I'm Jason Firth.
I caught a video about Microsoft Edge today that got me thinking about something.
I find their attitude towards Edge and Windows 10 to be terribly lazy.
Let's look at some of the basic changes over Windows 7.
There's a new feature, the PC Settings app. Let's try to change the IP address:
To change the IP address, you have to open a win32 program. Oops!
To manage the SSID, you have to open a win32 program.
The settings app has many examples like this, where the new OS features are half-baked. If you want to make a change, it's time to hit the roulette wheel: Which program do you use to change this setting -- the original win32 program, or the new metro app?
Assuming, of course that the Metro app decides to work. The reliability of that framework is suspect. I routinely open the calculator to watch a screen with a calculator icon glaring back at me. When I have to head back to the original win32 versions of programs to do simple things like look at a picture or add 1+1, that's a fundamental breakdown, and Microsoft should be considering any instance of that to be an all-hands-on-deck situation.
That brings us to Edge.
In my experience, Edge just doesn't work very well, even (as seems to be a developing tradition), with other Microsoft products. I can't use it at work, because it doesn't function properly with Sharepoint. My only option is Internet Explorer. (Chrome and Firefox don't work with Sharepoint either, presumably because of the same problems that keep Edge from working). That essentially makes Edge useless for Enterprise, if it doesn't work with Sharepoint. That's lazy of Microsoft to create a new browser and ignore essential functionality for their core users.
Lazy can be good. Lazy can mean you reduce the complexity of tasks. Lazy can mean you make things easier, or that you do things in a less risky manner. In this case, lazy is bad. By half-assing the OS and the browser, you end up with programs that fundamentally can't complete the tasks they're supposed to do.
Edge currently has 1/4 of the users Internet Explorer has. Some of this is because Edge is only for Windows 10, but much of it is likely because Edge can't even do the things Internet Explorer does. Furthermore, Windows 10 has had much slower adoption than Windows 7. By this point after Windows 7 was released, it had a commanding lead over XP. By contrast, Windows 7 and Windows 10 are neck and neck. I believe the biggest reason for this is Microsoft's lazy behaviour. Windows 7 behaves like a cohesive product. Windows 10 feels like two completely different products have been inexpertly melted together with a heat gun. Unlike Windows 8 it doesn't scream in your face with its incompetence (The windows 8 start menu really is an excellent example of how not to do navigation), but that doesn't mean Windows 10 and it's associated products aren't still broken.
Sales of Desktop PCs have dropped below 100 Million for the first time in a long time. Some of that is just because laptops are so good these days. (I've been using laptops exclusively for years because I travel so much for work. I'm writing this on an Alienware R15) However, I strongly believe another reason is that Windows 10 is a poor OS, and people are choosing not to upgrade their PCs, lest they have to give up their Windows 7.
In other works, Microsoft has the ability to reverse the course of the industry. Come up with a polished OS that actually works in a straightforward manner, and I believe there will be an immediate boost to PCs.
Ironically, some of the changes have been made so Microsoft can emulate tablets and phones in form, but in doing so they've moved PCs away from them in terms of function: I can configure my android device from the settings app. I'm sure I could do the same on an iOS device. I can't do it from Windows 10. I can only imagine the nightmare that using a Windows 10 tablet or phone would be, based on my Windows 10 experience. It is completely understandable that because of their lazy choices, instead of Windows 10 being an advertisement for Microsoft's phone and tablet products, it is a case against them.
To move forward, Microsoft needs to stop adding new features and chasing the latest craze. They need to take a step back and put the work into building this platform.
It's simple, but not easy:
- Create a team consisting of one person with the authority to make decisions from each software team involved, a few UI designers, and a number of laymen who use Microsoft applications daily. For the laymen, reach out to customers, even! Corporate, personal, industrial, front-line users, IT users, software developers. You need their input. That input would have saved you from Windows 10.
- Come up with a list of every basic task users do in Windows. I bet it'll be a list of the top 1000 tasks between users and power users/sysadmins. Come up with a list of the top 100 tasks people do in each major piece of software such as Edge.
