This is Gonna Get Ugly

So my focus is shifting largely due to focus on my professional career, limited time, and frankly the political scene is something that has me so damn angry I need shit to take my mind off of it. For instance I’ve spent my past three weekend moving servers around for a bunch of gun bloggers I take care of hosting for.

For those who don’t know I’m a host, who’s having random sabbaticals, over at The Gunblog Variety Cast.  And well if you know me or have been lucky enough to friend me on Facebook, sorry I don’t just accept anyone, overall I have a solid bead on the tech security space.

The Problem

So incase you’ve been under a rock there have been some major events recently about computer security. First up was “WannaCry“.

WannaCry propagates using EternalBlue, an exploit of Windows’ Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had discovered the vulnerability in the past, but used it to create an exploit for its own offensive work, rather than report it to Microsoft.[22][23] It was only when the existence of this vulnerability was revealed by The Shadow Brokers that Microsoft became aware of the issue,[24] and issued a “critical” security patch on 14 March 2017 to remove the underlying vulnerability on supported versions of Windows, though many organizations had not yet applied it.[25]

The thing is, there’s way more that was in the Shadow Brokers dump and the hits keep coming. CVE-2017-7494 came out May 30th, 2017. This affects “SAMBA”, which is the implementation of the Windows Server Message Block protocol for Linux. I expect a decent chunk of my readership, at least of what’s left since I haven’t written in a year, just went “What!?” It’s at this point I’m going to try to break it down Barney style, ask questions in the comments.

The Windows SMB protocol is how Windows does file sharing.  So when you type something like \mymachinename\ and you see a list of folders available, it’s making use of that protocol. This protocol is also  implemented for Linux that allows you to have a Linux server serving files for Windows machines.

So before I get too much further lets talk about these exploits.  Including a very recent CVE-2017-8543 that was patched Tuesday June 13th. All of them through various methods allowed for whats called “Unauthenticated Remote Code Execution.” The scary thing about 8543 is that it is a zero day, which means that it was found being actively exploited in the wild before the release of the patch.

Logo via Softpedia.

What does that mean, someone, anyone, could cause the end point service to execute arbitrary code sent to it. This wasn’t intentional, that is what makes this an exploit. Someone found a bug that causes the service to behave in this way.  What does that really mean though? It means anyone can send a carefully crafted message to your computer that will make it does whatever they want, including encrypting your data to deny you access.

What does this mean?

So, I hear many of you saying, “Well I have Windows not Linux so I’m good just applying the Microsoft patches right?” This is where I scare the crap out of everyone.

Embedded Linux is used almost everywhere, from cell phones, to ATMs, Network Attached Storage, to the common home wireless router. The good news is really old routers didn’t really offer this as a feature, the bad news is starting around 2013 routers started shipping with USB and eSATA ports so one could connect an external hard drive and share it across the network. It basically was a feature that allowed people to quickly deploy a NAS.

Image via Bob McKay

These embedded devices are all using the SAMBA service as they’re running embedded Linux. It’s worth noting the vulnerability exists going all the way back to March 1st of 2010. So basically any and every router with these features is affected. Going a step further every NAS (Network Attached Storage) device on the market is likewise affected.

So the devices have a software bug, which allows arbitrary code execution which can result in the following:

  • Denial of access to data. It’s encrypted and only decrypted, if they feel like it, after you pay them a ransom.
    • Do NOT pay the ransom. There is no escrow and thus no guarantee you will actually recover your data.
  • Exfiltration of data. Someone searches through your data, saves what they can make money from. Could be IP theft or blackmail.

But it’s a software bug, we just need to get the patch from the manufacturer and life is going to be good right?

The Rub

Image from PCWorld.com

Most of these devices aren’t being updated anymore. That is to say, manufacturers will most likely not be releasing an update to patch this issue if the device is more than a year old.

I’ve got a very nice WRT-1900AC.  The last firmware update was in the middle of 2015. It has features that fall under this and tools show it is vulnerable to the exploit. Let me put this another way. My 300 dollar router, yes that’s what it cost when I bought it, got updates for a year and was then out of service and now critical bugs are being found and left unfixed by the vendor.

