Category Archives: DIY

More Spiffchorder

While I was on my hardware-fiddling spree, I came across the Spiffchorder project pile tucked into the keyboard drawer of my desk. Last time I played with it I had written off the perfboard assembled one, which had been reworked so many times it looked like a solder ball, and left a working one on a breadboard. This meant it was taking up surface- and breadboard- space, and that would not do. So, I sat down, laid out a less-insane board, and soldered it up in one pass.

The design isn’t well suited to the individual-pad perfboard I had around (lots of n>2 component nodes), so I tried a fabrication strategy I hadn’t used before to help simplify: I almost completely populated the perfboard, ran a piece of tape over the components, flipped it, and soldered, rather than re-adding the components as I went. It actually worked pretty nicely. It is a little bigger than the last layout I used, but this one worked on the first try – or at least the first try where I had a programmed UC plugged in to the socket…

In a related matter, one of the two chips I thought I had burnt with the appropriate firmware doesn’t seem to be working, and because there is a bug with the -g flag in the current version of gcc-avr, I can’t burn another from the boxes I have set up for working with AVRs (the VUSB stack needs the -g flag).

The actual chorder I made still sucks almost to the point of being unusable, largely owing to a mistake on the particular tactile buttons I got when I ordered the parts. Eventually something will have to be done about that, but the chorder is on a header, and the project is now in an electronically working state, not taking up prototyping supplies, and can be shoved in a box when idle.

Posted in Computers, DIY, Electronics, General, Objects | Tagged , | Leave a comment

CNC Update

I’ve been in a very mechanical sort of mood for the last couple days, no doubt owing to the all-software (and intangible even for that – what does that thing you’ve been working on do? – well, if I were sure it was working it would verify that an input sequence is valid in this language I made up…) sorts of things I’ve been doing of late. So, I pulled out my pile of mechatronics parts and started fiddling with it.

I’ve previously documented some of this elsewhere, and this isn’t a finished project, but I need a brain dump to package up various information, so I’m going to do a fairly thorough write up.
Continue reading

Posted in Computers, DIY, Electronics, Entertainment, General, Objects | 2 Comments

Hundreds of dollars of parts, hours of fiddling and “Hey! It almost drew a circle!” (I’ve been playing with my CNC parts pile again – more later)

Posted on by pappp | Leave a comment

PSN Outage Reading

I don’t have any stake in the PSN outage issue, not owning any Sony products more complicated than headphones (The last console I bought was an original Xbox- used- to ‘chip and run XBMC on), but it has made interesting reading on the interwebs. There are the official releases, which until today were basically “The system is down.” There is also all kinds of amusing speculation, because when you take video games away from geeks, they suddenly have all kinds of time for that sort of thing. A fairly credible and highly publicized bit of speculation comes from this thread at reddit, where someone from PSX-Scene places the root of the problem on custom firmware that allowed consoles onto the developer network, which subsequently allowed users to purchase paid content with bogus credit card information. The specific details aren’t that interesting to me – the interesting thing is that almost all the speculation has something in common: that Sony was, at least in part, relying on a client-side security model*. If true, this is seriously fucking stupid, even by Sony standards. Ignoring security concerns, when writing software there is a standard adage “Never trust the user.” Usually, the user can’t be trusted because the user is a fucking idiot. Occasionally, the user can’t be trusted because the user is malicious (where, in this case, “malicious” is defined as “Wants to run their own code on hardware they own”).

Back in December there was the excellent Fail0verflow talk at 27C3 where they eviscerated the security model on the PS3, and pretty much demonstrated that Sony screwed the pooch on that front (watch the talk if you haven’t; it is by far the best security presentation I’ve ever seen). Even before this, the PS3 was fairly deeply compromised by a variety of other techniques, and the PSP has been compromised (and re-compromised) almost since it shipped, so they didn’t just have a reasonable assumption that clients couldn’t be trusted, they knew it for certain.

