With the spate of ransomware and crypto virus attacks on automation systems, perhaps a quick review of network security is in order:
- Isolate the automation system on a separate network from the general office network and do not allow internet access on the automation system’s work stations or servers.
- Use a separate switch for all automation network connections.
- install a small router between the automation network and the office network. On the router, the WAN port faces outward toward the office network, make the WAN port non-pingable. Grant access from the office network for certain users; e.g. traffic, music director, etc via access lists. Open up a few ports for VNC or RDP on the router so technicians can remotely access machines to do maintenance and troubleshooting.
- Use supported and up to date operating systems.
- Use separate admin and user accounts, make sure that admin rights are removed from user accounts and keep machines logged in as users. This ensures that some errant DJ or other person does not install any unauthorized programs.
- Install and keep up to date a good antivirus program.
- Back up the data and test the backups.
The office network is more vulnerable because of the human element. Internet access is require, of course. Click on a pop up, sure! Hey, that photograph has a funny file extension, lets open it and see what it is. I never heard of this person before, but look, they sent me an executable!
Much of the office network security will rely on the quality of the router connected to the internet and the antivirus software installed. Of course, the network users have a good deal of responsibility also.
Like all data carrying technology, WLAN, or WiFi, continues to evolve into a better, faster and more robust platform. The IEEE wireless ethernet specification 802.11ac combines all of the past developments, plus some added features, into one specification. Here are some of the highlights:
- Operation on 5 GHz only. Many more available channels in this spectrum than in 2.4 GHz
- Increased channel bonding making wider channels carrying more data. In the 5 GHz spectrum channels are 20 MHz wide and do not overlap. 802.11ac allows for 40, 60, 80 or even 160 MHz channels. This is great for short distances, longer distances will be prone to greater interference over wider channels
- Modulation schemes that allow up to 256 QAM. A 256 QAM constellation is going to look pretty crowded unless it is on a wide channel. Again, this would be good for short distances.
- Increased MIMO. Up to 8×8 MIMO (Multi In Multi Out) which can greatly improve throughput. MIMO means multiple transmitters and antennas in the same unit. The first number is the transmitter count the second number is the antenna count. Thus an 8X8 system will have eight transmitters and eight antennas. This allowed beam forming by use of phased antenna arrays, which can greatly reduce multi-path
- MU-MIMO (Multi-User MIMO). Basically, the access point sends the data frame only to the desired host, thus instead of acting like an ethernet hub sending the frame to every connected host, the AP is acting more like an ethernet switch.
Comparison of 802.11n to 802.11ac
The goal of all of these modifications is to get gigabit transfer rates over WLAN.
What does all of this have to do with radio broadcast, one might ask. That is a good question.
There are several applications that have to do with remote broadcasting. Many sports areas, night clubs, or other likely places to be broadcasting from have WIFI installed. Using a laptop with an AoIP client installed not only can connect to the studio for audio delivery, the same laptop can use RDP or VNC to control the station’s automation computer as well. This means easier integration of the remote into voice tracked or syndicated programming.
Secondly, wireless LAN bridges between studio and transmitter site can act as a STL, a backup STL, a remote control return link, bridge for a network connected transmitter, VoIP phone link, IP security camera back haul or almost anything else that can send ethernet data. I have found it useful to simply have a computer available at the transmitter site, even if it is only to download manuals and what not. We have taken several old Windows XP machines and reloaded them with a Linux variant and installed them at various transmitter sites. It saves the trouble of having to download a manual on the smart phone then page back and forth across a really small screen to read it. As for using unlicensed WiFi to link to a transmitter site; the link between the WICC studio and transmitter site runs a 78 Mbps most days. This is a two mile link over mostly water. I will say, when there is fog, the link rate drops to 32 Mbps, which is still pretty good, all things considered.
Of course, office network applications; laptop, tablet, smartphone and other personal devices.
Finally, Broadcast Engineers really need to keep abreast of networking technology. There are many, many applications for WiFi units in the broadcast industry.
I have seen many a Dell LCD computer monitor go south for want of a $0.50 part. Dell must have gotten a hold of a bad batch of capacitors, because almost invariably, the problem is with the power supply capacitors for the back light. The symptoms are; the monitor goes very dim and can only be read when shining a light on it, or the power button flashes green.
