Hackaday Prize Entry: NetBOOT Powercycles Your Modem When You Can’t

August 22, 2015 by Kevin Dady 20 Comments

Many people have their home network setup with a dynamic dns service in order to remote access their files, printers, or Pi based security camera systems. Many people also suffer from less than stellar internet connectivity and find themselves unable to access their home system due to a stalled signal.

netBOOT is an Arduino based device that automatically resets your modem for you, when you are unable to. Core of the system is a standard issue ATMEGA328p based Arduino board combined with a W5100 Ethernet module, and a relay module. The software on the Arduino periodically pings a list of IP addresses and listens for a response. If none is found within 3 tries the relay module, which is connected inline with the DC power of your modem, is clicked open for 10 seconds and then returned closed. Once your modem has rebooted and re-synced everything should be good to go.

We don’t remember seeing this feature in the list of specs for Google’s new OnHub. The ability to reset bad connections seems like a feature that should be built into future-thinking routers, right?

The 2015 Hackaday Prize is sponsored by:

Amazon Dash: Hack It To Run Your Own Code

August 12, 2015 by Richard Baguley 50 Comments

The Amazon Dash is a $5 push-to-buy-cat-litter button which has excellent potential for repurposing, but you need to know what is going on inside first. [Tony Dicola] has the details in this excellent bare metal guide to the Dash. In this, he covers how to get inside the Dash and reprogram it to do something more interesting than buying cat litter.

He first cracks the device open, connecting a programmer, then building a toolchain to compile programs to run on. This isn’t for the faint-hearted because you are programming directly for a device that wasn’t really built for it, but [Tony] has posted examples and there are few tools to hold your hand on the way. There is a safety net, [Tony] provided details on how to reset the Amazon Dash Button if you manage to brick it.

We have seen some interesting hacks that repurpose the Dash to capture your child’s bowel movements by intercepting the device connecting to WiFi, but this guide takes it a step further. It allows you to run your own code, which turns this into a really low-cost and well-engineered all-in-one WiFi device. The missing piece is proof-of-concept code to run the WiFi module inside. If you’re working on that we’d love to hear about it!

Continue reading “Amazon Dash: Hack It To Run Your Own Code” →

44 Mac Pros Racked Up To Replace Each Rack Of 64 Mac Minis

July 31, 2015 by Mike Szczys 74 Comments

We were delighted at a seeing 96 MacBook Pros in a rack a couple of days ago which served as testing hardware. It’s pretty cool so see a similar exquisitely executed hack that is actually in use as a production server. imgix is a startup that provides image resizing for major web platforms. This means they need some real image processing horsepower and recently finalized a design that installs 44 Mac Pro computers in each rack. This hardware was chosen because it’s more than capable of doing the heavy lifting when it comes to image processing. And it turns out to be a much better use of rack space than the 64 Mac Minis it replaces.

Racking Mac Pro for Production

Each of the 11 R2 panels like the one shown here holds 4 Mac Pro. Cooling was the first order of business, so each panel has a grate on the right side of it for cold-air intake. This is a sealed duct through which one side of each Pro is mounted. That allows the built-in exhaust fan of the computers to cool themselves, pulling in cold air and exhausting out the opposite side.

Port access to each is provided on the front of the panel as well. Connectors are mounted on the right side of the front plate which is out of frame in this image. Power and Ethernet run out the back of the rack.

The only downside of this method is that if one computer dies you need to pull the entire rack to replace it. This represents 9% of the total rack and so imgix designed the 44-node system to deal with that kind of processing loss without taking the entire rack down for service.

Why This Bests the Mac Mini

3 racks - Linux. Mac Min, Mac Pro — 3 racks – Linux. Mac Min, Mac Pro

Here you can see the three different racks that the company is using. On the left is common server equipment running Linux. In the middle is the R1 design which uses 64 Mac Minis for graphic-intensive tasks. To the right is the new R2 rack which replace the R1 design.

Obviously each Mac Pro is more powerful than a Mac Mini, but I reached out to imgix to ask about what prompt them to move away from the R1 design that hosts eight rack panes each with eight Mac Minis. [Simon Kuhn], the Director of Production, makes the point that the original rack design is a good one, but in the end there’s just too little computing power in the space of one rack to make sense.

