Monday, October 16, 2017

WPA2 KRACK (Oh, God no)

It seems a researcher staring at code has discovered a giant flaw in the WPA2 protocol. I hate it when that happens.

WPA2 is the wireless encryption protocol that secures our data between our wireless devices and our routers. This new crack takes advantage of a flaw in the 4-way handshake (trust me on this, I know what I'm talking about) to allow malicious hackers within physical distance of connecting to your router to read your wireless traffic and even inject malicious code onto your device (such as ransomware).

It's important to note a few things. First, this crack cannot be used to attack your device from anywhere in the world. The attacker must be within physical distance to connect to your router's wifi. Second, all unpatched devices as of now are vulnerable. Third, HTTPS and VPN traffic remain secure as long as whatever applications you're using don't bypass those encryption protocols. This caveat mostly applies to apps; browsing HTTPS sites in a web browser is safe.

The good news is this flaw can be patched, and only really needs to be patched on the client side, so if your old router doesn't receive firmware updates I wouldn't freak out about it. What's most important is that your laptops, phones, etc. receive patches. As a temporary precaution I've turned off wifi on my phone, turned off my wifi printer until I really really need to print something (hopefully Epson will have an update available before then, but I have no idea if they're reliable about such things) and am using ethernet on my home network.

What does this mean for OS X and Linux PowerPC users? Linux patches are reportedly on the way, but unsupported OS X systems are likely to remain unsupported, lulz. Tiger and Leopard users may have to rely on "security through obscurity" warm and fuzzies to reassure themselves that hackers would never use this hack to inject malicious PowerPC code onto their systems. But who knows, maybe there's some check box in System Preferences we can tic to make it all go away.

Finally, this applies to everything that connects to your router via wifi -- laptops, phones, printers, wifi bluray players, all of it (hence the "Oh, God no" histrionics in the subject line). I'm starting to get a little ill just thinking about it.

Anyway, here's a decent link to read more if you're insolent enough to require more than my third-hand understanding of these things:

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Thursday, September 7, 2017

More SSD Lessons from Adam Albrec

(The following is a guest post by PPC Media Center creator Adam Albrec who shares his experience using SSD and SATA for a year on his MDD Power Mac.)

So after 1 year using an O.W.C. SSD (and figuring out a SATA connection to make it go) what have I learned?

Still Loving it. For anyone doing PPC (in a case that lets you tinker), and wants a boost, in the final analysis, it is SO worth your money! My PPC is more responsive than my Brother's Mac Pro (Quad Xeon) and while it cannot say - convert a DVD to mp4 as fast, his only about 4x faster; which is interesting since it should theoretically have 15-20x the power of my MDD. Multitasking in Tiger also is silky smooth even with LOTS open.

So what's the downside or catch??

1. Well - a couple of very real things. This drive (especially in a 32Bit system like my G4) needs a good 60-80GB free for Swapping (especially if using a RAM heavy app like Photoshop CS4). Otherwise it will get REALLY unresponsive when it starts trimming unused blocks back to available status. With my current workload, just had to upgrade from 120GB to 240GB and now all is Right with the world and it's Super Happy again.

2. AND when first cloning a system to an SSD, it will be really SNOTTY for a couple of weeks while it gets sprawled-out. Most have noticed that when you clone OSX to a normal drive it will feel a bit laggy for a few weeks, but with an SSD, this turns into Kernel Panics - and lots of them for a week, then a few the 2nd week then after about a month smooth sailing. Apparently the RAID0/parallel-access that SSDs use can cause a lot of sync errors with the system bus until it balances and spreads over the drive. In practice this just reiterates the old adage in the beginning: “Save Often”, and after a few weeks you can relax.

Some have said that getting O.W.C.s Extreme 6G SSDs alleviate both of these concerns since they handle big chunks of data more efficiently and also reclaim unused blocks faster, but an OWC rep advised against it because he felt that syncing with a bus so much slower might lead to other problems (curious other people's experiences). With my system, this did make sense though as the 3G Electras they sell are virtually identical to my G4 systems native bus speed. For a G5, the Faster 6G SSDs might be better. At this stage, the prices are often within $10 for one or the other (NOTE: the 3Gs are warrantied for 3-years and the 6Gs for 5-years).

