BLUEBRIM: RGB lights on a hat with bonus bluetooth

I recently needed to look swanky for a 1920s themed Holiday/Christmas party and I asked myself: What’s the swankiest?

gif of me thinking then light going off

Of course! RGD LEDs on a hat! Controlled by Bluetooth! I shall call it… Project BLUE BRIM (because code names are awesome)

Hardware

A trip to the second hand store and a pair of sciscorrs to remove an unwanted bow later, I had myself a pin stripe hat like this:

My hat before I started

next I had to acquire the rest of my materials as follows:

Assembly is relatively straightforward. The circuit diagram looks like this:

Hand-drawn bespoke circuit diagram

Basically, the Bluetooth module is connected to the serial pins on the Flora. Next, the Neopixel strip connected by attaching D6 to DIN, and VBATT to VIN (and GND to GND)

All soldered together it looks like this

Inside of the hat

I attached the LEDs to the hat by cutting a small whole with a sharp knife at the back of the hat large enough to fit the connectors. I then used the adhesive backing on the strip to attach it to the hat, and it seems to be holding well. On the top of the hat, I folded a few small strips of Gorilla tape in on itself and stuck those on the back of the flora and the ble module. Finally, I slipped the battery into the small inner brim, and taped it to the back side of the hat. When put together like this, it was actually really comfortable to wear. It’s a bit off balance, so I wouldn’t recommend trying any hat tricks.

Software

Writing the software for the hat was actually my favourite part. Step 1 was getting the bluetooth stuff wired up. Just like my last project I tried to write my own bluetooth socket reading from scratch but it was a bit too hacky for my liking. Instead, I used the packet parser that adafruit provides, but I made sure to study the source closely to try and pick up some tricks for next time. Basically, it looks like using a few nested loops and a timeout is the way to go.

The next bit was my favourite favourite part: MAKING PRETTY LIGHT PATTERNS!

Since I was going to use the Adafruit Bluefruit LE Connect App and they have a neat control pad with 8 buttons, I figured I would need 8 patterns. Because there were 2 sections, I decided that 4 patterns would be multi colour, and 4 patterns would use the current colour chosen with the colour picker part of the app.

The 4 multicolour patterns are:

SPARKLE which has a single randomly coloured pixel. It looks like this:

CYCLE which fades through 256 colours, with the whole strip lit with one colour at a time.

RAINBOW which has a continuously changing section of rainbow, where each pixel is a different colour

PARTY where each pixel is a random colour

The 4 single colour patterns are:

CYLON (or KITT depending on how old you are) has one pixel sliding back and forth across the front of the hat

SOLID it’s a solid colour. What more do you want?

PULSE slowly changes the brightness from nothing, to full brightness, back down to nothing again

TWIST has a single pixel spinning around and around (and around (and around))

You can see my source code in it’s entireity on my BlueBrim repo on Github, which uses some fancy multi file arduino to make it a bit easier to read. I hope you learned something reading this, as a thank you here is a picture of my dog wearing the miniature version of this

ada wearing a pretty hat

Makerfaire Ottawa: Rule 110

Wooohoo! I can now officially cross something off my bucket list:

  • run marathon
  • present project at Makerfaire
  • world domination?

So, what was my project? Here’s a pic of it

my project set up at makerfaire

What do you mean you don’t know what is from that?

WELL.

What I built was basically part art, part math and part eletronics. I hooked up an RGB LED Matrix (specifically this one from adafruit) to an Arduino Mega along with 32 switches. (Note to future self: don’t ever try and wire up 32 switches.) These switches provided the starting row for generating a pattern on the led matrix based on rule 110: a 1 dimensional cellular automaton that generates a pattern like this:

rule 110 pattern (from @rule110_bot)

but on an RGB LED Matrix, so it looks more like

RGB panel product shot

Why??

This all started out when I came across this fabulous kickstarter: KnitYak: Custom mathematical knit scarves by fbz, which was for rule 110 scarfs. I was immediatly struck by how beautiful the pattern was, and intriguied by the fact that it was being generated algorithmically. After reading several wikipedia articles, my interest in the pattern had only grown further. I ended up writing a ruby implementation of rule 110 that could output patterns to your terminal, and then to pngs, and then finally to twitter.

But it was hard to mess around with the starting row and explore the patterns that got generated. I wanted something you could interact with, so when I saw that the Ottawa Makerfaire was looking for projects I figured it would be a perfect oppurtunity to force myself to build something and to have something interactive for attendees to play with.

Hardware

me being creepy

my rats nest of a project

Here’s what inside:

  • Arduino Mega
  • 64x32 RGB LED matrix
  • Shift Registers (SN74HC165N) x 6
  • Rocker switches x 32
  • 8 position rotary switches x 2
  • 10K resistors x (lots)

The arduino mega is the brains of this particular operations. I needed to use it over an uno because of the higher clock speed. Turns out you need a fair bit of horse power to drive 2048 RGB LEDs. Who would have thunk?

RGB LED Matrix

How do you actually drive 2048 LEDs?

Basically, you can’t have all those LEDs on at the same time (because power draw), so the LED matrix only turns 2 (out of 32) rows on at a time. In order to select which row you want to light up, you use the 4 address select pins to select one of 16 pairs of rows.

Once you have a row selected, you need to fill it with colour. You can set the colour of 2 pixels at a time using 2 sets of Red, Green and Blue pins. When your desired colours are chosen you “shift” in the data, using the clock pin. This way you can fill an entire row of pixels by setting the colour, then clocking in order to set the next pixel. Finally, you toggle the latch pin, which shows the entire row of pixels. If you do this FAST enough (like 200Hz aka 1 row every 5ms), the display looks to be continuously on to us puny humans.

I tried to write my own driver for the display in C for the Propeller, but I had some serious flickering issues that I wasn’t able to fix… Given that I didn’t want to give everyone at makerfaire a headache / induce seizures I chose to use this library from Adafruit. It’s a very interesting read because they do some neat things like unrolling loops and using Binary Coded Modulation (like PWM) in order to give a greater color depth than the 3 bit color you start with.

Shift Registers

shift registers in situe

I ended up using 6 shift register for input in this project. Why? Well it means that I could use 4 pins to read 32 switches (aka 32 bits of data) all in one go. That feat is accomplished with 4 shift register daisy chained together. Each input pin on each of the shift registers has a pull down resistor in order to deal with electrical gremlins, and also to make my assembly time much much longer.

I also used 2 shift registers to read the state of the two knobs I have for selecting colours. Those knobs have 8 pins to indicate which position the knob is in currently.

Software

My code can be found below:

#include <Adafruit_GFX.h>   // Core graphics library
#include <RGBmatrixPanel.h> // Hardware-specific library

#define OE   9
#define LAT 10
#define CLK 11
#define A   A0
#define B   A1
#define C   A2
#define D   A3

RGBmatrixPanel matrix(A, B, C, D, CLK, LAT, OE, false, 64);

const int data_pin = 6; //  SER_OUT (serial data out)
const int shld_pin = 5; // SH/!LD (shift or active low load)
const int clk_pin = 3; //  CLK (the clock that times the shifting)
const int ce_pin = 4; //  !CE (clock enable, active low)

const int data_pin_2 = 48;
const int ce_pin_2 = 46;
const int shld_pin_2 = 47;
const int clk_pin_2 = 49;

byte incoming1;
byte incoming2;
byte incoming3;
byte incoming4;

byte colour1;
byte colour2;


//int start[] = { 0, 1, 0, 0, 1, 0, 1, 0,
//                0, 0, 1, 0, 1, 1, 0, 1,
//                1, 1, 1, 0, 0, 1, 1, 1,
//                0, 1, 0, 1, 1, 0, 0, 1
//              };
int start[32] = {0};

int* row1;
int* row2;

int x = 0;
int y = 0;

void setup() {

  //shift registers for buttons
  Serial.begin(9600);

  // Initialize each digital pin to either output or input
  // We are commanding the shift register with each pin with the exception of the serial
  // data we get back on the data_pin line.
  pinMode(shld_pin, OUTPUT);
  pinMode(ce_pin, OUTPUT);
  pinMode(clk_pin, OUTPUT);
  pinMode(data_pin, INPUT);
  pinMode(shld_pin_2, OUTPUT);
  pinMode(ce_pin_2, OUTPUT);
  pinMode(clk_pin_2, OUTPUT);
  pinMode(data_pin_2, INPUT);

  // Required initial states of these two pins according to the datasheet timing diagram
  digitalWrite(clk_pin, HIGH);
  digitalWrite(shld_pin, HIGH);
  digitalWrite(clk_pin_2, HIGH);
  digitalWrite(shld_pin_2, HIGH);

  read_shift_regs();
  read_color_shift_regs();
  Serial.println("colours: ");
  print_byte(colour1);
  print_byte(colour2);
  Serial.println(transform(colour1));
  Serial.println(transform(colour2));
  fill_starting_row();

  //matrix
  matrix.begin();
  matrix.fillScreen(0);
  row1 = start;
  displayRow(row1);
  row2 = (int*) malloc(sizeof(int) * 32);
}

int i = 0;
int j = 0;
void loop() {

  for (x = 0; x < 64; x++) {
    int* row;
    if (x % 2) {
      apply_rule(row2, row1);
      row = row2;
    } else {
      apply_rule(row1, row2);
      row = row1;
    }
    //    j = (j + 1) % 24;
    //    Serial.print(x);
    //    Serial.print(":  ");
    //    displayRow(row);
    //    Serial.print("row1 ");
    //    displayRow(row1);
    //    Serial.print("row2 ");
    //    displayRow(row2);
    for (y = 0; y < 32; y++) {
      if (row[y]) {
        matrix.drawPixel(x, y, transform(colour1));
      } else {
        matrix.drawPixel(x, y, transform(colour2));
      }

    }
    delay(100);
  }
  for (;;);
}

void apply_rule(int a[32], int b[32]) {
  for (int i = 0; i < 32; i++) {
    if (i == 0 || i == 31) {
      b[i] = a[i] & 1;
    } else {
      if ( (a[i - 1] && a[i] && !a[i + 1]) ||
           (a[i - 1] && !a[i] && a[i + 1]) ||
           (!a[i - 1] && a[i] && a[i + 1]) ||
           (!a[i - 1] && a[i] && !a[i + 1]) ||
           (!a[i - 1] && !a[i] && a[i + 1])
         ) {
        b[i] = 1;
      } else {
        b[i] = 0;
      }
    }

  }
  //  return b;
}


// Input a value 0 to 24 to get a color value.
// The colours are a transition r - g - b - back to r.
uint16_t Wheel(byte WheelPos) {
  if (WheelPos < 8) {
    return matrix.Color333(7 - WheelPos, WheelPos, 0);
  } else if (WheelPos < 16) {
    WheelPos -= 8;
    return matrix.Color333(0, 7 - WheelPos, WheelPos);
  } else {
    WheelPos -= 16;
    return matrix.Color333(0, WheelPos, 7 - WheelPos);
  }
}

byte read_shift_regs()
{
  byte the_shifted = 0;  // An 8 bit number to carry each bit value of A-H

  // Trigger loading the state of the A-H data lines into the shift register
  digitalWrite(shld_pin, LOW);
  delayMicroseconds(5); // Requires a delay here according to the datasheet timing diagram
  digitalWrite(shld_pin, HIGH);
  delayMicroseconds(5);

  // Required initial states of these two pins according to the datasheet timing diagram
  pinMode(clk_pin, OUTPUT);
  pinMode(data_pin, INPUT);
  digitalWrite(clk_pin, HIGH);
  digitalWrite(ce_pin, LOW); // Enable the clock

  // Get the A-H values
  //the_shifted = shiftIn(data_pin, clk_pin, MSBFIRST);
  incoming1 = shiftIn(data_pin, clk_pin, MSBFIRST);
  incoming2 = shiftIn(data_pin, clk_pin, MSBFIRST);
  incoming3 = shiftIn(data_pin, clk_pin, MSBFIRST);
  incoming4 = shiftIn(data_pin, clk_pin, MSBFIRST);
  digitalWrite(ce_pin, HIGH); // Disable the clock

  return the_shifted;

}

byte read_color_shift_regs()
{
  byte the_shifted = 0;  // An 8 bit number to carry each bit value of A-H

  // Trigger loading the state of the A-H data lines into the shift register
  digitalWrite(shld_pin_2, LOW);
  delayMicroseconds(5); // Requires a delay here according to the datasheet timing diagram
  digitalWrite(shld_pin_2, HIGH);
  delayMicroseconds(5);

  // Required initial states of these two pins according to the datasheet timing diagram
  pinMode(clk_pin_2, OUTPUT);
  pinMode(data_pin_2, INPUT);
  digitalWrite(clk_pin_2, HIGH);
  digitalWrite(ce_pin_2, LOW); // Enable the clock

  // Get the A-H values
  //the_shifted = shiftIn(data_pin, clk_pin, MSBFIRST);
  colour1 = shiftIn(data_pin_2, clk_pin_2, MSBFIRST);
  colour2 = shiftIn(data_pin_2, clk_pin_2, MSBFIRST);
  digitalWrite(ce_pin_2, HIGH); // Disable the clock

  return the_shifted;

