| CARVIEW |
RSSArchives: July 2008
July 31, 2008
Buzz Kill - stopping iPhone GSM speaker noise
Every GSM cellphone user is familiar with the annoying Bzzzhtzttt noises that tend to emanate from random electronics anywhere you take your device. The iPhone is no exception, but the problem is exacerbated since most people have it sitting on their desk with a speaker close by playing music at reasonable amplification. It sucks.
Mac Life has a solution that may work for you. Just yank the ferrite beads from an old usb cable—they are inside the plastic bulge near one end of most cables—and place them around or taped in-line with your speaker cable. There are a few stories of success with this method, and nobody has mentioned an impact on audio quality, so it's a cheap fix that's worth a shot.
Posted by Jason Striegel |
Jul 31, 2008 08:32 PM
Mobile Phones, Music, iPhone |
Permalink
| Comments (2)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 30, 2008
Asterisk File Transfer Protocol
Cory Menscher writes:
As part of the NYU ITP "5in5" event this week, I created the Asterisk File Transfer Protocol. Using the CSound audio programming language, I wrote a PHP script that converts a binary file into an audio WAV file based on the "Kansas City standard", created in 1975, for transferring binary files via audio cassette. However, instead of a cassette, a user can dial my extension on an Asterisk VoIP PBX server and "retrieve" a file (an 8kb jpeg image) at 300 baud over POTS. You can access the file by dialing (212) 796-0729 ext. 160.
In reality, the audio quality of the GSM codec I was limited to by the server probably precludes one from ACTUALLY downloading the file, but it's still fun! If you want to hear a higher-fidelity version of the file you can access it at https://www.menscher.com/itp/blogmedia/aftp.mp3.
Corey posted the source he used to generate the encoded WAV from an image, so you can see the nuts and bolts of using CSound to generate audio data in PHP. It'd be neat to see the decoder half of this, but it's been left as an exercise for the reader.
I have fond memories of saving and loading files from a C64 datasette drive like this, so it's pretty cool to see this sort of thing done in PHP.
The Asterisk File Transfer Protocol
Posted by Jason Striegel |
Jul 30, 2008 11:25 PM
PHP, Retro Computing |
Permalink
| Comments (2)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 29, 2008
DJBDNS, DNS exploits, Bernstein, Schneier, and security by design
If you haven't been living under a rock, you've probably heard of the DNS vulnerability that Dan Kaminsky announced about a half year ago. The plan was that Kaminsky would be working with DNS server vendors to provide a patch, giving ample time for administrators to upgrade before the details of the exploit were released later this year. Unfortunately the exploit was leaked prematurely, causing a general freak-out mode amongst people that administer DNS systems.
When I read the article on Slashdot, the "all name servers should be patched as soon as possible" quote dropped a bit of scare on me too. What about my sad little DNS server? I envisioned spending an evening working through a time consuming process of patching and reconfiguring things that I haven't had to touch in years. Much to my pleasant surprise, djbdns, D. J. Bernstein's DNS server, was not vulnerable. My decision to use djbdns a number of years ago was primarily due to his vocal philosophy of engineering security by design instead of by response.
Bruce Schneier's analysis of things is spot on as usual. It's a solid case study for hygienic software engineering practices and the design of secure systems.
The real lesson is that the patch treadmill doesn't work, and it hasn't for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance. We need security engineers involved in system design. This process won't prevent every vulnerability, but it's much more secure -- and cheaper -- than the patch treadmill we're all on now.
What a security engineer brings to the problem is a particular mindset. He thinks about systems from a security perspective. It's not that he discovers all possible attacks before the bad guys do; it's more that he anticipates potential types of attacks, and defends against them even if he doesn't know their details. I see this all the time in good cryptographic designs. It's over-engineering based on intuition, but if the security engineer has good intuition, it generally works.Kaminsky's vulnerability is a perfect example of this. Years ago, cryptographer Daniel J. Bernstein looked at DNS security and decided that Source Port Randomization was a smart design choice. That's exactly the work-around being rolled out now following Kaminsky's discovery. Bernstein didn't discover Kaminsky's attack; instead, he saw a general class of attacks and realized that this enhancement could protect against them. Consequently, the DNS program he wrote in 2000, djbdns, doesn't need to be patched; it's already immune to Kaminsky's attack.
The djbdns server wasn't pre-installed on the Linux distro I based my poor old server on. DJB's deamontools package, which manages the startup and shutdown of the service, was annoying to deal with when every other application just uses a normal init rc script. The dns server configuration and setup was also unfamiliar to me, having previously only worked with BIND zone files.
There's one other thing that has really been different with djbdns than any other DNS server I've ever administered: I've never had to patch it. I've only had one other software experience like this, with the qmail mail transfer system. Qmail is also designed by Bernstein. Hmm.
