Domain: beyondlogic.org
Stories and comments across the archive that link to beyondlogic.org.
Comments · 25
-
Re:So in other words, it will be just like Firewir
Where are the latency issues?
If you need low latency, you just need to use USB the right way. -
You don't need AV
When I used Windows XP Pro (I now use CentOS and Debian), I set the system up such that I didn't need AV...I basically applied what I learned from Linux.
That is...
(1) Set up a Limited User Account (LUA)
(2) Software Restriction Policy (OR if you're using XP Home; use => http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm instead)
(3) Install only the apps you need.
(4) Online Armor Free Edition. (Software Firewall with HIPS...ie: It warns you something is trying to execute or "dial out", and gives you the option to stop it.)
(5) Removed or disabled Services, etc you know you'll never use.
Of course, the "Cons" to this approach is that XP isn't forgiving when it comes to using LUA...So you have to use something like SuRUN to allow certain apps to run with Admin privileges. A little testing is required before putting it into "production use".
Complement the above with "security aware" computing habits, and you're largely fine. (I used AutoPatcher to pull down updates).
I set this approach up for my dad's XP box and spent a few hours with him on correcting his poor computing habits. This was in early 2008. Its been a year. No infection or complaints from him. He can still use his PC, but he's now much better off than most people.
I don't trust AV implementations for 3 reasons:
(1) AV companies use FUD because most people are ignorant on computer security matters.
(2) AV apps are cures to a problem, not prevention. As long as people continue with cures, AV companies remain profitable.
(3) They have been proven unreliable in the real world. (You are reacting to threats! You are already at a tactical disadvantage!) -
Re:And why the hell do I need a driver for this?
The USB device driver does a Set Configuration
And the max power (in specified in milliamps, freakin' software engineers) is part of the configuration descriptor.
http://www.beyondlogic.org/usbnutshell/usb5.htm#ConfigurationDescriptors
So the spec says you can draw upto 100mA until it gets a SET_CONFIGURATION request, and that is done by the device driver.
-
My experience...
I run both XP and Vista on Core2Duo processors.
I'm certain with XP and less certain with Vista (I don't use it for production work) that I can get better performance by forcing everything but EXPLORER.EXE to use the second core at a low priority.
Then as I run programs, they automatically go to the first core (with EXPLORER.EXE).
This allows me to run FOLDING, an RSS reader, LogMeIn all the time but on the second core.
I especially notice a difference when I copying files at the command prompt.
The program is called PROCESS.EXE and can be found at:
http://www.beyondlogic.org/consulting/processutil/processutil.htm
It is a manual process but it is pretty simple to create a batch file to do the dirty work.
=Smidge=
-
Re:A serious question
Actually for peripheral manufacturers it's even more stark choice. If you have cheap microcontroller with a USB interface, and there is a very wide choice of them, writing the embedded software is absolutely trivial and there are loads of resources on the net if you get stuck. It's one of those things that's become very widely understood amongst engineers like all the other PC standards. I don't think Firewire is anything like that.
-
Re:Great.
I like to at least think it was a software company like Microsoft who wrote the part about devices being required to report their max-power in milliamps. *forehead slap*
http://www.beyondlogic.org/usbnutshell/usb5.htm#ConfigurationDescriptors
bMaxPower. 1 byte. Current in 2mA units. The idea is they can code from 0ma to 510ma in 2mA steps using one byte.
It would have been nice to have specified a max current of 1A and used 4ma units so USB 2.5 inch hard disks could spin up powered by one USB connector. Which they can do with Firewire.
I must say the fact that bMaxPower is in the wrong units never occured to me - I just converted the 5W figure in the Samsung data sheet to mA by dividing by 5. Actually, measuring spin up power as opposed to current seems a bit unhelpful - since it's a spike it seems more natural to talke about peak current rather than peak power. -
Re:Eat into firewire not likley
I suggest you look into isochronous transfers on USB, which indeed can guarantee a minimum bandwidth.
-
Re:I'm more concerned with latency.
The throughput of a USB connection does not equal its clock frequency as there is quite a bit of overhead in the protocol, so in reality it would be a fair bit less than the 600MByte/s approximation. Because it's a bus, the total bandwidth available can be split amongst multiple devices. With several high speed devices on the bus, 480Mbit per second might not seem so much like overkill.
