A lot of times, you kind of want access to your favorite content, even if it's just to read it, while at work or school. Some places with more draconian Internet access policies block pretty much everything "cool" and paint their restrictions with a very wide brush. In this series, we'll uncover a few ways around these restrictions.
With each article, I will delve into techniques that are progressively more advanced and difficult to implement. Keep in mind that this is a thought exercise in evasion. Implementing this stuff could get you expelled from school, fired from your job, or banned from public-access computers in a library or coffee shop. With a little bit of wisdom, you can often get around the restrictions set in place without getting yourself into hot water.
Today, we will cover using "wide open" proxies to bounce our connections through. Since proxies are transient and often configured poorly, they pass the ire of most web filters. The rub? You usually have to find one that operates on a well-known port such as 80 (http) or 443 (https/ssl). Finding a working proxy can be a pain, and using it involves tweaking your browser settings and/or installing special software. Group policies could leave you in the cold on this one. The increased difficulty of this particular evasion technique brings this trick in at #4 in our series.
Public Proxies
Public proxies are (often SOCKS v5) proxy servers that have either been intentionally or accidentally configured to allow anyone on the Internet to access proxied content without proper access controls. I could go on and on about the various security implications of these proxies but that's not what this series is about. Simply put, HTTP proxies differ from Web Proxies in that the browser directly handles communication with the proxy behind the scenes. Regardless of what protocols the proxies are capable of handling, we're only concerned about Web traffic (http/https) for the time being.
Browser Configuration:
Yesterday, I linked to various proxy configuration instructions for different browsers. Today, you can use the same instructions to add the proxies you discover on your own. If you find that there is already a proxy server configured, you might be out of luck for this trick (and maybe for the fifth and final one, as well). If your employer is already forcing your web traffic through their own proxy, there's a good chance that they're blocking all outgoing traffic from your workstation to the Internet, making HTTP Proxies AND Tunneling difficult, if not impossible.
Security Risks:
The same risks apply here as apply to web proxies. Your data is going through a third party and you're subject to data manipulation, sniffing, or other bad things. Essentially, you're trusting a potentially unknown and untrusted third party with your traffic. By now, it should be obvious that these more aggressive evasion techniques can't be easily justified. You have been warned.
Finding public HTTP Proxies:
Public proxies play a huge role in the so-called underground. I'm talking mostly about illegal or frowned-upon activities such as phishing, spamming, and illegal file sharing. As such, there are groups that go out of their way to sniff out and enumerate poorly-configured proxy servers that are easily hijacked for whatever purpose others desire. I don't advocate using services without permission. In a moment, I'll discuss how to set up your own public HTTP Proxy.
One source that provides a list of proxies that can be sorted on several criteria: http://www.xroxy.com/proxy-port.htm
Assuming your employer or school has you locked down to using only port 80 or 443, use the above tool to find proxies that operate on those ports. Then, update your proxy settings to match one of the servers in the list. If it's too slow or fails to work, try again. Soon enough, you should be able to access all of the content your heart desires.
Squid at home (or on another server outside of work/school)
You can also configure Squid to act as your own proxy. Making it a public proxy is a bad idea, so lock it down to your remote computer's IP Address. First, find your public-facing IP address from the computer you normally use, and write it down. The easiest way is to visit WhatIsMyIP.com. Then, using the Squid configuration guide from yesterday, add the following lines:
At the top of the block of "acl" lines (replace with your actual ip address in place of 65.43.2.1):
acl myremote src 65.43.2.1 255.255.255.255
Above the other http_access lines:
http_access allow myremote all
Finally, you will need Squid to listen on a port you can use. For this example, we will use Port 80. Keep in mind this will interfere with any web server running on this host. Below the existing http_port line(s), add:
http_port 80
Restart Squid, then point your browser's proxy to the IP address of your squid server, port 80.
The IP Address restriction of "myremote" will keep others from hijacking your proxy. Add as many rules as you need to for other remote IP addresses.
On Wednesday, the final aricle in this series will cover encrypted and tunneled proxy traffic.
Monday, April 21, 2008
Web filter evasion part 4: Public HTTP Proxies
Saturday, April 19, 2008
Web filter evasion part 3: Anonymous Web Proxy
A lot of times, you kind of want access to your favorite content, even if it's just to read it, while at work or school. Some places with more draconian Internet access policies block pretty much everything "cool" and paint their restrictions with a very wide brush. In this series, we'll uncover a few ways around these restrictions.
