Archive for the ‘hack’ Category

ST Professional Plumbing And Heating responds to security concern with “blah blah”.

February 12, 2015

(See attached image)
Suppose you are concerned about your fancy internet-connected home appliance. You might have seen that film in 1995 called “Hackers”. Therefore, you voice your concerns to the supplier. If your supplier was a professional, the supplier might say that every precaution is taken to reduce and mitigate the risks. The supplier might even say there is a report available from an independent tester which shows the security of the system.

On the other hand, I present the example shown here where the supplier (that’s ST Professional Plumbing And Heating of Flookburgh, Cumbria) say “blah blah” to your concerns. They seem to think that you must ‘take their word for it’ in their arrogance. I wonder if they are suggesting that the average man on Clapham Common is unable to understand and consider the risks.

I will not be employing them, ever. I ask you to consider the nature of the company you are considering employing in the future. It’s not national security at risk. It’s your personal security, and when you are in your own home it is your castle. I believe that when you are in your own home, you need to put the security of your family and yourself first.

As a side-note, I would expect that the people in charge of national security have probably got it sussed by now.

2015027_ST_Professional_Plumbing_And_Heating_responds_to_security questions_and_fails

Advertisements

Converting fonts to paths in Ghostscript

June 1, 2014

This entry is mostly for my convenience, to make it easier to find in the future.

Source: http://latex-my.blogspot.de/2012/01/text-to-path-conversion-with.html

If you just want a one-off conversion at the command line:

gs -sDEVICE=pswrite -dNOCACHE -sOutputFile=”OutputFile-nofonts.ps” -q -dbatch -dNOPAUSE -dQUIET “InputFile.ps” -c quit

Backlight replacement of the LG Flatron 194WS monitor.

March 20, 2013

This all started when the backlight would only stay lit for about one second. At first I thought it might be due to a power supply issue. There is previous history on this subject, because there are a few monitors built around the same internal hardware. I followed the instructions there (thank you Corporate Computer) and replaced those six capacitors.

I still had a faulty backlight. For reference, the power board has the following part number EAX35159301/7, and is auto-ranging in its input supply (100-240VAC, 50/60Hz). It has a revision date of 2007-02-26.

So the next thing is the CCFL backlight tubes, so I stripped those out from the panel assembly. The ends showed significant blackening, so perhaps the power supply was responding to an over-current condition on the CCFL by shutting down. Sadly, ebay and google could not find me a cost-effective set of replacement tubes. Also, some six years after the unit was made, LED backlighting has made CCFL backlighting obsolete.

While I had the panel apart, I cut some notches out of the metal surround.

So I went back to ebay and bought one metre of white SMD LED flexible tape. It cost me £1.49, and that included postage to the UK.

The tape was designed so it could be cut every three LEDs, and there are cut marks on the tape. It worked out that I could cut two lengths, each with 24 LEDs. These would fit the top and bottom of the screen, where the CCFL tubes used to be. The tape was 8mm wide, exactly the same as the metal supports for the CCFL tubes. The LED strips require 12VDC, which I could get from the monitor’s own (internal) power supply. If you look where the smaller LCD controller board connects to the power supply, via an 11-way connector, the connections there are clearly labelled.

Having used the adhesive backing on the LED strips to secure them to the metal supports, and lots of compressed air to clean the various light diffuser sheets, reassembly was straight-forward. It was mostly straight-forward. After connecting the LED strips to the power supply, I did a final test before assembling the outer casing.

Summary.

The result is that the monitor now works, although the backlight is noticeably dimmer than it used to be before it failed. Also, the backlight stays on when the monitor is in stand-by mode. The only way to turn off the backlight is to isolate the monitor at the mains inlet. Given the very small amount of money spent on it, I think these are acceptable compromises.
Something to consider doing is going back to that 11-way connector, and looking if there is a control signal which can be used to drive a simple MOSFET switch, so that the backlight is extinguished when there is no input signal, or when the monitor is in stand-by.

Firefox and Flashblock.

January 8, 2013

I have been a Flashblock user for, I don’t know, a long time. I don’t actually mind Flash objects on web pages, but I found auto-starting adverts to be particularly distracting.

