Saturday, February 21, 2015

The Keys to the Kingdom

Apparently, the NSA stole the keys to the GSM kingdom.  It was already clear that GSM is not secure and two heads of state were annoyed by the Yanks listening in to their calls already, but this is ridiculous:  https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

What is clear, is that the US government doesn't care how much damage the NSA causes to states and corporations the world over.  This is a Dutch/French company, NATO members and the NSA did them in to the tune of half a billion Dollars, with hardly a peep from any politician anywhere.  If your computer system is not secure, then you can lose your business thanks to the US military, whether you are an ally, at peace, at war or neutral.  With such friends, who needs enemies?

The CTO of Lenovo has now proven himself to be just as clueless as a previous CTO of Sony: http://www.wired.com/2015/02/lenovo-superfish/

They all failed to understand that if you subvert thousands of computers, then the system is weakened and can be misused by anyone else too.  Even the much maligned DHS is on the ball on this one http://www.reuters.com/article/2015/02/20/us-lenovo-cybersecurity-dhs-idUSKBN0LO21U20150220

Where did these guys buy their university degree certificates - maybe here http://www.iwantadegree.co.uk/cyberdegree3.html?

The only way to combat the spying, is to buy all your computer and networking equipment in bits and pieces from random vendors and assemble it yourself, then load it with an obscure version of UNIX such as OpenBSD.


Whatever comes preinstalled on any machine, not only from the special class at Lenovo, cannot be trusted.

Monday, February 9, 2015

Thermionic Valve Amplifier

I stumbled upon a source for some cool old stuff called Magic Eye tubes.  The shop is in Chelyabinsk Russia, called Tubes Store.

Here is a nice VU meter video:
http://tubes-store.com/product_info.php?cPath=31_59&products_id=5

While browsing there, I decided to make a little(!) audio amplifier to hook to my Mac, get a couple of Magic Eye tubes to use for a VU meter (blah) or robot eyes (yes!) and some Nixie tubes for a clock or digital read-out, or goodness knows what, so I ended up buying a handful of brand new old junk.

Skeleton of FR4 on a wood base - It sounds great!

Now the problem is getting high voltage transformers and capacitors that can handle >200 Volts.  Everything in my junk box is low voltage and will go pop, just like the weasel of yore.

When I built radios and avionics at Grinel, there was a huge 15 Kilowatt Klystron valve sitting in the store across the hallway - a relic from a previous radar project.  That thing was about 1 meter tall and the wooden floor of the room actually sagged under its weight.  The valves used in this project are ever so slightly smaller...

After a little bit of head scratching, I came up with this cool little thermionic valve audio amplifier design.  For fun, I added a 3 way tone control:


It is a pretty standard push-puller, using a miniature 6N21B dual triode valve at the front end and a pair of 6E6PE power tetrode valves at the back end (It is a rough drawing, but it gives the idea - I ended up using a full wave rectifier).  This push pull circuit should be able to deliver about 20 W RMS and will make a good lead guitar amplifier.

The first bipolar transistor audio amplifier I built when I was about 12 and the first song that blared forth was Money Honey, from the Bay City Rollers.  Yeah, I'm that old...

How Does a Valve Work?  

In the middle is a heating coil.  Around the coil, is a metal tube called the Cathode.  Around the Cathode is a wire grid, called... wait for it... drum roll... the Grid.  Around the grid is another metal tube called the Anode.  The plates are blackened to improve their ability to shed/absorb flying electrons.  The glass bulb is evacuated, thus enabling electrons to fly unimpeded from the Cathode to the Anode, which is powered at a high positive voltage of 150V or more.  The Grid is biassed negative w.r.t. the Cathode and controls the electron flow, hence the name Thermionic Valve.  To make the Grid 'negative', put a series resistor and bypass capacitor on the Cathode to bias it somewhere north of plus 20 Volt.

With a small signal on the grid, the valve can control a large electron flow between the Cathode and Anode, which makes an amplifier.  Therefore a valve and a MOSFET transistor work sorta kinda the same, except that a MOSFET doesn't need a heater or a vacuum.