If you're upgrading your DNS server anyway, maybe now is the time to start thinking about your alternatives.
Daniel J. Bernstein's djbdns server
Schneier - The DNS Vulnerability
DJB on DNS forgery
Slashdot - Kaminsky's DNS Attack Disclosed, Then Pulled
Posted by Jason Striegel |
Jul 29, 2008 08:52 PM
Cryptography, Network Security, Software Engineering |
Permalink
| Comments (6)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 28, 2008
Web application hotkeys with Javascript
It's unfortunate, but there are only a few sites that have done a good job of enhancing the user experience with hotkey support. In searching for the easiest way to do this in my own applications, I stumbled across the Hotkeys plugin for jQuery. In typical jQuery form it lets you do something moderately complicated, like capturing keyboard events, with a single line of Javascript code. You use the hotkeys.add method to bind a keyboard event to a callback function and the hotkeys.remove method to remove the handler.
Here's an example that will create an alert box when you press control-c:
$.hotkeys.add('Ctrl+c', function(){ alert('ctrl-c pressed');});You remove the handler like this:
$.hotkeys.remove('Ctrl+c');hotkeys.add can also has a 3 parameter evocation: hotkeys.add(key, options, handler). The options parameter is just an associative array which you can use to pass options such as the target DOM path or the type of key press event (keyup or keydown). The key parameter is a string representing the key combination. Instead of using scan codes, you send in the names of the key combination, such as "a", "Shift+b", "f9", or "pageup". It's really that easy.
Javascript jQuery Hotkeys Plugin
Using jQuery Hotkeys
Posted by Jason Striegel |
Jul 28, 2008 09:28 PM
Ajax, Web |
Permalink
| Comments (0)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 27, 2008
Cyber Security Awareness Week
Dan Guido from the Information Systems and Internet Security Lab at the Polytechnic Institute of NYU wrote in about the Institute's 5th annual Cyber Security Awareness Week. If you're in high-school or a college undergraduate program, this is a great opportunity to test your infosec skills against your peers, and hopefully earn a little prize money in the process.
ISIS Lab is organizing NYU-Poly's 5th annual Cyber Security Awareness Week (CSAW) where students can compete and win prizes in a variety of information security challenges. There will be door prizes, raffles for participating, and bonus prizes for undergrad and high school participants. Qualified finalists will receive a travel scholarship to attend the awards ceremony in New York City.
There are a number of events, including an application security "capture the flag" challenge, a security quiz which covers everything from cryptography to risk management, and a 5-day forensics puzzle. There's even an embedded systems challenge where teams are tasked with trying to find hardware and software bugs in a mock control system.
This looks like a lot of fun. Some of the contest materials become available at the beginning of September, so sign up soon if you're interested in participating.
Cyber Security Awareness Week 2008
Posted by Jason Striegel |
Jul 27, 2008 09:28 PM
Cryptography, Electronics, Network Security, Software Engineering |
Permalink
| Comments (1)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 26, 2008
MySQL performance tuning
Jay Pipes, MySQL employee and co-author Pro MySQL, gave a great presentation to Google employees which covers a number of techniques for tuning performance on MySQL. His examples include debugging and analyzing problems as well as best practices for table and index design, query and join operations, and server variable adjustments.
It's a little over 40 minutes long, but incredibly informative, whether you're a casual querier or a power MySQL user. Though some of this stuff is MySQL (or MyISAM or InnoDB) specific, the majority of the content is essential material for the average database application developer.
If you don't have time to sit through it (shame on you) or you're looking to jump right to a specific topic, there's a nice time-coded dissection of the talk over at Peteris Krumins' blog. There's something so appropriate about adding a search index to a video about MySQL optimization.
Performance Tuning Best Practices for MySQL
Video Index
Posted by Jason Striegel |
Jul 26, 2008 12:11 PM
MySQL, SQL, Software Engineering |
Permalink
| Comments (0)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 25, 2008
Peggy LED lightboard
MAKE's Collin Cunningham really impressed me with this short film "A Date With Peggy," a story of an overworked hacker finding relaxation through his craft.
After a frustrating day at the office, it feels good to go make something that simply works. (playing with a bunch of ultra-bright LEDs doesn't hurt either)
The Peggy kit from Evil Mad Scientist Laboratories is sort of like a big kid's Light Bright. It's a large 25x25 array that you can wire LEDs into however you like, without worrying about details like load resistors. The LEDs aren't individually addressable, but you do have some programatic control over the whole array, and there's a built in light sensor that you can use to adjust the display based on light conditions.
