Orka Controls the (Pi) World

If you deploy a lot of Raspberry Pi computers, you might find it inconvenient to log into each one to perform different tasks. Orka, an open source project by [Karthik K], is a server that runs on a desktop PC (Windows, Linux, or Mac) and can control multiple Orka clients (that can run on a Pi, or a desktop PC). We understand that [Karthik K] is looking for Mac testers, by the way.

From the server, you can execute commands and create tasks. You can also receive notification when a client PC reaches a threshold (for example, over temperature or too much CPU or RAM usage). You can open a shell on a client and do other operations.

Continue reading “Orka Controls the (Pi) World”

LastPass Happily Forfeits Passwords to Simple Javascript

Lastpass is a great piece of software when it comes to convenience, but a recent simple hack shows just how insecure software like it can be. [Mathias Karlsson] nabbed a nice $1000 bounty for its discovery.

Lastpass’s auto-fill works by injecting some html into the website you’re visiting. It runs a bit of Javascript to parse the URL. However, the parsing script was laughably vague. By changing the URL of the page, inserting a few meaningless-to-the server slugs into the URL, an attacker could get Lastpass to give it a password and username combo for any website.

The discussion in the HackerNews comment section more-or-less unilaterally agreed that most systems like this have their glaring flaws, but that the overall benefits of having secure passwords generated and managed by software was still worth the risk when compared to having a few commonly reused passwords over multiple sites.

One could get a more secure key manager by using software like KeePass, but it’s missing some of the convenience factor of remote-based services and relies on a user protecting their key files adequately.

Still, as scary as they are, openly discussing hacks like this after responsible disclosure is good because they force companies like Lastpass, who have some very big name clients, to take their code review and transparency more seriously.

Very Clever 555 Bassline Synth/Sequencer

If we had a dime for every 555-based noisemaker circuit we see… But this one’s got a twist.

[Tristan] does two things that elevate his sawtooth-wave noisemaker above the norm. First, he gets a clean sawtooth wave out of it so that it sounds about right. Then he manages to make it more or less playable. It’s a refined version of a classic hack.


The first trick is a matter of putting a constant current supply upstream of the timing capacitor. The usual 555-timer circuit just charges the capacitor up from the power rails through a resistor. This is fine if all you care about is timing. But because the current is proportional to the constantly dropping voltage difference, the voltage on the capacitor is an exponential function over time.

A simple transistor current source linearizes the waveform in no time. Raw sawtooth waves are “rich in harmonics” which is synth-geek code for “a bit grating”, but it will surely do well with a little filtering. The Javascript suggests that he’s already thinking in that direction, but we’re going to need video proof!

The second cool trick up [Tristan]’s sleeve is the light-dependent resistor (LDR) that determines the pitch. Yeah, we’ve all made those before — the light-dependent “Theremin”. But [Tristan] took the extra step and wrote up a Javascript application that makes his monitor brighter and darker, enabling him to get musical pitches out of the gizmo.

We’ve always wanted to implement LED-to-LDR control while writing the Logic Noise series, but never found a reliable way to make it work. It’s cool to see [Tristan]’s efforts. Maybe we’ll pull a 555 out of the junk box in his honor.

Forty-Year-Old Arcade Game Reveals Secrets of Robot Path Planning

What’s to be gained from reverse engineering a four-decade-old video game? As it turns out, quite a lot, and as you’ll learn from [Norbert]’s recent talk at the ViennaJS meetup, it’s not just about bringing a classic back to life.

The game in question is Kee Game’s Sprint 2, a monochrome 2D car race that allowed two players to compete head to head. The glorious Harvest Gold and Burnt Orange color scheme just screams 1970s, and it might be hard to see why this game was once a popular quarter-eater. But it was quite engaging for the day, and [Norbert] was interested in reverse engineering it. That he did, using JavaScript to build a faithful browser-based emulation of the game. And he took it further, creating a 3D first-person version of the game.

Continue reading “Forty-Year-Old Arcade Game Reveals Secrets of Robot Path Planning”

V8 Javascript Fixes (Horrible!) Random Number Generator

According to this post on the official V8 Javascript blog, the pseudo-random number generator (PRNG) that V8 Javascript uses in Math.random() is horribly flawed and getting replaced with something a lot better. V8 is Google’s fast Javascript engine that they developed for Chrome, and it’s used in Node.js and basically everywhere. The fact that nobody has noticed something like this for the last six years is a little bit worrisome, but it’s been caught and fixed and it’s all going to be better soon.

In this article, I’ll take you on a trip through the math of randomness, through to pseudo-randomness, and then loop back around and cover the history of the bad PRNG and its replacements. If you’ve been waiting for an excuse to get into PRNGs, you can use this bizarre fail and its fix as your excuse.

But first, some words of wisdom:

Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.
John von Neumann

John von Neumann was a very smart man — that goes without saying. But in two sentences, he conveys something tremendously deep and tremendously important about random variables and their mathematical definition. Indeed, when you really understand these two sentences, you’ll understand more about randomness than most everyone you’ll meet.

Continue reading “V8 Javascript Fixes (Horrible!) Random Number Generator”

The Worst CAD Package Ever is Still Handy

A lot of great schematics wind up on the back of bar napkins or diner place mats. When inspiration strikes, you have to capture it, after all. Today, you are as likely to draw schematics on a computer and there are plenty of options for that; if you can install software your options are almost limitless. And if you have a modern Web browser, there are lots of good options that don’t even require an install.

But what about those times when you need a quick schematic to pop into a presentation? You are on some ancient conference room computer where you can’t install anything and it’s still running a browser that understands the <BLINK> tag? Try out the Klunky Schematic Editor. Your browser will need Javascript, but that’s about all. No HTML 5 or anything fancy.

Continue reading “The Worst CAD Package Ever is Still Handy”

JavaScript for the ESP8266

The ESP8266 is a popular WiFi chip that provides a relatively transparent connection between the TX and RX pins of a microcontroller and a WiFi network. It was released a little more than a year ago, and since then developers and hardware hackers have turned the ESP into much more than a serial to WiFi bridge. It’s a microcontroller platform unto itself, with a real development environment and support for the scripting language Lua.

Lua is okay, but a real win would be a JavaScript interpreter for this tiny WiFi platform. It’s taken months of work, but finally there’s an open source version of JavaScript available for the ESP8266.

This build is based on the Espruino firmware, a JavaScript interpreter for microcontrollers. This interpreter runs on dozens of different microcontrollers, but being the latest, greatest, and most popular new microcontroller platform means a new solution for the ESP is very, very exciting.

Right now the JS interpreter for the ESP is in testing, with expectations high that everything will be brought over into the main branch of the Espruino firmware. There are samples of JavaScript running on the ESP available, and binaries that can be flashed onto an ESP are available here.

Thanks [Richard] for sending this one in. He’s set up an Espruino board on the ESP8266 community forum, that should eventually be filled with new examples of JavaScript running on an ESP.