All posts by Matt Elsberry

See: About

Will data pass through water using conventional methods?

About a year ago, my sons and I performed an experiment regarding the conductivity of salt water vs. fresh water.  It was a fun and interesting experiment for my boys, so I came up with an idea to try, playing off of that experiment.

I was curious if we could get data to pass through water, using Cat5e Ethernet and replacing  a length of the conductors with salt water.  In order to do this, we would need a few supplies, which include:
– Clear, non-conductive tube (at least 4 pieces)
– Clamps, to hold them in place
– Most conductive salt water mixture
– Category 5e, Ethernet cable
– Computers for each side
– Ohm meter

The first step we needed to do was actually a smaller experiment, which was to determine the best salt-to-water ratio.  Our control was 1 cup of tap water.  We started by measuring the resistance with zero salt added, this yielded a result of 210 k ohms.  The next figures are the results of the same cup of water, adding 1 Tsp of table salt each time:
WATER    Tsp Salt   Resistance
1                   1                 35 m Ohms
1                   2                 90 m Ohms
1                   3                 84 m Ohms
1                   4                 84 m Ohms

Judging the above results, it appears that their is a point of diminishing returns as far as the ratio of salt and water and the amount of resistance in which it decreases.

20160905_150029

To be sure, we ran the experiment again, this time increasing the salt amount by 1/2 Tsp.  The results were as follows:
WATER    Tsp Salt   Resistance
1                   0                210 k Ohms
1                   .5                38 m Ohms
1                   1                 38 m Ohms
1                   1.5             83 m Ohms

Given the above results, we determined that 1Tsp to 1 cup of water was a good ratio, as the resistance appeared to increase after 1Tsp of salt.

It was now time to set up  the experiment.  At this point, I should explain a few things about Ethernet and how it works.  There are eight conductors total, in an Ethernet cable.  Only four of them are used to transmit data. in both IEEE standards, 568A & 568B, these are the Orange/White, Orange, Green/White, Green wires.  The other four are reserved for PoE (Power Over Ethernet) applications.

That said, we bound the tubes together, side-by-side, in order to reduce the coiling and make them straight (for ease of filling them with water).  We then bound them on each end, at the same height, so they would fill to the tip of each end. The total length of each tube was 5 feet and the inner diameter was 5mm.

20160905_162038

After this was done, we filled each tube with our mixture of salt water (determined by the previous experiment).  We cut an Ethernet patch cable in half and separated the Green and Orange pairs.  They were then untwisted and each conductor’s insulation was stripped off of the end, approximately 2 inches.  These ends were then stuck down into the separate, water-filled tubes.

20160905_161949

Before connecting these to computers on each end, I decided to perform a continuity test on the link, using an Ethernet tester.  Once connected, the tester did not indicate a link and raised the suspicion that the water mixture would not provide enough continuity to establish a link.  I tested this further by inserting the leads of our Ohm meter on each side of one of the tubes.  Tough we received a reading (indicating continuity), the resistance was 74 k Ohms (74,000 Ohms), which would cause so much attenuation in the signal, that a PC’s NIC (Network Interface card) would not even establish a link.

20160905_162929

20160905_162947

I felt at this point, it would be futile to connect the two PCs to so much resistance, as it may damage the NIC card, furthermore, the tester uses much more voltage and could not determine continuity over the conductors, so a lower power NIC would not be any better.

At this point we ended the experiment with Negative results (which in the Scientific community, are still results).

20160905_162940

I do feel that we can achieve our goal of passing data through water, however I hypothesize that the water’s mixture should contain more elements, such as magnesium, iron, copper, etc.. and the conductors should be closer together, allowing the data to pass through less water.  I feel that we will build upon this experiment, using the variables I just mentioned, and hopefully achieve a positive result.

It still proved to be fun and my boy got a kick out it.  So we did achieve SOME level of success!

20160905_162957

The seasoned advantage: A PC repair story.

