Re: [Emc-users] OT: Linux Security

[Jack Coats]

It isn't that Linux isn't a target.  It is.  Just not as 'popular' a
target.  There are antivirus that can be run on Linux, but they tend to
focus on PC virus, partly because Linux is used often as storage server,
and scanning the users files is a reasonable thing to do.

In my experience, Linux is more likely hacked if it is used 'open' with
access to the internet.  Good admins will firewall it (internally at a
minimum) and only allow ports and services to run that are known and
understood.  Yes, I got caught with an to-open server (when I was first
getting into Linux/UNIX)  and hacker got in.  It wasn't a 'virus' or
'malware', it was un-configured ports/services that were not closed down
that allowed them to get in.  ...  Formatting the disk and re-installing
with network access nailed down solved my problems, but I didn't have much
on that machine at the time, so all was good ... it was painful, but good.

The hacks I have had that have been successful since then are basically
users allowing malware malware in by going to 'bad' web sites.

Windows is still the most popular target.  Apple equipment next, and yes,
there have been found one or two virus found that target Linux.  Thankfully
the Linux virus don't seem to spread as fast.  Malware, especially web
based, is more prevalent that anything else I have found.

Still, air gapped machines (not internet connected) are more secure from
outside attacks than others.  If not going that far, put a good firewall or
two in the way before getting to the internet.  But you still need to
configure the firewalls well and maintain them.

Will this make for 'perfect' solutions?  No.  But it is better than most.
I am sure there are others with better ideas, but doing this won't be
totally wrong, but most solutions have problems somewhere in them, whether
the problem is easily or currently known or not.

Just my suggestions. ... Now back to your regularly scheduled program.
--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Tom Easterday]

This is the same argument often heard in regards to MacOS in the late 90s and 
early 00s when Windows was rife with viruses.  In fact the reason MacOS was 
more secure then and Linux is (still) secure has more to do with the CERT and 
the development model of Unix itself (from whence MacOS 10 came) than it does 
with the shear number of people hacking.  Of course the more hacking on a 
specific platform the more likely a bug is uncovered but security through 
obscurity is not a reason to feel secure and never has been.  Open models of 
bugs being uncovered and reported along with constant updating of OSes is what 
has kept Unix (Linux and MaOS) in the "less frequently hacked" or "more quickly 
remedied hack" compared with Windows overall.  It is a good idea no matter what 
OS you run to use precautions as have already been mentioned in this thread 
then to believe you are safe because you are running Linux.
-Tom

> On Apr 4, 2016, at 7:06 PM, Jack Coats  wrote:
> 
> I have used Linux for a long time.  If you don't go 'trolling' un-trusted
> web sites and using email on the same computer you use for EMC,
> there is no need to worry.
> 
> Why?  Linux is a 'less valuable' target for hackers than commodity windows
> and even Apple machines.  There are also fewer of them in general use by
> individuals.  The number of servers or specialty computers is pretty high
> (embedded systems, machine control, servers, 'background' data center
> machines, web servers, even routers and firewalls) but tend to be a little
> harder to hack if set up well.
> 
> I would suggest not using your EMC machine for general web surfing or
> email.  Use the browser for needed updates or reporting problems, but keep
> non-EMC use off.
> 
> I DO suggest to have it behind a firewall.  If you can live with it, think
> about removing the ethernet attachment (unplug the wire) unless it is
> absolutely needed for a short time (i.e. maintenance, etc).
> 
> Let us know what you decide.
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users


--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Jack Coats]

I have used Linux for a long time.  If you don't go 'trolling' un-trusted
web sites and using email on the same computer you use for EMC,
there is no need to worry.

Why?  Linux is a 'less valuable' target for hackers than commodity windows
and even Apple machines.  There are also fewer of them in general use by
individuals.  The number of servers or specialty computers is pretty high
(embedded systems, machine control, servers, 'background' data center
machines, web servers, even routers and firewalls) but tend to be a little
harder to hack if set up well.

I would suggest not using your EMC machine for general web surfing or
email.  Use the browser for needed updates or reporting problems, but keep
non-EMC use off.

I DO suggest to have it behind a firewall.  If you can live with it, think
about removing the ethernet attachment (unplug the wire) unless it is
absolutely needed for a short time (i.e. maintenance, etc).

Let us know what you decide.
--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Stepper generator

[Gene Heskett]

On Monday 04 April 2016 17:20:36 John Dammeyer wrote:

> I'm sure you are going to have lots of fun with this.  I suspect you
> might be over simplifying it too.
>
> It's not really that important that you can generate 1 Mhz stepping
> frequencies using the hardware timer on the micro-processor.  Nowadays
> that's probably a first or second year college lab assignment --
> rather trivial really.  I'd be more concerned about dealing with
> synchronizing steps between motors or a spindle.
>
> For example.  Say you have a spindle turning 100 RPM.  That's
> 1.... revolutions per second (RPS).  You want to cut a
> thread pitch that matches the lead screw pitch so the lead screw has
> to turn the same RPM as the spindle or also 1.... RPS.
>
> Assuming you are using a stepper drive with 8 MicroSteps/step onto a
> 200 step per rev motor.  That's 1600 steps per revolution.  So your
> step frequency is 2,666.66... Hz.  (1600 steps per revolution x
> RPS)  Nowhere near that 1Mhz top end.
>
> Now if your counter circuit has a 2MHz input frequency it's pretty
> easy. Divide by 750 to get that frequency.  Simple so far. Right?
>
> Now your spindle drops to 99 RPM which is 1.65 RPS so let's make the
> stepper turn 1.65 RPS which is a step rate of 2640 Hz.  Now all you
> have to do is program your counter to divide by 757.575757575757... 
> Oh wait a sec.  It's probably an integer divider.  So you will be out
> by 0.57575757575 Hz.  Not a big deal I guess.  Only about 0.08%.   Or
> maybe it is.  I wouldn't accept it.
>
> Now use that same approach trying to move three motors to move a tool
> on a curve through 3D space and since each motor will run various
> speeds through this path you will find all sorts of rounding and
> truncating errors.
>
> And I haven't even touched on accelerating/deceerating from a stopped
> position and maintaining synchronization.
>
> John Dammeyer

To me, a bigger need is to precalculate the time it will take the 
following axis, which may not be Z as I've already used a situation 
where it was X that had to track the spindle positions.  I might add as 
a huge thank you to the guys who wrote that code, that substituting X in 
the G33.1 commanded motions, worked flawlessly for me.  So a huge thank 
you to the folks who worked on that code goes out from me.

But what we need, is to waste a turn of the spindle while waiting for the 
index pulse to come along, is to do a decent estimate of the accel to 
lock time, so that on the next revolution, the start of the following 
axis's movement is started that many encoder pulses BEFORE the index so 
that the lockup actually is accomplished within an edge or maybe 2 of 
the index, coming out of the encoder so that the following axis motion 
has a consistent relationship to the index pulse even if the rpms are 
ajusted.

The current situation is that the spindle angle vs index is locked, but 
its locked at whatever angle the spindle is at when lock has been 
achieved, which works well indeed, at arbitrary but fixed speeds.  But 
if you liked how it worked going slow, and crank up the spindle revs, 
that does not crank up the accel, so the thread is then out of time with 
the previously cut at a lower speed thread, wrecking the thread already 
cut.

