May 2017
M T W T F S S
« Apr    
1234567
891011121314
15161718192021
22232425262728
293031  

Archives

Categories

Repairing a computer monitor

I have seen many a Dell LCD computer monitor go south for want of a $0.50 part. Dell must have gotten a hold of a bad batch of capacitors, because almost invariably, the problem is with the power supply capacitors for the back light. The symptoms are; the monitor goes very dim and can only be read when shining a light on it, or the power button flashes green.

A new Dell 19 inch (E1914H) monitors runs about $90.00 – 110.00.  I can repair a defective unit in about 20-30 minutes or so, which makes it worth while for the client.  When repairing equipment, the cost of labor and parts balanced across the cost of new equipment should be a prime consideration.  Sometimes, it is simply not worth the time to repair something.  Others, like this instance, it makes sense as long as the repair is simple.

This is a Dell E198FPf LCD monitor.  After the initial diagnosis:

Dell E198FPf LCD monitor back lighting problem

Dell E198FPf LCD monitor back lighting problem

First step is to remove the stand and the four screws behind the stand bracket.

LCD monitor stand removed

LCD monitor stand removed

The hardest thing about this repair is getting the bezel off.  Dell uses a bezel around the monitor face that uses little plastic clips to hold it in place.  To get the bezel off, one needs to press the clips toward the center of the monitor while lifting up.  It requires the careful application of force.

Dell E198FPf monitor bezel

Dell E198FPf monitor bezel

I start on the bottom and use a small screw driver in one of the slots to get it started. I start on the bottom because if the plastic gets a little marred, no one will see it when the repair is finished.  Once the first clip is released, then the others and be released by twisting the bezel carefully toward the center of the monitor while lifting.

Monitor bezel removal

LCD monitor bezel removal

Once the bezel is removed, the wiring needs to be disconnected. This consists of the back light, the data buss and sometimes the on/off switches, which are mounted on the bezel.

LCD monitor backlight connector

LCD monitor backlight connector

LCD monitor data buss

LCD monitor data buss connector

After all the wiring is removed, there are either two or four screws that hold the power supply to the monitor screen.

LCD monitor power supply bracket  screws

LCD monitor power supply bracket screws

Finally, the power supply board is exposed.  Depending on the model of the monitor, the hex head screws that hold the VGA connector may need to be taken off.  Sometimes not.

LCD monitor power supply

LCD monitor power supply

Removing the screws on the back of the power supply board exposes the capacitors and other components.

LCD monitor bulging capacitors

LCD monitor bulging capacitors

And the culprit is discovered. These two bulging capacitors are causing the LCD monitor backlight power supply shut down making the monitor unusable. The larger one is a 1000 uF 25 volt and the smaller is 680 uF 25 volt. I replaced both with in kind 35 volt units.  I also took the liberty of replacing the rest of the electrolytics on the power supply board (total of five additional capacitors).  While the unit is disassembled, it is far easier to replace all the $0.50 components than to do it one at a time over the next few years as each fail.  This monitor should be good for another 5 years of service at least.  These values vary somewhat from monitor to monitor.  Also, if only repairing one or two monitors, the parts can be obtained at Radio Shack for $1.99 each.

It is a good way to regenerate equipment, even if they are set aside as spares.

Cable Porn

On occasion, the company I currently work for does installation work. Thus, I am always keeping my eyes open for new equipment and tools to make that job easier. The cable comb seems like it is just such a thing:

ACOM tools cable comb

ACOM tools cable comb

Instructional video from youtube:

Then there is this:

Which is simply amazing. It is described as “1320 Category 6 cables, dressed and terminated.”

Incidentally, there is an entire sub-reddit: reddit.com/r/cableporn for all those cable geeks that like to look at neat cabling work.

Windows XP

WDST technical operation center

technical operation center

It is time to plan and upgrade those machines running Windows XP. After April 8, 2014, Microsoft will no longer be updating the software and/or patching security holes. Many in the IT industry believe that after that date, hackers will attempt to break the popular operating system which has been in use for twelve years.

