol <http://forum.tp-link.com/showthread.php?101094-Security-Flaws-Severe-flaws-called-quot-KRACK-quot-are-discovered-in-the-WPA2-protocol> Microsoft announces they patched the leak(s) on October 10. Microsoft releases statement on KRACK Wi-Fi vulnerability <https://www.windowscentral.com/microsoft-releases-statement-krack-wi-fi-vulnerability> -- s|b |
| harry newton <harry@is.invalid>: Oct 17 10:41PM He who is s|b said on Tue, 17 Oct 2017 22:36:45 +0200: > Microsoft releases statement on KRACK Wi-Fi vulnerability > <https://www.windowscentral.com/microsoft-releases-statement-krack-wi-fi-vulnerability> What's interesting is that the open-source community has a problem with diffs letting the cat out of the bag too soon (witness openbsd). |
| William Unruh <unruh@invalid.ca>: Oct 18 02:25AM >> <https://www.windowscentral.com/microsoft-releases-statement-krack-wi-fi-vulnerability> > What's interesting is that the open-source community has a problem with > diffs letting the cat out of the bag too soon (witness openbsd). And the closed source community has a problem with never actually fixing the problems (see most of the wireless router manufacturers). As can be seen from the debate that occured re Krack and OpenBSD. Theodore felt that leaving his users hanging completely exposed was not a good idea, and eventually the Krack finder agreed (only to regret it later). It is a real moral connundrum. Did anyone actually notice that OpenBSD could be used to reveal the bug? Ofttimes fear makes one think that everyone in the world can see right through you and see what you are trying to hide, while actually noone does. So it was not a problem, but a true moral connundrum where no answer is right. |
| bruce2bowser@gmail.com: Oct 17 09:03PM -0700 Bill Bradshaw wrote: > It appears if you do not use or have WiFi and enabled you should be > secure from this. Since I have both disabled I assume I am safe because I > use neither. Is a hard wired connection safer (at all distances)? |
| harry newton <harry@is.invalid>: Oct 18 01:56PM He who is William Unruh said on Wed, 18 Oct 2017 02:25:28 -0000 (UTC): > And the closed source community has a problem with never actually fixing > the problems (see most of the wireless router manufacturers). Hi William, I'm not sure what you mean, but I guess what you're saying is that firmware is only available for the newest routers, which I would agree with. Is that what you're saying? > Theodore felt that leaving his users hanging completely exposed was not > a good idea, and eventually the Krack finder agreed (only to regret it > later). Thanks William for understanding what I was talking about. I do see the conundrum, which is the following, put bluntly: 1. Researcher finds vulnerability on day 0 & secretly informs vendors 2. Proprietary-code vendors fix & release code & nobody is the wiser 3. Open-source vendors fix & release code & anyone can do a "diff" The problem is that the bad guys can do the diff and then get a jump in the wild on building an attack vector. I don't know *how* to solve this, and I don't understand what the Krack Attack researcher proposed for what Theordore should have done. > It is a real moral connundrum. Did anyone actually notice that > OpenBSD could be used to reveal the bug? William, Can you help me understand what the researcher prefers for next time? He used the words "sit on a diff", which I took to mean that someone *knew* what the changes were and had to "sit on it" (and not tell anyone). (Yes, I'm well aware of what a "diff" is in the Bash world anyway, which is just a command revealing what's different.) I'm confused about one of two events, as to what the researcher wanted: 1. Did he want Theordore to just *sit* on the fix & wait? 2. Or did he propose not giving Theordore enough info to fix it next time? > are trying to hide, while actually noone does. > So it was not a problem, but a true moral connundrum where no answer is > right. But what is the *standard* approach in this situation for open-source code? What did the researcher propose for open-source code vendors? 1. Did he propose that they not release the code until it's public? 2. Or did he propose not *telling* the open-source community early? I'm confused what the suggested "solution" by the researcher was. |