With each article, I will delve into techniques that are progressively more advanced and difficult to implement. Keep in mind that this is a thought exercise in evasion. Implementing this stuff could get you expelled from school, fired from your job, or banned from public-access computers in a library or coffee shop. With a little bit of wisdom, you can often get around the restrictions set in place without getting yourself into hot water.
In Part 3, I am going to discuss using web "privacy" or "anonymizer" proxies. It's number three on the list because it is simple to use and often free -- risks be damned. These often free (but occasionally subscription-based) web sites provide you with a special URL that you visit, whereupon you enter the URL you wish to visit. These sites often claim to keep rogue websites from storing cookies or executing scripts on your computer, while others focus on evading web filters or blocking ads.
Risk of getting punished if caught
Regardless, you will have a difficult time weaseling your way out of this stunt if you're caught. The only reason you'd want to use proxies such as these one while in a web-restricted environment is to evade the restrictions. There's no innocent sweet-talking that will save you here. Also, many web filtering companies specifically play cat-and-mouse with these kinds of services, often blocking them shortly after they appear. Users who trigger this rule on a web filter are almost certainly going to get a visit from a higher-up.
Security risk of using proxies
Any time you use a proxy, you are routing traffic through someone else's network. While it's true that all Internet traffic hits various networks, the operators of proxies KNOW that people are using their services either for privacy or filter evasion. As such, not all proxy providers are guaranteed to be trustworthy, including those listed below.
Managed Web Proxies
Megaproxy offers a free trial. It was one of the first web-based anonymous proxies, with the intended purpose of keeping cookies and ads at bay, making it more difficult for site owners to gather data about you. The (perhaps unintentional) side effect was that people who could access the it from behind a web filter service could often use it to access blocked content. The paid version has a much more obscure and innocuous URL that isn't likely to make netadmins question it, but its URLs are most likely blocked on commercial filtering software because they go to great lengths to find most of the high-profile ways to evade. I actually did subscribe to this service many years ago, but I've since let it lapse. I was generally happy with it while I used it.
Privax offers an extensive list of (what appear to be free) Anonymous Web Proxies. The catch being here that there are many different URLs you can visit, with the hopes one or more won't be filtered. Some addresses blatantly announce that it's a proxy service while others are less obvious. Like other web proxies, Privax places a secondary navigation bar at the top of every page, making it easy to tell if the stuff you're looking at is, in fact, being proxied. I haven't extensively used Privax before, but it looks like a decent solution as I sit here now and try some sites through it.
Set up your own
For a while, I ran my own CGI Proxy on a hosted server that I could access from anywhere. If you have web space, this is a way to set up your own proxy under the radar, especially if you access it via SSL. The down-side is that many web-based anonymizers that you can host yourself (there are others, written in PHP, Perl, etc) lack some of the more advanced functionality of the commercial "anonymizer" providers. If setting one up yourself, be sure to use a method of password protecting your proxy so that it can't be abused by others who stumble across it.
Tomorrow on Sysadmin Sunday, I'll discuss setting up Squid, a caching HTTP proxy. This is different than a Web or CGI proxy, but it can be used to evade web filters as well. On Monday, I'll pick up the series again and discuss how to bypass web filters with your new Squid server.
Read the whole series: Web Filter Evasion
Thursday, April 17, 2008
Web filter evasion part 2: Out of band
A lot of times, you kind of want access to your favorite content, even if it's just to read it, while at work or school. Some places with more draconian Internet access policies block pretty much everything "cool" and paint their restrictions with a very wide brush. In this series, we'll uncover a few ways around these restrictions.
With each article, I will delve into techniques that are progressively more advanced and difficult to implement. Keep in mind that this is a thought exercise in evasion. Implementing this stuff could get you expelled from school, fired from your job, or banned from public-access computers in a library or coffee shop. With a little bit of wisdom, you can often get around the restrictions set in place without getting yourself into hot water.
In Part 2, I'll cover out-of-band communication. Why spend time trying to trick the web filter when you can simply not go through it at all? Creeping into our list at number two, this trick is somewhat obvious and well-documented. Most computer users can manage to connect to a wireless network or follow the instructions that come with a mobile data service plan.
Personally, this is what I do most of the time. I'm using my own laptop and my own internet connection. Where I work, I'm not breaking any rules at all, so long as the content I'm browsing doesn't offend my peers. If I'm not disturbing anyone and I'm getting my work done, my boss doesn't mind.
Problems
- Cost. To properly implement something like this, you'll likely need a laptop computer, Wi-Fi enabled PDA, a smartphone of some sort, or other expensive equipment.