I see two ways to approach this, 1st being to calc what the accel time is 
for the rpm and see if it can be synched on the same turn by doing a 
dummy calculation to see when the rpms, and the ever lengthening accel 
to the faster speed is, and use this rpm where the accel time=1 rev as a 
max spindle revs limit.  Then if the actual rpm requested is less, ask 
for a slower accel to lock at the next index, and start the following at 
the index so its just up to speed and locked one rev later at the next 
index pulse.  Nice gentle, no steps missed accelleration.  If the asked 
for rpm exceeds that 1 rev lock time rpm, then bitch and exit just like 
it does for a non-existent but perceived arc error now.

I like the above idea better than allowing a more than 1 turn accel time, 
although thats not a hard rule. The idea is to put a witness mark on the 
spindle, fire a strobe at the index pulse, and be able to change the 
spindle speed while the witness mark remains fairly stationary when 
executing either a g33.1 or a g76.  The g33.1 does a resynch on every 
plunge so the speed could be adjusted slowly if this calculation was 
done at every peck.  G76 could probaby use the same code as it resets to 
the start position and waits for the index, so it could also be sped up 
by a small amount per stroke and get away with the speed change too if 
this was recalculated on each resynch.

A third way might be to diddle the following axis's waiting for index 
starting point by the few thou difference the changing speed creates.

In any event, I would love the ability to create 2 threads that when 
assembled, would match exactly for screwed home positions even if done 
an different spindle speeds

Re: [Emc-users] Stepper generator

[Jeff Epler]

It may be useful to consider what hostmot2 does, before deciding whether
to do it the same way or differently.

The command to the step generator is a velocity or frequency command
(e.g., in units of 20ns is convenient for a DDS-type generator running
at 50MHz and can express step rates down to around 1/minute in a 32-bit
register), and the feedback is cumulative position (mod 2^32 or other
convenient width that doesn't overflow too often).

In the hostmot2 hal component, the narrow position feedback register is
extended to a larger width such as 2^64, and divided by the scale to
give a position in inches, degrees, mm, or whatever.  +-2^63 counts is
enough that you can ignore "roll over" for approximately the length of
written human history -- at 25MHz step rate you have over 116 centuries
before the values overflow around.

Add to that the necessary HAL configuration to take linuxcnc's commanded
position and the stepgen feedback position to produce a frequency
command.  This can be done e.g., by a PID loop.  I think he recommends
FF1=1, P=1e9/servo_period_ns (so 1000 for a 1ms servo period), other
terms 0 as a starting point. (I think this is only documented by word of
mouth, unfortunately)

This already produces very good position following despite some jitter
in the PC.  Peter does a few additional tricks in his FPGA, like
actually sampling the position a bit before it expects the request for
position feedback to arrive, eliminating jitter of the time the position
feedback is taken. (this involves a PLL in the FPGA that tracks the PC's
servo thread frequency, plus a negative offset so that it can sample the
position early enough)

(hostmot2 the hal component also offers a mode where its input is
position command, but it uses a different algorithm and empirically PCW
says that the PID solution gives better following.  A good small project
in linuxcnc would be to move this pre-tuned PID loop into hostmot2 so
that the position mode gives following that is as good as with external
PID; a slightly less small project might be to pull out PID into a
library that could be used by PID the component but also by various
smart step generators such as hostmot2 that would benefit from a
pre-tuned PID)

Jeff

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Stepper generator

[Nicklas Karlsson]

The upper end is no problem, it come by itself then DMA was used to feed values 
but the lower end I had to twiddle with a bit to get frequency down.

Synchronization is not by itself a problem but values are received from 
Linuxcnc with quite large jitter. I could add a little bit of lag and even out 
periods but it may screw up feedback. I guess I have to read source for the 
stepper driver/protocol and figure out myself.



On Mon, 4 Apr 2016 14:20:36 -0700
"John Dammeyer"  wrote:

> I'm sure you are going to have lots of fun with this.  I suspect you might
> be over simplifying it too.
> 
> It's not really that important that you can generate 1 Mhz stepping
> frequencies using the hardware timer on the micro-processor.  Nowadays
> that's probably a first or second year college lab assignment -- rather
> trivial really.  I'd be more concerned about dealing with synchronizing
> steps between motors or a spindle.
> 
> For example.  Say you have a spindle turning 100 RPM.  That's
> 1.... revolutions per second (RPS).  You want to cut a
> thread pitch that matches the lead screw pitch so the lead screw has to turn
> the same RPM as the spindle or also 1.... RPS.
> 
> Assuming you are using a stepper drive with 8 MicroSteps/step onto a 200
> step per rev motor.  That's 1600 steps per revolution.  So your step
> frequency is 2,666.66... Hz.  (1600 steps per revolution x RPS)  Nowhere
> near that 1Mhz top end.  
> 
> Now if your counter circuit has a 2MHz input frequency it's pretty easy.
> Divide by 750 to get that frequency.  Simple so far. Right?
> 
> Now your spindle drops to 99 RPM which is 1.65 RPS so let's make the stepper
> turn 1.65 RPS which is a step rate of 2640 Hz.  Now all you have to do is
> program your counter to divide by 757.575757575757...  Oh wait a sec.  It's
> probably an integer divider.  So you will be out by 0.57575757575 Hz.  Not a
> big deal I guess.  Only about 0.08%.   Or maybe it is.  I wouldn't accept
> it.
> 
> Now use that same approach trying to move three motors to move a tool on a
> curve through 3D space and since each motor will run various speeds through
> this path you will find all sorts of rounding and truncating errors. 
> 
> And I haven't even touched on accelerating/deceerating from a stopped
> position and maintaining synchronization.
> 
> John Dammeyer 
> 
> > -Original Message-
> > From: Nicklas Karlsson [mailto:nicklas.karlsso...@gmail.com]
> > Sent: April-04-16 12:22 PM
> > To: emc-users@lists.sourceforge.net
> > Subject: [Emc-users] Stepper generator
> > 
> > 
> > I am currently implementing a stepper generator on micro controller which
> > may output square waves with clock frequency accuracy with use of built in
> > timer peripheral. It may generate square wave probably up to at least in
> the
> > MHz range and be extended downwards as far as needed by some
> > adjustment in software. It seems to work great and it should only be
> > finnished off. I currently use relatively expensive micro controller but
> cheap
> > available for around $1 in large quantity should also work just as fine
> since it
> > have the same peripheral I used.
> > 
> > It no problem to output a sequence of square pulses or with a certain
> > frequency. Linuxcnc seems to output step velocity and read back
> > accumulated number of steps generated.
> > 
> > What puzzle me is period may vary. As is now I start to use values as soon
> as
> > they are received via Ethernet. I have used other networks like CAN before
> > there everything is synchronized with "broad casted" with a high priority
> > sync message. Do anybody have a clue how synchronization should be done
> > for mesa Hostmot cards via Ethernet? Or more generally in Linuxcnc?
> > 
> > 
> > Nicklas Karlsson
> > 
> >
> 
> --
> > ___
> > Emc-users mailing list
> > Emc-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/emc-users
> 
> 
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Stepper generator

[W. Martinjak]

Thanks a lot for this post!