| Marek Novotny <marek.novotny@marspolar.com>: Oct 18 10:20AM -0500 > 1. Did he propose that they not release the code until it's public? > 2. Or did he propose not *telling* the open-source community early? > I'm confused what the suggested "solution" by the researcher was. The standard approach is to give a short waiting period in which the researcher who discovers the bug sits on the bug. Meaning that the researcher does not announce to the world the existence of the found bug. Instead the researcher notifies vendors and publishers, such as a distribution or a vendor for a router such as NetGear. The idea is that they have 60 days in which to patch before the news goes fully public. The idea here is that sometimes they need to be shamed publicly for not patching their hardware or software. In those 60 days all vendors and users of affected software have time to perform a standard update which should fix the discovered issue before the issue is revealed after the 60 days. With open source software since development is out in the open it is possible to discover the bug before 60 days are up. Development is in the open after all. Sometimes if it is a really bad one many distros might agree to release on the same day. And then you have smaller distros based on larger distros that may lag. rhel is typically incredibly fast to fix any known issue. Sometimes in just an hour of it being discovered depending on what it is. In my opinion this is where Open Source really shines. Something like a pFsense firewall will get updates very quickly and you can bank on it. A good distribution like RHEL, Fedora, Debian, Ubuntu, and Suse will get updates on any particular bug very quickly. -- Marek Novotny https://github.com/marek-novotny |
| Doomsdrzej <.m@nsn.s>: Oct 18 12:38PM -0400 On Wed, 18 Oct 2017 02:25:28 -0000 (UTC), William Unruh >are trying to hide, while actually noone does. >So it was not a problem, but a true moral connundrum where no answer is >right. I have to disagree with the first statement. The open-source community does fix bugs which are very well-known and widespread. That is why Krack already has a fix. It's the smaller issues, like graphical glitches that only affect about 25% of their users which they might not actually fix. They only prioritize whatever they know they can't get away without fixing. |
| oldschool@tubes.com: Oct 18 02:39AM -0500 I'm back to my original Power Inverter, which is a small 300W peak, 125W continuous unit, probably made in the 1980s. It's gotten lots of use and was always reliable. A while ago, it started acting weird and occasionally would not produce 120VAC output. At that same time, the red light (LED) would light up, which means it's not working properly. I've had it apart several times recently, and it will always start working again after I mess with it, but that dont always last long. I have ordered a new inverter, but until that comes, I have been using this old one, and found something interesting. I've been leaving the case open on it, and when it fails to work, all I have to do is hit the large electrolytic cap, with the handle of a screwdriver, and it usually works again. I have carefully checked all solder joints on the board, and even resoldered a few that looked questionable. This cap is surely soldered properly. This makes me wonder if somehow the leads are loose inside the cap itself. Is that possible? This cap is the biggest one on the board, near the 12V inputs. It's 100uf, 200v. It's fairly large for a modern cap. I plan to replace it, but I dont have one on hand and will have to order it. Even after I get my new inverter, I would like to repair this old standby inverter that was always very reliable, and has a simple circuit without a lot of bling and dont have one of those dreaded annoying buzzers inside. |
| "pfjw@aol.com" <pfjw@aol.com>: Oct 18 04:40AM -0700 Three things: a) Modern caps do not have 'wires inside'. The do have connection(s) between the foil and the connecting wires that can go flaky - but those are all-or-nothing situations. b) The buzzer comes on when the input voltage approaches, then drops below the trigger voltage for the inverter. So, if your battery voltage drops below whatever that is - first inverter will buzz, then AC-out will stop. \ c) So it appears that you may have tossed that other inverter because you mistook the buzz for an inverter problem, not a battery problem. It also appears that you do not understand the concept of 'system'. An inverter is one half of a system, the other half being the battery. Both need to be in good condition for the entire *System* to operate properly. Now, some inverters will drain a battery dead before stopping. And, it appears that your 300 watt unit is such a beast. Accordingly, you are sulphating your battery killing sooner rather than later. Even a Marine-grade deep-discharge battery does not want to go below 50% of charge on a repeated basis, 70% being better. Now, comes the math: Amps is amps. Watts is watts. Volts is volts. Broadly speaking - volts x amps = watts. 