The Dark Side Of Package Repositories: Ownership Drama And Malware

At their core, package repositories sound like a dream: with a simple command one gains access to countless pieces of software, libraries and more to make using an operating system or developing software a snap. Yet the rather obvious flip side to this is that someone has to maintain all of these packages, and those who make use of the repository have to put their faith in that whatever their package manager fetches from the repository is what they intended to obtain.

How ownership of a package in such a repository is managed depends on the specific software repository, with the especially well-known JavaScript repository NPM having suffered regular PR disasters on account of it playing things loose and fast with package ownership. Quite recently an auto-transfer of ownership feature of NPM was quietly taken out back and erased after Andrew Sampson had a run-in with it painfully backfiring.

In short, who can tell when a package is truly ‘abandoned’, guarantee that a package is free from malware, and how does one begin to provide insurance against a package being pulled and half the internet collapsing along with it?

Continue reading “The Dark Side Of Package Repositories: Ownership Drama And Malware”

Google’s Pigweed For ARM Development Is A Nice Surprise

Setting up an environment for Embedded Development was traditionally a pain and so vendors provide integrated development environments to help bridge the gap. Google has open-sourced their version of an embedded targeted environment designated as embedded-targeted libraries which they trademarked Pigweed.

Google trademarked Pigweed with the U.S. Patent and Trademark Office in February and it popped up on the Google Open Source Blog along with some details.

The repository contains what Google is calling modules but taking a better look reveals that it a little more than that. Packaged in a Python Virtual Environment is a number of tools including an ARM compiler, the clang-format tool and Python 3.8 interpreter which runs more than a few things. The modules that come with Pigweed assist developers by running micro-automations such as the pw_watch module that monitors files for change and triggers a build, test and even flash and debug on hardware. There is also a module that allows pre-submit checks such as linting and formatting.

Google still does not consider this offering production ready though from what we have seen so far, it is a great place for many to start experimenting with for their embedded development automation needs. Anyone tried it out yet?

If you have been inspired with the amazing powers of automation and want to dive in yourself, have a look at Software Development in BASH and Continuous Integration with Python.

 

Open-Source ARM Development Simplified

The ARM series of processors are an industry standard of sorts for a vast array of applications. Virtually anything requiring good power or heat management, or any embedded system which needs more computing power than an 8-bit microcontroller is a place where an ARM is likely found. While they do appear in various personal computers and laptops, [Pieter] felt that their documentation for embedded processors wasn’t quite as straightforward as it could be and created this development board which will hopefully help newbies to ARM learn the environment more easily.

Called the PX-HER0, it’s an ARM development board with an STM32 at its core and a small screen built in. The real work went in to the documentation for this board, though. Since it’s supposed to be a way to become more proficient in the platform, [Pieter] has gone to great lengths to make sure that all the hardware, software, and documentation are easily accessible. It also comes with the Command Line Interpreter (CLI) App which allows a user to operate the device in a Unix-like environment. The Arduino IDE is also available for use with some PX-HER0-specific examples.

[Pieter] has been around before, too. The CLI is based on work he did previously which gave an Arduino a Unix-like shell as well. Moving that to the STM32 is a useful tool to have for this board, and as a bonus everything is open source and available on his site including the hardware schematics and code.

A Super-Brain For An E-bike

There’s no better way of improving a project than logging data to make informed decisions on future improvements. When it came to [Brian]’s latest project, an electric bike, he wanted to get as much data as he could from the time he turned it on until the time he was finished riding. He turned to a custom pyBoard-based device (and wrote it up on Hackaday.io), but made it stackable in order to get as much information from his bike as possible.

This isn’t so much an ebike project as it is about a microcontroller platform that can be used as a general purpose device. All of the bike’s controls flow through this device as a logic layer, so everything that can possibly be logged is logged, including the status of the motor and battery at any given moment. This could be used for virtually any project, and the modular nature means that you could scale it up or down based on your specific needs. The device is based on an ARM microcontroller so it has plenty of power, too.