The current version of USB provide connections that can operate in an isochronous mode (see http://www.beyondlogic.org/usbnutshell/usb4.htm#Isochronous) for bounded latency applications, but this wouldn't be suitable for communicating with a hard drive because it doesn't offer guaranteed delivery. -
Re:NT4 On The Plant Floor
You can do that right now with XP.
http://www.beyondlogic.org/solutions/trust-no-exe/ trust-no-exe.htm
works great, I can limit someone to a very specific set of items. I even tried running a machine with it without Virus scan and let the user try to get it infected.
works great. perfect for el-cheapo kiosks and SCADA systems. -
Re:Summary TitleYes. And about this.
Can anyone here on the major "News For Nerds" site actually write code? Because, all I've ever seen here about great one-man projects is "humans can't do that, it's not possible". (Yeah Right. Just as writing a whole game engine from scratch? Then go tell that to both guys I know who just did it.)
I think most slashdotters are in tech support, with maybe some Perl or PHP knowledge. So they probably can't write device drivers.
I'm not very impressed by the technical skill : it is rather easy to do. I figure all a webcam driver has to do is "open v4L from device mmaped at [address] and pass video data to application" ... not much more. I read the code to tm395c (scsi card) once and even I could figure it out : all it does is initialize some magic numbers and then translate I/O to requests and back. And don't you dare tell me that all webcams encode their 640x480x2.5bit-color in a different way.
This is a USB webcam, so I guess you need to send some bytes to the control endpoint, and then stream from an ISO one. And yes, different cameras do stream in different formats
From
http://mxhaard.free.fr/sview.html#SECTION000600000 00000000000-f yuyv
-f yyuv
-f yuvy
-f gbrg
-f jpeg
RGB and JPEG are obvious YUV maybe less so. I worked on a embedded system that supported a bunch of (maybe all) I2C controlled cameras with a text 'driver' file which told it what resolution, format and init string the cameras needed. As far as I know, most current webcams are proprietary - they have a bridge from USB to I2C but a custom driver on the PC needs to know what commands to issue to initialise the device. Mind you there's a new USB video device class which will allow one standard driver to use most new devices. -
Re:Apple is going to make a killing...
You have NO IDEA what you're even trying to discuss in here. Case in point: Your ignorance on USB - Type B is the SOCKET that is STANDARD on just about every PC I've ever seen. Incidentally, the reason most thumb drives are Type A, is because type A is the only connector that fits into the STANDARD socket which is Type B.
So, if I make a small technical mistake all my argument is automatically invalid?
The funny part is that you are actually much more ignorant about USB than I am. As you can see here Type A and Type B connectors are actually completely different. Type B is NOT the female counterpart of Type A. Your explanation makes absolutely no sense.
My mistake here is that the ports on the Dell are actually Type A. That's the standard on PCs. I misinterpreted the photographs.Why do people feel it necessary to comment so decisively on topics they clearly can't understand.
I dunno, you tell me, you're the expert.
Actually, I do know. This is a public forum, not a professional one. Zathrus and I were having a relatively amicable discussion on what we thought were the merits of two comparable personal computers. We are not required or expected to be experts to do so here, and as such we are allowed to make mistakes. When someone realizes that those mistakes were made, they're allowed (and even expected) to point them out. That way everyone learns something.
What really spoils these forums are not people who think they are right when they are wrong, because they will be corrected. Instead is people with rotten attitudes who can't criticize without insulting their counterparts. And it's particularly sad when these horribly-mannered people turn out to be even more wrong. -
Re:Toastworthy Computing
Yeah AV *is* an extra cost. You're right there. You shouldn't have to update them manually though. Any good corporate AV solution will have systems for managing and reporting on AV deployments.
WSUS is a free tool from Microsoft for managing the testing and deployment of hotfixes.
Log files (IMO, the number one annoyance with windows systems) can be managed with scripts by using scheduled tasks, as can other mundane tasks like defragmenting. For Windows 2000 and NT4 which don't come with command line defragmentors there are free tools avaialable that will do the job. Email reports can be sent via email by piping (c:\maintenance.cmd >> c:\daily_report.txt) the output of your scripts to a textfile and using freely available command-line mailer tools to send them.
Security and other logs can be dumped to a freely available database automatically using freely avaiable tools.
One very valid complaint is that Windows doesn't come with these tools by default. Once you get everything together though, life becomes much easier.