The reason for this post is just to share a little tip. Add these three sites to the Whitelist:
player.vimeo.com
maps.google.com
maps.google.co.uk
You will find that useful Flash things start working, while you can still ignore adverts and browser exploits which use Flash.

A little note about the batteries for the Philips SHC5100 wireless headphones.

November 22, 2012

The gist of it is don’t rush out and buy the specific part (HB550S).
Buy a pair of regular (Nickel Metal Hydride) AAA size rechargeable cells, try and aim for about the same capacity of 550mAh. Then carefully cut about 3 or 4 mm of the plastic wrap from the negative end of the cell.
Have a look at this image for a guide.
Remember that most of the metal can is the negative electrode, so be careful to prevent accidental short circuits with the extra metal exposed.
If you look in the battery compartment of the headphones, there is an extra metal finger which contacts the battery on the side. This is how the headphones detect if the battery is the rechargeable type.

TomTom One temporary mains power supply.

April 27, 2012

I doubt this would be recommended by either of the manufacturers involved (TomTom or Exposure).

I notice that the mains charger for the Exposure MaXx-D can also power a TomTom One (No longer supported by the manufacturer).

This is useful if you have a TomTom One which has been sat at the back of a cupboard for some months, and the internal charge on the TomTom’s battery has self-discharged. You have a choice of finding (or bodging) a mains charger, or going out to the car at 11-something-pm on Friday.

Further to the Bandridge CPL4201 USB to serial adapter: A fix!

March 22, 2010

Today, doing a little more research and experimentation I found out something I suspect Bandridge would rather keep secret.
The Bandridge CPL4201 USB to serial adapter is actually a Pacific PL2303. You can get the driver from Pacific themselves here.
There are drivers there for versions of Windows from ’98 to 7, and the vast majority of in-between versions too. Also there are drivers for WinCE, Mac OS 8, 9, 10.1 and above, and for Red Hat Linux. (A modern Linux kernel will have the driver built in)

For completeness’s sake the CPL4201 gives this response to “lsusb” on my Ubuntu system:
“Bus 006 Device 003: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port”
The important parts are the Vendor ID 067B, and the Product ID 2303.
There is a similar, but incompatible, USB to serial adapter based on the PL2303X but someone has already found out about it and come up with a patch.

For the record, the CPL4201 I have is a vanilla PL2303.

The summary seems to be:
* Bandridge can’t be bothered to redirect enquires about Windows drivers to the Pacific driver page (link above).
* Bandridge don’t want to take thirty seconds to re-package the Pacific driver with their branding.
* I now own two USB to serial port adapters (woo-yay!?). One of them might be adapted like this in the future.

Therefore I say: Bandridge – you suck.

More than you ever wanted to know about memory cards.

February 16, 2010

Bunnie Studios’ blog has been on my regular reading list ever since the first XBox was hacked. The latest entry has just surpassed the level of ingenuity and entertainment value of his original paper on the XBox security (alternate link to the paper).

Thomson Speedtouch USB ADSL modem driver stores user passwords in the clear.

September 28, 2009

Problem: A Win32 PC, connected to the internet via a USB Thomson Speedtouch modem requires converting to an external modem/router. User can not immediately find the ADSL password.

Solution: The ADSL user name is visible from the desktop “connect me up” software. The password can be found in the registry (search for Thomson, or Speedtouch), stored in plaintext!

I did notice there was an extra, non-printing character, at the end of the password. Perhaps it is a single byte checksum. Copy and paste all-bar-the-last characters to the password field on the modem’s configuration page, and you’re good to go!

Not all hacks are this easy. 🙂

Trailers from Apple

August 24, 2009

I notice that Apple are now using the user-agent string to find out how their trailers are being distributed. I think this is a work-around for folk who don’t have, or want, Quicktime installed.
This would apply to anyone using Ubuntu, or (I guess) most Debian-based distributions.
curl -o avatar.mov -A "QuickTime/7.6 (qtver=7.6;cpu=IA32;os=Mac 10,5,7)" http://movies.apple.com/movies/fox/avatar/avatar2009aug0820a-tsr_h720p.mov

If you are a Linux user, then you probably have curl installed, if not then you probably know how to install it with “apt-get install”.