For an output stage made from bipolar transistors, one can use NPN and PNP power transistors, but all valves are the same since nobody managed to make a positronic valve yet, so a transformer is required to make a complimentary output.  It is also required to transform the impedance down to drive a low ohmage speaker - about 6000:1.

The second audio amp I built was a monster - a 600 Watt RMS bipolar transistor bass guitar amp - and the first song that thundered out of that one at 2am at night was Tie Your Mother Down of Queen.  I don't want to know what the neighbours thought of it.

Due to the high voltages, I used big 2 W metal film resistors, except for R5, R8 and R20, which I made 10W wire wound.   Don't use carbon resistors in an audio amplifier - they are noisy.  Metal film only cost a few pennies more and they don't hiss.  The capacitors should all be 250V or higher rated, to keep them from going pop.

When I finally turned up the volume on this little tube amp, the first song that came out of the speaker from my Mac tuned to Antenna Bayern, was - wait for it - drum roll...  Music Was My First Love of John Miles - really!

Improvising and Bread Boarding

Now where on earth can I get transformers for the 6.3V heaters and 160 V anodes?  Thermionic valves are very forgiving - they don't blow or burn out easily, so the voltages and resistors used in a valve project need not be accurate - most anything goes, provided that the part voltage rating is high enough.  One could use an automotive ignition coil for the audio output transformer (10,000:1) and a couple of low voltage transformers back to back for the heater and high voltage power supply, but it turned out that there is a manufacturer of replica guitar amp transformers in Canada, Hammond Manufacturing, eh...

The prototype was built on an olde skool wooden bread board.

The Hammond classic audio output transformer should sound better than a car coil.  Well, I hope - at least it will look better:
http://www.hammondmfg.com/125a.htm
http://www.hammondmfg.com/300series.htm

and one can get high voltage electrolytic capacitors from Digikey:
http://www.digikey.com/product-detail/en/EKXG351ELL101MM25S/565-1457-ND/755973

Next time I walk past a Pakistani trinket store down town, I'll pick up an old fashioned wooden box to put it in. I saw a replica His Master's Voice wind-up record player the other day - that store will have something.

There is also a manufacturor of new electron tubes for audio amplifiers, the Xpo-Pul (Reflektor) factory in Saratov, Russia:   http://rutubes.com/category/reflector-tube-saratov-russia/

Really BIG electron tubes and oscillators are made in China by Bejing Jenerator Co:

So, it is no problem to build a new old toy today, but it ain't cheap.  Shipping transformers and high voltage parts halfway around the world is expensive.  I guess my little amplifier will cost about $300 when it is all done.

Transformers

I finally ordered the transformers.  It turned out to be easiest to get them from Mouser and instead of getting a multi-winding valve amp power transformer, I got separate transformers for the heaters and anodes (as in the schematic!) - easier that way. Mouser does stock a Hammond Fender replica power transformer, but it is 115 V only - while I live in UAE with 240 V mains supply.

It is possible to build these toys without a mains transformer - by simply rectifying the mains directly, but then you are not protected against common mode spikes and the resulting circuit will be hot and dangerous.  Don't do that.  Rather shell out for the two mains transformers, since they are much cheaper than a visit to the undertaker.

I got a Hammond 185C230 for the anode voltage:

Primary 230 V:
Connect in series
.1, 6 = 230 V mains
2, .5 = Short

Secondary 115 V:
Connect in parallel
12, 8 = Short
.11, .7 = Short

Since the secondary was paralleled and not centre tapped as in the schematic above, I then built a four diode full wave rectifier instead.

A VPS12-2000 transformer is used for the heaters:

Primary:
Connect in series
.6, 1 = 230 V mains
5, .2 = Short

Secondary:
Connect in parallel
.12, .8 = short
11, 7 = short

The audio transformer I settled on is the Hammond 1750H:

Primary:
.Blue / Brown = 6600 Ohm
Red = Centre Tap

Secondary:
.Black, Brown = 8 Ohm

Note that you must never run a valve amp without a load - the output transformer will arc and destroy itself.  I mounted a large 10 Ohm 25 Watt resistor on the bread board next to the output transformer to use as a dummy load.

Let me say that again: Never run a valve amp without a load!