120 watts = 1 amp at 120V 120 watts = 10 amps at 12V. One (1) amp for one (1) hour is one AMP-HOUR. The reality of battery performance vs. CCA. We are ignoring inverter losses - anywhere from 10% to 30% in the universe you inhabit. The typical car battery is somewhere between 24 and 60 AH, some very fancy marine-deep-discharge batteries can be about 120 AH. That is from fully charged to *dead*. Meaning that you do not want to run for more than half that time in reality. If you are running at 120 watts, you are using ten (10) amps per hour (ignoring losses). In 1.2 hours you will be at 50% (24AH battery) assuming you started with a peak-charged battery in good condition. In two hours you will have caused irreparable damage to a 24AH battery. Yes, it will still work after a fashion - but never again at peak and never again at full charge. For a 60 AH battery, you get a whole three (3) hours before damage sets in. Enjoy! Peter Wieck Melrose Park, PA |
| oldschool@tubes.com: Oct 17 02:54PM -0500 On Tue, 17 Oct 2017 05:45:40 -0700 (PDT), "pfjw@aol.com" <pfjw@aol.com> wrote: >With all due respect - does the phrase "danger to yourself and others" have > any meaning. As described: No danger was involved. It was laying on the lawn outside, I connected the jumper cables to my farm tractor battery and made sure to tap the jumper cable to the voltage, not just clamp it on. After the initial sparks, it attempted to operate. I since tore it apart, and found the main 12V POS wire was crammed between the board and the case, and it's insulation was seriously crushed between the case and the board. But the case is plastic so I cant see how it would short to that. Anyhow, I taped the wire up, moved it, and turned the inverter on. For the first 5 minutes it worked fine, with no load on the output. I then connected a small 120v fan to it, and the fan worked fine. However, when I unplugged the fan from the inverter, the inverter red light began flashing and the buzzer began beeping, and it no longer produced any AC output voltage. Even after disconnecting it from the 12V battery and letting it sit for 24 hours, it still just flashes the red light and beeps. I have given up trying to repair it, and bought a new inverter. Because it has SMD devices inside, I wont even try to repair it at this point. It's now in my junk box, intended only to be used for parts. The case will come in handy for some project, it's small internal fan may be used, along with the switch and a few other parts. The circuit board will likely just go in the garbage, because who knows what parts are fried on it. But for now, I didn't feel like ripping it apart again, so the whole thing went in my scrap box. I have read several websites that say this is a common problem with this model, and it's not highly rated. Cobra has been known to produce quality CB radios, but apparently this inverter is has a lot of problems. I wasted enough time on it. Now it's parts ONLY. |
| Foxs Mercantile <jdangus@att.net>: Oct 17 03:26PM -0500 >> With all due respect - does the phrase "danger to yourself and others" have >> any meaning. As described: > No danger was involved. Famous last words, "I know what I'm doing." > I wasted enough time on it. And ours. -- Jeff-1.0 wa6fwi http://www.foxsmercantile.com |
| rickman <gnuarm@gmail.com>: Oct 17 05:40PM -0400 Foxs Mercantile wrote on 10/17/2017 4:26 PM: > Famous last words, "I know what I'm doing." >> I wasted enough time on it. > And ours. He couldn't help himself. You were volunteer labor. -- Rick C Viewed the eclipse at Wintercrest Farms, on the centerline of totality since 1998 |
| You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to sci.electronics.repair+unsubscribe@googlegroups.com. |
No Response to "Digest for sci.electronics.repair@googlegroups.com - 13 updates in 3 topics"
Post a Comment