Unlike Windows and WannaCry, manufacturers of these devices will leave users vulnerable. Worse, removing them from the network will remove one of the more beneficial features, Network Attached Storage. In the case of routers, these devices are often placed on the border between a users private network and the internet so they are exposed to malicious traffic.

Ideally the router does not present the SMB interface to the internet, however this isn’t to say malicious packets will not find their way into the interior network from the internet if other issues are found with the router. At which point the router will fall victim.

It gets worse…

While working on this post an article came out over at SearchSecurity, discussing CherryBlossom. This was a project by the CIA to attack router security issues including a lack of firmware validation.

“On the enterprise side, the big router manufacturers have offered validation of signed firmware for quite some time. The problem is that it’s not enabled by default for the most part, and it requires that a network admin actually go and do something,” Kuzma told SearchSecurity. “Both the Cisco and Juniper tools rely on MD5 hashes. MD5 is broken as a hashing algorithm, with several known and feasible techniques for generating identical hashes from wildly different binary content.”

Image from Fossbytes.

So this isn’t event just a commercial issue but even an enterprise level issue. Firmware can be updated remotely, over wireless in many cases and has no validation of the code being installed as being from the vendor. Additionally the router provides a fantastic vantage point for an attacker. He can sit in the middle and analyze all your traffic undetected.

It’s like climbing to the top of a peak overlooking a valley. You can see everything from the vantage point.  Not only see in this case, because the router can redirect and alter your traffic to do even more.

So What Do We Do?

First, maintain an offline backup of all your data. Grab a hard drive, copy your important files on to it, and update it periodically.  Do NOT leave it connected to your computer or network. Doing so will leave you vulnerable if something does get in. Plan on when, not if, someone gets in and locks up your data.

Part of this also stems from a “Jack of All Trades” view of equipment in the consumer space and improper defaults in the enterprise space. Really, who wants to buy multiple pieces of equipment and who wants to take the extra steps in configuration?

The problem is in the consumer space ongoing maintenance and support of products is nonexistent.  In the enterprise IT space there are products that are undergoing long-term use and support. Hardware that is often used is basically a mini computer and the router software and firewall is like installing an operating system.

This is where I say something I hate. Because honestly I prefer the easy route for anyone and everyone. It needs to be trivial for a user to do. The problem is this route is leading us down a horrible path because manufacturers are not maintaining their equipment for that path to work.

What’s that mean? You need to actually build a proper firewall appliance and use if for your network. I’m going to write-up a multi part series how-to with instructions. There are a bunch of hardware options, which in itself can lead to the paralysis of analysis. My goal through this is to give a guide of hardware and software to put you in a position you can easily succeed.

The thing is, that’s just bare hardware. It’s dumb, doesn’t do anything, and still needs software and a configuration to run.  So what should you use to protect your network.  Currently the desired guard dog is pFsense.  This takes some work to set up and configure, but in the end will last longer, will be better maintained, and protect your data more reliably.

Over the next couple weeks I will be writing up a how-to on deployment and  looking at creating a default deployment image for that hardware if possible. My hardware choice is slightly different, not because that hardware isn’t good, it’s because I’m doing some advanced deployment for my network.

OpenWRT/DD-WRT are both options as well but there’s a few issues. One they don’t solve the secure update problem seen in Cheery Blossom.  You will still need to disable and remove the mass storage features of the router. While one could look at this you’re also going to no longer use the router as a router but merely an access point.

Depending however on the capabilities of the router, you can do advanced things within your network which still will leverage those capabilities. Ideally though you would still update your router software to OpenWRT/DD-WRT to deal with the exploit, but there can still be a lag or lack of support for your router by either of these solutions. Not to mention the process can be unforgiving and leave you with a brick.

