Network Security neophyte - Willing to learn anything
20 stories
1 follower

Normal Is Gone Forever

1 Share
"The old records belong to a world that no longer exists"
- Dr. Marty Hoerling, Research Meteorologist
NOAA Earth Systems Research Laboratory

It has been a remarkable summer across the Northern Hemisphere, with high-temperature records being set at locations in North America, Asia, Europe, and North Africa.  Now that we are well into the fire season, a pall of smoke generated by large wildfires hangs over much of the western United States, as evident in yesterday afternoon's GOES-16 satellite image.  

Source: CIRA
Will we ever return to normal?


Although the climate, especially on regional scales, has always exhibited variability, we are now accelerating into a future in which the planet will be warming at a rate not seen since the emergence of human civilization. 

Further, while this warming may occur in fits and starts rather than at a steady rate, the idea that what we are currently experiencing is "just a cycle" is pure fantasy.  We will also not settle around a "new normal" for at least the next few decades, and even that assumes we get our greenhouse gas emissions under control quickly.  

The reality is that we have poked the climate bear with a hot poker and it is not going to calm down anytime soon.  If we curtail greenhouse gas emissions dramatically, perhaps we can get this thing under control in the latter half of the 21st century, but right now, that's looking unlikely.  

So, it is time that we all get used to a world of remarkable change, that we give up on the idea of a stationary climate, and we rise to meet the challenge posed by rapid change.  

If you want an example, look no farther than the western U.S. wildfires.  Yes, the lack of precipitation this past winter probably wasn't due to global warming and wildland management, development patterns, and climate variability have contributed to the mess we're in, but the fingerprints of climate change in the ashes.  Global warming is shifting the weather in ways that we are seeing longer fire seasons, increased fuel aridity, increased acreage burned, and more extreme fire behavior (see, for example, Abatzoglou and Williams 2016).  

And here's a sobering thought.  The train has just left the station.  The fire season of the future is longer, hotter, and drier.  If you think 2018 is bad, fast forward to a drought period around 2048 or 2078.

Normal is gone forever.  The sooner we accept that and build a weather and climate resilient society for the future, the better.  
Read the whole story
18 days ago
Share this story

Vulnerability Spotlight: Kaspersky Unhandled Windows Messages Denial of Service Vulnerability

1 Comment
Vulnerability discovered by Marcin 'Icewall' Noga of Cisco Talos.


Talos is disclosing the presence of TALOS-2016-0175 / CVE-2016-4329, a local denial of service vulnerability within Kaspersky anti-virus. A system user is able to cause a denial of service attack against Kaspersky’s avpui.exe process by executing malicious code on a system. As a result, avpui.exe process protected by Kaspersky Self-Protection dies.
The vulnerability can only be exploited by a user who is already present on the system. Nevertheless, such a vulnerability potentially may be exploited by a malicious user who wished to cause anti-virus scanning to stop informing users about potential malicious activities. This may comprise a step in a longer sequence of malicious activity. Administrators should ensure that the latest version of Kaspersky is installed to remove the vulnerability.


The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or
Snort rules: 39918,39919
Read the whole story
710 days ago
Team should read this.
Share this story

Deploying the monomyth in Space Opera

1 Comment

So: in the ongoing investigation of space opera, I've looked at cliches, I've tried to come up with a rough definitional rule of thumb ... but I've avoided what's possibly the largest elephant in the room, namely, plot structures.

A key aspect of space opera is that it's about epochal events and larger-than-life characters. Most genres can be written to work in a variety of modes; for example, consider the difference in the level of melodrama in spy thrillers betwee James Bond and Graham Greene's The Human Factor. Similarly, high fantasy can be quietly introspective and pastoral, or focus on the clash of kings and dark lords, and horror can run the scale/focus gamut from The Yellow Wallpaper to The Stand.

