Windows 10 Anniversary Update DHCPV6 (Still) Broken

According to threads on Microsoft’s Developer Network, DHCPV6 has been broken since the first deployments of the Anniversary Update last August. I first noticed an issue on October 4 where several Windows clients would no longer register their IPV6 DNS address post update.

While this has been broken for a couple of months, I was advised today by Adam Rudell, a Microsoft Support Escalation Engineer, that the “PG is actively investigating. I just updated the TechNet thread and will follow up as soon as PG has provided me some more information.”

The full thread can be read here.

Bad Mobile Device Manners In-Flight

Yesterday, a cacophony of irritating noises permeated my brain on board an otherwise pleasant United flight from Orlando to Newark.

Some airlines think they have improved service by providing free entertainment streaming on personal mobile devices. And of course, in-flight wifi is becoming ever more commonplace. Actually, what the airlines have done is saved a bundle of money on maintaining those personal seat back screens. They’ve also created a major new source of in-flight irritation.

The problem is not the airlines per se, but the inconsiderate and ill-mannered behavior of un-civil society members on board.

Let me make things clear. If your child is playing a game on their mobile device, turn off the sound. I don’t want to hear the bloops and beeps.

If you are watching a video, turn off the sound or use headphones. I am not interested in your video, no matter what it is.

If you are texting inflight I don’t want to hear a chime, buzz, or bell each time you receive a message. Turn them off.

If you are listening to music, use headphones and keep the volume at a level so that I don’t have to listen to your music. I don’t want to hear it no matter how good you think it is.

Cabin crews — please add a blurb to your in-flight announcements regarding courteous use of personal entertainment devices. Require use of headphones with any sound generating device. If you hear or see someone violating this request (which ought to be a rule) instruct the violator about expected behavior. Don’t ignore it to the point where I need to call you over to deal with it.

Lessons From A Ship’s Captain

What does a ship’s captain know about information security? A lot, apparently, if that Captain is Richard Phillips of Maersk Alabama fame. If you recall, this ship was the target of a failed hijacking attempt by four Somali pirates in April 2009. The ultimate failure of the hijackers, despite their early success in penetrating the perimeter of the ship, was in large part due to the leadership and strategic skills of Captain Phillips.

Captain Richard Phillips, left.
Captain Richard Phillips, left.

I recently had the opportunity to hear Captain Phillips speak at an event where the target audience was information security professionals. The lessons of the Captain’s experience were very relatable to that audience.

When Captain Phillips joined the crew of the Maersk, he took a couple of days to settle in and observe. He was concerned that security seemed a bit loose on board and decided to drill the crew. He did this repeatedly, each time learning from the failures of the previous drills. He and the crew, working together, improved things to a point where each member understood his role and responsibilities in case of an attack.

Sound familiar? Through iterative testing and analysis he helped his crew understand the policies and the actions that would increase their chances of repelling or surviving an attack by intruders. He made sure that any attack had to go through multiple layers of defenses. When the attack came, not everything worked as planned and practiced, but enough worked to ultimately assure the lives and safety of the crew.

From Captain Phillips’ experience, it reminds us of our need to have policies that make sense and procedures that can be followed, especially under the worst of circumstances. He reminds us to educate our teams and organizations on their roles in executing those procedures. We need to test, test and test again. Learn from failures and successes and you and your crew will survive to tell the tale.

Hopefully you won’t need the help of US Navy SEAL marksmen to repel your next attack.

Windows 10 Update – Unhappy Anniversary

The Windows 10 anniversary update came recently to my radio room computer. The folks in Redmond have some quality assurance problems to resolve. Here’s what I’ve noticed so far.

All my firewall rules were deleted. This means that as I run applications which require external access, I have to reauthorize them. While it is not a bad practice to occasionally review these settings, I would have preferred to do so at a time of my own choosing.

The WINUSB driver used by my Perseus SDR was deleted. I had to reinstall the driver and to do so, I had to go through the multiple reboots to allow installation of the unsigned 64 bit driver. Not fun.

My sound device settings were changed. The friendly name for the SignaLink USB sound card device that is connected to my Kenwood TS-2000 reverted to “USB Audio CODEC” and Windows decided to make that device my default sound and communications devices.

This update was hardly the best anniversary present that Microsoft could have given me.

September RF Bits in CQ – Erratum

cq-contents-sept-2016As luck would have it, a key URL for the software mentioned in my September CQ Magazine RF Bits column no longer works. That is because the author, Mike Guenther, DL2MF, decided to withdraw support for the DV4MF2 console for the DV4mini. Whatever his reasons, we have luckily archived a copy for your convenience. So if you arrive at a German language page with a “no more available” caption in English at the top, fret not and get your copy of DV4MF2.exe right here.

While the author has withdrawn support, the software nonetheless functions as it did when my article was prepared for your enjoyment. Other software for the DV4mini is also available and supported by Wireless Holdings, although lacking the nice Brandmaster XTG support that DV4MF2 offered.