}

// A function that prints all the 1's and 0's of a byte, so 8 bits +or- 2
void print_byte(byte val)
{
  byte i;
  for (byte i = 0; i <= 7; i++)
  {
    Serial.print(val >> i & 1, BIN); // Magic bit shift, if you care look up the <<, >>, and & operators
  }
  Serial.print("\n"); // Go to the next line, do not collect $200
}

void fill_starting_row() {
  int i = 0;
  byte data;
  for (i = 0; i < 8; i++) {
    data = incoming1 >> i & 1;
    thang(i, data);
    start[i] = data;
  }
  for (i = 8; i < 16; i++) {
    data = incoming2 >> (i - 8) & 1;
    thang(i, data);
    start[i] = data;
  }
  for (i = 16; i < 24; i++) {
    data = !(incoming3 >> (i - 16) & 1);
    thang(i, data);
    start[i] = data;
  }
  for (i = 24; i < 32; i++) {
    data = !(incoming4 >> (i - 24) & 1);
    thang(i, data);
    start[i] = data;
  }
  Serial.print("\n");
}

void thang(int i, byte thing) {
  //  Serial.print(i);
  //  Serial.print(" : ");
  Serial.print(thing, BIN);
  Serial.print(" ");
}

void displayRow(int b[32]) {
  for (int a = 0; a < 32; a++) {
    thang(a, b[a]);
  }
  Serial.print("\n");
}

uint16_t transform(byte input) {
  //    return matrix.Color333(7 - WheelPos, WheelPos, 0);
  switch (input) {
    case 1:
      return Wheel(0);
    case 2:
      return Wheel(3);
    case 4:
      return Wheel(6);
    case 8:
      return Wheel(9);
    case 16:
      return Wheel(12);
    case 32:
      return Wheel(15);
    case 64:
      return Wheel(18);
    case 128:
      return Wheel(21);
    default:
      return Wheel(24);
  }
}

It’s pretty bad because I wrote it the night before (as is my tradition for any large project)

Writing this was a fun excersise to see how well I understand arrays / pointers in C. It turns out I still don’t grok them, but with sufficient sacrifices to Malloc (all praise to It), I managed to get things working.

Math

So, what the heck is the pattern I’m using anyway?

Basically, each pixel/cell (I’m going to call them cells from now on), except for the first row of dots, is set to one of two colors based on the 3 cells above it according to the following table:

               
111 110 101 100 011 010 001 000
0 1 1 0 1 1 1 0

Where 1 is an “alive” cell and 0 is a “dead” cell. The name comes from the fact that writing out 01101110 in decimal is 110, and there are other rules like rule 30 and rule 184.

If our alive colour was red, and our dead colour was blue, then a cell who had a red pixel up and to the left, another red pixel directly above, and a blue pixel above and to the right, then it would be alive and thus red. In my project colours of the alive and dead cells are set using the 2 knobs.

Mind blowing fact: Rule 110 is TURING COMPLETE

tatooed man holding hedgehog (number 1 result on google image search for turing complete, filtered by gifs)

For those of you with minds still unblown, I am going to assume it’s because you aren’t familiar with turing completeness yet. Basically, if a problem or program can be computed it can be run on a machine that is turing complete. That means if I had enough time (and enough will) I would program a pattern into a rule 110 system that couple compute prime numbers, or play minecraft.

Reactions

There were so many different reactions to my project. Kids were immediately interested in playing with the buttons and the knobs. Adults I had to cajole and encourage, which I think is a bit sad. If this massive bank of switches wasn’t supposed to be touched, don’t you think I would have indicated that some way?

I could also tell immediately the people that wanted to figure out the pattern. The first thing they would do after reseting the display for the first time, was to change a few switches and see what changed. Then they would set all the switches to one position (up or down) and try that. Then they would change just one switch. The entire project was worth it for the looks on people’s faces when they learned something new, either than confirmed some expectation, or suprised them

Conclusions

All in all, it was totally a good idea for me to apply to makerfaire. This is one of the largest electronics projects I’ve yet completed, and I doubt I would have done it without the thought of an empty table. I guess I should start thinking about next year…

Chameleon Scarf

This weekend Danielle and I have been working on building a scarf with LEDs in it that will match whatever colour you place against it. That’s right, it’s a CHAMELON SCARF. Here are the steps

Step 0: GET INSPIRED!

I was stumbling through the Adafruit Learning Site and I found this:

ZOMG! It’s so cool! BONUS: I had all the parts just lying around at home…

Step 1: Gather materials

You will need the following:

  • Adafruit Flora
  • Sewable Neopixels
  • Steel thread
  • Conductive Fabric
  • Adafruit Color Sensor (TCS34725)
  • Clear nail polish
  • Fabric for a scarf

You can get most of this in a single pack from Adafruit here: https://www.adafruit.com/products/1458

Step 2: Get Sewing

Here’s the basic circuit diagram

We decided to go with more of a banada style scarf versus a proper loop.

The data lines for the neo pixels are actually strips of conductive fabric, rather than steel thread.

Step 3: Solder!

I really liked the idea of using fabric snaps as shown here: https://learn.adafruit.com/flora-snaps/overview

It’s actually pretty easy to solder, although the first few times I had too much solder on the snap and they didn’t fit well I even put some solder on the other half of the snaps to I could easily add and remove the colour sensor

Step 4: Debug

Check ALL the wires.

Do it again.

Step 5: Code

#include <Wire.h>
#include "Adafruit_TCS34725.h"
#include <Adafruit_NeoPixel.h>

// Parameter 1 = number of pixels in strip
// Parameter 2 = pin number (most are valid)
// Parameter 3 = pixel type flags, add together as needed:
//   NEO_RGB     Pixels are wired for RGB bitstream
//   NEO_GRB     Pixels are wired for GRB bitstream
//   NEO_KHZ400  400 KHz bitstream (e.g. FLORA pixels)
//   NEO_KHZ800  800 KHz bitstream (e.g. High Density LED strip)

Adafruit_NeoPixel strip = Adafruit_NeoPixel(5, 10, NEO_GRB + NEO_KHZ800);

Adafruit_NeoPixel onboard = Adafruit_NeoPixel(1, 8, NEO_RGB + NEO_KHZ400);


// our RGB -> eye-recognized gamma color
byte gammatable[256];


Adafruit_TCS34725 tcs = Adafruit_TCS34725(TCS34725_INTEGRATIONTIME_50MS, TCS34725_GAIN_4X);

void setup() {
  Serial.begin(9600);
  Serial.println("Color View Test!");

  strip.begin();
  strip.show(); // Initialize all pixels to 'off'
  onboard.begin();
  onboard.show();

  if (tcs.begin()) {
    Serial.println("Found sensor");
  } else {
    Serial.println("No TCS34725 found ... check your connections");
    while (1) {
      // halt!
      error();
    }
  }


  // thanks PhilB for this gamma table!
  // it helps convert RGB colors to what humans see
  for (int i = 0; i < 256; i++) {
    float x = i;
    x /= 255;
    x = pow(x, 2.5);
    x *= 255;

    gammatable[i] = x;
    //Serial.println(gammatable[i]);
  }

  for (int i = 0; i < 3; i++) { //this sequence flashes the first pixel three times as a countdown to the color reading.
    strip.setPixelColor (0, strip.Color(188, 188, 188)); //white, but dimmer-- 255 for all three values makes it blinding!
    strip.show();
    delay(1000);
    strip.setPixelColor (0, strip.Color(0, 0, 0));
    strip.show();
    delay(500);
  }

  uint16_t clear, red, green, blue;

  tcs.setInterrupt(false);      // turn on LED

  delay(60);  // takes 50ms to read

  tcs.getRawData(&red, &green, &blue, &clear);

  tcs.setInterrupt(true);  // turn off LED

  Serial.print("C:\t"); Serial.print(clear);
  Serial.print("\tR:\t"); Serial.print(red);
  Serial.print("\tG:\t"); Serial.print(green);
  Serial.print("\tB:\t"); Serial.print(blue);

  // Figure out some basic hex code for visualization
  uint32_t sum = red;
  sum += green;
  sum += blue;
  sum += clear;
  float r, g, b;
  r = red; r /= sum;
  g = green; g /= sum;
  b = blue; b /= sum;
  r *= 256; g *= 256; b *= 256;
  Serial.print("\t");
  Serial.print((int)r, HEX); Serial.print((int)g, HEX); Serial.print((int)b, HEX);
  Serial.println();

  Serial.print((int)r ); Serial.print(" "); Serial.print((int)g); Serial.print(" ");  Serial.println((int)b );
  colorWipe(strip.Color(gammatable[(int)r], gammatable[(int)g], gammatable[(int)b]), 0);
}

// Fill the dots one after the other with a color
void colorWipe(uint32_t c, uint8_t wait) {
  for (uint16_t i = 0; i < strip.numPixels(); i++) {
    strip.setPixelColor(i, c);
    strip.show();
    delay(wait);
  }
}

void loop() {

  //loop is empty because it only takes the color reading once on power up! Turn the scarf off and on again to change the color.

}

void error() {

  Serial.println(" :(");
  onboard.setPixelColor(0, strip.Color(80, 0, 0));
  onboard.show();
  delay(500);
  onboard.setPixelColor(0, 0);
  onboard.show();
  delay(500);
}

making PCB (not PCP)

So I got something REALLY COOL this week in a purple envelope. That’s right I got 3 PCBs that I designed myself from Oshpark

Aww yiss!

Now of course, it’s actually a really simple board that I could have done without, but the point was mostly to learn how to use Eagle, and a PCB manufacturing service like OSH park.

WTF is OSH park you ask? It’s a PCB manufacturing service that caters to small runs. They get away with this by collecting submissions from lots of people and then putting all of them together on one big panel. It’s also pretty cheap, my boards only cost my 5$. Also note the sweet purple colour (that’s called the solder mask)

The software I chose to use was Eagle, which has a free to use (not a Free as in open source though) version available. The pro version costs many dollars, and the free version has some limitations, but I haven’t run into any of them. I considered using the open source Kicad, but I found some better tutorials for Eagle (more on that later) and my local makerspace has quite a few advanced Eagle users.

I have to give most of the credit for my amazing board design to Sparkfun because it was their tutorials which taught me everything I know (not that much tbh). They have a large number of random tutorials with the eagle tag, and I followed three in particular:

  1. How to setup and install eagle: more than just set up, it also does a good job giving an overview of some of the pieces of eagle
  2. Using Eagle: Schematic: teaches you how to make a schematic
  3. Using Eagle: Board Layout: this one teaches you how to turn a schematic into a board layout

At the end of them, you’ll have a very basic arduino board all laid out and (almost) ready to ship to OSH park.

The tl;dr of those tutorials is this: Eagle is designed around 2 “views” schematic and layout. First you create a schematic which shows which parts your project uses and how they connect. Next you create a layout where you must place all your components and wires on the actual pcb.

The final step is sending the board off to the “fab”. They seem to expect to receive everything as “gerber” files, which are basically instructions as to what should be done for each “layer” of the pcb. The sparkfun tutorial I walked through covered this a bit, but when I went to upload to OSH park I was missing certain pieces. Thankfully OSH park can handle a eagle layout files automatically.

My first board is called ESPOWER eagle source files on github and it’s really really (really) simple.

It contains:

  • a barrel jack for power on the left
  • a 4x2 set of standard 0.100” headers (like those found on an arduino) to connect to an ESP8266
  • a 4x1 set of headers for connecting to the ESP8266 over serial

That’s all. My only goal is to be able to power an ESP8266 (this 3$ wifi enabled micro controlled) from a standard wallwart for a top secret project I am working on. I don’t actually know if I’ve succeeded in making a functioning board yet… I am still waiting on the parts to populate the board to arrive, but I’ve certainly learned a bunch in the process.

Blueboxer: phone phreaking for phun

I’ve recently becoming super interested in Blue boxes. No, I don’t mean Tardises (Tardii? Tardeese?) I mean one of the primary tools of Phone Phreaks during the 70s, 80s and early 90s. Apparently they became quiet popular after an article in Esquire in 1971.

Blue boxes worked because the telephone companies made a huge mistake and used in-band control signals. That is to say, all the messages that accounting or routing offices used to talk to one and other were transmitted in the same band (and in the same way) as people’s voices. This meant that people could trick telephone equipment by pretending to be other phone equipment. Most famously, you could play a tone at 2600Hz and trick the receiving end of a phone call into thinking you had hung up without actually hanging up. This left the caller able to make new calls, while the billing system thought the original call was still going on. If you called a 1-800 (or some other toll free number) that meant you could talk for free!

These days signaling of this sort happens out of band, so the study and use of blue boxes these days is mostly academic / nostalgic. Although, I did recently find Project MF which is a VOIP recreation of the old phone networks. If only I had a blue box…

Which brings me to the main point of this blog post. I’ve started building a software blue box for android. I think it might be broken right no, but it’s been an interesting excuse to learn RxJava and to have an excuse to learn exactly how blueboxes worked.