A little background for the foundation before I start:  For roughly 14 years now, I have migrated from fiddling with computers to repairing them professionally.  Along the way, I have made some blunders… some BAD blunders.  From not wearing an anti-static band to plugging a PCI riser card into a powered-up and running server (POP goes the riser card – D. Muntz, if you are reading this, you should remember that night.).  I say that to make this point, not only to the IT Professionals but everyone who performs a repair, installation, construction, and maintenance on other people’s property;  “Mistakes make us better at our job”.

That said, I wanted to share a story from this week that could have turned out to be quite disastrous.  I received a PC, from a well-respected friend who trusts me to handle their PC issues.  It seems it was suffering from the infamous BSOD (Blue Screen of Death).  These can be a number of things, but the ones that stick out are corrupted drivers, bad memory and failing hard drives.

Since the PC would not boot and went straight to the BSOD, I decided to try the easiest thing first.  I loaded my trusty Memtest Live CD and booted into it.  Almost instantly after the memory test began, I saw errors in multiple memory addresses, confirming that the memory was indeed bad.

I replaced the module with a test module that I have lying around, just for these instances.  The PC successfully booted, and into the Windows environment, I went.  As of now, the issue had been discovered and resolved, however, I began to notice things… bad things, in the form of pop-ups.  “Virus this, PC Cleaner that, Backup your PC, You need to purchase ….”  Clearly, the machine suffered from a malware infection.  Also, I noticed that it had no network connectivity.  Upon further research, none of the network interfaces were loading.  Checking the system services revealed even more issues.  There were a number of system services that were stopped and could not be restarted.

I could not, in good faith, return the machine back to the owner like this.  Instead of fighting hours of a losing battle, I decided it was time to wipe this puppy clean and start over.  Before doing so, I grabbed my trusty external hard drive and began backing up vital directories and files.  While doing this, I noticed that the PC had Microsoft Office installed and activated.  Over the years, I have found that the majority of people DO NOT retain the product keys or packaging that this software comes in, so I decided to use a tool that scans the PC and reports back with a list of the product keys of registered software.  This was copied on to a flash drive for future reference.

Now, with the user’s files backed up and the product keys safe in hand, I initiated the full system restore.  After about 20 minutes, I was faced with a “factory setting”, working PC.  The retention of the Office product key proved to be a life-saver, as the software needed to be activated once again (big problem dodged there).  I then copied over all of the files and the PC was just about back like it should have been, working network services and all.  All that was left was about 140 updates from Microsoft.

At this point, I generally format my external drives so that when I need them again, they are not full of old files from a previous repair. However, for some reason, I decided to keep them until the PC was delivered.  I started the above-mentioned updates and left for the evening.

When I returned the next day, the replacement memory that was ordered arrived and it was time to change out the test module for the new one.  The PC was already off, so I made the swap and powered the machine on.  What happened next was any technician’s nightmare.  “Please insert bootable media and try again”…  WTF?!

Several reboots later, a Clonezilla attempt, another recovery attempt and I was left with a deceased hard drive.  It must have died sometime during the night amongst the plethora of Microsoft updates.  That’s okay, I will just copy the partition with the system recovery to another drive… NOPE, dead too.

DAMNIT!   What now?  Since this was a Samsung PC, the Operating system product key is made specifically for special OEM media from Samsung.  I looked on the back of the PC and found another disturbing sign.  It was a “Display Model” sticker from Best Buy, which means that the owner most likely did not receive any type of recovery media, manual or box for that matter.

At this point, all is lost.  I decided to place one of my refurbished hard drives in the machine and made what I thought would be a futile attempt at contacting Samsung support and requesting recovery media.  To my surprise, they were very accommodating and processed a new set of recovery media to be mailed straight to me.  After that, I walked back into the workshop and I saw it… glowing like it had an aura.  It was the external drive that I decided not to erase!  The customer’s info would alive!  The PC may be late, getting back to the customer, however, it will be fixed, it will be right and if you are wondering… no, the customer will NOT be charged for the replacement drive or any additional labor.