A Date With Peggy
Peggy kit at the Maker Shed
"Peggy," A Light Emitting Pegboard Display - Evil Mad Scientist
Posted by Jason Striegel |
Jul 25, 2008 06:49 PM
Electronics |
Permalink
| Comments (0)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 24, 2008
Farm Fountain - edible eco-sculpture
Equal parts hydroponic garden, aquarium, and interactive art, the Farm Fountain is an experiment in self-contained, indoor ecosystem design created by artists Ken Rinaldo and Amy Youngs. The idea is that you can raise edible fish and cycle their waste nutrients through a hanging garden which filters the water before returning it to the aquarium.
Their 4th generation Farm Fountain is currently on display at the Te Papa Museum in New Zealand until January 2009. From the Farm Fountain website:
This project is an experiment in local, sustainable agriculture and recycling. It utilizes 2-liter plastic soda bottles as planters and continuously recycles the water in the system to create a symbiotic relationship between edible plants, fish and humans. The work creates an indoor healthy environment that also provides oxygen and light to the humans working and moving through the space. The sound of water trickling through the plant containers creates a peaceful, relaxing waterfall. The Koi and Tilapia fish that are part of this project also provide a focus for relaxed viewing.
The plants we are currently growing include lettuces, cilantro, mint, basil, tomatoes, chives, parsley, mizuna, watercress and tatsoi. The Tilapia fish in this work are also edible and are a variety that have been farmed for thousands of years in the Nile delta.
A Basic Stamp program controls the pump mechanism, allowing the plants to be watered at regular intervals for a set period of time. Depending on available natural light, supplemental lighting can be provided by a combination of fluorescent and grow-spectrum LED lighting, switched from a standard light timer. Ken and Amy worked out a lot of the details during the construction of their 3rd Farm Fountain design (pictured above) and they've assembled a how-to instructional gallery which you can use to design your own Farm Fountain system.
There are a lot of external inputs required to keep the ecosystem healthy for a long period of time including fish food, PH and nitrate monitoring, and general gardening tasks. Once you've gotten accustomed to it, though, it's probably not much more work than maintaining a lawn, and a lawn can't give you tomatoes in the middle of winter.
Farm Fountain - a sculptural ecosystem you can eat
Posted by Jason Striegel |
Jul 24, 2008 11:08 PM
Design, Food, Home, Life, Science, Survival |
Permalink
| Comments (0)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 23, 2008
NTFS Alternate Data Streams - hide files inside other files
The NTFS file system has support for additional data, called Alternate Data Streams (ADS), to be attached to any file. Normally this is used by the operating system and file explorer to bind extra data to a file, such as the file's access control information, searchable file meta-data like keywords, comments and revision history, and even information that can mark a file as having been downloaded from the internet. Because this extra information is bound to the file at the filesystem level, you can move the file from one folder to another and all of the various meta-information and permission data stays with the file.
The interesting thing is that a file can have 0 to many ADS forks attached to any file or directory. While some of the ADS identifiers are use by the OS, there's nothing stopping you from adding other ADS forks to a file. You can do this directly from the command line, using a simple colon ":" notation.
Let's say you have a file called test.txt. You can store a secret message in the file like this:
echo "This is a secret" > test.txt:secretdata
If you view the contents of the file, you won't see anything peculiar. If you know about the existence of the secretdata ADS entry, however, you can easily extract the hidden information with the following command:
more < test.txt:secretdata > output.txt
When you now open output.txt, you'll find your secret data inside.
Because it's a lower level OS feature, you can even trick most programs into loading the data. In the scenario above, you could actually load and edit the secretdata stream inside of notepad by running "notepad test.txt:secretdata".You can even store and execute binary data of any particular size in an ADS fork. For instance, maybe you want to shove solitaire inside one of your text file's ADS entries:
type c:\winnt\system32\sol.exe > test.txt:timewaster.exe
Running the file is as simple as "start .\test.txt:timewaster.exe". Wild, no?
So the odd thing is that all these hidden streams are floating about your filesystem and until Vista's /R flag on the DIR command, there hasn't really been a very good built-in way of detecting them. To solve this, Frank Heyne created an application called LADS which is an excellent command line utility that will scan a directory and print out stream names and sizes for files within it.
There's was also a tool released in an MSDN article about file streams that will at an extra tab to the file properties in Windows Explorer. I've linked to a FAQ that Frank maintains about ADS that walks you through setting up the dll and registry entries to make this work. When it's activated, the Streams tab in the properties panel will let you create, view, edit or delete the stream data that's attached to any file, right in Explorer.
