Network Security, part II

With the spate of ransomware and crypto virus attacks on automation systems, perhaps a quick review of network security is in order:

  1. Isolate the automation system on a separate network from the general office network and do not allow internet access on the automation system’s work stations or servers.
  2. Use a separate switch for all automation network connections.
  3. install a small router between the automation network and the office network.  On the router, the WAN port faces outward toward the office network, make the WAN port non-pingable.  Grant access from the office network for certain users; e.g. traffic, music director, etc via access lists.  Open up a few ports for VNC or RDP on the router so technicians can remotely access machines to do maintenance and troubleshooting.
  4. Use supported and up to date operating systems.
  5. Use separate admin and user accounts, make sure that admin rights are removed from user accounts and keep machines logged in as users.  This ensures that some errant DJ or other person does not install any unauthorized programs.
  6. Install and keep up to date a good antivirus program.
  7. Back up the data and test the backups.

The office network is more vulnerable because of the human element.  Internet access is require, of course.  Click on a pop up, sure!  Hey, that photograph has a funny file extension, lets open it and see what it is.  I never heard of this person before, but look, they sent me an executable!

Much of the office network security will rely on the quality of the router connected to the internet and the antivirus software installed.  Of course, the network users have a good deal of responsibility also.

Fifth Generation WLAN

Like all data carrying technology, WLAN, or WiFi, continues to evolve into a better, faster and more robust platform.  The IEEE wireless ethernet specification 802.11ac combines all of the past developments, plus some added features, into one specification.  Here are some of the highlights:

  • Operation on 5 GHz only.  Many more available channels in this spectrum than in 2.4 GHz
  • Increased channel bonding making wider channels carrying more data.  In the 5 GHz spectrum channels are 20 MHz wide and do not overlap.  802.11ac allows for 40, 60, 80 or even 160 MHz channels.  This is great for short distances, longer distances will be prone to greater interference over wider channels
  • Modulation schemes that allow up to 256 QAM.  A 256 QAM constellation is going to look pretty crowded unless it is on a wide channel.  Again, this would be good for short distances.
  • Increased MIMO.  Up to 8×8 MIMO (Multi In Multi Out) which can greatly improve throughput.  MIMO means multiple transmitters and antennas in the same unit.  The first number is the transmitter count the second number is the antenna count.  Thus an 8X8 system will have eight transmitters and eight antennas.  This allowed beam forming by use of phased antenna arrays, which can greatly reduce multi-path
  • MU-MIMO (Multi-User MIMO).  Basically, the access point sends the data frame only to the desired host, thus instead of acting like an ethernet hub sending the frame to every connected host, the AP is acting more like an ethernet switch.
Comparison of 802.11n to 802.11ac
Comparison of 802.11n to 802.11ac

The goal of all of these modifications is to get gigabit transfer rates over WLAN.

What does all of this have to do with radio broadcast, one might ask.  That is a good question.

There are several applications that have to do with remote broadcasting.  Many sports areas, night clubs, or other likely places to be broadcasting from have WIFI installed.  Using a laptop with an AoIP client installed not only can connect to the studio for audio delivery, the same laptop can use RDP or VNC to control the station’s automation computer as well.  This means easier integration of the remote into voice tracked or syndicated programming.

Secondly, wireless LAN bridges between studio and transmitter site can act as a STL, a backup STL, a remote control return link, bridge for a network connected transmitter,  VoIP phone link, IP security camera back haul or almost anything else that can send ethernet data.  I have found it useful to simply have a computer available at the transmitter site, even if it is only to download manuals and what not.  We have taken several old Windows XP machines and reloaded them with a Linux variant and installed them at various transmitter sites.  It saves the trouble of having to download a manual on the smart phone then page back and forth across a really small screen to read it.  As for using unlicensed WiFi to link to a transmitter site; the link between the WICC studio and transmitter site runs a 78 Mbps most days.  This is a two mile link over mostly water.  I will say, when there is fog, the link rate drops to 32 Mbps, which is still pretty good, all things considered.

