Friday, December 31, 2100

Welcome to JLind.net

Dedicated to the Practice of Polymathy

Polymathy:
The possession of learning in many fields.

Your host is John Lind. Here you will find a variety of posting on various topics spanning a wide range of activities and knowledge, some of which you will find quite esoteric, but for some it should be educational and useful. It wouldn't be polymathy if it weren't. I'm leaving this as the top posting to provide a permanent introduction. I will use labels to assist in getting to various different types of subject material.



I have two other blogs that have been set aside for hobbies/pastimes and films, two topics which can span a wide range of sub-topics on their own. They have their own sub-domains. These are their links:

Various hobbies and pastimes:  Watches.JLind.net

Film reviews and cinema commentary: Films.JLind.net



The main blog (this web site): JLind.net

Enjoy, learn and find some useful knowledge that can come in handy.

John

Thursday, December 5, 2019

Ethernet Cable RJ45 Plug Replacement

Cat 5e / Cat 6 Ethernet Cable RJ45 Plug Repair

So you've got an Ethernet cable without (maybe with) an anti-snag protector over the locking tab and it finally broke off. This has happened to countless Ethernet cables. The RJ in RJ45 stands for Registered Jack  (and RJ11 or RJ14  modular PSTN telephone plugs). It came about from an FCC mandate to standardize modular telephone jacks and their pinouts for wiring PSTN phone lines (good 'ol POTS line connections). Technically, an RJ11 may have six positions, but it only has two active wires - the center two. It's for single line PSTN phones. If someone has a two line phone and connection using four wires, it's technically an RJ14, which looks the same except it has four wires. The two middle ones are for line #1 and the pair on each side of them is for line #2. There's also the rarely used RJ25 which six wires for three lines, and yup, you guessed it, line #3 is the outermost pair.

The Fragile Locking Tab Breaks Too Easily . . .

I've digressed, but it gives some insight into the 8-wire RJ45 Ethernet cable plug and its origin. Whoever created the RJ design concept and its fragile locking tab should be soundly thrashed, publicly flogged, then tarred and feathered before being run out of town on a rail. I've seen countless telephone and Ethernet cables with broken tabs that cannot lock into the jack, just like this one. The arrow points to where the tab used to be. As is typical, it readily pulls out of an Ethernet jack and even if it doesn't pull out completely, the connection is very unreliable:

Repair or Replace . . .

That is the question. Most people pitch them, and then go to Best Buy, Staples, Office Max, or Target, depending on who is closest, and buy another as the broken one has created a connectivity crisis. Alas, these brick and mortar retail stores usually charge a king's ransom for decent Ethernet cables. They're much cheaper on Amazon, but then you have to wait a couple business days and pay shipping if you don't have Amazon Prime. Look first along the side of the cable. They're all marked with the internal wire gauge (AWG), how many volts can be pushed down the thin wires for PoE (Power over Ethernet) to power devices without using a wall wart (common for VoIP phones and remote cameras). Along with all that is the Category marking. Most encountered today will have Cat.5e marked on them, but there are many Cat.5 (no "e") still floating around, and the Cat. 6 are increasing in numbers. Cat.7 are currently rare (and expensive). The higher the category number, the greater the bandwidth (bits per second) you can push through the cable. If it's a Cat.5 (no "e"), pitch it and replace it with a Cat.6. The Cat.5 is obsolete. It was made for 10BaseT and 100BaseT Ethernet. It's only rated for 100 Megabit data throughput. If you find a Cat.4 cable, send it to the Smithsonian or some other museum with an ancient computer exhibit. Those with Cable provider Internet have a faster connection than a Cat.5 cable can deliver. Cat.5e was made for 1000BaseTX Gigabit bandwidth, ten times that. Cat.6 is the future and it's rated for 10 Gigabit with Cat.6a emerging now to handle a modest increase of that. If it's a Cat.5e cable under 25 feet that's otherwise in good condition, and used to connect a client device to a switch or router, you can keep it. Very few devices, including personal computers, demand more than 1 Gigabit throughput. VoIP phones require very little bandwidth. On the other hand, a shared media server on the home LAN should have Cat 6 to the router if multiple family members are accessing it simultaneously. It needs the bandwidth to handle multiple simultaneous demands for streaming content. Likewise, connections between routers and switches should be Cat. 6, as should the connection from the cable (or DSL) modem and the first router (the one with the WAN port, internal firewall, etc). The photo shows the markings on a five foot Cat.5e I just repaired.

Wire Gauge Considerations . . .

Almost pitched this one when I saw the wire gauge. It's 26 AWG which is mighty thin wire. Cat.5e for any appreciable distance should be at least 24 AWG, a thicker wire. The smaller the number, the larger the wire diameter. Historically, the wire gauge is the number of times it is "drawn" (pulled) in fabrication. The more times it's drawn, the thinner it becomes. Since the cable is only 5 feet long and isn't carrying any power for a device (PoE) of some kind (e.g. a camera or smart doorbell, etc.) it doesn't matter. I'll fix this one. If it were 25 feet or longer, or being used to carrying PoE to a device, I'd pitch it and replace it with a 24 or 23 AWG cable. For long distribution runs between switches and WiFi access points, 23 AWG works better with lower loss. For patch cables to go from a switch or router to another nearby switch or client device (e.g. computer, phone, TiVo, TV, etc.) 24 AWG is just fine. This is what typical wire gauge markings look like:

Required and Optional Tools and Materials

Required (bare minimum):