Conclusion:

If you know a friend who’s into IT and computers, now is a good time to buy a case of beer and invite him over to see if he can help. These issues are only going to get worse, especially since the Shadow Brokers are now charging for exploit dumps. Meaning Blackhat hackers will be buying the exploits and unless some whitehats also buy them, which is funding criminal enterprise, we will not know what exploits are in the wild until the malware hits.

Putting multiple eggs into the same basket is becoming more and more risky and we need to start diversifying and looking at using the best tools to protect critical assets. The last thing we want to do is combine the defensive position with the material we’re trying to defend.

This is going to get worse, defense is going to get harder, and the time to start building your earthworks and redoubts is now.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms. He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Something is Afoot…

OG-AA794_GRIDAT_NS_20140204171308Back in April of 2013 there was an attack on a power station in Southern California. The attack was calculated, detailed, planned, and execute well. There were many details that perked my interest including the oil tanks being targeted instead of the windings themselves. This would limit catastrophic damage to the transformer. Additionally numerous fiber-optic lines in the area were cut, including those run by Level 3 Communications.

I have read a few writeup discussing the attack and I did come across one theory that was interesting.

Gabriel: Have you ever heard of Harry Houdini? Well he wasn’t like today’s magicians who are only interested in television ratings. He was an artist. He could make an elephant disappear in the middle of a theater filled with people, and do you know how he did that? Misdirection.
Stanley: What the f*** are you talking about?
Gabriel: Misdirection. What the eyes see and the ears hear, the mind believes.
Swordfish movie (2001)

[See the PowerPoint here]

On the morning of the 16th of April 2013 the following events unfolded at, and around, the PG&E Metcalf Transmission Substation in San Jose, Calif.:

  • 12:58 a.m. AT&T fiber-optic telecommunications cables were cut not far from U.S. Highway 101 just outside south San Jose.
  • 1:07 a.m. Some customers of Level 3 Communications, an Internet service provider, lost service. Cables in its vault near the Metcalf substation were also cut.
  • 1:31 a.m. A surveillance camera pointed along a chain-link fence around the substation recorded a streak of light that investigators from the Santa Clara County Sheriff’s office think was a signal from a waved flashlight. It was followed by the muzzle flash of rifles and sparks from bullets hitting the fence.
  • 1:37 a.m. PG&E confirms received an alarm from motion sensors at the substation, possibly from bullets grazing the fence.
  • 1:41 a.m. San Jose Sheriff’s department received a 911 call about gunfire, sent by an engineer at a nearby power plant that still had phone service.
  • 1:45 a.m. The first bank of transformers, riddled with bullet holes and having leaked 52,000 gallons of oil, overheated – at which time PG&E’s control center about 90 miles north received an equipment-failure alarm.
  • 1:50 a.m. Another apparent flashlight signal, caught on film, marked the end of the attack. More than 100 shell casings of the sort ejected by AK-47s were later found at the site.
  • 1:51 a.m. Law-enforcement officers arrived, but found everything quiet. Unable to get past the locked fence and seeing nothing suspicious, they left.
  • 3:15 a.m. A PG&E worker arrives to survey the damage.

The damage to the substation took 27 days to repair and cost $15.4 Million. In the substation’s 500kV yard, ten transformers were damaged; In the 230kV yard, seven transformers were damaged; In the 115kV yard, 6 circuit breakers were damaged. It was also claimed that a total of 52,000 gallons of mineral oil (used for cooling) leaked as a result of the bullet strikes.

The damage to the fiber-optic telecommunications infrastructure was repaired within 24 hours. AT&T had six cables cut and needed to install new cables to work around the affected area. LEVEL 3 Communications had one cable cut, which was repaired within 10 hours.

The attack on the substation was so over-the-top, especially given that no long-term damage was inflicted, that it more appropriately should have been an entry in Bruce Schneier’s Movie Plot Threat Contest. The trope “orgy of evidence” comes to mind because the attack was so inconsequential for the level of effort expended. Sure it lightened PG&E’s wallet and provided an opportunity for endless sound bites by consultants and lobbyists touting their employers agendas, but nobody’s lights went out as a result of this attack.

