PASSWORD REQUIREMENTS OF DEVICES

One of my pet peeves is when a device manufacturer decides to have a different password scheme than what I (the system admin) choose to use. I may have a few hundred cameras installed on a private network with no Internet access, all using the same password. Then I buy a new model camera and this device is going to require me to have another password, because they think that’s safer and better than what I designed. Either I change all of them to fit the new password, or I have to remember more than one password.

I get it. If someone is using the device on an open system, then having a really secure password is a great idea. But when I’m dealing with hundreds of cameras and need to tweak settings on them individually, AND they are all inaccessible by anyone else, then it is a bad idea. I’ve also encountered devices that expire passwords, because an engineer somewhere decided that would be a good idea. Except that some devices only get looked at every 5 to 10 years when IT decides to make a change to the network scheme. What could be a quick change becomes several more minutes per device because a gizmo is demanding that I change the password. That sometimes requires that I tell software to first allow the change, sign-in and make the forced change, change it back, disable password expiry (if possible), then return control to the software.

If someone can actually get inside and get to the system, then individual device passwords are the least of my worries.

SAMSUNG CAMERA SNV-L6013RN FATAL DESIGN FLAW

I was adjusting the view on a hallway security camera when it stopped functioning entirely. I couldn’t fathom how it would just stop. I had not harmed the cable or struck the camera in any way. What happened?

I removed the camera and took it apart. Even then the problem wasn’t immediately apparent. Then I noticed how the part I was moving hovers barely a millimeter above a bare circuit board with very tiny fragile parts. Sure enough, just rotating the round lens part caught on these tiny electronic parts and broke them off of the circuit board, destroying the camera!

What engineer thought this was a good design?! At least put a floor under the rotating part to protect the electronics.

OpenTable Doesn’t Like Linux

I’ve been using OpenTable to make reservations for a couple of years, but recently started getting an odd “Access Denied” message anytime I went to their website. Even going through the website of a restaurant that links to them failed. Then I came across a forum posting where a guy figured out that connecting to the site while using a Linux operating system invokes the error.
https://forum.touringplans.com/t/opentable-com-working/86755

Who blocks an operating system from generating money for a restaurant? It’s like someone decided that “Linux=Hackers” and blocked anyone using it. Or perhaps it was being overwhelmed with search-bots and blocked Linux for that.

But through the use of a “User Agent” add-on, I was able to convince the website that I’m on Windows 10, and voom it opened!

The add-on is found here:
https://chrome.google.com/webstore/detail/user-agent-switcher-and-m/bhchdcejhohfmigjafbampogmaanbfkg/related

The settings are simple:
Choose a radio button and then click the lower right button to apply to all windows (unless you only want a certain one to get the new info).

LG WARRANTY REPAIR ISSUES

(Update at bottom)

I bought an LG 4K computer monitor just a few months ago and it stopped turning on. So, I started a repair request. They immediately sent an email saying that they… would be sending an email with instructions. That email never came, and yes I checked my spam and trash folders.

I started a 2nd repair ticket two weeks later for the same issue. Again I got an email promising another email with instructions. That also never came.

If LG can send the first email, why not just wait a bit and send the return instructions in that email?

The reason I blog this issue is the last line of their emails which are a one-way communication. They only want to hear from a customer via their web forms, and if you already used the web form, they insist they already heard from you and to check your spam folder.

Oddly, when I had an LG TV issue, they were right there with a repair scheduled, and then the TV self-downloaded a firmware update that fixed the issue. Sadly, that same kind of response hasn’t happened with this new computer monitor.

“This is Arianne, and we received your online service request with regard to your LG Product.
As one of our valued customers, we regret to hear any problems you have encountered with your product and we are glad that we can
assist you.

We would like to inform you that we have already created a repair receipt for your unit: RNN——

Please double check your inbox or check your spam folder for shipping label and instruction on how you can send your unit to our facility.

We hope this information is helpful. Should you have any further questions or concerns, please do not hesitate to contact us again
via Email, Live Chat or create new repair service request at https://www.lg.com/us/support/repair-service/schedule-repair.

We look forward to any opportunity by which we might offer the best service schedule available for you. You may visit our website
http://www.lg.com/us for product help and more.

Thank you very much for your kindness and patience.
Note: This email address is used for outgoing mail only. Thank you.“

UPDATE JUNE 19: LG did finally send me the shipping label and instructions for returning the monitor.