While the microcontroller part is exceptionally useful ([Brian] talks about some of its other uses here and gives us even more data on his personal webpage), we shouldn’t miss the incredible bike that [Brian] built either. It has a 3 kW rear hub motor and can reach speeds of around 60 mph. While we let the commenters below hash out the classic argument of “bicycle vs. motorcyle” we’ll be checking out some electric vehicles that are neither.

File Systems For Tiny Devices

Sometimes you build a computer and use it every day. Sometimes you build a different type of computer and it sits alone on a mountaintop for years. The design considerations for these two setups are remarkably different, right down to the type of file system used. For small computers like [Jo] is using, and for the amount of time they sit alone in remote locations, he decided to build his own file system for them.

Known as JesFs ([Jo]’s embedded serial File system), the file system is for SPI Flash and intended for use in scientific data logging. It can be used on the chip-scale processors found in many development boards, and is robust enough to use in applications where remoteness is a concern. It has a small RAM footprint, is completely open source, includes wear leveling, and has a number of security features built-in as well.

Some of the benefits of using a file system on such a tiny chip aren’t immediately obvious unless you’re doing a lot of data logging, but it does allow you to change virtually any aspect of the firmware much more easily if everything is accessible as a file, and not something you would have to change by reflashing the whole chip, for example. There are also a number of traps that you can easily fall into when working with file systems for tiny devices.

School’s In Session With Arduboy Curriculum

It’s hard not to be impressed by the Arduboy. In just a few short years, [Kevin Bates] went from proof of concept to a successful commercial product without compromising on his original open source goals. Today, anyone can develop a game for the Arduboy and have it distributed to owners all over the world for free. If you’ve ever dreamt of being a game developer, the Arduboy community is for you.

Realizing the low-cost hardware and open source software of the Arduboy makes it an excellent way to learn programming, [Kevin] is now trying to turn his creation into a legitimate teaching tool. He’s kicking off this new chapter in the Arduboy’s life with a generous offer: giving out free hardware to educators all over the world. Anyone who wants to be considered for the program just needs to write-up a few paragraphs on how they’d utilize the handheld game system in their class.

[Kevin] already knows the Arduboy has been used to teach programming, but those have all been one-off endeavours. They relied on a teacher that was passionate enough about the Arduboy to put in their own time and effort to create a lesson plan around it. So one of the main goals right now is getting an official curriculum put together so educators won’t have to start from scratch. The community has already developed 16 free lessons, but they’re looking for help in creating more and translating them into other languages.

While the details are still up in the air, [Kevin] also plans to travel to schools personally and help them get their Arduboy classes off the ground. He’s especially interested in developing countries and other areas that are disadvantaged educationally. Believing that the Arduboy is as much a way to teach effective leadership and teambuilding as it is programming, he thinks this program can truly make a difference.

Since [Kevin] first Rickrolled us with his prototype in 2014, we’ve seen the Arduboy project spread like wildfire through the hacker community. From figuring out how to play its games on other gadgets to developing an expansion cartridge for the real thing, the Arduboy has already done its fair share of inspiring. Here’s hoping it has just as much of an impact on the next generation of hackers once they get their hands on it.

The Joy Of Properly Designed Embedded Systems

The ages-old dream of home automation has never been nearer to reality. Creating an Internet of Things device or even a building-wide collection of networked embedded devices is “easy” thanks to cheap building blocks like the ESP8266 WiFi-enabled microcontroller. Yet for any sizable project, it really helps to have a plan before getting started. But even more importantly, if your plan is subject to change as you work along, it is important to plan for flexibility. Practically, this is going to mean expansion headers and over-the-air (OTA) firmware upgrades are a must.

I’d like to illustrate this using a project I got involved in a few years ago, called BMaC, which grew in complexity and scope practically every month. This had us scrambling to keep up with the changes, while teaching us valuable lessons about how to save time and money by having an adaptable system architecture.

Continue reading “The Joy Of Properly Designed Embedded Systems”