- Totally uncontrolled access. Neither IT Departments nor managers are often comfortable when you have 100% unfettered access to whatever you want. This could get you in trouble.
- The fact that you'll be avoiding connecting through the work or school network means that anything on your computer is NOT on the work or school network. This is sometimes a sigh of relief for netadmins.
- What you do out-of-band can't be monitored by the network, either.
Wi-Fi
If you feel like getting a little bit more advanced in your search for a public network to piggyback, install wireless scanning software (KisMAC, BSD Airtools, Kismet or Netstumbler), pick up some high-gain antennae and a high-power wireless ethernet card. The widespread deployment of privately-operated, free Wi-Fi makes this a viable option in dense urban and business districts.
Mobile Data plans (Wireless broadband)
Also in the same vein are smartphones. Gadgets such as the iPhone offer feature-packed browsing via the phone's data plan. You can also get on AIM/MSN/Yahoo or check many websites and mail providers through the built-in WAP Browser on less advanced mobile phones.
Mobile Phone Tethering
This is a little more shady, and could get your account terminated with your wireless carrier. By plugging in a cable between your laptop and mobile phone (or using bluetooth to make the connection) you can "tether" and use your phone's built-in data connection to access the Internet. HowardForums is a good place to learn about this stuff in more detail.
Next in this series, we'll dive head-first into web-based anonymous proxies -- a sure-fire way to get your IT guys angry at you, should you be caught in the act.
Tuesday, April 15, 2008
Web filter evasion part 1: RSS and You
A lot of times, you kind of want access to your favorite content, even if it's just to read it, while at work or school. Some places with more draconian Internet access policies block pretty much everything "cool" and paint their restrictions with a very wide brush. In this series, we'll uncover a few ways around these restrictions.
In Part 1, I am going to cover one way of evading these restrictions that is not only one of the most straightforward and easy methods, but also the least likely to get you in trouble with your boss or your IT department: Online RSS readers.
About RSS
RSS was invented around the turn of the century, but started to gain widespread popularity in the wake of so-called "Web 2.0", when syndication, mash-ups, cross-platform publication and content management all coalesced together. While not every web site has an RSS feed, almost every blog, news site and social network has some kind of RSS integration going on. In this article, I'll focus on gaining access to content via RSS despite web filtering software's strangle-hold.
Local RSS Clients
Local RSS clients such as FeedReader or Mozilla Firefox Live Bookmarks usually contact the site directly, pulling a data feed down (RSS, Atom, XML, etc) to display the information in a lightweight, easy-to-read format. The problem with this is that the RSS feed usually has the blocked URL in it. For example, Digg's rss feeds are all on digg.com. If access to Digg is blocked, you can't get to the feeds, either.
Online Readers
Online RSS readers pull the feed from a central server, then just display the information to you directly over the web. For this example, I'll use Google Reader. That said, My Yahoo and MSN Live (among dozens of others) also offer the ability to integrate feeds on your page but it's not quite as robust as Google Reader. Using the example above, if you add Digg's RSS feeds to Google Reader, your web filter only sees you trying to access http://www.google.com/reader/ which is passing the contents of the RSS feeds to you - and most web filters let you get to Google. Again, if that doesn't work, there are dozens of ways to access RSS feeds with online readers.
Things to note
One flaw here is that embedded content from banned sites won't load and may be logged in your web filtering software. If your employer blocks Flickr, you can load someone's Flickr RSS feed into your reader and see their feed, but all of their images will fail to load. Same goes for blog posts with embedded YouTube videos if YouTube is blocked. You get the idea. Basically, this works best for RSS feeds where most of the content is text-based. News sites like CNN or Engadget. Social bookmarking sites like Digg, delicious and reddit. Blogspot, wordpress or livejournal blogs. Even twitter.
Justification
If you get busted (which is not likely if you play your cards right), you can always say that you use something like Google Reader to track updates to your favorite websites at home. If you can get to it from work, it must be okay, right? Make sure you're managing your time wisely, and keep the content you view at work "work safe" and non-offensive. Chances are that your boss won't mind. In fact, he might just think you're checking your personal email really quick, as RSS readers often look somewhat similar to web mail clients. Plausible deniability only works once, though. If you're asked to stop it, you should stop. If your written policy specifically bans all personal Internet browsing, you may also get the book thrown at you. HiR won't be held responsible for legal or employment problems.
How to do it:
First, sign up for a free Google account if you don't have one already.