A new Dell 19 inch (E1914H) monitors runs about $90.00 – 110.00. I can repair a defective unit in about 20-30 minutes or so, which makes it worth while for the client. When repairing equipment, the cost of labor and parts balanced across the cost of new equipment should be a prime consideration. Sometimes, it is simply not worth the time to repair something. Others, like this instance, it makes sense as long as the repair is simple.
This is a Dell E198FPf LCD monitor. After the initial diagnosis:
Dell E198FPf LCD monitor back lighting problem
First step is to remove the stand and the four screws behind the stand bracket.
LCD monitor stand removed
The hardest thing about this repair is getting the bezel off. Dell uses a bezel around the monitor face that uses little plastic clips to hold it in place. To get the bezel off, one needs to press the clips toward the center of the monitor while lifting up. It requires the careful application of force.
Dell E198FPf monitor bezel
I start on the bottom and use a small screw driver in one of the slots to get it started. I start on the bottom because if the plastic gets a little marred, no one will see it when the repair is finished. Once the first clip is released, then the others and be released by twisting the bezel carefully toward the center of the monitor while lifting.
LCD monitor bezel removal
Once the bezel is removed, the wiring needs to be disconnected. This consists of the back light, the data buss and sometimes the on/off switches, which are mounted on the bezel.
LCD monitor backlight connector
LCD monitor data buss connector
After all the wiring is removed, there are either two or four screws that hold the power supply to the monitor screen.
LCD monitor power supply bracket screws
Finally, the power supply board is exposed. Depending on the model of the monitor, the hex head screws that hold the VGA connector may need to be taken off. Sometimes not.
LCD monitor power supply
Removing the screws on the back of the power supply board exposes the capacitors and other components.
LCD monitor bulging capacitors
And the culprit is discovered. These two bulging capacitors are causing the LCD monitor backlight power supply shut down making the monitor unusable. The larger one is a 1000 uF 25 volt and the smaller is 680 uF 25 volt. I replaced both with in kind 35 volt units. I also took the liberty of replacing the rest of the electrolytics on the power supply board (total of five additional capacitors). While the unit is disassembled, it is far easier to replace all the $0.50 components than to do it one at a time over the next few years as each fail. This monitor should be good for another 5 years of service at least. These values vary somewhat from monitor to monitor. Also, if only repairing one or two monitors, the parts can be obtained at Radio Shack for $1.99 each.
It is a good way to regenerate equipment, even if they are set aside as spares.
We have been doing work at a particular radio station for a few years now. Every time I go there, I look at this… thing:
Burk DOS Autopilot/CDL running on Windows 98
It is a very old PC running Windows 98 and Burk Autopilot/CDL 4.6 for DOS. The auto pilot program is running from a windows DOS prompt and seems to be working okay; my concern is about the age of the hardware and the potential for failure. The Autopilot is what controls the AM station’s power levels, which vary from 1,000 watts daytime, to 4 watts night time. We have all read about AM stations fined by the FCC for running daytime power levels at night. Failure of the ancient autopilot computer could lead to exactly this scenario.
I attempted to purchase the newer, Windows XP version of Autopilot, only to be told “that item is not in this year’s budget.” Apparently, it was not in the budget for following year, or the one after that. Thus, when the hard drive on the old Windoze 98 machine began making a terrible grinding noise, I knew the end was near. I made an attempt to run the Autopilot from a Windows XP DOS prompt, at which time I was informed: “The program cannot start or run due to incompatibility with 64 bit versions of windows…” GAK! I kind of knew this already.
I began day dreaming about running a DOS virtual machine inside of a Ubuntu or Lubuntu operating system. Then I found a DOS emulator program for Linux called “DOSemu” which looked like exactly what the doctor ordered. Using the carcases of several old HP desktop computers, I came up with one working PC that had two organic serial ports. This is actually not a bad unit, as it has a 1.6 GHz dual core processor and 2 GB RAM. On this machine, I loaded the 32 bit version of Ubuntu 12.04 desktop. Naturally, the original Autopilot/CDL 4.6 disks were nowhere to be found so I had to copy the directory off of the old computer. It was also understood that this project was simply going to suck. Therefore, the superannuated Windoze 98 machine had no network interface nor any USB ports. My only option was to copy the files unto a 3 1/2 inch floppy disk. Fortunately, I have a USB 3 1/2 floppy drive, which I was able to use to copy the files onto the new computer into the /home/ARC16 directory.