It turns out that the tones you need to mess with the system are called Operator Dialed Multi Frequency (MF) Tones, or just MF tones. As you might guess, they are made up of multiple frequencies, specificially 2 tones that are either 700Hz, 900Hz, 1100Hz, 1300Hz, 1500Hz or 1700Hz. Here’s a table (from wikipedia that breaks down the combinations)

Operator (blue box) dialed MF tones
Code 700 Hz 900 Hz 1100 Hz 1300 Hz 1500 Hz 1700 Hz
1 X X
2 X X
3 X X
4 X X
5 X X
6 X X
7 X X
8 X X
9 X X
0/10 X X
11/ST3 X X
12/ST2 X X
KP X X
KP2 X X
ST X X

I was unable to find a set of tones for this anywhere on the web, so I whipped up my own using Audacity. Here is a set of 60ms long MF tones in ogg format, or the raw audacity projects

Soon I will publish the app on the play store (and probably F-Droid as well), and I’ll have to see if it works with Project MF

ps If you are looking for more retro fun times check out Telehack

Building a Watch: Part 1

I want to build myself a watch.

One of my goals this year is to learn more electronics, and the best way I’ve found to learn is often to have a project. For example, the heart box taught me a bunch about laser cutting and tolerances. I think a watch will be a good project because:

  • I currently don’t have one, but I want one
  • It has interesting size constraints (imposing limits is fun!)
  • It’ll be battery powered
  • Lots of room for improvements

Bonus: It looks like I will probably have to make a circuit board for this! I have 0 clue on how to go about doing that yet, but this should give me a pretty good excuse.

Feature Wish List

I want the watch to have normal watch functions like keeping the time, having alarms and preferrably a stopwatch / timer mode. It would also be really cool if I could make it silent, since beeping is pretty annoying. Instead, I think I should incorporate a vibration motor.

Eventually, I would like to have it connect to my phone / computer so it will need to have bluetooth at some point.

Finally, it needs to look good. That means, it can’t be a 20cm tall monstrosity covered in electrical tape.

Potential Parts

I’m not entirely sure which parts I will choose yet. I’ve been drawing heavily from The open source watch to see how such a thing can be made. They use a microduino core+ which is really cool and super tiny! I have the most experience with Arduino (and thus AVR) chips so I will probably stick with that, although now that I think about it, it might be cool to use a Propeller because it can multi-task. The other option is to use something like the Trinket Pro (since it has a nice battery board addon) but it may prove to be too big.

Next, I have to choose a display. After lots of googling I found the Sharp Memory Display which is a cool mix of e-ink and LCD. (fun fact: it’s the display in the pebble). I don’t care much about color, so I think I will go with it despite the memory restrictions it will impose on the build.

I don’t yet know what battery I will use, probably something from Adafruit. I’m trying to choose between a 150 mAh and a 500 mAh one.

I think I need an RTC module, but it’s possible that I can get away with keeping track of time without it, and just relying on paired phone to deliver accurate time.

Next Steps

I think I will order a bunch of parts to bread board this out. I need to test a bunch of things like power draw. Also probalby lots of yelling at my computer when I can’t figure out how to build a bread board.

HOMESTUCK or why fandoms are fun!

So recently I’ve been reading through a webcomic called Homestuck, which I totally recommend if and only if you have a lot of free time and enjoy silly computer jokes. Sadly it’s a bit tricky to get into. Also it’s stupendously long like “251% the size of the Lord of the Rings”

TIPS ON GETTING STARTED:

  • Click on http://www.mspaintadventures.com/?s=6
  • Ignore some of the weird bits like that the fact the website is called MS paint adventure. The author (andrew hussie) has a few other comics
  • keep going

Part of the fun is the jokes/puns, but also the crazily complicated plot. Like, it’s sufficiently weird and wonky that I have to consult the extensively curated fan wiki on a fairly regular basis.

Dabbling with KERNEL HACKING

So I have this fascination with understanding how things work and it has had the unfourunate of becoming interested in THE LINUX KERNEL

I’ve seen some cool (and excited) posts from Julia Evans about the topic! It got me excited, but more importantly it made the topic seems significantly less scary and approachable. I’ve been trying to learn C for a while now because so much important computer code is written in it.

To that end, one of the blog posts linked above mentioned the EUDYPTULA CHALLENGE which sounds exciting! (side note: eudpytpula is a GENUS of penguins) The gist of the challenge is that you are presented with a series of tasks that teach you more and more about kernels.

I’ve completed task 1! I would share the code with you but I’ve taken a VOW OF SILENCE so that each new recruit can work through the tasks on their own. Instead I will share some of the useful kernel resources I’ve found so far.

The biggest challenge I’ve faced so far has been getting Thunderbird to send email in a format that’s comprehensible to the little script that is is the Eudpyptula. Turns out email is a crufty old protocol.

Soon, I shall be MASTER OF THE LINUX KERNEL (I hope)

Migrating to jekyll for blog style outpourings

Recently, my (previous) blog hosting platform decided to axe their free tier and the price they were asking was too much for me. Plus, I’d be thinking for a long time about how it would be nice to do the hosting by myself. In addition to cutting my dependence on an external service, I’d get to learning more about ops-y things in the process.

My first attempt at this migration was with Octopress, which I’d dabled with a bit in the past. I quickly abandoned it though because it felt much too complicated. The default theme was split too many times, there were weird and (to me) unneeded layers of complexity.

Instead, I chose to use the platform Octopress is based on: Jekyll. It produces a nice clean site of interlinked and static HTML pages (which should be easy to host). It consumes posts or pages in either markdown or html, so I can write a post however I want. It has a simple template system and a theme that fits in my head so I can make it look like how I want without throwing something at the wall.

Important the old content was a bit tricky, but there’s a nice plugin someone wrote to import an rss feed into jekyll that you can find here. Just run jekyll import rss --source http://blog.domain

The only challenge I had was importing the images from the old site. I ended up writing a little script to grab a list of all the images, download them and then replace the src with a local reference. Here’s the source for that

require 'nokogiri'
require 'net/http'
require 'pry'

Dir.glob("octopress/source/_posts/*.html").each do |file_name|
  file = File.open(file_name, 'r+')
  post = file.read
  a,b,c = post.split("---")
  doc = Nokogiri::HTML::fragment(c)

  doc.css('img').each do |elm|
    img_elm = elm['src']
    uri = URI(img_elm)
    filename = "temp/" + File.basename(uri.to_s)
    if File.exists?(filename)
      puts "skipping " + filename
    else
      File.open(filename, 'wb') do |image|
        puts "downloading " + img_elm
        image.write(Net::HTTP.get(uri))
        sleep(2)
      end
    end

    elm['src'] = "../images/" + File.basename(uri.to_s)
  end
  file.rewind
  file.truncate(0)
  file.truncate(0)
  file.write([a,b,doc.to_html].join("---"))
  file.close
end

What’s cool is that code up there is hosted on my site! I had been using gists before, but that’s just one more thing that was outside of my control.

I considered a few alternatives. Wordpress is kind of the standard for this sort of thing, but it feels like there’s a 0day every other week for it and I’m bad at patching. Plus I need a server capable of running a LAMP stack, whereas with something static (like this) I could host it on a 128 MB VPS that costs 15$ a year. Wait, that’s what I’m doing. Ghost looked interesting, but I don’t know much about node or hosting a node site. I even thought about rolling my own, but I tried that with blag and it didn’t turn out quite the way I was hoping.

I will miss being able to write and publish a post anywhere I have an evernote account, but I think jekyll is good enough for now.

(ps do the comments work?)

Making a clock

Approximately 2 years ago I ordered an RTC clock module from Sparkfun with the intention of building a clock of some kind.

FINALLY, I've gotten around to hooking everything up! Here's a picture of my amazing setup (if you wiring things for a living, please don't kill me)

The goal is to help my wake up in the morning by turning on a SAD lamp. If you've ever seen one of these faux sunlight lamps before you will wonder why I'm doing this. If you have seen one of these, you'll understand because these things are REALLY FREAKING BRIGHT.

PARTS

Here's the part list

Getting all these parts together was actually surprisingly difficult. I ordered the RTC, but I didn't order a battery since I thought I could find one locally. I was wrong, so I ordered one online. Don't do that unless you have lots of time to wait. It took like 2 months to ship that tiny coin cell battery across the border to me here in Canada since it has lithium in it.

The RGB LCD was actually part of a kit from Adafruit which is all supposed to be controllable over I2C. I assembled almost all of the kit successfully, but the last piece I put on backwards. And of course, it was the 40pin chip which has proven to be resistant to my efforts to desolder it. sigh. Thankfully I was able to salvage the LCD part.

ASSEMBLY

So the first thing I tried to do was get the the RTC module working. This proved to be quite frustrating. I wired everything up, but I was getting garbage data back from the module. It was counting up (sorta), but random extra bits were getting set and unset. So it would go 0:0:59, 0:1:0, 1:1:1, 0:1:2. WTF. Eventually it turned out that the problem was the way I was grounding the module. I'm not entirely sure what was happening, but eventually I got the right wire connected to the ground on the arduino, bypassing the breadboard.

Everything else was relatively easy to set up. Adafruit has an excellent guide on their LCD Shield. The powerswitch tail is controlled by setting a single pin high or low.

CODE

Here's the whole thing below. Most of the code for interacting over SPI to the RTC module is from Sparkfun.

400: Invalid request

I had some fun messing around with sprinf (it's like printf, but it fills a char array!) You can set the alarm time by modifying the values in the Alarm int array.

BUGS

For some reason there are 2 garbage characters left on the LCD after the end of my screen. I "fixed" this by just appending more space characters than will fit in a 16 char line.

FUTURE WORK

It would be nice to have multiple alarm

How to read a texbook

So I really like learning things. It was one of my favourite parts of university (and high school before that), so I was really missing it when I started working. I tried for a while to read things when I felt the urge, but this rarely happened. I tried enrolling in a cousera course, but it felt a bit too much like the shitty parts of school, namely I can't move at my own pace.

My current system involves BEEMINDER which is a pretty amazing tool for people like me who suck at motivating themselves. The basic idea is that you commit to some goal and beeminder makes sure that you reach it by forcing you to do a minimum amount of your goal everyday. You can do more than your goal and let it ride for a few days, but eventually you'll have to do work. If you fail, you have to pay beeminder money.

I use it to make sure I do an hour a week worth of reading / working of each of my texbooks. Currently I am reading the Structure and Interpretation of Programming Languages (available as a PDF and the The C Programming Language. I wanted to make sure that I really got the fundamentals of computers. C and Scheme are both early programming languages with very different philosophies. (I know that just made some of you feel old)

As I go through these books, I am working through the exercises (You can follow my progress here and here). Writing actual code feels like the most important part of my attempts to learn so far. It's not enough (for me at least) to just read the information. I need to process it somehow, but I find working without direction (or feedback) tough. Thankfully you can find solutions to both SICP and the C programming language book on the web.

So far I've only finished one book this way is Hacking: the Art of Exploitation which I highly recommend, even if you don't want to hack anything.

Architecting Android Apps





So my first experiencing really writing code was on Shopify using Ruby on Rails. Rails adheres very strongly to the idea of Covention over Configuration. That is, frameworks should make choices about how things should be structured. For example, rails is an MVC framework which means you have models (which go in app/models), controllers (app/controllers), and views (app/views). Of course, you can mess with this but the point is that there is an expected place to put things.

Android is part of the Java ecosystem, and it doesn't seem to make any choices about how to structure... anything. This. Drives. Me. Nuts. You can put any code for anything anywhere. And there really doesn't seem to be a good reason for this. I'm currently working on Shopify for Android and our code doesn't really have a good structure at the moment. We have some folders that contain code grouped by feature, like orders and we have other folders that contain code based on function (views).

I feel that the job of a framework, (which admitedly Android... kind of is) is to make the job of a programmer easier. The hardest part of being a programmer is managing complexity. Configuration introduces compleity. Convention removes it

Our team is probably going to move to something like this: https://github.com/codepath/android_guides/wiki/Organizing-your-Source-Files, but it doesn't quite feels as nice as rails.

My First Experience being a Dungeon Master

So recently a few of my friends decided that we wanted to get into Dungeons and Dragons. This was mostly due to enjoying Munchkin a lot.


I started doing some research on the best way to get into D&D. First I needed to pick an edition. 3.5e seems to be a clear favourite in the past, but I had heard that 5e was simpler than any previous version. Finally I found a glowing review of the DnD Starter Kit

The D&D Starter Set is a Great Way to Introduce Newbies to RPGs

Turns out to have been a great choice. The kit includes a full set of dice, 5 pre-made characters, a rule book and campaign book and it was like 20$.

First time DM

I'm really glad the characters were pre-made. The rules are complicated enough for a first time group without having to deal with making a characters.

The campaign book was very helpful to me as a DM. I was really worried I would be able to improvise fast enough or well enough to keep the game flowing, but that turned out to be a bit of an over reaction.

Knowing all the rules is hard! I had to constantly check to see what actions a player could take, how ranged combat works and what kind of bonuses people would get.

All in all though, I had a really fun time and I think the rest of the party did too!

Book Recommendations from 2014

Since I enjoy reading and I enjoy hearing about what others are reading, I figured I should probably put up a list somewhere of the books that I enjoyed reading during 2014. If you have any recommendations, please post them in the comments! One can never have too many books on one's list of books to read.

The Martian

The Martian 2014.jpg

If you have to read one book from my list, I recommend it be this one. It only took me 2 days (and 2 rather sleepless nights) to get through it. It's a fantastic thriller and as a bonus you get to learn about Mars since most of the science is accurate. The book is about the first manned mission to Mars, and as you might imagine Something Goes Wrong.