So this brings us back to Houdini’s misdirection. Two events occur, one is over-the-top and will obviously lead in the morning media, the other deals with some cut cables in holes next to railroad tracks – decidedly non-spectacular and non-photogenic.

The thing is is that the Metcalf Transmission Substation is next to railroad tracks. And it happens that the railroads’ right of way is used to run fiber-optic cables. I’m sure you’ve heard of SPRINT, which use to be SP Communications, which was founded by Southern Pacific Railroad way back when. Fiber is why all the big name companies in Silicon Valley want to be as close to the railroad tracks as possible!

If we assume that the real target was the telecommunications infrastructure, how would someone tap some of the most monitored lines in the world?

By causing the fiber cables to be so extensively damaged that new sections have to be pulled to work around the damage. This level of disruption would require that any quality/security scans performed – using optical time domain reflectometers (OTDRs) – be re-calibrated after the repairs. The new cable sections could have been pre-engineered to have clip-on couplers (passive taps) built in that exert “micro bending” (i.e., spatial wavelength displacement). If they are detectable by the OTDR they would probably show up as noise near the repaired areas and be ignored. And the voila! Job done.

The next challenge for the strike team would be getting the output from the couplers to somewhere it could be analyzed. Once it was confirmed that the couplers had not been detected, then another team could move in and install appropriate transmitters or couple them into dark fiber for back-haul to data extraction.

We may never know the who/why of this attack. The over-the-top nature of it suggests that it was corporate sponsored as opposed to sovereign. The Metcalf Substation does have some interesting corporate neighbors, but given the nature of the communications traffic flowing in that right of way just about anyone using or traversing that corridor could have been the target.

TL;DR: The substation was actually a diversion.

But there wasn’t much to give credence to the situation until I saw my inbox this morning. Let me repeat something before we start with the new data:

Once is happenstance, twice is coincidence, three or more times is enemy action. And I don’t believe in coincidence.

Lets start with the first article that hit my inbox, USA today.

The FBI is investigating at least 11 physical attacks on high-capacity Internet cables in California’s San Francisco Bay Area dating back a year, including one early Tuesday morning.

Agents confirm the latest attack disrupted Internet service for businesses and residential customers in and around Sacramento, the state’s capital.

FBI agents declined to specify how significantly the attack affected customers, citing the ongoing investigation. In Tuesday’s attack, someone broke into an underground vault and cut three fiber-optic cables belonging to Colorado-based service providers Level 3 and Zayo.

The attacks date back to at least July 6, 2014, said FBI Special Agent Greg Wuthrich.

(Emphasis mine.) Well that’s interesting, but it doesn’t sound all that interesting. The article does note that the incidents have occurred in remote areas but attempts to play it as merely petty vandalism to delay people from getting their cat videos. (No I’m not making it up, see this line…)

Backup systems help cushion consumers from the worst of the attacks, meaning people may notice slower email or videos not playing, but may not have service completely disrupted, he said.

But repairs are costly and penalties are not stiff enough to deter would-be vandals, Doherty said.

“It’s a terrible social crime that affects thousands and millions of people,” he said.

First you have to catch the vandals to fine them, and if this has nothing to do with vandalizing infrastructure but instead tapping it this is a very serious thing. But certainly those lines will help calm those who don’t know details, have the attention span of a squirrel, and don’t have the memory to correlate other external events that are most likely related.

Now lets flip over to the Wall Street Journal.

The latest attack hit several cables in Livermore, Calif., shortly before 4:30 a.m. Pacific time and hadn’t been repaired as of early Tuesday evening, according to several Internet service providers affected by the outage. Some operators complained that law enforcement activity made it harder for crews to fix the problem.

“It’s very inconvenient in terms of getting up at 4 in the morning,” said Peter Kranz, chief executive of local Internet provider Unwired Ltd.

FBI Special Agent Greg Wuthrich said the agency understood operators’ frustration but needed its investigators to look for evidence before anyone patches up the cuts.