Downloading and setting up Dosemu was fairly straight forward. There were a few configuration steps that needed to be completed before the Autopilot software would work and communicate with the ARC-16 remote control:
- In the DOSemu configuration file, the hardware serial port needs to be configure to work with the DOS emulator. This is located at /etc/dosemu/doseum.conf. The default conf file has all of the serial ports commented out. Remove the comment and change the serial port source: $_com1 = “/dev/ttyS0” or $_com2 = “/dev/ttyS1” The serial ports available can be determined by the following terminal command: dmesg | grep tty The output should look something like this:
paul@engineeringIII:~$ dmesg | grep tty
[ 0.000000] console [tty0] enabled
[ 37.531286] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 37.532138] 0000:04:00.3: ttyS1 at I/O 0x1020 (irq = 3) is a 16550A
[16206.667112] usb 2-1.3: pl2303 converter now attached to ttyUSB0
For USB to serial port converters, the serial port source may look something like this: $_com1 = “/dev/ttyUSB0”
- The DOS emulator time can be synced to Linux time by: $_timemode = “linux” This is great because Linux can be synced to a NTP source, meaning Autopilot time will always be correct.
- The logged on user that will be running the DOS emulator needs to be added to the “dialout” group. This can be done by sudo adduser [user name] dialout. This will allow the Autopilot software access to the comm port.
- The DOS autoexec.bat file should be edited so that Burk autopilot loads automatically when DOSemu is started. DOSemu automatically assigns the D drive to the Linux home directory. Thus, simply adding:
to the end of the autoexec.bat file will start the ARC16 program automatically when the DOSemu program is started.
- DOSemu can then be added to the Ubuntu desktop startup.
DOS autopilot running on Linux machine
Burk Autopilot/CDL (DOS version) running on a Linux (Ubuntu 12.04.4) machine. The stupid thing will probably run forever now.
This computer is also used to program the satellite receivers, which are located at the transmitter site. Thus, there are several manuals and program clocks stored in the documents folder. I also installed the x11VNC server program, so that the computer desktop can be logged into remotely from the studio over the LAN link.
I noticed that the DOSemu program hits the processor fairly hard, with one core running about 45% most of the time. That should be fine, as this machine is used very infrequently for other tasks.
I have been busy of late, however, still keeping abreast of the news of the day. Along with that, CES 2014 wrapped up recently. No huge developments, especially when it comes to Broadcasting. However, there was one item of interest; the updated technical specifications of IEEE 802.11ac.
It is of interest here because of the implications of the mobile/portable data developments and their impact on traditional AM and FM broadcasting. The new specification calls for 1.2 Gbp/s per device in the initial release, increasing that throughput to 6 Gbp/s in later releases. These data rates are for overall transmission, including the WiFi overhead. Actual usable application data (layer 5-7) would be about 20 to 30 percent less. Even so, 900 Mbp/s is a phenomenal data rate. Truely I say to you; this is the future of digital broadcasting. HD Radio™; it may well prove that the “HD” stood for “Huge Distraction.”
The new 802.11ac specification uses MU-MIMO, high density modulation, larger channel bandwidths, and beamforming technology in the 5 GHz WiFi spectrum. Of course, the question is, at what distances will this system work? If it is like conventional WiFi, then 100-200 feet is about all that can be expected. However, there are also many people interested in wireless broadband (WiMAX) service as an alternative to traditional wired ISPs. For that application, having many outdoor 802.11ac nodes connected by a backbone could potentially blanket a city or campus with free high speed wireless data.
Example of cjdns network
Along the same lines, there are many people involved in creating mesh networks of various types; be they ad-hoc mobile networks, darknets, bitclouds, etc. Mesh networking is a very interesting topic, for me at least. The network protocols are getting better and more secure. WiFi hardware is becoming less expensive and more reliable. As more and more people put effort into developing protocols like cjdns, local mesh networks will become wide spread, unless they are outlawed. You know; because of teh terrorism!!1!!
As it stands today, I can drive for two hours in mostly rural upstate NY and CT streaming my favorite radio programs and have nearly seamless hand offs and very few dropouts. This is on my three year old, beat up 3G HTC android phone sitting in the passenger seat of my car.
Digital Radio is here, it is simply not the In Band On Channel system that legacy broadcaster’s have chosen.
