PASSWORD REQUIREMENTS OF DEVICES

One of my pet peeves is when a device manufacturer decides to have a different password scheme than what I (the system admin) choose to use. I may have a few hundred cameras installed on a private network with no Internet access, all using the same password. Then I buy a new model camera and this device is going to require me to have another password, because they think that’s safer and better than what I designed. Either I change all of them to fit the new password, or I have to remember more than one password.

I get it. If someone is using the device on an open system, then having a really secure password is a great idea. But when I’m dealing with hundreds of cameras and need to tweak settings on them individually, AND they are all inaccessible by anyone else, then it is a bad idea. I’ve also encountered devices that expire passwords, because an engineer somewhere decided that would be a good idea. Except that some devices only get looked at every 5 to 10 years when IT decides to make a change to the network scheme. What could be a quick change becomes several more minutes per device because a gizmo is demanding that I change the password. That sometimes requires that I tell software to first allow the change, sign-in and make the forced change, change it back, disable password expiry (if possible), then return control to the software.

If someone can actually get inside and get to the system, then individual device passwords are the least of my worries.

OpenTable Doesn’t Like Linux

I’ve been using OpenTable to make reservations for a couple of years, but recently started getting an odd “Access Denied” message anytime I went to their website. Even going through the website of a restaurant that links to them failed. Then I came across a forum posting where a guy figured out that connecting to the site while using a Linux operating system invokes the error.
https://forum.touringplans.com/t/opentable-com-working/86755

Who blocks an operating system from generating money for a restaurant? It’s like someone decided that “Linux=Hackers” and blocked anyone using it. Or perhaps it was being overwhelmed with search-bots and blocked Linux for that.

But through the use of a “User Agent” add-on, I was able to convince the website that I’m on Windows 10, and voom it opened!

The add-on is found here:
https://chrome.google.com/webstore/detail/user-agent-switcher-and-m/bhchdcejhohfmigjafbampogmaanbfkg/related

The settings are simple:
Choose a radio button and then click the lower right button to apply to all windows (unless you only want a certain one to get the new info).

LG WARRANTY REPAIR ISSUES

(Update at bottom)

I bought an LG 4K computer monitor just a few months ago and it stopped turning on. So, I started a repair request. They immediately sent an email saying that they… would be sending an email with instructions. That email never came, and yes I checked my spam and trash folders.

I started a 2nd repair ticket two weeks later for the same issue. Again I got an email promising another email with instructions. That also never came.

If LG can send the first email, why not just wait a bit and send the return instructions in that email?

The reason I blog this issue is the last line of their emails which are a one-way communication. They only want to hear from a customer via their web forms, and if you already used the web form, they insist they already heard from you and to check your spam folder.

Oddly, when I had an LG TV issue, they were right there with a repair scheduled, and then the TV self-downloaded a firmware update that fixed the issue. Sadly, that same kind of response hasn’t happened with this new computer monitor.

“This is Arianne, and we received your online service request with regard to your LG Product.
As one of our valued customers, we regret to hear any problems you have encountered with your product and we are glad that we can
assist you.

We would like to inform you that we have already created a repair receipt for your unit: RNN——

Please double check your inbox or check your spam folder for shipping label and instruction on how you can send your unit to our facility.

We hope this information is helpful. Should you have any further questions or concerns, please do not hesitate to contact us again
via Email, Live Chat or create new repair service request at https://www.lg.com/us/support/repair-service/schedule-repair.

We look forward to any opportunity by which we might offer the best service schedule available for you. You may visit our website
http://www.lg.com/us for product help and more.

Thank you very much for your kindness and patience.
Note: This email address is used for outgoing mail only. Thank you.

UPDATE JUNE 19: LG did finally send me the shipping label and instructions for returning the monitor.

HONEYWELL NetAXS NX4S1 AND TLS 1.0

One place I support has 32 NetAXS 4-door panels. These have always been quirky, but they have a rather major flaw in that they only communicate with a browser that uses TLS 1.0, which is now discontinued due to cyber security reasons. Honeywell has not announced any new firmware for these discontinued panels, and we are looking at around $64,000 to replace these with Honeywell’s only current option the MPA2 panel (2-door). The irony is that we have a LOT of the much older N1000 and N1000-4X panels which are happily chugging along. These use a couple of add-on devices to talk to the network, and those devices do not require HTTPS, so are still working fine behind the firewall.

The problem is that the site is changing IP range and I need to update each panel manually. The steps are:

  1. I have first use Winpak in Control Map to enable web mode for each NetAXS panel,
  2. then connect to the panel’s IP address using https and set the panel into web mode,
  3. make the changes, and change back to WIN-PAK mode.
  4. Some panels have expired passwords which adds another thing to do.

Using an old version of Firefox-78-portable, I can get it into web mode and make the changes. All modern browsers have discontinued TLS 1.0, so my options are limited. Another way is to use IE 11 in compatibility mode (there is a Compatibility Mode option in settings, add the IP address of the panels to a list).