Approximately one third of all Windows operating systems in use today are XP.  Microsoft has already warned users that potential hackers could use security patches and updates for Windows 7/8 systems to scout for vulnerabilities in XP.  I know several radio clients have automation systems and office networks that run primarily Windows XP.  Microsoft may be overstating the risks of remaining on XP, then again, they may not be. This situation has been described in several trade magazines as “A ticking time bomb,” or equally dire:  “Microsoft urges customers up upgrade or face ruin.”

In radio station infrastructure, very few systems are as vital as the audio storage and automation system.  Without a functioning automation system, most stations would be dead in the water.  If an automation system were to hacked and ruined completely, I do not think there are enough people left on most station’s payrolls to run an operation manually, even for a short period of time.   I, for one, do not want my phone to start ringing on April 9th with a bunch of panicky managers talking about how unacceptable the situation is.

Network Data Flow Analysis

PRTG network sun

PRTG network sun

As more and more broadcast facilities are moving toward IP data for all types of data transfer including digitized audio, video, telephony, documents, email, applications and programs.  Managing an IP network is becoming more and more important.  In most broadcast facilities, Ethernet based IP networks have been the normal operating infrastructure for email, printing, file sharing, common programs, file storage and other office functions for many years.  Either directly or indirectly, most broadcast engineers have some degree of experience with networking.

With many more IP based audio consoles, routing systems, STL’s and other equipment coming online, understanding IP networking is becoming a critical skill set.  Eventually, all distribution of content will transition to IP based systems and the current network of terrestrial broadcast transmitters will be switched off.

The difference between an ordinary office network and an AoIP (Audio over IP) or VoIP network is the transfer consistency.  In an office network, data transfer is generally bursty; somebody moves a file or requests an HTTP page, etc.  Data is transferred quickly from point A to point B, then the network goes back to its mostly quiescent state. In the AoIP environment, the data transfer is steady state and the data volume is high.  That is to say, once a session is started, it is expected to say active 24/7 for the foreseeable future. In this situation, any small error or design flaw, which may not be noticed on an office network can cause great problems on an AoIP network.  The absolute worst kind of problem is the intermittent failure.

Monitoring and analyzing data flow on a network can be a critical part of troubleshooting and network system administration.  Data flow analysis can discover and pinpoint problems such as:

  • Design flaws, infrastructure bottle necks and data choke points
  • Worms, viruses and other malware
  • Abusive or unauthorized use
  • Quality of Service (QoS) issues

Cisco defines flow as the following:

A unidirectional stream of packets between a given source and destination—both defined by a network-layer IP address and transport-layer source and destination port numbers. Specifically, a flow is identified as the combination of the following seven key fields:

  • Source IP address
  • Destination IP address
  • Source port number
  • Destination port number
  • Layer 3 protocol type
  • ToS byte
  • Input logical interface

Packet sniffers such as Wire Shark can do this, but there are far better and easier ways to look at data flow.  Network monitoring tools such as Paessler PRTG can give great insight as to what is going on with a network.  PRTG uses SNMP (Simple Network Management Protocol) on a host machine to run the server core and at least one other host to be used as a sensor.  There are instruction on how to run it as a virtual machine on a windows server, which would be the proper way to implement the server, in my opinion.

For small to medium installations, the freeware version may be all that is needed.  For larger network and major market installation, one of the lower cost paid versions may be required.

Computer guys…

Some guy posted this picture on Reddit:

Small Office network

Small Office network

In the comments, he gets blasted for being too neat and using wire ties.  I know a lot of IT guys that are not very neat with their work and document nothing.  This is a big problem in the industry and does not, contrary to popular belief, promote job security.  I have walked into some very messy situations in wiring closets and rack rooms over the years.  My solution is always the same; run some temporary wires for critical machines/functions, then get out the big wire cutters and start chopping.

Graphical Network Simulator

I have been working with GNS3 (Graphical Network Simulator) in some of my classes.  It is a fine tool with which one can build simulated computer networks using various routers and switches.  The software program itself is free, however the Cisco IOS images are not included and must be found elsewhere due to copyright issues.  This detail is a bit of a pain, but not too bad.  Once the program is set up and the appropriate IOS images are loaded, the console functions exactly like whatever router is being simulated.  This includes running which ever terminal program is preferred, e.g. hypertermial, putty, or if using the Linux version, x-term, etc.