Next, go to Google Reader and log in.
Add a subscription RSS feed. I'll add HiR Information Report to my Google Reader:
In part 2, I'll cover using out-of-band communication.
Monday, April 7, 2008
"Hacking" MediaWiki PasswordProtected extension
I say "Hacking" because this is so retarded that I can't even believe it.
A group I'm working with (not directly related to HiR Information Report) is thinking of setting up a Wiki on the network for internal collaboration as well as communication of policies and contact information to other groups within the organization. They want some stuff (for instance, step-by-step audit documentation) to be shielded from view. This isn't Internet-facing, but it's stuff that no one else really needs to know. With that, they had the sysadmins install MediaWiki installed with the PasswordProtected extension.
Usage is simple. You use a "password" tag object around the text of the password you want to use.
Bypassing it is even simpler. Just look at the page history of the password protected page. There, in plain text, lies the password for all to see. See, I told you I couldn't justify saying "hacking" without putting quotes around it. I've been unable to get in touch with the maintainer of this extension.
Consider me disgusted. If you use this extension, quit fooling yourself. I guess it's back to the drawing board for my friends, though.
Friday, March 28, 2008
Copying and pasting between workstations with web mail
Occasionally, I have to quickly get information copied and pasted between my personal laptop and my desktop. Maybe it's a URL or a shell script. Who knows?
I usually have GMail fired up on my laptop anyways, so I simply create a new mail, then paste the text into the e-mail body and save it as a draft. 
I go to the other computer, open up the draft, and copy the contents to the clipboard.
Other options do exist (such as X2VNC and friends), but don't always work too well between platforms for clipboard activity. Note, you can also use file attachments in a draft.
You can do this with pretty much any web mail client that supports drafts, and it's not quite as cumbersome as actually e-mailing yourself. You can just trash the draft when you're done, or use a draft as a transient scratch pad for data you wish to access from multiple computers.
Mac OS X: Pwned in two minutes flat - CanSecWest
Coverage like this might seem somewhat odd given the fact that most of the HiR crew are Mac users. As it turns out, this is likely an issue with Safari, which I've been known to hate on very frequently. Safari and I just don't get along. Never mind the fact that FireFox is tied up with something else and I'm making this post from within Safari (much to my chagrin, given Safari's lack of compatibility and frequent crashes with Blogger).
This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here.
Full story on InfoWorld
Friday, March 7, 2008
Balancing Hack: Amaze your co-workers!
Next time you have a can of your favorite caffeine-packed beverage in a boring staff meeting, try this and see what the reaction is.
This rim makes them easy to stack, but also gives you an angled area to balance the can on. If the can is full, center of gravity will be on the outside of this rim. If the can is empty, there will be more weight (from the tall part of the can) outside this rim as well. However, if the can has just the right amount of liquid in it, the center of gravity will actually shift to the area between the two rims, allowing the can to balance, and even roll around in a circle if you're careful! This is because the aluminum itself is relatively light compared to the can's contents.
Saturday, February 16, 2008
Bypassing merchandise display locks
A great many of the popular merchandise security locks and tags operate simply on magnets. Those big plastic sticks you see hanging off of clothing? Usually unlocked at the register with a powerful magnet. The plastic locks that Blockbuster slides into the DVD cases on the display floor to keep people from opening them up until they've paid? Also opened with powerful magnets. The plastic things that keep you from removing cheap-ass MP3 players from the display hooks at Wal-Mart or the pharmacy? Guess what? Yep. Magnetic. Some use other means, like a set of plastic pins that unhook the latching mechanism. These days, RFID or inductor-loop systems physically sealed inside the packaging (or even inside the device!) are becoming more common, so this trick is fast becoming less relevant.
Shown above is a popular security device that simply clamps around a display hook, locking all of the products onto that hook until it's deactivated. Another common one you'll see is a big grey brick stuck on the end of the display hook. They both work the same way, though.
When opened, you can see that a spring-loaded metal pin sticks out. This pin locks the other half shut, clasping this device firmly around the display hook. The display hook will either have a bend in it, or a thicker, rounded ball on the end -- usually both. This is sufficient to keep this plastic lock from being pulled off the end of the display hook. Now, a would-be shoplifter could probably pull the display hook out of the display board pretty easily, but then they would need to sneak out of the pharmacy with a whole batch of $9.99 Coby MP3 players. That's a lot more difficult to hide than just one.