It would be great if more radio amateurs released their software under some open source license so that work by and for the community could be continued as needed. We have far too much orphaned software in regular use in the amateur community. A perfect example of this is UI-View32. The author’s last wishes upon his death included the destruction of the source code. Yet, the program is still used by many amateur stations around the world. Imagine how much more useful the orphaned software could be if the source code were available for further development?

Android Security Just Got a Whole Lot Better

While Marshmallows are soft and gooey, Android 6.0.1 (Marshmallow) is one tough cookie. Marshmallow provides granular security controls that allow you to decide whether an application gets access to particular information. Tired of LinkedIn or Facebook trying to grab all your contacts?

Android Marshmallow allows for more granular control of application permissions.
Android Marshmallow allows for more granular control of application permissions.
Now you can control this behavior.

To take a look at these settings, go to Settings->Apps->Application manager. Pick an app and you’ll see a bunch of sliders that let you turn access on or off for that control. Newer app versions directly support the Marshmallow security model. Older apps don’t and may malfunction, but don’t let that stop you from trying out settings that meet your security requirements.

Blackberry has had this level of application security control for many years. It is good to see that Android is now taking application and data security very seriously.

Perspective of a former Gilfer Associates Employee

Anyone who listened regularly to the shortwaves back in the 1970s knew about Gilfer Associates of Park Ridge, New Jersey. They were a source of books, gadgets, and radios supporting the SWL habit. The company was run by Oliver P. (Perry) Ferrell and his wife, Jeanne. Perry was at one time the Editor of Popular Electronics Magazine.

I came across this recent blog post by Susan Ito, a former employee. It paints a nice picture of what is was like to work for the Ferrells as an after school employee.

How I Came to Love Shipping (and the Hot UPS Guy)

The “Rigged” Presidential Debate System

The Republican and Democratic parties are part of a cartel that want to prevent American citizens from being exposed to any candidate other than their own. They do this through a nonprofit corporation called the Commission on Presidential Debates (CPD). This “governance body” was created in the late 1980s after the League of Women Voters, formerly the sponsor of presidential debates, would not agree to limit participation to the two dominant political parties.

Are debates under these rules serving the interests of the American people or serving the interests of the CPD cartel? Any time the ruling class attempts to limit discourse to those subjects and participants that they have defined as representing their interests, it is YOUR interests that are likely being harmed.

Libertarian candidate Gary Johnson will be on the ballot in all 50 states of the union come November. He is polling at roughly 10% in nationwide opinion surveys. Clearly, the unpopular candidates of the two major parties have much to lose if Johnson is permitted to participate in the Presidential Debates. That’s why the Elephant and Jackass won’t let him play in their sandbox.

Attorney friends, could the RICO statues be used against the CPD to force them to extend participation? It would be interesting to see a RICO based class action civil suit filed on behalf of American voters as the injured class.

Chrome OS – The Right OS for Many

I am convinced that Google’s Chrome OS is highly underrated and under appreciated. I have been testing an ARM based Chromebook as well as an ARM based Chomestick with great results. If your primary email address is @gmail.com, and if most of your computer activity is email, messaging, and light document prep, you don’t need the complexity of Windows or Linux. And, if you think that Mac OS is simple to use, you have not tried Chrome.

The Asus CS10 boasts a quad-core RockChip 3288-C CPU, 2 GB RAM, and 16 GB eMMC.
The Asus CS10 boasts a quad-core RockChip 3288-C CPU, 2 GB RAM, and 16 GB eMMC.

I especially like the Asus Chromebit that arrived yesterday and which is now stuck on the back of a several year old Sony Bravia in the den. I plan to use it where I need a web browser to access content that is not already integrated into TiVo. Paired with a small Logitech wireless keyboard, it is all I need in the den and will free up the i5 Windows 10 machine that was previously used for web streaming.

WordPress Security 101

When I installed WordPress on this site, one thing that concerned me is that login and administrative functions were not using SSL by default. OK, I didn’t have an SSL certificate installed at that point, fair enough. But once the SSL certificate from Let’s Encrypt was installed, I set about learning how to secure these functions.

It is very simple.

In the same directory where WordPress is installed you’ll find a file named “wp-config.php”. Add the following line toward the bottom, right above the “That’s all” comment:

define(‘FORCE_SSL_ADMIN’, true);

Save the file and you’re good to go. Assuming that an SSL certificate is properly installed on your web server, login and administration will now go over SSL.

I then set out to further validate my WordPress security. I found this free web based tool.

I ran it against this site and found that my user accounts could be enumerated. This is clearly information leakage that should be avoided. The solution is to enable a WordPress plugin that stops this behavior. The plugin can be found here.

Download the plugin and copy it to the plugins directory as described in the Installation section of the above page. Using the plugins menu of the WordPress administration console, activate the plugin.

Run the scan again against your WordPress site and you’ll see that this issue has been resolved.