  • Diagonal Cutters (aka Dikes), Needle-nose Pliers with cutter, Electrician's Pliers with a cutter, or a Cable Cutter (for cutting video cable) in excellent (sharp) condition. Don't use scissors for cutting wire! It ruins them by nicking their cutting (shearing) edges.
  • Small #1 Phillips and flat tip screwdrivers (photo shows a reversible); almost made this optional, but it's very handy for a variety of tasks with consumer electronics.
  • Connector Crimping Tool with built-in outer sheath stripper. The one in the photo is made by Ideal and it's an excellent value for the price at about $25 from Amazon. It's nearly identical to the Klein Tools crimper and much less expensive. I like this style which has plenty of crimping leverage without the long jaws and handles. Fits in a small tool bag or tool pouch pocket, and it's smaller than the cable tester. This one can also handle RJ11/RJ14 phone plugs. However, it's made for the blind plugs, not the pass-through (see below). Klein makes a simple RJ45 (only) crimper, the VDV226-005, that's about the same size and price, and trims the wire ends off a pass-through style plug.
  • RJ45 plugs rated for Cat.5e and Cat.6 cables and data speeds. Two types of plugs. One is a blind termination with a solid plug end that requires cutting the wires to a proper length to fit to the plug end while having sufficient jacket for the crimping wedge to hold the entire cable in the plug. There's a narrow range of wire length of about 1/2" and all the wires must be very nearly the same length. Cutting the right length before insertion into the plug requires a bit of experience. The other kind in the bottle are "pass-through". With individual wires passing through the entire plug, they're easier for beginners to assemble and verify correct wire position visually. The wires can be cut at a slight angle letting the insertion get one wire placed properly at a time. The downside is having to trim off the excess wire flush to the plug end. Some crimping tools are made for these plugs and have a guillotine at the end of the plug that does this when it's crimped (e.g. the Klein mentioned above). Most diagonal wire cutters and cutters built into pliers cannot cut sufficiently flush with the end of the plug after crimping. The manual trimming method is pushing the cable hard into the plug, cutting as flush as possible manually before crimping, pulling back very slightly, and then crimping. Small diagonal cutters can get very close. Big ones don't work so well. A utility knife can also be used, very carefully to avoid trimming the end of your finger off with the wires. If too much protrudes, the plug won't seat fully into a jack. Unless you're dealing with 23 AWG cable, which is usually Cat.6 with solid copper wire for long distribution runs in overheads, plenums, and walls, the Cat.6 used for patch cables is typically 24 AWG stranded copper as the cable is subjected to being frequently flexed. I usually use 24 AWG Cat.5/Cat.6 rated plugs, but have used plugs made for 23 AWG without any problem. It's not quite as tight when the plastic wedge is crimped over the jacket though, increasing the importance of strain relief where the cable enters the plug. Plugs are dirt cheap from places like Amazon - typically 100 of them for about $5-$6 - and Amazon shipping (vs 3rd party seller) is free with Amazon Prime.
  • RJ45 strain relief anti-snag hoods. These not only provide some strain relief on the cable as it enters the plastic plug, they also protect the locking tab, to prevent it from breaking off as easily. There are a couple styles of anti-snag strain relief. I prefer these but they add to the width and height of the plug. Another type is the same width and height with tabs that fit into the back of the plug plus another flexible tab that extends over the top of the locking tab. The type is a matter of preference. IMO the ones in the photo are better for anti-snag but a tight fitting plug can be a bit harder to get out of a jack, especially on a switch or router with closely spaced jacks. Unless there aren't any on hand for an emergency cable repair, a strain relief that protects the locking tab is a must. The strain relief anti-snag hoods are just as cheap as the plugs. Total parts cost is about $0.10 - $0.12 per RJ45 plug replacement (if you do it carefully and get it right the first time; check twice; crimp once).

Optional (makes life easier but adds cost):


  • Magnifier, preferably on a table stand, or worn on the head that can be flipped up, but a hand-held works fine if that's what you have.
  • Cable sheath cutter. The crimping tool should have one but these can be more convenient. Comes free in some packages of RJ45 plugs.
  • Cable tester. These can be had from $10 to over $100. Don't buy the cheap Chinesium $10 tester. It will work once or twice and then inexplicably quit. I had a couple (past tense) and learned after the 2nd one went belly up after two or three uses. This one from Southwire was about $65 from Amazon. It's overkill for simple cable plug replacement although it's got a lot of bang for the buck compared to others. Southwire has a basic model, the M550, for about $31 on Amazon that will verify you got it right, or tell you what the fault is, and it's an excellent value. Like this one it can also test video cable. Doesn't have an RJ11/RJ14 jack but can be pressed into service with phone cables if you know what you're doing (a phone cable is typically very easy to inspect).
  • Swiss Army Knife "Super Tinker" (by Victorinox). Has a big blade, little blade, can opener, bottle opener, and most important, a #2 Phillips screwdriver, and scissors. The Phillips is much more useful for cable repair than a corkscrew. The scissors come in handy snipping a little more insulation jacket, cutting a center divider (most Cat.6 has it), and the string sometimes found inside the cable. (Not for cutting wire - that's what the wire cutters are for.) A Deluxe Tinker adds a small pair of slip-joint pliers, but small needle-nose are more useful.

Preparing the Cable . . .

  1. Cut the old RJ45 off using the cable or wire cutters and pitch the broken connector into the rubbish bin.
  2. Put the strain relief onto the cable end in the correct orientation. I've forgotten to do this and had to start over. Embarrassing. I do it right after lopping off the broken RJ45 now.
  3. Strip about 2 inches of cable jacket off of the cable, exposing the eight wires in four twisted pairs. Here I'm using the stripper built into the crimping tool.
  4. Spread the pairs apart. There will be an orange pair, a blue pair, a brown pair and a green pair I arrange them with the orange on the left, the blue away from me in the middle, the brown on the right, and the green toward me opposite the blue. Makes it easier for me to arrange the wires in order in the next part.

Untwisting the Pairs and Arranging Wires in Proper Sequence

  1. May seem counter-intuitive, but the locking tab is on the bottom of the connector. The contacts are on the top of the connector. As the end of the top is facing away from you, the pins are numbered 1-8 from left to right. The sequence of them isn't arbitrary, it's based on best crosstalk reduction and resilience to electrical interference from other nearby devices for maximum Cat.5e data throughput, which carries over into Cat.6 and Cat.7. There are two standards for the wiring sequence, T-568A and T-568B. If you look at the top (tab side down) of an Ethernet RJ45 you'll very nearly always see the T-568B color sequence. The difference between T-568A and B are the swapping of the orange and green wires. From a data throughput standpoint they have the same performance. The "A" has history in legacy USOC telephone wiring with the blue and orange being used for Line #1 and Line #2 respectively. It continues to be specified and required in some government contract work, but the rest of the world uses T-568B. It doesn't matter technically if both ends of a cable are one or the other, as long as they're both the same, but it's considered very bad practice to mix T-568A and T-568B cables in the same installation and system. Someone coming along later may very well see one and do a repair on a different cable assuming the entire installation used that standard when it didn't, ending up with a cross-wired cable. The average patch cable repair DIY'er should just use T-568B as it's likely all you will ever see in your lifetime. The last time I saw the T-568A color sequence was dealing with a PSTN telephone system decades ago, and it had nothing to do with Ethernet and digital data transmission. Everything Ethernet beyond four wire Cat.3 has all been T-568B. Unlike modular two-wire and four-wire telephone cables, both ends of a standard Ethernet cable should be wired the same. A "crossover" cable is a different animal with very special and unusual application. All current equipment will detect whether or not it should have a crossover and configure itself accordingly. Been that way for quite a few years now - to avoid the need for identifying those rare occasions requiring one. I've seen old documentation from the Cat.4 and Cat.5 era stating T-568A on one end and T-568B on the other end creates a cross-over cable. Not so in the current Cat.6 and Cat.7 era that can use all eight lines for full duplex Gigabit. Don't do it and you'll stay out of trouble. Make both ends T-568B.
  2. The wires should be untwisted and laid out from left to right as they will be inserted into the plug. This is why I had the green closest and blue farthest. It allows placing the green stripe and solid green around the blue pair. They alternate striped and solid, even though the green pair is split up around others. Get the wires as straight as possible. If using a pass-through style plug, you won't need to trim them down.
  3. In this repair I used a blind end plug and needed to trim them down after getting them in the proper sequence working them around to get them aligned with each other. I cut them with the diagonal cutters (not the scissors) while holding them firmly, and then continued to work and flex them some to get them more relaxed in the proper order.