Your run-of the mill fridge magnet won't work, but the rare-earth magnets found in hard drives work wonders. A strong magnet will grab the spring-loaded pin and pull it out of the way, allowing the clasp to open.
Other security devices, for example Blockbuster DVD locks, use two or more spring-loaded metal actuators. Behind the counter, the unlocking device has magnets already spaced apart just right to open them up. These systems are a little more secure.
So next time you see some kid messing around with rare earth magnets in the electronics aisle, know that it's probably not so he can corrupt hard drives or make pretty gauss patterns on CRT displays.
Thursday, February 7, 2008
Exploiting Online Games
Kansas City native game hacker, tinkerer and developer Josh Kriegshauser discussed Greg Hoglund and Gary McGraw's book, Exploiting Online Games. Josh is an old friend, former co-worker, and former classmate to various HiR writers. He went from tinkering with Ultima Online while he was in school, to being a big name in the MMO industry in the last decade.
Tuesday, January 15, 2008
Unofficial DUN Tethering guide: LG Chocolate (vx8550) Hack
Adventures of a new mobile phone Pt. 3...
Editor's note: this particular article involves downloading and installing software from un-trusted web site. That's dangerous. It also involves running Windows. That's also dangerous. To top it all off, it also involves software that interacts with your mobile phone at a very low level. That, too, is dangerous. In short, HiR isn't responsible if you get in trouble with the law or your service provider, get a virus from a russian s3ri4lz site, get somehow addicted to running Windows, or brick your shiny new gadget.
Now for the fun stuff. One of the things I kind of relied on my Motorola e815 for was dial-up networking (DUN) via bluetooth. I didn't necessarily use it a lot, but as a sysadmin that's always been a bit of a road warrior, I often find myself places where there simply is no Internet. Inevitably, the pager-of-doom goes off and I'm out at the lake camping or at a location where there's no obvious Internet connection available. Other times, I'll be on a commuter bus and have the burning desire to check the news, or do some research on something really quick.
Whatever the reason, I enjoyed this functionality. On the e815, this was simple to enable. A quick punch-of-numbers on the keypad and voila. My MacBook could see it as a bluetooth modem with surprisingly quick download speed nonetheless -- at times upwards of 1mbit/sec.
The LG Chocolate? Different story. My MacBook saw it, but I wasn't getting anywhere. The connection would be refused with an invalid login and password, even though my login and password were fine when using my e815. This had me concerned.
I did a quick bit of research, and found that the phone has some internal IDs that differ when used for DUN. There's no quick handset-hack for this. Two things were required: A Data Cable, and the proprietary software from Qualcomm (called QPST) for changing the phone's settings. Even BitPIM wouldn't help me here.
All of the Windows operations were done within Parallels Desktop on a small Windows 2000 partition with all the latest patches. This isn't saying much, I don't know when the last patch was released for Windows 2000 but it's a lightweight operating system that can run the few Windows apps that I am ever tempted to launch.
The first order of business was to find the software. Unfortunately, the location where I got it seems to be offline, but you'll have to search for it. The specific file I found was a compressed installer for QPST 2.7 Build 231. Other builds might work fine. I'll caution you that a lot of sites that I found contained massive amounts of shady stuff, so do this at your own risk. I scanned the downloaded file for viruses before transferring it to my Win2K virtual machine. This is only available for Windows. Once downloaded, install it. It's a pretty straight-forward next-next-next installation.
Next, of course, was finding the data cable. I went ahead and purchased the Verizon Chocolate music accessory kit. It was a relative bargain at only $45. Along with the USB Data cable, I also got a special stereo 1/16" headset, a 2GB TransFlash card and adapters. The package also came with drivers for the USB connection as well as software for managing music on the phone. I obviously had no intention of using their Windows software just to copy files to my phone, but the driver was also Windows-only. I installed the USB driver, inserted the 2GB card into my phone, and went on my way with the rest of this hack.
Once the drivers are installed, the phone shows up on a high COM Port. Make sure the phone is plugged in and if running Parallels (versus doing this on a dedicated Windows machine) make sure that the USB Device is enabled for Parallels (Devices > USB menu) then open QPST Configuration and hit "Add Port". If all's well, you should see your phone in the dialog. Select and add it accordingly.
Once the port has been added, close QPST Configuration.
Next, open QPST's Service Programming tool. It should immediately prompt you to select your phone. Select it and continue. BEFORE YOU DO ANYTHING AT ALL, hit "Read from Phone", enter the SP code (usually 000000) and then save the data to a file. This will back-up your phone's configuration.