On 2016-04-04 23:20, John Dammeyer wrote:
> I'm sure you are going to have lots of fun with this.  I suspect you might
> be over simplifying it too.
>
> It's not really that important that you can generate 1 Mhz stepping
> frequencies using the hardware timer on the micro-processor.  Nowadays
> that's probably a first or second year college lab assignment -- rather
> trivial really.  I'd be more concerned about dealing with synchronizing
> steps between motors or a spindle.
>
> For example.  Say you have a spindle turning 100 RPM.  That's
> 1.... revolutions per second (RPS).  You want to cut a
> thread pitch that matches the lead screw pitch so the lead screw has to turn
> the same RPM as the spindle or also 1.... RPS.
>
> Assuming you are using a stepper drive with 8 MicroSteps/step onto a 200
> step per rev motor.  That's 1600 steps per revolution.  So your step
> frequency is 2,666.66... Hz.  (1600 steps per revolution x RPS)  Nowhere
> near that 1Mhz top end.  
>
> Now if your counter circuit has a 2MHz input frequency it's pretty easy.
> Divide by 750 to get that frequency.  Simple so far. Right?
>
> Now your spindle drops to 99 RPM which is 1.65 RPS so let's make the stepper
> turn 1.65 RPS which is a step rate of 2640 Hz.  Now all you have to do is
> program your counter to divide by 757.575757575757...  Oh wait a sec.  It's
> probably an integer divider.  So you will be out by 0.57575757575 Hz.  Not a
> big deal I guess.  Only about 0.08%.   Or maybe it is.  I wouldn't accept
> it.
>
> Now use that same approach trying to move three motors to move a tool on a
> curve through 3D space and since each motor will run various speeds through
> this path you will find all sorts of rounding and truncating errors. 
>
> And I haven't even touched on accelerating/deceerating from a stopped
> position and maintaining synchronization.
>
> John Dammeyer 
>
>> -Original Message-
>> From: Nicklas Karlsson [mailto:nicklas.karlsso...@gmail.com]
>> Sent: April-04-16 12:22 PM
>> To: emc-users@lists.sourceforge.net
>> Subject: [Emc-users] Stepper generator
>>
>>
>> I am currently implementing a stepper generator on micro controller which
>> may output square waves with clock frequency accuracy with use of built in
>> timer peripheral. It may generate square wave probably up to at least in
> the
>> MHz range and be extended downwards as far as needed by some
>> adjustment in software. It seems to work great and it should only be
>> finnished off. I currently use relatively expensive micro controller but
> cheap
>> available for around $1 in large quantity should also work just as fine
> since it
>> have the same peripheral I used.
>>
>> It no problem to output a sequence of square pulses or with a certain
>> frequency. Linuxcnc seems to output step velocity and read back
>> accumulated number of steps generated.
>>
>> What puzzle me is period may vary. As is now I start to use values as soon
> as
>> they are received via Ethernet. I have used other networks like CAN before
>> there everything is synchronized with "broad casted" with a high priority
>> sync message. Do anybody have a clue how synchronization should be done
>> for mesa Hostmot cards via Ethernet? Or more generally in Linuxcnc?
>>
>>
>> Nicklas Karlsson
>>
>>
> 
> --
>> ___
>> Emc-users mailing list
>> Emc-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/emc-users
>
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users

-- 
"In der Wissenschaft siegt nie eine neue Theorie,
nur ihre Gegner sterben nach und nach"

Max Planck


--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Stepper generator

[John Dammeyer]

I'm sure you are going to have lots of fun with this.  I suspect you might
be over simplifying it too.

It's not really that important that you can generate 1 Mhz stepping
frequencies using the hardware timer on the micro-processor.  Nowadays
that's probably a first or second year college lab assignment -- rather
trivial really.  I'd be more concerned about dealing with synchronizing
steps between motors or a spindle.

For example.  Say you have a spindle turning 100 RPM.  That's
1.... revolutions per second (RPS).  You want to cut a
thread pitch that matches the lead screw pitch so the lead screw has to turn
the same RPM as the spindle or also 1.... RPS.

Assuming you are using a stepper drive with 8 MicroSteps/step onto a 200
step per rev motor.  That's 1600 steps per revolution.  So your step
frequency is 2,666.66... Hz.  (1600 steps per revolution x RPS)  Nowhere
near that 1Mhz top end.  

Now if your counter circuit has a 2MHz input frequency it's pretty easy.
Divide by 750 to get that frequency.  Simple so far. Right?

Now your spindle drops to 99 RPM which is 1.65 RPS so let's make the stepper
turn 1.65 RPS which is a step rate of 2640 Hz.  Now all you have to do is
program your counter to divide by 757.575757575757...  Oh wait a sec.  It's
probably an integer divider.  So you will be out by 0.57575757575 Hz.  Not a
big deal I guess.  Only about 0.08%.   Or maybe it is.  I wouldn't accept
it.

Now use that same approach trying to move three motors to move a tool on a
curve through 3D space and since each motor will run various speeds through
this path you will find all sorts of rounding and truncating errors. 

And I haven't even touched on accelerating/deceerating from a stopped
position and maintaining synchronization.

John Dammeyer 

> -Original Message-
> From: Nicklas Karlsson [mailto:nicklas.karlsso...@gmail.com]
> Sent: April-04-16 12:22 PM
> To: emc-users@lists.sourceforge.net
> Subject: [Emc-users] Stepper generator
> 
> 
> I am currently implementing a stepper generator on micro controller which
> may output square waves with clock frequency accuracy with use of built in
> timer peripheral. It may generate square wave probably up to at least in
the
> MHz range and be extended downwards as far as needed by some
> adjustment in software. It seems to work great and it should only be
> finnished off. I currently use relatively expensive micro controller but
cheap
> available for around $1 in large quantity should also work just as fine
since it
> have the same peripheral I used.
> 
> It no problem to output a sequence of square pulses or with a certain
> frequency. Linuxcnc seems to output step velocity and read back
> accumulated number of steps generated.
> 
> What puzzle me is period may vary. As is now I start to use values as soon
as
> they are received via Ethernet. I have used other networks like CAN before
> there everything is synchronized with "broad casted" with a high priority
> sync message. Do anybody have a clue how synchronization should be done
> for mesa Hostmot cards via Ethernet? Or more generally in Linuxcnc?
> 
> 
> Nicklas Karlsson
> 
>

--
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users


--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Tom Easterday]

Then don't encrypt or select the option to allow the company to hold the key as 
well...

> On Apr 4, 2016, at 2:51 PM, Nicklas Karlsson  
> wrote:
> 
> On Mon, 4 Apr 2016 14:00:42 -0400
> Tom Easterday  wrote:
> 
>> Always good to have a local backup as well, but offsite backup is essential 
>> if you really care about the data.  With CrashPlan there is an option, I 
>> believe, where they hold the key as well and can therefore decrypt data if 
>> you happen to lose the key.  
>> 
>> However, making sure you don't lose the key is not that difficult.  I have 
>> the key in three locations (devices) so losing the key would be extremely 
>> unlikely.
> 
> Most if not all of my data is of very limited value for others so for me the 
> risk of a lost key is of great concern.
> 
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users


--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

[Emc-users] Stepper generator

[Nicklas Karlsson]

I am currently implementing a stepper generator on micro controller which may 
output square waves with clock frequency accuracy with use of built in timer 
peripheral. It may generate square wave probably up to at least in the MHz 
range and be extended downwards as far as needed by some adjustment in 
software. It seems to work great and it should only be finnished off. I 
currently use relatively expensive micro controller but cheap available for 
around $1 in large quantity should also work just as fine since it have the 
same peripheral I used.

It no problem to output a sequence of square pulses or with a certain 
frequency. Linuxcnc seems to output step velocity and read back accumulated 
number of steps generated.

What puzzle me is period may vary. As is now I start to use values as soon as 
they are received via Ethernet. I have used other networks like CAN before 
there everything is synchronized with "broad casted" with a high priority sync 
message. Do anybody have a clue how synchronization should be done for mesa 
Hostmot cards via Ethernet? Or more generally in Linuxcnc?


