The PhorsePOV by [Julian Skidmore] almost slipped by, but we thought it was a nice easy hack for your Memorial Monday. The gadget uses an ATTINY25 to drive 6 LEDs aren’t standard characters 7 units high? Which when waved in the air produces a readable message. What we were really interested in is the use of a single button for text entry, called Phorse code, or an “easier to learn and remember” version of Morse code. While it seemed silly at first, most of us here could enter messages within a few minutes of trying.
In case you missed it back in June, the Palm Pre was rooted by extracting the Root ROM from a Palm tool used to reset a device with damaged software. A lot has been learned from examining the code inside that ROM but we’re most amused by one thing in particular. If you grew up in the 80’s there’s a pretty good chance you know the Konami Code by heart. So did the developers of WebOS, the firmware running on the Palm Pre. By inputting the familiar (UpUpDownDownLeftRightLeftRightBA) set of gestures the handset enters Developer mode for connection to the SDK which was leaked last summer but is now in open release.
If you’re more of a code monkey than artist, it may be tough to transform your ideas into the 3D models necessary for fabbing. The folks working on openSCAD apparently feel our pain.
openSCAD uses a language somewhat reminiscent of C for creating models. A preview of the model is rendered alongside your code. Fully cross-platform, it runs on Linux, OS X, and Windows. Much like SketchUp, openSCAD can also extrude 2D outlines into models. This feature comes in very useful if one already has a set of technical drawings for a part. With no price tag, it’s pretty affordable during this costly season.
Have you heard the latest track by gzip? Maybe it’ll end up on a “Greatest Hits” album alongside Philip Glass.
Visualization techniques such as animated algorithms can help programmers better grasp the abstract theories that make software work. Could auralization, the sound equivalent of visualization, provide similar insights? Postgrad student (and J. S. Bach fan) [Cessu] developed a program to do just that. By carefully mapping registers to notes, and slowing the tempo to a human timescale, the result is a cacophonous machine that offers a glimpse into the operation of various programs. You might find the resulting minimalist “music” insightful, entertaining…or maybe just incredibly grating.
Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced
hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]’s fuzzing talk while at Toorcon 9.
The pair will be allowed to use their own equipment, but they won’t see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don’t have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.