Arduino And Git: Two Views

You can’t do much development without running into Git, the version control management system. Part of that is because so much code lives on GitHub which uses Git, although you don’t need to know anything about that if all you want to do is download code. [Dr. Torq] has a good primer on using Git with the Arduino IDE, if you need to get your toes wet.

You might think if you develop by yourself you don’t need something like Git. However, using a version control system is a great convenience, especially if you use it correctly. There’s a bug out in the field? What version of the firmware? You can immediately get a copy of the source code at that point in time using Git. A feature is broken? It is very easy to see exactly what changed. So even if you don’t work in a team, there are advantages to having source code under control.

Continue reading “Arduino And Git: Two Views”

Get GitHub Tickets IRL With A Raspberry Pi And A Receipt Printer

Thermal receipt printers are finding their way into all sorts of projects that are well beyond the point-of-sale environment that they normally inhabit. And while we applaud all the creative and artistic uses hackers have found for these little gems, this GitHub physical ticket printer has to be the best use for one yet.

According to [Andrew Schmelyun], seeing a fast-food order pop up on a thermal printer was the inspiration for this build. Maintaining over one hundred GitHub repos as he does, it’s easy for the details of any one bug report or feature request to get lost in the swarm of sticky notes that [Andrew] previously used to keep track of his work. To make it happen, he teamed an Epson thermal printer up to a Raspberry Pi Zero W and worked out the details of sending data to the printer using PHP. Luckily, there’s a library for that — the beauty of GitHub.

With the “Hello, World!” bit out of the way, [Andrew] turned his attention to connecting to GitHub. He set up some webhooks on the GitHub side to send a POST request every time an issue is reported on one of his repos. The POSTs are sent via ngrok to a PHP web server running on the Pi, which formats the data and sends the text to the printer. There’s a short video in the tweet below.

Between the sound of the printer working and the actual dead-tree ticket, it’ll be hard for [Andrew] to miss issues now. We’ve seen thermal printers stuffed into cameras, used to send pictures to Grannie, and even watched them commit suicide slowly, but we say hats off to [Andrew] for his solid work ethic and a fun new way to put a receipt printer to use.

Continue reading “Get GitHub Tickets IRL With A Raspberry Pi And A Receipt Printer”

screenshow showing the supposed AllSpice interface. It resembles the GitHub interface, and shows a pull request open to add some ESD protection to a device.

AllSpice Building A Hardware Development Ecosystem For Companies

In our “hardware development gets serious” news, we’ve recently learned about AllSpice, a startup building hardware development collaboration infrastructure for companies. Hardware developers are great at building hardware tools for themselves, but perhaps not always so when it comes to software, and AllSpice aims to fill that gap at the “hardware company” level. Nowadays, what commonly happens is that software development tools and integrations are repurposed for hardware needs, and the results aren’t always as stellar as they get in the software world. In other words, AllSpice is learning from the positive outcomes of software industry and building a platform that takes the best parts from these tools, aiming to get to similarly positive outcomes in areas where currently hardware team experiences are lacking.

What AllSpice is building seems to be an umbrella platform designed to augment, integrate and hook into a slew of different already-developed platforms like GitHub, GitLab, Jira (and some other ones), and add much-needed features that large-scale hardware developers can’t afford to maintain and develop themselves. “Design review by screenshot” isn’t unheard of in hardware circles, and likely a thing that everyone of us with hardware collaboration experience has partaken in. On a company scale, there’s a myriad of hardware-related problems like that to solve and polish over.

Continue reading “AllSpice Building A Hardware Development Ecosystem For Companies”

iPodRPi by production

IPod Mod Puts Pi Zero In New Bod

We sure love to see nicely designed products get a new lease on life. Just as the new Raspberry Pi Zero 2 was being announced, [production] was stuffing an original RPi Zero into an old iPod’s case.

[production] cites several previous, similar projects that showed how to interface with the click-wheel, a perfectly fitting color display from Waveshare, and open-source software called Rockbox to run on the pi. We all stand on the shoulders of giants.

iPodRPi by production interior wiring

Some nice innovations to look for are the Pi Zero’s micro-SD card and a micro-USB charging port aligned to the large slot left from the iPod’s original 40 pin connector. Having access for charging and reflashing the card without opening the case seems quite handy. There’s a nice sized battery too, though we wonder if a smaller battery and a Qi charger could fit in the same space. Check the project’s for the parts list, and GitHub for the software side of things, and all the reference links you’ll need to build your own. It looks like [production] has plans to turn old iPods into Gameboy clones, you may want to check back for progress on that.

If you just want to rock like it’s 2004, there are options to just upgrade the battery and capacity but keep your vintage iPod too.

Continue reading “IPod Mod Puts Pi Zero In New Bod”

ua-parser-js compromised

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised

Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter?

In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.

For better or worse, repositories of code are now available to do even the smallest of functions so that a developer doesn’t have to write the function from scratch. One such registry is npm (Node Package Manager), who organize a collection of contributed libraries written in JavaScript. One only need to use npm to include a library in their code, and all of the functions of that code are available to the developer. One such example is ua-parser-js which is a User Agent Parser written in JavaScript. This library makes it easy for developers to find out the type of device and software being used to access a web page.

On October 22 2021, the developer of ua-parser-js found that attackers had uploaded a version of his software that contained malware for both Linux and Windows computers. The malicious versions were found to steal data (including passwords and Chrome cookies, perhaps much more) from computers or run a crypto-currency miner. This prompted GitHub to issue a Critical Severity Security Advisory.

What makes this compromise so dangerous is that ua-parser-js is considered to be part of a supply chain, and has been adopted even by Facebook for use in some of its customer facing software. The developer of ua-parser-js has already secured his GitHub account and uploaded new versions of the package that are clean. If you have any software that uses this library, make sure you’ve got the latest version!

Of course this is by no means a unique occurrence. Last month Maya Posch dug into growing issues that come from some flaws of trust in package management systems. The art for that article is a house of cards, an apt metaphor for a system that is only as stable as the security of each and every package being built upon.

Python Provides Classic Basic

Back in the late 1970s and early 1980s when you turned on a PC, more often than not, you’d get a Basic prompt. Most people would then load a game from a tape, but if you were inclined to program you could just start writing. [Richpl] wanted that same experience and thus PyBasic was born. Along with some other Github contributors, the system has grown quite a bit and would be a good start at porting classic games or creating a replica vintage computer.

The interpreter lacks specialized hardware-specific features such as sound and graphics, of course, but then again, you could add them. It does have file I/O and also includes some interesting features like an analog of C’s ternary operator.

Continue reading “Python Provides Classic Basic”

GitHub Copilot And The Unfulfilled Promises Of An Artificial Intelligence Future

In late June of 2021, GitHub launched a ‘technical preview’ of what they termed GitHub Copilot, described as an ‘AI pair programmer which helps you write better code’. Quite predictably, responses to this announcement varied from glee at the glorious arrival of our code-generating AI overlords, to dismay and predictions of doom and gloom as before long companies would be firing software developers en-masse.

As is usually the case with such controversial topics, neither of these extremes are even remotely close to the truth. In fact, the OpenAI Codex machine learning model which underlies GitHub’s Copilot is derived from OpenAI’s GPT-3 natural language model,  and features many of the same stumbles and gaffes which GTP-3 has. So if Codex and with it Copilot isn’t everything it’s cracked up to be, what is the big deal, and why show it at all?

Continue reading “GitHub Copilot And The Unfulfilled Promises Of An Artificial Intelligence Future”