The Dark Side Of Package Repositories: Ownership Drama And Malware

September 8, 2021 by Maya Posch 77 Comments

At their core, package repositories sound like a dream: with a simple command one gains access to countless pieces of software, libraries and more to make using an operating system or developing software a snap. Yet the rather obvious flip side to this is that someone has to maintain all of these packages, and those who make use of the repository have to put their faith in that whatever their package manager fetches from the repository is what they intended to obtain.

How ownership of a package in such a repository is managed depends on the specific software repository, with the especially well-known JavaScript repository NPM having suffered regular PR disasters on account of it playing things loose and fast with package ownership. Quite recently an auto-transfer of ownership feature of NPM was quietly taken out back and erased after Andrew Sampson had a run-in with it painfully backfiring.

In short, who can tell when a package is truly ‘abandoned’, guarantee that a package is free from malware, and how does one begin to provide insurance against a package being pulled and half the internet collapsing along with it?

Continue reading “The Dark Side Of Package Repositories: Ownership Drama And Malware” →

A computer green screen image of an IRC message of the day

IRC Server For MS-DOS

August 28, 2021 by Chris Wilkinson 17 Comments

The recent flurry of projects based around Internet Relay Chat (IRC) should be a fair indication that the beloved protocol is not going anywhere. Now, thanks to [Mike Chambers], you can add to the IRC ecosystem by hosting your very own MS-DOS based IRC server.

This port of ngIRCd (Next Generation IRC Daemon) has already been spun up on 8088-based PCs running at just 4.77MHz, but you’ll still need at least 640KB of RAM. If your vintage IRC server takes off, you might want to think about dropping in an 10MHz V20 for a bit of a performance boost. Even so, it’s impressive that this server can get up on the 40-year-old IBM 5150, and should absolutely scream on an AT-class system.

The limitations of the 16-bit platform means that SSL and ZLIB are unsupported, and Mike has capped total connections at 50 in his port (however, this limitation can be adjusted by rebuilding from source, should you want to find out how far 640KB of RAM can take you). You’ll also need a few other things to get your server up and running, such as a packet driver for your network card and an mTCP configuration file.

Setting up your own IRC server is arguably a ~~right~~ rite of passage for most hackers and tinkerers, but getting this up and running on a decades-old beige box would make for a fun weekend project. [Mike] has all the juicy details on GitHub, and you can check out a test server running the latest build over at irc.xtulator.com.

Also, don’t forget to visit the #hackaday IRC channel over on irc.libera.chat.

[Thanks Sudos for the hot tip]

Bar code shown in a 3D plain in Vaporwave Aesthetic

Tech In Plain Sight: Check Digits And Human Error

August 25, 2021 by Al Williams 31 Comments

Computers in working order and with correct software don’t make mistakes. People, however, make plenty of mistakes (including writing bad software or breaking computers). In quality circles, there’s a Japanese term, poka yoke, which roughly means ‘error avoidance’. The idea is to avoid errors by making them too obvious for them to occur. For example, consider a SIM card in your phone. The little diagonal corner means it only goes in one way. If you put it in the wrong way, it is obviously wrong.

To be successful at poka yoke, you have to be able to imagine what a user might do wrong and then come up with some way to make it obvious that it is wrong. There are examples of this all around us and we sometimes don’t even know it. For example, what do your credit card number, your car’s VIN code, and a UPC code on a can of beans have in common?

Continue reading “Tech In Plain Sight: Check Digits And Human Error” →

SQLite On The Web: Absurd-sql

August 24, 2021 by Matthew Carlson 12 Comments

Love it or hate it, the capabilities of your modern web browser continuously grow in strange and wild ways. The ability for web apps to work offline requires a persistent local storage solution and for many, IndexedDB is the only choice as it works across most browsers and provides a database-like interface. However, as [James Long] found, IndexedDB is painfully slow on chrome and limited in querying ability. He set out to bring a tool he was familiar with, SQLite, and bring it to the web browser as absurd-sql.

Why absurd? Partially because most browsers (not chrome) implement IndexedDB on top of SQLite. So for many browsers, it is just SQLite on top of IndexedDB on top of SQLite. Luckily for [James] there already was a project known as sql.js that uses emscripten to compile the C-based SQLite into WebAssembly. However, sql.js uses an in-memory storage backing and all data is lost when refreshing the page. [James] tweaked SQLite’s method of reading and writing blocks. Instead of being memory backed, he added a layer to read and write blocks from IndexedDB. This means that only sections of the database need to be read in, bringing in huge performance gains.

That brings us to the other reason why it’s absurd. On chrome (as well as Firefox), absurd-sql beats IndexedDB on almost every benchmark. A query like SELECT SUM(*) FROM kv led to stunning results.

So what’s the downside? Other than a somewhat large WebAssembly file that needs to get downloaded (409KB) and cached, there really isn’t. Of course, it’s not all roses when it comes to web development. Native SQLite runs 2-3 times faster than absurd-sql, which demonstrates how slow IndexedDB really is.

There are other storage standards on the horizon for web browsers, but locking becomes an issue. SQLite expects synchronous reads and writes because it’s just simple C. IndexedDB and other storage solutions are asynchronous as the event loop of Javascript lends itself well to that model. Absurd-sql gets around that by creating a SharedArrayBuffer that is shared with a worker process. The atomics API is used to communicate with the buffer. In particular, atomics.wait() allows the worker to block main thread execution until the read or write has finished. From the perspective of SQLite, the operations are synchronous. IndexedDB provides transactions so multiple connections can happen (for example multiple tabs open). Multiple readonly transactions can occur in parallel but only one readwrite transaction can be in flight.