The Laundry Files (Series)

TAA-cover.jpg

This series is so freakin' good. It's basically James Bond + Lovecraftian Horrors + Comedy and it's pure gold. You follow around Bob Oliver Francis Howard (aka B.O.F.H) who lives in a world where the right piece of code can be used to summon Eldritch horrors from the deep. But of course there's a government agency tasked with protecting us all from having our brains eaten out.

The Coming Swarm



I'm not finished this one yet, but it's been a very interesting read so far. The author make a compelling argument that DDoS actions should be considered a political act just like a sit in or a blockade.

The Girl With the Dragon Tattoo



This book was very slow to start, but it quickly got hard to put down. There are some pretty disturbing scenes, so if that's not your thing I don't recommend it. If you can stomach it though, it's a pretty good read with lots of really good twists.

Sufrace Detail

Bankssurfacedetailcover.jpg

I love Iain M Banks. All of The Culture novels are fantastic, and this one is no exception. The plots are too numerous to list, but one of the fascinating ideas in this book is that of a Virtual Hell. If you suppose that minds can be simulated and run on computers, there's no reason why you couldn't digitize someone's mind before they die and then upload it to a virtual hell if they had failed to live a good life. If you've read any of other culture novels, you'll enjoy getting a look at what a Mind with some severe psychopathic tendencies looks like and how it can exist in the Culture.

Count Zero

CountZero(1stEd).jpg

This is a sequel (kind of) to Neuromancer, but all of the characters are different. I found this book much easier to follow compared to Neuromancer, but Gibson still writes in a way that I find very difficult to follow. My friend said it best when he described it as "poetry"

How to propose to an engineer

So several months ago I had decided that I was going to ask my girlfriend to marry me. BUT we have been together for 6.5 years at this point so I needed to make sure it was really memorable. The first step was to pick a ring. Thankfully I met a jeweller at Modlab who 3D prints rings: Fused Elements. Well, sort of. She 3D prints the ring in wax and then uses that to make a mould which she fills with molten metal. Upon hearing that I KNEW that's where I would get the ring. (Bonus: I can get the ring re-made in the event of catastrophic failures)

The ring!

One day on reddit I saw this really fantastic ring box that someone had made involving a mechanical iris that looked fantastic. You can check out the whole album of the build process here: https://imgur.com/a/3Mu8J

After humming and hawing for a bit I came up with a plan to build a series of boxes to hold the ring. My fiancé likes unwrapping things so having many layers was essential. This was my first plan
But like all plans it fell apart as soon as it encountered reality.

STAGE 1.0

This is the only part of the plan that went off without a hitch! Working with Fused Elements was really easy and the ring turned out beautifully.

STAGE 2.0

The first problem I encountered was modifying the existing 3d designs for the iris box so that the original ring box would fit. (A secondary problem was gaining access to a 3d printer, but thankfully a good friend of mine had recently acquired one). I had to enlarge the designs by close to 200% so that the box would fit through the inner ring of the iris. But in doing this I ended up with a box that had a truly gigantic outer diameter. It was getting close to 20cm and what was just stage 2!
Photo of the iris box I wanted to use at first.

TinkerCAD

(insert picture here)

STAGE 2.1

After many months of searching through thingiverse (I may be embellishing) I found this really cool looking parametric twisted star box which had some openscad files I could modify and use.

Printing this turned out to be quite an ordeal. My girlfriend was away for a weekend so I signed out the Ultimaker from Art Engine (my local makerspace) and started printing. But this box was actually pretty big and as anyone who's done any 3d printing will tell you, printers can be finicky. Here are the 3d aborted bases I have. Only one was intentional. The other too failed when the filament got twisted and stopped feeding properly.




But 4th times the charm! You can see the finished box below



The ring box fits! I messed up a tiny bit in modifying the box. The lid should have had a slightly smaller opening at the top since where the twists meet there's a tiny bit of a gap.

STAGE 3.0

My initial plan was to have a second box with an mechanical iris based on this cool design I had found on Instructables (http://www.instructables.com/id/Mechanical-iris-v20/?ALLSTEPS). That would make the lid and the rest of the box would be made by stacking sheets of material that I would cut into shape on a laser cutter and hold together with nuts and bolts.


Picture of Mechanical iris v2.0

But once again I completely under estimated how large this would end up making my box. Stage 2 had to fit through that inner hole and once I'd scaled up the design it wouldn't fit on the bed of the laser cutter any more...

STAGE 3.1

I needed to make this piece just as special as the other stages so I ended up choosing to make the box heart shaped. Not just regular heart shaped, but a heart based on the equation y=|x|+sqrt(1-x²) and y=|x|-sqrt(1-x²) from -1 to 1 (graphed on Wolfram Alpha). When my fiancé and I first started dating I liked to show off so I had sent her that equation. She liked it enough to have a large poster of it made for her bedroom.

With a shaped picked out I started designing the box itself in inkscape. You can see the end result below.

As I was working on the design I needed to pick the material I wanted to use. I ended up choosing 1/8" opaque red acrylic. I probably should have figured out where to get some before setting my heart on it though... I ended up calling a the following places in Ottawa that sell acrylic to try and find some:
  • Canus Plastics
  • Laird Plastics
  • Plastics & Signs of Ottawa
I ended up going with Laird because they could get it for me in a week. The only problem I ran into here was that I had to order an entire 4' x 8' sheet of red acrylic... Thankfully Laird cut it into 2' x 1' sheets for me. Transporting a sheet of material that huge is difficult on a bike and I can only fit a 2' x 1' sheet in the laser cutter anyway.

After picking up the sheets I started prototyping my final design in cardboard. I cut out 5 hearts in cardboard and checked that the holes I had cut fit the screws, and that stage 2 would fit in the whole properly. Everything seemed to be perfect so I cut out a single heart in acrylic. It fit the box and the screws slid through the holes. So I cut out the rest of the hearts I could on that first sheet of acrylic and...

They didn't fit together. This is the first time I learned about the importance of tolerances. The bolt holes needed to have more clearance. So I modified the designs to add an extra few mm of clearance. I cut out another sheet of hearts and tried putting them together. They fit together perfectly! So I cut another sheet and... promptly ran into problems with tolerances again. Thankfully I was able to wiggle the second sheet worth of hearts down so at least I didn't waste any hearts, but for the next couple batches I increased the bolt hole size again.

The last part of this stage was to come up with a lid. Initially, I envisioned using a gear shape for the lid and having a second lower layer that was that had a hole same upper gear shape except cut out again after having been rotated a bit. This way the lid would slide down a layer and could rotate about a gear tooth's worth.

Turns out doing that is hard. Most of the gears that I could generate were meant to be used as actual gears, I needed something more aesthetically pleasing. I ended up going with a simplified version of the above design. I had a circle with two small tabs offset by 180 degrees. Below it I had a circular whole with two quarters of a larger circle cut out so that the tabs of the lid could rotate.


This is the design I went with, but it suffers from a few... problems. The second layer cut out should be a bit bigger so that the lid can rotate better. Also the lid needs to be a bit smaller. I also went with an acrylic handle that I cut out, but I think a set of finger sized holes in the lid would work even better.

Anyway, here's the final product:


STAGE 4.0

Now that I had dimensions from stage 3.1 I could try and come up with a box that would fit it. I wanted something wooden, but it turns out that finding a large wooden box in Ottawa is kinda hard. I ended up going with the largest one that they had at Michael's and painting Tardis blue.

A few months earlier I had given my girlfriend a key in order to get her excited. I needed some way to attach a latch to the box. I was super concerned that I wouldn't be able to find something that would work, but I got lucky and they had one that worked perfectly at the hardware store.

I also wanted to use some of the design files I had gotten from Fused Elements, so I decided to engrave them with the laser cutter on the lid of stage 4. It turned out really well, although I did have to come up with a way to have the lid stay flat while still attached to the base.




I hope you dear reader might be inspired in your own proposals (if that's your thing) just as I was when I saw the CNC'd Iris box.

Installing Ubuntu 14.04 on a 15" late 2013 Macbook Pro (with Full Disk Encryption)

http://www.tejasbarot.com/wp-content/uploads//eIUaGXc.png

SO I've been looking but I have yet to find a sufficiently detailed guide for getting Ubuntu running on a retina macbook pro, especially one that has full disk encryption enabled. Hopefully this document will help others looking to dual boot as well as serve as a reference for me in the future when I inevitably forget all of this.

BEFORE YOU DO ANYTHING YOU NEED TO HAVE A BACKUP!

The first step was installing a better EFI boot loader (although I'm not sure if this step is strictly necessary anymore). In the past that would involve rEFIt, but it seems to have lots its maintainers. Instead I've gone with rEFInd. Their site is pretty 1990s, but the software itself is pretty good. I mostly just followed the instructions on their installation page and their page on Yosemite, although I did have to make a few changes so that booting wouldn't take 30 extra seconds. Note, I had to install rEFInd to my ESP partition

  1. First step is to download rEFInd (version 0.8.3 as of this article) and unzip it somewhere.
  2. Now mount the ESP partition by making a new directory ( mkdir /Volumes/esp ) and then running: sudo mount -t msdos /dev/disk0s1 /Volumes/esp
  3. Next cd into the directory you unzipped rEFInd and run ./install.sh --esp
  4. Now edit /Volumes/esp/EFI/refind/refind.conf and uncomment the line about dont_scan_volumes and change it to be dont_scan_volumes "foo,bar"
  5. Next move /Volumes/esp/EFI/refind to /Volumes/esp/EFI/BOOT
  6. Finally move /Volumes/esp/EFI/BOOT/refindx64.efi (I think) to /Volumes/esp/EFI/BOOT/bootx64.efi
  7. REBOOT and enjoy your shiny FOSS boot manager

The next step is to format your hard drive so that it has 3 new partitions for Ubuntu. I like to use full disk encryption in linux too which means that I need a separate /boot partition in addition to / and swap (although frankly I'm not sure I need swap when I have 16GB of RAM)

BE CAREFUL HERE. I managed to bork my Mac installation by trying format my disk from the ubuntu live CD. Thankfuly I had a time machine backup.

I ended up formatting my disk to my liking by booting in to OS X's recovery mode and creating 3 new partitions. My /boot was only 1GB, swap was 16GB and I set aside about 90GB for the main installation.

Next you need to format a USB stick with the ubuntu installation image. The instructions I followed are from here: http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx

Reboot with your newly formatted USB and select it from the options presented.

Choose 'Something else' when asked how to install ubuntu. Click on the 1 GB partition and use it as /boot. Next choose the large partition you created for linux and choose the option "use as physical volume for encryption"

Also, make sure you choose the partition you have as /boot for the installation of the boot loader. YOU DO NOT WANT TO LEAVE IT AT ITS DEFAULT

Next post I'll include information on how to configure your new dual boot computer!

Intro to Kerbal Space Program!

So I’ve discovered an another awesome sandbox game! I really thought I didn’t like them, but I was wrong. Trying to build space ships is fun! If you succeed, you get to go to space! If you fail things explode in amusing ways! Bonus, you’re some kind of magic god in the game so you can roll back time and make the explosion never happen!

My only complaint so far has been just how obscure the UI can be… obscure. You have to click or double click or right click or possibly even double right click on exactly the right part of your ship in order to get a menu to show up...

The best guide I’ve read so far is found here: http://mykspcareer.com/2014/07/volume1/

The best part of this game though is just how cool I feel while playing! Who doesn’t want to feel like a rocket scientist? It feels really cool to understand how orbital mechanics work.

BONUS: Awesome ships I’ve made!


I found it is IS possible to build a plane capable of taking off without wheels


Solution to 1o57's Hackaday Challenge

So on October 6th 1o57 (who creates the DEF CON badge challenge) gave a fantastic talk at the hackaday 10th anniversary which you should totally watch:


(go ahead, I’ll wait)

You might have noticed some random text in the slides, but you might not have. Anyway here are the slides


And here is a copy of all the letters on each of the slides

DO
XIYL
DCYV
DKIK
NKUM
KRYD
NBYG
ONYM
NXOC

on one line:

DOXIYLDCYVDKIKNKUMKRYDNBYGONYMNXOC

Hrmmm, well the first thing you might try is a Caesar cipher. In the video you’ll notice that 1o57 repeatedly mentions that it’s Hackaday’s TENTH anniversary, so we should try decrypting the above string with a key of 10. (here’s a tool do to that)

TENYOBTSOLTAYADAKCAHOTDROWEDOCDNES

(side note: I cheated on this step by using an automated caesar cipher breaker)

Hrmmm that still looks like nonsense, but it does start with the word ten, so we’re probably close...

Wait a second! The string is backwards! It’s not ten it’s net!

SENDCODEWORDTOHACKADAYATLOSTBOYNET

or cleaned up

Send codeword to hackaday@lostboy.net

Ok, well now we know where to send the codewords. The only unsolved part of the puzzle is this last slide




WTF are those things?! Now fans of Sherlock Holmes may recognize these, but at the time I did not, so I went to my best friend Google to try and figure it out. I tried lots of search terms like “stickman code" (and variants on that) and “semaphore" (since I thought maybe the positions on the flags was significant), until I came across this page:

http://www.geocachingtoolbox.com/index.php?lang=en&page=dancingMen

which features a code called the Dancing Men!