There was also the rootkit scandal with the copy protection on some Sony BMG audio CDs. All together, this sets up precedent for an almost unlimited degree of poor design in Sony security systems.

Now, Sony is saying that a huge quantity of personal information on every user may have been compromised, and there are a spate of complaints about bogus charges on cards used with PSN services floating about on the ‘net (complaints of unknown correlation and reliability). This leads to the really interesting questions: Was all this information stored in plaintext? – it sure sounds like it was if it was extracted on such a scale. If both the Sony release and the speculation about access being gained through compromised consoles is true, why was this information accessible from clients? And finally, how did a system with all the above properties come to be designed? I’m seriously hoping this gets analyzed in public, because it will make an amazing instructional case study, and something of worth might as well be salvaged from this clusterfuck.

* There are a couple non client-side attack theories too. The boring “Organized criminals did it” option, and the theory that Anonymous (big A) is doing their gleeful mayhem thing, like they threatened. These aren’t any more or less credible, they just aren’t as interesting.

Posted in Computers, DIY, Entertainment, General | Tagged , , | Leave a comment

Virtualbox

I’ve liked fiddling with OSes for as long as I can remember, and have been through a couple VM solutions to ease the overhead of that habit. Until recently, I had been settled on qemu with the kqemu module for acceleration for some time, and thought it was pretty good. Then, one of the group mates got me to give VirtualBox, which was too much of a hassle last time I looked at options, another try. The result:
Virtualbox on Arch, running HaikuA1 and a Snow Leopard installer
That is my ArchLinux-running T510 hosting Virtualbox VMs with a Haiku R1 instance and a Snow Leopard installer (with a bootdisc for CPU recognition issues, apparently once updated it will boot straight from VirtualBox’s EFI). The partially-visible terminal with htop in the bottom left shows that it isn’t even eating my machine to do that.
Basically, it’s faster, it’s lighter on host resources, it’s more compatible, and NATed networking for the guests just works. Also, there is no hassle because the Arch package maintainers wrote some excellent support scripts. Converting my images and moving over. Do like.

Posted in Computers, DIY, General | 1 Comment

Otomata

Cellular automation-based generative synthesizer in flash. Very cool. Incredibly easy to make pleasing patterns. Would love a scaled up version.

Posted in Computers, DIY, Entertainment, General, Music | Leave a comment

WordPress Header Glitch

For some reason, the 3.1 to 3.1.1 WordPress update (or something coincident with it) removed the rel=me link back to my Google profile from my headers. Those links are important – they’re how this page is integrated into my online identity via XFN (The “Xhtml Friends Network”), one of the open standards which will obsolete proprietary social networks like the normal standards-driven internet obsoleted AOL, Compuserve, and the other early walled-garden services (oh please oh please oh please oh….). More immediately, they are what lets google know it should pull blog posts into my Buzz feed and such. Fixed now.

Posted in Computers, DIY, Meta | Tagged , , | Leave a comment

I ran into a description of harmonic drives earlier. I hadn’t seen anything quite like them before, and they are just so cool – flexible driven gear for high torque, high fraction engagement, and inherently loaded for zero-backlash. Even though … Continue reading

Posted on by pappp | Leave a comment

Cluster GPU Thermal Monitoring

The research group has been writing some simple monitoring scripts for handling the clusters. The focus is mostly on montitoring NAK (page in serious need of update), which has always had thermal irregularities with it’s GPUs. Some of the (poorly designed) GPU coolers have recently finished cooking their fans, and the “repair” has been to remove the cowling and mount an 80mm fan in the case to blow across the heatsink — this produces comparable temperatures to the vendor solution, whch is pathetic. This thermal instability requires that the system temperatures be periodically checked, and we have written variety of colorful scripts both for users and for the displays in the front of the machine room. The one I wrote for my own use is a simple combination of bash and AWK, which produces nice colorized one-line summaires for each machine when run with something like “mpirun –hostfile ~/nakhosts ./pstatc.sh | sort” where nakhosts is a standard MPI-friedly list of hosts, and ~/bin/ has nvidia-smi (a little tool for handling nivida GPUs from the command line) exported to the nodes. Script attached here for perusal (and so I can find it later). Possibly the best part is that it made me referesh my memory on using ANSI Color Escapes, which has been on my list of skills to touch up for a while – That foray also lead to souping up the script Hank was working on to use background colored spaces for ghetto bargraphs to keep the displays in the windows of the machine room interesting until we are set up to drive them with something else. One of these days I really should learn to use ncurses, or at least get better with one of the GUI libraries…