- You'll have a huge list, prioritize them. Personally, I'd focus on tasks that are done routinely, and tasks that are going to be major "pain points", such as configuring network interfaces. Spend the most time and make sure there's cross team interaction on the top priority items.
- Using the list as a template, enumerate the steps required to do each of these top tasks. Actually do the tasks to prove it.
- Ask yourself: "Is this really a reasonably easy way to do this? How would someone know how to do this besides Googling it?" (Being real here, Bing is garbage and you need to fix that too. Google "Windows XP Service Pack 3", then bing it. What are the top 3 links for each? Clearly, you've got problems. One disaster at a time, though) Honestly, if you look at the list of steps required for a lot of relatively basic tasks, there's absolutely no way you'd know how to do it. "Go 'run', then type 'horrentouslylong -cmdline', and choose the fourth tab and press the plus and type "arbitraryChars (seriously)". This is all garbage, and needs to be streamlined.
- Look for obvious stupid things. Going online to solve problems with my Internet connection just makes you guys look completely clueless. Keep the updated database of methods to solve problems with Internet connections locally! (That's just one example, mind you)
- Run user tests on users own hardware. Get random users to do the top tasks. I bet you'd be surprised to discover a lot of them don't actually work! At work, I often use the win32 image previewer because the Metro app doesn't work! I've erased purchased, licensed copies of windows 10 and replaced them with Linux because Windows suffers some of the worst bit rot since Windows ME, and the machine is locked solid from processes that "don't run while you're doing anything" but clearly do.
- Document the new methods to complete these key tasks.
- Ask the same questions about the new methods that you asked about the old ones.
- Fix the problems you find, make the changes you need to make. It's a short line, but most of the work.
- Have lay users test each solution to make sure it actually works and is actually intuitive! Don't use a strict test script, let users try to figure out how to do each task in their own way. In fact, if you can run a test by scenario instead of by task (for example, let IT folks set up a PC for use on their own network, or let a home user set up a PC for their own use)
- Use your documentation and the results of user testing to create user documentation for all these top tasks, and include the latest version of these documents offline.
Like I said, it wouldn't be easy, but in spite of the fact that the form may be different than a tablet or phone, the function would be the same: Finally, all the basic functions of Windows and its major applications would work in a fully functional and intuitive manner.
You want people to use your store? Your phone OS? Your tablets? You need to get your day 0 stuff sorted out. People need to be able to trust your software to be basically competent before they give you license to do more.
If I'm being honest (and I recognise this may be a controversial statement), Google does this very well. People trust their search engine because it does the basics well. Their mail does the basics very well. Youtube does the basics very well. Google maps do the basics very well. Android does the basics very well. Because they do the basics well, they are given license to do more. People are willing to let Google drive their car for them, because their software is generally competent, functional, and easy to use. Nobody is willing to let Microsoft drive their car for them (or their phone, or their tablet, or their search engine, or their web browser) because Microsoft isn't doing the basics well, and thus lacks license to try more. Microsoft wants to brag about the quality of their work, but their work doesn't speak for itself.
This can apply to control systems as well. If we don't do work that is generally competent, functional, and easy to use, then we won't get license to do more. Managers won't want to let us try things, front line workers won't be willing to let controllers stay in auto, and the money will go elsewhere, to other capital projects that perhaps do have histories of being those 3 things.
Thanks for reading!Aug 292017
I'm Jason Firth.
I don't make it a habit of commenting on local news stories, but this one really got under my skin: A car dealership demanded additional money from a customer after the sale concluded, and when the purchaser refused to comply, they remotely disabled the vehicle.
A consumer rights organization spoke to consumer rights law, but let's call a spade a spade here: this is a criminal act. Someone should be going to jail over this.
Perhaps you think I'm being melodramatic about this, but hear me out. This dealer accessed computer equipment they had sold -- equipment they no longer owned and were not authorized to access. They did so for the express purpose of following up on a threat they'd made: "either pay us, or we will hack and disable your vehicle."