If the speaker is in a separate box, then you could put a CG590L 90 V gas arrestor from Littelfuse on the output transformer to try to protect it.

Note the separation and 90 degree rotation offset between the two mains transformers and the audio output transformer on the breadboard.  That is to reduce mains hum coupling into the audio output.

I'll get a 6 inch full range car speaker pair at Lulu or Carrefour and maybe stick it in an old fashioned wooden box from my new found Pakistani friend downtown.

Also, do put a fuse in the mains line.  I used a 150 mA, 600 V polyfuse, 600R150-RBZR and most important, solder a couple of 1 Megohm resistors on the outputs of the high voltage PSUs to bleed the capacitors when powered off, else you may be in for a surprise one day.  Do put a rubber bathroom carpet on the floor...

It is always a good idea to short out the PSU with a screwdriver before you touch anything - bleeding resistors or no.  It is better to burn a hole in a perfectly good screwdriver, than to end up on your backside on the floor - or in a wooden overcoat at the undertaker.

Valves

Both types of valves have 9 pins.  The power valve has a gap between pins 1 and 9 as usual.  Viewed from the bottom pin end, the number sequence runs clockwise.

The old yellowed Rusky data sheets are hilarious.

When I first met my wife (she is Slovak), I had a red hammer and sickle T-shirt (made in Honduras - where else?).  So she asked: "Where you get that shirt? You look like Russian athlete!".  Now I'm building toys from parts really made in ze olde CCCP, decades after everyone else stopped making them.  The commies were good at making things, but sometimes a bit slow in keeping up with advances.

One of our Czech friends remarked: The communists were good at building big machines to mine coal and iron ore, to make steel, to make big machines to mine coal and iron ore...

The 6E6PE tetrode valve pin-out is as follows:

1 - k
2 - g1
3 - k
4 - h
5 - h
6 - k
7 - a
9 - g2

The pre-amp miniature dual valve is funny and has a gap between pins 6 and 8, just to be confusing.

The two triodes have a shield between them - you have to ground it. So this is a nice, compact, low power design with only three glass tubes, but four valves. Because the double triode is physically small, the operating voltage is lower than normal at 'only' 100 V.  This works fine, since in a simple valve amplifier design, each stage is isolated from the other with a power line RC filter.  Of course, if you want to show off more glassware, then by all means, use two of the little tubes.

In this design, I drop the voltage from 160 V to 100 V using a 330 Ohm series resistor R8 and stabilize it with the capacitor C4.  This prevents voltage sags caused by the output stage, from feeding back into the input and reduces distortion.


The 6N21B miniature dual valve pin-out is as follows:

1 - k1
2 - s
3 - g1
4 - a1
5 - h
6 - k2
7 - no pin
8 - g2
9 - a2
10 - h

 

Terminology

When working with olde skool parts, one also comes across the olde skool terminology.  Hertz, becomes cycles, a mixer becomes heterodyning, feedback becomes regeneration, a capacitor becomes a condenser, an inductor becomes a coil and a diode becomes a cat's whisker, or a crystal - for auld lang syne.

Valve Sockets

One can still buy new octal sockets.  They are manufactured for relays.  However, all the tubes I got have 9 or more pins, so that is no help.  I could make a plan with some D-sub connector sockets - they look like they will fit - but the Tubes Store also has original ceramic sockets and they don't cost much.

You have to mount these things on a metal plate - and remember to ground it or you will get zapped sooner or later - likely sooner.  A cookie tin or bread pan is good, but do get an aluminium one, since steel is awfully hard to work by hand.  To make odd shaped cut outs, I use a Nibble Tool from Digikey:
http://www.digikey.com/product-detail/en/12-1806-0000/GC395-ND/258502

The advantage of a nibbling tool is that it doesn't deform the sheet metal - it stays straight and flat - and you can cut any shape hole you need.  The disadvantage is that it is slow and painful to use.  Wrap some tape around the handles...

For the prototype, I mounted the valves and pots on scrap aluminium sheets, but for the final model I used copper clad FR4 PCB, since it is much easier to work, incredibly strong and doesn't warp when you abuse it with hand tools.  Using the copper as a ground plane, also eliminates about half the wires - another big advantage.  One can get FR4 in multiple colours nowadays, such as red, blue, green, black - even camouflage.   So your toys can look cheerful even when built in a simple way.

