Announcement

Collapse
No announcement yet.

JNIOR Corner

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Bruce Cloutier View Post
    Really a constraint is that 99% of the JNIORs are accessed by IP address alone. It would be a rare situation where a JNIOR would deserve its own domain. A unit like our Honeypot that is directly on the Internet could actually be handled by Let's Encrypt if I were to implement their API. The percentage of JNIORs that could take advantage of such things is extremely small. The motivation to get it done is even smaller I'd bet.
    I guess it depends on the use-case. We're used to implement internal DNS, either as split-DNS or with a separate domain that does exist. A domain-name will set you back a few bucks a year, wildcard certificates from Let's Encrypt can be had for free, but commercial ones are now also available for sub $50 a year. This really beats running your own little CA and importing the CA root certificate into all client machines as it often needs to happen on many levels: OS itself, browser level, Java also has its own certificate store, etc...

    Going this route, at least solves the problem of browsers screaming hell to end-users. Also, there are some applications that outright refuse to work, if the SSL chain can't be verified. Stuff like Outlook won't even connect to the Exchange server if the SSL certificate is not trusted. It's nice to be able to include all those other IP connected gadgets into the process. The only thing is, since SSL certificates can't be valid longer than a year anymore, is that you have to update certificates on all those devices every year, or after a certain date, everything starts to break down... This is obviously were stuff like Certbot/Let's Encrypt can help automate stuff.

    But in general, it looks like you have all the tools on-board on JNIOR/JANOS, at least for now, to run "public" trusted certificates. So if people want to implement them, they can.

    Originally posted by Bruce Cloutier View Post
    So JANOS v2.0 now supports NetBIOS Name Resolution. The unit previously would handle LLMNR for name resolution but that proved unreliable. Everyone generally opens the WebUI using the unit's IP address but now if you don't know the IP address you can use the birthname ("jr" + serial number) or the hostname (JR_AUD2 or something). We're shipping units with v2.0 having DHCP enabled (as opposed to the default 10.0.0.201 address) so you don't need the Support Tool to initially find the unit and configure it. But when any of those identifying characteristics change a new certificate is generated (unless you've uploaded one).
    I consider everything but some real local nameservers a futile attempt at name resolution. Both NetBIOS and LLMNR are protocols which almost exclusively reside in the Windows domain, all or most other devices won't participate in it. Most stuff won't resolve to a fully qualified domain too, which renders any trusted certificates useless. Maybe important to know: The Internet was designed with proper name resolution in mind. Connecting to IP addresses directly should actually be considered a hack.

    If you design a network properly and you do implement DNS for local stuff, a lot of stuff is going to be easier, like moving your network to new IP addresses. As long as everything connects to hostnames instead of IP addresses, you shouldn't have to worry about all those little settings on local devices...

    Originally posted by Bruce Cloutier View Post
    The browsers insist that anything over a secure channel must also be Trusted as if you are going to use the JNIOR to manage your 8-figure portfolio. It would be better if there were 3 separate HTTP protocols: HTTP, HTTPS and HTTPT with ports 80, 443 and something else. The browser could be happy with HTTPS and not put up the awful scary warnings. Your bank, insurance provider, and anything on that level should support only the HTTPT (or whatever) and that can complain, force you to confirm and otherwise request your first born before proceeding.
    Well, in the end, if you're honest, you can't have it both ways... You can't have "real" security and "fake" security and be done with it. The reason this alert system was implemented across al browsers, is because the previous pop-up, where you just needed to hit "Yes" for any non-trusted certificate, simply didn't work and was often abused by hackers, scammers and the like. If you open the door just a little bit and allow those folks to use a "lesser version of HTTPS" that doesn't throw warnings if things don't check out, those people will be abusing this in no-time. In the end, it works a lot like SSH does. The first time you connect to a new host, it also comes up with a message that this host isn't known. If you then choose to accept the certificate, it won't complain the second time you connect. The same is true for most browsers too. If you go through the little hoops and accept the certificate, despite the warning, then you'll be able to connect afterwards, without being hit by in-your-face warnings.

