Retrotechtacular: Office Equipment From The 1940s

November 23, 2021 by 15 Comments

If you can’t imagine writing a letter on a typewriter and putting it in a mailbox, then you take computers for granted. But that’s just the tip of the iceberg. More niche applications begat niche machines, and a number of them are on display in this film that the Computer History Archives Project released last month. Aside from the File-o-matic Desk, the Addressograph, or the Sound Scriber, there a number of other devices that give us a peek into a bygone era.

One machine that’s still around, although in a much computerized form, is the stenograph. Not so popular these days is the convenient stenograph carrier, allowing a patient’s statement to be recorded bedside in the hospital immediately after a car accident. Wire recorders were all the rage in 1947, as were floppy disks (for audio, not data). Both media were used to time-shift dictation. Typing champions like Stella Pajunas could transcribe your letters and memos at 140 WPM using an electric typewriter, outpacing dot matrix printers but a snail’s pace compared to a laser jet.

Continue reading “Retrotechtacular: Office Equipment From The 1940s”

Tunes You Can Eat

December 14, 2020 by 15 Comments

This week retro-gadget collector and video blogger [Techmoan] featured perhaps the most delicious audio recording format that we know of — a chocolate gramophone record. (Video, embedded below.) Compared to his typical media format explorations, the chocolate record is of quite recent vintage. He first heard of them back in 2015 when Tasmanian artist [Julia Drouhin] offered chocolate recordings as part of her art project. The one that [Techmoan] finally obtained was from a UK chocolatier who offers them with custom labelling and your choice of two songs. There are some pointers in the video about how to playback your chocolate disk without ruining it (use the lightest stylus tracking force as possible). These disks are recorded at 45 RPM on one side only, and are about the same size as a standard single. But being about five times thicker, they pack a lot more calories than your typical phonograph disk.

No reflection on the Tewkesbury Town Band, but this is probably the lowest fidelity recording media ever, but at least you can eat it when you’re done listening — label and all. We hope the Mission Impossible movie producers are paying attention so we can see the secret audio briefing being eaten instead of going up in smoke next film.

Continue reading “Tunes You Can Eat”

Recorded Programming — Thanks To Bing Crosby

August 7, 2018 by 17 Comments

If you look up Bing Crosby in Wikipedia, the first thing you’ll notice is his real name was Harry. The second thing you’ll read, though, is that he is considered the first “multimedia star.” In 1948, half of the recorded music played on the air was by Bing Crosby. He also was a major motion picture star and a top-selling recording artist. However, while you might remember Bing for his songs like White Christmas, or for his orange juice commercials, or for accusations of poor treatment from his children, you probably don’t associate him with the use of magnetic tape.

In a way, Bing might have been akin to the Steve Jobs of the day. He didn’t power the technology for tape recording. But he did see the value of it, invested in it, and brought it to the market. Turns out Bing was quite the businessman. Want to know why he did all those Minute Maid commercials? He was a large shareholder in the company and was the west coast distributor for their products. He also owned part of the Pittsburgh Pirate baseball team and other businesses.

So how did Bing become instrumental in introducing magnetic tape recording? Because he was tired of doing live shows. You see, in 1936, Crosby became the host of a radio variety show, The Kraft Music Hall. This very popular program was live. That means you have to show up on time. If you go off on a tangent, you’ll run out of time. And if you make a mistake, there is no editing. Oh and one other thing. You have to do a nationwide live show twice: once for the east coast and another for the west. This was cutting into Bing’s “family time” which, as far as we can ascertain was a code phrase for golf.

Continue reading “Recorded Programming — Thanks To Bing Crosby”

Retro Gadgets: Pay TV In The 1960s

March 8, 2024 by 18 Comments

These days, paying for TV programming is a fact of life. You pay your cable company or some streaming service and the only question is do you want Apple TV and Hulu or would you rather switch one out for NetFlix? But back in the 1960s, paying for TV seemed unthinkable and was quite controversial. Cable TV systems were rare, and the airwaves were a public resource, so allowing someone to charge to watch TV on the public airwaves was hard to imagine. That was the backdrop behind the Telemeter — an early attempt to monetize TV programming that was more like a pay phone than a modern streaming service.

Rear view of the telemeter and coin box

[Lothar Stern] wrote about the device in the November 1959 issue of Popular Mechanics (see page 220). The device looked like a radio that sat on top of your TV. It added a whopping three pay-TV channels, and inside was a coin box, and — no kidding — a tape punch or recorder. These three channels were carried from a Telemeter studio over what appears to be a dedicated cable strung on existing phone poles.