This is exactly the modus operandi of the WannaCry hackers. They took over systems they did not own, and issued an ultimatum: pay us or lose access to these systems we do not own.
Besides the thinnest veneer of respectability, there is no difference between the two.
Well, there is one difference, but it is without distinction for legal purposes: whereas the WannaCry hackers had to force their way into systems, the auto dealership left a bomb in the car they once owned.
On a few occasions, disgruntled former employees have used old usernames and passwords to get into the systems of former employers. It's still very illegal and the fact that they had a username and password does not mean they are magically authorized to enter systems for which they no longer have reason to enter.
Both the WannaCry hackers and disgruntled former employees would go to jail for their crimes. The responsible people at this dealership ought to as well.
In the grand scheme of things, this should also be a warning to those of us who are in charge of digital systems: if a car dealership can commit extortion, if they can use a trap well laid to demand more money, then so can former employees. It's important then to make sure you revoke permissions immediately when people leave the company, and do routine audits to find hidden bombs before they can turn into a threat down the line.
Thanks for reading!
February 20, 2015
I'm Jason Firth.
A few months back, I had a discussion with someone about how to communicate with a PC over Modbus Plus without breaking the bank. I decided to take the highlights of that conversation and bring them together in a blog post so others might be able to use the information.
Modbus Plus is still a widely used protocol in industry where Schneider Modicon PLCs are in use. However; it's not a cheap protocol to work with. A USB Modbus Plus dongle for your PC will run you over $2000!
That's a lot of money if you just want to look at some bits in the PLC. Today, I want to look at some other options.
Modbus Plus is a completely different protocol than Modbus.
Modbus Plus uses a proprietary signalling standard, where Modbus generally uses RS-232 or RS-485. Modbus Plus supports routing, where Modbus has no networking features. Modbus Plus requires a DSP to handle the communications, where Modbus can use a standard UART. Modbus Plus is peer-to-peer, where Modbus is master/slave. Modbus Plus uses a token passing system to ensure everyone gets a turn on the line, where Modbus doesn't have any mechanisms (hence requiring the master/slave architecture where the master dictates who will speak). You just set your addresses, and all the devices will start talking. The Bridge Multiplexer acts as a gateway between the two protocols.
Modbus Plus allows for routing between devices called Bridge Pluses. The way you do this is by defining the modbus plus address of each bridge plus you pass through. For example, if you have node 1 on a modbus plus network with a bridge plus node 64, and there's a node 32 on the other side you want to communicate with, you'd be communicating with 126.96.36.199.0
So to make sure your modbus devices can talk over a modbus plus network, you need to map the single values to modbus plus addresses.
Modbus plus requires a DSP. This means that no matter what, you're going to need a dedicated piece of hardware to communicate on the network. You can't just slap an RS-232 pigtail together and hope it will work.
Here are two potential options: first, if you get a PC with an ISA slot, the cards are quite inexpensive. I found some on eBay for 100-200 USD. A PICMG backplane can use an ISA slot, and there are industrial main boards still available. The downside to this is that you may be stuck using a very slow PC just to communicate with your one PLC.
Another option is a bridge multiplexer, which converts modbus plus to modbus. It takes a bit to put together, but it should work. I found a bridge MUX on eBay for 100usd when I first investigated this option. Today, I've found them for under $250 on eBay.
The manual really overcomplicates things.
There are models on page 10 of the manual -- nw-bm85-000; NW-bm85C000; and NW-BM85D008 which don't need a special progran. You don't need to make a C++ program. You connect to one of the serial ports (I think the second one) and put the bridge into programming mode by flipping a DIP switch on the back, then it gives you a fairly nice and easy menu based interface to configure what it does.
You'll need to figure out master/slave stuff, because modbus is client/host but modbus plus is peer to peer, but it should be very doable.
The master in a modbus interaction is the device that actually sends the commands. For example, I programmed a modbus TCP library, and in that case, the device that initiates the connection is the master: you connect, then either tell the device you want to read or write a coil or register, then the slave device that you connected to will respond with either a success/fail message for a write, or the data you wanted or an error message.