Note that FR1 and FR2 printed circuit board has made a comeback, thanks to cheap PCB milling machines (which gets worn out by the glass in FR4): https://www.sparkfun.com/categories/tags/fr1

It is much better to work at home with FR1, since the resulting dust doesn't make you itch like the fibreglass in FR4, which tends to pollute your whole workshop with white itch powder.  The disadvantage is that FR1 is not quite as strong and you need to be good with soldering, so you don't lift the copper.

The double triode presented a problem, since it doesn't fit in a socket.  It has long thin wires.


I soldered it into a 1 inch square circuit board, leaving some space for heat dissipation and fashioned the wires into little eyelet loops at the bottom so I can wire it up to the rest of the circuit in the same way as with tube sockets.  Time will tell whether this was a good idea or not - turns out it wasn't - I eventually soldered the tube into a 9 pin ceramic valve socket.

Terminal Strips and Turret Boards

Due to the high voltages, wired connections need to be kept millimeters apart.  These old fashioned high voltage solder tag strips are hard to find, but Digikey and Mouser do have them, if you know to search for 'turret boards'.


http://eu.mouser.com/_/?Keyword=turret+boards&FS=True




http://www.digikey.com/product-search/en/connectors-interconnects/terminal-strips-and-turret-boards/1442011?k=terminal&stock=1

For hooking the parts up, you need some 22 AWG tinned copper wire, which is unhelpfully named 'bus bar wire' by the vendors.  It is available in little 100 foot rolls.  Don't use 'magnet wire' - well, you could if you are a masochist.  Magnet wire is insulated with epoxy or nylon which is very hard to strip.

If you want it to look seriously retro, then you could use miniature rigid co-ax for the signals.  That will make it look like a steam engine. You can get rigid co-ax from Pasternack: https://www.pasternack.com/semirigid-0.141-50-ohm-coax-cable-tinned-aluminum-pe-sr402al-p.aspx

I'd recommend that you build the PSU first and when you are ready to test it, put a cardboard box over it, before turning the power on, to contain the mess if something would blow up.   When I was a teenager, I built a 600 Watt bipolar transistor bass guitar amp and had a very big capacitor (Cola can size) blow up in my face - it wasn't much fun - fortunately I was wearing glasses and I've been rather more careful ever since.

Grounding and Shielding

When you wire things up, always use the big capacitors as star points for power and ground - don't daisy chain.  That keeps the voltage sags and distortion down.

Also make a massive star bundle of about a dozen long thin earth wires that you can later use to ground all the metal parts, transformers and chassis and twist around sensitive wires leading to the volume and tone controls and gate of the first triode.   You don't have to use screened wire - just twist an earth wire around a signal to protect it, but if you want it to look more neat, use a thin coaxial cable such as RG316 and earth the shield at one end only - strip the plastic outer to make it more flexible and look more olde skool.  After the first triode, the signal is amplified enough that noise pickup won't be a problem any more, but you can still get feedback, causing howl round, so the more shielding, the better.

While the prototype sure looks messy, by tediously using a star grounding system throughout, I had no hum, no motorboating, no howling or squealing, no noise, just pure sound - purrfect - well, OK, until I moved the thing, which caused it to start howling - so I had to rewire it all with RG316 coax...

 No noise - Just pure audio.

Note: Disconnect the ground wire of your oscilloscope power lead.  If the scope is floating, then you cannot short things out with the ground clip and you can measure floating and differential signals directly.  I always get annoyed when someone takes my scope power leads and that idjit then ends up with a Darwin Award ungrounded power lead...

If you can hear mains hum when you turn the volume up (with no input signal), then you did not ground and shield the amplifier circuitry properly.  Some people build elaborate solid state DC supplies for the heaters; others trim the ground of the heater supply with a 'humdinger' circuit to cancel hum, but none of that is necessary.  If you build the thing on a copper clad FR4 ground plane, ground the transformers, use individual twisted pairs for the heaters (don't daisy chain) and shield all signal wires, then you will not have hum.  My amplifier is absolutely quiet - no hum and no hiss whatsoever.