Of course, office network applications; laptop, tablet, smartphone and other personal devices.

Finally, Broadcast Engineers really need to keep abreast of networking technology.  There are many, many applications for WiFi units in the broadcast industry.

Repairing a computer monitor

I have seen many a Dell LCD computer monitor go south for want of a $0.50 part. Dell must have gotten a hold of a bad batch of capacitors, because almost invariably, the problem is with the power supply capacitors for the back light. The symptoms are; the monitor goes very dim and can only be read when shining a light on it, or the power button flashes green.

A new Dell 19 inch (E1914H) monitors runs about $90.00 – 110.00.  I can repair a defective unit in about 20-30 minutes or so, which makes it worth while for the client.  When repairing equipment, the cost of labor and parts balanced across the cost of new equipment should be a prime consideration.  Sometimes, it is simply not worth the time to repair something.  Others, like this instance, it makes sense as long as the repair is simple.

This is a Dell E198FPf LCD monitor.  After the initial diagnosis:

Dell E198FPf LCD monitor back lighting problem
Dell E198FPf LCD monitor back lighting problem

First step is to remove the stand and the four screws behind the stand bracket.

LCD monitor stand removed
LCD monitor stand removed

The hardest thing about this repair is getting the bezel off.  Dell uses a bezel around the monitor face that uses little plastic clips to hold it in place.  To get the bezel off, one needs to press the clips toward the center of the monitor while lifting up.  It requires the careful application of force.

Dell E198FPf monitor bezel
Dell E198FPf monitor bezel

I start on the bottom and use a small screw driver in one of the slots to get it started. I start on the bottom because if the plastic gets a little marred, no one will see it when the repair is finished.  Once the first clip is released, then the others and be released by twisting the bezel carefully toward the center of the monitor while lifting.

Monitor bezel removal
LCD monitor bezel removal

Once the bezel is removed, the wiring needs to be disconnected. This consists of the back light, the data buss and sometimes the on/off switches, which are mounted on the bezel.

LCD monitor backlight connector
LCD monitor backlight connector
LCD monitor data buss
LCD monitor data buss connector

After all the wiring is removed, there are either two or four screws that hold the power supply to the monitor screen.

LCD monitor power supply bracket  screws
LCD monitor power supply bracket screws

Finally, the power supply board is exposed.  Depending on the model of the monitor, the hex head screws that hold the VGA connector may need to be taken off.  Sometimes not.

LCD monitor power supply
LCD monitor power supply

Removing the screws on the back of the power supply board exposes the capacitors and other components.

LCD monitor bulging capacitors
LCD monitor bulging capacitors

And the culprit is discovered. These two bulging capacitors are causing the LCD monitor backlight power supply shut down making the monitor unusable. The larger one is a 1000 uF 25 volt and the smaller is 680 uF 25 volt. I replaced both with in kind 35 volt units.  I also took the liberty of replacing the rest of the electrolytics on the power supply board (total of five additional capacitors).  While the unit is disassembled, it is far easier to replace all the $0.50 components than to do it one at a time over the next few years as each fail.  This monitor should be good for another 5 years of service at least.  These values vary somewhat from monitor to monitor.  Also, if only repairing one or two monitors, the parts can be obtained at Radio Shack for $1.99 each.

It is a good way to regenerate equipment, even if they are set aside as spares.

Burk Autopilot, DOS version

We have been doing work at a particular radio station for a few years now. Every time I go there, I look at this… thing:

Burk DOS Autopilot/CDL running on Windows 98
Burk DOS Autopilot/CDL running on Windows 98

It is a very old PC running Windows 98 and Burk Autopilot/CDL 4.6 for DOS.  The auto pilot program is running from a windows DOS prompt and seems to be working okay; my concern is about the age of the hardware and the potential for failure.  The Autopilot is what controls the AM station’s power levels, which vary from 1,000 watts daytime, to 4 watts night time.  We have all read about AM stations fined by the FCC for running daytime power levels at night.  Failure of the ancient autopilot computer could lead to exactly this scenario.