The Peer-to-peer feature is relevant because it means nothing on the Modbus Plus network is a master or a slave. They'll just take care of communications on their own. In my tests, the only problem I could cause to the modbus plus network is if you set your bridge mux to the same address modbus plus address as something else on the modbus plus network. If you set a wrong modbus setting in the text interface, all you're going to do is not communicate with the Modbus Plus network over the Modbus port.
Here's how I managed to talk to a PLC using my PLC software and a BM85 connected to my serial port.
I set my modbus plus address of the BM85 to 2 by turning the first switch on and the rest off.
I entered config mode using the dip switch on the back
Once the screen loaded, I entered the following commands:
E1 01 20 00 00 00 00
Press y to confirm
Turn off bm85 and return config mode to run mode.
One key thing seems to be the rs-232 cable from the PC to the BM85. I used a 990NAA26320 but the wiring diagram should work ok to make a cable similar.
So what you'll have is:
Your PLC, and bm85 daisy chained together on the modbus plus network.
Your PC plugged into the BM85 on modbus port 1.
Your BM85 set to a free Modbus Plus port
Your PLC set to whatever it is (no change)
Your bm85 configured using the keystrokes above, in run mode.
I use Fasttrak softworks, so I open it up and set it up to look at the COM port. Next, I did a PLC connect and did a port scan. I saw the BM85 and the PLC. Next, I chose the PLC from the list and hit connect. I was talking to the PLC!
So what's going on: In this situation, you have two types of communication going on: The Modbus Plus communication, and the Modbus communication. So the PC acts as the master in a modbus communication. It sends commands to the bridge mux. The bridge mux, while configured with the master option, is actually acting as a slave on the modbus port: It is only responding to commands the PC master provides. The BM85 receives the message, and saves it so it can send a corresponding message on the modbus plus network to the PLC.
Now, you have another network, the Modbus Plus network. What's going on there is, each device gets a token which is its turn to speak, and it says what it has to say on the modbus plus network and passes the token to the next device.
If the PLC and the BM85 are all configured, all this is transparent behind the scenes.
So let's talk troubleshooting.
If you seem to have all the right pieces connected in the right way, I'd start from the outside and work my way in.
Can you connect to a PLC using your directly using the serial cable? If so, then you've proven the converter and the cable. I know that those serial converters can be flaky -- If you plug them into different USB ports, they'll use different COM addresses. You can check device manager to make sure you're configured for the COM port you think you're using.
What is your BM85 Modbus Plus LED doing? The following are the flash codes for Modbus Plus:
Six flashes/second Normal operating state. All nodes on a healthy network flash this pattern.
One flash/second The node is off-line. After being in this state for 5 seconds, the node attempts to go to its normal operating state.
Two flashes, then OFF for 2 seconds The node detects the network token being passed among other nodes, but it never receives the token.
Three flashes, then OFF for 1.7 seconds The node does not detect any token passing on the network.
Four flashes, then OFF for 1.4 seconds The node has detected another node using the same address.
If the light is flashing 6 flashes per second, then it suggests that your Modbus Plus network is working correctly.
Thanks for reading!Feb 092015
February 9, 2015
I'm Jason Firth.
Eventually, I knew I would be writing at length about Modbus Plus.
Modbus Plus is the protocol that Modicon created to supersede the Modbus protocol. It has some superficial similarities, but it quite different under the hood.
Modbus is a Master/Slave protocol. One device is the master, and tells which Modbus slave to talk. By contrast, Modbus Plus is a peer-to-peer protocol. Each Modbus Plus device can request data from any other device.
Modbus doesn't have any real way to manage congestion, because there should never be congestion. The master requests data, and will not request more data until the first is sent. By contrast, Modbus Plus uses a token passing mechanism, where each node in the network gets a chance to talk, then once it has finished talking it will pass the token to the next node.