Plug Assembly and Crimping

  1. Assembly into the plug which, should be done with the locking tab facing down can require some finagling to get the proper colored wires into the correct holes. The wires in some cables seem to have a mind of their own. There is a learning curve to doing this and it slowly gets easier with experience, especially with blind end plugs and the variants that have staggered wire holes. It's gotten much easier for me. The DIY'er who doesn't do them very often would probably find the pass-through easier to work with. For the non-staggered (vertically), I've found keeping the wires toward the top tends to guide them easier. For the plugs with vertically staggered holes (half slightly higher than the others) it can take a bit of wiggling. Don't force it, you'll just bend the wires and have to pull it apart and straighten them out.
  2. This is the time to do an inspection to ensure all the colors are in the proper holes. Use a magnifier if necessary, looking at not just the top, but the bottom as well even though it's more difficult through the tab. Take care that the plug doesn't slide off (been there, done that). Some striped wires are very sparsely striped. If one is out of order, pull it apart, reposition the wires in the proper sequence and go at it again. Patience is important and it gets quicker with experience. The pass-through is very easy to inspect and verify. Look twice; crimp once. Avoids wasting a plug and having to start all over from the beginning.
  3. Once you've verified they're all in the correct holes, the connector can be crimped using the crimping tool. A decent tool doesn't need to be expensive, but avoid the cheap $5 Chinesium crimper. They're sloppy and frustrating to work with. This Ideal is nearly identical to the Klein and was barely over $20 from Amazon. I was impressed when I unwrapped it and used it the first few times. Doesn't need that much force. You can tell when you've bottomed out from the feel of the tool. No point in cranking down with yet more force. It's not going to do anything except make your hand red.

Inspection, Strain Relief Assembly, and Test

  1. If you did the inspection right before crimping, this should be perfunctory, but it's worth a look anyway. Bad news never improves with age. If it's not wired correctly, it's not going to work when installed. May as well know it now. In addition to verifying color sequence again, I also look at the wedge that holds the cable in the connector, and contact penetration through the wires. Here, the three spear-point tips of the contact can be seen protruding from the bottom of the brown wire.
    More spear-point tips can be seen looking at the wires through the plug bottom. A magnifier can help, but even with that, looking through the locking tab at the center wires isn't very easy.

  2. Slide the strain relief over the rear of the plug and over the top of the locking tab. Shouldn't require much force. Some cables are larger in diameter than others which might require a bit of wiggling to move one that's a bit tight on the cable. You should know from feel and how far the locking tab is in or under the anti-snag hood when it's all the way on.

  3. If you have a tester, the final step is testing it. If everything was done properly, this should be a perfunctory verification, but if there was a mistake, Bad News never improves with age. Better to know now than later after installing the cable. It also verifies the insulation displacement tines on the contacts have done their job properly. This cable passed (difficult to read in the photo), with one end in the top of the tester and the other in the remote receiver. All of yours should also pass.
Go forth, be fruitful, and fix those Ethernet cables with broken locking tabs that are worth salvaging. Eventually, you may decide to give up buying finished cables and fabricate your own Ethernet patch cables cut to the length you need instead of having to live with one that's the next size longer than you need (or want), requiring you to loop it up and hide the loops somewhere. I just bought 1000 feet of 24 AWG copper stranded wire Cat.6a cable (made for patch cords), for about $133 on Amazon ($0.133 per foot), with free shipping to my doorstep (all 30+ pounds of it). Should last me for the rest of my lifetime. A 10 foot Cat.6a cable costs me about $1.50 in materials, and a 25 foot is roughly $3.75 which are very difficult prices to match for 550MHz Cat.6a rated cables.

One final tip . . .
Electrical cords should never be folded up flat and squished. It's very hard on the wires, and causes more resistance with the electrons having to go around hairpin turns (no joke, this is real). It's hardest on cables like these that have very fine wires in them, and it's a leading cause of cable failure other than the plugs. Excess cable should be coiled. I use thin strips of Velcro to hold the small coil. Likewise, stored cables should always be coiled up, without twisting them. I hate it when I unpack a new electronic device and see the thin power cable from the wall wart to the device folded up and smashed flat. Very bad practice, but seemingly commonplace. I always untie them and loop them into an untwisted coil, attempting to get rid of as much folded up memory as possible.

John

Saturday, March 24, 2018

Broken Computer Desk Door Replacement

Broken Computer Desk Door

Accidentally hit this door on the right pedestal of my computer desk. It's made out of pressed wood with a thin laminated fake wood veneer. When the door went past the hinge limit it broke the upper and lower corners with the hinge pins off. Didn't take much force; not with 1/2-inch pressed wood. I hate the stuff and wouldn't have bought a desk made of it (someone who shall not be named bought it). I'd have built my own. Nevertheless, the broken door sat leaning up against the desk for a while. Photo shows the old door with the handle hardware removed.

Got tired of looking at it after a few weeks. Time to replace it with 1/2-inch birch plywood, about the same natural color as the rest of the desk. I've got all the tools required to quickly fabricate the new door. Birch plywood is frequently used for simple cabinetry and craft projects. It's not a hardwood, but it's not a soft wood like pine or fir either. Has seven layers, not counting the two birch layers, one on each side. Its pale color is easy to stain to a desired shade. The large number of layers makes it extremely stable and quite strong, resisting warping, even under load when used in shelving, if it's the proper thickness. I've used oak and birch plywood in furniture where the edges would be concealed for that reason. A 12" x 24" piece was a couple inches larger than the ~11" x ~20"original door and it was cheap on Amazon, with free shipping. Arrived on my doorstep in two days.

Panel Cutting With 10-inch Table Saw


The first step was cutting it down to proper size. A table saw with the proper fence and fixtures is the perfect tool for making precision rectangular panels with perfect right angle corners. This was my father's 1954 Craftsman 10-inch table saw. As far back as I can remember, this saw sat in our garage. Dad used it for just about ever project involving wood and lumber, including dressers, desks and a hobby horse to ride on when I was 3 years old. Those that know vintage Craftsman shop tools will recognize the "Craftsman Gray" color. They don't make them like this any more. Has a heavy cast iron bed and the blade is belt drive. The blade arbor can be raised to within a fraction of an inch of the table top. A 10" diameter blade can cut through 4" rough cut lumber. Many saws are direct drive with the motor severely limiting how much of the blade can protrude through the top. First step is ensuring the blade is at a right angle to the table using a small square. The rip fence isn't original. Left a lot to be desired in making furniture. It was made from cast aluminum and part of it had cracked from clamping stress over the years. Replaced it about fifteen years ago with a heavy-duty precision fence.

Ripping the Long Sides Parallel


Ripping the long sides and getting them perfectly parallel is done by setting the fence for the first cut about a half-inch or so more than the width needed. The second cut on the opposite edge is done with the fence set at the exact finished width. With a fine finishing blade (has more teeth than a rough cut) you get very smooth finished edges that are exactly parallel to each other. The two grooves in the saw table on each side of the blade are called miter grooves for use with a miter fence (which I won't be using for this). The yellow device with thin fingers clamped into the left miter fence groove is a device to prevent kickback of the work piece as it's slowly fed through the saw. The edge of the work piece displaces the fingers slightly which allow it to move forward, but prevent the saw blade from pushing it backward. These work extremely well. Anyone who's witnessed a table saw kickback in which the saw teeth grab onto a work piece, hurling it back at the saw operator, can attest to never, ever wanting to have that happen. It can cause very serious injury and a narrow piece of wood can impale you. The stick with the yellow tip is a "push stick". Keeps your fingers away from the whirring blade, which can lop off fingers in the blink of an eye.

