Archive for February 2012

Android Phone as BitLocker Recovery Key

I recently ran into an issue where I needed my BitLocker recovery key, but found that I’d left it at home. This locked me out of my machine for a few hours and was a bit of a hassle. It got me wondering if maybe I should instead keep said key on my phone instead, as it does a pretty good job serving as a USB mass storage device.

It turns out that this is not such a keen idea, as it doesn’t work out very well. On my Nexus One (and presumably other Android phones), when connected to a computer they prompt the user to switch the microSD storage over to USB Mass Storage. Once selected this takes a few seconds. Whenever the phone is disconnected from the USB host it automatically presents the card back to the phone, and only prompts the user once a host is detected.

With BitLocker, one becomes aware of needing this key when the boot is interrupted and the user is prompted to insert a USB mass storage device with the key present. The computer is then rebooted, finds the key, and continues to boot. With an Android device as the USB mass storage device this reboot resets the phone. I’ve found that it’s typically not possible to get the phone into mass storage mode between POST and OS load, particularly as the machines I’ve tried it on seem to reset USB after POST.

I think I’ll just have to stick with a USB flash drive for this.

Shattered Hard Drive Platter

To collect neodymium magnets for rebuilding the not-currently-great drip tray to kegerator / kegged beer cooler I started disassembling more old hard drives, attempting to salvage the magnets. When disassembling one drive I decided it’d be fun to bend the platter, but I (stupidly) didn’t pay attention to the platter material before doing so. The result? Tiny bits of broken glass and amazingly thin foil spraying all over the basement floor. Whoops.

At least it was easy to clean up.

I had little luck collecting useful magnets from the drives because some were too small, some drives only had one, and many of them shattered as I removed them. Instead I’ll just buy a bunch of tiny ones on eBay or Amazon and epoxy them on instead. It’ll be a lot easier.

iPod Battery Replaced

Roughly six years after buying my black fifth generation iPod I finally replaced the battery. After years of working well it was starting to fail, providing me with only a few hours of music listening while at work, way down from the original 10-15 that I was getting when it was new.

The replacement battery was part number BIPOD550MV30 from OWC, a very reliable online Apple reseller who has been around for years, and cost just over $20 shipped. While I could have purchased a cheaper battery via eBayI wanted to be sure to get one from a reliable place, so if I had problems with it there wouldn’t be an issue returning it.

The battery is now installed and charging, so hopefully by morning it’ll be full and ready to go.

Bundaberg and Underberg

Recommended to me late last year by my friend Joy is this, a mixture of Bundaberg Ginger Beer and Underberg herbal digestive bitters. Gently mixed together with a bit of ice, this is a wonderfully herby (sort of) soft drink. From a bit of reading I think this is a San Francisco thing, but I still enjoyed it on a warm (for February) day here in Michigan.

It amuses me that, despite being 44% ABV, Underberg is not sold as an alcoholic beverage at most stores. At Meijer it’s found in the import asile and not listed as age restricted when checking out, and at a local German market which isn’t licensed to sell alcohol it’s right next to the counter.

Then again, last time I bought some at the German market the teenage-ish girls behind the counter started laughing, exclaiming that they couldn’t believe I liked it. I suspect that the need to control it is rather limited, as apparently one of them noticed the alcohol content and bought some to drink before going out one evening. They told me that they hadn’t realized what it tastes like and couldn’t drink even one (1 oz.) bottle. Underberg is definitely not something that one ingests to become intoxicated.

Phenom Shuffle

A convenient trade took place recently, with me my swapping someone the white Specialzed Phenom from the trainer for a same-size one, but black with a red nose and wings. (He wanted the white one to match the all-white bike that he’s putting together.) Tonight I set it all up, taking the original Phenom with silver accents from the Titus and moved it over to the trainer and, as seen above, putting the new red-accented one on the Titus. I think it’ll match nicely with the other red bits on the bike such as the brake barrel adjusters, cassette, and cable housing.

This spring, once I put the trainer away (or maybe even a little before then), I’ll then take the silver-accented one and move it over to the El Mariachi. (This bike doesn’t have any red on it at all, and thus the red-accented saddle would have looked rather out of place.) I have a feeling I’ll be riding this bike quite a bit and I’d like it fitted with a saddle that agrees with bit more with my bits than the WTB Laser V that’s currently on it. The Laser V is a good saddle for a bike that I don’t ride for long periods of time, but extended periods of sitting on it tend to make things feel a bit… off.

MS12-006 and HTTP 408 Errors

I recently worked on an issue where a new Microsoft patch for a security bulletin, MS12-006, was correlated to a web-based application occasionally returning errors. Specifically, while using a web-based version of a reporting package off of a version of Sun (Oracle) Java Web Server the browser would occasionally return a Times New Roman-font “Request Timeout” message when users clicked report-generating links. The folks who support the server working on the issue initially had spent time uninstalling recent patches and found that removing KB2585542 (the patch for MS12-006 on Windows 7 clients) from the client machine would stop the issue from occurring. They then thought it might be a Windows client issue, which is where I got involved.

After some investigation it turns out that the problem was actually with the web server not handling split (fragmented) SSL/TLS records properly. The installation of the patch for MS12-006 causes IE to, in some cases, split SSL/TLS records into multiple requests. Since the server couldn’t appropriately handle these requests it thought the client closed the connection before sending a complete request and returned an 408 Request Timeout message.