But space opera is different: it's almost impossible to conceive of a space opera with a plot that revolves around the eqivalent of a middle-aged English professor's mid-life crisis as he carries on a furtive affair with one of his female students under the nose of his long-suffering wife (the somewhat cruel stereotype of the MFA-approved Great American Novel). I mean, you could do it, but your professor would have had to have invented a new type of FTL drive that threatens to revolutionize interstellar travel, the student is a spy from a cartel of space traders and is trying to get the blueprints out of him before she stabs him in the kidneys (because: lecherous middle-aged prof, ew), and his wife—the professor of political science at Galactic U—is actually a retired assassin (and just wait 'til she finds out about the student). Into the middle of this quiet literary novel of academic infidelity and domestic lies, we then add an evil religious cult of alien space bat worshipers who want to steal the new space drive to equip their battle fleet when they sweep in from the Orion Arm to bring fire, the blaster, and the holy spacebat inquisition to the Federation, and when they kidnap the professor his wife and his grad student have to work out their differences to get him back before he cracks under (well-deserved) torture and gives the fanatics the ultimate weapon ...

(Huh. Actually, that'd make a cracking space opera; just not one of mine. Anyone want to borrow it?)

I stand by my point: you can't write space opera without ramping up the stakes to melodramatic levels. (Well, maybe you could if you were Iain M. Banks, but he was special that way.) The need for romanticist drama is one of the pillars of the sub-genre. And one of the recurring core tropes of the genre, which is so fundamental you can hardly call it a cliche (any more than boy-meets-girl/boy-loses-girl/boy-gets-girl is a "cliche" in genre romance) is the Campbellian Hero's Journey.

If you are reading this blog you are familiar with the Hero's Journey monomyth because it's ubiquitous in our mythology and entertainment. Campbell derived it from studies of myths in many cultures, publishing his exposition The Hero with a Thousand Faces in 1949: his theory was that major myths from various world cultures can be traced back thousands of years and share a common cyclic template (with roughly 17 stages). Since then, it's been used repeatedly by entertainers as a construction template; for example, Christopher Vogler more or less codified it as a recipe while working for Disney studios. The plot of the original Star Wars trilogy was an explicit appropriation of the HJ cycle by to George Lucas (to be fair, before Vogler's codification); it's no accident that Darth Vader is Luke Skywalker's father (Vader is Dutch for "Father") or that the fight between Skywalker and Vader in The Empire Strikes back is one that Skywalker loses—but survives to re-fight more successfully later. A key feature of the monomyth is that the hero leaves home on a quest, faces challenges, confronts and is struck down by his father/the darkness, then rises again, atones/achieves enlightenment/excellence, and triumphs in a final struggle that represents maturation.

Campbell's work isn't uncritically or universally accepted, to say the least, and there are variants on it: for example, Valerie Frenkel critiched him for focussing exclusively on the male variant of the Hero's Journey. It turns out that there are plenty of recurring myths where a version of the monomyth applies to women, with similar but distinctively different recurring stages focussing on the heroine's progress from girl to mother. Rather than fighting to defeat/overturn the parent, the heroine's struggle is to become the parent: rather than returning to the original home but as master (the male branch of the monomyth) the female version has her joining a new household as its mistress and new mother or goddess/priestess.

Yes, this is all horribly gender-stereotyped. But I'll take a stab in the dark at diagnosing its origin: the stages in the monomyth echo the mammalian K-selective reproductive cycle—on hitting puberty the young adult leaves the nest/parents, goes looking for a mate, meets and overcomes obstacles (competitors and predators), finds a mate, forms a new mated pair. In the case of humans or other primates there may also be issues about troupe/pack hierarchy to be resolved. Yes, there are problems with this: it doesn't map onto social structures once established settlements and agriculture become the norm and the young adults are expected to stay home and plough the fields. But the monomyth remains deeply appealing because the mythic framework it builds on has very deep roots that go all the way down to primate reproductive biology.