Nicklas Karlsson

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Nicklas Karlsson]

On Mon, 4 Apr 2016 14:00:42 -0400
Tom Easterday  wrote:

> Always good to have a local backup as well, but offsite backup is essential 
> if you really care about the data.  With CrashPlan there is an option, I 
> believe, where they hold the key as well and can therefore decrypt data if 
> you happen to lose the key.  
> 
> However, making sure you don't lose the key is not that difficult.  I have 
> the key in three locations (devices) so losing the key would be extremely 
> unlikely.

Most if not all of my data is of very limited value for others so for me the 
risk of a lost key is of great concern.

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Tom Easterday]

Always good to have a local backup as well, but offsite backup is essential if 
you really care about the data.  With CrashPlan there is an option, I believe, 
where they hold the key as well and can therefore decrypt data if you happen to 
lose the key.  

However, making sure you don't lose the key is not that difficult.  I have the 
key in three locations (devices) so losing the key would be extremely unlikely.
-Tom

> On Apr 4, 2016, at 11:30 AM, Nicklas Karlsson  
> wrote:
> 
> I would consider lost key quite a serious risk. I have copy of files I worked 
> on the last months on CD/DVD or whatever they name the disks nowaday.
> 
> If computer break down or does not work for other reason i install the 
> software again.
> 
> 
> 
> 
> On Mon, 4 Apr 2016 11:00:35 -0400
> Tom Easterday  wrote:
> 
>> For offsite backup I would highly recommend of CrashPlan.  It works on Mac, 
>> Win, and Linux.  It allows for strong private key encryption of all data 
>> during backup and on the servers.   Recovery of files is easy and since you 
>> are downloading it is usually quite fast assuming you have fast internet 
>> access.   It takes a while (days or even weeks) for the initial backup to 
>> complete but once there incrementals happens in the background.
>> 
>> -Tom
>> 
>>> On Apr 4, 2016, at 10:49 AM, Rick Lair  wrote:
>>> 
>>> So what would you recommend on my desktop PC in my office, that I do 
>>> everything on, that I just converted over to Linux Mint?
>>> 
>>> Rick
>>> 
 On 04/04/2016 10:43 AM, Nicklas Karlsson wrote:
 A backup of important files stored at other location or other place not 
 likely to be affected by the same misshap is always good.
 
 
 On Mon, 4 Apr 2016 07:33:21 -0700
 Jerry Scharf  wrote:
 
> Rick,
> 
> The family of software you mentioned are there to try to protect you when
> you bring new things onto the machine.
> 
> Anti-virus is for finding bad programs that have been added to the 
> machine.
> If you stick to only installing things that are downloaded from the debian
> distro and things you can vouch for yourself, then this becomes a
> non-issue. If you are loading up many random tools on the machine, then it
> may become an issue.
> 
> Now comes the bad news about anti-virus. They offer marginal protection at
> best. It's not that they don't work, it's that its a complex target and
> there is only so much that can be found in file signatures.
> 
> The best safety comes from caution. Don't load anything on the linux-cnc
> machine that doesn't need to be there. Don't have a browser on that
> machine. Do minimal development on the machine and only with well trusted
> tools. Vet everything extra you load onto the machines and keep up with 
> the
> disrto security patches. Don't stick a thumb drive into the machine unless
> you personally formatted it on a clean machine.
> 
> FWIW, I don't run ant-virus on my machines.
> 
> jerry
> 
> 
>> On Mon, Apr 4, 2016 at 6:55 AM, Rick Lair  wrote:
>> 
>> Hello Guys,
>> 
>> Is there any need for any anti-virus/malware/spyware software on my
>> linux machines, I have never thought about, but last week I switched my
>> desktop over to Mint from XP, and wasn't sure what security measures are
>> needed, I wasn't ever really concerned about the CNC's, but now with my
>> desktop, it got me wondering.
>> 
>> 
>> Thanks
>> 
>> Rick
>> 
>> 
>> --
>> ___
>> Emc-users mailing list
>> Emc-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/emc-users
> 
> 
> -- 
> Jerry Scharf
> FINsix IT
> 650.285.6361 w
> 650.279.7017 m
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users
 --
 ___
 Emc-users mailing list
 Emc-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/emc-users
>>> 
>>> 
>>> --
>>> ___
>>> Emc-users mailing list
>>> Emc-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/emc-users
>> 
>> 
>> --
>> ___
>> Emc-users mailing list
>> Emc-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/emc-users
> 
>

Re: [Emc-users] OT: Linux Security

[Gene Heskett]

On Monday 04 April 2016 10:43:10 Nicklas Karlsson wrote:

> A backup of important files stored at other location or other place
> not likely to be affected by the same misshap is always good.
>
>
I'll second that.  amanda grabs the lcnc related stuff from all of my 
machines, and all of this machine, nightly.  Peace of mind you can't get 
out of a pill bottle.

> On Mon, 4 Apr 2016 07:33:21 -0700
>
> Jerry Scharf  wrote:
> > Rick,
> >
> > The family of software you mentioned are there to try to protect you
> > when you bring new things onto the machine.
> >
> > Anti-virus is for finding bad programs that have been added to the
> > machine. If you stick to only installing things that are downloaded
> > from the debian distro and things you can vouch for yourself, then
> > this becomes a non-issue. If you are loading up many random tools on
> > the machine, then it may become an issue.
> >
> > Now comes the bad news about anti-virus. They offer marginal
> > protection at best. It's not that they don't work, it's that its a
> > complex target and there is only so much that can be found in file
> > signatures.
> >
> > The best safety comes from caution. Don't load anything on the
> > linux-cnc machine that doesn't need to be there. Don't have a
> > browser on that machine. Do minimal development on the machine and
> > only with well trusted tools. Vet everything extra you load onto the
> > machines and keep up with the disrto security patches. Don't stick a
> > thumb drive into the machine unless you personally formatted it on a
> > clean machine.
> >
> > FWIW, I don't run ant-virus on my machines.
> >
> > jerry
> >
> > On Mon, Apr 4, 2016 at 6:55 AM, Rick Lair  
wrote:
> > > Hello Guys,
> > >
> > > Is there any need for any anti-virus/malware/spyware software on
> > > my linux machines, I have never thought about, but last week I
> > > switched my desktop over to Mint from XP, and wasn't sure what
> > > security measures are needed, I wasn't ever really concerned about
> > > the CNC's, but now with my desktop, it got me wondering.
> > >
> > >
> > > Thanks
> > >
> > > Rick
> > >
> > >
> > > --
> > > ___
> > > Emc-users mailing list
> > > Emc-users@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/emc-users
> >
> > --
> > Jerry Scharf
> > FINsix IT
> > 650.285.6361 w
> > 650.279.7017 m
> > 
> >-- ___
> > Emc-users mailing list
> > Emc-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/emc-users
>
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Gene Heskett]

On Monday 04 April 2016 09:55:16 Rick Lair wrote:

> Hello Guys,
>
> Is there any need for any anti-virus/malware/spyware software on my
> linux machines, I have never thought about, but last week I switched
> my desktop over to Mint from XP, and wasn't sure what security
> measures are needed, I wasn't ever really concerned about the CNC's,
> but now with my desktop, it got me wondering.
>
>
> Thanks
>
> Rick
>
I long since offloaded the security stuff to my router, which has a 
generous sized flash memory, a Netgear something or other 3500 box.  Its 
running the best guard dog ever, as its been reflashed to DD-WRT.  
Nothing from the outside comes in except what has been asked for, or 
access to my web page which is in its own sandbox on what most would 
think is an odd port number. I've been using DD-WRT in some box or other 
for close to a decade and have not been bothered. My web page hasn't 
been touched while it has generated nearly 20Gb a month in traffic for 
the last several months. In house, aka this side of the router, selinux 
and its ilk has been nuked.  I have sshfs shares to the other 4 
machines, replacing the troublesome NFS shares, which beat samba/cifs 
like a white mouthed mule, and an ssh -Y login session to each of them 
running. No login, but ssh key sharing.  And the only other sharp teeth 
running is portsentry.  But no one has gotten close enough to make that 
dog bark in about 3 years since I installed it.  It Just Works(TM).