    Comment


    • #17
      Well aside from all of the complexities of SSL/TLS implementation, I had hoped to offer some simple insight into JNIOR operation and maintenance here in this thread. It would be a good place to hint at anything undocumented. Not that there is a lot of that. Even the documented stuff is worth discussing since we are so good at documentation and everyone reads it so carefully. I know that when there are questions or issues that a chat with the office takes care of it promptly, it still would be helpful to others to see some of it before they need it. By the way, I would suspect that no other company responds to your support needs as quickly nor can they resolve your issues as quickly. Well, that is our goal anyway.

      There is a huge difference between the old Series 3 (310, 312 and 314) and the current Series 4 (410, 412, 414 and 412DMX). The current product was designed to minimize the impact of that. This is one of the reasons that we developed our own operating system. We could make the transition as seamless as possible. There is a significant hardware difference and not many companies can make that kind of transition and almost completely eliminate confusion on your end. The 31x product shipped last in 2014 but ceased production a bit before that.

      On average those of you who still run JNIOR3 have gotten your value out of the thing. There are enough issues with that platform that I want to highly encourage you to put a plan in place to switch it out for a JNIOR4. I would be happy to get into the problems with JNIOR3 in detail. The low-level operating system on that product was not ours and we had no control over it. The processor was a mature product and not being actively supported by the manufacturer. This, for us, was a huge frustration. It was a daily exercise in work-around development. That said JNIOR3 was a workhorse and served you well. But as you know it eventually trips over itself and, well, that performance is not representative of the current JNIOR.

      I will try to think of something interesting to lay on you here. Meanwhile, I am open for questions.



      Comment


      • #18
        Did you know that when you pull the LAN connector on a JNIOR4 the orange status LED flashes. It could be complaining that it has lost network connection. It is actually flashing the last octet of the unit's IP address in Morse Code. It's a bit silly but why not? The other place where we have some Morse Code is the green status LED on the back of a JNIOR Control Panel. That barks a status message. Just a couple of not at all documented items.

        Comment


        • #19
          Maybe you could make it a trend, like post one Easter Egg per week. Maybe, we can even propose new Easter Eggs and vote for them?

          I have one already:
          Did you know that if you connect your COM port to the AUX port with a null modem cable, your JNIOR will become sentient and try to take over the world?

          Comment


          • #20
            Originally posted by Marcel Birgelen View Post
            Did you know that if you connect your COM port to the AUX port with a null modem cable, your JNIOR will become sentient and try to take over the world?
            We do connect AUX to AUX and COM to COM in our Program & Test fixtures in production where JNIORs oversee the process. We did have an issue with the component on the AUX port. It has a low power mode it uses when it detects that nothing is connected. That worked fine until we connected another port with the same component to it. Turns out that they don't see each other and remain in low power. That was a long time ago and it required a design change to eliminate the risk of such a deadlock. Luckily, the 410 uses a different component on the AUX port (since it can do RS-422 and RS-485 as well) than the 412 and 414.

            I would post a photo if someone would enlighten me as to the best way to do that?

            Comment


            • #21
              "...where JNIORs oversee the process." You see, we already have JNIORs enslaving other JNIORs, we can all see where this is heading...

              Interesting story though... you'd expect two identical RS232 components to be somehow compatible with each other... Now it's all like they're from a pretty asocial family, where all siblings refuse to talk to each other.

              Inserting images used to be a rather complicated process, but ever since the forum was updated, it's rather straight forward:
              Select the "Picture" icon in the toolbar, it's the one to the right of the "disconnect hyperlink" icon. A "tooltip" should popup, calling it "Image" if you hover your mouse over it.

              Then it opens a pop-over window with two tabs: Image Info and Upload. If you have an image that already lives on the public web, you can use the "URL" function to fetch it. Make sure you leave the " Retrieve remote file and reference locally" option on. The other options on that page are mostly just sugar-coating for your image, to adjust size, give it a title, a link, etc.