This code comes from a Sherlock Holmes novel called The Adventure of the Dancing Men



And we can use the above image to decrypt the band, which decrypts to:

codeword psychobilly ciphers

Thanks for the fun puzzle 1o57!

NIXIE TUBES!!

So approximately 2000 years ago I got a set of 6 nixie tubes as a gift. WTF is a nixie tube you ask? This is a nixie tube:

File:ZM1210-operating edit2.jpg

It’s an device for displaying all ten digits (0 through 9) using “glow discharge" (that thing that makes old incandescent lightbulb works), while looking really really cool.

The tubes I have are IN-17s and they operate at 180V. That is a lot of volts and it was pretty scary for me putting the circuit together since I’ve never worked with such high voltages. Fortunately, these works at relatively low amperages so I only have to worry about pain, not death.

Now, you might be wondering what I need to drive these things. The answer would be a Russian K155NA1 Driver Chip, which is basically a high voltage Binary-Coded Decimal decoder and a circuit to step up wall wart DC voltage (9V at 1a) to 180V. Thankfully a nice person on the internet made an arduino shield to do all this called the ArduiNIX

Here’s my completed display:


I’m still trying to understand how the circuit works. There are 20 pins and 4 grounds, so I can apparently control a total of 80 digits. I’m only using 60 digits in this setup (10 digits per tube times 6 tubes), but I’m still pretty lost when reading the demo code

My current understanding is that I have 2 BCDs which I can control with 8 pins (4 each, which makes sense since 2^4 = 16 > 10 digits), and I can control the 4 anode (aka ground) pins. From the code it seems I have to display 2 digits at a time, but I’m not at all clear how the digits are split up. That will be the subject for my next post!

SHELL SHOCKED

There's a lot of chatter right now about this new bash env bug, affectionately known as CVE-2014-6271. I'm going to try and explain for your (but mostly my own) benefit.

BACKGROUND

The primary way that programmers interact with a (un|l)inux system is via the shell, aka THE COMMAND LINE (cue thunder clap)

Now, like everything on a computer, the shell is a program. It's kinda special since it runs OTHER programs. It's not just users who use it, but also other commands.

In bash, there's these things called **environment variables**, which is a way to declare values which can be used by scripts/programs to store variables. A common shell variable is LANG, which contains the current users language. A program launched from the shell can use this information to display output in the correct language.

Bash is also a self contained programming language, and like any good programming languge it has functions. You can declare functions in bash like so

foo() {
echo 'bar';
}

Seems pretty straight forward right? The key is that bash stores functions that it is exporting to another bash shell using environment variables.

Only there's a bug in bash which means that once a function is parsed, bash happily keeps executing the rest of the environment variable.

THE ACTUAL PROBLEM

Ok, so what does that look like? You can normally declare an env variable like so:

bar='something important'

You can declare a function in an environment variable like so:

foo='() { echo 1;};'


And the exploitable version is like this:

x='() { ignored;}; echo vulnerable' bash

The x='() { :;}; bit is just to ensure that bash parses this environment variable like a function. After the second semi-colon, you can execute any bash you want.

WHY THIS IS BAD

What's the big deal you ask? I don't let random internet strangers set environment variables! Well, you might be doing it without realizing it. The first series of exploits that can be taken advantage of right now is CGI.

CGI lets you execute a shell script of any kind to respond to a web request. The problem is that if you are using a bash script, cgi helpfully sets the user agent of the request it is trying to process to an environment variable! This means that by doing

curl -A "() { :;}; whoami" http://some.vulnerable.computer/cgi-script

You can execute code

The second class of attacks that is interesting is that there are lots of ssh systems that provide access, but don't give the end user a shell. The most common case of this is with git, where users exist on a system for execution, but ssh is configured not to respond with a shell. A user without a shell account (but with access) can login to ssh like so:

ssh -o 'rsaauthentication yes' user@host.me '() { ignored; }; /usr/bin/whoami'

The final interesting class of attacks is with dhclient. Now, when you connect your computer to a network, it sends a request out to EVERY computer asking for an IP address. Normally a DHCP server would respond to this request, and this response is used to set some environment variable before a shell script is run on the requester's machine to set ip addresses and such what. The problem here is that a malicious user could respond faster than a real DHCP server with a response that contained fields which would be put into environment variables and then GAME OVER.

Make something (or How I learned to stop worrying and love making things)

I’d like to encourage all of you (myself included) to make more things. I don’t care what kinds of things you make, but make something. You can do it by yourself, or you can work with someone else, or you can make something based on someone else’s work. Here are some suggestions of things you can make:

  • A bowl of pasta with homemade sauce and meatballs
  • A robot that you can play catch with
  • A story about a girl and her pet rat
  • A webpage that generates new, exciting, and sometimes nonsensical jokes about noses
  • An edit to wikipedia about a topic that interests you
  • A quilt for someone you care about like a pet
I enjoy every part/phase/stage of making.

There’s the planning stage, where you try and come with ideas, turn them around in your mind and tweak them until you can bring it into the world.

There’s the scavenging phase where you find and bring together all of the pieces/thoughts/feelings you need to make the thing inside your head(s).

There’s the doing phase, where you take something like a blank page, an existing project, or a box of parts and transform it into something new/different/better/worse than it was before

And then it starts over again. The thing you’ve made eventually changes again. Sometimes it’s entropy as it falls apart. Sometimes it’s you, coming back to tweak what you’ve created because you had another idea. Sometimes it’s teeth, because you’ve baked a delicious cake and there’s no point in letting a cake go to waste.

You’ll be able to look forward to some part of the making process, or think back to the end result and it’ll make you smile or frown or both.

If you need help making things, or want to share the things you’ve made, or you’re looking for people who like making just as much as you do, you should see if there’s a hackerspace/makerspace/sewing club/quilting mafia/organic food co-op near you and you should get involved. We humans are social creatures.


PS

____ ___ _ _ _ _____ ____ _____ _ ____ ___ ____ _ __
| _ \ / _ \| \ | ( )_ _| | __ )| ____| / \ | _ \_ _/ ___| |/ /
| | | | | | | \| |/ | | | _ \| _| / _ \ | | | | | | | ' /
| |_| | |_| | |\ | | | | |_) | |___ / ___ \ | |_| | | |___| . \
|____/ \___/|_| \_| |_| |____/|_____| /_/ \_\ |____/___\____|_|\_\

(This post was also sent to the listserv on 20140908)

DEFCON 22 Badge Challenge Walkthrough

Last week I was lucky enough to attend DEF CON for the first time and it did not disappoint. I’ve been out of commission for a few days with the con plague, but I’m feeling well enough now to try some blogging.

This isn’t the first write up to appear for the badge challenge. There’s the winning team’s write up, and runner up team potatoe sec’s write up.

Why am I writing another one? Mostly it’s because I wanted to make sure I really understood the challenge and it’s solution. Additionally, I’ve noticed that the other two are either missing steps, or contain mistakes.

Let’s start with some background (you can skip this if you know about the badge challenge). DEFCON is a hacker conference, and hackers love puzzles. As a result, for the past 5 years (I think) 1o57 has created a series of mind bending puzzles centered around the badges that DEFCON attendees get. It’s designed to be solved in 3 days and force people to interact and talk since there are multiple different types of badges.

My interest in the badge challenge first got piqued when I read through a DC21 walkthrough by last year’s winning team. I didn’t have a team or the willingness to miss all the other things going at DEFCON, so most of this walk through is based off of the two guides I mentioned above and a taxi ride with a member of the runner up team on the way to the airport, and the fine folks who hung around room 1057.

So, what follows is as legible and clear a walkthrough as I can manage. Please leave comments if you spot any mistakes, or feel I’ve explained something using an identity like 2+2=5.

If you want to follow along at home, you can download this archive which contains as much of the badge challenge materials as I could manage to gather together. I’m still missing good photos of the front and back of all the badges, so if you have a one, please send it my way.

Final note: unless otherwise noted, all materials that follow (include the text) is released under a creative commons attribution license

Lanyards

(source: me)

This is the lanyard. There are 3 important parts to it.

First, there’s the Chinese numbers on the left, which you can read with this handy chart:

一      1
二      2
三      3
四      4
五      5
六      6
七      7
八      8
九      9
十      10

Then, here are the weird symbols in the middle. Those are 4 digit numbers written using the Cistercian cipher from The Ciphers of the Monks. You can decode them with:

(source: The Ciphers of the Monks)

The last part is a Korean word, saying either vertical or horizontal

수직 (sujig): vertical

수평 (supyeong): horizontal

Big thanks to 1o57, who showed up at one point with a full set of EIGHT lanyards, pictured below

(source: me)

It was pretty tough trying to gather all of them. Initially, the total number of lanyards was unclear.

We had a hell of a time trying to gather all of the lanyards before 1o57, since we assumed the numerals were unique and didn’t look for the other 4 and we thought there might be a lanyard with a Chinese 1 or 3. Also, we thought there might even be 9 lanyards, since there were 3 “suits” in the DEFCON iconography: (the happy skull and cross-bones, the rotary dial and the floppy disk).

Anyway, how do you decode these?? It turns out the Cistercian numbers are all in the range of upper case decimal ASCII, but without an ordering it’s gibberish.

First, you have to divide the lanyards into vertical and horizontal.

At one point LoST mentioned that he really loved weaving potholders as a kid, so clearly the lanyards need to be woven together in some fashion.

Next, it turns out that all of the lanyards are less than 15, so they can be written in binary using only 4 bits.

Horizontal

 3 | 0 0 1 1
 4 | 0 1 0 0
 4 | 0 1 0 0
 9 | 1 0 0 1

Vertical

 5 10 11 14
 ---------------
 1  0  1  0
 0  1  1  0
 1  0  0  1
 0  1  1  1

Finally, you might also have noticed that two of the lanyards start with the encoded version for 1057.

Now, you can combine all of this information to form the solution.

The Chinese numbers can be arranged in such a way that it forms a grid of all 1s, indicating which square on which lanyard should be read to form the final message.

The ordering starts with 11 on top of the 4 lanyard with 1057 on it.

From there, there is always only one lanyard that can be placed such that the grid of all 1s is formed.

Here’s the final weave:

(source: me)

Reading off the numbers and converting to ASCII you get:

 1057DONTMISSTHEPOINTINCURIOUSCODES

or

 1057 DONT MISS THE POINT IN CURIOUS CODES

There are 2 things you need to solve this puzzle:

  1. 1o57 told us to take this literally. EXTREMELY LITERALLY
  2. There are a whole bunch of new TLDs that got released recently…

The solution is curious.codes, which leads to the following url:

http://curious.codes/

Which contains this link:

Did you get Nuke Nuke Mickey Lover yet?

Running file on it reveals that it’s a rar archive.

When you try to open it, you are asked for a password.

Program Code

(source: me)

In the DEFCON program under the section by 1o57, there’s a series of numbers transcribed below:

07-21-18-03-18-05-05-22-01-03-14-20-18-06
10-22-25-25-21-18-25-03-12-02-08-19-22-01
17-12-02-08-05-16-14-25-25-22-01-20-15-08
07-17-02-01-07-15-18-17-08-03-18-17-16-08
07-17-02-10-01-07-21-18-10-02-02-17-06-07
21-18-12-15-18-18-05-17-02-06-10-57-10-57

Notice that all of the numbers are less than 26 (with the exception of 1o57’s signature at the end), so it’s time to convert these numbers to letters (1 -> a, 2 -> b, etc…), which results in:

 gurcreevacntrfjvyyuryclbhsvaqlbhepnyyvatohgqbagorqhcrqphgqbjagurjbbqfgurlorreqbfj

The thing I learned doing the challenges: Always try rot13.

 THEPERRINPAGESWILLHELPYOUFINDYOURCALLINGBUTDONTBEDUPEDCUTDOWNTHEWOODSTHEYBEERDOS

or

the perrin pages will help you find your calling but dont be duped cut down the woods they be erdos

Above some of page numbers in the program, there are numbers written. Here is the whole set:

number: 32 35 31 41 53 45 41 43 52 45 45 4D 41 54 45 21 21 page: 2 3 5 7 10 12 16 17 22 29 33 34 36 39 46 51 56

A bit of googling reveals a few things. There are Perrin Numbers, which is a sequence defined by a recursive relation. The first few I grabbed from The Online Encyclopedia of Integer Sequences (yes there is apparently such a thing)

 3, 0, 2, 3, 2, 5, 5, 7, 10, 12, 17, 22, 29, 39, 51, 68

There are also things called Erdos-Woods numbers. Again from OEIS A059756:

 16, 22, 34, 36, 46, 56

Let’s start by reducing the numbers to just Perrin numbers

number: 32 35 31 41 53 45 43 52 45 54 45 21
page:    2  3  5  7 10 12 17 22 29 39 46 51

Next, let’s ‘cut down the woods’ by removing the Erdos Woods Numbers that aren’t also Perrin numbers (‘don’t be duped’). NOTE: This bit seems to have been missed by a the 2 other write-ups

 16, 34, 36, 46, 56

.

number: 32 35 31 41 53 45 43 52 45 54 21
page:    2  3  5  7 10 12 17 22 29 39 51

How do we decode 32 35 31 41 53 45 43 52 45 54 21? Well we saw earlier that one of the superscripts was 4D, so let’s go with ASCII Hex

 251ASECRET!