How much of that would, or could be made to work with windows I can't say  
as there are no windows running machines on the premises. But I'd think 
a windows box would be safe, depending of course on some common sense as 
to what was clicked on.  I do run the clamav suite, over incoming email 
all the time, and over the other 3 most active directories daily.

Incoming scan has nuked one of undefined purpose, 2 adverts from my bank 
that had what I think is an FP, and 2 messages from the clamav list that 
carried the same FPs as attachments. 76k, last updated on the 31st of 
March.  Shrug.  Its working 99.9% of the time. And I like DD-WRT, it's a 
good guard dog that only needs 25 cents worth of electricity as its 
monthly feeding.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Chris Albertson]

You certainly do not need to BUY any additional software.  But you do need
to set up the Linux machine reasonably.  Mostly this means

1.  Never use an admin login account for normal work.  Set yourself up as a
normal user then use "su" or whatever to do what you need.

2. use good passwords on all your accounts

3. keep current backups that are disconnected and at least one off site
backup

4. the built-in firewall is good, enable it or learn how to deny access to
services from computers not on your local network.  If you have a fire wall
built into your router that is even better as it works for your entire home
network

If you were running a Linux server that is exposed to the Internet directly
(say a public web server) there is a lot more you could do





On Mon, Apr 4, 2016 at 6:55 AM, Rick Lair  wrote:

> Hello Guys,
>
> Is there any need for any anti-virus/malware/spyware software on my
> linux machines, I have never thought about, but last week I switched my
> desktop over to Mint from XP, and wasn't sure what security measures are
> needed, I wasn't ever really concerned about the CNC's, but now with my
> desktop, it got me wondering.
>
>
> Thanks
>
> Rick
>
>
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users
>



-- 

Chris Albertson
Redondo Beach, California
--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Jon Elson]

On 04/04/2016 10:00 AM, Tom Easterday wrote:
> For offsite backup I would highly recommend of CrashPlan.  It works on Mac, 
> Win, and Linux.  It allows for strong private key encryption of all data 
> during backup and on the servers.   Recovery of files is easy and since you 
> are downloading it is usually quite fast assuming you have fast internet 
> access.   It takes a while (days or even weeks) for the initial backup to 
> complete but once there incrementals happens in the background.
>
>
If you are totally down, a cloud backup with forgotten 
passwords might be useless.  A local backup on DVDs can be 
useful when you need to go back many months to find a file 
that was deleted or altered.  And, DVDs really don't take up 
much space.  Looks like I may have to go to blu-ray pretty 
soon, the volume of accumulated stuff seems to be expanding.

Jon

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Jon Elson]

On 04/04/2016 09:54 AM, Jeff Epler wrote:
>
> I don't think any of the common web or e-mail threats have payloads that
> work on Linux anyway.  But if you have an open ssh port and your root
> password is "root", you will end up with unwanted software installed,
> such as an IRC server to control somebody's botnet...
>
>
At least Ubuntu is set up so that root cannot login from the 
net. Only user accounts can log in via the net, then you can 
use su or sudo to get the required privilege.

Jon

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Jon Elson]

On 04/04/2016 09:49 AM, Rick Lair wrote:
> So what would you recommend on my desktop PC in my office, that I do
> everything on, that I just converted over to Linux Mint?
>
>
Is it behind a firewall?  Does it use NAT, so the desktop 
has no WAN address?  That's the best security.
Use good passwords, and only have one user account on the 
machine. If you never need to get into it from other 
machines, turn off sshd.

Now, for the firewall machine, the best thing in the world 
is denyhosts.  I used to get 1000+ ssh login attempts a 
day!  Then, I put in denyhosts, which watches the log for 
login failures.  i set it quite restrictively, so that 3 
failed logins from any specific IP within a month causes 
that IP to be added to the hosts.deny file, and stay there 
for a year.  Very interestingly, exactly, TO THE HOUR, 2 
weeks after I set this up, the attacks dropped from 1000 a 
day to 3!  So, they used a wide range of compromised botnet 
nodes to find out what the time horizon of hosts.deny was 
set to.  When it was seen to be over 2 weeks, they sent out 
the word somehow that my IP was not worth expending any 
effort on.

Then, on the firewall machine, also have an absolute minimum 
number of user accounts, and make sure none of them have 
names like bob or alice.  Names like this are the things 
they try.

That's how I'm doing it.

Jon

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Modbus wiring

[Gene Heskett]

On Monday 04 April 2016 09:37:08 Nicklas Karlsson wrote:

> > Maybe. OTOH, I can probably knock up something in eagle or geda/pcb,
> > and carve it on my machine by the time UPS could make a drop here. 
> > Those pictured boards Farnell shows me are quite simple, and adding
> > another thru-hole for the supply bypassing those chips ought to have
> > would be easy enough.  If I have a problem I might consider it, but
> > this VFD is RS-232, if that option is plugged in. I didn't find it
> > when I had it apart  OTOH, somebody, Mesa or Pico, maybe PMDX really
> > ought to knock up something like that so we'd have a ready-made
> > plug-n-play solution we could buy at a reasonable price.
> >
> > Potential product suggestion guys.
>
> You need VFD?
>
Potentially. I am considering buying a Sable for PCB work, and I am NOT 
impressed with the optional belt driven spindle they can supply. The 
rest of the machine looks as if it can do .001" accuracy as the Sable 
gantry is part of the machine frame and does not move except the spindle 
carrier sideways for what I'd call Y.  The table moves under the 
stationary gantry instead, on what for its size are quite substantial 
25mm rods & bearings.  If the gantry can support this motor, then its 
24k revs should allow a huge improvement in production speed.

But I have some other things I need to get out of the way to make room 
for the Sable.

Now, I am contemplating, because the Z is so much slower than the XY on 
this G0704/BF20, replaceing the3.5 amp 1600 oz/in motor and ma860 driver 
with its matching 60 volt switching psu, with this:



which it seems ought to triple the Z speed, but the 110 volt max dc 
supply, which I'd expect I'd better hold to about 100 volts, or if a 
stepdown tranny in the AC, 70 volts, and I have nothing to do that with 
at that power level.  In AC that would be a 57 volt buck at nominally 8 
amps=a 500 watt rated buck transformer. Hens teeth category in that 
fleabay hasn't such a critter that I can find. And switchers seem to top 
out at about 72 volts & not quite enough amps.

In other words, I haven't anything that could power it correctly.  And 
ebay's search  engine has no damned concept of what the word "volt" 
means.  No association with the 100 in front of it. The only tranny I 
have in that power category or above, is a toroid, 250/125 volt 
autoformer with at least a 5kw rating, a foot in diameter and 6" thick 
that I can't move it without a 2 wheeler, at least 90 lbs bare. I had 
visions of a better load balance on my house by running the mill off a 
252 volt two pole breaker.  But to be NEC legal I'd need a steel 
houseing box but haven't stumbled over one of them critters of a 
suitable size used yet.  Sad, but its the story of my life it seems.