              If you have the picture on your local machine (or network drive, accessible by your local machine), go to the "Upload" tab, click the "Browse" tab and select your image from your local file systems and upload it. After it has been uploaded, you can still use the options on the "Image Info" tab to adjust it.

              Comment


              • #22
                Hey Bruce, and plans to make JNIOR run on PoE?

                Comment


                • #23
                  Some years ago we took a close look at PoE. At that time there was some confusion over the approach which was evidenced by the Ethernet connector manufacturer who could supply several different configurations for the additional cable circuits. It was enough of a concern for us to choose a LAN connector that would likely not interfere with any existing PoE (or other) use.

                  There is also some sensitivity to adding circuits to the JNIOR that would only be used in a small percentage of the applications. For example, after a decade we had realized that the JNIOR AUX port was RS-422/RX-485 capable, utilizing circuits which added a couple of bucks to the cost and to our knowledge no one had been using that feature. We pulled it from the 412 and 414 but left the capability in the 410. I would be surprised if there were a couple of dozen JNIORs actually using it at this point. That wasn't just about cost as the component also typically had long lead times and presented a manufacturing concern.

                  If you run PoE you can simply purchase an adapter. Just cut off the barrel plug, tin the wires and wire to the power supply input on the JNIOR. The JNIOR requires 12V and we rate the supplies at 1A. That is to insure that there is enough power to run the thing with all of the relays activated and inputs enabled (LEDs active) while running a couple of expansion modules (with relays active). Depending on your situation you can run with 10V on the low side up to 24V on the high side. A typical load too is likely under 500 mA. Oddly, the power can be either AC or DC (originally to be compatible with old-school HVAC use with readily available 24VAC). If you don't supply enough power the unit might reboot when relays are closed.

                  The 412DMX by the way, has a ride-through power supply design (mini-UPS) that eliminates the reboots that result from short (10-15 second) power interruptions. That does require 12VDC (no AC) and that should handle 1A. This is being evaluated for general use in the next series of JNIOR. The jury is still out.

                  The JNIOR is a wired application. I mean you have to wire something to the relays and inputs. It is not a mobile device. This is one reason that we stick with the wired Ethernet. We considered wireless connectivity but that is much less reliable (especially in industrial applications); Configuration is difficult without a screen and keyboard (selecting the network and entering passwords); And, it represents a security concern. You are wiring the JNIOR anyway so run the CAT5 cable. Again, there are inexpensive wireless LAN adapters and we have applications out running those. Perhaps even more running cellular modems now that I think of it.

                  Power cords and wall transformers are a real pain in my opinion. No matter what you do you can never make that look good and you seem to always need one more outlet that you don't have or the transformer doesn't fit in the one you have. We're not sure what the solution to all that is except to plan ahead and use a good power distribution system.

                  There is also the thought of making the COM port (RS-232 next to the LAN connection) a USB input. We would consider the possibility of powering the JNIOR from that. I like to try to maintain isolation at points in whatever setup and that is a concern.

                  If anyone has success with a PoE (or any) adapter with the JNIOR, tell us about it. We're open to just about anything in moving forward to the next series.

                  Comment


                  • #24
                    I think that PoE, both active and passive is a nice-to-have kind of feature. You can always use a PoE splitter in place, but it saves you the hassle of putting in an additional device. Integrated wifi and especially support for 2G/3G/4G/5G may be a bit more complicated and maybe it's best to leave it out there to keep things simple.

                    Something like an optional battery module (one that would last for anywhere between 30 minutes and a few hours) would be a nice upgrade, it could enable a lot of new use-options for the device, especially when used in IoT and home/building automation scenarios.