Posted in Computers, DIY, General, School | Tagged , , | Leave a comment

Package Manager Security

(The following is long, rather technical, and somewhat esoteric. Sorry, it’s what I do.)
I try to keep reasonably abreast of developments in Arch Linux, since it has been my favorite distribution for about seven years now, and the OS on my primary-use computer for five of them. Someone (almost entirely a single very loud someone as it turns out) has been making noise about package signing in pacman, the package manger used by and written for Arch, and said noise propagated up to an article on LWN, so I took some time out tonight to read up on the matter.

The short version is that the description of events on pacman developer Dan McGee’s blog seems to be essentially correct, and the “Arrogant and dismissive” accusations were the result of someone new showing up and making long-winded demands on the mailing list in regard to a topic which has been under (occasionally contentious) discussion for years. The Arch community can certainly be a little blunt, but it has never struck me as unfriendly or inappropriately autocratic (there is quite a bit of the “Those people actually doing things get to decide how they are done” mentality: as far as I am concerned this is exactly right for community projects).

The two primary things I learned in reading are that package manager security is indeed a hard problem, and that most of the possible attacks would be extremely difficult to carry out, regardless of package signing. The typical least concern matter of security: if production machines anywhere that matters are having their DNS (& etc.) spoofed on the required scale, there is a much bigger problem than trying to slip compromised packages into systems during updates. I’ve also discovered that generally, people don’t seem to care: for example, as best I can make out, gentoo has had discussions on package/repository signing since 2002, support since 2004… and it isn’t generally used today. The Arch Wiki has a nifty article about how various distributions handle package security in the context of designing a system for Arch – it is somewhat incomplete, but the only comparison of existing systems I found. Note that the page was started and largely populated in July of 2009.

One thing I don’t quite understand is why there isn’t a movement toward, at least optionally, performing updates over secured connections: simply using ssl (which has it’s own problems) for mirror-to-mirror and user-to-mirror communication would (aside from making the CPU load involved in running a mirror much higher and considerably slowing update downloads…) convey many of the befits of signed packages/repositories with less hassle. More importantly, it would close many of the holes in package management systems which do support signing for those individuals and organizations with sufficiently critical systems and/or paranoid administrators to be willing to swallow the overhead.

With all that in mind, I find myself agreeing with the pacman developer’s ambivalence on the issue – a security scheme for pacman is not so much a “critical feature” as a”nice to have”, largely for future proofing. Likewise, a broken scheme, or one so obtrusive it goes unused is probably worse than none at all. The obtrusive issue is honestly probably the most important to me – one of my favorite things about pacman is that the makepkg process is incredibly easy. I can often go from a source tarball or CMS checkout to a easily handled package as fast as I can (safely) build and install by hand. Contrast this with, say, Debian, where packaging and installing even simple software is often a painful multi-hour affair even with things like debhelper, and simple packages tend to (in my experience) do unhelpful things like fail to uninstall cleanly. I want making my own packages, and building or modifying packages with scripts written by others to remain easy and transparent much more than I want to be protected from improbable attacks.

Forcing the issue (it looks like security features will appear in the next few pacman release cycles as a result of the noise, mostly handled by existing developers) was probably not the right thing – the security scheme should have been done slowly, carefully, and correctly by someone who is actually interested in the matter – the last point both so that it really is done right, and because Arch and Pacman are community maintained projects, where everything should be done by someone who cares, as Linus himself puts it, just for fun.

Posted in Computers, DIY | Tagged , , | Leave a comment