GNS3 screen shot, topology and router console

GNS3 screen shot, topology and router console

The advantages to this over something like Cisco’s Packet Tracer program are many.  In Packet Tracer, certain functions are locked out and generally there is only one acceptable way to complete any given task.  With GNS3, the IOS is fully functional, which means that experimentation and failure are available to play with.  Failure is a great way to learn things in any hands on environment.  The advantage of virtual failure is that only you know about it.

For real world applications, this means that router and switch configurations can be created, tested and tuned ahead of time then loaded into working devices, saving downtime and potentially handfuls of hair.

A few things about using GNS3, the PC idle tuning is required.  Each instance of IOS assumes that the entire processor is available to use, thus starting several routers can wonk a PC’s processor to 100% and windows will never fully recover.  Secondly, when starting each router, wait 10 to 20 seconds before starting another one.  Again, this has to do with the way IOS uses processors.  Also, to save time, store the IOS image as a decompressed file.  This saves quite a bit of time on startup.  Finally, do not forget to copy running config to startup config.  Even though GNS3 says it is saving the router configs, it does not save the running config unless you issue the copy run start command, just like a real router.

Wireshark; what is it good for

Wireshark is a packet protocol analyzer that is free for download and runs on Windows, Linux, BSD, OS X and Solaris.  In the evolving broadcasting studio, computer networks are the backbone of the facility. Not just on the office side of the house, but also in the broadcast origination side as well. Today, almost everyone uses some type of computer automation system running on a network. In addition, new technologies such as, AoIP consoles, VoIP phone systems, audio and video routing, remote control, off site monitoring, audio processing, etc continue to develop.  Because of this, more and more broadcast engineering work is falling into the computer and networking realm.

Like anything else, networks can fail.  Failure modes can originate from both the physical side, e.g. wiring, connectors, patch bays, network interface cards or the software/protocol side.  Being able to diagnose problems quickly and take remedial action is important.  On the networking side, if a physical problem has been ruled out, then the problem exists with a protocol.  That is where Wireshark becomes useful; it takes the guess work out of networking protocol troubleshooting.

Wireshark packet protocol analyzer has the following features (from their website):

  • Deep inspection of hundreds of protocols, more are in development
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Versions available for Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others OS
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • Filtering by protocol, IP address, MAC address, frame type, sequence number, etc
  • VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

Here is a quick video with some tips and tricks on using Wireshark:

A few things to keep in mind with the physical connection.  Connecting a computer to a switchport will establish collision domain between the switchport and the computer which is also called a network segment.  The computer NIC will see all traffic on that collision domain and all broadcast traffic on the network or sub network that the switch is attached to.  If there is a suspected problem with a particular network segment, the Wireshark computer needs to join that collision domain.

Creating a network segment tap with a hub

Creating a network segment tap with a hub

This can be done most simply by installing wireshark on the host in that domain. Alternately, a hub can be used to add another host to the collision domain.  Or, if it is a managed switch, there may be a provision to send all traffic on the switch out of one designated port.  This is called ‘port mirroring’, ‘port monitoring’, ‘Roving Analysis’ (3Com), or ‘Switched Port Analyzer’ or ‘SPAN’ (Cisco).

Network diagram with managed switch

Network diagram with managed switch

A quick tutorial on what to look for when using Wireshark, Part A:

Part B:

And briefly, that is how it is done.  There are many more videos on youtube and elsewhere if interested in learning more.

Very basic network security for Broadcast Engineers

Most broadcast facilities have an engineering department or service and an IT department or service which are separate.  There is often a fuzzy line between what machines belong strictly to engineering and what belongs to IT.  There are several different systems that have network interfaces but are not generally considered computers and fall squarely in the engineering department.  These include such equipment as transmitters, satellite receivers, EAS machines, IP based audio routers and audio consoles and IP audio CODECS.  In many cases, windows based automation systems and servers also fall under the responsibility of the engineering department.

As the recent incidents of network intrusions into vulnerable EAS machines shows, after installation, steps must be taken to secure networked equipment from malicious or accidental intrusions.  The aforementioned EAS intrusion was bad but it could have been much worse.