So, in closing, I wrote the long-winded story above, to make a point.  I have been faced with this before and did not have the wherewithal to create a backup.  It was only after making a huge mistake, that I remembered what needed to be done and it paid off.  Cherish your mistakes and your blunders, as they are what make you better at what you do and make you …. “Seasoned”

– Matt

Secure Conscious : What users need to know.

It’s been a while since my last blog entry.  So I decided to write this entry, based on a recent conversation with a customer in reference to Security and Antivirus.  This may be more of instruction than personal blog material, however I felt compelled to do it.

 Let me open with a statement that I want to make perfectly clear.  Antivirus products are like pizza toppings; no two I.T. Professionals will agree on the best (or some figure close to that).  Also, I will be writing this for the general user, so some I.T. Professionals may find it quite basic and lacking in technical depth.

 I have been in the I.T Field for roughly 14 years.  Antivirus programs have evolved quite considerably from the beginning days, however the basic principle remains the same, across many different products.

  • Act as a liaison between the buffer and memory, compare each file against an entry in your definition database.
  • Delete, disinfect or Quarantine files that match the ones in the definitions.

In later years, a new development changed the Antivirus programs and made them much more efficient and took loads off of the development and research teams that were used to compile the definition databases.  This was called the Heuristic AV engine.  With this, Antivirus programs could effectively detect new threats that were not already listed in their definitions.  The Heuristic engines were composed of many different variables that raised alert flags within the system when certain criteria were met.  The local installation of the Antivirus program would then give a choice to the user, whether to accept or block said suspicious file.  These were also, in the background, sent to the Antivirus companies for further analysis.  Analysts would confirm the new-found threat and include the definition in next month’s definition update.

 For years, this was the way Antivirus programs worked, and to this day, some of them still use this method.  However, with the advent of the “Cloud”, came a new and better way of dealing with virus definitions.  There are a few notable products that use this technology, however I am going to use one in particular, who helped pioneer this approach, Panda Security.  Now that most internet speeds are high enough to handle this constant connection, it was feasible to eliminate the need to compile definitions every 30 to 45 days. Instead, Antivirus programs could stay connected to their databases online.  The difference this made, is that new found viruses and threats could be sent to the database and within a matter of 6 minutes, everyone else that used that particular Antivirus program was protected against the new found threat.  This made the spread of viruses much slower (within the circle of users for that particular product).

 Another great leap forward was the utilization of the Windows subsystem: VSS (Volume Shadow copy Service).  Webroot security has implemented the use of this service in order to battle malicious threats that hijack a user’s files and holds them for ransom.  One threat in particular is the Cryptolocker virus, which encrypts a users files and gives them 10 days or so to pay the ransom before access to the files is permanently lost.  Webroot, can restore the files, using the copies in the VSS system, since the encryption is, at the moment, unbreakable.

 Now that I have given you a crash course in Antivirus technology, I want to drill down to the bedrock of the reason behind my post.  NO ANTIVIRUS PROGRAM IS 100% EFFECTIVE! Remember this, and you will already be ahead of the game.  There are a few things, as a user, that you need to know when dealing with threats and the internet as a whole.

  • Get familiar with the interface of your Antivirus program.
  • Look at hyperlinks in your email before you click them
  • Be cautious of free software
  • Learn how to close your browser without clicking the “X”
  • Use Internet Explorer for downloading Chrome or Firefox ONLY.
  • Learn how to determine a secure website vs. non-secure.

 Let’s start with the 1st one, Getting familiar with your Antivirus interface.  If you have ever fallen victim to a rogue Antivirus program, then you will know exactly where I am going with this.  Many times, embedded in websites, are Javascript commands that pop a small window up (usually in the bottom corner), that appear to be an alert from your Antivirus; stating that you have n amount of viruses.  It instructs you to “click here” to begin removing them.  Once it finishes with the “scan”, it tells you that you need to purchase the upgrade for 39.95 in order to complete the disinfection.  This is what is known as a rogue antivirus program OR ransomeware.  Believe it or not, I know of MANY MANY people that gladly paid that 39.95 and didn’t know any better.  The best way to counter this is to get familiar with the way your Antivirus program looks and reacts.  That way, these “warnings” should look out of place and are easier to pinpoint.  How do I  know what my antivirus looks like when I get a virus, without actually “getting a virus”?  Simple.. there is what is known as as the eicar test file (which originally stood for: European Institute for Computer Antivirus Research).  You can obtain this test file from AND ONLY FROM: http://www.eicar.org/85-0-Download.html.