Of course, TVs with coin boxes were nothing new. But those TVs were found in public places, airports, and hotels. The money was simply to turn the TV on for a set amount of time. This was different. A set-top box unscrambled channels delivered over a dedicated cable. Seems like old hat today, but a revolutionary idea in 1959.

Continue reading “Retro Gadgets: Pay TV In The 1960s”

This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints

December 1, 2023 by 18 Comments

We’re back! And while the column took a week off for Thanksgiving, the security world didn’t. The most pressing news is an issue in Owncloud, that is already under active exploitation.

The problem is a library that can be convinced to call phpinfo() and include the results in the page response. That function reveals a lot of information about the system Owncloud is running on, including environment variables. In something like a Docker deployment, those environment variables may contain system secrets like admin username and password among others.

Now, there is a bit of a wrinkle here. There is a public exploit, and according to research done by Greynoise Labs, that exploit does not actually work against default installs. This seems to describe the active exploitation attempts, but the researcher that originally found the issue has stated that there is a non-public exploit that does work on default installs. Stay tuned for this other shoe to drop, and update your Owncloud installs if you have them. Continue reading “This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints”

Meshtastic And Owntracks To Kick Your Google Habit

October 11, 2023 by 20 Comments

I have an admission to make. I have a Google addiction. Not the normal addiction — I have a problem with Google Maps, and the timeline feature. I know, I’m giving my location data to Google, who does who-knows-what-all with it. But it’s convenient to have an easy way to share location with my wife, and very useful to track my business related travel for each month. What we could really use is a self-hosted, open source system to track locations and display location history. And for bonus points, let’s include some extra features, like the ability to track vehicles, kids, and pets that aren’t carrying a dedicated Internet connection.

You can read the title — you know where we’re going with this. We’re setting up an Owntracks service, and then tying it to Meshtastic for off-Internet usability. The backbone that makes this work is MQTT, a network message bus that has really found its niche in the Home Assistant project among others. It’s a simple protocol, where clients send brief messages labeled by topic, and can also subscribe to specific topics. For this little endeavor we’ll use the Mosquito MQTT broker.

One of the nice things about MQTT is that the messages are all text strings, and often take the form of JSON. When trying to get two applications to talking using a shared MQTT server, there may need to be a bit of translation. One application may label a field latitude, and the other shortens it to lat. The glue code to put these together is often known as an MQTT translator, or sometimes an MQTT bridge. This is a program that listens to a given topic, ingests each message, and sends it back to the MQTT server in a different format and topic name.

The last piece is Owntracks, which has a recorder project, which pulls locations from the MQTT server, and stores it locally. Then there’s Owntracks Frontend, which is a much nicer user interface, with some nice features like viewing movement a day at a time. Continue reading “Meshtastic And Owntracks To Kick Your Google Habit”

This Week In Security: Barracuda, Zyxel, And The Backdoor

June 2, 2023 by 12 Comments

Barracuda’s Email Security Gateway (ESG) has had a vulnerability in it for years. Tracked as CVE-2023-2868, this one was introduced back in version 5.1.3.001, and only got patched during the 9.2 development cycle. Specific build information on patched firmware has not been made available, but a firmware build containing the patch was deployed on May 20.

The flaw was a command injection bug triggered by .tar files attached to incoming emails. The appliance scans attachments automatically, and the file names could trigger the qx operator in a Perl script. It’s a nasty one, ranking a 9.4 on the CVSS scale. But the really bad news is that Barracuda found the vulnerability in the wild, and they have found evidence of exploitation as far back as October 2022.

There have been three malware modules identified on the compromised appliances. SALTWATER is a backdoor trojan, with the ability to transfer files, execute commands, and host network tunnels. SEASPY is a stealthier module, that looks like a legitimate service, and uses PCAP to monitor traffic and receive commands. And SEASIDE is a Lua module for the Barracuda SMTP monitor, and it exists to host a reverse shell on command. Indicators of Compromise (IOCs) have been published, and Barracuda recommends the unplug-and-remove approach to cleaning up an infection. The saving grace is that this campaign seems to have been targeted, and wasn’t launched against every ESG on the Internet, so maybe you’re OK.

Moxa, Too

And speaking of security software that has problems, the Moxa MXsecurity appliance has a pair of problems that could be leveraged together to lead to a complete device takeover. The most serious problem is a hard coded credential, that allows authentication bypass for the web-API. Then the second issue is a command-line escape, where an attacker with access to the device’s Command Line Interface (CLI) can break out and run arbitrary commands. Continue reading “This Week In Security: Barracuda, Zyxel, And The Backdoor”