The missus prolly won't like having a Carrefour breadboard full of hot and sizzling high voltage parts in the living room - so once it is working, then one got to unscrew the terminal strips and valve sockets, lift it off the bread board and re-install the unholy rat's nest into a fancy looking box, so make sure that you mount the sockets from the under side, unless you want to re-solder everything...

Once all is working again, clean with alcohol and spray the electronics (not the power resistors and tubes!) with V-66 or similar conformal coating to keep it from corroding and it will keep working and look nice for years.

BTW, I eventually kept the gizmo as an open skeleton construction, but stuck a sheet of clear acrylic to the top of the transformers to keep curious fingers out of the high voltage areas.

Bluetooth Audio

This is an old fashioned amplifier, but that doesn't mean it needs to be stuck completely in the past.  You can get little Bluetooth audio receivers on Ali Express for a Bob or two:
https://www.aliexpress.com/item/32961053585.html



At first, I took the path of least effort and plugged in a USB wall wart for power and a little cable to the amplifier and it was working well enough.  Since it is a mono amplifier, I should wire the two BT audio outputs together through a pair of 100 Ohm resistors, but oldie radio stations are mono anyway:
http://www.1940sukradio.co.uk/bhfr/

Last week I felt bored and built a little 5 V power supply to hook the BT module up to the 6 V heater transformer.  That resulted in two interesting issues: First, a diode popped (I forgot that one end of the transformer is grounded!) and then the BT module would reboot every few minutes, which was just a wee little bit annoying in the middle of the music.

Who would like to hear: BEEBOOP!!! YOUR BLUETOOTH RADIO IS READY TO PAL!!! in a friendly and cultured female Chinese voice every five minutes?  It took me a long time to figure out where to put an additional 1000 uF capacitor, to convince the nice lady to be a little more discreet.

Now, I can finally put my amp anywhere, plug it into the wall and have some muzak.  It is funny having an iPhone play over a valve amplifier, but it sounds good!

Ye Olde Amplifier Sounds Best With Olde Muzak

My favourite oldies station to play over this new old amplifier, is probably Majestic Jukebox Radio https://www.majesticjukeboxradio.com

The British Home Front Radio is usually also good fun http://www.1940sukradio.co.uk/BHFR/

The US Megaton Cafe Radio is similar https://www.megatoncaferadio.com for those who prefer the other side of the pond.

This is the muzak my parents and grand parents grew up with and creates a good background ambience.

Postscript

Every day, about 100 people from around the globe look at this article.  I've been wondering how many actually end up building it, or something based on it.  If it is only 1%, then over the last 3 years, I have caused people to spend roughly $200,000 on this hobby.  I hope you can forgive me!


Have fun!

Herman

Friday, February 6, 2015

Windows 10 on Virtualbox

What? Herman uses Windows? Shock, horror...

My first desktop computer - if you could call it that - was a Commodore Vic 20 - ugh.  The second one, was an Apple IIe, which was probably the first desktop computer worthy of the name.  Since then, I have used many, many systems, including Sperry, UNIVAC, Varian, DEC and some that nobody ever heard of.

As far as Microsoft operating systems go - if you can call them that - I have used practically every version of everything O'l Billybob ever made.  I even once received a cheque from Microsoft for one of their infamous illegal business practices lawsuits that they lost (Corel, Novel, Lotus, DEC, SAMBA, SCO, Stacker, Trumpet, Sierra...).  So I have a kind of love/hate relationship with MS and avoid their products wherever possible, since they can destroy a computer business competitor without batting an eye and leopards never change their spots.

If it is Free, Take Two!

You can download a Windows 10 ISO file for free here:
https://insider.windows.com/

Windows 10 Running in a Window on Fedora Linux KDE

You just have to give them your whole pedigree and create an online account, but if you are old enough to do this on your own, then MS already has your whole pedigree and you may even have an account too... 

The Magical Incantation

After downloading the thing (4.9 GB), run Virtualbox and create a "Windows 8.1, 64 bit" disk.  Select the ISO file in the Storage, CDROM widget and boot up.