What we need, is the MA860H in a MA8130H so it could be powered with a 
straight 127 volt line connection.  We may get it eventually, but not on 
my watch I suspect.  Ideally, 2 of the Pico pwm servo amps with special 
quadrature drivers could do it, but the driver would need to be pretty 
special, doing the pwm and dir with the pwm duration mapped to the 
microstepping needed.  They can do 20 amps on a 160 volt supply.  But 
here we go again, the beggar is still looking for the free horse to 
ride, so the money doesn't get spent. :(

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Jon Elson]

On 04/04/2016 08:55 AM, Rick Lair wrote:
> Hello Guys,
>
> Is there any need for any anti-virus/malware/spyware software on my
> linux machines, I have never thought about, but last week I switched my
> desktop over to Mint from XP, and wasn't sure what security measures are
> needed, I wasn't ever really concerned about the CNC's, but now with my
> desktop, it got me wondering.
>
Is there a need to enable sshd?  Probably, if you want to 
transfer .ngc files to it.
But, just have one user ID able to log in remotely, and keep 
it behind a firewall with NAT.
That should be pretty secure.

I don't have any anti-virus software here, not sure any of 
that stuff actually works against a code that would actually 
affect a Linux system.  Searching against tables of Windows 
virus' seems pointless.

Jon

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Nicklas Karlsson]

I would consider lost key quite a serious risk. I have copy of files I worked 
on the last months on CD/DVD or whatever they name the disks nowaday.

If computer break down or does not work for other reason i install the software 
again.




On Mon, 4 Apr 2016 11:00:35 -0400
Tom Easterday  wrote:

> For offsite backup I would highly recommend of CrashPlan.  It works on Mac, 
> Win, and Linux.  It allows for strong private key encryption of all data 
> during backup and on the servers.   Recovery of files is easy and since you 
> are downloading it is usually quite fast assuming you have fast internet 
> access.   It takes a while (days or even weeks) for the initial backup to 
> complete but once there incrementals happens in the background.
> 
> -Tom
> 
> > On Apr 4, 2016, at 10:49 AM, Rick Lair  wrote:
> > 
> > So what would you recommend on my desktop PC in my office, that I do 
> > everything on, that I just converted over to Linux Mint?
> > 
> > Rick
> > 
> >> On 04/04/2016 10:43 AM, Nicklas Karlsson wrote:
> >> A backup of important files stored at other location or other place not 
> >> likely to be affected by the same misshap is always good.
> >> 
> >> 
> >> On Mon, 4 Apr 2016 07:33:21 -0700
> >> Jerry Scharf  wrote:
> >> 
> >>> Rick,
> >>> 
> >>> The family of software you mentioned are there to try to protect you when
> >>> you bring new things onto the machine.
> >>> 
> >>> Anti-virus is for finding bad programs that have been added to the 
> >>> machine.
> >>> If you stick to only installing things that are downloaded from the debian
> >>> distro and things you can vouch for yourself, then this becomes a
> >>> non-issue. If you are loading up many random tools on the machine, then it
> >>> may become an issue.
> >>> 
> >>> Now comes the bad news about anti-virus. They offer marginal protection at
> >>> best. It's not that they don't work, it's that its a complex target and
> >>> there is only so much that can be found in file signatures.
> >>> 
> >>> The best safety comes from caution. Don't load anything on the linux-cnc
> >>> machine that doesn't need to be there. Don't have a browser on that
> >>> machine. Do minimal development on the machine and only with well trusted
> >>> tools. Vet everything extra you load onto the machines and keep up with 
> >>> the
> >>> disrto security patches. Don't stick a thumb drive into the machine unless
> >>> you personally formatted it on a clean machine.
> >>> 
> >>> FWIW, I don't run ant-virus on my machines.
> >>> 
> >>> jerry
> >>> 
> >>> 
>  On Mon, Apr 4, 2016 at 6:55 AM, Rick Lair  wrote:
>  
>  Hello Guys,
>  
>  Is there any need for any anti-virus/malware/spyware software on my
>  linux machines, I have never thought about, but last week I switched my
>  desktop over to Mint from XP, and wasn't sure what security measures are
>  needed, I wasn't ever really concerned about the CNC's, but now with my
>  desktop, it got me wondering.
>  
>  
>  Thanks
>  
>  Rick
>  
>  
>  --
>  ___
>  Emc-users mailing list
>  Emc-users@lists.sourceforge.net
>  https://lists.sourceforge.net/lists/listinfo/emc-users
> >>> 
> >>> 
> >>> -- 
> >>> Jerry Scharf
> >>> FINsix IT
> >>> 650.285.6361 w
> >>> 650.279.7017 m
> >>> --
> >>> ___
> >>> Emc-users mailing list
> >>> Emc-users@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/emc-users
> >> --
> >> ___
> >> Emc-users mailing list
> >> Emc-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/emc-users
> > 
> > 
> > --
> > ___
> > Emc-users mailing list
> > Emc-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/emc-users
> 
> 
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Tom Easterday]

For offsite backup I would highly recommend of CrashPlan.  It works on Mac, 
Win, and Linux.  It allows for strong private key encryption of all data during 
backup and on the servers.   Recovery of files is easy and since you are 
downloading it is usually quite fast assuming you have fast internet access.   
It takes a while (days or even weeks) for the initial backup to complete but 
once there incrementals happens in the background.

-Tom

> On Apr 4, 2016, at 10:49 AM, Rick Lair  wrote:
> 
> So what would you recommend on my desktop PC in my office, that I do 
> everything on, that I just converted over to Linux Mint?
> 
> Rick
> 
>> On 04/04/2016 10:43 AM, Nicklas Karlsson wrote:
>> A backup of important files stored at other location or other place not 
>> likely to be affected by the same misshap is always good.
>> 
>> 
>> On Mon, 4 Apr 2016 07:33:21 -0700
>> Jerry Scharf  wrote:
>> 
>>> Rick,
>>> 
>>> The family of software you mentioned are there to try to protect you when
>>> you bring new things onto the machine.
>>> 
>>> Anti-virus is for finding bad programs that have been added to the machine.
>>> If you stick to only installing things that are downloaded from the debian
>>> distro and things you can vouch for yourself, then this becomes a
>>> non-issue. If you are loading up many random tools on the machine, then it
>>> may become an issue.
>>> 
>>> Now comes the bad news about anti-virus. They offer marginal protection at
>>> best. It's not that they don't work, it's that its a complex target and
>>> there is only so much that can be found in file signatures.
>>> 
>>> The best safety comes from caution. Don't load anything on the linux-cnc
>>> machine that doesn't need to be there. Don't have a browser on that
>>> machine. Do minimal development on the machine and only with well trusted
>>> tools. Vet everything extra you load onto the machines and keep up with the
>>> disrto security patches. Don't stick a thumb drive into the machine unless
>>> you personally formatted it on a clean machine.
>>> 
>>> FWIW, I don't run ant-virus on my machines.
>>> 
>>> jerry
>>> 
>>> 
 On Mon, Apr 4, 2016 at 6:55 AM, Rick Lair  wrote:
 
 Hello Guys,
 
 Is there any need for any anti-virus/malware/spyware software on my
 linux machines, I have never thought about, but last week I switched my
 desktop over to Mint from XP, and wasn't sure what security measures are
 needed, I wasn't ever really concerned about the CNC's, but now with my
 desktop, it got me wondering.
 