Crosscutting the Short Sides Square


After the long sides are parallel, the short sides can be cut at precise right angles to them. The aluminum table extension on the left could be used as it's able to slide and can be fitted with a miter fence for making crosscuts at any desired angle. It's locked down and won't be used in this project. Neither will the crosscut miter fence be used. It's better for narrower pieces such as 2x4 lumber and I've got a miter saw for that. When making many right angle crosscuts on panels, it's easier to use a crosscut sled that's permanently set to a right angle. I fabricated one from birch plywood nearly twenty years ago.


It has an aluminum U-channel the same width as the miter groove on the bottom. The U-channel used is a special type, the width of which can be tweaked with some adjusting screws and wedges. It's exactly the same width as the miter fence groove in the saw table. To make it, I bolted the channel to the bottom of then plywood panel and ran the piece through the saw, which gave it a perfect edge precisely at the side of the saw blade.


For the sled fence, I added a door threshold made of ash (the poor man's oak) at a precise right angle to the sled edge that had just been cut, with the end protruding slightly over the edge. Properly kiln dried ash is very hardy and stable. Ran it through the saw again to trim the sled fence off. I've used this homemade crosscut sled for countless panels over the years. Easy to make if you know how, and worth its weight in gold when cutting furniture and cabinetry panels. Due care and time taken to ensure the sled fence is exactly at a right angle to the edge is the secret to repeatedly getting precise right angle crosscuts reliably on panels every time.


As with ripping the long edge, the first cut is made trimming a bit off one edge. The second cut is the precise one for the desired length from the other edge. With the work piece on the sled up against its fence, it gives a precise right angle on the panel. The piece trimmed off goes into the bin of wood "scraps" that can be used for something in the future. That bin has saved untold dollars and trips to the lumber store for a small, quick project.


Any doubts about whether it's square? Measure the two diagonals. If it's square, they'll be exactly the same length.

Adding the Hardware


A quick trip to the drill press for the door hardware holes. Took the measurements off of the old door for the new one. What better use as a backstop for the through holes than the old door. :-) A small Forstner bit was used to countersink the door handle screw on the inside to keep its head flush with the inside surface. Instead of the original wood screws, I used pan head machine screws through the door panel on the hinge pins. This will prevent them from being pulled out if there's stress on the pins.


Back side of the old door on the left, and the finished new door on the right with all the hardware attached. The small black rectangle in the upper right corner is the steel plate for the door latch magnet to hold the door closed. There are a few extraneous holes in the old door are from using it as a backstop on the drill press when drilling the holes in the new door. :-)


Front side of the old door on the left, and the new door on the right with all the hardware attached. Project almost finished.

Installing the Door


New door installed on the computer desk pedestal. It's very nearly the same color as the desk's pressed wood laminate. Fits perfectly with an even gap all the way around. Measure twice and sometimes thrice. Cut and drill once. I may take the door out at some time in the future and add some clear semi-gloss urethane to it. It's in a very benign environment, so it doesn't need much protection from moisture or humidity.

Bonus Photo


If you thought the table saw was vintage, this was my Dad's 1936 vintage 13-inch band saw. I remember when he bought it used in the mid-1960's. For those familiar with vintage Craftsman, it's in pre-WWII "Craftsman Blue" livery. Although not used for this project, it still works quite well. The bed is thick cast iron. The wheels are heavy cast iron, and you can see where they drilled out material in the rims to balance them when it was manufactured. Once it spins up, the upper and lower wheels are like flywheels. The energy in them allows plowing through tough spots in lumber without bogging the saw down. They don't make them like this any more. The aluminum angle piece on the left is used as a fence, and the C-clamps on the right are used to clamp it to the saw's work table.

Monday, May 25, 2009

Invasion of the PC Snatchers

How to Join a BotNet Army Without Really Trying
(or Knowing Until It's Too Late)


Screen-shot of warning from Avast! A/V for the Trojan Dropper my ex-wife encountered:



Act I: Social Engineering
Ex-wife received an email from someone she knew related to her job. I've deliberately munged the hyperlink it contained with "#" characters to keep it from working (they were originally strings of numbers).
Subject: it should you be pleasant

Body:
Check this out http://rapidshare.com/files/#########/File.exe?0,#######
Disabled the hyperlink by munging it for very good reason. It doesn't simply go to a RapidShare web page; it immediately attempts to download and run a file stored on RapidShare. Firefox doesn't normally allow immediate download file execution, but Internet Explorer gives that option with "Run," "Save" and "Cancel" buttons (in that order). Too many folks will blithely "Run" the executable file out of habit! This type of email employs "Social Engineering" to persuade its recipient to run the program. The Ex's email address was harvested from the address book of a likely trusted source. In this case it was a known co-worker, but it could also be a family member or close friend.
  • The first flag that should cause alarm in this email is its subject line, "it should you be pleasant" which reads like a poorly translated user manual for a cheap Chinese toy (unless the trusted sender actually writes that way all the time)!
  • The second flag that should cause alarm is a RapidShare link for an executable program that attempts to immediately download the file. For those familiar with RapidShare, a proper link to a file stored there should lead to a RapidShare web page with information about the file and a download button. I'm still trying to figure out how this URL was crafted. Haven't been able to replicate my own version using innocuous files I've uploaded to RapidShare. However, I did find references to tools that can convert normal RapidShare download links into immediate, direct download links that bypass the normal RapidShare download web page. I suspect this link was crafted using one of these kinds of tools.
  • The third flag that should cause alarm is an executable file with no explanation about what it is, what it's for, or what it should be expected to do.
Act II: Trojan Horse
"File.exe" is only 23kb in size. This is tiny, even by MS-DOS 3.1 standards. Even so, it's extremely dangerous. Programs that initially penetrate a computer and its defenses are typically this small. They merely create the beachhead to facilitate the installation of larger programs that take over the machine. It signals, calls for the main invasion force payload, and provides the invasion path through a machine's defenses. It can also disable or circumvent the common means used to detect the malware invasion. This particular program is a Trojan Horse Dropper. It's called a Trojan Horse because the victim is enticed to invite it through the gates. This was done in Act I with the Social Engineering that convinced the victim to click on the link, download and run it. The task performed by "File.exe" when it's executed is providing a concealed path for the installation of a Rootkit, one that's completely hidden from the rest of the operating system, anti-virus software, and computer administrator(s) and user(s):
  • Opens a remote thread in "svchost.exe" to retrieve a Rootkit installer in a concealed manner that will not be detected.
  • Downloads the Rootkit installer into the current user's "temp" directory, from a completely different, remote server (using an IP address in, or obtained by "File.exe").
  • Silently runs the executable Rootkit installer in a manner completely concealed from the rest of the operating system, anti-virus software, and computer user(s) or administrator(s).
  • Only takes a few seconds and it's done. After that, "File.exe" has no useful purpose. Even if detected later and deleted, the damage it did is a "Done Deal."
Act III: Coup d'√Čtat
Rootkits are insidious. This Trojan Horse dropper pulls in a specific Rootkit called Win32:FaRoot [rtk] (Avast!'s name) and installs it. Rootkits work under a stealthy cloak that hides them from nearly all anti-virus detection software. Different types of Rootkits use a variety of techniques to keep the operating system, computer user, and anti-virus detection software from finding them. The underlying objective is keeping completely hidden from operating system view, not just normal end-user view, but low-level operating system view, protecting it from discovery, and actively preventing its eradication. It accomplishes this by creating "hooks" in the operating system to hide the Rootkit's "drivers" and their system registry entries from the rest of the operating system. They are locked to protect them from being deleted, even by a user with "administrator" privileges employing the system's registry editor, and that's if you can even find them. Once this Rootkit is embedded in the system, it grants itself completely unfettered, undetectable, and highly protected "administrator" control of everything on the computer from a remote location through a hidden "back-door" that's enabled by loading a driver every time the system boots. True Rootkits per se are not the real malware, other than their ability to hide themselves, and other files and processes it's programmed to hide. It's what happens next that does the real damage.