 Second, inspect hyperlinks in your email before you click on them.  Hackers and programmers in general are very good at making hyperlinks appear to be for a particular website, when in fact, you will be directed to somewhere totally different.  Most of the time, once you click it, it is too late.  Generally in every email program, when you hover over a  link, the address that it takes you to will be displayed on the bottom-left of your program window.  For instance, you receive an email about your online bank password expiring.  They need you to click the following link: www.mybank.com/passwordchange.  When you hover over the link, the bottom display shows an entirely different address like: youfool.igotyourpassword.co. This should be a red flag, indicating that you need to delete this email immediately and NOT follow the link.

 Next, Be cautious of free software. If you think that programmers sit at their computers and write thousands of lines of code, just to make a piece of software for you and not charge anything for their time, the server space or the bandwidth it takes to accommodate downloads, think again.  These pieces of software are usually made available in exchange for your email address, personal address, phone number OR they can contain scripts that monitor your web surfing profiles or worse, record passwords and report back to their developers. Ever started getting penis enlargement emails?  Think back, there was most likely a free piece of software, free game or free online dating profile that you acquired recently.

 Next, what happens when you click to see that cat video and it takes you to a page with a big warning in the middle about your PC’s performance?  You know it is a scam, but the “X” on the window does not look like a regular “X” for closing Windows.  Good observation, most of the time, those “close” buttons will actually trigger the execution of a malicious script.  How do I safely close this without interacting with the suspicious button?  The answer is:  Alt + F4.  Pressing these two keys will effectively close whatever the “active” window is on your screen, in this example, it would close your internet browser.

 Sit around a group of I.T. Professionals long enough and you will start to hear the jokes fly, in reference to Internet Explorer.  This is not due to some comedy embedded in the browser, this is a psychological mechanism for coping with a magnitude of problems stemming from this horrible, wretched, unsafe browser.  I could write an entire paper on why you do not use Internet Explorer, but for now, just take my word for it and leave it for when you need to download Google Chrome or Firefox.

 Finally, learn how to distinguish when you are on a secure website.  Generally, you want to concern yourself with this only during times when you are entering personal information on a website. In the VERY TOP of your browser, you will see the URL of the site you are currently visiting.  A secure site should start with “https://” notice the “s’”, it stands for secure.  Get used to looking for it and if you do NOT see it, do not fill out whatever information it is asking for.

 As I stated in the beginning, this entry in intended for the general user.  My fellow I.T. Friends would have two or three more pages of Dos and Don’ts, however knowing and following those that I have stated above will keep you more secure than you would without.  If you take anything away from this, please remember that having an Antivirus program is not a license to compute without concern.  Antivirus does nothing if not accompanied with a little common sense and knowledge.

To my fellow I.T. guys that follow my blog, I know it’s killing you that I left something out, so feel free to comment below.

 

Spinning internet security with the Rotary Club.

Today, I had the honor of being a guest speaker at our local Rotary Club.  The topic at hand… Internet Security, as it pertains to consumers/individuals.

My audience was a diverse crowd of business owners and executives, both young and seasoned.  While the scope of my topic did not delve into corporate or enterprise-class practices, the questions that I received at the end, proved that my message carried weight and that my audience was indeed interested in what I had to say.

During my 30 minutes, I touched on what I considered to be important aspects of safely traversing the internet.  What I strove  to drive home, was that common sense and familiarity with the technology play a big role in security.  Points such as http vs. https as well as unique and complex passwords seemed to yield a great deal of nods, proving that I was connecting with them.

