javascript

133 Articles

Tiny Programming Language In 25 Lines Of Code

January 22, 2018 by 9 Comments

There are certain kinds of programs that fascinate certain kinds of software hackers. Maybe you are into number crunching, chess programs, operating systems, or artificial intelligence. However, on any significant machine, most of the time those activities will require some sort of language. Sure, we all have some processor we can write hex code for in our head, but you really want at least an assembler if not something sturdier. Writing languages can be addictive, but jumping right into a big system like gcc and trying to make changes is daunting for anyone. If you want a gentle introduction, check out [mgechev’s] language that resides in 25 lines of Javascript.

The GitHub page bills it as a tiny compiler, although that is a bit misleading and even the README says it is a transpiler. Actually, the code reads a simple language, uses recursive descent parsing to build a tree, and then uses a “compiler” to convert the tree to JavaScript (which can then be executed, of course). It can also just interpret the tree and produce a numerical answer.

Continue reading “Tiny Programming Language In 25 Lines Of Code”

Lowering JavaScript Timer Resolution Thwarts Meltdown And Spectre

January 6, 2018 by 35 Comments

The computer security vulnerabilities Meltdown and Spectre can infer protected information based on subtle differences in hardware behavior. It takes less time to access data that has been cached versus data that needs to be retrieved from memory, and precisely measuring time difference is a critical part of these attacks.

Our web browsers present a huge potential surface for attack as JavaScript is ubiquitous on the modern web. Executing JavaScript code will definitely involve the processor cache and a high-resolution timer is accessible via browser performance API.

Web browsers can’t change processor cache behavior, but they could take away malicious code’s ability to exploit them. Browser makers are intentionally degrading time measurement capability in the API to make attacks more difficult. These changes are being rolled out for Google Chrome, Mozilla Firefox, Microsoft Edge and Internet Explorer. Apple has announced Safari updates in the near future that is likely to follow suit.

After these changes, the time stamp returned by performance.now will be less precise due to lower resolution. Some browsers are going a step further and degrade the accuracy by adding a random jitter. There will also be degradation or outright disabling of other features that can be used to infer data, such as SharedArrayBuffer.

These changes will have no impact for vast majority of users. The performance API are used by developers to debug sluggish code, the actual run speed is unaffected. Other features like SharedArrayBuffer are relatively new and their absence would go largely unnoticed. Unfortunately, web developers will have a harder time tracking down slow code under these changes.

Browser makers are calling this a temporary measure for now, but we won’t be surprised if they become permanent. It is a relatively simple change that blunts the immediate impact of Meltdown/Spectre and it would also mitigate yet-to-be-discovered timing attacks of the future. If browser makers offer a “debug mode” to restore high precision timers, developers could activate it just for their performance tuning work and everyone should be happy.

This is just one part of the shock wave Meltdown/Spectre has sent through the computer industry. We have broader coverage of the issue here.

Programmable Christmas Tree Is A JavaScript Interpreter

December 24, 2017 by 4 Comments

Here at Hackaday, we find Christmas time very exciting because it means an influx of holiday-themed hacks that really help us get into the festive mood. [Andrew’s] programmable Christmas tree hosted at HackMyXmas is certainly one of our favorites. The project consists of a 500 RGB LEDs wrapped around a typical Christmas tree and controlled by a Teensy.  However, not settling for the typical, simple and cyclical pattern for the LEDs, [Andrew] decided the tree had to be programmable of course! So, a single board computer (a C.H.I.P) running Linux was used to provide a Wifi connection and a web server to easily program the tree.

This is where things get very interesting. The C.H.I.P board hosts a comprehensive website that conveniently gives you the option to program the LEDs using either, Scratch like draggable blocks (using Googles Blockly) or even pure JavaScript. Once the perfect pattern is conceived, you can test run it on the online simulator or even send it off straight to the Tree, watching it blink in all its glory on the provided live stream.

We applaud [Andrew] mammoth effort for invoking programming in such a fun way! You can check out the live stream of [Andrew]’s Christmas tree below.

Continue reading “Programmable Christmas Tree Is A JavaScript Interpreter”

Arduino Saves Game Boy Camera

December 1, 2017 by 7 Comments

[Brian Khuu] bought a few Game Boy cameras on the Internet and found that they still had pictures on them from the previous owners. The memory in the camera has a backup battery and if that battery dies, the pictures are history, so he decided to mount a rescue operation.

He knew the protocol for how the Game Boy talked to the companion pocket printer was available, so he used an Arduino and a Web browser to extract the photos. The resulting code is on GitHub if you want to save your pictures. Although [Brian] didn’t have to crack the protocol, he does offer a good explanation of it. There’s even some sniffed displays. The Arduino does all the communications and fools the game into thinking it is the companion printer. However, it simply streams the data out and a Javascript decoder handles the actual decoding. In fact, in the blog post, you can enter data, click a button, and see the resulting Game Boy picture.