Act IV: Resistance is Futile, You Will Be Assimilated
One of the more insidious modifications this Rootkit makes to Windows is changing some registry entries to force using a pair of different network Domain Name Servers (DNS) that are located in eastern Europe. DNSs are how URLs (site names) get translated into numeric IP addresses. It's like a phone directory; send the name to the DNS and get the IP address number in return. The local service provider (e.g. DSL, cable, etc.) maintains their own Name Servers, usually two primary and two secondary for redundancy. Without a Name Server available, you go nowhere on the internet, but get stream of "site not found" errors instead. Service providers provide the DNS IP addresses to use on their network automatically when a computer connects to it. This is part of the "handshaking" that occurs when the network connection is made. Hijacking which DNS servers are used, and doing so in a way that's permanent unless these registry entries are deleted accomplishes several goals:
  • Every internet site visited by the computer (regardless of browser or other program used) generates traffic to these other DNSs to look up web site IPs; there is now a "history" of sites used by the victim.
  • These other DNSs now being used, presumably under control of the malware creators, can block or redirect attempts to update Windows with patches, Anti-Virus software, or access major Anti-Virus software sites to non-existing IP addresses. All one gets when trying to go anywhere on the internet to eradicate the beast is greeted with a "Site Not Found" error, or worse yet, a porn site that generates popups faster than a popcorn popper. Even Windows and anti-virus software automatic updating needs DNS availability to find their sites and update servers.
  • Can send you (if desired) through a "Proxy Server" they control when the computer is accessing web sites. This is called a "Man in the Middle" attack. If done properly, it's entirely transparent. You never know you're not communicating with an internet site directly, but through an intermediary. Legitimate proxy servers are used on large corporate networks to help protect their internal networks from the outside world. Because they act as a "proxy" they can passively record all the internet traffic passing through, to include HTTPS (encrypted, secure server traffic), effectively record screen shots of every web page, and log all the keystrokes made within a web browser (i.e. when entering a user name and password, or filling in a form with personal information).
Furthermore, it's capable of doing a "Lazarus Act" to resurrect itself using the operating system's "system restore" functions should the victim discover pieces of it and delete them. Many accomplish this by embedding reinstall code in the System Restore Points, deeply hidden (and protected) on the root of the boot drive. While not impossible to eradicate from the system Restore Points, it can be quite arduous and very time consuming to find which one it's been stashed in if there are a few hundred to choose from (typical if the computer has had the O/S installed for a couple years). Another location that can be used is the hard drive's Master Boot Record (MBR). No standard Anti-Virus tool will find it in an MBR, and only a few of the couple dozen Rootkit detectors will find it. The hard drive MBR is also not a place most would think of to find malware either. Worse yet, the MBR survives nuking the hard drive and re-installing the operating system from scratch unless specific action is taken to install or "restore" the drive's MBR. Not normally done when installing an operating system.

Act V: BotNet Army Marching Orders
Most of the time, the Rootkit is directed to install various additional pieces of malware on the victim's system. These include keystroke loggers and sometimes a remote monitoring utility that allows viewing the victim's desktop remotely at will, much in the same manner as a desktop can be shared in NetMeeting. Aside from being able to record keystrokes and capture desktop screenshots, the machine is now part of a BotNet that can be instructed to do just about anything from any remote location. The "generals" in command of these BotNet armies have a known history of doing a variety of things with their Zombie troops:
  • Lease or rent portions of a BotNet to others for a fee (who will use them to do just about anything that follows in this list).
  • Conduct Distributed Denial of Service attacks on internet sites.
  • Inject SPAM email into the internet through the BotNet machines' service providers email accounts (guess who gets blamed for spewing SPAM?).
  • Perform automated scans of internet IP addresses looking for vulnerable computers and servers.
  • Provide hidden server services for distributed storage and distribution of malware, Warez, pirated music/video, and (maybe) last, but certainly not least, (child) pornography (and guess who gets blamed for that, too?).
  • All of the above entails using the Rootkit to load, save, install, and execute additional files and programs, all cloaked under the Rootkit's protection, to comply with a remote location's orders from the BotNet Army commander.
The victim remains blissfully ignorant and unaware of all this . . . until . . .
  • Weird computer behavior is observed, such as unusual and continuous internet activity (the little icon in the tray or MODEM lights) when nothing should be accessing the network.
  • Internet account is suspended or shut down for spamming in violation of the ISP's Terms of Service (ToS).
  • Several Windows or Anti-Virus software update failure errors finally get the victim's attention.
  • Computer bogs down to a crawl slow enough to get the victim's attention.
  • Computer ultimately refuses to reboot (who said malware is bug-free?).
  • RIAA slaps the internet account holder with civil lawsuit for copyright violations (distribution of pirated music; yeah, it's happened).
  • The police or FBI show up with a warrant to seize all electronics in the house and arrest the internet account holder for child pornography distribution.
Epilogue:
We were lucky. The ex-wife declined to execute or download the program, once she found it was, indeed an executable. I copied the URL she was sent and downloaded it to my desktop without executing it, to study it more. It's now sitting innocuously, unable to do anything, in the Avast! Virus Chest on my computer (which prevents it from being accessed or executed).

Screen-shot of warning from Avast! A/V when I moved it to Avast!'s Virus Chest:



Would have been an absolute nightmare to recover from on her laptop. Did a Rootkit eradication to recover a laptop running WinXP that belonged to the son of a close business associate a couple years ago. Took about a week to completely clean up his son's computer, working on it in the evenings. About half the time was spent eradicating all the malware that had been installed under the Rootkit's cloak. The other half was spent finding and eradicating the Lazarus Code that kept resurrecting the Rootkit.