Modbus generally relies on RS-232, RS-422, or RS-485 signalling to communicate. By contrast, Modbus Plus uses a proprietary signalling protocol over a single twisted pair of wires. Modbus can be implemented using a standard UART, where Modbus Plus requires a special DSP.
Physically, Modbus Plus is a bus protocol. All devices are electrically connected to every other device on the Modbus Plus network through an electrically continuous shielded twisted pair cable.
Modbus basically doesn't have network capability by itself. However, Modbus Plus has basic networking capability. Using a device called a "Bridge Plus", you can connect different Modbus Plus networks together. The address you use to connect to a device is actually the path of devices you follow to get to the other device. If you were connecting to device 1 on the local Modbus Plus network, then you'd connect to 188.8.131.52.0. If you were connecting through a bridge multiplexer at address 2, then you'd connect to 184.108.40.206.0. If you went a step further and connected to 1 through yet another bridge multiplexer across the network at address 3, then you'd use address 220.127.116.11.0.
The data transferred using Modbus and Modbus Plus is roughly equivalent. You can send and receive inputs and coils, inputs and registers. There are also other operation codes in the protocol for diagnostics, or programming PLCs, or a number of other functions.
There are 3 types of connector routinely used for Modbus Plus. The AS-MBKT-085 inline connector takes a Modbus Plus cable and stabs the wires, to establish continuity. The 990NAD23000 Tap takes that cable and stabs the wire into a "tap", which connects to a moulded cable which connects to the device. The 990NAD23020 or 990NAD23021 Supertap doesn't stab the wire, instead using screw terminals to connect the Modbus Plus cable and the moulded drop cable.
Today I want to look at the AS-MBKT-085 inline Modbus Plus connector. We're going to look inside one.
The first thing you need to realize about these connectors is, they're not cheap. This store is selling one for 35 USD, and that's about what you can expect to pay. I've seen some online stores asking for twice that.
So, what are you getting for your money? Well, first, let's look at what this thing does.
Here, you can see a Modbus Plus connector with wires already crimped into it.
Normally, the shield grounds to the middle pad, and the wires are held in place by the plastic back, which is itself held to the connector with a screw.
The stabs which hold the wires are fastened to the connector with screws, so we'll pull them out.
I expected the connector to be welded shut, but it's actually held in place with 3 pegs which push into 3 holes. Once I had a point I could leverage, I could pry the connector apart.
So here's what we have: 3 metal block with a threaded hole, connected to a regular D9 connector.
Taking apart the connector further, I found that the ground is coupled to the chassis ground using a capacitor. That's all there is to it!
And how about those light grey plugs? The difference is that there's a 120 Ohm resistor across the data pairs. That's the difference.
Thanks for reading!Jan 182015
January 18, 2015
I'm Jason Firth.
I want to talk a bit about a trend I've been seeing.
First, some background to understand where I'm coming from.
Downloading a piece of software on the Internet is a real gamble.
Of course, some software contains viruses meant to destroy your PC, but that's a relatively small amount. To really understand where the software that will really harm you comes from, you need to follow the money. Some people make money stealing proprietary secrets from companies, or credit card numbers, or passwords for paid accounts on services like netflix. Other people make money selling advertising displayed through unscrupulous means. Still other people make their money controlling "botnets", which are large numbers of computers (computers owned by normal people) infected with worms that take control which allow buyers to send specially crafted packets to servers intended to tie up resources like bandwidth and memory in order to prevent that server from operating, in an attack called a "Distributed Denial of Service", or DDoS.
There are a few ways you can be infected (called 'vectors'). In 1999, my first website was hosted on a free web host, and I visited my own website to learn it was trying to install a spyware program on my PC (I soon after started paying for ad-free hosting). In 2000, the ILOVEYOU worm moved through e-mail, and the e-mail program outlook at the time would automatically run the infection script when the e-mail was viewed. 2004, the sasser worm could infect a PC that was simply connected to the Internet, without the owner of the computer doing anything wrong. Along the way, programs that were (or appeared to be) useful eventually started being bundled with a new kind of worm, that served advertising content even when the program wasn't running. Some applications installed this software without any indication that it was doing anything. Others would try to hide their request to install behind deceptive wording or deceptive button placement. Either way, once installed, the new program would display advertising on your PC even when you weren't using the application that installed the ad program -- in fact, sometimes even after the original program was uninstalled.
