Last year a company called Magellan sent a deep sea rover 15,000 feet down to the site of the final resting place of the battleship Bismark, sunk 86 years ago. The video is simply spectacular. Here is a shortish excerpt with commentary.
And since we're talking about the Bismark, this song is obligatory.
In this case, marine diesel engines which used to be famously long lived. The Detroit Diesel engines of old were famous for running 20,000 or 30,000 hours before a four day rebuild at the dock set them up for another 20,000 or 30,000 hours. You couldn't kill these engines. Rather, you would leave them to your kids in your will.
That's over now, and it's because of the EPA. Over a span of 15 or 20 years, they ratcheted up the emission requirements for these engines to the point that Detroit Diesel would be fined millions and millions of dollars for selling their old (famously reliable) design.
And so now you have to rebuild after 10,000 hours, and you have to replace three times as many parts. Plan on a month, rather than four days.
This is a very interesting video on the subject. While I'm not an expert on diesel engines, it certainly seems solid from an engineering perspective.
Here are the main points.
1. Pressures have gone from 10,000 psi to 30,000 PSI for a bunch of EPA-imposed constraints. This shortens the lifespan of parts used in the engines.
2. The higher pressure means that engines are much more vulnerable to bad diesel fuel: water particles or tiny flakes of rust now essentially sandblast the pistons, valves, and cylinders. This didn't used to take place at the old lower pressure. This sandblasting effect shortens part life even more, which makes engine rebuild and cost even higher.
3. Because parts will fail much more often now, manufacturers put all sorts of sensors in place. The sensors themselves can fail - the high seas is a notoriously unforgiving environment and salt water will get into the engine room. This causes corrosion, which triggers sensor faults. The engine's computer (itself a new thing, with software of questionable quality) will detect the fault and sometimes put the engine into "Limp Home Mode" - not allowing it to go above, say, 1000 RPM. A ship in a storm may find its engine dangerously under powered, putting at risk the lives on board and the safety of the ship itself. If a ship sinks in a storm under these circumstances, the fuel oil in the tanks will pollute the environment.
4. Not pointed out in the video, ocean-going vessels do not have to worry about emissions. From a pure regulatory perspective, that is. However, finding a new engine with all the design "upgrades" discussed here is the challenge. I don't know what EU regulations are, so maybe a MAN engine doesn't have to deal with this. But I'm nasty and suspicious and think that EU regulations could be even worse than EPA's.
Thanks a whole lot of nothing, EPA. You're supposed to protect the environment. Oh, and not get Americans killed.
The only thing I think is unfair about the video is the title. Engine manufactures design their engines to fail after 10 years because the EPA forces them to.
You could roll back all the environmental regulations since 1990 and shutter the EPA and this Republic would be a whole lot better off.
And more importantly, which should you not trust?
This post is the fourth in a series on how to make your home network harder to attack. Here are links to posts one, two, and three.
Now you might think the question in the post title is a bit strange - after all, these are you devices, so you'd think that they're all trustworthy. You'd be wrong. There are at a minimum two different categories of trustworthiness:
Your main computing devices. These are computers (duh) such as laptops and desktop computers, servers (a future post will talk about why these can be useful to you, and your cell phones (which are nothing but tiny hand held computers).
Now I've been in security for long enough that I get a bit twitchy about mobile phone security (I'll address this in a future post as well). However, that ship has sailed and even a security nerd like me won't bother making a separate network just for these. So they're computing devices for this discussion.
Then there's everything else. It's surprising how any Internet-connected thingies there are these days. Ring doorbells, Nest thermostats, online appliances (fridges, washing machines, etc). At this point the Borepatch from four years ago would have told you to just walk away from all this nonsense. Don't Internet-enable anything in this category.
Today's Borepatch sighs and tells you that this is coming to a home near yours. It's here in my home. No, not the thermostat (which was installed by the previous owner and which I have not connected to the WiFi). However, the TVs all come with streaming apps for Netflix, Prime, and Youtube (among dozens of others). And The Queen Of The World reminds me that the kids like to stream when they come and visit. She likes it when they come and visit, as do I. And so we have to do something for these devices.
Fortunately, you don't need any new kit to do this. If you remember from the last post on water tight compartments, you don't own the Internet box from your network provider. Basically, you can't trust it, so you install a new firewall box running DD-WRT. It's trustworthy because you own it and have your own software and configuration on it.
All of your main computing devices connect to it's WiFi. All of the other devices (doorbells, thermostats, TVs, appliances) connect to the WiFi from your network provider's box.
What you've done is to put a firewall between your computing devices and your untrusted devices. It doesn't matter if your TV gets hacked because it can't get through your DD-WRT firewall to your computers.
Likewise, your TV is at least somewhat protected from the outside world because it's behind the firewall in your network provider's box.
This is a fascinating conversation.
This is SO not like the NASA interviews when I was a kid.
