μblog: engineering from the trenches

Last week, the rest of my family moved from Yalta, Ukraine to Washington D.C., USA, bringing with them their cat. Ukraine is known for various corrupt activities, including pirating games and replacing everything with mods to make it look like a Ukranian game. This is often done very poorly, and sometimes the pirated game DVDs contain crapware and possibly malware. In discussion with my brother (pictured), I got to remember the days when I did some network engineering/security work.

For the past four-five years, I have maintained a constant subscription with several security-focused email lists, however, I have probably only read a handful of messages. To make security easier to deal with, the National Vulnerability Database, working with DHS and CERT, have released some feeds that can be compatible with an RSS reader. Their statistics page is pretty handy too, the queries there will generate bar plots of vulnerabilities and relative percentages of vulnerabilities that meet the search criteria. Hopefully this will help me keep up with security in the background.

del.icio.us | digg

Paul So, one of my colleagues from George Mason University, has taken some time off from teaching Physics and started an art gallery that focuses on providing practical training to up-and-coming artists. What is interesting is that this gallery aims to improve both the artist’s technique as well as promote a successful career by giving an overview of the business and economics side of things. As the Hamiltonian Artists gallery is a 503(c) non-profit organization, it made sense to create some sort of donation system to supplement other means of income and make the gallery more sustainable.

Since the donation system is a pretty small project, June and I volunteered our time to write the code and integrate it into the existing website. After reviewing my options, I was pleasantly surprised by how easy Google makes it to integrate their checkout system. The first feature that makes Google Checkout attractive to non-profits is that all processing fees are waived “through at least the end of 2008“. I have a feeling that Google added this to protect themselves down the road, however, they will probably keep waiving the transaction fees. The next attractive feature is the availability of example code in various programming languages. I ended up using PHP, however, most other server-side languages are also supported. Finally, the Google Checkout Sandbox makes it really easy to check that your integration system works as expected before any money is transferred. Over all, I was very pleased with the ease of integration and the support provided by Google.

Coding of the system, which includes some hierarchy, has gone pretty smoothly and has taken about 15-20 hours total. The whole system will be reviewed by the intended management users tomorrow and then the last tweaks and polish will be applied. Hopefully everything will be up-and running in a week or two so that the donations can start to come in.

[ Picture is of the construction going on in the Hamiltonian Artists building. ]

del.icio.us | digg

Over a decade ago, I remember printing out and reading a text by Aleph1 entitled Smashing the Stack for Fun and Profit. Back then, stack-based buffer overflows were a hot topic and the tide was turning as programmers began to realize that null termination of strings was not a good security measure and bounds checking was becoming necessary for the security-minded programs.

The issue was that many people were used to using a function like strcpy() to copy a string from one memory location to a dynamically allocated memory segment on the stack. The strcpy() function simply started copying from the supplied address and stopped when it reached a null character without knowing how much space was allocated for the string at the destination. As a result, segments of the stack that were not allocated for the “local” variable, like the return address of a function, could be overwritten with arbitrary values. With the properly formatted string, even executable code could be put somewhere on the stack and the return address could be overwritten so that this code could be executed, for fun and profit as they say. Programmers became wiser and started using strncpy() instead, which only copied a fixed amount of data and therefore guaranteed that the allocated space would not be exceeded. Furthermore, most modern operating systems can now set areas of the memory dedicated to the stack as non-executable, so the above routine would be foiled. Individuals have found some ways around these security features, however, the stack smashing exploit (as described by Aleph1) has mostly been considered a thing of the past.

I use the term mostly since Nintendo has preserved the knowledge and allowed practice of this exploit with their release of the latest Zelda game for the Wii. Through a cleverly crafted save file, the name of the main characters horse can contain a string as mentioned above and lead to execution of arbitrary code. There are a few tricks to maintain the integrity of the save file, however, after a decade the above exploit still lives on, almost in the same form as described by Aleph1.

( Although the picture is not from the Twilight Princess game, it is a good game none the less. )

del.icio.us | digg

As some of you may have known, I am a bit of a FreeBSD enthusiast and have been using it regularly since around the time of the Linux fragmentation/teardrop vulnerability. I have always kept a FreeBSD system running at home so that I could perform various network tasks and automate things. In an effort to conserve power and reduce noise, I have been using my trusty Sony z505sx (pictured above). Recently, I switched to a Jetway MINI-ITX board and have been quite happy. The board runs a 1.2GHz Via C7 Eden processor, is fanless and consumes only a few watts of power while operating. It is loaded with 1GB of ram and a 750GB SATA (also low power) drive to provide ample storage. Since the system has RCA/S-Video out, I added a 5″ LCD screen on the top. So far, the machine performs well running as media/web/ftp/ssh server and is barely audible with no fan attached.