Honeywell SHOULD support its installed customer base by releasing an updated firmware that fixes this issue. They could stop requiring TLS at all, or at least update to TLS 1.2. These panels function fine, so leaving us having to find old version of browsers is rude. Leaving customers stranded like this is really not ok. And make a modern 4-door panel already!

Honeywell Winpak 4.9 Client program in a Domain (not Workgroup)

I spent the past couple of weeks nearly full time trying to get Wnpak 4.9 installed on Windows Server 2016. I spent hours on the phone with Honeywell tech support (a couple of them were outstanding). My IT group helped out by installing modern versions of .NET rather than the outdated ones called for by Honeywell that are now considered security risks. Then I spent days trying to get the Client program working on at least one PC.

Today I finally got the Client program working. Here is what I learned:

[Tech Note: Contrary to what Honeywell Tech Support told me, the server does NOT need to be able to telnet to the client computer on port 5555, but the client computer does need to be able to telnet to the server. There are no Winpak services running on the client PC, so the client PC will never be listening on ports 5555 and 5556, so telnet won’t work to the client (nor does it need to). Telnet is only being used to test the ports, not to transfer info.]

The rest of this is on page 4 of the Client-Server Troubleshooting Guide from Honeywell.

On the server in a Domain, the account that runs the Winpak services needs to be a domain account and needs to be an admin on the system. It does NOT need to be a domain admin, contrary to what Honeywell tech support said repeatedly.

On client computer, run the user modification tool “Honeywell.Winpak.Services.Utility.exe” in the installation folder. This Honeywell program must be given the same domain account name as the server’s Winpak services so the client can authenticate when connecting to the server.

(example location: Winpak_4.9_Installation\Tools\WIN-PAK Services User Modification Tool\Honeywell.Winpak.Services.Utility.exe)

Type in the username domain\account_name

Type in the password

Let it run and it will set the credentials that it will use to connect to the server. Click OK when it says it is done.

Again, the credentials should match what the server uses to run the Winpak services on the server. If you run the Windows “Services” app on the server, at the bottom of the list it will show the Winpak services and to the right will show the username domain\account_name account. In a domain, the services must be run by a domain account, not by winpakuser.

MY GRIPES
Win-Pak started back in the 1990s as a Northern Computers product and has been tweaked and tweaked over the decades to work with more modern operating systems. Win-Pak seriously needs to be re-written, get rid of the many prerequisites for installation, streamline it so it simply installs and works. Then update the actual function of the reporting area that hasn’t changed for 20 years. So many custom reports can be done via SQL, why not incorporate that into the user interface and make the software a lot more useful? I get the feeling that Win-Pak is a cash-cow for Honeywell and they don’t really want to invest a lot into it. That is the case for the card access panels as well. The “new” MPA2 panel is absurd, using RJ45 adapters for readers, and a plastic cover thing over the motherboard that actually gets in the way of the power wires from the power supply.

The NetAXS panel had a ton of problems (e.g, TLS 1.0 and 1.1, firmware out of date, a low limit on how many custom users can be assigned to a door, odd jumper needed for the power-fail terminal), but was the best layout I’ve seen for a panel offered by Honeywell. All the reader inputs were clearly marked and color coded. All the relays and inputs were clearly marked. AND… it controlled 4 doors instead of just 2 on the MPA2. Currently if a 4-door panel fails, I have to replace it with two MPA2 panels. That is stupid in 2022. Quit jacking around your customers Honeywell.

SOME PHOTO IMAGES LOOK VERY DARK IN FIREFOX

I found that when I viewed some images with Firefox, that even though a thumbnail looked normal, the full size image looked very dark, almost like it had an overlay. I thought it might be a PNG transparancy issue, but this happened with PNG and JPG images. The image on the left is what I was seeing, when it should look like the one on the right.

By opening the dark image in GIMP, it immediately said that the image had an embedded color profile, likely embedded by the camera of the photographer. That made me search for how to disable this feature in Firefox, since it wasn’t working well for me. (I’m sure there is some preferred way to enable the feature and have it work, so please let me know. This is just a fast way to make it work.)

Open the “page” about:config

To disable Firefox from using embedded color profiles:
Search for gfx.color_management.mode and set it to 0 (this disables color management for all images)

You may also need to do this one:
Search for gfx.color_management.enablev4 and set it to false

(If these settings are already at 0 and false, set them to 2 and true, close Firefox, reopen Firefox and then revert them. That shouldn’t “be a thing” but worked for me.)

To re-enable embedded color profiles in images:
Search for gfx.color_management.mode and set it to 1 (this enables color management for all images, including ones that are missing tags)

Search for gfx.color_management.enablev4 and set it to true

AUDACITY (audio program) FAILS WITH AVCODEC ERROR (SOLVED)

I compiled and installed Audacity on Linux but it would not open. When I ran a commandline method, it told me that it had an error about a symbol lookup in libavcodec. After reading a lot about the libav program, it finally dawned on me that it was an abandoned project and probably wasn’t even needed by my system or Audacity (or ffmpeg). I removed it and Audacity began working!