Hey, that’s a phone number (the hint being calling)

251-273-2738

If you call it, it will ring and ring and eventually you’ll get a recording of a piano, which you can listen to below:

piano.wav

Transcribing the notes we get:

DGGBGBGGDGBDGDGBDDDBDGEGDGDGDBDDDBGDGBDDGEDGGDGBGDDDDBDDDDDBGGGGGBDDGGGEDGGDGBGGGBGDBGDGBGDBDGBDDGBGGGGBGDBGE

Hrmmm, not many Bs or Es… Let’s try removing those to see what it looks like

DGG G GGDG DGDG DDD DG GDGDGD DDD GDG DDG DGGDG GDDDD DDDDD GGGGG DDGGG DGGDG GGG GD GDG GD DG DDG GGGG GD G

Since there’s only 2 letters it’s either binary or morse code. Let’s see what it looks like if the Ds are dashes and Gs are dots

-.. . ..-. -.-. --- -. .-.-.- --- .-. --. -..-. .---- ----- ..... --... -..-. ... .- .-. .- -. --. .... .- .

(source wikipedia)

Putting that string into a morse code translator

We get:

 DEFCON.ORG/1057/SARANGHAE

SarangHae is Korean for I love you, so fixing the capitlization we get

https://www.defcon.org/1057/SarangHae/

Which reads:

Who we gave free love to

at

1o57

Are you being served?

Alright, we have to pause on this track for now since we don’t know “Who we gave free love to” (googling reveals nothing), although Are you being served is apparently a british TV Show.

This looks like it might be an email address though: SOMETHINGGOESHERE@1o57.uk

Badges

There are quite a few cool things about the badge. It’s a fully programmable propeller including an astounding array of through holes for attaching your own electronics to. It also has a microusb port so it’s pretty easy to program from any computer.

According to the parallax forums there are 15 types of badges: 1 uber, 1 press, 1 speaker, 1 vendor, 1 goon, 1 contest, 1 artist and 8 human badges.

The differences between the human badges seem to be the following:

  1. Different styles of writing Human across the bottom
  2. The pattern of pads just above the 8 LEDs
  3. The symbol and numbers on the back

Badge Pads

One of the other weird features of the badges is that there are 2 different types of pads: circular and square. These are a binary encoding, where the circular pads are zeros and the square pads are ones. Writing this out from top to bottom and left to right gives us the following:

0110
0101
0111
0110
0110
0110
0110
0101
0111
0111
0100
0110
1000
0101
1000
0011

Which we can turn into the following numbers

6
5
7
6
6
6
6
5
7
7
4
6
8
5
8
3

Grouped in twos

 65 76 66 65 77 46 85 83

and converted into ASCII (base 10) gives us:

 ALBAM.US

http://albam.us/

Which contains a bunch of weird looking text

 Bsz zfw vbffn up cbei dt la xvf op wtpskcuujjo? Rdjuk cybet uf
 evlc dbfovozivnj?

 T'fm mzu pqp ie zh b mduknz svnlfu...rivp D'm wpymjih ugalreye J
 npdgoidpm uidob qa flyhz mduknz wfcxt, mdlv uzxktff (svxi-tvr!) ryx tvyevpgy Z'x
 vbdf gvggier fjlz J tci dzlf ju do rivie. Yix xcbk yvs ksuu poivt aueys xpme? Zv
 MERWFZ ive da iudmys...J ptlcglp suwf op kjdnb zz ju zjxjo tzxyt ji b iqr bvqisf D gvgg
 lzvy nznfch vgrth...

This looks pretty garbled and it’s not a simple rot13 either. We will come back to this later once we have the key

Badge Output

You can plug the DEFCON 22 badges into a computer and connect to it as a serial terminal. An easy way to do this is to install the PropellerIDE. You can also connect to it using screen (or with busybox microcom I think). The baud rate for the connection is 57600

When you first connect the badge spits out a lot of nonsense like this:

                MARRY AND REPRODUCE
                  NO IMAGINATION
      MARRY AND REPRODUCE
                NO IMAGINATION
                WATCH TV
                    NO INDEPENDENT THOUGHT
                  MARRY AND REPRODUCE
              WORK EIGHT HOURS
                EAT
                NO INDEPENDENT THOUGHT
    NO INDEPENDENT THOUGHT
      EAT
              BUY
            WORK EIGHT HOURS
            MARRY AND REPRODUCE
            BUY
              OBEY
            CONFORM
                WATCH TV
    CONSUME
                      DO NOT QUESTION AUTHORITY
MARRY AND REPRODUCE
              MARRY AND REPRODUCE
              BUY
  CONSUME
                        NO INDEPENDENT THOUGHT
  STAY ASLEEP
    OBEY
                      CONFORM
  WATCH TV
    EAT
              NO INDEPENDENT THOUGHT
WATCH TV
                NO IMAGINATION
                        CONSUME
                  CONSUME
CONSUME
                        EAT
                        BUY
CONSUME
                    BUY
                    NO IMAGINATION
                DO NOT QUESTION AUTHORITY
                  DO NOT QUESTION AUTHORITY
                EAT
  NO INDEPENDENT THOUGHT
                  WORK EIGHT HOURS
          NO IMAGINATION
WORK EIGHT HOURS
                      CONFORM
      SUBMIT
      DO NOT QUESTION AUTHORITY
                    BUY
  SUBMIT
                      OBEY
                        DO NOT QUESTION AUTHORITY
      STAY ASLEEP
                      CONFORM
                    NO INDEPENDENT THOUGHT
SUBMIT
        WATCH TV
          MARRY AND REPRODUCE
        CONSUME
            EAT
      MARRY AND REPRODUCE
  MARRY AND REPRODUCE
                  CONSUME
    STAY ASLEEP
    CONSUME
          STAY ASLEEP
              BUY
      NO IMAGINATION
EAT
                        SUBMIT
                MARRY AND REPRODUCE
                    SUBMIT

All of these are references to a movie called They Live but there’s nothing particularly interesting in this output. The REALLY interesting stuff happens when you push the buttons on the badge.

What buttons you ask? Well the E F C O in DEFCON along the bottom of the badge are capacitive buttons! Here’s the output for various combinations of button pushes

Pushing the C (0010)

WELCOME TO DEFCON TWENTY TWO

COME AND PLAY A GAME WITH ME

Pushing the O (0001)

WHERE TO BEGIN I KNOW FIND HAROLD

Pushing the F and O (0101)

DEFCON DOT ORG SLASH ONE ZERO FIVE SEVEN SLASH I WONDER WHAT GOES HERE

Pushing the F C and O (0111)

TRY THE FIRST HALF OF HIS PHONE NUMBER FOLLOWED BY HIS LAST NAME THEN THE SECOND HALF OF HIS NUMBER

Pushing the E (1000)

ALBERT MIGHT BE ON THE PHONE WITH HAROLD SO IF ITS BUSY TRY BACK

Pushing the E and O (1001)

WHITE LINES IN THE MIDDLE OF THE ROAD THATS THE WORST PLACE TO DRIVE

We need to find a Harold so we can use his phone number to build a url. 1o57 tweeted a pretty huge hint about this part of the challenge:

[twitter url=”https://twitter.com/1o57/status/497892280838025216”]

Major hint- this is Defcon 22- 22 is a Smith number.

Some googling reveals that a Smith Number is a number where the sum of the digits are the equal to the sum of the digits of it’s prime factors. They were discovered by Albert Wilansky who noticed that his brother in law Harold Smith had a phone number with this property. Sounds promising!

His phone number from Wikipedia is 493-7775. Since there are a few possible ways to assemble this, you have to try a few URLs before you succeed with 493SMITH7773 resulting in:

https://www.defcon.org/1057/493SMITH7775/

There’s a few import things about this page. First the poem:

 Why be
 ye searchin' answers here?
 Oh are
 ye 1o57? The question
 queue be
 long...be ye not in despair,
 em for
 keepin' ye from spinnin' yer wheels they be.

Every second line can be written as letters

 YB
 OR
 QB
 M4

The second thing we have from this page is found in the source code as a comment

 YQESMJDOJOTM

This is a dead end for now, but don’t worry we will come back to it.

Badge Serial Numbers

Sadly, I don’t have pictures of the back of all of the badges, but here is mine:

(source: me)

As you can see in the top right corner there’s a symbol. It’s either a Chinese or a Korean cardinal symbol. Here’s a table from Team PotatoSec

Badge          Serial_1     Serial_2     Direction    Language
Human          55586753     01458934     West         Chinese
Human          25348567     02933985     East         Chinese
Human          30303031     38563748     South        Chinese
Human          56456387     01924834     North        Chinese
Human          32439751     50932487     North        Korean
Human          77798753     00478041     West         Korean
Human          81303557     85345360     South        Korean
Human          05978344     85758673     East         Korean
Artist         94841634     88172253     South        Chinese
Contest        09856563     23454311     East         Chinese
Vendor         05729856     57380999     North        Korean
Speaker        31337017     34029545     South        Chinese
Goon           94841634     88172253     South        Chinese
Press          06060606     00000000     South        Korean
Uber           37584205     23785634     North/South  Korean

We have to stop here again, because we don’t yet know what to do with these.

X.XX Codes

At the conference, there were 2 large standing maps containing a series of numbers, and one large floor sticker also containing similar looking numbers. They were all in red, had a single Korean character above them and mostly followed the format of XX.XX

(source: me)

전
1.23
2.23
3.23
3.13
3.22
2.22
0.00
6.22
3.01
1.02
0.20
0.03
0.10

(source: me)

화
0.12
0.01
0.20
6.23
3.02
4.01
8.01
6.02
3.12
9.02
5.22
4.02
2.11

(source: me)

기
1.13
6.12
5.23
9.12
5.11
6.13
12.02
4.23
4.13
1.11
15.02
9.22
8.22

It turns out that the letters above spell telephone in Korean

Telephone: 전화기 (jeonhwa)

Now, in order to decode this mess, we first have to consider a phone keypad.

(source wikipedia)

Now, all the numbers directly to the right are between 0 and 2, and all of the final digits are between 0 and 3. And we have a 3 by 4 grid… It’s a coordinate system for sure. Now the logical numbering would be from top to bottom and left to right… but that’s wrong. Here’s the numbered grid

(source: me and wikipedia)

The numbers to the left of the dot indicate how many times you should “press” the number, just like texting on a dumbphone.

Now the numbers decode to the following:

 전 = DEFCON*ORG#10
 화 = 57#FISSILINGU
 기 = ALELUCIDATION

giving us DEFCON*ORG#1057#FISSILINGUALELUCIDATION

cleaned up and capitalized properly

https://www.defcon.org/1057/FissilingualElucidation/

Which contains

Here, I wrote you a poem:
lorem ip
Lorem ipsum dolor si
Lorem ipsum do
Lorem ipsum dolor s
lorem ipsum ama
Lorem ipsum dolor sit amet
Lorem ipsum dolor sit ame

Lorem ipsum dolor sit
lorem ipsum ips
lorem ipsum lor
lorem ipsum lo
lorem ipsum lorem
lorem ipsum amat
Lorem Ipsum

So the key for this was to run the poem through google translate, which through some fluke or possibly easter egg would translate to this:

Let's see if
We give
Pussycat Dolls
The Free Love
It can be used
Our goal is to ame

Our goal is to
vehicle dimensions
Free of pain
China, elsewhere
Free Internet
China loves
NATO

Sadly, this no longer works for me (and others it seems, so big thanks once again to Team PotatoSec for their write up

Anyway, with this information we can now complete the email address from earlier! Free love is is given to Pussycat Dolls

Email to pussycatdolls@1o57.uk

 To: Manfred Manx <f.alt.alt@gmail.com>
 From: "1o57" <pussycatdolls@1o57.uk>
 Subject: Can you feel the love tonight?
 DEFCON.ORG/1057/ WHO DOES CHINA LOVE + Mickey's Key

Ok, well we don’t have Mickey’s Key yet, but the poem tells us that China loves NATO. Let’s continue on until we find Mickey’s key.

CD

On the CD there’s a picture of a Cryptex which contains an awful lot of letters and numbers… Perfect for use as key material! Here’s a picture

(source: 1o57 I think)

And here’s the whole thing transcribed

CIZDRURREGUI
DVTQIMUFNXNV
QOHULDILKCFO
PG2LTGEWPZRH
KNRIGZWIOTIK
BBVB4RCVARLU
YQESMJDOJOTM

HEY! That’s last line is the same as the one from 493SMITH7775 page!

It turns out that BBVB4RCVARLU is the passphrase for the block of text we saw earlier

Bsz zfw vbffn up cbei dt la xvf op wtpskcuujjo? Rdjuk cybet uf
evlc dbfovozivnj?

T'fm mzu pqp ie zh b mduknz svnlfu...rivp D'm wpymjih ugalreye J
npdgoidpm uidob qa flyhz mduknz wfcxt, mdlv uzxktff (svxi-tvr!) ryx tvyevpgy Z'x
vbdf gvggier fjlz J tci dzlf ju do rivie. Yix xcbk yvs ksuu poivt aueys xpme? Zv
MERWFZ ive da iudmys...J ptlcglp suwf op kjdnb zz ju zjxjo tzxyt ji b iqr bvqisf D gvgg
lzvy nznfch vgrth...