I am manufacturing a custom case for this machine and will post a full writeup once I have a cover that I like, for now, you will have to enjoy the single image below. As far as the z505sx is concerned, I decided to put it on eBay in a preemptive spring cleaning effort and to avoid clutter.

del.icio.us | digg

I decided to install Vista on my home workstation today in hopes of determining which software that our lab group uses will work fine and which will have problems. To be more specific, if the data collections will continue to run on Vista machines. This test was partially motivated by a growing of support for Vista drivers and neglect for XP drivers by hardware manufacturers.

The system under test is an Athlon64 3200+ with 2GB of RAM and GeForceFX 5600 graphics adapter. The software tested will be MATLAB 2007b/2008a, LabView 8.2/8.5 with PCI-based DAQ, Cadence/Allegro 15.x.

The very short time that I have used Vista (on this machine) has been mostly pleasant. The good is that everything seems to work fairly smoothly and all of the hardware was identified at bootup and all drivers have been loaded. The main downside is that Vista has needed my permission for almost every action.

del.icio.us | digg

For what it is worth, the La Fonera is still one of the better deals on basic embedded systems on the internet. I have looked at it before and shelved it for quite some time until I needed it again for a prank (open wifi, http redirection, etc). The available documentation, at the time of writing, is a bit spotty but one can gather enough information to build and test firmware based on the OpenWRT project. This guide will hopefully illustrate the complete process from the very start to actually running the custom firmware.

(more…)

del.icio.us | digg

Last week, I wrote an entry where I  pointed out some methods to aid with getting your SPICE simulation to converge and made a promise that I would write a guide that would go through all the necessary steps to create a simulation with a non-standard device. Luckily, the fine folks at Texas Instruments have already written such a guide. The guide is designed to work with the Orcad/Cadence suite and guides the user through all the steps, starting with downloading a SPICE model from ti.com to changing the appearance of the schematic symbol to creating a simulation profile and running the simulation. Although this is geared towards Texas Instruments, the ideas are generic enough to apply to practically any vendor’s models.

del.icio.us | digg

I recently found another free tool (in addition to LASI) that allows users to play around with CMOS layout (and some very basic simulation). The tool is from Microwind Inc with the lite version aptly named “Microwind“. Once the user form is filled out with minimal information, various tools can be downloaded with an assortment of papers including a 4-bit microprocessor example. The lite version of the tool is somewhat limited, but there are some simple layout examples. Furthermore, this is the tool used to demonstrate all of the examples in Basic CMOS Cell Design (Amazon) and Advanced CMOS Cell Design (Amazon) by Sicard (author of the software) and Bendhia. I have read most of the first book and am working on the second one and will write a short review when both are completed. So far, the first (Basic) one is all-right for a reference but requires some thinking to understand a few of the layouts. The image above is a example layout for a 3-bit DAC.

del.icio.us | digg

Although SPICE is one of the most prevelant tools for analog circuit simulation, saying that it was without problems would be incorrect. The problem that I have seen is that individuals start using a cad package, such as the Cadence/Orcad suite and run into some incomprehensible problems with analog simulation with PSPICE and quickly give up on the technology deeming it unusable. What needs to be understood is that the simulation heavily relies on numerical integration and matrix inversion methods, both of which are very susceptible to numerical errors. The up-side is that there are parameters that can be tuned, and in some cases, simulation speed/performance can be sacrificed to get higher accuracy and convergence.

Charles Hymowitz, from Intusoft, has written a small article on the topic of SPICE simulation convergence. The basic idea here is to first make sure your circuit is wired as intended and that the nodes are properly labeled. He then gives an overview of some parameters and algorithms that can be tweaked to try to attain convergence. Finally, he makes a very important point: if your circuit still doesn’t converge, look back at the design, there may be something inherently wrong with it.

I agree with most of his statements and have been using SPICE for some time to get a high-level simulation of various analog circuits. Unfortunately, it is not a substitution for building a prototype, but it does offer assistance with initial design. I am thinking of writing up a few step by step guides for using the Orcad suite, including one that demonstrates PSPICE simulation with device models downloaded from vendor web sites. If anyone is interested in seeing those types of things, send an email or leave a comment and I may do it a bit quicker.

( converg.pdf )

del.icio.us | digg

For one reason or another, both of the shift keys suddenly stopped working on June’s VAIO notebook. After some troubleshooting it seemed to be a hardware problem. With work needing to be done, I didn’t want to open the machine up and risk breaking more things so I thought that it would be easiest to remap the shift key to the caps lock key, one that shouldn’t be used too often. While it is straightforward to change this on a Unix/Linux system (xmodmap, loadkeys, etc), it turns out that there is also a straightforward method to do this on Windows. This requires editing the registry, however, the Windows Resource Kit has a nice graphical front-end to do this.  The installed tool is called remapkey.exe and has a drag and drop configuration screen. Long story short, the caps lock key is now the shift key, and everything is fine until tomorrow.

del.icio.us | digg