Day: October 6, 2016

Life On Contract: How To Have A Meeting

October 6, 2016 by 22 Comments

Meetings can actually be useful. It’s hard to believe, but they can actually save time if done right. While most of us are in a perpetual state of torture by Kevin in marketing holding another three-hour meeting during lunch hours, there are a few of us who know their hidden power when put in the right hands.

Working as a contractor, wasted meetings mean wasted billable hours. Even wasted meeting time is covered in the cost of the contract it runs the risk of giving the client the impression that you’re not as productive as originally thought. Organized, productive meetings show that you know what you’re doing and that the cost of your services as a whole is a good value. Yeah, some meetings suck but they are necessary and should be productive.

A meeting needs three things to be worth the time spent on it.

  1. A well prepared for, simple, and clear agenda.
  2. A time limit.
  3. Something needs to be written down at the end of it.

I’ll start with the third item as it shapes the rest. The point of a meeting is to have something to write down at the end of the meeting. Any meeting that ends up in anything requiring fallible human memory was a waste of everyone’s time. This includes, verbal agreements, handshake agreements, ideating (pronounced idioting), brainstorming, think tanking, and the like.

Continue reading “Life On Contract: How To Have A Meeting”

Driving 16 WS2812B Strips With GPIOs And DMA

October 6, 2016 by 8 Comments

[Martin Hubáček] wrote in with his WS2812 LED library for the STM32F3 series processors. [Martin]’s library takes the same approach as [Paul Stoffregen]’s OctoWS2811 for the Teensy, and [Erich Styger]’s for the Freescale FRDM-K64F board. That is, it uses three DMA channels to get the signal out as fast as possible.

Continue reading “Driving 16 WS2812B Strips With GPIOs And DMA”

How To Become Part Of An IoT Botnet

October 6, 2016 by 28 Comments

We should all be familiar with the so-called Internet Of Things, a proliferation of Internet-connected embedded electronics. The opportunities offered to hardware hackers by these technologies have been immense, but we should also be aware of some of the security issues surrounding them.

Recently, the website of the well-known security researcher [Brian Krebs] suffered a DDoS attack. What made this attack different from previous ones wasn’t its severity, but that it had been directed not from botnets of malware-laced Windows PCs but from compromised IoT devices.

One might ask how it could be possible to take control of such low-end embedded hardware, seeing as it would normally be safely behind a firewall, preloaded with its own firmware, and without a clueless human at its terminal to open malware-laden email attachments. The answer is quite shocking but not entirely surprising, and lies in some astonishingly poor security on the part of the devices themselves. An exposé of one such mechanism comes courtesy of [Brian Butterly], who took an unremarkable IP webcam and documented its security flaws.

The camera he examined exposes two services, a web interface and a Telnet port. While from a security perspective their lack of encryption is a concern this should not pose a significant danger when the device is safely on a private network and behind a suitable firewall. The problem comes from its ability to send its pictures over the Internet, for the owner to be able to check their camera from their phone some kind of outside access is required. Expensive cameras use a cloud-based web service for this task, but the cheap ones like the camera being examined simply open a port to the outside world.

If you are familiar with basic firewall set-up, you’ll be used to the idea that open ports are something that should be under control of the firewall owner; if a port has not been specifically opened then it should remain closed. How then can the camera open a port? The answer lies with UPnP, a protocol enabled by default on most home routers that allows a device to request an open port. In simple terms, the camera has an inherently insecure service which it asks the router to expose to the world, and in many cases the router meekly complies without its owner being any the wiser. We suspect that many of you who have not done so already will now be taking a look at your home router to curtail its UPnP activities.

We covered the [Brian Krebs] DDoS story  as it unfolded last week, but we’re sure this is likely to be only the first of many stories in this vein. As manufacturers of appliances struggle to learn that they are no longer in the dumb appliance business they need to start taking their software security very seriously indeed.

Webcam image: Asim18 (Own work) [CC BY-SA 3.0], via Wikimedia Commons.