Hacking a Device That Lives Inside the Matrix

[Gerardo Iglesias Galván] decided he wanted to try his hand at bug-bounty hunting — where companies offer to pay hackers for finding vulnerabilities. Usually, this involves getting a device or accessing a device on the network, attacking it as a black box, and finding a way in. [Gerrado] realized that some vendors now supply virtual images of their appliances for testing, so instead of attacking a device on the network, he put the software in a virtual machine and attempted to gain access to the device. Understanding the steps he took can help you shore up your defenses against criminals, who might be after more than just a manufacturer’s debugging bounty.

Continue reading “Hacking a Device That Lives Inside the Matrix”

Jenkins and Slack Report Build Failure! Light the Beacons!

When you have a large software development team working on a project, monitoring the build server is an important part of the process. When a message comes in from your build servers, you need to take time away from what you’re doing to make sure the build’s not broken and, if it’s broken because of something you did, you have to stop what you’re doing, start fixing it and let people know that you’re on it.

[ridingintraffic]’s team uses Jenkins to automatically build their project and if there’s a problem, it sends a message to a Slack channel. This means the team needs to be monitoring the Slack channel, which can lead to some delays. [ridingintraffic] wanted immediate knowledge of a build problem, so with some software, IoT hardware, and a rotating hazard warning light, the team now gets a visible message that there’s a build problem.

An Adafruit Huzzah ESP8266 board is used as the controller, connected to some RF controlled power outlets via a 434MHz radio module. To prototype the system, [ridingintraffic] used an Arduino hooked up to one of the RF modules to sniff out the codes for turning the power outlets on and off from their remotes. With the codes in hand, work on the Huzzah board began.

An MQTT broker is used to let the Huzzah know when there’s been a build failure. If there is, the Huzzah turns the light beacon on via the power outlets. A bot running on the Slack channel listens for a message from one of the developers saying that problem is being worked on, and when it gets it, it sends the MQTT broker a message to turn the beacon off.

There’s also some separation between the internal network, the Huzzahs, and the Slack server on the internet, and [ridingintraffic] goes over the methods used to communicate between the layers in a more detailed blog post. Now, the developers in [ridingintraffic]’s office don’t need to be glued to the Slack channel, they will not miss the beacon when it signals to start panicking!

Perceptrons in C++

Last time, I talked about a simple kind of neural net called a perceptron that you can cause to learn simple functions. For the purposes of experimenting, I coded a simple example using Excel. That’s handy for changing things on the fly, but not so handy for putting the code in a microcontroller. This time, I’ll show you how the code looks in C++ and also tell you more about what you can do when faced with a more complex problem.

Continue reading “Perceptrons in C++”

All About Eve

Most programming languages today look fairly similar. There’s small differences, of course (Python using spaces, Ruby and Perl have some odd-looking constructs). In the 1960s and 1970s, though, a lot of programming languages were pretty cryptic. Algol, APL, and LISP are great examples of unusual looking programming languages. Even FORTRAN and PL/1 were hard to read. RPG and COBOL were attempts to make programming more accessible, although you could argue that neither of them took over the world. Most programming languages today have more similarity to FORTRAN than either of those two languages.

A new programming language, Eve, claims to be based on years of research in programming from a human perspective instead of from the computer’s. The result is a language that works by pattern matching instead of the usual flow of control. It is also made to live inside of Markdown documents that can serve as documentation. You can see a video about Eve, below.

Neither of these are totally new ideas. SNOBOL, AWK, and Prolog all have some pattern-matching involved. [Donald Knuth] was promoting literate programming back in the 1980s. However, Eve understands modern constructs like web browsers.

Continue reading “All About Eve”

Machine Learning: Foundations

When you want a person to do something, you train them. When you want a computer to do something, you program it. However, there are ways to make computers learn, at least in some situations. One technique that makes this possible is the perceptron learning algorithm. A perceptron is a computer simulation of a nerve, and there are various ways to change the perceptron’s behavior based on either example data or a method to determine how good (or bad) some outcome is.

What’s a Perceptron?

I’m no biologist, but apparently a neuron has a bunch of inputs and if the level of those inputs gets to a certain level, the neuron “fires” which means it stimulates the input of another neuron further down the line. Not all inputs are created equally: in the mathematical model of them, they have different weighting. Input A might be on a hair trigger, while it might take inputs B and C on together to wake up the neuron in question.
Continue reading “Machine Learning: Foundations”

Estimate Your English Vocabulary Using Python

We take our mother tongue for granted, a language we learn as young children without realizing the effort involved. It is only when as adults we try to pick up another language that we fully understand how much hard work surrounds each acquired word.

Depending on who you listen to, estimates vary as to the size of a typical native English speaker’s vocabulary. The ballpark figures seem to put most adults under 20 thousand words, while graduates achieve somewhere around 23 thousand words. It’s a subject [Alex Eames] became interested in after reading a BBC article on it, and he decided to write his own software to produce a personal estimate.

His Python script takes the Scrabble word list, and presents the user with a list of words, for each one of which they have to indicate their comprehension. After a hundred words have been presented it calculates an estimate of the size of the user’s vocabulary. [Alex] wrote it on and for the Raspberry Pi, but it should work quite happily on any platform with Python 3. It certainly had no problem with our Ubuntu-based PC.

There is plenty of opportunity for bragging over the size of one’s vocabulary with a script like this one, but it’s something of a statistical leveler in that if you are truthful in your responses it will almost certainly put you exactly where you might expect for your age or level of education. If you want to know the result this script returned for a Hackaday scribe, for example, the answer is 23554.

This subject is a slight departure into software from our usual hardware subject matter, but it’s one of those tests that becomes rather a consuming interest when performed competitively among a group of friends. How well will you fare?

Via [Recantha]

Scanning Parts Into KiCad

You do not know how to make a PCB unless you can make your own parts. [Jan] knows this, but like everyone else he checked out the usual online sources for a footprint for an SD card socket before making his own. It turns out, this SD card socket bought from an online marketplace was completely undocumented. Not only was an Eagle or KiCad footprint unavailable, but CAD files showing the dimensions of the part were non-existent. A solution had to be devised.

Instead of taking calipers and finely measuring all the pads on this SD card socket – a process that would surely fail – [Jan] decided to use a flatbed scanner to trace out the part. The part was placed on the glass and scanned at 300 dpi with a convenient reference object (a public transport card) in the same picture. This picture was imported into a CAD package, scaled to the correct ratio, and exported as a DXF. Since KiCad readily accepts importing DXFs, the CAD file was easily accessed, traced over, and a new part created.

From start to finish, making the footprint for this no-name, off-brand SD card socket took fifteen minutes. That’s nothing compared to the time it would take to manually measure each of the pads, draw a footprint, and print out the footprint at 1:1 scale to see if it matched up several times. It’s awesome work, and a great reminder that the best tools are usually right in front of you.