“When some of the first cuts were taking place, the cuts and cables were fixed, and there was no evidence, no anything to look at,” he said. “We just need to have a little bit more time to have our people go in.”

I love the complaints about law enforcement making it difficult to repair the communication lines because they want to inspect and collect evidence. This is a classic case of “repair the problem, investigate no further on root cause.” Please stop digging you could induce panic.

Again the paper plays this off not nearly as serious almost as if it’s just some kids out pranking the world. Then we get to the local paper…

The severed fiber optic cables that disrupted Sacramento-area communications is just one in a series of 11 Bay Area incidents in the past year being investigated by the FBI.

Phone, television and Internet services were disrupted in Auburn and the surrounding areas following three severed cables in Alameda County Tuesday morning, according to the federal agency.

Since July 6, 2014, there have been 11 incidents of vandalism to fiber optic cable networks in the greater San Francisco Bay Area.

FBI Special Agent Greg Wuthrich said at this point it is unclear why the cables are being damaged, but said state and federal law enforcement are coordinating on the investigation.

According to communications provider Wave Broadband, three major fiber optic cables were severed at around 4:20 a.m., causing service outages in Sacramento, Rocklin and Auburn areas.

Wait, it wasn’t just one cable shared by multiple service providers, but three different cables? Additionally as these were related to the backbone and given one of the providers involved you just tapped a decent chunk of the internet. Just what the hell is going on down there. I start searching for more information, including something on the Metcalf substation incident to try to cross reference and discover this:

The Silicon Valley power substation that was attacked by a sniper in April 2013 was hit by thieves early Wednesday morning, according to the Pacific Gas and Electric Company, despite increased security.

The substation, near San Jose, Calif., is the source of energy for thousands of customers, and the idea that it was the target of a well-organized attack, and that it might have been disabled for an extended period, raised anxieties about the possible broader vulnerability of the grid. The attack this week did not involve gunfire, and it did not seem intended to disable the facility.

The date on that “theft” is August 27, 2014. The recent string of attacks on the fibre lines started July 2014. Tell me, if you wanted to inspect the response and repair actions of an attack couldn’t you just easily disguise it as a simple theft? You could get up close and personal and inspect exactly how the substation was repaired and what additional actions were taken to harden the substation.

Look, I’m a big fan of Halon’s razor and I hate conspiracy theories because honestly 99% of them are bullshit. But we have multiple, repeat incidents. There were clues and suspicion of possible nation-state involvement which were dismissed. We have an administration who actively works to diminish the significance of attacks and events that surround us and affect us in deep and profound ways. Additionally we see that there are outside nation states who have taken a keen interest in the United States. Just look at the Office of Personnel Management hack, seriously that is a threat beyond what most realize. Then while all this is going on we have people calling to critically weaken our cyber security infrastructure, in the name of stopping terrorism.

There is someone gathering intelligence, placing equipment in the correct locations, and improving their leverage against us. We’re in a technological cold war and we’re seeing the spill over from the physical side of things. Things are not looking good, safe, or secure, especially with over 18 trillion in national debt. Stay safe and keep your powder dry.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms. He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

This is Just Neat

I’ve known about this for a while but I figured I’d share it since many won’t know about the effort that goes into maintaining transmission lines.

Balls of steel.  That is a maneuver that has a pile of  things that can go wrong at any moment.  Most of those things will likely result in death.  That said it can and is done safely on a regular basis.

For those who don’t understand how attaching a helicopter to a 500 KV line doesn’t result in things failing you just need to remember what matters is a difference in potential.  The helicopter is a floating isolated point.  Since its isolated, its reference to “ground” can be shifted.  In this case as the helicopter approaches they use the wand to tie the helicopter to the same potential.  Once the helicopter at line match, so does everything else on the helicopter, including the people.

Once that connection is broken though the systems start drifting apart again.