I won't argue with you that UNIX is easier. An OpenBSD/Postfix box I set up about two years ago has not required a security patch yet, and if not for power outages and physical moves, would have two years of uptime right about now. -
Automating This Procedure, and debunking miths
Probably you can automate this by using some windows scripting and the Process204.zip program from the Fine folks at BeyondLogic.org http://www.beyondlogic.org/
This may be useful for maintenance purposes, as some posters commented in the article's comments zone. Not that is very wise to run a machine like that all the time, as the article itself says.
But what I like the most about this, is that the article shows that WinNT 5.0 (A.K.A. Windows 2000) and WinNT 5.2 (A.K.A. Windows XP) can be trimmed down to a bare minimum. Another mith debunked.
Other of my pet peves comes from the dos era. The slashdot crowd used to say that DOS can not mount a drive into a a directory to form a unified directory tree like in Unix. This was false then (please see the description of the JOIN command mor the method in DOS). The functionality was present in Win95 and 98, but seems absent in 2000 and XP.
Miths like this abound on Slashdot and are repeated time and time again, until they become truth. Check first, post later. -
Re:Overflows are fun!
Ok, but you'd need to write a _kernel_mode_ trojan, and flash it into the device, in the code that handles the USB protocol. Most mass storage devices have the USB protocol handler in a masked rom - you can change the device ID and so on in a e2prom, but that's fixed length anyway. So you can do it with something like a CypressUSB board where you can hack the protocol, doing it on a cheap USB flash disk is likely impossible. Also, I think the size of data after an overflow will be quite small.
E.g. consider
http://www.beyondlogic.org/usbnutshell/usb4.htm#Co ntrol
Notice that the device is the one to signal the end of the transfer with a short packet.
Now when the device driver on the host asks reads, it passes a length, so it should be safe. But the problem is probably that most of this happens in hardware.
E.g. imagine I'm a device driver, and I want to read 160 bytes from a usb endpoint with fifo size 64. I ask the Windows USB stack to do it, and it programs the host controller to read 160 bytes. The host controller has to split the transfer into 64 byte chunks, so it will read like this on a good device.
I'm assuming that it knows too stop a transfer if too many bytes are transferred, but it can't stop in the middle of packet, for the purposes of this example. I don't know if this is a problem with any real USB host controllers, it's just an example.
Packet 0 - 64 bytes Total=64
Packet 1 - 64 bytes Total=128
Packet 2 - 32 bytes Total=160
On a bad or malicious device, this happens
Packet 0 - 64 bytes Total=64
Packet 1 - 64 bytes Total=128
Packet 2 - 64 bytes Total=192 ( 32 bytes extra ! )
****Host controller signals an overrun, USB stack issues a bus reset****
The fatal problem is that software only gets control after Packet 2 has been transferred, by which time the buffer has been overrun.
So, if I were designing a malicious device, I'd always send too much data. Somewhere in the USB stack there's probably a place where I'd burst a buffer - the secret in this case is to make sure your buffer has one fifo's worth of unused padding. In fact, that would be a good WHQL test - if the machine with the driver can survive a device that sends too much data. Still at least in the USB case the infrastructure is in place to handle this.
But the same applies to anything where the device controls the transfer length - e.g. bus master DMA . In general, hardware has de facto 'root acces' in this case, as it can always crash the system by writing too much. And most of the time writing drivers this is the sort of hardware bug you spend time working around, so it's not true that "USB drivers are written with very little data validation and security awareness". Security awareness comes naturally if not having it means a blue screen of death.
Also, if you read the article it seems a bit suspicious. No one has released details or told Microsoft, and yet they are already selling a product to protect people against this vulnerabilty. -
Re:windows is partially at fault
Do you mean, something like this?
-
Re:Information
I'm not in development on this, but I have reviewed some of the process.
USB operates with a host controller on a bus. When a device is connected on a PnP system, the controller detects it and polls it for a VID/PID (Vendor ID/Product ID), which is defined by some USB industry group at a cost (though there are some for non-commercial uses). This is polled along with a host of other descriptors. The USB Core (the sum of a controller driver, hub driver, and other things) controls this process for the PnP system. VID/PID is read from the device and referenced to a driver table, from which a driver can be loaded. Drivers are often organized by class according to function.
Descriptors, used to define device parameters, are then polled for all devices in the chain and subsequently devices are registered with the USB Core. Descriptors are formatted, so their organization is uniform, and come in several flavors. All are designed to properly integrate the device - mostly what to do and what not to do. The driver resides local to the system.