It was not until I began speaking about my experience in Law Enforcement, as it pertained to cyber crimes and exploitation of children cases and how unsecured wireless networks can be a contributing factor, that I began to see genuine expressions of fear and concern upon their faces.  I had apparently, at this juncture, revealed a large amount of individuals who have open, unsecured wireless networks at their homes.  The thought of an offender, sitting outside of their home, connecting to their WiFi and conducting transactions with stolen credit cards or worse, uploading child pornography, had them wanting to go home that second and secure their wireless; some even expressed intentions to turn off their wireless completely.

Even though my intention was not to employ a scare tactic, I believe my point was well received.  I can imagine that the War Drivers and WiFi Piggy-Backers will find the airwaves a tad more secure in our town tonight.

A huge thanks to the Quitman/Brooks County Rotary Club for having me today.  The food was delicious and the members were very welcoming.  I would be honored to visit again, as a speaker or a guest.

Walking the tightrope of Managed Services

I was first introduced to Managed Services in 2010 when I went to work for a local MSP.  Two of the employees were (and still are) very close friends of mine.  One, of which I regard as the main contributor to my technical knowledge.

At that time, I was used to break-fix repair, waiting for customers to call me when something broke.  This type of service can be sporadic and can leave you with no revenue for days or even weeks.  The problem with break-fix repair is that sometimes the end user is not really aware that there is an issue.  Other times, they are reluctant to call for a small problem since they will receive a bill for your services.  Who wants to pay a $60.00 service charge for resetting their browser settings or updating Java?  Instead, customers will allow these minor problem to pile up and manifest into a big problem.  At this point, they are left with an unusable machine and have to stop work and wait, until you have the time to remote in or make an on-site call.

Being introduced to Managed IT Services changed my perspective in regard to IT support.  With the invent of the MSP (Managed Services Provider) platforms and RMM (Remote Monitoring and Management) tools, it made it possible to monitor every aspect of a PC, Workstation, Server, Laptop and eventually mobile devices, including smartphones.  No longer would I be in the dark.  I could now set thresholds for numbers such as (just to name a few):

  • % Memory in use
  • % Hard drive free
  • % CPU resources free
  • CPU Temperature

What’s more, I could also script certain tasks that would otherwise call for me to perform manually.  Before long, it became apparent that many of the preventive maintenance tasks that I used, could be automated AND I could perform tasks on many machines at once, allowing me to multi-task and clear multiple tickets at once.  By doing this, the number of calls or tickets that we dealt with were mainly requests for certain tasks or changes.  Very rarely would we need to repair something that was a result of system resources going unchecked.

Having gained this new-found knowledge, I wanted to be in control of my own MSP.  This came to be, after an unfortunate clash with one of the above-mentioned friends, caused me to lose that job.

I quickly went in search of my MSP platform of choice.  I was, of course already familiar with the one that we used in my previous job. However, I wanted to be different.  I didn’t want to ride on the coattails of my previous experience any more than I needed.

After lots of searching and lots of trials, I finally settled on a brand/product.  I was now ready to take on customers.

I quickly found out a couple of things:  I am not a salesman and businesses can rarely afford the support that they need.

Each and every business that I encountered had ZERO preventive maintenance and needed these services in a bad way.  However, overcoming the hurdle of convincing them that an ounce of prevention is worth a pound of cure was difficult.  Also, I found that the smaller businesses were easier to land as clients than the bigger ones.  The cost per device quickly added up and prospective clients were quoted with monthly bills that would be hundreds of dollars; an expense that was simply not budgeted for.

I was quickly faced with the dilemma of knowing what the customers needed and not being able to provide it to them due to cost.  As a result, here I sat, paying for licenses to software that was not being used and having at my fingertips, the ability to form a powerful, well-respected IT firm, yet still grasping at straws as far as building a customer base.

In the IT world, we techies are always in search of the best, fastest and newest technology.  We generally have a better understanding of what users need than they ever will.  However, lack of knowledge, care and/or funds on the user’s part, sometimes forces us to revert to older, less efficient ways of delivering our service.

I would love to be able to end this post with an epiphany or some type of solution I found to overcome this, however, I am frustrated to say that I have yet to find such.