                    Regarding powering low-voltage devices... Lately, I see myself ordering bigger, more durable 12V, 9V and 5V power supplies which then power all gadgets on a certain bus. Some supplies even offer multiple outputs which are individually regulated and/or fused. I like it when devices offer terminal connectors for their power supply instead of those barrel plugs. This saves a whole lot of garbage with endless PDU-strips with all kinds of crappy mini-PSUs plugged in. Furthermore, reducing the amount of crapola PSUs on your power network actually helps to reduce the cos θ, which is good for all kinds of reasons a bit out of context of this post.

                    Comment


                    • #25
                      Originally posted by Marcel Birgelen View Post
                      I like it when devices offer terminal connectors for their power supply instead of those barrel plugs.
                      That helps. There has been some thought of returning to a barrel connector... not knowing how the market perceives the product in its absence. But JNIOR was designed for bus power where a nice protected several-amp power supply powers more than one JNIOR. We do have applications where there are multiple JNIORs mounted side-by-side.

                      There is some isolation between the power supply and various connections. Some care should be exercised if you tap off the power supply at the power connector. Note also that the GND pin on the serial connectors floats relative to positive and negative supply inputs due to the AC power input capability. The analog modules are isolated, the digital inputs are each isolated, and naturally so are the dry contact relay outputs.

                      By the way, the JNIOR runs on 12VDC. So a small lead-acid battery and a trickle charger with an at least 1A recovery capability is a simple UPS. There are JNIORs in the field running that way. Some with solar rechargers. But to be honest I couldn't say where those are or if they are still in use. The energy monitoring market uses JNIOR on remote gas meters.


                      Comment


                      • #26
                        Something like this should work maybe?...

                        https://www.amazon.com/Splitter-Adap...82944654&psc=1

                        I have ordered one of these to test so I will report what I find here

                        Comment


                        • #27
                          Interesting. I wonder if the DC output is isolated from the Ethernet POE. We ended up with an interesting POE circuit in the LSS to get isolation. It was like a buck converter with a secondary winding on the inductor. When the chip output went to ground, there was 5 volts across the "inductor" (transformer primary), which caused there to be 5 volts across the secondary. This was rectified and filtered to power the grounded LSS circuitry. The Ethernet side could be something like 3 kV above or below ground.

                          The idea for the converter came from a TI application note, and the POE chip was from Maxim.

                          Harold

                          Comment


                          • #28
                            There is isolation at various levels between the JNIOR and the rest of the world provided that you do not connect the serial ports or tap off of the power supply for other things. The serial ports are an issue because of the GND pin. That GND floats between the (+) and the (-) supply inputs since we can accept AC supply voltages. That fact sometimes is an issue if you also use the power supply for something in addition to running the JNIOR. The negative marked power input is not the same as GND. The digital inputs are opto-isolated. Relays are dry contact and therefore isolated. The analog modules are isolated from the JNIOR (not between channels). Also, the 412DMX sports an isolated RS-485 channel.

                            Isolation between PoE and the JNIOR is a good thing but depending there might not be a need. Still we've seen some nasty and quite destructive ground loops.
                            Last edited by Bruce Cloutier; 03-29-2021, 10:42 AM.

                            Comment


                            • #29
                              RelaysHaveRatings.pngRelays have ratings. But accidents do happen and if you must challenge the limits I guess it is better to blow up a JNIOR than your more costly media server GPIO port, eh?

                              I think this event must have made a bang though. What do you think?

                              JNIOR... easily and inexpensively replaced at least.

                              Comment


                              • #30
                                Run a theatre, they said...

                                It's a blast, they said....



                                Many years ago (before I had my own theatre) I was running a matinee on a cooking hot day in August in a projection room with no air conditioner and, of course, not much ventilation either. I was standing in the lobby (which was air conditioned *pant pant gasp*) between reels and suddenly there was a huge BANG! and a flash of light in the projection room.

                                I raced up the stairs and discovered that the transformer had blown right through the side of the rectifier and embedded itself into the wall. I was pretty happy that I wasn't standing there at the time.

                                Comment

                                Working...
                                X