On occasion, the company I currently work for does installation work. Thus, I am always keeping my eyes open for new equipment and tools to make that job easier. The cable comb seems like it is just such a thing:
ACOM tools cable comb
Instructional video from youtube:
Then there is this:
Which is simply amazing. It is described as “1320 Category 6 cables, dressed and terminated.”
Incidentally, there is an entire sub-reddit: reddit.com/r/cableporn for all those cable geeks that like to look at neat cabling work.
technical operation center
It is time to plan and upgrade those machines running Windows XP. After April 8, 2014, Microsoft will no longer be updating the software and/or patching security holes. Many in the IT industry believe that after that date, hackers will attempt to break the popular operating system which has been in use for twelve years.
Approximately one third of all Windows operating systems in use today are XP. Microsoft has already warned users that potential hackers could use security patches and updates for Windows 7/8 systems to scout for vulnerabilities in XP. I know several radio clients have automation systems and office networks that run primarily Windows XP. Microsoft may be overstating the risks of remaining on XP, then again, they may not be. This situation has been described in several trade magazines as “A ticking time bomb,” or equally dire: “Microsoft urges customers up upgrade or face ruin.”
In radio station infrastructure, very few systems are as vital as the audio storage and automation system. Without a functioning automation system, most stations would be dead in the water. If an automation system were to hacked and ruined completely, I do not think there are enough people left on most station’s payrolls to run an operation manually, even for a short period of time. I, for one, do not want my phone to start ringing on April 9th with a bunch of panicky managers talking about how unacceptable the situation is.
This came up in one of my earlier computer classes. When installing new systems, often we are required to download applications such as web browsers, media tools, runtimes, etc individually. Ninite.com allows an IT person to create an custom installer with all of the freeware applications desired. Once created and downloaded, this installer can be used on multiple machines across a network.
If one were using Windows Server with active directory, this installer could be either published or installed with the computer node at first boot up.
If you have not seen this Youtube video, put down the coffee (or whatever) and move any spill able things away from the keyboard and enjoy:
PRTG network sun
As more and more broadcast facilities are moving toward IP data for all types of data transfer including digitized audio, video, telephony, documents, email, applications and programs. Managing an IP network is becoming more and more important. In most broadcast facilities, Ethernet based IP networks have been the normal operating infrastructure for email, printing, file sharing, common programs, file storage and other office functions for many years. Either directly or indirectly, most broadcast engineers have some degree of experience with networking.
With many more IP based audio consoles, routing systems, STL’s and other equipment coming online, understanding IP networking is becoming a critical skill set. Eventually, all distribution of content will transition to IP based systems and the current network of terrestrial broadcast transmitters will be switched off.
The difference between an ordinary office network and an AoIP (Audio over IP) or VoIP network is the transfer consistency. In an office network, data transfer is generally bursty; somebody moves a file or requests an HTTP page, etc. Data is transferred quickly from point A to point B, then the network goes back to its mostly quiescent state. In the AoIP environment, the data transfer is steady state and the data volume is high. That is to say, once a session is started, it is expected to say active 24/7 for the foreseeable future. In this situation, any small error or design flaw, which may not be noticed on an office network can cause great problems on an AoIP network. The absolute worst kind of problem is the intermittent failure.
Monitoring and analyzing data flow on a network can be a critical part of troubleshooting and network system administration. Data flow analysis can discover and pinpoint problems such as:
- Design flaws, infrastructure bottle necks and data choke points
- Worms, viruses and other malware
- Abusive or unauthorized use
- Quality of Service (QoS) issues
Cisco defines flow as the following:
A unidirectional stream of packets between a given source and destination—both defined by a network-layer IP address and transport-layer source and destination port numbers. Specifically, a flow is identified as the combination of the following seven key fields:
- Source IP address
- Destination IP address
- Source port number
- Destination port number
- Layer 3 protocol type
- ToS byte
- Input logical interface
Packet sniffers such as Wire Shark can do this, but there are far better and easier ways to look at data flow. Network monitoring tools such as Paessler PRTG can give great insight as to what is going on with a network. PRTG uses SNMP (Simple Network Management Protocol) on a host machine to run the server core and at least one other host to be used as a sensor. There are instruction on how to run it as a virtual machine on a windows server, which would be the proper way to implement the server, in my opinion.
For small to medium installations, the freeware version may be all that is needed. For larger network and major market installation, one of the lower cost paid versions may be required.