Although physically there is room for at least twice as many Mac Mini units — by mounting them two-deep in each space — this would have caused several problems. First up is heat. Keeping the second position of computers within safe operating temperatures would have been challenging, if not impossible. The second is automated power control. The R1 racks used two sets of 48 controllable outlets to power computers and cooling fans. This is important as the outlets allow them to power cycle mis-behaving units remotely. And finally, more units means more Ethernet connections to deal with.

We having a great time looking that custom server rack setups. If you have one of your own, or a favorite which someone else built, please let us know!

[Thanks to drw72 for mentioning R2 in a comment]

Open Hybrid Gives You The Knobs And Buttons To Your Digital Kingdom

July 30, 2015 by Sonya Vasquez 20 Comments

With a sweeping wave of complexity that comes with using your new appliance tech, it’s easy to start grumbling over having to pull your phone out every time you want to turn the kitchen lights on. [Valentin] realized that our new interfaces aren’t making our lives much simpler, and both he and the folks at MIT Media Labs have developed a solution.

Open Hybrid takes the interface out of the phone app and superimposes it directly onto the items we want to operate in real life. The Open Hybrid Interface is viewed through the lense of a tablet or smart mobile device. With a real time video stream, an interactive set of knobs and buttons superimpose themselves on the objects they control. In one example, holding a tablet up to a light brings up a color palette for color control. In another, sliders superimposed on a Mindstorms tank-drive toy become the control panel for driving the vehicle around the floor. Object behaviors can even be tied together so that applying an action to one object, such as turning off one light, will apply to other objects, in this case, putting all other lights out.

Beneath the surface, Open Hybrid is developed on OpenFrameworks with a hardware interface handled by the Arduino Yún running custom firmware. Creating a new application, though, has been simplified to be achievable with web-friendly languages (HTML, Javascript, and CSS). The net result is that their toolchain cuts out a heavy need for extensive graphics knowledge to develop a new control panel.

If you can spare a few minutes, check out [Valentin’s] SolidCon talk on the drive to design new digital interfaces that echo those we’ve already been using for hundreds of years.

Last but not least, Open Hybrid may have been born in the Labs, but its evolution is up to the community as the entire project is both platform independent and open source.

Sure, it’s not mustaches, but it’s definitely more user-friendly.

Continue reading “Open Hybrid Gives You The Knobs And Buttons To Your Digital Kingdom” →

An Internet Speedometer With A Dekatron

July 30, 2015 by Brian Benchoff 13 Comments

[Sprite_tm], like most of us, is fascinated with the earlier ways of counting and controlling electrons. At a hacker convention, he found an old Dekatron tube hooked up to a simple spinner circuit. The prescription for this neon infatuation was to build something with a Dekatron, but making another spinner circuit would be a shame. Instead, he decided to do something useful and ended up building an Internet Speedometer with this vintage display tube.

Like all antique tubes, the Dekatron requires about 400V to glow. After a bit of Googling, [Sprite] found a project that drives a Dekatron with an AVR with the help of a boost converter. Borrowing the idea of controlling a boost converter with a microcontroller, [Sprite] built a circuit with the Internet’s favorite Internet of Things thing – the ESP8266 – that requires only a 12 volt wall wart and a handful of parts.

Controlling the rotating glow of a Dekatron is only half of the build; this device is an Internet speedometer, too. To read out his Internet speed, [Sprite] is using a managed switch that allows SNMP to read the number of incoming and outgoing octets on a network interface. By writing a simple SNMP client for the ESP8266, the device can read how clogged the Intertubes are, both incoming and outgoing.

With an acrylic case fresh out of the laser cutter and a remarkably good job at bending acrylic with a heat gun, [Sprite] has a tiny device that tells him how much Internet he’s currently using. He has a video of it running a speedtest, you can check that video out below.

Continue reading “An Internet Speedometer With A Dekatron” →

Fooling Google Search Console With Tricky PHP

July 17, 2015 by Rick Osgood 42 Comments

When [Steve] received a notice from Google that a new owner had been added to his Google Search Console account, he knew something was wrong. He hadn’t added anyone to his account. At first he thought it might be a clever phishing tactic. Maybe the email was trying to get him to click a malicious link. Upon further investigation, he discovered that it was legitimate. Some strange email address had been added to his account. How did this happen?