Tuesday, February 10, 2009

Much Cheaper Than a New One: Custom Desktop Computer Rebuild
It had been a while since I had upgraded my main desktop machine. Been building my own custom desktops since the mid-1980's, starting with a PC-XT clone with an Intel 8088 processor, 640kB RAM (yes, kB) 30MB (yes, MB) hard drive, Hercules graphics, and a 14" monochrome monitor. The technology has changed substantially since that first machine, and my primary desktop has evolved through an Intel 286, AMD 386, Cyrix 486, AMD K6-2, AMD Duron (Applebred), AMD Athlon XP, and into the AMD Athlon 64 processors. Before this rebuild, my main desktop was running an AMD Athlon 64 Socket 939 4000+ and AGP 8x graphics. It's upper the limit of Socket 939 AMD processors, with AGP or PCIe graphics. By no means a slouch in speed (faster than most current mid-level machines), it was time to upgrade it to multi-core processor and PCIe graphics. Had some decision-making to do. There is some system design required when doing a custom build. One can't push any hardware combination together and expect it to work well. It might, but it might not. Learned that the hard way when I started building my 386 and 486 machines. Nearly all compatibility considerations are driven by the motherboard and its chipset. However, it shouldn't be the first choice. I choose the processor and desired chipset (Northbridge / Southbridge). Then I look for a motherboard with the chipset that supports the processor. Looked at both AMD and Intel processors. Intel holds the edge on speed, but that's at the bleeding edge of processor technology, and they're quite expensive. Back down slightly to the top end of AMD's processors, and they're less expensive than the equivalent Intel. In the process, I discovered the AMD quad-core processor clock speeds were still substantially lower than top end of AMD's dual-core. In addition, current operating systems and application software are still geared for the lowest common denominator in the majority of machines in the current "installed user base": 32-bit single-core processors. Even the default install for Microsoft's newest operating systems, Vista, is 32-bit. The latest budget machines are still shipping with 32-bit processors (check out what's inside many of the "loss leaders" in the computer store ads). I opted once again for another AMD processor, a Socket AM2 Athlon 64 X2 6400+ dual-core with 3.2 GHz core clock. One of the chipset makers I've used heavily in the past, Via Systems, basically stopped supporting AMD processors with the Socket 939 and 940 Northbridge/Southbridge chipsets. Disappointing as nearly all their chipsets were excellent. The only real choices for an AMD Socket AM2 or AM2+ are the AMD and nVidia chipsets. Which one picks also tends to lock in which graphics chipset will be used: ATi (owned by AMD now) or nVidia. It is possible to use an nVidia graphics card on an AMD chipset motherboard, and vice versa, as the PCIe socket it is plugged into, and the graphics interface behind it is an industry standard. However, it doesn't allow leveraging on enhancements that can be had if an ATi graphics card is used with an AMD chipset motherboard, or an nVidia card is used with an nVidia chipset. This is especially true if one wants to run multiple graphics cards in tandem (i.e. ATi CrossFire or nVidia SLI). I've used nVidia graphics for a long time (4000, 5000, 6000 and 7000 series) and have always been pleased. After looking at the nVidia and AMD Northbridge/Southbridge chipsets though, I settled on the AMD's 790FX and SB600 chipset. These are found on AM2+ motherboards which support dual, triple and quad-core processors. If I wanted to upgrade to a quad later (as they gain core clock speed), I could. It meant I'd be using ATi (Radeon) graphics. After reading some about ATi's Crossfire, I picked ATi's HD3870 with plans to use a pair of them in CrossFireX mode. The current bleeding edge is the HD4870, but they're expensive. Could have gone with HD4850, one notch down from the 4870's. It was pretty much a coin-toss until I found substantial rebates on a pair of HD3870's. Added up the power requirements for all this and realized quickly I'd need a new power supply; one that's bigger than the solid 500 Watt that's been used for several generations of motherboards. It wouldn't be enough for the processor and pair of graphics cards. The new hardware architecture was settled:
  • AMD Athlon 64 X2 6400+ Dual Core
  • AMD 790FX Northbridge and SB600 Southbridge
  • AM2+ socket motherboard with ATX form factor to fit case
  • 4 GB DDR2 800 MHz (PC6400) low latency RAM (4-4-4-15-T1 timing)
  • Two ATi HD3870 Radeon cards in CrossFireX
  • Sony DRU-865S SATA DVD/CD Burner (with Lightscribe)
  • 850 Watt Antec power supply
  • 300 GB SATA II hard drive (reused from current machine)
  • 3.5" micro-floppy drive (reused from current machine)
  • Flash card reader (reused from current machine)
  • Soundblaster Audigy SE audio (reused from current machine)
The first step, before disconnecting anything from the existing machine, was backing up its hard drive completely. I used an external USB hard drive, and cloned the hard drive inside the machine to the external drive. These things are handy. Following drive upgrades, I've been putting the old drive into an external USB case. The contents of the 300GB drive fit onto the 250GB external USB drive with room to spare. The new machine will have a different processor, different supporting chipset on the motherboard, and equally different graphics. That requires completely different operating system drivers. The cleanest, most trouble-free rebuild requires completely reinstalling the operating system. I've tried simply booting up with the existing hard drive without reinstalling the operating system in the past. Doesn't work very well, and requires more time and effort to get the new machine working right compared to backing up the drive, wiping it clean, doing a complete operating system install, reinstalling application software, and then copying legacy data to be retained from the backup. A clone of the old drive ensures everything is saved, and can be retrieved. The only things to be reused in this project are the computer case, hard drive, floppy drive, flash card reader, and sound card. The case was originally bought to house an AMD K6-2 (Socket 7) system on an ATX form factor motherboard running Windows 95. It's solidly built out of heavy gauge steel; not a cheapie and worth reusing. Buying a new one with its materials and build quality, even without a power supply, would cost well over $100. The next step, after backing up the hard drive completely, was gutting it completely, down to just the case itself. Only one problem with reusing this case though. It's a horizontal desktop box which will be a little crowded after all the new hardware is installed, and it wasn't made to dissipate the heat generated by current higher-end processors, motherboards and graphics. Although there's an air intake fan on the front, the only exhaust is out through the power supply in the back. That sufficed until now, but it's insufficient for this upgrade. Pushing the very hot air generated by current high-end processors and graphics card(s) through a power supply would be hard on it. It needs some exhaust fans on the back, and the flat panel on the back, just above the rectangular hole for the ATX motherboard connectors, is the only viable location for mounting cooling fans in the rear of the case. It's the only unused area on the case back. Some measurements of the panel shows a pair of 60mm fans can be mounted next to each other. The task now is drilling the holes for the fans, and that requires a bi-metal hole saw. Turns out I've got one just the right size. The same size hole saw used for drilling holes in metal doors for door handles will make a hole just the right size for 60mm cooling fans. The fan mounting hole centers are marked first, and lines drawn between opposing centers locate the center point for the hole saw's pilot drill. Drilling sheet metal, even if it's steel, can deform it, especially when the drill begins to break through to the other side. A piece of scrap wood is clamped to the area of the case being drilled out to provide support. The other technique is not putting too much pressure on the drill, or too high a drill speed, using just enough to let the drill's cutting edges do the work. When it does break through, there's not as much metal left for the cutting edges to grab onto and twist. It also reduces the amount of burr left behind that must be removed after drilling the hole. The holes have been finished and the burrs removed. The remnants of marks made to locate hole centers can still be seen, but removing those doesn't