The monomyth doesn't have to be melodramatic: you can, at a pinch, apply it to that stereotypical MFA lit-fic novel of lecherous middle-aged academics without too much trouble. (The journey is one of internal psychological discovery, the threats are the protagonist's inner demons, the allies are the psychiatrist, the crisis/conflict is one of understanding ...) But as often as not, it's a structure for heroism: melodrama acts as a spice, raising the stakes and giving us a reason to pay attention to the protagonists, for their deeds are significant and implicitly may affect us (or the proxy the author has provided for our viewpoint).

So: Space Opera. Take the monomyth as a framework for how the action unfolds, and mix it up with melodrama. Then add space ships, ray guns, and wide-scale travel backdrops. Arguably the monomyth comes first, before the background: although some of the more skilled authors of the sub-genre spin their plots within the constrains of a background world, and sometimes manage to avoid the monomyth completely. (I'd go so far as to say that "Matter" by Iain M. Banks is an almost complete rejection of the form, as is "Look to Windward" ... actually, I suspect IMB had his own different idea of a story structure in mind for the Culture novels: as often as not they're epic tragedies ("Consider Phlebas") or illustrations of the limits of heroism.)

But if you're trying to spin a space opera, and you're reaching for a plot skeleton that works, the monomyth is your friend. Here's an exercise for the involved reader: take my dysfunctional Galactic U professorial marriage from the beginning of this essay and use the monomyth structure to come up with a plot, climax, and ending that delivers a satisfactory sense of closure. You might first want to consider who you are focussing on—the lecherous male prof, his spouse the academic with a dead-and-buried past (she thought) as an assassin, or the grad student with the secret mission. Then you need to consider what stage of the Hero's Journey you are joining them at—for there's no reason to assume the story starts at the beginning, rather than in media res. Next, work out what challenges and allies they might encounter on their way to the climax and resolution, and what role the other characters play in their quest. Finally: what is the prize they're seeking, how do they achieve it, and at what cost? For added points, see if you can find a way to twist the standard Hero's Journey cycle to apply a surprise climax to it—for example, by spinning this steamy menage-a-trois with added murderhate and alien space bats so that it appears at first to be one protagonist's journey but then switches track and turns out to be about one of the others (your classic example of this would be IMB's "Use of Weapons") ...

What variations can you come up with?

Read the whole story
884 days ago
One of the reasons I love Nathan Lowell is he writes excellent space opera that doesn't revolve around galactic mayhem and universe ending doom.
Share this story

Schlock Mercenary: August 20, 2015

1 Comment
Schlock MercenaryFirstPreviousArchiveShop

Read the whole story
1094 days ago
oh, man that's a video I wanna see.
Share this story

Terrible Terminations – How a bad RJ45 termination can ruin a cable

2 Comments and 4 Shares

There are at least two good ways to make a bad Ethernet cable. One can start with badly-made bulk cable -- this seems to be the usual explanation for Chinese-made Ethernet cables -- or one can take good cable and do a terrible job of putting connectors on it. Some types of connectors -- a crimp BNC, for example -- are very easy to put onto a cable if someone has shown you how and you've got the right tools for the job, but the 8-pin Ethernet connector is another matter entirely. Bad technique, applied to perfectly good cable and connectors, can give you an apparently good connection, but horrible loss characteristics.

A Customer, A Problem:

Last week (this article was written February 2015) a customer wrote to us with a problem. He's dealing with network performance issues at a small company, and has come to suspect that bad patch cords, made by an electrician, account for some of the problems he's seeing. He asked if we would be willing to test one of his patch cords to see how it performed, and we were happy to oblige.

The Cable Under Test:

The patch cord arrived in the mail. It was about 7 feet long, bore branding from a major company dealing in industrial electronics, had a "Cat 6" designation on the jacket, and was terminated with fairly typical field-installable connectors. We plugged it in to our Fluke DTX tester, dialed up the 2.5 metre patch cord test limits, and tested it to ISO Cat 6 standards. The test came back absolutely awful, failing the Cat 6 crosstalk limits by over 10 dB. Stepping the protocol down to Cat 5e, we tested it again, and it still failed, though by a more modest 1.6 dB. Here are the test reports.