If you cannot create a 64 bit VM with Virtualbox, then the Intel Virtualization features are turned off in the PC BIOS.  Reboot and fix that first.  The setting is usually not in the CPU tab as one would expect, but hidden somewhere else in the BIOS settings - you'll need to click around to find it.

The Win 8.1 64 trick above is the main reason I'm writing this, to save you from a Blue Screen of Death Error 5D.

Settings

Turn power management off, since your host already does that, install Virtualbox Guest Additions, enable file sharing and once everything is working right, disable the network, since that is the only way to keep a Windows machine secure.

Now please don't blame me for all the problems you may get with Windows... 

Guest Additions

Some people got it to work, but not I.  The 64 bit version of the Virtualbox guest additions runs and installs with no complaints, except that it doesn't actually work - sigh...

The main reason for using Guest Additions is the easy disk sharing with the host, but there is a way around that, which should be almost as easy.  Run a FTP server on the host (vsftpd for example) and then use the easy connect wizard in the Windows file browser (File, Map Network Drive, Map as Drive, Connect to a website..., Next, Choose...) to connect to the server using a URL like ftp://192.168.1.10 which will create a shortcut in the left pane which then works like a network file share - it will ask for your user name and password when required.  At least, that is the idea anyway.

However, I then run into some weird file access permission problems.  I can copy a file somewhere else, but I cannot open the file in place with an application, so it looks like I get read only access.  Access works perfectly with FileZilla, so it is a Windows Explorer problem, not a FTP server problem.

I heard on the grapevine that Windows 10 finally would support SSH as well, but it doesn't look like it.  A ssh:// type of URL fails.  Only FTP and WebDAV seems to be supported, same as before.  So Windows is still a pain in the derrier for engineering use.


Speed

...or the lack thereof.  

The default out of the box Win10 is a round and fat prasatka.  It is very slow compared to WinXP, Linux or Mac.  A VM backup tarball clocks in at 6.5 GB compressed - five times bigger than a typical Linux VM.  So everything and its dog is installed by default, yet, as always, Windows doesn't actually have any useful applications by default.  What the heck they do with all those gigabytes, is a mystery.

One reason I am experimenting with this fat piece of jello, is because I have to get MS Office 2013 to work and it requires Windows 8 or better.  However, it is so dog slow in Virtualbox, that MS Word is almost unusable, and I need to get the FTP server access above to work also.


Security

...or the lack thereof.  

To say that Microsoft doesn't take security seriously, is an understatement of mind boggling proportions.

One reason why I run Win10 on Virtualbox, is to allow me to easily firewall all the built-in spyware.   The creepy doll Cortana, listens to everything you say, your search keystrokes are sent to Microsoft Bing and if you would use Bitlocker, then the key will also be backed up to CloudDrive for easy access by the NSA, FSB, GCHQ and other hackers and mafiosi.  

Once you got it to work properly, then you should run the VM with host only networking, or go into the advanced firewall rules and block most things in the incoming and outgoing rules. The speed improvement from turning things off and blocking them in the firewall to make double sure, is quite amazing.

I ran the Settings Wizard and turned the fat creepy doll Cortana, Bing Search, the App Shops, Help, Support, Feedback, Remote everything, Skype, Games, Xbox and everything else that looked remotely useless OFF - most everything in other words.  After that - and rebooting of course - it seems to work even faster than my specially hacked Win7 VM and all pop up advertisements and other cruft are blissfully gone.  It is still very much slower than a WinXP VM though.

After my latest round of blocking and disabling cruft, MS Word launches and opens documents in the blink of a lazy eye.  So the default settings of Win10 are really awful.

Bugs

There are a few annoyances that I noticed already.  The menu system is a kind of self indexing database and has a limitation that is set too low.  It tends to pick up all kinds of cruft and you may find that a newly installed program won't show up in the menu and if it doesn't show in the menu, then you cannot search for it either, since search uses the same broken database.  I'll install Classic Shell and see how that goes.