This was illustrated by the HTTP logs on the server which show incomplete requests being returned 408 messages, similar to what follows. The bold line illustrates a request that correlates with the issue:

IP       | Username | Date                 | Request Header              | Status | Content | Length
---------+----------+----------------------+-----------------------------+--------+---------+--------

10.0.0.2 | -        | 17/Feb/2012:10:03:25 | "P"                         | 408    |         | 148

10.0.0.2 | -        | 17/Feb/2012:10:01:13 | "POST /TestApplet HTTP/1.1" | 200    |         | 13056

After the installation of the patch for MS12-006 there is a setting which allows this new feature to specifically be used only when called for (“optin mode”, the default), all the time (“enabled for all”), or never (“disabled for all”). Setting the option to “disabled for all” kept the issue from being reproduced, and when set to “enabled for all” it always occurred. (See the Registry Information section of 2643584 for more information on these options and how to set them.) By this I showed that it was this SSL/TLS feature causing the issue communicating with the server. Since this appeared to be an issue only with this particular server the team supporting it is now looking into potential solutions on that side.

While it may be tempting to simply disable this feature on clients, this would handicap one of the security enhancements brought along with the MS12-006 patch. Since this issue isn’t likely to be widespread (else lots of HTTPS sessions would be failing) I believe that the servers should be fixed to be compatible with the client’s standard behavior. Specifically, I believe the issue to actually be with the server not having an RFC2246-compliant TLS implementation and thus it should be fixed.

Hopefully this information will be useful to others who run into such an issue. It’s a bit opaque at first, since it looks to the users like the server is having a problem, but to server like the client is occasionally failing to send proper HTTP requests. Trying to troubleshoot this with Fiddler didn’t help either, because the HTTPS proxying would recreate the request, apparently no longer splitting the SSL/TLS record, which kept the error from appearing.

Here’s a few links which are helpful in understanding this issue, in order of usefulness:

· MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012
· SSL/TLS Record Fragmentation Support – Microsoft blog article describing the issue in reverse, from a few years ago when SChannel didn’t support SSL/TLS Record Fragmentation.
· Microsoft Security Bulletin MS12-006 – Important, Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
· HTTP Status Code 408 Documentation
· RFC2246 – See section 6.2.1.

Dirty Ears Beget Dirty Earplugs

Last night I put in some ear plugs, but because I hadn’t cleaned out my ears first all of the wax in my ears seemed to stick to the plugs, as seen above. (Click here to embiggen.) While I now have to toss out these earplugs, it does show that they do a pretty good job serving as an impromptu — though not immediate — ear cleaning solution.

A February For Riding

This February’s bizarre weather has made for some really nice riding. After a hectic (but good) day working I was able to get out a little early and go for a ride. Trails are still too squishy to ride, but almost all of the pavement was dry, the sun was out, and the air was warm enough that I could wear knickers, toe covers, a base layer, and a light wind jacket.

During this ride I explored a few neighborhoods that I’d yet to pass through, finding a new (to me) connector to the MOT near 24 Mile and a route through an undeveloped neighborhood, up a small rock retaining wall, and into another neighborhood that I frequently pass through. While I didn’t venture into it (because of the aforementioned soft ground and my relatively skinny tires) I also came across a sane entrance to this path-filled yet apparently abandoned area which might be a nice place to take a break and eat. More and more of this area is starting to come together mentally, and I’m getting even more ideas for long path/residential/dirt road rides.

The full route / GPS data for the ride can be seen here if you’re interested.

LP Gas Tank Weights

My LP gas tank, when essentially empty, weighs 17.82 pounds. When freshly filled by Metropolitan Tool Rental in Shelby Township it weighs 36.32 pounds. The TW (tare weight) stamp on the chime indicates that the empty tank should weigh 17 pounds.

I’m not sure if I’ll go to Metropolitan for another tank fill, as they seem to charge a fixed price for tank filling regardless of amount needed. I was getting one tank filled and another (which was about half empty) topped off, and I was initially told that there was a flat rate for filling any tanks. Asking them if it’d really be full price to have one tank partially filled they cut that price in half. Next time I’ll try and find a shop that simply charges by the quantity of fuel sold plus a base service charge or something.

Essentially empty is defined as when the tank is empty enough that, while operating a turkey fryer burner for brewing beer, it would not produce a normal flame and thick frost was developing on the very bottom of the tank. Upon swirling the tank to warm the liquid the flame would return to normal size, but within a few minutes it would settle back town to a trickle. I’m presuming that the gas level was low enough that any evaporation (read: liquid turning to burnable vapor) was sufficiently chilling the remaining liquid so that it wouldn’t readily evaporate.

Burroughs Mainframe Cards

Years ago I got the chance to help empty out a friend’s neighbor’s basement after they passed away. This basement was stuffed with old computers and electronics, and I acquired a number of interesting items from there, many of which are now displayed around the house. (Core memory, old test equipment, notebooks, etc.)

The photos from this excursion can be found here, if you’re interested.

One of the items I’d acquired was a milk crate full of old cards from a Burroughs mainframe. Each is a bunch of discrete components built into what’s essentially a logical unit, designed to perform some function. These days a small integrated circuit would be used to perform the same (or multiple) functions.

I’ve given many of these items away, as in my excitement I ended up with many more items than needed. Everything from large boxes of valves to old, uncalibrated oscilloscopes have found homes with friends who had a better use for them than I did. A little while back I was contacted by a guy named William Donzelli who was interested in the history of the Burroughs mainframe and the cards from it. I didn’t know much about it and couldn’t answer many questions, so a couple days back I sent off this box containing the cards to him. Hopefully he’ll find them enlightening.