μblog: engineering from the trenches

I am presenting at the 2008 Society for Neuroscience Conference next week so I finally got my credentials in the mail. The conference has had a pretty substantial vendor area and I don’t think that it will change this year. In the past, all of the vendors would try to give away anything from pens to yoga mats to anti-epileptic rectal gel applicators (without the gel) with their company names on them. All you had to do is let them scan the 2D barcode on your badge so that they could add your information to their marketing database. I don’t like collecting those things as they are usually really poorly made, however, this year I am going to have some fun.

I scanned my badge and used the SWIPE toolkit (online tool) to decode the 2D barcode and see that it contained things like my SFN member number, name, address, and contact information. The specific format of this 2D barcode is PDF417, so there are several available on-line encoders [1][2][3]. My plan is to encode myself a new barcode and stick it over the original barcode in the badge holder and then see if any of the vendors notice. I would even let them scan my badge without giving me anything in return.

If you want to meet up at the SFN conference or have an idea for credentials to put in the bar code, send an email or leave a comment. I am thinking of impersonating Carl Gauss, but don’t know what to put for his phone number or email, maybe I will leave them blank.

del.icio.us | digg

I have been doing a lot of signal processing/statistics lately, however, I still design PCBs using the Orcad suite from time to time. PCB Editor is both powerful and feature rich leading to massive frustration every time I forget the exact steps for generating the necessary artwork to submit for manufacturing. In an effort to combat this overhead, I documented the specific steps and am publishing them online in the hope of saving someone else the same frustration. These were noted down fairly quickly so please let me know of any errors.

allegro-gerber

del.icio.us | digg

Looks like EMA is looking for beta testers starting next month. Everyone accepted gets early access to the new Orcad/Cadence tools and the t-shirt above. The most comprehensive reviewrs are said to be entered in a raffle for a flat screen monitor. Try your luck.

del.icio.us | digg

A frew months ago, I built a small home-server based on a VIA C7 Eden min-itx board. The machine has a 1TB drive attached and runs FreeBSD without any problems. I mostly use it to run some background network utilities and serve up media to the Playstation 3 in the living room. I occasionally stream music from it over a SSH tunnel as well. The lofty ideal was that we would take all of our DVDs (mostly TV series) onto the media server so that we could select an episode to watch without having to go through DVD cases. Ripping the DVDs was not a problem with an external drive, however, encoding the videos into a format that the PS3 could understand was a very time-consuming job on the c7.

This gave me the idea of using a second computer that I have around as an on-demand processing engine. The c7 can rip the DVDs fairly quickly and store the raw files on a network share, it can then wake up the amd64 and queue up the various encoding tasks. The amd64 should process the queue leaving the results on the network share and then turn its self off when the queue is completed. Although my c7 runs FreeBSD, I chose Linux for the amd64 since I may use it to develop embedded images at some point.

The network infrastructure is currently 100baseT, however, I have already bought a 1000baseT switch and cards for all of the machines. I haven’t put the gig-E in place just yet as the network file system (NFS) can serve data more quickly than the amd64 can encode over the 100baseT. Although the amd64 boots off an internal drive and then mounts the NFS, I am thinking of moving it to an 8GB solid state drive, as it only needs the bare essentials to encode videos.

Powering the system down can be easily done in software using the standard Linux/Unix shutdown command. This puts the system into S5/Soft Power-Off mode which doesn’t care if you remove the power. Waking up the system is more tricky. Many of the Wake-on-* features of the BIOS are designed to wake the system from S3, which is a state where all of the system is powered-off with the exception of the RAM. Power can still be removed as the hard drive buffers are synched before the system goes into “standby”. I would really prefer to do a full shut-down (S5) so this is not an option. One work around is to enable the machine to wake up from S5/S4/S3 via PS2 mouse click. I haven’t yet worked this out fully, however, I am thinking of linking the mouse (through some logic) to the wake-on-lan output of the gig-E card, or to some output port on the c7. Alternatively, I can latch the power button to the wake-on-lan port.

The final step is to design a queue system. My current thought is to create a special directory on the NFS partition that would contain automatically-generated shell scripts to automate encoding. The scripts would be generated by c7 and would be intended to run on the amd64 machine, probably via cron job that polls the directory periodically. Once the job is complete, the last line of the shell script can be used to move the script to a completed directory. A second cron job can then poll the queue directory less frequently and issue a shutdown when all of the jobs are completed and the directory is empty. Finally, the mediatomb DLNA server can be configured to periodically scan the media directories and add new files into its database.

So far, I have mostly automated DVD ripping with chapter support, and have somewhat worked out how to generate the queue shell scripts. I am still working out the best encoding option for the PS3 to recognize. I have not implemented the queue control cron jobs or a way to wake the amd64 machine from S5, so that is forthcoming. As usual, any helpful hints or experiences are very welcome.

del.icio.us | digg

Last week, the rest of my family moved from Yalta, Ukraine to Washington D.C., USA, bringing with them their cat. Ukraine is known for various corrupt activities, including pirating games and replacing everything with mods to make it look like a Ukranian game. This is often done very poorly, and sometimes the pirated game DVDs contain crapware and possibly malware. In discussion with my brother (pictured), I got to remember the days when I did some network engineering/security work.