 
 Thanks
 
 Rick
 
 
 --
 ___
 Emc-users mailing list
 Emc-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/emc-users
>>> 
>>> 
>>> -- 
>>> Jerry Scharf
>>> FINsix IT
>>> 650.285.6361 w
>>> 650.279.7017 m
>>> --
>>> ___
>>> Emc-users mailing list
>>> Emc-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/emc-users
>> --
>> ___
>> Emc-users mailing list
>> Emc-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/emc-users
> 
> 
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users


--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Jeff Epler]

Here are the security measures I use on my Linux machines:

 * Have a back-up plan so that you can restore your computer after
   a problem (not limited to finding malware, but more likely problems
   such as a failed disk/SSD)
 * Firewall that allows incoming connections only on specific
   whitelisted TCP ports (and all outgoing traffic)
 * For me, one of those ports is ssh, so strong passwords on all
   accounts.  Other ssh hardening options include allowing only a
   restricted list of users to ssh, and requiring the use of ssh public
   key authentication. (man sshd_config)
 * Keep packages up to date with security updates, particularly the web
   browser
 * Browser:
- stay up to date (I use release channel from http://mozilla.debian.net/)
- Use ad blocking software (I favor ublock0, choose your own filter
  preferences)
- Set flash plugins to not play by default
- consider a browser add-on that can enable/disable javascript per
  site (this helps more with web nuisances like pop-up "sign up for
  our mailing list" than with avoiding malware installation)
- If you're on a system that is out of support, don't browse the web
  on it
 * E-mail:
- Use aggressive spam filtering
- disable any functionality to auto-show attachments, auto-load
  remote images, etc
- use a text-mode e-mail client for extra geek cred
- If you're on a system that is out of support, don't read e-mail
  on it
 * Don't allow untrusted machines on the local network / WIFI
- Some WIFI access points can create multiple separate networks, so
  you can have a trusted wifi + ethernet and an un-trusted wifi

I don't think any of the common web or e-mail threats have payloads that
work on Linux anyway.  But if you have an open ssh port and your root
password is "root", you will end up with unwanted software installed,
such as an IRC server to control somebody's botnet...

Jeff

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Rick Lair]

So what would you recommend on my desktop PC in my office, that I do 
everything on, that I just converted over to Linux Mint?

Rick

On 04/04/2016 10:43 AM, Nicklas Karlsson wrote:
> A backup of important files stored at other location or other place not 
> likely to be affected by the same misshap is always good.
>
>
> On Mon, 4 Apr 2016 07:33:21 -0700
> Jerry Scharf  wrote:
>
>> Rick,
>>
>> The family of software you mentioned are there to try to protect you when
>> you bring new things onto the machine.
>>
>> Anti-virus is for finding bad programs that have been added to the machine.
>> If you stick to only installing things that are downloaded from the debian
>> distro and things you can vouch for yourself, then this becomes a
>> non-issue. If you are loading up many random tools on the machine, then it
>> may become an issue.
>>
>> Now comes the bad news about anti-virus. They offer marginal protection at
>> best. It's not that they don't work, it's that its a complex target and
>> there is only so much that can be found in file signatures.
>>
>> The best safety comes from caution. Don't load anything on the linux-cnc
>> machine that doesn't need to be there. Don't have a browser on that
>> machine. Do minimal development on the machine and only with well trusted
>> tools. Vet everything extra you load onto the machines and keep up with the
>> disrto security patches. Don't stick a thumb drive into the machine unless
>> you personally formatted it on a clean machine.
>>
>> FWIW, I don't run ant-virus on my machines.
>>
>> jerry
>>
>>
>> On Mon, Apr 4, 2016 at 6:55 AM, Rick Lair  wrote:
>>
>>> Hello Guys,
>>>
>>> Is there any need for any anti-virus/malware/spyware software on my
>>> linux machines, I have never thought about, but last week I switched my
>>> desktop over to Mint from XP, and wasn't sure what security measures are
>>> needed, I wasn't ever really concerned about the CNC's, but now with my
>>> desktop, it got me wondering.
>>>
>>>
>>> Thanks
>>>
>>> Rick
>>>
>>>
>>> --
>>> ___
>>> Emc-users mailing list
>>> Emc-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/emc-users
>>>
>>
>>
>> -- 
>> Jerry Scharf
>> FINsix IT
>> 650.285.6361 w
>> 650.279.7017 m
>> --
>> ___
>> Emc-users mailing list
>> Emc-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/emc-users
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users


--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Nicklas Karlsson]

A backup of important files stored at other location or other place not likely 
to be affected by the same misshap is always good.


On Mon, 4 Apr 2016 07:33:21 -0700
Jerry Scharf  wrote:

> Rick,
> 
> The family of software you mentioned are there to try to protect you when
> you bring new things onto the machine.
> 
> Anti-virus is for finding bad programs that have been added to the machine.
> If you stick to only installing things that are downloaded from the debian
> distro and things you can vouch for yourself, then this becomes a
> non-issue. If you are loading up many random tools on the machine, then it
> may become an issue.
> 
> Now comes the bad news about anti-virus. They offer marginal protection at
> best. It's not that they don't work, it's that its a complex target and
> there is only so much that can be found in file signatures.
> 
> The best safety comes from caution. Don't load anything on the linux-cnc
> machine that doesn't need to be there. Don't have a browser on that
> machine. Do minimal development on the machine and only with well trusted
> tools. Vet everything extra you load onto the machines and keep up with the
> disrto security patches. Don't stick a thumb drive into the machine unless
> you personally formatted it on a clean machine.
> 
> FWIW, I don't run ant-virus on my machines.
> 
> jerry
> 
> 
> On Mon, Apr 4, 2016 at 6:55 AM, Rick Lair  wrote:
> 
> > Hello Guys,
> >
> > Is there any need for any anti-virus/malware/spyware software on my
> > linux machines, I have never thought about, but last week I switched my
> > desktop over to Mint from XP, and wasn't sure what security measures are
> > needed, I wasn't ever really concerned about the CNC's, but now with my
> > desktop, it got me wondering.
> >
> >
> > Thanks
> >
> > Rick
> >
> >
> > --
> > ___
> > Emc-users mailing list
> > Emc-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/emc-users
> >
> 
> 
> 
> -- 
> Jerry Scharf
> FINsix IT
> 650.285.6361 w
> 650.279.7017 m
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Jerry Scharf]

Rick,

The family of software you mentioned are there to try to protect you when
you bring new things onto the machine.

Anti-virus is for finding bad programs that have been added to the machine.
If you stick to only installing things that are downloaded from the debian
distro and things you can vouch for yourself, then this becomes a
non-issue. If you are loading up many random tools on the machine, then it
may become an issue.

Now comes the bad news about anti-virus. They offer marginal protection at
best. It's not that they don't work, it's that its a complex target and
there is only so much that can be found in file signatures.

The best safety comes from caution. Don't load anything on the linux-cnc
machine that doesn't need to be there. Don't have a browser on that
machine. Do minimal development on the machine and only with well trusted
tools. Vet everything extra you load onto the machines and keep up with the
disrto security patches. Don't stick a thumb drive into the machine unless
you personally formatted it on a clean machine.

FWIW, I don't run ant-virus on my machines.

jerry


On Mon, Apr 4, 2016 at 6:55 AM, Rick Lair  wrote:

> Hello Guys,
>
> Is there any need for any anti-virus/malware/spyware software on my
> linux machines, I have never thought about, but last week I switched my
> desktop over to Mint from XP, and wasn't sure what security measures are
> needed, I wasn't ever really concerned about the CNC's, but now with my
> desktop, it got me wondering.
>
>
> Thanks
>
> Rick
>
>
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users
>



-- 
Jerry Scharf
FINsix IT
650.285.6361 w
650.279.7017 m
--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] OT: Linux Security

[Nicklas Karlsson]

For spyware I guess it depend. If you market the machined parts they could it 
see them in the broschure or wherever you put them anyway.