Based on an old post by Naveen on askubuntu.com, I used this method:

To remove:
IF you compiled and installed manually:
Go to the build directory and run:

sudo make uninstall libav (This worked for me)

If that does not work, run:

sudo checkinstall libav

Then a debian package will be generated. Open it (from Software Center) and press Remove.

IF you installed the latest library though APT/Software Center:
Run this to remove it:

sudo apt remove libav

I did have to recompile and install VLC player again. But that was fairly easy.

VIDEOING SINGER GIGS (WHY I STOPPED)

The last gig I was hired to video netted me $100. That was split over the hours it took to video the show, make clips, make a montage of the clips with fades, and add contact info to the end.

  • 2 hours videoing the gig
  • plus 1 hour travel
  • 4 hours converting to HD from 4K, making raw clips, uploading to Google Drive and sharing with several people
  • 8 hours to figure out how to make montage, get feedback to correct clip times, add fades and contact info
    (These times are an interactive combination of me making software do what is needed, and the software processing.)

That’s $100/15 hours or about $6.60/hour. And my name was not even given credit for videos posted.

This is why I stopped doing videos.

Most musicians I know can’t afford paying for the kind of video services they want, and I don’t want to spend my otherwise free time working for free. But they have no qualms charging at least $60 an hour for classes, knowing that once the class is done they are done. For me, finishing the gig is just the start of my work. That last gig would be $900 if I charged the same $60/hour. I don’t know any local bands that can afford that or even half of that. I only do video now for bands when I know they only want the whole show as a digital download. That makes it easy for me and cost effective for my labor and equipment. Additional work doing clips and montages is $50/hour.

WORKING FOR EXPOSURE
I’ve read a number of posts from musicians calling out the absurdity of working for “exposure” (working for free), and the paltry amounts they generally get for gigs these days. I agree. The same attitude then should be extended to those they employ for recording or videoing their gigs.

BACKGROUND
I should start by saying that I’m not a professional videographer. I have a regular day job and sing as a hobby. I bought a fairly nice HD video camera 8 years ago (and recently a 4K camera) and started doing videos of my own performances to learn more about how I actually look and sound. Then others began asking for videos of their performances. I did quite a number for free in the early days, just glad to be in the club and hearing music. Then I started getting so many requests that I essentially had a 2nd job. I started charging, and then charged more until the number of requests became manageable. But honestly, it is a huge time sink for me and I don’t even want to do it unless the compensation makes it worth it for me.

BALANCE
I want my singer friends to be able to get video while balancing that with compensating me for my work. There is no point in charging more than most people will pay. But even people that charge me $60 an hour for their own services have been balking at paying just $100 for my basic gig video services (usually 5 hours of work).

On the flip side, complaints I’ve heard are:

  • The video looks fuzzy for HD/4K.
    That is almost always because the jazz venues are poorly lit for doing video, and the low-light technology of the camera is limited. Our eyes adjust a lot better to dim light than most consumer grade cameras. My new 4K camera does better than the older HD cam, but it still can look fuzzy in low light.
  • The colors are weird.
    That is from the lighting that the venue is using. I can’t control that. I have tried a few times asking if the colored lights can be just regular white light, but the staff didn’t know how to change it. I do warn clients about lighting and restaurant customer noise when they ask for video in certain locations.
  • The cost seems a bit high for something so easy.
    Professional videographers would charge far more than I do, in the range of $400-900 per gig. Add special requests like a montage and the price will go up to around $1200. Most singers I know can’t afford that, especially for club videos where people are talking loudly, laughing, waiters are crossing in front of the camera, and so on. It takes an outlay of about $2000 to get a camera, tripod, and software for doing video editing, plus a computer with a fast processor and plenty of RAM to handle the large files in HD and especially 4K video. Then you get to spend hours learning how to use the software to get the result you want. Or you can pay me to do it.

Can’t Type In Search Bar in Windows 10

A very odd error started on my work computer yesterday. I went to search for a file name on a drive and nothing would type in the search bar. I could type fine elsewhere, but not in any search bars.

I did the typical attempts to fix it like restarting the computer. I opened a ticket with our IT department and a good tech came by and found that he could get it to work if he ran ctfmon.exe first. But this had to be done each time I logged in. He also mentioned something about the Task Scheduler being empty.

This last statement made me look for the Task Scheduler service in the list of services. It was not even present! That is very odd. I did some looking for how to add the service as a default. I found that there is a registry entry that has to be made if it doesn’t exist. I ran regedit.exe (I’m an admin on the machine).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule

In this folder I added a DWORD (32-bit) called Start

Assigned a value of 2 hex

I closed the registry editor and restarted. This fixed the issue!