matter much. It's on the back of the case that won't be seen when the computer is in use. I used a fine-tip Sharpie "permanent" marker. Some alcohol or similar solvent would easily remove the marks if desired. The fans have been mounted taking care to route their power cables so they don't get pinched, and won't interfere with the rest of the computer's components when they're installed in the case. The pair of fans selected are variable RPM to minimize fan noise to the level necessary for cooling. They have heat sensors on them, starting at a low RPM at room temperature, that increases fan RPM as heat from the air passing through them increases. These types of fans do the job for exhuast air; not recommended for intake fans (the air would always be cool). A look from the back with the new fans. I had considered adding a couple of grilles over the fans to keep things (like fingers) from coming into contact with spinning fan blades. The motor mounting in the fan box provides sufficient protection for the fan blades on these particular fans. They'll be OK without grilles over them. Note the horizontal line marked above the fans, and the small hole just above the fan on the right. The top case cover has a flange on the back, and the hole is for one of the five screws that attaches the case cover to the case. The fans had to be mounted below this line and hole as the case cover screw protrudes into the case when its cover is installed, and the fan mounting screws would interfere with the cover flange if it extended over the top of them. The fan mounting screws are nearly flush, but not quite. A vacuum cleaner and its hose attachment were used to completely clean all the sawdust, and more important, the metal filings out of the case. I removed and put back the drives in the drive cage while doing this. In retrospect I should have removed the CD/DVD burner, hard drive and 3.5" micro-floppy drive before drilling the holes and mounting the fans. I still use a 3.5" floppy disks occasionally. Booting from a floppy is required to flash a BIOS update on nearly every motherboard made. Now to deal with the motherboard. After looking at various AM2+ boards with 790FX/SB600 chipsets, reading some reviews on them, and comparing prices, I picked an MSI K9A2 Platinum that includes USB, Firewire and 1000BASE-T Ethernet on the motherboard. Even though it can handle up to four graphics cards in CrossFireX, I only plan to use two.Most motherboards come with plenty of cables for connecting peripheral devices (e.g. disk drives). This one is no exception. Also included is a backplate for installation in the computer case to provide the proper cutouts for all the rear connectors on the motherboard. The original ATX form factor had a fairly standard layout for its connectors, but that didn't last long. Centronics parallel and RS-232C serial ports were supplanted by USB, Firewire, Ethernet, and embedded audio connectors. Now, eSATA ports are becomming common (this motherboard has a pair of them).The next step is putting the backplate into the case. All the ones I've encountered with motherboards snap into the rectangular hole for them. Occasionally the motherboard makers will use one plate for several different motherboards and some tabs on them must be tweaked or completely removed for ports and connectors on the motherboard that wouldn't need to be for a different model number motherboard. The next photo shows the backplate installed into the large rectangular hole in the back of the case. The bottom halves of the two cooling fans can be seen just above it. Before handling the processor, motherboard, or any of the peripheral cards, there's an essential device called an ESD wrist strap that needs to be put on and the cord attached to a ground point on the case (can be clipped to any convenient, unpainted, exposed metal inside or around the case. While many folks get away without using one, the bare processor is an extremely ESD sensitive device. It can be easily damaged by ESD. An ounce of prevention is worth a pound of cure (and the cost of a new processor). When doing a rebuild that includes a new motherboard, I've found it easier to install the processor into its socket on the motherboard before installing the motherboard into the case. Doing it after the motherboard is in the case necessitates reaching down inside the case which isn't impossible, but is more difficult, especially with lining up the pins on the processor with the holes in the ZIF socket on the motherboard. This processor is the "retail" version that includes a heatsink and cooling fan for it. The amount of heat generated by this 135 Watt processor can be seen from the size of the and cooling fan and the heatsink it's mounted to, complete with copper pipes to facilitate heat transfer. It dwarfs the processor IC and is one of the reasons I added additional exhaust fans to the case. ZIF is an acronym for "Zero Insertion Force." ZIF sockets unlock to allow inserting an IC, cable, or connector with near zero "force" or friction, and then lock again after the device is seated. Processor ZIF sockets on motherboards have a locking arm along the side of the socket that's lifted to unlock it. The square socket takes a "Pin Grid Array." This processor has a grid of 940 small pins on its underside. (The four long "card edge" sockets to the left of the square processor socket are for RAM.) After the processor is carefully dropped into its socket, it literally drops into place when the pins are lined up correctly, the socket is locked using the locking arm and contacts inside the socket grip each pin tightly. The large black frame around the processor socket is for the heatsink, which attaches to and uses the frame to press the surface of the heatsink firmly onto the top of the processor. Next, the case is prepared for the motherboard. ATX form factor mounting holes are fairly standard. There are two or three variations, and some motherboards do not use all nine mounting points. Consequently, cases use removable brass studs and have threaded holes at all the possible mounting points for them. With this motherboard, I needed to move a couple of them as its mounting points were a different variant than the old motherboard. The studs are hexagonal which allows using a hex nut driver to remove and install them easily. Care must be taken to avoid over-torquing them as it can strip their threads, or worse yet, snap the stud off of its threaded end (requires extracting it from the hole to replace it with a new one; not easy to do). One of the cool tools I found some years ago is this one. Mounting points on the motherboard are surrounded closely by components and connectors, some of which are tall. This tool can grip a Phillips screw by the slots in its head, and it allows getting the screw started into its hole. If, perchance, the screw is dropped, it typically falls down into someplace that's hard to reach (one of many corollaries to Murphy's Law). There's a small magnet on the other end of this tool that allows retrieving it much easier than trying to use needle-nose pliers. The motherboard can now be installed into the computer case. As a double-check, I count the number of mounting holes in the motherboard, and the number of brass studs in the case, to ensure they match. There's not much extra room; typical of horizontal desktop cases. Care must be taken to get all the motherboard's external connectors through the holes of the backplate correctly before installing any of the mounting screws. The bottom of the motherboard should not be dragged across the tops of the studs in the case while inserting it, but should be lifted off of them slightly when adjusting it. That can damage copper traces on the underside of the board. The screws are started using the tool above, and then tightened down firmly (again, taking care not to over-torque) using a standard #2 Phillips driver. More clues to the heat that will be generated by the motherboard are the three heatsinks on the 790FX Northbridge, SB600 Southbridge, and a third IC, all connected together with copper tubing. The power supply comes next. When power requirements hit exceed 650 Watts and higher, the power supplies get bigger. Because of standard mounting points and dimensions inside cases, they get longer, extending deeper into the case. This 850 Watt Antec is no exception, extending a couple inches farther toward the front of the case than the 500 Watt supply it replaced. Fortunately there's enough room between it and the drives mounted in the drive cage for the power supply and drive cables, but it's just barely enough room. The blank space just to the right of the motherboard in the photo above is now completely filled by the power supply. The processer heatsink/fan assembly