HONEYWELL NetAXS NX4S1 AND TLS 1.0

One place I support has 32 NetAXS 4-door panels. These have always been quirky, but they have a rather major flaw in that they only communicate with a browser that uses TLS 1.0, which is now discontinued due to cyber security reasons. Honeywell has not announced any new firmware for these discontinued panels, and we are looking at around $64,000 to replace these with Honeywell’s only current option the MPA2 panel (2-door). The irony is that we have a LOT of the much older N1000 and N1000-4X panels which are happily chugging along. These use a couple of add-on devices to talk to the network, and those devices do not require HTTPS, so are still working fine behind the firewall.

The problem is that the site is changing IP range and I need to update each panel manually. The steps are:

1. I have first use Winpak in Control Map to enable web mode for each NetAXS panel,
2. then connect to the panel’s IP address using https and set the panel into web mode,
3. make the changes, and change back to WIN-PAK mode.
4. Some panels have expired passwords which adds another thing to do.

Using an old version of Firefox-78-portable, I can get it into web mode and make the changes. All modern browsers have discontinued TLS 1.0, so my options are limited. Another way is to use IE 11 in compatibility mode (there is a Compatibility Mode option in settings, add the IP address of the panels to a list).

Honeywell SHOULD support its installed customer base by releasing an updated firmware that fixes this issue. They could stop requiring TLS at all, or at least update to TLS 1.2. These panels function fine, so leaving us having to find old version of browsers is rude. Leaving customers stranded like this is really not ok. And make a modern 4-door panel already!

Linux and Focusrite Scarlett 2i2 Gen3, garbled sound

I’ve been using the Focusrite Scarlett 2i2 Gen 3 for a few months now, and out of the box it worked great as an audio interface in Xubuntu. We had a major power outage today, and afterward Scarlett only had garbled sound.

I first watched a video by unfa that says the software control Alsamixer can address it after creating this file:

To enable Scarlett 2i2 3rd gen. software controls, put this text: options snd_usb_audio vid=0x1235 pid=0x8210 device_setup=1 into a file named: /etc/modprobe.d/snd_usb_audio.conf

Mine unfortunately only says “This sound device does not have any controls”

User “Kodimis Kodimis” on YouTube said:
The Mass Storage Device can be disabled by:
1. Unplug USB from Scarlett.
2. Hold down the 48v button while USB is disconnected.
3. While holding down the button, plug in USB and wait five seconds, then release.
Mass Storage Device default will be turned off in the hardware.

Then I found this link regarding garbled sound on an external USB sound card, and the work-around fixed the issue.

Edit /etc/pulse/daemon.conf to uncomment “default-sample-rate” and set it to 48000. It worked! I’m happily listening again.

Honeywell Winpak 4.9 Client program in a Domain (not Workgroup)

I spent the past couple of weeks nearly full time trying to get Wnpak 4.9 installed on Windows Server 2016. I spent hours on the phone with Honeywell tech support (a couple of them were outstanding). My IT group helped out by installing modern versions of .NET rather than the outdated ones called for by Honeywell that are now considered security risks. Then I spent days trying to get the Client program working on at least one PC.

Today I finally got the Client program working. Here is what I learned:

[Tech Note: Contrary to what Honeywell Tech Support told me, the server does NOT need to be able to telnet to the client computer on port 5555, but the client computer does need to be able to telnet to the server. There are no Winpak services running on the client PC, so the client PC will never be listening on ports 5555 and 5556, so telnet won’t work to the client (nor does it need to). Telnet is only being used to test the ports, not to transfer info.]

The rest of this is on page 4 of the Client-Server Troubleshooting Guide from Honeywell.

On the server in a Domain, the account that runs the Winpak services needs to be a domain account and needs to be an admin on the system. It does NOT need to be a domain admin, contrary to what Honeywell tech support said repeatedly.

On client computer, run the user modification tool “Honeywell.Winpak.Services.Utility.exe” in the installation folder. This Honeywell program must be given the same domain account name as the server’s Winpak services so the client can authenticate when connecting to the server.

(example location: Winpak_4.9_Installation\Tools\WIN-PAK Services User Modification Tool\Honeywell.Winpak.Services.Utility.exe)

Type in the username domain\account_name

Type in the password

Let it run and it will set the credentials that it will use to connect to the server. Click OK when it says it is done.