Now the SATA Question:

Have also upgrading to a Sonnet Tempo TSATA for the internal drives and a FirmTek 1Se2 eSATA card for external connections (like data recoveries and such) this too, has been AMAZING. With this configuration, and also a Sonnet Allegro FW800 card (still $20-$30 on eBay), I'm now able to copy/move files at TWICE the speed of my Brother's Hoity-Toity new Intel Beast!

And with Apple's new Thunderbolt to FW800 adapter (under $30), even our old machines can interface with Thunderbolt at about 75% of current real-world speeds for new systems. Only ultra high-end 6G systems really even make use of Thunderbolt fully, and the result is that our old Macs can be VERY COMPARABLE to USB3. This is especially useful to keep in mind if you are keeping an old G4 for a file server!

A real world use was recovering a PC Hard-Drive for a customer. Pulled 100GB of 'User's folder from an NTFS volume in 30-40 minutes (eSata to FW800)!!!!!

OK so now the 'BUT' on this topic...

There are things to keep in mind. The eSATA External 1se2 cards are still available new from FirmTek, but they are eSATA and for External drives (which is less ideal, than internal). The Sonnet cards built on the same chipset, are amazing, but very expensive and hard to find now (will likely take about 6-weeks of watching eBay and Amazon to find one).

But What about the inline IDE to SATA adapter cards many are using (as I did in the beginning)? They are lovely - especially for the $5 they cost. They work just fine (minus the ability to check SMART status of the drive), but only at IDE speeds. Until you find your FirmTek/Sonnet card, however, you'd be very wise to pick one up to start enjoying your new SSD right away. If you are only doing one System Drive, it might even make sense to stop there.

BUT the benefit of the FirmTek-based SATA/eSATA cards is that they have internal data-processing/buffering that accelerates and stabilizes file transfers between drives sharing the same card, well beyond the system bus-normal abilities (a big plus on a G4). So while I'm listening to iTunes, or watching a video and Carbon Copy Cloner comes on to do my backup, I don't even notice a hiccup in playback because both my SSD and Backup drive share the same Sonnet Card. On clocking a 1GB test-file transfer going from one drive to the other, it maintained a ROCK SOLID 52MB per second (416Megabits), and a MORE IMPRESSIVE 27MB per second (216Megabits) simultaneously copying in both directions - with NO additional overhead to the CPU!

Thus the Gold Standard would be to find the Ultra Rare 2-SATA/2-eSATA card by FirmTek (SeriTek/1VE2+2) and have any attached drives share this amazing performance boost.

But getting back to the inline IDE/SATA adapters, they are fantastic for using modern optical drives (little known fact, while you cannot connect two SATA drives with such adapters on an IDE ribbon-cable, since Sata doesn't have a Master/Slave framework, you can use an IDE drive as 'Master' and SATA as 'Slave', thus enabling having a normal Dual-Layer DVD+- Drive in the top and a Sexy New quad-layer, BlueRay/MDisc burner on the bottom of an MDD. And the upper and lower tray ejectors still work!

My current setup with the two cards is fine; transfers run about 45.5MB per second (364 Megabits), but when I am moving big files between an internal drive on one card and an external drive on the other card, or vice versa, and it has to go through the system bus, while still VERY fast, bus-saturation suddenly rears its ugly head and applications like iTunes start cracking and popping as it tries to keep up. The good news is that this really only seems to be noticeable during really big file transfers, rather than read-in data.

The two card solution does have one other issue worth mentioning. For the cards to function, they must have the same firmware (if both SeriTek based), and they DO NOT want to be seated next to each other.

And what of the "Other" cards like SIL3114/SIL3124? I have yet to get them to reliably work and stay working - after trying a lot of them. Maybe this isn't as much of a pill on some PowerMacs, but At least on Digital Audio through MDD, Apple's PCI Slots want it 'Their Way' and often don't work as expected. An advantage of the SeriTek cards is perfect compatibility (often in OS9 too).