Ditto with large folders.  I mapped a disk from the host system over FTP and large directories failed to show up in the file explorer.  I don't know what the limitation is, but one of these has 6700 files and is 32GB in size.  I can access it just fine from FileZilla though.  These missing folders eventually showed up - WTF?  It must be indexing things before showing it - another speed sapping service that I need to find and strangle.

Applications also seem to get only read access to mapped FTP folders.  I can use Notepad to open a file on the host from its File, Open menu, but cannot save it back to the host.  I have to save it somewhere else and use the file explorer or FileZilla to copy it back.  Also, if I double click a file in a mapped folder, it runs the relevant application, asks for username and password, and then tells me that it cannot open the file - grrr...

Ordinary mortals will probably never run into these issues, but Windows is clearly still not good for Engineering use and feels a bit buggy like Windows ME.

Windows FTP Authentication Bugs

Some searching on MS Technet showed that the FTP authentication bug has been in Windows since 2007.  It is now so old that the published workarounds don't work anymore.  In essence, Win7/8/10 only work properly with Anonymous FTP servers.

So, what I have to try next is to set vsftpd to anonymous on my home directory and block it with iptables so it is not open to the wild wild world and then try again.

Now to find a happy middle ground between Windows bugs and Linux bugs.  The vsftpd server chown function doesn't work in the version I got running, so I have to set all directories that I want to share to world read/write and sticky.  The world read/write allows the ftp user to put a file there and the sticky bit forces the group to the owner of the directory, so I end up with ownership of herman:ftp.

To change the properties of directories recursively:
find /home/herman/Data -type d -exec chmod 1777 {} +

and with the /etc/vsftpd/vsftpd.conf like this:
anonymous_enable=YES
anon_root=/home/herman/Data
local_enable=YES
write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES

dirmessage_enable=YES
xferlog_enable=YES
ftpd_banner="FTP, Eh..."
listen=YES
chown_uploads=NO

allow_writeable_chroot=YES

Restart with the command service vsftpd restart and now finally, Windows 10 can read, write, edit and save properly to the anonymous FTP server, same as with a Virtualbox Guest Additions shared folder.

Battening Down the Hatches

When my computer is doing nothing, I prefer that it does exactly that - nothing.  It should not connect to any servers on the wild wild web behind my back.

Microsoft plays fast and loose with personal information.  Many network datagrams contain personal information for example a UUID and my email address and I really don't like that.

14:37:55.301077 IP 172.22.2.95.icslap > 172.22.2.55.51960: Flags [.], seq 204:1664, ack 236, win 256, length 1460
        0x0000:  4500 05dc 1c02 4000 8006 7c57 ac16 025f  E.....@...|W..._
        0x0010:  ac16 0237 0b35 caf8 18af 4d30 9068 b9a1  ...7.5....M0.h..
        0x0020:  5010 0100 aebf 0000 3c3f 786d 6c20 7665  P.......<?xml.ve
        0x0030:  7273 696f 6e3d 2231 2e30 223f 3e0d 0a3c  rsion="1.0"?>..<
        0x0040:  726f 6f74 2078 6d6c 6e73 3d22 7572 6e3a  root.xmlns="urn:
        0x0050:  7363 6865 6d61 732d 7570 6e70 2d6f 7267  schemas-upnp-org
        0x0060:  3a64 6576 6963 652d 312d 3022 3e0d 0a09  :device-1-0">...
        0x0070:  3c73 7065 6356 6572 7369 6f6e 3e0d 0a09  <specVersion>...
        0x0080:  093c 6d61 6a6f 723e 313c 2f6d 616a 6f72  .<major>1</major
        0x0090:  3e0d 0a09 093c 6d69 6e6f 723e 303c 2f6d  >....<minor>0</m
        0x00a0:  696e 6f72 3e0d 0a09 3c2f 7370 6563 5665  inor>...</specVe
        0x00b0:  7273 696f 6e3e 0d0a 093c 6465 7669 6365  rsion>...<device
        0x00c0:  3e0d 0a09 093c 5544 4e3e 7575 6964 3a35  >....<UDN>uuid:5
        0x00d0:  3166 6365 6266 332d 6431 6264 2d34 3538  1fcebf3-d1bd-458
        0x00e0:  642d 6261 3162 2d66 6432 3462 6130 3066  d-ba1b-fd24ba00f
        0x00f0:  3335 663c 2f55 444e 3e0d 0a09 093c 6672  35f</UDN>....<fr
        0x0100:  6965 6e64 6c79 4e61 6d65 3e57 494e 3130  iendlyName>WIN10
        0x0110:  564d 3a20 6865 726d 616e 4061 6572 6f6e  VM:.herman@aeron
        0x0120:  6574 776f 726b 732e 6361 3a3c 2f66 7269  etworks.ca:</fri
        0x0130:  656e 646c 794e 616d 653e 0d0a 0909 3c64  endlyName>....<d


