Using Docker To Sail Through Open-Source Xilinx FPGA Development

Until a few years ago, developing for FPGAs required the use of proprietary locked-down tools, but in the last few years, the closed-source dam has burst, and open-source FPGA tools such as Yosys, SimbiFlow, and Icestorm have come flooding out. Setting up a build environment for these exciting new tools can still be quite a challenge, but [Carlos Eduardo] has decided to make setting up an open-source toolchain for Xilinx FPGAs a breeze with Docker.

His image only has three prerequisites: Docker, Python 3, and OpenOCD (which is used to load your FPGA with your bespoke bitfile). After the Docker image has been built and all of the tools installed, [Carlos] guides you through using Python, FuseSoc, and SymbiFlow to build your first open-source Xilinx FPGA project.

In addition to making setup a whole lot easier, utilizing containers allows the same development environment to be built on Linux, Mac, and Windows (using WSL), which will make life a lot easier for teams working across different OSs.  [Carlos’s] Dockerfile is unique because it supports the popular Artix-7 series of FPGAs — for the Lattice FPGAs that have been supported for a lot longer, there are existing Docker files already up on DockerHub. It’s easier than installing the vendor’s toolchain!

If this has you thinking it might be time to dip your toes into open-source FPGA development, check out this rundown of open-source FPGA tools from the 2019 Superconference.

Codespaces For Embedded Development

We can sympathize with [Benjamin Cabé]. He has a lot of development boards and it has become painful to maintain the many toolchains for each board. We’ve also suffered from upgrading one tool breaks another tool in some obscure way. His solution? Use Github Codespaces which you can get early access for beta testers.

The idea is that you can spin off a container-specific to a GitHub repository that has all the proper versions and dependencies required to work with a project.

If you sign up for the beta, you’ll be on a waitlist, but it is interesting to see [Benjamin] go through the steps. The service is free during the beta and you get two codespaces. Presumably, you’ll eventually be able to pay for more capability.

The idea is good, but we’ll have to see about the implementation. A preconfigured container might move from machine to machine or even to deep storage for later reconstitution. Flashing the binary image to the device looked painful from the browser. We’ve seen it done nicely with, for example, the online Arduino IDE but it did take some installable software helpers to do that.

We’ll be curious about how many different platforms this will support. However, you can roll your own version of this and avoid the cloud using Docker or even a full-blown VM like VirtualBox. Sure, it is more work, but you control your destiny. Add something like Platform.IO and your choice of development tools and you can avoid having so many competing development tools all in your main computer.

Continue reading “Codespaces For Embedded Development”

This Week In Security: HaveIBeenPwned And Facebook Attack Their Customers

We’re fans of haveibeenpwned.com around here, but a weird story came across my proverbial desk this week — [Troy Hunt] wrote a malicious SQL injection into one of their emails! That attack string was a simple ';--

Wait, doesn’t that look familiar? You remember the header on the haveibeenpwned web page? Yeah, it’s ';--have i been pwned?. It’s a clever in-joke about SQL injection that’s part of the company’s brand. An automated announcement was sent out to a company that happened to use the GLPI service desk software. That company, which shall not be named for reasons that are about to become obvious, was running a slightly out-of-date install of GLPI. That email generated an automated support ticket, which started out with the magic collection of symbols. When a tech self-assigned the ticket, the SQL injection bug was triggered, and their entire ticket database was wiped out. The story ends happily, thanks to a good backup, and the company learned a valuable lesson. Continue reading “This Week In Security: HaveIBeenPwned And Facebook Attack Their Customers”

Building IoT Devices The Easy Way

Do you have a Raspberry Pi? What is it being used for right now? If you’re like the majority of people who replied to [Michael Hall’s] poll on Twitter, it’s likely yours is sitting on a shelf doing nothing too. So why not just turn it into an IoT device for your home?

[Michael] wrote an easy-to-follow guide focusing on getting the EdgeX Foundry IoT platform running on the Raspberry Pi. It is designed to be a unified multi-platform base for IoT devices hosted by the Linux Foundation, making it easy to control and integrate them into other systems. The framework for this consists of two parts, a Device Service running on your Pi, and the rest of the services running on a desktop or laptop where you’ll be monitoring it.

His guide goes into detail on how to get both parts working on your computer and your Pi using Docker for ease of installation. As for the IoT device, he uses the built-in PIR sensor example to show how to configure it without having to write any programming. You can then monitor the device’s sensors, which you can just connect straight to the Pi’s GPIO pins, from your desktop. Since the EdgeX software is designed to run on any flavor of Linux, this should make it easy to repurpose any forgotten single-board computer into the beginnings of a home automation system.

However, if you are confident in your programming skills, you’re probably looking for something slimmer such as the ESP8266 family of microcontrollers to do your bidding. Why not try an energy monitor or a smoke detector project with them?

This Week In Security: Nvidia, Ransomware Retirement, And A TOCTOU Bug In Docker

Nvidia’s GeForce Experience (GFE) is the companion application for the Nvidia drivers, keeping said drivers up to date, as well as adding features around live streaming and media capture. The application runs as two parts, a GUI, and a system service, using an HTTP API to communicate. [David Yesland] from Rhino Security Labs decided to look into this API, searching for interesting, undocumented behavior, and shared the results on Sunday the 2nd.

The first interesting finding was that the service was written in Javascript and run using Node.js. Javascript is a scripting language, not a compiled language — the source code of the service was open for studying. This led to the revelation that API requests would be accepted from any origin, so long as the request included the proper security token. The application includes an update mechanism, which allows an authorized API call to execute an arbitrary system command. So long as the authentication token isn’t leaked to an attacker, this still isn’t a problem, right? Continue reading “This Week In Security: Nvidia, Ransomware Retirement, And A TOCTOU Bug In Docker”

Howto: Docker, Databases, And Dashboards To Deal With Your Data

So you just got something like an Arduino or Raspberry Pi kit with a few sensors. Setting up temperature or motion sensors is easy enough. But what are you going to do with all that data? It’s going to need storage, analysis, and summarization before it’s actually useful to anyone. You need a dashboard!

But even before displaying the data, you’re going to need to store it somewhere, and that means a database. You could just send all of your data off into the cloud and hope that the company that provides you the service has a good business model behind it, but frankly the track records of even the companies with the deepest pockets and best intentions don’t look so good. And you won’t learn anything useful by taking the easiest way out anyway.

Instead, let’s take the second-easiest way out. Here’s a short tutorial to get you up and running with a database backend on a Raspberry Pi and a slick dashboard on your laptop or cellphone. We’ll be using scripts and Docker to automate as many things as possible. Even so, along the way you’ll learn a little bit about Python and Docker, but more importantly you’ll have a system of your own for expansion, customization, or simply experimenting with at home. After all, if the “cloud” won’t let you play around with their database, how much fun can it be, really?

Continue reading “Howto: Docker, Databases, And Dashboards To Deal With Your Data”

Web Development: What’s Big In 2019?

I try to keep up with web development trends but it’s hard to keep pace since it’s such a fast evolving field. Barely a week goes by without the release of a new JS framework, elaborate build tool or testing suite — all of them touted as the one to learn. Sorting the hype from the genuinely useful is no mean feat, so my aim in this article is to summarise some of the most interesting happenings that web development saw in the last year, and what trends we expect to see more of in 2019.

A technology or framework doesn’t have to be brand new to be on our list here, it just needs to be growing rapidly or evolving in an interesting way. Let’s take a look!

Continue reading “Web Development: What’s Big In 2019?”