Again, the credentials should match what the server uses to run the Winpak services on the server. If you run the Windows “Services” app on the server, at the bottom of the list it will show the Winpak services and to the right will show the username domain\account_name account. In a domain, the services must be run by a domain account, not by winpakuser.

MY GRIPES
Win-Pak started back in the 1990s as a Northern Computers product and has been tweaked and tweaked over the decades to work with more modern operating systems. Win-Pak seriously needs to be re-written, get rid of the many prerequisites for installation, streamline it so it simply installs and works. Then update the actual function of the reporting area that hasn’t changed for 20 years. So many custom reports can be done via SQL, why not incorporate that into the user interface and make the software a lot more useful? I get the feeling that Win-Pak is a cash-cow for Honeywell and they don’t really want to invest a lot into it. That is the case for the card access panels as well. The “new” MPA2 panel is absurd, using RJ45 adapters for readers, and a plastic cover thing over the motherboard that actually gets in the way of the power wires from the power supply.

The NetAXS panel had a ton of problems (e.g, TLS 1.0 and 1.1, firmware out of date, a low limit on how many custom users can be assigned to a door, odd jumper needed for the power-fail terminal), but was the best layout I’ve seen for a panel offered by Honeywell. All the reader inputs were clearly marked and color coded. All the relays and inputs were clearly marked. AND… it controlled 4 doors instead of just 2 on the MPA2. Currently if a 4-door panel fails, I have to replace it with two MPA2 panels. That is stupid in 2022. Quit jacking around your customers Honeywell.

FAKE HULTAFORS EKELUND HUNTING AXE VS GENUINE

I recently bought what I though was a Swedish made axe on Amazon. I had been looking at it for a couple of months and saw the price drop by $60, so bought it. I thought it odd that I couldn’t see any reviews of the seller “Hunting & Camping”, which is actually a seller in the country Pakistan. Unfortunately, I waited until it shipped to check again, and saw multiple 1-star reviews about fake axes. I doubt I’ll get my money back.

I also ordered the same model axe from a Canadian outdoor gear seller, and got a genuine. So here are comparison pictures that show the differences, and the dangerous nature of the fake, which is made of cast iron.

I love the genuine one! Smooth, sharp, and balanced.

SOME PHOTO IMAGES LOOK VERY DARK IN FIREFOX

I found that when I viewed some images with Firefox, that even though a thumbnail looked normal, the full size image looked very dark, almost like it had an overlay. I thought it might be a PNG transparancy issue, but this happened with PNG and JPG images. The image on the left is what I was seeing, when it should look like the one on the right.

By opening the dark image in GIMP, it immediately said that the image had an embedded color profile, likely embedded by the camera of the photographer. That made me search for how to disable this feature in Firefox, since it wasn’t working well for me. (I’m sure there is some preferred way to enable the feature and have it work, so please let me know. This is just a fast way to make it work.)

Open the “page” about:config

To disable Firefox from using embedded color profiles:
Search for gfx.color_management.mode and set it to 0 (this disables color management for all images)

You may also need to do this one:
Search for gfx.color_management.enablev4 and set it to false

(If these settings are already at 0 and false, set them to 2 and true, close Firefox, reopen Firefox and then revert them. That shouldn’t “be a thing” but worked for me.)

To re-enable embedded color profiles in images:
Search for gfx.color_management.mode and set it to 1 (this enables color management for all images, including ones that are missing tags)

Search for gfx.color_management.enablev4 and set it to true

KERSHAW CLASH: REPLACE BROKEN TORSION BAR

My work knife made an odd sound the other day and only would open a short amount without help. It is an “assisted open” knife with a torsion bar that helps snap the blade open with one hand. This is an important feature for safety if only one hand is available, and comes in handy in tight spaces.

I didn’t know if I would have to buy a new knife or if it could be repaired. I watched this video and it looked really simple. But first I had to go to the Kershaw (Kai) website and request a new torsion bar for the specific model knife.

I received the new torsion bar in about a week (free of charge). I opened the knife on my work bench and took out the torx screws (T6 or T7 and T8).

The new torsion bar just sits into the two holes shown below. No tension is applied at this point.

This part was simple. But during reassembly, I found it difficult to get the torx holders (nuts) on the other side of the knife to seat properly. On closer inspection I found that the torx holders have a flat edge so it can only fit one way into the hole (and this provides a way to hold the nut so it doesn’t rotate when adding the screw).

Once the screws were back in place, the knife closed and opened like new.