Now that that's out of the way, on the row of tabs across the top, scroll over until you find the M.IP tab. Expand the "NAI" and "Tethered NAI" columns so you can read them both clearly. You can see that Tethered NAI is not the same as NAI.
Edit Tethered NAI so that it matches.
Then, save this configuration to a different backup file. Don't over-write your pristine backup, please. Finally, get your phreak on and click the "Write to Phone" button and cross your fingers.
Quit the QPST Service Programming tool. Your phone should reboot and be completely intact.
From there, you set up your dial-up networking as usual. This is straight-forward in both Windows and Mac OS X.
Phone Number: #777
User Name: the tethered NAI you used above, ex: 1234567890@vzw3g.com
Password: vzw (but anything should work)
Now that you have the cable with a driver for Windows, you can do USB Serial or bluetooth on Windows.
Without a USB Driver on OS X you can still do Bluetooth DUN. If you configured your phone's Bluetooth connection with the "Access the internet with this phone's data connection" option checked, it should simply ask for a username and password.
Saturday, December 1, 2007
Upgrade your mobo BIOS without Windows or DOS.
Sometimes you find a nifty piece of hardware that you just can't let go into disuse. This time around it was a Tualatin Pentium 3-S 1266MHz CPU new-old stock, new-in-box. I got it some time ago to upgrade a PC for family that it turns out just upgraded the whole system instead. Thus it sat around in the box until I ran across a mobo to drop it in. Recently I found a system at my favorite shopping destination (Surplus Exchange) that had a Tualatin capable mobo; the DFI CM33-TL just so happens to max out a the 1.26Ghz P3-S I already had. Even nicer is that it is the Rev C board which with the newer BIOS updates can boot from USB and can do 48-bit ATA addressing. Alas, no AGP slot. So why all the love for an old P3 server chip? The later P3-S could outperform the early P4 chips and use half the wattage! So what do we do when all that we have to boot the system with is a non-Microsoft OS and most BIOS update utilities run in Windows, or use disk creation software the runs in Windows/DOS? Luckily it seems that is is possible to update some mobos without having to resort to using an unwanted OS. DFI has made the CM33-TL able to boot from a floppy or run a program under Windows to flash the BIOS - or enter an update mode that simply reads the flash utility and BIOS file from a floppy. It turns out that it is a good thing they enabled all three. Under a fairly standard Ubuntu Linux install I was able create a floppy the the DFI board could update from by combining the BIOS update features in a way DFI didn't document.
Several steps that worked for me:
1. Nab the BIOS update of choice for your mobo & revision. Be sure your file is correct - close doesn't cut it with a BIOS. It's either an exact match or something won't work right. In my case I could nab the smaller download intended for a Windows-based update utility.
2. Extract the .zip file containing the utility and BIOS image. Many of the .exe files manufacturers supply are programs meant to run under DOS or a DOS shell to create a disk image. By having the .zip we can get around that.
3. Copy the extracted files to a freshly formatted and tested floppy (basic FAT12/MS-DOS format is fine). Having a good floppy is very key to a successful flash. GIGO is an important point to consider when doing something that can brick a system.
4. Reboot the system and be ready to press the BIOS flash key(s) when prompted. On the CM33-TL you press Alt-F2 just after the RAM test and floppy seek.
5. The BIOS will then enter the flash update mode and read the floppy. If it determines the BIOS image is compatible it will begin to flash it to the BIOS chip.
6. Once it's done enter the BIOS setup and "Load Safe Defaults". This will let the BIOS set any settings that might cause the system to fail to boot. Go though the menus and set things as you need.
7. Test boot to be sure it works as before. Test boot again using the new features and marvel at the sudden uses that have opened up.
I had been concerned about having to make a bootable floppy for the update but the BIOS option to enter the update mode does not need a fully bootable floppy to operate.
With a system like this it is possible to operate a NAS system with large drives on a chip that boots from a USB thumb drive, operate on older, cheap RAM and uses little power. Having a system that boots from USB allows you to configure the server to spin down drives that are idle and save more power; an OS on a USB device will not need to spin up the main/RAID drives to write logs, etc. Smart choices of hardware can make a cobbled together server operate more efficiently.
Tuesday, June 26, 2007
That's a hot rack!
... rackmount system that is. Here is a quick hack to help a too-hot-to-touch 1U system regain its, uh, touchability. Add a piece cut from plastic packaging that the USB thumb drive in the picture came in.
Look for this system in an upcoming review/how-to/hardware show-off.