I attempted to purchase the newer, Windows XP version of Autopilot, only to be told “that item is not in this year’s budget.”  Apparently, it was not in the budget for following year, or the one after that.  Thus, when the hard drive on the old Windoze 98 machine began making a terrible grinding noise, I knew the end was near.  I made an attempt to run the Autopilot from a Windows XP DOS prompt, at which time I was informed: “The program cannot start or run due to incompatibility with 64 bit versions of windows…” GAK!  I kind of knew this already.

I began day dreaming about running a DOS virtual machine inside of a Ubuntu or Lubuntu operating system.  Then I found a DOS emulator program for Linux called “DOSemu” which looked like exactly what the doctor ordered.  Using the carcases of several old HP desktop computers, I came up with one working PC that had two organic serial ports.  This is actually not a bad unit, as it has a 1.6 GHz dual core processor and 2 GB RAM.  On this machine, I loaded the 32 bit version of Ubuntu 12.04 desktop.  Naturally, the original Autopilot/CDL 4.6 disks were nowhere to be found so I had to copy the directory off of the old computer.  It was also understood that this project was simply going to suck.  Therefore, the superannuated Windoze 98 machine had no network interface nor any USB ports.  My only option was to copy the files unto a 3 1/2 inch floppy disk.  Fortunately, I have a USB 3 1/2 floppy drive, which I was able to use to copy the files onto the new computer into the /home/ARC16 directory.

Downloading and setting up Dosemu was fairly straight forward.  There were a few configuration steps that needed to be completed before the Autopilot software would work and communicate with the ARC-16 remote control:

  • In the DOSemu configuration file, the hardware serial port needs to be configure to work with the DOS emulator.  This is located at /etc/dosemu/doseum.conf.  The default conf file has all of the serial ports commented out.  Remove the comment and change the serial port source:  $_com1 = “/dev/ttyS0” or $_com2 = “/dev/ttyS1”  The serial ports available can be determined by the following terminal command: dmesg | grep tty  The output should look something like this:

    paul@engineeringIII:~$ dmesg | grep tty
    [ 0.000000] console [tty0] enabled
    [ 37.531286] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
    [ 37.532138] 0000:04:00.3: ttyS1 at I/O 0x1020 (irq = 3) is a 16550A
    [16206.667112] usb 2-1.3: pl2303 converter now attached to ttyUSB0
    paul@engineeringIII:~$

    For USB to serial port converters, the serial port source may look something like this: $_com1 = “/dev/ttyUSB0”

  • The DOS emulator time can be synced to Linux time by: $_timemode = “linux” This is great because Linux can be synced to a NTP source, meaning Autopilot time will always be correct.
  • The logged on user that will be running the DOS emulator needs to be added to the “dialout” group.  This can be done by sudo adduser [user name] dialout.  This will allow the Autopilot software access to the comm port.
  • The DOS autoexec.bat file should be edited so that Burk autopilot loads automatically when DOSemu is started.  DOSemu automatically assigns the D drive to the Linux home directory.  Thus, simply adding:

    D:
    CD ARC16
    ARC16

    to the end of the autoexec.bat file will start the ARC16 program automatically when the DOSemu program is started.

  • DOSemu can then be added to the Ubuntu desktop startup.

The results:

DOS autopilot running on Linux machine
DOS autopilot running on Linux machine

Burk Autopilot/CDL (DOS version) running on a Linux (Ubuntu 12.04.4) machine.  The stupid thing will probably run forever now.

This computer is also used to program the satellite receivers, which are located at the transmitter site.  Thus, there are several manuals and program clocks stored in the documents folder.  I also installed the x11VNC server program, so that the computer desktop can be logged into remotely from the studio over the LAN link.

I noticed that the DOSemu program hits the processor fairly hard, with one core running about 45% most of the time.  That should be fine, as this machine is used very infrequently for other tasks.