One of the other teams thought this was an OTP, but in fact it’s just a straight up Vigenere Cipher which we can decode with this handy tool

The decrypted text using a key of BBVB4RCVARLU results in

Are you about to hang it up due to frustration? About ready to
call shenanigans?

I'll let you in on a little secret...when I'm feeling deflated I
sometimes think of funny little words, like sextile (rawr-rar!) and suddenly I'm
back feeling like I can dial it in again. Now what was that other funny word? It
REALLY had my number...I usually have to think of it eight times in a row before I feel
like myself again...

So, some googling leads us to discover that a Sextile looks a lot like an asterix! And there’s a reference to the word dial, so we’re looking for a funny word relating to telephones and dialpads or something.

That word is Octothorp, but what to do with it? Well the poem does mention rar, so it’s got to be the password to the rar file from earlier. There’s also a reference to the number 8, which leads us to a password of

OCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORP

Time to decrypt that RAR! This gives us a folder containing 2 files. A copy of a song called The Box by Ostritch and this image

(source 1o57)

Well, that’s a pretty funny picture of Kim Jong-un but notice that he has Mickey on his belly. Somehow this image will help us create Mickey’s key.

From earlier, we have a bunch of badges with North written in Korean and South written in Korean, which is probably why there’s a picture of the leader of North Korea and Psy who’s from South Korea.

The epsilon symbol indicates that the serial numbers should be summed and the grumpy cat indicates we should concatenate those two in order to get the key. (Completely obvious I know)

The sum of the North Korean serials is:

32439751 + 50932487 + 05729856 + 57380999 = 146483093

The sum of the South Korean serials is:

81303557 + 85345360 + 06060606 + 00000000 = 172709523

To create Mickey’s key: 146483093172709523

Final Puzzle

With the Mickey’s key (146483093172709523) and the answer to who China love’s (NATO) we can now finish the URL from earlier

DEFCON.ORG/1057/ WHO DOES CHINA LOVE + Mickey’s Key

= DEFCON.ORG/1057/NATO146483093172709523

https://www.defcon.org/1057/NATO146483093172709523

Well the page is called Almost There!, so we must be close! On that page there’s a silly moon gif and this:

(source 1o57)

Now this turns out to be written in a language called Ogham

(source: (source wikipedia)

Which gives us the following translation:

I OFT CORRECT NGOUR GRAMMER
OR TELL NGOU TO NEE A NGSNGCHIATRIST
BUT THE FILEN ASSIFTNG TO NGIERCE
THE LAFD THAT CRAFEN FEST UNGOF
MIGHT LEAD NGOU TO DINCOER
FAME OS THE MOOF AT CODES THAT ARE CURIOUS

Alright, time to clean that up. There are a few substitutions we need to make

NG -> Y

N -> S

S -> F

F -> N

Y -> P

But only sometimes, and sometimes more than once. For example I had to replace the 3 S’s in ASSISTNG, and then replace the 3rd F with an N. EDIT: turns out I transcribed the ogham wrong. Thanks Chris in the comments.

Also, Ogham doesn’t contain a letter for W, so we have to add it where it’s missing.

Here’s there cleaned up version:

I WONT CORRECT YOUR GRAMMER
OR TELL YOU TO SEE A PSYCHIATRIST
BUT THE NILES AFFINTY TO PIERCE
THE LAND THAT CRANES NEST UPON
MIGHT LEAD YOU TO DISCOVER THE
NAME OF THE MOON AT CODES THAT ARE CURIOUS

There are a few references here that need to be gathered together to make sense. If you google niles pierce and crane, you get to a page about David Hyge Pierce who played a psychiatrist on Frasier, so clearly we’re on the right track. A search for moon on that wikipedia page reveals that Niles’ wife in the show is Daphne Moon.

The line about “name of the moon at codes that are curious” seems to indicate an email address for the curious.codes domain.

“Name of the moon” hints that we want the actress that plays Moon who is Jane Leeves

Now to send an email to:

janeleeves@curious.codes

THE END?

You will get a reply

To: Manfred Manx <f.alt.alt@gmail.com>
From: "1o57" <janeleeves@curious.codes>
Subject: The end of the journey

+++
Well done!

Find 1o57, and hand him a note- written on blue paper....

On the note must be your name(s)  / team name - and this phrase:

perfer et obdura; dolor hic tibi proderit olim

Congratulations, you have earned a spot ... but I've said too much...

Include an email :)

----

Wooo! That’s the end! I hope you enjoyed the ride. If you’re the curious type (which I have no doubt is the case if you’ve made it this far), the latin translates to “Be patient and tough; someday this pain will be useful to you”

I’ve got to thank 1o57 for putting together this puzzle, Elegin and Team PotatoSec without their guides I wouldn’t have been able to put this guide together.

Appendix

Dead ends

So there are a lot of dead ends in this quest. There were quite a few references to The Last Dragon which didn’t lead anywhere.

There were lots of images included all over the place that didn’t lead anywhere (the mighty boosh moon, the popcorn gif, the lost boys movie poster)

There’s the song file that was included in the RAR archive.

If you go to https://www.defcon.org/1057/ directly, you’ll notice at the bottom that there’s some hidden text that reads “ Did you try 1057 yet?”

https://www.defcon.org/1057/1057/ seems to just be taunting you.

There also seems to be some variations in the style of pads on the front of the badges.

The badges include an IR transmitter and receiver, and goon badges can control the human badges. Likewise, the uber badge can control all the other badges. Some folks on reddit decoded the meaning of the flashing

The floor decal includes some bumps and such, but I don’t think it will decode to anything.

What’s the reference to “WHITE LINES IN THE MIDDLE OF THE ROAD THATS THE WORST PLACE TO DRIVE” in the badge?

There’s references to a bunch of different names and types in the badge firmware code:

RayNelson
Test4
Greets
Detective
Scientist
Diver
Driver
Politician
Test3
Football
Mystery

These are just some of the dead ends I saw while putting this together.

  • http://elegin.com/dc22/
  • http://potatohatsecurity.tumblr.com/post/94565729529/defcon-22-badge-challenge-walkthrough
  • http://www.reddit.com/r/Defcon/comments/2cwgnr/badge_hacking/

  • http://albam.us/
  • https://www.defcon.org/1057/FissilingualElucidation/
  • https://www.defcon.org/1057/SarangHae/
  • https://www.defcon.org/1057/493SMITH7775/
  • https://www.defcon.org/1057/NATO146483093172709523
  • http://curious.codes/

This work is licensed under a Creative Commons Attribution 4.0 International License

Laser Cut Dominion Playing Field




It’s my girlfriend’s birthday this week, so I decided to try and improve our experience while playing dominion. If you’ve ever played before, you know that you need quite a bit of space to lay out the 15 (at least) cards. I found these designs on thingiverse for a pretty sweet looking board (which you can find here http://www.thingiverse.com/thing:19144). I have access to a Epilog Zing laser cutter through Artengine. It’s a pretty cool machine, with a bed size of 24" by 12" and it can cut through 1/4" MDF with no problem. The problem was that the 2 file formats included wouldn’t open in inkscape! I have to open them in order to ensure that the lines are 0.001" thick if I want a vector (cut), rather than a raster (engraving) to come out of the laser.
First attempt to check the DXF files was with Inkscape, which complained about libxml2 missing when I tried using the Mac version. Next, I tried opening them in Autocad, Qcad, Inventor Fusion and DraftSight. Some of the programs worked, but I couldn’t set the line width that was used when creating a PDF. Finally, I gave up and set up Ubuntu 14.04 inside virtual box and installed Inkscape there. Success! I was able to create both SVG and PDF versions of the DXF files with the appropriate linewidths and document size.
You can download the altered things here: http://www.thingiverse.com/thing:363426
Big thanks to flomo for the initial designs.

A Noob's attempt at the 2014 DEF CON CTF Qualifiers

By a happy coincidence, the DEF CON Capture the Flag Qualifiers were 2 weekends ago, the same weekend I was cooped up and doped up after my wisdom teeth removal. Figuring that I had nothing to loose by at least checking out the challenges. I signed myself up as team TTT

What went down

I managed to score myself 2 whole points! That’s almost 40 points behind the winner, but they had like way more people and I figure 2 points isn’t too shabby given that I was a single person, on codeine with about zero relevant experience.

Routarded

The challenge consisted of a url that led to an unsecured router. Step 1 was to guess the default password. I tried admin / admin, admin / password and admin / (nothing) without any luck. This led me to http://www.routerpasswords.com/ which contains the default passwords for most routers. I figured I would work my way through the list. Thankfully I got lucky, the first new combo I treid was (blank) / admin. Now to look for the flags…

I poked around a bit, tried changing the password (it reset) and a few other things. I settled on the utitlies tab, which let you ping an ip address / host. It seemed like the output was exactly the output of ping on the command line… I wonder if they sanitize their input? Checking the HTML for the page shows that there’s a js function that’s called on form submission that strips characters. At first, I tried using curl to post data directly, but I couldn’t get the cookie jar working quite right. Instead, I just replaced the sanitization function with an identity function and tried submitting ‘; ls’ and voila! I got a directory listing! Oh hey, there’s a file called flag. Next up submitting ‘; cat ./flag’ and I had my first flag!

Hackertool

This next one asked you to submit the MD5 for a file and contained a link to a torrent. The file in the torrent was called EVERY_IP_ADDRESS.txt. My first guess was that I might be able to extract the hash directly from the torrent file, since I’m pretty sure you have to be able to compare the hash of the file you torrent to what it should be. Sadly I didn’t have any luck in this approach, probably due to my incompetence, but also because the spec uses SHA1…

Next thought, why not just generate every ip address myself? I wrote a ruby script, and then a go script to do this since it took nearly 40 minutes.

After the game was over, I realized I didn’t actually have to create the 65GB txt file, I could have just fed the input into a MD5 hash function without finalizing the hash.

3DTTT

This one was fun! I banged my head against it for much too long though and I never got the point for it… You were given an address that you could telnet into a play a game of 3d tic tac toe against an AI. But you had to write a script to do it for you, since if you took too long, the connection closed.

Here’s the source for my bot… It doesn’t do especially well. Sometimes I’d get lucky and win more than I lost, but generally I’d loose too many and I’d have to start over.

Except once! One time I got lucky and I won a bunch of games in a row, but I didn’t have any code written to deal with a winning state, nor did I output the ordering that led to my miraculous bot wins… I felt like such an idiot

Other challenges

I tried a few other ones, but they were mostly incomprehensible to me. I need to know more about disassembling programs, which apparently means learning how to use a tool called Ida. Also, I should learn WAY more assembler. If you want to read some solutions to the other challenges, check out http://www.routards.org/2014/05/defcon-22-quals-dosfun4u.html

Knitting with Paracord!

My girlfriend recently finished sewing a bag for me, but it doesn’t have a strap yet!
At first I tried making Slatts Rescue Belt by following this instructable on how to make a paracord rescue belt, but I didn’t turn out the way I was hoping at all…
Instead I figured I would try knitting the strap. I’ve never tried knitting paracord before, but the strap that I end up with would just as well as the other method since I end up with a flat strap that I can unravel quickly.
If you want to learn how to knit check out this video:

or this book: Knit: Step by Step It has lots of patterns and is pretty good if you like learning from books.
The pattern I’m using is one row knit, one row purl and it’s 6 rows wide.

Why is Minecraft fun?


When minecraft first came out, I thought I wouldn’t enjoy playing the game because I generally didn’t enjoy open ended games. I had tried playing World of Warcraft before, but the sheer number of options open to a new player put me off. When I was playing a video game, I wanted there to be a plot, with a goal or a story or something!

My attidude has shifted. Now I really enjoy the lack of structure in minecraft. The fact that it’s almost entirely open ended is pretty fun because I get to decide how to play whenever I play. Do I want to build something? Do I want to mine? Do I want to construct a cpu inside of my game so I can program in my program?
But how do you make a game where you can do anything fun? With self imposted limit. I choose to play in survival mode rather than in creative mode. Why would I choose to make something harder? It’s because certain kinds of fun come from doing something hard. I think an integral part of play is the challenge.
Minecraft illuminates how in all games, we impose limits on our selves. There’s a greater sense of accomplishment that comes from creating something where you had to forage all the materials your self. It's harder but it's more fun.
My problem initially with minecraft was that making up your own story is hard but because it's hard it's more fun. It forces me to be more active and creative. And I like that

Adventures in meditation

http://images.fotocommunity.de/bilder/bach-fluss-see/see-teich-tuempel/meditation-c20eccba-2002-4e13-a226-5f2d811abe9c.jpg
The first time I meditated I was in high school and it was the night before a big exam. I don’t remember well how I found out about it (probably stumbleupon) but it became an important part of the exam preperation ritual for me. I’d lie in bed before going to sleep and count to 100. I stopped doing it on my own for a long time, although I did some small meditation sessions during the martial arts classes I took in high school and university.