When you want to add a website to Google’s services, they require that you prove that you own the actual website as a security precaution. One method to provide proof is by uploading or creating an HTML file to your website with some specific text inside. In this case, the file needed to be called “google1a74e5bf969ded17.html” and it needed to contain the string “google-site-verification: googlea174e5bf969ded17.html”.

[Steve] logged into his web server and looked in the website directory but he couldn’t find the verification file. Out of curiosity, he tried visiting the web page anyways and was surprised to find that it worked. After some experimentation, [Steve] learned that if he tried to load any web page that looked like “googleNNNNNNN.html”, he would be presented with the corresponding verification code of “google-site-verification: googleNNNNNNNN.html”. Something was automatically generating these pages.

After further investigation, [Steve] found that some malicious PHP code had been added to his website’s index.php page. Unfortunately the code was obfuscated, so he couldn’t determine exactly what was happening. After removing the new code from the index.php file, [Steve] was able to remove the hacker’s email address from [Steve’s] Google account.

This is a very interesting hack, because not only did it allow this one hacker to add himself to [Steve’s] Google account, but it would also have allowed anyone else to do the same thing. This is because each new hacker would have been able to fool Google’s servers into thinking that they had uploaded the verification file thanks to the malicious PHP code. It makes us think that perhaps Google’s verification system should use a separate randomized string inside of the verification file. Perhaps one that can’t be guessed or calculated based on known variables such as the file name.

Panopticlick: You Are A Beautiful And Unique Snowflake

July 16, 2015 by Elliot Williams 42 Comments

We all like to think we’re unique, but when it comes to remaining anonymous online that’s probably not such a good idea. By now, it’s common knowledge that advertising firms, three-letter agencies, and who-knows-who-else want to know what websites you’re visiting and how often. Persistent tracking cookies, third-party cookies, and “like” buttons keep tabs on you at all times.

For whatever reason, you might want to browse anonymously and try to plug some of the obvious sources of identity leakage. The EFF and their Panopticlick project have bad news for you.

The idea behind Panopticlick is simple: to try to figure out how identifiable you are even if you’re not accepting cookies, or if you’ve disabled Flash, or if you’re using “secure” browsers. To create a fingerprint of your browser, Panopticlick takes all the other little bits of identifying information that your browser gives up, and tries to piece them together.

For a full treatment of the project, see this paper (PDF). The takeaway from the project is that the information your browser gives up to servers can, without any cookies, specifically identify you.

For instance, a server can query which plugins your browser supports, and if you’ve installed anything a tiny bit out of the ordinary, you’re fingerprinted. Your browser’s User Agent strings are often over-specific and tell which browser sub-sub-sub version you’re running on which OS platform. If you’re running Flash, it can report back which fonts you’ve got installed on your system. Any of these can be easily as rare as one-in-a-million. Combining them together (unless they’re all highly correlated) can fingerprint you uniquely.

You can’t necessarily win. If you disable Flash, the remote site doesn’t get your font list, but since only one in five browsers runs with Flash disabled, you’re still giving up two bits of information. If you run a “privacy-enhancing” niche browser, your chances of leaving a unique fingerprint go through the roof unless you’re also forging the User Agent strings.

I ran the Panopticlick experiment twice, once with a Firefox browser and once with an obscure browser that I actually use most of the time (dwb). Firefox runs a Flash blocker standard, so they didn’t get my font list. But still, the combination of browser plugins and a relatively new Firefox on Linux alone made me unique.

It was even worse for the obscure browser test. Only one in 1.4 million hits use dwb, so that alone was bad news. I also use a 4:3 aspect-ratio monitor, with 1280×1024 pixels at 24-bit color depth, which is apparently a one-in-twenty-four occurrence. Who knew?

Finally, I tried out the Tor browser, which not only routes your traffic through the Tor network, but also removes a lot of the specific data about your session. It fared much better, making me not uniquely identifiable: instead only one in a thousand. (Apparently a lot of people trying out the Panopticlick site ran Tor browser.)

If you’re interested in online anonymity, using something like Tor to obscure your IP address and disabling cookies is a good start. But Panopticlick points out that it may not be enough. You can never use too many layers of tinfoil when making your hat.

Try it out, and let us know in the comments how you fare.