Why not pull up your browser and start playing around with it? You’re already doomed to learn WebAssembly anyway.

Inkplate Comes Full Circle, Becomes True Open Reader

August 20, 2021 by Tom Nardi 15 Comments

Regular readers will likely remember the Inkplate, an open hardware electronic paper development board that combines an ESP32 with a recycled Kindle screen. With meticulous documentation and full-featured support libraries for both the Arduino IDE and MicroPython, the Inkplate makes it exceptionally easy for hackers and makers to write their own code for the high-quality epaper display.

Now, thanks to the efforts of [Guy Turcotte], the Inkplate family of devices can now boast a feature-rich and fully open source ereader firmware. The project started in October of last year, and since then, the codebase has been steadily updated and refined. Nearing its 1.3 release, EPub-InkPlate has most of the functions you’d expect from a modern ereader, and several that might take you by surprise.

For one thing, [Guy] has taken full advantage of the ESP32 microcontroller at the heart of the Inkplate and implemented a web server that lets you manage the reader’s library from your browser. This allows books in EPUB v2 and v3 formats to be uploaded and saved on the Inkplate’s SD card without any special software. There’s currently support for JPG, PNG, BMP, and GIF images, as well as embedded TTF and OTF fonts.

As of this writing EPub-InkPlate supports both the six and ten inch Inkplate variants, and uses the touch pads on the side of the screen for navigation. While it’s on the wishlist for the final 1.3 release, the project currently doesn’t support the Inkplate 6PLUS; which uses the backlit and touch compatible displays pulled from Kindle Paperwhites. With shipments the new 6PLUS model reportedly going out in November, hopefully it won’t be long before its enhanced features are supported.

With the rising popularity of ebooks, it’s more important than ever that we have open hardware and software readers that work on our terms. While they may never compete with the Kindle in terms of units sold, we’re eager to see projects like EPub-InkPlate and the Open Book from [Joey Castillo] mature to the point that they’re a valid option for mainstream users who don’t want to live under Amazon’s thumb.

Continue reading “Inkplate Comes Full Circle, Becomes True Open Reader” →

ATtiny85 on circuit board with 2n2222, pushbutton, usb-c power connector, LED, and speaker.

Custom Compression Squeezes Classic Computer Choruses Into A Tiny Controller

August 19, 2021 by Ryan Flowers 14 Comments

Geeks of a certain vintage will have fond memories of games that were simplistic by today’s standards, but drew one in all the same. Their low fidelity graphics were often complimented by equally low fidelity music being forced through the afterthought of a speaker that inhabited most computers. Despite the technical constraints of the era, these games didn’t just offer gameplay. They told stories, and they were immersive in a way that some would think wouldn’t be relatable to a younger generation.

That didn’t stop [Thanassis Tsiodras] from sharing the classic “The Secret of Monkey Island” with his niece and nephew when they were young. Excited to see his family after a year of separation due to COVID-19, [Thanassis] wanted to give them a handmade gift: The music from “The Secret of Monkey Island” on a custom player. What an uncle!

[Thanassis] could have just recorded the music and played it back using any number of chips made for the purpose, but being a long time software engineer, he decided to take the scenic route to his destination. First, DOSBox was hacked to dump the speaker output into a file. Python, C, and 30 years of experience were leveraged to squeeze everything into the 8 KB storage of an ATtiny85. Doing so was no small feat, as it required that he create a custom implementation of Huffman compression to get the data small enough to fit on chip. And when it fit, but didn’t work, even more optimization was needed.

The end result was worth it however, with the music from “The Secret of Monkey Island” playing in its original form from a speaker driven by the ever so humble but useful 2n2222. [Thanassis]’ site is replete with details too intricate to post here, but too neat to miss. Watch the video below the break for a demonstration.

Continue reading “Custom Compression Squeezes Classic Computer Choruses Into A Tiny Controller” →

Robot Pet Is A Chip Off The Old Logic Block

August 15, 2021 by Ryan Flowers 10 Comments

When [Ezra Thomas] needed inspiration for his senior design project, he only needed to look as far as his own robot. Built during his high school years from the classic 1979 Frank DaCosta book “How to Build Your Own Working Robot Pet”, [Ezra] had learned the hard way the many limitations and complexities of the wire wrapped 74xx series logic chips surrounding its 8085 processor.

[Ezra] embarked on a quest to recreate the monstrosity in miniature, calling it Pet on a Chip. Using a modern FPGA chip allows the electronics to shrink by an order of magnitude and provides flexibility for future expansion. Implementing an 8 bit CPU on the amply sized FPGA left plenty of room for a VGA GPU, motor controller, serial UART, and more. Programming the CPU is handled by a custom assembler written in Python.

The results? Twelve times less weight, thirteen times less power draw, better performance, and a lot of room for growth. [Ezra] hints at an I2C bus expansion as well as a higher level programming language to make software development less of a hurdle.

The Pet On A Chip is a wonderfully engineered project and we hope that we’ll be seeing more such from [Ezra] as time goes by. Watch his Pet On A Chip in action in the video below the break.

If [Ezra]’s FPGA escapades have you wondering how to get started, you can check out this introduction to FPGA from the 2019 Hackaday Superconference. And if you have your own FPGA creation to share, please let us know via the Tip Line!

Continue reading “Robot Pet Is A Chip Off The Old Logic Block” →