Now, at this point there are really only two possible causes, and this quite spectacular failure could be the product of one or both of them. First, there is the possibility that the bulk cable from which this patch cord was made is no good. Second, there is the possibility that the connectors are causing the problem, either because they're not very well designed or because they've been badly applied to the cable.

A Picture Worth a Thousand Mbps:

A quick look at the connectors confirmed that all was not right. This cable was put together using a pass-through type plug, where the eight conductors are lined up in order, threaded through the plug, and then cut off after crimping. These plugs are not the best performers electrically, but it is possible to get good results with them, so the plug was not likely to be the cause of such a large-scale failure. Looking through the plastic at the wires, however, it became clear that not a lot of care had gone into termination. There's a lot that could be said, and more than one thing wrong here, but one picture in particular illustrates the sort of thing we saw:

Note the blue wire, and its blue/white companion. This was a 568B termination, which means that these two wires are headed for adjacent pins (4 and 5) on the connector. Note that the blue goes off to the left, while the blue/white goes off to the right -- the blue-white is basically wrapped right around the orange pair, which sits between it and its mate.

Other things are not well in these connectors. Conductors are sharply bent, probably due to some awkward shoving-in to the connector body. Pairs are inartfully routed to their destinations, resulting in their being squished hard into other pairs. And then, in a move that neither helped crosstalk nor mechanical stability, one of the connectors was crimped on downstream of the end of the cable jacket -- so instead of gripping jacket, the back-crimp of the connector was smashing pairs into pairs without any cushioning or ability to slip around in-jacket.

What Does the Fluke Say?

Clearly, the termination was a huge part of the issue here. The Fluke tester confirmed as much, in its diagnostic screen, the "HDTDX" display, which shows a time-domain representation of the crosstalk characteristics of the cable. An ideal HDTDX result -- not attainable -- would be a completely flat line from the area around the left vertical red line (representing the first connector) to the area around the right vertical red line (representing the second connector). Here, there are instead two immense bumps (well, six on each end; the graph shows all six possible pair-to-pair combinations) at these locations, and what this means is that crosstalk at these points is a problem. The relative flatness of the lines between suggests, additionally, that the cable itself, disregarding the connectors, is probably just fine.

Let's Try This Again:

The easiest way, ultimately, to figure out whether bad termination is the sole cause of the problem is simply to do a good retermination. We cut the connectors off and reterminated the cable. Upon cutting the connectors off, we found what looked like a fairly typical Cat 6 cable profile: there was an X-spline down the middle to separate the four pairs, and the four pairs were nicely arranged, with orange and brown opposite one another, so that whichever end of the cable one is working from, the pairs can be lined up in order (for 568B) without having to cross any of them over the others. We used our standard plug, and got a proper crimp on it, and put it back on the Fluke tester.

Success! The original termination had failed the Cat 6 crosstalk test by 10.8 dB, and our retermination passed the test by 4.5 dB -- a 15.3 dB improvement. Simply using a good connector and following good practices turned a spectacular fail into a comfortable pass. This test result certainly vindicates the bulk cable, which plainly was of good quality. Here, if you'd like to see them, are the post-retermination test reports.

Now, let's go back to that HDTDX chart. Here's what it looks like after retermination:

As you can see, there are still bumps at the connectors -- that's normal, and there's no way to affix standard 8-pin Ethernet connectors to cable without seeing this result -- but the magnitude of the bumps is a fraction of what it was when we received this cable.

So, What's The Lesson?

Most of us, if we do not deal in high-speed digital signalling, have a kind of "DC Circuits" understanding of wiring where the most important thing is simply that the wires connect the right points together. One can even be a career electrician and be trapped in that kind of thinking, because in residential power wiring, things are pretty much either hooked up correctly or not; nobody's oven fails because somebody untwisted too much power cord. It is, therefore, easy to assume that if you've got Ethernet cables to make, and you can reliably connect pin 1 to pin 1, pin 2 to pin 2, and so on, all will be well. Many electricians are skilled at assembling data cables -- heck, all of our installed horizontal cabling (in-wall and in-tray cable to jacks, that is) here at BJC headquarters was installed by our electrician, and his work tested out perfectly. But it's a mistake to assume that just because network signals are electrical, any electrician is automatically qualified to put a network together.