For the past four-five years, I have maintained a constant subscription with several security-focused email lists, however, I have probably only read a handful of messages. To make security easier to deal with, the National Vulnerability Database, working with DHS and CERT, have released some feeds that can be compatible with an RSS reader. Their statistics page is pretty handy too, the queries there will generate bar plots of vulnerabilities and relative percentages of vulnerabilities that meet the search criteria. Hopefully this will help me keep up with security in the background.

del.icio.us | digg

Paul So, one of my colleagues from George Mason University, has taken some time off from teaching Physics and started an art gallery that focuses on providing practical training to up-and-coming artists. What is interesting is that this gallery aims to improve both the artist’s technique as well as promote a successful career by giving an overview of the business and economics side of things. As the Hamiltonian Artists gallery is a 503(c) non-profit organization, it made sense to create some sort of donation system to supplement other means of income and make the gallery more sustainable.

Since the donation system is a pretty small project, June and I volunteered our time to write the code and integrate it into the existing website. After reviewing my options, I was pleasantly surprised by how easy Google makes it to integrate their checkout system. The first feature that makes Google Checkout attractive to non-profits is that all processing fees are waived “through at least the end of 2008“. I have a feeling that Google added this to protect themselves down the road, however, they will probably keep waiving the transaction fees. The next attractive feature is the availability of example code in various programming languages. I ended up using PHP, however, most other server-side languages are also supported. Finally, the Google Checkout Sandbox makes it really easy to check that your integration system works as expected before any money is transferred. Over all, I was very pleased with the ease of integration and the support provided by Google.

Coding of the system, which includes some hierarchy, has gone pretty smoothly and has taken about 15-20 hours total. The whole system will be reviewed by the intended management users tomorrow and then the last tweaks and polish will be applied. Hopefully everything will be up-and running in a week or two so that the donations can start to come in.

[ Picture is of the construction going on in the Hamiltonian Artists building. ]

del.icio.us | digg

Over a decade ago, I remember printing out and reading a text by Aleph1 entitled Smashing the Stack for Fun and Profit. Back then, stack-based buffer overflows were a hot topic and the tide was turning as programmers began to realize that null termination of strings was not a good security measure and bounds checking was becoming necessary for the security-minded programs.

The issue was that many people were used to using a function like strcpy() to copy a string from one memory location to a dynamically allocated memory segment on the stack. The strcpy() function simply started copying from the supplied address and stopped when it reached a null character without knowing how much space was allocated for the string at the destination. As a result, segments of the stack that were not allocated for the “local” variable, like the return address of a function, could be overwritten with arbitrary values. With the properly formatted string, even executable code could be put somewhere on the stack and the return address could be overwritten so that this code could be executed, for fun and profit as they say. Programmers became wiser and started using strncpy() instead, which only copied a fixed amount of data and therefore guaranteed that the allocated space would not be exceeded. Furthermore, most modern operating systems can now set areas of the memory dedicated to the stack as non-executable, so the above routine would be foiled. Individuals have found some ways around these security features, however, the stack smashing exploit (as described by Aleph1) has mostly been considered a thing of the past.

I use the term mostly since Nintendo has preserved the knowledge and allowed practice of this exploit with their release of the latest Zelda game for the Wii. Through a cleverly crafted save file, the name of the main characters horse can contain a string as mentioned above and lead to execution of arbitrary code. There are a few tricks to maintain the integrity of the save file, however, after a decade the above exploit still lives on, almost in the same form as described by Aleph1.

( Although the picture is not from the Twilight Princess game, it is a good game none the less. )

del.icio.us | digg

As some of you may have known, I am a bit of a FreeBSD enthusiast and have been using it regularly since around the time of the Linux fragmentation/teardrop vulnerability. I have always kept a FreeBSD system running at home so that I could perform various network tasks and automate things. In an effort to conserve power and reduce noise, I have been using my trusty Sony z505sx (pictured above). Recently, I switched to a Jetway MINI-ITX board and have been quite happy. The board runs a 1.2GHz Via C7 Eden processor, is fanless and consumes only a few watts of power while operating. It is loaded with 1GB of ram and a 750GB SATA (also low power) drive to provide ample storage. Since the system has RCA/S-Video out, I added a 5″ LCD screen on the top. So far, the machine performs well running as media/web/ftp/ssh server and is barely audible with no fan attached.

I am manufacturing a custom case for this machine and will post a full writeup once I have a cover that I like, for now, you will have to enjoy the single image below. As far as the z505sx is concerned, I decided to put it on eBay in a preemptive spring cleaning effort and to avoid clutter.

del.icio.us | digg

I decided to install Vista on my home workstation today in hopes of determining which software that our lab group uses will work fine and which will have problems. To be more specific, if the data collections will continue to run on Vista machines. This test was partially motivated by a growing of support for Vista drivers and neglect for XP drivers by hardware manufacturers.

The system under test is an Athlon64 3200+ with 2GB of RAM and GeForceFX 5600 graphics adapter. The software tested will be MATLAB 2007b/2008a, LabView 8.2/8.5 with PCI-based DAQ, Cadence/Allegro 15.x.

The very short time that I have used Vista (on this machine) has been mostly pleasant. The good is that everything seems to work fairly smoothly and all of the hardware was identified at bootup and all drivers have been loaded. The main downside is that Vista has needed my permission for almost every action.

del.icio.us | digg

For what it is worth, the La Fonera is still one of the better deals on basic embedded systems on the internet. I have looked at it before and shelved it for quite some time until I needed it again for a prank (open wifi, http redirection, etc). The available documentation, at the time of writing, is a bit spotty but one can gather enough information to build and test firmware based on the OpenWRT project. This guide will hopefully illustrate the complete process from the very start to actually running the custom firmware.

(more…)

del.icio.us | digg