Your idea is interesting, but it still requires system setup I believe. If a USB device wishes to act as its own driver, the system needs a way to load an external driver (perhaps through a special type of driver, one which loads and wraps a driver from the device maybe). However this would be accomplished, a standard method of loading the driver needs to be developed and the generic USB driver would need to be built for all systems. Unless of course, such a driver already exists and I am ignorant of it (likely).
http://www.beyondlogic.org/index.htm#USB is a great USB reference. -
Use PortTalk
Use PortTalk to access ports directly.
http://www.beyondlogic.org/porttalk/porttalk.htm -
Re:Is there a limit on the cards themselves?
When using my USB memory stick-thing (128 MB), my G4 is MUCH slower than the work-PC plus the G4 seems to choke on transferring large (50 MB) files or even numerous files that add up to 50 MB+.
I haven't done any timings, but this may turn out to be an Apple issue at the core (hahaha a joke!) of it.
INTERESTING FOOTNOTE: going here reveals that USB1 has two possible speeds: 12 Mbps and 1.5 Mbps. Perhaps the transfer speed being employed is the lower of the two...
-
Two ideas
1. LCD Panel from CrystalFontz, Matrix Orbital, or make your own.
2. I/O panel such as a FrontX. These are great. -
Re:Better Investment
Win 9x has direct access to the ports. Win NT/XP needs you to go via the device drivers, but it's not a difficult problem - plenty of info for how to do it.
Beyond Logic
Parallel Port Central
Both the above have a bunch of useful stuff.
Also don't forget that you'll need to learn how to drive LEDs. I'm admin on an electronics board, so here's a blatant plug:-
BasicElectronics board, LED FAQ
(and kudos to David Bridgen and MacGregor who put that info together :-)
Grab. -
Re:parallel vs. serial
I was assuming he was talking about doing it under Linux. NT is a bit different. I always seem to assume people who do this type of thing run Linux (I must read too much Slashdot).
That's an amazing site by the way, it's right here since you didn't supply the link. -
Re:No FUD, just Facts
Accuse me of FUD all you want, but examine the evidence for yourself.
Exhibit A
Win NT beats Windows 2000 in SQL Server 7 Benchmarks
What? The new O/S is slower? Must be FUD, doesn't have anything to do with bloated code and forcing users into hardware upgrades.
Exhibit B
Red Hat/Samba far outscales Windows 2000 on identical hardware
Yes your honor, it's true, at a load level of 16 clients Windows 2000 filesystem throughput flat lines vs. Red Hat Linux with Samba which is still scaling up nicely with 28 clients.
Does Windows 2000 mask the true power of the Intel hardware? Examine the report and look at the benchmark graphs. Decide for yourself if it's FUD or FACT. Note: the source is PC Magazine which if you will refer to this months copy contains many advertisements for Microsoft .NET .. Looks like PC Mag has some integrity.
Shall I continue?
Want to see why TUX stomps IIS and Apache for serving static content?
I challenge you to find the FUD in any of this. In fact, many of you might wish to save these links for future TCO discussions within your local IT departments.
PROVE ME WRONG!!!! Show me how Microsoft is doing it faster and better compared to either a) A Previous Microsoft Server Product, or b) Linux. Wave your hands and shout FUD all you want, but be prepared to back it up.
I wish someone would back me up! :)
As for my 486, I wrote a user mode driver which allows me to access the data pins on the parallel port to activate a relay and ultimately switch A/C power. (Web page coming soon.) This device can be used to remotely reboot Windows servers that BSOD, or turn on Christmas Lights add/or Coffee Pots via cron or telnet. Did I mention it all fits on a floppy, runs on a 486, and is network accessible? I am trying to shoe-horn a webserver onto the floppy now. -
Re:Profit!
I always end up posting to my own posts...
Checkout BeyondLogic if you are interested in interfacing custom hardware as they have alot of good documentation on Serial/Parallel/USB Devices/Programming/etc. Slashdotting this site may be cruel so only go if you really are interested in interfacing at home. =) -
USB in a nutshellHere is a good description of USB that sort of digests the spec for you. It has lots of info about the device software and hardware.
-BigT
-
Re:electronics enthuisist
BeyondLogic has information on programming USB. It's more difficult than serial, but if you really want to program serial/parallel it's a good idea to get a hold of a port replicator. I had one from PortSmith that turned a USB port into serial, parallel, and PS/2 ports. Worked great, I would have used it if I didn't have all this legacy junk on my system.