And lets not forget if the weather turns there’s now another huge problem since wind can cause the helicopter to collide with the power lines.  The lesson there is a helicopter has 74,000 moving parts, all moving in opposition to each other, each with the common goal to kill you.

Still looks like it would be an interesting job, at least as a pilot anyway.  I have no interest on sitting on top of a 500 KV line, despite my knowledge of how it works.  I also know at 500KV it wouldn’t take much to create the current necessary to kill me should a piece of personal protective equipment fail.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms. He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Quote of the Day – Anonymous (11/29/2012)

Reverse Reactive Power is a quantity defined by the IEEE and we know it is real and exists because the lights are on.

Anonymous – Discussion during a meeting


[We spent more time arguing about this subject than should have been allowed, the instigator just wouldn’t let it go.  He couldn’t understand the subject at hand and felt that the usage of the words were wrong.  Never mind every last power engineer in the room was saying it was perfectly descriptive of exactly what was required for the specification.

For an idea of how bad it was, I was waiting for the meeting to get physical as the instigator became very aggressive about his issue and ignoring the responses because he didn’t understand it.  The person running the meeting was becoming notably upset at the unnecessary delay to moving forward and the fact he was ignoring the responses.

The person couldn’t grasp the concept of directionality coupled with reactive power.  To him it was imaginary it didn’t exist, current either leads or lags.  He couldn’t understand that while it was imaginary in a mathematical sense, it was real, and it results in things such as heat and other issues.  What really got him though was the idea that power has a direction.

Finally one person restated, yes I said restated, that the IEEE has defined this term explicitly and finally justified his point at the end by noting that the fact lights over our heads were working and so obviously Reverse Reactive Power does exist.

It was about this time I was doing everything I could to suppress laughter.

There are days I both love and hate this job.  I will say I’m saving that quote and will paraphrase it when I find a situation like this again.

We spent lunch working on educating him on all the details of what it was, how it was measured, and why there was a direction involved.  He was a bit better but was still a little confused.  I will say it was probably a good thing I was my father’s son instead of my father in this little incident.  I will say I heard his words in the back of my head, the phrase “You obviously have the intelligence of a banana slug” flashed through my brain in my father’s voice.

Don’t get me wrong, he’s smart and sharp, but he knows jack about power, power systems, and what goes into protecting them.  Truly smart men recognize what they may not know and listen instead of insisting everyone else is wrong.  Especially when the others can mathematically show and prove their point.* -B]

*Geek out moment, Reactive Power is explicitly a mathematical quantity.  It is the complex or imaginary portion of Apparent Power.  Forward and reverse is applied merely to indicate the direction of power flow relative to a location.  For example which direction is power flowing in a power line?  To people in this industry directionality is what makes the world turn.  You need to know if the fault is in front or behind your monitoring equipment.  Well if you’re looking at the output of a generator and you see power flowing into the generator (reverse), that’s not a good thing and very rarely intentional.  Something is going to get very warm if you don’t do something soon.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms. He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Why Did I choose Engineering?

Because of things like this:

There’s a serious personal reward to projects like that.  I do love how there’s even a trigger mode.

My wife just sat staring in astonishment.  Her dad has a prosthetic from an industrial accident.  While he doesn’t have smart limb, he does have a quite high tech limb that flexes and moves naturally.  Most people don’t even realize he has one unless he’s wearing shorts. 

10 years ago, this type of stuff was still fantasy for the most part.  The amount of processing and input gathering required limited the ability to create something usable.  Moore’s law is a freaking awesome thing.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms. He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Yeah, That’s Always the Solution

Yes, read that title with a serious sense of sarcasm because unsurprisingly we have the following.

Some officials are calling for the U.S. military to take over the managerial structure of the Long Island Power Authority until power is restored on Long Island, where more than a quarter million homes and businesses are still in the dark after Sandy and a snowstorm.

Because fighting a war is so close to restoring and rebuilding the electric power system?  Don’t get me wrong, I have the utmost respect for the military, but there is nothing to indicate they have the skills or abilities necessary to fix this problem.