It works, but [Brian] did run into a few problems. For one thing, the devices don’t seem to use any flow control so he had no choice but to keep up with the Game Boy. Also, there is a CRC he could not correctly decode. However, the pictures look good — well, as good as Game Boy pictures look, at least. So he did get results.

We’ve seen this done with a PC before. If you are more interested in the reverse, by the way, you can use a real Game Boy printer to print from an Arduino.

Mechanical Build Lets You Jump Cacti In Real Life

November 26, 2017 by 11 Comments

Simple to learn, hard to master, a lifetime to kick the habit. This applies to a lot of computer games, but the T-rex Runner game for Chrome and its various online versions are particularly insidious. So much so that the game drove one couple to build a real-world version of the digital game.

For those not familiar with the game, it’s a simple side-scroller where the goal is to jump and duck a running dinosaur over and under obstacles — think Flappy Birds, but faster paced. When deciding on a weekend hackathon project, [Uri] thought a real-life version of the game would be a natural fit, since he was already a fan of the digital version. With his girlfriend [Ariella] on the team, [Uri] was able to come up with a minimally playable version of the game, with a stepper motor providing the dino jumps and a simple straight conveyor moving the obstacles. People enjoyed it enough that version 2.0 was planned for the Chrome Developer Summit. This version was much more playable, with an oval track for the obstacles and better scorekeeping. [Uri] and [Ariella] had to expand their skills to complete the build — PCB design, E-Paper displays, laser cutting, and even metal casting were all required. The video below shows the final version — but where are the pterosaurs to duck?

Real-world jumping dinos aren’t the first physical manifestation of a digital game. As in the cyber world, Pong was first — either as an arcade version or a supersized outdoor game.

Continue reading “Mechanical Build Lets You Jump Cacti In Real Life”

NodeConf EU Hackable Badge

November 15, 2017 by 4 Comments

During conferences, a name-tag is one of the first things people look at when bumping in to others – mentally trying to keep track of faces and names. But gone are the days when your name tag was a post-it stuck on your arm. Over the years, conference badges have become increasingly interesting and complex. Hackable electronic badges are becoming the norm, and not just at hardware cons. For the recently concluded NodeConfEU conference in Ireland, [Gordon Williams], of Espruino fame, designed a JavaScript centric hackable badge.

NodeConf EU is the key Node.js event in Europe, providing a forum for the Node.js community. So when they brain-stormed ideas for a conference badge, they obviously gravitated towards a design that could run JS. [Gordon]’s Puck.js fit the requirements perfectly, and he was tasked with creating a new design based on the Puck.js. The feature list included BlueTooth Low Energy, low power consumption so it could run off a CR2032 battery, a high contrast LCD, some buttons, NFC, and a prototyping area – all packaged in a beautiful hexagonal shaped PCB (obviously) to resemble the Node.js logo. The badges were programmed with attendee names, but the fun, juicy part could be accessed by pressing buttons in the Konami code sequence.

Easy to follow, detailed documentation helped hackers quickly get started with code examples. They were also presented several challenges to work through allowing them to get familiar with the badge. Hacked badges were entered for a Grand Challenge with a chance to win a free ticket to next years conference. The badge hardware and firmware are open source and source files are hosted in a Github repository. Check out a short overview of the badge in the video after the break.

Thanks to [Conor] from nearForm for letting us know about this awesome badge.

Continue reading “NodeConf EU Hackable Badge”

Have Some Candy While I Steal Your Cycles

September 27, 2017 by 46 Comments

Distributed computing is an excellent idea. We have a huge network of computers, many of them always on, why not take advantage of that when the user isn’t? The application that probably comes to mind is Folding@home, which lets you donate your unused computer time to help crunch the numbers for disease research. Everyone wins!

But what if your CPU cycles are being used for profit without your knowledge? Over the weekend this turned out to be the case with Showtime on-demand sites which mined Monero coins while the users was pacified by video playback. The video is a sweet treat while the cost of your electric bill is nudged up ever so slightly.

It’s an interesting hack as even if the user notices the CPU maxing out they’ll likely dismiss it as the horsepower necessary to decode the HD video stream. In this case, both Showtime and the web analytics company whose Javascript contained the mining software denied responsibility. But earlier this month Pirate Bay was found to be voluntarily testing out in-browser mining as a way to make up for dwindling ad revenue.

This is a clever tactic, but comes perilously close to being malicious when done without the user’s permission or knowledge. We wonder if those ubiquitous warnings about cookie usage will at times include notifications about currency mining on the side? Have you seen or tried out any of this Javascript mining? Let us know in the comments below.