and the RAM are now installed. Even though there are four card edge slots for the RAM, I used two 2GB "sticks" for a total of 4GB RAM. They go into the slots nearest the processor, and the heatsink crowds them a little. The fans AMD uses on the heatsinks included with a "retail boxed" processor are exceptionally reliable and quiet. The large fan size helps reduce noise as it can turn at lower RPM to move the same amount of air. The lifespan of every AMD fan I've had has exceeded every aftermarket processor cooling fan I've bought. Don't know what their service life is yet as they're all still running. It's a major reason I try to buy "retail box" versions of AMD's processors. In this case, it was less expensive than buying a "bulk pack" version of the processor (intended for manufacturers and system builders) and separate AMD heatsink/fan assembly rated for this processor (they can be found separately, but it requires some searching on-line for them). The RAM also has heatsinks; typical of low latency, high speed RAM as it must be run at a slightly higher voltage to work correctly. This generates more heat which must be dissipated. Could have used four 1GB "sticks" or one 4GB "stick" but there are reasons for using exactly two of the slots and putting identical RAM in them. An even number (versus 1 or 3) of the same size allows the motherboard to use "dual channel" RAM access which it cannot do with an odd number. This greatly speeds RAM reads and writes. In addition, if all four slots were populated, a couple RAM timing parameters would have to be slowed down slightly (at the least, the T1 in its timing specs would have to back off to T2). Using exactly two, with exactly the same RAM in each of them, allows optimal RAM access speed, to the timing limits specified for the RAM by its manufacturer. The first of the two graphics cards is inserted into its PCIe slot before adding the other cards as it's the innermost slot. The second one and CrossFireX cables will be added after the machine is up and running with the operating system, hardware drivers, firewall (I disable Windows' firewall and use one of my own), and Anti-Virus software. The size of its cooling fan and heatsinks are yet more clues about the amount of heat this system will generate. The remaining cards, a Soundblaster Audigy and a WiFi card, are installed in two PCI slots, and then all the internal interconnecting cables are run. Unless there's a piece of hardware that will prevent connecting a cable after all the hardware is installed, I save running all the internal cables until the end of the hardware build. Doing this keeps them from getting in the way of installing hardware, and it allows routing the cabling properly over and around the hardware as required. Doing it before this often requires re-routing cables again after additional hardware is added. After double checking that all the internal interconnect cables are properly installed and connected by systematically inspecting each component, it's time for the "Smoke Test" (apply power and see if anything starts emitting smoke; no smoke means at least there aren't anycatastrophic mistakes). It's the reason the CPU cover hasn't been installed yet. Keyboard, mouse, monitor and speakers (in this build, the monitor has built-in speakers) are connected, and then the power cords. Wiping the hard drive completely clean before gutting the old system prevents the machine from attempting to boot the old install of the operating system and makes accessing the motherboard's system BIOS easier. It's passed the "Smoke Test" and no errors were indicated when the BIOS performed its POST (Power-On Self-Test). The BIOS is accessed by depressing a specific key on the keyboard when the machine is powered on. The manual for the motherboard contains instructions on which key to use (typically the F1, F10 or DELETE key, it varies by motherboard manufacturer). Time to make some BIOS settings specific to the hardware in this build:
  • Enabling the USB and Firewire ports
  • Disabling the Serial and Parallel ports (I'll never use them)
  • Disabling the on-board audio (I've installed my own Soundblaster card)
  • Enabling the SATA drive interfaces and disabling the IDE drive interfaces (I'm using a SATA hard drive and CD/DVD burner)
  • Disabling RAID (multiple hard drives can be configured to appear as a single one)
  • Setting RAM operating voltage and timing to its manufacturer's specs
  • Some additional timing parameters for the system bus (if you don't know what they are and what they do, and it isn't explained in the motherboard manual, leave these alone until you can look them up using Google).
The machine is then re-booted several times into BIOS to ensure it's at least stable enough to boot into BIOS. The cover is now put onto the CPU and the operating system is installed. The machine should not be connected to any network while installing the operating system! Firewall (if the one bundled with WinXP isn't used) and Anti-Virus software should be installed before connecting the machine to a network. The operating system is vulnerable to attack while it's being installed, and if it's allowed broadband internet access in the process, the operating system will be compromised. There are thousands of automated "bots" that scan the internet for vulnerable computers. A WinXP machine was compromised in less the 4 minutes in a test done by PC Magazine several years ago. A close friend forgot to disconnect his computer from the internet before installing WinXP. When he got done, he had to reformat the drive and start completely over. It had become a "Zombie" drafted into a Botnet Army. I'm putting Windows XP /x64 Professional on this platform. The "/x64" variant of Windows XP is the 64-bit version of WinXP. The common variants of WinXP (Home, Pro and Media Center) are all 32-bit. They'll run on a 64-bit hardware platform, but I prefer /x64 as it was created from 32-bit Windows Server 2003 (the server version of WinXP), which came several years after WinXP Home and Pro were released. Windows Server 2003, and WinXP /x64 are noticeably more stable than the 32-bit (aka /x86) WinXP Home or Pro. It does require having true 64-bit hardware drivers for all the hardware inside the machine, and for anything connected to it using a USB, Firewire, serial or parallel ports (e.g. printers, scanners, PDAs, cell phones, MP3 players, etc.). It's not a problem now, although it was one just after /x64 was released. Even iTunes can be installed for iPods (requires an easy to perform, minor hack to iTunes for Vista /x64). After intalling the operating system, hardware drivers are installed as needed for the processor, its supporting chipset, and other peripherals (e.g. graphics and audio). The general sequence I use:
  • Operating system (WinXP /x64 for this build)
  • Hardware drivers
  • Firewall and Anti-Virus software
  • Connect machine to internet and update A-V software
  • Update operating system with all critical updates (Windows Update for this build)
  • Customize the Windows user interface
  • Benchmark software (after which I run some benchmarks)
  • Application software (e.g. MS Office, OpenOffice, Adobe Reader, Nero, various games)
One of the benchmarks I use is Futuremark's 3D-Mark. The reason for running some benchmark software before installing other applications is to put the entire machine under full load and ensure its stable. If the benchmark software crashes while running its tests, this is investigated until the root cause is found (typically a timing paramete in BIOS must be tweaked). It prevents headaches later. I was very pleasantly surprised with the results of 3D-Mark05 after installing the 2nd graphics card and setting up CrossFireX. It's at the very top of reported benchmarks for similar machines in its class, and holds its own against the guys who build machines for nothing but sheer speed by overclocking everything and watercooling the processor, RAM and graphics cards. These guys don't care if the machine lasts only a day, or if its of any practical use for anything. They're after the highest benchmark score possible with a single run of the benchmark software (why the "Fastest System" score on the right is ridiculously high). Before installing other applications, I customized the Windows XP user interface on this machine. It looks a like Vista, including a Sidebar with Widgets, but it's not Vista, it's WinXP /x64. Who needs Vista? I don't, and I don't want it either. WinXP /x64 is smaller, more efficient and very stable. It doesn't have the continuing problematic stability issues Vista still has.

Welcome to JLind.net

Dedicated to the Practice of Polymathy Polymathy: The possession of learning in many fields. Your host is John Lind. Here you wi...