For starters, you could block DNS requests for Microsoft servers, which will make outgoing connections fail, by loading the below hosts file into Windows/System32/drivers/etc:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost

127.0.0.1 dns.msftncsi.com
127.0.0.1 ipv6.msftncsi.com
127.0.0.1 win10.ipv6.microsoft.com
127.0.0.1 ipv6.msftncsi.com.edgesuite.net
127.0.0.1 a978.i6g1.akamai.net
127.0.0.1 win10.ipv6.microsoft.com.nsatc.net
127.0.0.1 en-us.appex-rf.msn.com
127.0.0.1 v10.vortex-win.data.microsoft.com
127.0.0.1 client.wns.windows.com
127.0.0.1 wildcard.appex-rf.msn.com.edgesuite.net
127.0.0.1 v10.vortex-win.data.metron.life.com.nsatc.net
127.0.0.1 wns.notify.windows.com.akadns.net
127.0.0.1 americas2.notify.windows.com.akadns.net
127.0.0.1 travel.tile.appex.bing.com
127.0.0.1 www.bing.com
127.0.0.1 any.edge.bing.com
127.0.0.1 fe3.delivery.mp.microsoft.com
127.0.0.1 fe3.delivery.dsp.mp.microsoft.com.nsatc.net
127.0.0.1 ssw.live.com
127.0.0.1 ssw.live.com.nsatc.net
127.0.0.1 login.live.com
127.0.0.1 login.live.com.nsatc.net
127.0.0.1 directory.services.live.com
127.0.0.1 directory.services.live.com.akadns.net
127.0.0.1 bl3302.storage.live.com
127.0.0.1 skyapi.live.net
127.0.0.1 bl3302geo.storage.dkyprod.akadns.net
127.0.0.1 skyapi.skyprod.akadns.net
127.0.0.1 skydrive.wns.windows.com
127.0.0.1 register.mesh.com
127.0.0.1 BN1WNS2011508.wns.windows.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 settings.data.glbdns2.microsoft.com
127.0.0.1 OneSettings-bn2.metron.live.com.nsatc.net
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 win8.ipv6.microsoft.com
127.0.0.1 go.microsoft.com
127.0.0.1 windows.policies.live.net


The above hosts file will stop outgoing connections to these 39 servers that Windows like to connect to for no good reason, but it will do nothing to incoming connections or something with a hard coded IP address, or seldom used outgoing connections that I haven't seen yet.

Why on earth Microsoft thought it wise to make Win10 connect to 39(!???) servers without asking,  behind my back, is just mind blowing.  I can understand the need for DNS, NTP and updates, but the rest?  They just have absolutely no clue about network security.

To edit the hosts file, right click on notepad in the Accessories menu and select run as administrator, then open the file C:\Windows\System32\Drivers\etc\hosts

If you want to block advertisements and junkware also, see this site:
http://winhelp2002.mvps.org/hosts.htm

Combine the above into a single hosts file.  If you then sit and stare at the output from tcpdump, the network connection should be nice and quiet:
# tcpdump -A -i eth0

If you still spot something, simply add it.

Genuine Disadvantage

If you get troubled by the system not accepting your registration code, get a copy of 'unlocker' from 'majorgeeks.com'.  Reactivate with 'slmgr /rearm', then using 'unlocker', find *all* copies of 'slui.exe' (there may be two or three!) and delete them.  Finally, reboot.


-. --- / .-- .. -. -.. --- .-- ... --..-- / -. --- / -.-. .-. -.--

Bah, humbug...

Herman