So in short if you like your Apps, and just want better performance, it might make sense to switch your system drive to SSD and get some SATA love going to it.

Adam :0)

P.S. A final note on the Sonnet Allegro FW800 card: While ultra-big drives (larger than 2TB) are a big issue even for many newer systems, O.W.C. has a USB2/FW800 Dual Enclosure for under $100!

It supports 20TB drives in Striped, Mirrored and JOBD configurations and with the Sonnet Allegro is absolutely seamless to use.

https://eshop.macsales.com/item/OWC/MED3FR0GB/

Just note that OS9 will not recognize more than 2TB, and will try to “Initialize” the drive – so you've been warned! Also for compatible drives, OS9 will only run it at FW400 speeds.

When you see how much 'Real' raid cards still cost for these older systems used on eBay (usually only supporting OSX OR OS9), and see this unit flawlessly do the heavy lifting for a say a mirrored config, it is an amazing value. The normally Green lights will momentarily flash Red and rebuild blocks so fast you don't even notice during sometime sensitive - like video playback.

Saturday, July 29, 2017

New PowerPC Hardware in Sight

We have not one but two items of news on the PowerPC hardware front. Yes, you read that right. It's not just software developers still working in PowerPC. There's also some hardware development happening.

First there is the PowerPC Notebook project I blogged about back here. They've kicked off a fundraising campaign to hire Acube Systems to design a PowerPC motherboard with the following rough specs (quoted from their project blog):

  • CPU: NXP T208x, e6500 64-bit Power Architecture with Altivec technology
  • 4 x e6500 dual-threaded cores, low-latency backside 2MB L2 cache, 16GFLOPS x core
  • RAM: 2 x RAM slots for DDR3L SO-DIMM
  • VIDEO: MXM Radeon HD Video Card ( removable)
  • AUDIO: sound chip, audio in and audio out jacks
  • USB: 3.0 and 2.0 ports
  • STORAGE:
    NVM Express (NVMe), M.2 2280 connector
    2 x SATA
    1 x SDHC card reader
  • NETWORK:
    1 x ethernet RJ-45 connector
  • WiFi connectivity
  • Bluetooth connectivity
  • POWER: on-board battery charger and power-management
  • CHASSIS: standard notebook case 15,6”

As of this writing they've raised about 4,500 of their 12,600 goal. All the details of the campaign are at this post, and you can read much more at the GNU/Linux PowerPC notebook blog and the Power Progress Community website.

A small but dedicated community has gathered around this project, and if the past is evidence they're in it for the long haul, so I think this project warrants some serious consideration.

There's also another PowerPC project that might be even closer to fruition, the Talos II. Cameron Kaiser has been following this project on his blog, so read all about it there, but suffice to say they look tantalizingly close to bringing a POWER9 desktop to market.

There is no RISC in not trying.

Oh, God, that ended terribly.

Saturday, May 27, 2017

IPv4 is Apparently Ludditeville - And Also Faster

I got an email from Adam Albrec, creator extraordinaire of PPC Media Center, with a fix to a performance lag he noticed when moving to a new house. PPCMC wasn't nearly as fast in the new digs and after conversing with the youtube-dl developers, they suggested he disable IPv6 in the app. He reports it helped "IMMENSELY." He promised a new version of PPCMC which will do this automatically, but you can disable IPv6 system-wide right now in Tiger by going into Network Preferences, and under the TCP/IP tab, click the "Configure IPv6..." button and switch from "Automatically" to "Off".

In Leopard it appears you have to click on the Advanced button first to get to the TCP/IP tab, as illustrated on this University of North Carolina help page.

I also noticed on G5 Center's Internet page this tidbit:

Pro-Tip: Tobias, key developer of Leopard-Webkit, recommends disabling IPv6 in the Network system preferences for your internet connection/port on your Mac if you experience hangs when loading webpages. I can confirm that this leads to a night and day performance change for my G5. WebKit is smooth as silk now.

So disabling system-wide sounds like a good option to experiment with. Just be aware, things like Bonjour or other system services could break, but re-enabling IPv6 is quick and easy.

Que the network IT people saying, "Don't disable IPv6. Fix your @#%^&$ing network!"