Who would have guessed a hundred years ago that Stanley Baldwin was right?
I dunno - he looks a little Woodrow Wilsonish to me. But if you're right, you're right.
And Nota Bene: it seems that DuckDuckGo can't find the link to that last post. Strangely, Google can. Search sting site:borepatch.blogspot.com best worst presidents on each site. So long, DuckDuckGo, it's been fun. But I can't trust you, and neither should my readers.
This post is the third in a series on how to make your home network harder to attack. Here are links to posts one and two.
Post two introduces the concept of a Firewall which is a device that lets you connect to the Internet without letting the Internet connect to you. Firewall technology comes embedded in your Internet provider's device like a Cable TV modem. A recent article does a comparison on a number of these devices.
If you look at the device it will look a lot like this:
Installing the device is really simple - red (labeled "WAN") goes to the outside which is untrusted, and yellow/WiFi go to your own devices which are trusted.
Except nothing is as simple as that. Your Internet provider actually owns the firewall device, it's not really yours. Some providers run their own WiFi network for other subscribers who happen to be passing by - Verizon is notorious for this, and you will often find all sorts of WiFi networks called "VerizonXYZ" or some such.
So who is outside the firewall, and who is inside? The question may sound pedantic but it's terribly important. Fortunately there is something you can do about this.
Ships used to sink all the time but this is pretty rare these days. One major reason for this is that they are divided into compartments which are watertight - if the ship hits a rock (or, like the Andrea Doria gets rammed by another ship) only one compartment will flood and the ship can likely make it to port.
_under_construction,_1_April_1940.jpg) |
| USS South Dakota under construction |
And it really is your firewall, although you'll have to buy it with cash money. But your devices connect to your firewall's yellow network connections, or to your firewall's (NOT your provider's firewall) WiFi.
Now you don't have to trust your provider because their device doesn't have access to your internal "watertight compartment".
Linksys, Netgear, and TP-Link are low cost options, running $30 - $70 or so.
The first thing you should do is replace your firewall's operating system with dd-wrt:
DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.
Here's a step by step tutorial on how to install dd-wrt on a Netgear device:
[UPDATE: Rick T in the comments says to check the dd-wrt website before buying a device, to make sure that the software supports that particular hardware.]
Why go to this hassle? Product longevity. Consider a $60 Netgear device. The profit margin on this to Netgear is probably $5. You can't pay for a lot of enhancements or security bug fixes with that. DD-wrt is an open source project with a bunch of passionate contributors. I like my chances on having a viable, supported software five years down the road with them. Not so much the device manufacturers.
So now you have a device you can trust for the long term. We're not done yet, because there's all sorts of new tech evil that people want to use - Ring doorbells, Alexa, etc. That's tomorrow.
Forget about the Internet and security for a moment - you already own something with a firewall. Your car has one between the engine and the passenger compartment, even if your car isn't a sweet 1969 Dodge Charger.
The firewall in your car is designed to contain engine fires to the engine compartment, not letting the flames spread to the passengers. Firewalls have been around cars for a long, long time - certainly since the 1930s, and probably a lot longer.
Now back to the Internet and security. Internet firewalls are designed to keep bad things (and Bad Guys) out of your network, so they don't burn down all your devices. Yes, I stretched that metaphor, but that's exactly where the name came from.
An old Internet wag once described a firewall as a device that "keeps the bad guys out while letting the good guys out". That's a really good description. Internet firewalls have been around for basically as long as there has been an Internet, say from around 1990. The technology is very well understood, and very mature. That's the good news.
The bad news is that there are a million ways to set up your firewall so it's more full of holes than Swiss cheese. This post will try to help you avoid this.
More good news: your Internet Provider almost certainly has a firewall capability in hte box that gives you Internet access. For example, if you get Internet via cable TV, you have not only a cable box that changes channels, you have a separate box that gives Internet. That thing has a firewall built in, so yay.
You an check this yourself via a web site that I've linked to a number of times over the years, Steve Gibson's Gibson Research. You should see something that looks like this:
So what went on when you ran that? There are a bunch of Internet services like web, email, and so on. Each uses a "port" - email is 25, web is 80, there are a bunch of others. What Gibson's app did was to try to connect to all of these posts on your IP address. Ideally, your firewall (like mine) dropped these connections in the trash can.
So from a first cut, your firewall is letting you out onto the Internet (so you can read this, hello!) but keeping the Bad Guys out.
But the devil is in the details of how we (and our devices) use the Internet. The next post in this series will explore this: Secure Your Home Network: Can (and should) you trust your devices?
This is the beginning of a new series about what (mostly) non-technical readers can do to lock down their home networks to a decent level of security. I need to start with some caveats here:
So if you're interested in this kind of thing, and are willing to spend a nominal amount of time and money to raise the bar on your home network security, follow along on this series of posts.
Tomorrow's post: What is a Firewall and why do you care?