On Mon, 4 Apr 2016 09:55:16 -0400
Rick Lair  wrote:

> Hello Guys,
> 
> Is there any need for any anti-virus/malware/spyware software on my 
> linux machines, I have never thought about, but last week I switched my 
> desktop over to Mint from XP, and wasn't sure what security measures are 
> needed, I wasn't ever really concerned about the CNC's, but now with my 
> desktop, it got me wondering.
> 
> 
> Thanks
> 
> Rick
> 
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

[Emc-users] OT: Linux Security

[Rick Lair]

Hello Guys,

Is there any need for any anti-virus/malware/spyware software on my 
linux machines, I have never thought about, but last week I switched my 
desktop over to Mint from XP, and wasn't sure what security measures are 
needed, I wasn't ever really concerned about the CNC's, but now with my 
desktop, it got me wondering.


Thanks

Rick

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Modbus wiring

[Nicklas Karlsson]

> Maybe. OTOH, I can probably knock up something in eagle or geda/pcb, and 
> carve it on my machine by the time UPS could make a drop here.  Those 
> pictured boards Farnell shows me are quite simple, and adding another 
> thru-hole for the supply bypassing those chips ought to have would be 
> easy enough.  If I have a problem I might consider it, but this VFD is 
> RS-232, if that option is plugged in. I didn't find it when I had it 
> apart  OTOH, somebody, Mesa or Pico, maybe PMDX really ought to knock up 
> something like that so we'd have a ready-made plug-n-play solution we 
> could buy at a reasonable price.
> 
> Potential product suggestion guys.

You need VFD?

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Modbus wiring

[Gene Heskett]

On Monday 04 April 2016 01:52:42 Nicklas Karlsson wrote:

> > > > > ISO7421
> > > >
> > > > Now thats sweet, and a heck of a lot better thought out than the
> > > > last such chip I looked at a decade ago.  Needs a 4 wire cable
> > > > from each direction, but I don't see as that as a problem other
> > > > than stealing the ground and  3.3 or 5 volts to run its side of
> > > > it at both ends.
> > > >
> > > > That should indeed sove the noise problem.  The pcb requires a
> > > > slightly different layout of putting the power on the center
> > > > layers, so the best bet is to look around and see if someone
> > > > might have it all boxed up and ready to connect.
> > > >
> > > > Were you able to find such a ready-made critter?  If so where?
> > >
> > > No I made my own circuit board, two layer. SO footprint should not
> > > be to hard to solder there are small prototype boards or similar
> > > on Farnell.
> > >
> > > http://se.farnell.com/roth-elektronik/re932-01/pcb-adaptor-smd-so-
> > >8-20 -5mmx8mm/dp/1426169
> > > http://se.farnell.com/roth-elektronik/re932-03/adaptor-smd-so-14-1
> > >-27m m/dp/1426171
> > > http://se.farnell.com/roth-elektronik/re932-02/adaptor-smd-so-8w-1
> > >-27m m/dp/1426170
> > > http://se.farnell.com/roth-elektronik/re932-01st/multi-adapter-11-
> > >5x16 mm-soic-8/dp/2292022
> > >
> > > I do not have time to check if footprint is correct.
> >
> > Immaterial as you wouls wire to suit, but all of them are missing a
> > place to put the recommended supply rail bypassing. And extra plated
> > thru-hole in each runner to the terminal would be nice.
> >
> > But who is Farnell on this "west side" of the pond?  Or are they
> > even affiliated with anybody in the US?
>
> Maybe it is newark http://www.newark.com/ otherwise I think digikey
> may be closer to you.

Maybe. OTOH, I can probably knock up something in eagle or geda/pcb, and 
carve it on my machine by the time UPS could make a drop here.  Those 
pictured boards Farnell shows me are quite simple, and adding another 
thru-hole for the supply bypassing those chips ought to have would be 
easy enough.  If I have a problem I might consider it, but this VFD is 
RS-232, if that option is plugged in. I didn't find it when I had it 
apart  OTOH, somebody, Mesa or Pico, maybe PMDX really ought to knock up 
something like that so we'd have a ready-made plug-n-play solution we 
could buy at a reasonable price.

Potential product suggestion guys.

> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Modbus wiring

[Danny Miller]

Lemme clarify- whether or not you're galvanically isolating, any RS485 
transceiver needs either 3-wire or 4-wire logic due to its half-duplex 
nature, OR to be protocol-aware.

I don't know if the RTS could be used that way.  RTS is hardware flow 
control, which is obsolete now and often not implemented. RTS precedes a 
byte, and is supposed to be a query to the transceiver which MAY be 
responded with a CTS (Clear to Send), at which point the START bit and 
the byte begin.

It's mostly nonsense now, most transceivers don't work that way. 
Hardware flow control can be defeated just by tying the CTS line to RTS, 
so "I WANT to transmit" is always "ok to transmit".

Hmm, if we did this, you'd lead with the Master transmit packet: Slave 
Address/Function Code/Byte Count/etc which would begin with RTS.  It 
would probably leave RTS high the whole time- but I don't know if that's 
guaranteed.  Then when the packet is done and it needs a response, RTS 
should be deasserted.  Well it should deassert it.  If it intends to 
play Modbus, it won't send anything else while waiting for the response.

The RTS does NOT require isolation.  It's on the ground-referenced side 
of a galv isolation transceiver.

Danny

On 4/4/2016 2:04 AM, Nicklas Karlsson wrote:
> I think the RTS signal is common but it must of course also be insulated.
> http://www.moxa.com/resource_file/857220091121341.pdf
>
> Nicklas Karlsson 
>
> --
> ___
> Emc-users mailing list
> Emc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/emc-users
>


--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Re: [Emc-users] Modbus wiring

[Nicklas Karlsson]

> That's a bare unidirectional isolator. OK for RS232.  Problem being, 
> Modbus is over RS422/RS485, a bidirectional protocol and there's a lot 
> of difficult problems in creating buffers of any sort.  It doesn't know 
> which direction it's supposed to drive at any given time.
> 
> http://www.mouser.com/Search/Refine.aspx?Keyword=rs422+isolator&Ns=Pricing%7c0&FS=True
> 
> There are isolating RS422/RS485 transceivers.  However, as you can see, 
> it starts from a 4-wire R/RE_n D/DE logic-level interface, like any 
> transceiver.  That device can't take in RS485 on both sides.
> 
> I used a high-tech ADAM-4520, which takes in RS232 and a DC power on one 
> side, produces galvanic isolation for RS422/RS485 and isolated power to 
> drive that logic.  Not that expensive on eBay. It's gotta be 
> protocol-aware to do this, so you MUST set the baud rate and format via 
> DIP switches and follow the RS485 signaling protocol.
> 
> That is, if you just followed the 8N1 9600 baud RS232 format and sent 
> your own generic RS232 bytes, it wouldn't know which direction to go, it 
> needs a Slave Address/Function Code/Byte Count/etc bytes of an RS485 
> message.  Then, knowing how RS485 protocol works, changes bus direction 
> as required.
> 
> Both Mach3 and LinuxCNC WILL command a serial port with proper RS485 
> messages, even though they're bytes and may be on an RS232 bus (or 
> logic-level 8N1 9600 baud serial).  But I don't know how you'd get 
> LinuxCNC to produce the raw 4-wire R/RE_n D/DE interface for an RS485 
> transceiver.
> 
> Danny

I think the RTS signal is common but it must of course also be insulated.
http://www.moxa.com/resource_file/857220091121341.pdf

Nicklas Karlsson 

--
___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users