If all you need is Cat 5e performance -- and that's often the case -- it isn't hard to make good patch cords. You need good cable, good connectors, and good technique. The internet abounds with tutorials on this stuff. For good cable, consider buying American -- there are a number of data cable manufacturers who are keeping jobs in the USA, whose products are reasonably priced, and whose products really do what they say. Our experience has been that Chinese data cable is almost always terrible, sometimes to an astonishing degree -- and that includes Chinese cable from Internet vendors who are widely trusted. For good connectors, likewise there are excellent choices, including some American manufacturers (we use mostly Sentinel).

But as this example shows, you can start with good cable and make bad assemblies -- in fact, you can start with excellent cable and make horrible assemblies. Keep these things in mind:
(1) the length of wire to be untwisted should be only the amount you need to be able to insert into the connector; any additional untwisting will only harm performance.
(2) when you're arranging wires, don't fight the cable if you don't have to. In this case, the wires came out of the cable end in a very nice configuration, amenable to simple, straight routing into the connector, and the user turned it into a mess.
(3) make sure that your total stripped-jacket length is short enough to make the back crimp on the connector fall on JACKET, not on bare pairs.

If you've got good materials and good technique, your Cat 5e cables will be Cat 5e compliant the vast majority of the time. If you're looking for Cat 6 compliance, it's possible to do but you're likely to need to be much more picky about cable and connectors, and significantly fussier about termination techniques, and probably will not be able to do it consistently unless you have a proper tester to give you feedback on your work. Cat 6a is another matter entirely -- meeting crosstalk standards between 250 and 500 MHz is quite a challenge, and it's possible to have compliant cable, compliant connectors, good technique and no success, as the right solution turns out to be a sort of synergistic product of all three.

Back to Articles Index

Back to Blue Jeans Cable Home

Read the whole story
1235 days ago
The moral of this story: I'll never crimp my own cables again.
Share this story
1 public comment
1227 days ago
I like to think that my technique is pretty solid, but until I am able to do signal tests on every terminated cable, I still treat any crimped cables i make as sketchy-at-best.
Seymour, Indiana

Easiest Syslog Forwarder for Windows I’ve Ever Seen

1 Comment

Right or wrong, Syslog remains the de facto standard protocol for log forwarding. Every SIEM and log management solution in the world accepts syslog. So frequently you run into the situation of needing to forward Windows events via syslog. But Windows doesn’t support syslog and the “free” forwarders I’ve looked at in the past were just not pretty. Some even written in Java. Ugh. Besides being klunky and hard to configure they weren’t flexible in terms of which event logs they could forward much less which events within those logs.

But SolarWinds has just released a new and completely free Event Log Forwarder for Windows (ELF). ELF takes seconds to download, seconds to install and a minute to configure. Just select the logs you want to forward (below example shows successful and failed logons and process start events from the security log):

and specify the address of your syslog server:

ELF runs as a background service and immediately starts sending events out via syslog as you can see here on my syslog server.

I love how easy it is to filter exactly which events are sent. This allows you to filter out noise events at their source – conserving bandwidth and log management resources all the way down the line.

But what if you have many systems that need to be configured to forward events? I took a look at the folder where ELF was installed and found a LogForwarderSettings.cfg file that is very easy to read. Moreover there’s even a LogForwarder.PDF file in the Docs folder that fully documents this settings file. I don’t see anything installation dependent in this file so it looks to me like you could use the ELF GUI Client to configure one installation and then copy LogForwarderSettings.cfg to all the other systems where you want the same behavior.

You can download SolarWinds Event Log Forwarder here

Read the whole story
1272 days ago
Nice, I wonder if the overhead is more/less than snare.
Share this story
Next Page of Stories