Finally after getting fed up with my poor concentration at work, I decided that meditation would help me with focus. I also wanted to fix my posture and the good posture you need while meditating seemed like a good way to improve how I sat. This was last summer, but it turned out that sitting was really hard physically. That’s mostly because I was sitting wrong. I gave up for a few months until January of last year rolled around when I decided to make meditating regularly one of my goals. At first I just tried to do it on a best effort basis, with the goal of 3 or 4 times a week. That ended poorly. It was much to easy to find an excuse to not meditate today because I was too tired or too busy.

Finally I decided to give beeminder a try. If you’ve never heard of beeminder you should go read this page post about it but basically it’s a goal tracking with teeth. You can track my progress here (for those of you who are that bored). Having actual money on the line helped a lot. I started meditating considerably more often, but it wasn’t for very long periods, and I struggled a lot with the actual focus bit. My technique at this point was the same one I started out with initially. Counting 100 breaths while sitting cross-legged somewhere dark and quiet.

After getting frustrated and de-railling from my beeminder a few times, I went into RESEARCH MODE and scoured the internet. Someone from the Less Wrong IRC finally suggested the Aro Meditation course. It’s basically a weekly email that walks you through meditation as if you were a complete beginner. I highly recommend it as a resource if you are just starting out. One of the most useful pieces of information that it introduced was how to site like a human. Right now I am on week 13 of the Aro course and I can comfortably meditate for 30 minutes and I aim for 6 times a week. It’s been a pretty successful course I think, but I am starting to run into a wall.

Currently when I meditate I find it super difficult to quiet my mind and I often end up following trains of thought for quite some time before I realize I’ve let my mind wander. I suspect that this is because I tried to start using the more advanced meditations techniques suggested in the Aro course before I had masted the easy ones. I’m also going to try an experiment and use the meditation technique described here

Has meditation increased my concentration? I’m not entirely sure. I think it’s helped since I am finding it easier to focus for long-ish periods of time at work, but there are so many other factors that have changed since my initial decision that I can’t in good faith assign a high probability to meditation being the cause of this.

Will I keep meditating? Yes, I think I will. My goals have shifted a bit towards trying to become more mindful. The most valuable part of regular meditation has been to spend some serious time examing my own mind and my own thoughts. It’s kind of amazing how easy it is to avoid noticing how your brain actually works.

Links

How to host your own email on a $15 a month vps (Part 1)

Intro

Every now and then my paranoia will take over and I’ll have an urge to break free of all 3rd parties that I depend on for my life on the internet. The last time it struck I decided to set up my own mail server. I’m going to walk you through what I did in order to get it working

Important Acronym List (IAL)

Mail Transfer Agent: MTA This is the piece of software that handles incoming AND outgoing email. It receives email and then decides whether or not the message is for one of the users it knows about. It also decides who gets to send email and handles the delivery. In this tutorial we’re going to be using Postfix. The primary protocol that it speaks is SMTP

Internet Message Access Protocol: IMAP By default, postfix will deliver email messages to a folder on the computer it’s running on and the only way to access the messages is when you are logged into that box. Since this is kind of impractical, there are a ton of protocols that have been created to make accessing email messages on a remote server easy. We’re going to use dovecot and IMAP (the protocol) to access our messages on the server. You can also get dovecot to work with POP3, but this guide doesn’t cover getting it set up since it’s an older and less useful protocol.

What you need

  • A domain
  • I use namecheap, but I hear good things about hover.com
  • A server
  • Preferably running debian or ubuntu. It will be helpful for preventing your mail from being marked as spam if you can set the PTR / reverse DNS for this server’s IP address. Sadly, this means that you probably can’t run this on a server you have in your house. If you need a server, I recommend BuyVM since they have a $15 a year VPS that is perfectly adequate for this purpose.
  • An SSL certificate
  • You can get one for free from StartSSL

Directions

We’re mostly going to follow along with this guide from linode except for the bits about MySQL [1]. I don’t understand why they would use MySQL here since it’s huge overkill unless you are dealing with a very large number of users. Instead of MySQL we’re going to use sqlite since it doesn’t require any processes to be running and eating up the limited RAM available on the VPS.

You should follow the linode guide, except when they start talking about MySQL in which case you should come back here and see how to do it with SQLite. I’ve tried to match up the section/numbering so that it’s easy to figure out what to do differently.

Installing Packages

Step 3

Install these packages instead: sudo apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-lmtpd dovecot-sqlite sqlite

Step 4 and 5

Ignore

SQLite instead of MySQL

Creating the database

Download this empty mailbox.sqlite and put it in /etc/mailbox.sqlite or if you don’t trust me you can create you’re own with this schema:

This will create our tables

Adding data

You can add data to sqlite database with the same syntax as MySQL, but interact with the database using the sqlite or sqlite3 command instead of mysql

Postfix

Step 8

Use the following instead of the one in the guide

We’ll be using these file names later as well

Step 11

Use this instead: nano /etc/postfix/sqlite-virtual-mailbox-domains.cf

Step 12

Step 15

You can test the set up by referencing your sqlite file instead of the mysql one. eg: postmap -q example.com sqlite:/etc/postfix/sqlite-virtual-mailbox-domains.cf

Step 16

Use this instead: nano /etc/postfix/sqlite-virtual-mailbox-maps.cf

Step 17

Step 20

Test with: postmap -q email1@example.com sqlite:/etc/postfix/sqlite-virtual-mailbox-maps.cf

Step 21

Use this instead: nano /etc/postfix/sqlite-virtual-alias-maps.cf

Step 22

Step 25

Test with: postmap -q alias@example.com sqlite:/etc/postfix/sqlite-virtual-alias-maps.cf (You get the idea at this point I hope)

Step 28

I skipped this bit entirely without any ill effects

Dovecot

Step 25 to Step 28

Please use the following as the contents of dovecot-sql.conf.ext

Conclusions

If all went well then you should be able to connect successfully to your new email server with your email client to both receive and send email! It’s amazing, I know.

In the next installment I’ll walk through the process of signing your email with DKIM so that it won’t get marked as spam by pretty much every email provider in existence

Sources

https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql

http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/

http://blog.codinghorror.com/so-youd-like-to-send-some-email-through-code/

Notes

[1] I would have liked to reproduce most of the guide here since it IS published under a creative commons license, but it specifies no derivatives so I can’t actually modify it at all...

Recover password on a headless raspberry pi

I hate to admit it, but this is the second, or possibly third time that I’ve forgotten the password for my raspberry pi… I know that there are ways to reset my password, but most of them assume that the pi in question is attached to a monitor, and my pi is several feet from the nearest monitor. So, without further ado here is how to reset the password on your raspberry pi.

https://upload.wikimedia.org/wikipedia/commons/9/9c/Raspberry_Pi_Beta_Board.jpg

Requirements

  • SD Card reader
  • Computer capable of mounting an EXT4 partition

Instructions

Step 1

Unplug your pi and remove the SD card

Step 2

Insert the SD card into a working computer that you have root access on

Step 3

As root edit the following file on your SD card:

eg:

It’s very important that you DON’T EDIT THIS FILE ON YOUR OWN COMPUTER. Things could get messy if you do that

Step 4

Locate the line that starts with pi and replace the text between the first and second : with the output of the following command:

If you’re lazy you can use the following password hash:

$1$salty$SzJsU4qDcXp536Acnlp6I.

This will make the password for the pi user password

Step 5

Eject the SD card and put it back in your pi and let it boot up.

Step 6

ssh into your pi and change the password to something else immediately. You can do this by running:

and giving it the password you generated in step 4

Step 7

REMEMBER THE NEW PASSWORD YOU JUST CREATED

WTF did you make me do?

Well first of all, how do you think your computer knows your password? It would be silly to have it stored somewhere as it is, since that would make it pretty easy for someone to steal if they ever had access to your machine. Instead the computer stores it as a hash. That is, it takes the password and mangles it in a specific and repeatable way to produce password hash. The key part of the mangling process is that it’s one way. There’s no figuring out what the input is if your just have the output. When you give your computer the password at login it hashes it to see if it matches the one it has stored. On linux, these password hashes are stored in /etc/shadow. What we’ve done is change the stored password hash to something we new.

Filter Order in Rails

Today I learned a lot about the way that Rails handles filters, that the methods: before_filter, around_filter and after_filter

I ran into a bug while working on the work to upgrade from rails 3.2 to 4.0 that I thought might be caused by a change in the way that filters are applied. Let’s see if you can guess what the following code would output.

Sample Controller

I initially thought that filters were sorted into different queues, then processed in the order:

  1. Around
  2. Before
  3. After

Asking around, some people thought that the ordering was:

  1. Before
  2. Around
  3. After

(although that may have been because of the way I framed the question)

It turns out both are wrong.

The output of that controller would be this:

Filters are processed in the order they are defined.

You can see that this is the intended behaviour in this test for rails: filters_test.rb

That makes a lot of sense after some thought. You’d want to be able to have some before_filters run before around_filters, but before_filters to run inside of around_filters.

tl;dr Filters are processed in the order they are defined

Hacking the budweiser red light

edit: So it turns out that I found a bug in electric imp’s software. I shouldn’t have been able to register this particular imp to my own account. I will be posting an update soon on how to replace the ID chip that is included.

Shopify (where I work) happens to host the store that sells the Budweiser red light. In case you are not a hockey nut, the red light is that icon flashing red light they use to mark a goal. Budweiser sells these devices you can put up that will flash whenever a team scores a goal.

So it turns out that hacking the budweiser red light is remarkably simple. I don’t know if this trick works if you’ve already configured your light, because I tried hacking this one before setting up the way that budweiser recommends

At the heart of the red light is this little device called an electric imp. It looks like an SD card, but actually it’s a microcontroller + wifi chip. To program the electric imp you have to “blink up" which involves installing an app on your phone and using it to setup wifi and register it to your electric imp dev account.

I’m still exploring how the light works, but I got lucky and tried to toggle pin 9, which turns out is exactly the right pin to toggle! I can’t keep the light on, or turn the buzzer on myself, but setting the pin high for 2 seconds, then setting it low again causes the light to turn on and spin for a couple of seconds and buzz (unless you turned down the volume, which I did)

The electric imp consists of two pieces an “Agent" which lives in the cloud and can respond to http requests and a “device" which is the actual hardware that connects to the real world.

Here’s my code for the agent:

And here’s my code for the device

I’m probably going to write a script to poke the url whenever something interesting happens, although I’m not sure what yet. I’m also not sure how sleeping on the device works… Will it keep polling forever? Do I have to wake it up?

Happy hacking!

On Ownership

Recent revelations about the NSA, plus the shut down of my beloved google reader (RIP), have led me to become a lot more uncomfortable trusting my data to someone who isn't me. In light of that I've switched to using BitTorrent Sync for my inter computer file syncing instead of dropbox. Setting things up was pretty simple. I have 3 nodes most of the time (my home server, my laptop and my phone) and I'm working on getting a 4th hosted in a VPS somewhere so I have some offsite backup.
But the main point of this blog post is to talk about ownership. I don't like it when I don't have options as to who to trust with my data when doing something online. Email is a good example of a service that has LOTS of choices. I use gmail, but I don't have to if I don't want to. File syncing is another area that has lots of choice. I've mentioned Dropbox and Bit Torrent Sync, but there is also a ton more.
Social networking is one area that does NOT have a lot of options. I mean, yes, there are quite a few social networks, but I can't pick one and expect it to be useful unless my friends are there. This isn't the case with email (it's completely inter-operable), or file syncing (it's mostly individuals or small teams). I like the idea of diaspora and tent.io, but I'm concerned that they aren't really seeing much adoption. How come? I wish I new the answer to this. Email is basically a social network, but it is designed form the ground up to be decentralized. Facebook is the opposite of that. Was it just a matter of timing? Email was created when computers were rare, so you couldn't really trust one to be up all the time somewhere else. When facebook was launched dependable servers were not amazing. Is it just a matter of interface? A website is sort of designed to come from a single server, but there's no reason that it couldn't be like blogging.
Evernote was the cause of this post. I really really like the interface and the syncing abilities (although I REALLY wish they had a linux desktop client), but I dislike that the data has to live on Evernote's servers. I wish I could host the files on my own, or that I could encrypt my notes before they were sent to evernote. I don't mind loosing the ability to have images converted to text, and I don't think that evernote needs to index the notes to do search, since that could easily be done client side.

On Blogging


So it's been quite some time since I've published anything substantive on the the web for others to read, so perhaps it is time to change that. I'd like to document my (very early) blogging setup.
For a long time now, I've been playing with places to store information. In university I used moin moin (a wiki) to take all my class notes and the setup worked pretty well. It worked regardless of internet connection and it was really easy to share with people. I also managed to find a handy little script + exention to take notes pretty effortlessly in emacs.
But after I graduated I basically stopped using it. This was mostly due to the fact I no longer had take long form structued (and interlinked) notes.
I've also played with simplenote, but the lack of a good linux client threw me off.
At present, I am playing with evernote. I really like that they have clients for almost everything (DAMN YOU LACK OF LINUX SUPPORT!) but that is partly mitigated by two tools: geeknote, and everpad
Geeknote is a command line interface for evernote and everpad adds a nice little tray icon to ubuntu and the ability to search notes from the dash. Geeknote lets me write a little script to blog from the command line.
Another awesome tool for evernote I have discovered is called Postach.io which is allowing me to blog from evernote and the command line thanks to geeknote.
Hopefully this is the first of more posts to come on my new blog

subscribe via RSS