Anything with a network interface can be exploited either internally or externally and either by purpose or accident.  The threat plain looks like this:

Computer network intrusion plain

Computer network intrusion plain

Every unauthorized network access incident falls somewhere on this plain.  An unauthorized network intrusion can be as simple as somebody using the wrong computer and gaining access to back end equipment.  It can also be the hacker or cracker from a foreign country attempting to breach a fire wall.

Basic network security falls into these categories:

  1. Physical security of machine or server room
  2. Security against internal accidental or malicious use
  3. Security against external intrusion
  4. Protection against malicious software exploitation

The first category is the easiest to understand.  Physical security means securing the server room through locking doors and preventing crawl over/under entries.  Security cameras and monitoring is also a part of physical security.  Something that is often neglected is extended networks that bridge to transmitter sites.  Non-maned off site facilities that have network access are a vulnerable point if multiple clients or tower tenants have access to the same room.  Locked equipment racks and video cameras are two ways to secure non-maned transmitter sites.  Also, when using good quality, managed switches at transmitter sites, switchport security features can be enabled and unused switchports shutdown.

Accidental or malicious internal intrusions can be reduced or eliminated with proper password policies.  The first and most important password policy is to always change the default password.  There are lists of default router and switch passwords available online.  The default passwords for EAS machines and other equipment is published in owner’s manuals and most broadcast engineers know them by heart.  Always change the default password, if you do nothing else, do this.

no-default-password

Other password policies include such things as minimum password length, requiring special characters, numbers and both upper and lower case letters.  Even taking those steps, passwords are still vulnerable to dictionary attacks.  To prevent a dictionary attack, the login attempts should be limited to five or so with a thirty minute freeze out after the attempt limit is reached.

External intrusion can come from a number of different sources.  Unsecured WIFI is the easiest way to gain access to a network.  Always secure WIFI with WPA or WPA2 AES encrypted pre-shared key.  This will keep all but the most determined intruders out.  Other external threats can come from man in the middle attacks.  IP bridges and WIFI must always be encrypted.

External attacks can also come over the wired network.  Most small routers have default network and password settings.  I have started moving away from using 192.168 internal networks.  Router firewalls and personal software firewalls are effective but not foolproof.  Software updates need to be performed regularly to be effective.  One recently discovered exploit is UPnP, which is enabled on many home and small office routers.  UPnP (Universal Plug-n-Play) SSDP (Simple Service Discovery Protocol) can be exploited of exposed to the public network side of the router.  ShieldsUP! by Gibson Research Corporation is a good evaluation tool for router exploits, leaks and phone homes.  They also have links to podcasts and youtube videos.

Disabling unused features on routers is a good security policy.  Features such as DHCP, DNS, SNMP, CDP, HTTP server, FTP server etc are all vulnerable to exploitation of one form or another.  Turning off those protocols that are not in use will eliminate at least a portion of those threats.

Finally, worms, bots, viruses and other malicious software can come from anywhere.  Even reputable websites now have drive-bys in linked advertizing banners.  Non-windows operating systems are less vulnerable to such programs, but not immune.   All windows machines and servers that are in anyway connected to the internet need to have updated antivirus software.  Keyloggers can steal passwords and send them to bad places where people have nefarious intent.

There are entire books, standards and upper level classes taught on network security.  This less than 1,000 word article barely brushes the surface, as the titles says, these are but a few very basic ways to implement a security policy.  It is important for technical managers and engineers to learn about, understand and implement security policies in broadcast facilities or suffer the consequences of complacency.

Axiom


A pessimist sees the glass as half empty. An optimist sees the glass as half full. The engineer sees the glass as twice the size it needs to be.

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
~1st amendment to the United States Constitution

Any society that would give up a little liberty to gain a little security will deserve neither and lose both.
~Benjamin Franklin

The individual has always had to struggle to keep from being overwhelmed by the tribe. To be your own man is hard business. If you try it, you will be lonely often, and sometimes frightened. But no price is too high to pay for the privilege of owning yourself.
~Rudyard Kipling

Everyone has the right to freedom of opinion and expression; this right includes the freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers
~Universal Declaration Of Human Rights, Article 19

...radio was discovered, and not invented, and that these frequencies and principles were always in existence long before man was aware of them. Therefore, no one owns them. They are there as free as sunlight, which is a higher frequency form of the same energy.
~Alan Weiner

Free counters!