Now it must be noted that the Navy does have a few men who actually do know something about the power system and distribution, but they also focus on it being aboard ship, with a smaller system with redundancy designed to survive casualties.  Others would look at the military and say, “Well the military has to supply power to their bases.”  Well even the military is lacking the people and skills to do that now days.

By September 30, 2003, most of the over two thousand utility systems owned and operated by the Military Departments are to be privatized. See DoD Reform Initiative Directive #49. Utility systems include systems: (1) for the generation and supply of electric power; (2) for the supply of natural gas; (3) for the transmission of telecommunications; (4) for the treatment or supply of water; (5) for the collection or treatment of wastewater; and (6) for the generation or supply of steam, hot water, and chilled water.

So what exactly would involving the government in the power restoration process do other than create an additional layer of bureaucratic red tape to go through?

There was a considerable amount of damage and it is very serious and not simple.  Many lines that have been repaired remain out of service because there isn’t enough power feeding in to support the line currently.  Not to mention the fact that there has also been damage to the natural gas system and other areas will not have power restored until the gas problems are fixed.

As I said previously:

So what we have is a bunch of distribution points that were/are full of water, need to be drained, the equipment cleaned, checked, maintained, and replaced possibly in some instances.  All of this must be done before re-energizing that circuit.

That takes time, it doesn’t happen overnight, and given the fact that salt water, metal, and electricity is involved  you better do it right.  If you don’t it will be more likely to fail in the future.

Does it suck being out of power?  Yes it does and anyone who thinks a utility doesn’t care about it’s customers being out of power, specifically a significant amount, doesn’t have a brain between their ears.  Each day service is down is a day of lost revenue.  Figure how many people there are, not to mention commercial customers, and then think about how much they’re loosing overall.

Yet again a group of people are screaming the government will magically solve the problem.  Most of those same people actually don’t have a clue about what’s actually going on.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms. He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Quote of the Day–Ry Jones (11/05/2012)

Mother Nature is a bitch, and physics isn’t taking your call, either.

Ry JonesMy guess is I will never get to drive on the bridge currently under construction

November 5th, 2012


[It is amazing the number of people who have assured themselves that they are some how exempt from Mother Nature being a bitch to them, or that some how they are exempt from the laws of physics.  The worst part about it is those who do that rarely ever suffer the consequences for their decisions and choices, it’s always someone else who ends up taking the brunt of it.  -B]

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms. He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Someone Once Asked Me…

Why I wanted to save all those parts kits from my EE lab classes.  What parts kits am I talking about exactly?  These, including the others I got from friends who didn’t want them:

IMAG0400

 

You see, I had this ability to know I was going to need them in the future for some sort of awesome project.  Well Joe has been trying to get a project done to gather some info and I finally just said send me the schematic and I’ll build it.  Amazingly when I saw the schematic it all became obvious.  I saw what was being done and how it worked and figured out values that I could actually achieve.  Spent  some time at Radio Shack tonight and picked up parts and now every thing is in a nice clean box.

IMAG0401

At some point I may rebuilt it to use the extra connector that is available for power, currently it is using a 9V battery on the inside.  Currently this device is already on battery number two.  I missed a soldier bridge and didn’t ohm it before hooking it up.  Once I cleaned the bridge I did a full functional test with my ohm meter and it worked exactly as intended.

Now you may be wondering what exactly this little box is for.  I will give you a hint otherwise you’ll have to wait for the video.  The first three terminal blocks will have current flowing through them.  The silver BNC connector on the right is for telemetry.  Remember that this box is supplying the current.  I would give you a schematic but it would become obvious.  Those who already know, don’t spill the beans.  You might also consider who the customer is on this one for an idea of what we’re doing.

I will say off on the side I have 100ft of speaker wire and another 25 feet of coax cable.  Now I just need to put some labels on it and we’ll be done.

I will say when the Radio Shack guy asked me what I was building, I made sure to pay first.  The reception as it usually is though was, “Awesome, take video and send it to me.”

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms. He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.