My first job was as a registered apprentice helpdesk support analyst for a school board. One of the challenges they faced at the time was removing the programs installed by peer to peer file sharing programs (it was a more innocent time before such computers were completely locked down). These programs would cause web advertisements to appear, and used resources that the old Pentium 133MHz machines with 32MB of RAM couldn't really afford to give up.
If you want to be assured that software from the Internet is safe, you have only a few options. You can download only from trusted proprietary sources like Microsoft. You can just not download anything at all. A third option for a long time was Free and Open Source software. This software is written by hobbyists or by companies who want to build an open platform, and is licensed so that everyone who wants to use it can use it, and anyone can access the source code and use it, but only if they release any modifications for use by others. (There are other free licenses which are broader, but we'll discuss this one for now). These programs didn't usually come with problem software, because anyone could check the code, and compile a clean version from scratch.
Unfortunately, something has changed. The largest distributor of open source software, called Sourceforge, changed owners a few years back, and now they encourage top projects to try to install this problem software on their users computers.
I've contributed to open source projects over the years. I've written documentation, I've written code, I've even started projects. I believe in the idea. To see big projects that people like me have put their heart and soul into and to have it used to try to unscrupulously infect other people's computers, I consider that criminal, and I consider it a tragedy.
I consider it criminal because any consent could only be possibly be gained through deception, because no reasonable person would allow such software to be installed on their computer. "Hey, want me to put advertising on every webpage you visit, even the ones without advertising? Want me to randomly pop up advertising all the time? Want all this to happen even when you're not using my program?" -- of course the answer is 'No'. I've seen them get an "I agree" click by using deceptive language ("Click if you don't want to unagree that we won't not install the software"), or by using deceptive button placement ("next next next next next I agree to be infected with a virus"). I don't consider this access to one's computer legitimately authorized, and thus taking over people's computer is a cyber-crime. Governments around the world appear to agree with me, because laws are being passed all the time to make it perfectly clear for the courts that this sort of behaviour isn't acceptable.
As for why I consider it a tragedy, imagine the passion of people contributing to their favourite open source projects, working for no compensation. Their reward? To have the project maintainer try to take over their computer for monetary gain. That's tragic. It really is the tragedy of the commons here, where someone realized they could burn it all to the ground to make a buck. That's very sad.
Anyway, back to instrumentation next time. I just had to vent about the end of an era: The era where you could at least trust an open source project.
Thanks for reading!Jan 032015
January 3, 2015
I'm Jason Firth.
Last time, I posted about openness. One of the ways openness can help everyone is by providing flexibility to do things that may not have otherwise been possible.
At this point, many software packages use Microsoft SQL server as a front-end. Pi Historian and Wonderware Historian, for example, both use SQL Server as a front-end.
This provides some really neat opportunities. You can automate the retrieval or analysis of data from the historian, for example. Visual Studio Express is available for free, and includes all the APIs for communicating with an SQL server.
Let's say you don't want to do anything that complicated. What if you just want to run a simple query and spit out a simple table?
If you're running a computer with SQL Server or the free to download and use SQL Server express, you can use the sqlcmd command from the command line.
You can use the command line "sqlcmd -S [protocol:]server[\instance_name][,port] -U [userid] -p [password]" to connect to a command line instance, but the really interesting part is that you can use "-i input_file[,input_file2...]" or "-o output_file" to automate the running of certain queries.
The input file is a script written in TRANSACT-SQL, (that "Select * where" stuff).
Knowing this, you can pull data and manipulate data from the command line, or from batch files. That isn't something you may want to use for everything on a regular basis, but it's a great little tool to have in your back pocket for those times when you have to get a little script going quickly.
Thanks for reading!