I can see how this file system feature could be useful, but it's a little odd that it's so hidden from the user and there seem to be a few problems with the concept. Obviously, because of ADS's hidden nature, there are a number of malicious uses that can be employed by jerk-o's who write virii and that sort of thing. Even ignoring that, there are also data interchange issues—moving a file between NTFS and another file system causes the loss of all this attached information. Call me old fashioned, but I like my files the way they used to be, with a start, an end, and some bytes in between.
Frank Heyne - Alternate Data Streams in NTFS FAQ
LADS - NTFS alternate data stream list utility
The Dark Side of NTFS
MSDN: A Programmer's Perspective on NTFS Streams and Hard Links
Posted by Jason Striegel |
Jul 23, 2008 10:30 PM
Cryptography, Data, Windows, Windows Server |
Permalink
| Comments (3)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 22, 2008
PocketMod and Mapufacture: the anti-iPhone
Here's a clever way to fold an 8.5x11 sheet of paper into a small book. The way it's folded, all of the book's 8 outward-facing pages are from the same side of the sheet of paper. This allows you to easily construct a handy little daily planner by printing a single sheet of paper. When you're done folding, the first and third leaf will have a little pouch that you can shove a business card or two inside.
The PocketMod website has a flash application that lets you quickly build a layout for your planner. You can drag calendars, todo-lists, grids, conversion tables, and even RSS feed articles to the page and print it directly from your browser.
I love it. It's the iPhone for the mobile Luddite.
You're probably thinking: this pocketmod thing is awesome and all, but what about maps? Well, PocketMod does maps too. Or rather, a cool Web2.0 mapping service does PocketMods.
At mapufacture.com, you can create and manage custom maps and import data layers from news sources, geo blogging services, and Google My Maps. In addition to all the normal embedding and sharing tools that you'd expect, they also have a PocketMod export, allowing you to convert your map into a handy format that you can put in your back pocket.
You can't make phone calls on your PocketMod and it doesn't hold any songs you can't sing or whistle yourself. On the other hand, it's crazy slim, 3rd party application writing is a cinch, the data plan is affordable, and you won't believe the battery life.
PocketMod
Mapufacture - create custom multilayer maps (with pocketmod output support)
Posted by Jason Striegel |
Jul 22, 2008 10:24 PM
Google Maps, Life, Lifehacker, Mapping, Productivity |
Permalink
| Comments (1)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 21, 2008
Tether your iPhone 3G
Your iPhone can connect you to the web from just about anywhere, but sometimes browsing on a tiny screen isn't enough. With jailbroken 3G and some free software, it's pretty easy to bring that internet-anywhere access to your laptop.
Nate True put together a howto that will guide you through the steps for configuring your iPhone 3G as a web proxy using the 3Proxy software. The laptop connects to the iPhone over an ad-hoc WiFi connection, the iPhone connects to the internet on its 3G connection, and 3Proxy sits in the middle, shuttling http requests and responses from your laptop to the world wide internets.
There are a number of steps involved if you include the whole jailbreaking process. If you get this out of the way, though, you'll be prepared to jack in in an emergency (or in a lame-o airport with pay wifi).
How to tether your iPhone 3G
3Proxy
PwnageTool 2.0.1 (for jailbreaking your iPhone 3G)
Posted by Jason Striegel |
Jul 21, 2008 10:12 PM
Mobile Phones, Wireless, iPhone |
Permalink
| Comments (2)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 20, 2008
LEGO NXT Rubik's Cube solver
Hand Andersson's Tilted Twister is a LEGO robot that can solve a scrambled Rubik's Cube in about 6 minutes. I've seen LEGO cube solvers before, but there's something a bit different about this one, which you can see in the video below:
If you didn't catch the difference, this robot is solving the puzzle on its own with no attached PC!
A light sensor is used to scan all six faces of the cube. The robot then calculates a solution for the cube, before executing an average of 60 turns to complete the puzzle.
The robot is built from the parts available in a retail NXT kit—no extra or custom pieces are necessary. You can build one yourself using the LEGO Digital Designer CAD file and NXC source code that are available from Hans' site.
Tilted Twister - a Lego Mindstorms robot that solves Rubik's cube [via Hacked Gadgets]
Posted by Jason Striegel |
Jul 20, 2008 08:04 PM
LEGO |
Permalink
| Comments (0)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 19, 2008
Citizen Engineer 01 - SIM card and payphone hacks
Ladyada and PT have kicked off the first episode of their Citizen Engineer video series in style. This episode explores GSM SIM card technology and the more retro tech found inside a retired Bell payphone. Ladyada shows how to create a SIM reader which you can use to do things like read deleted SMS messages or brute-force the card's secret key. In the second part, the team dismantles an old Bell payphone and hacks it to function as a home telephone, require quarters for use, and make Skype calls.
Posted by Jason Striegel |
Jul 19, 2008 07:12 PM
Electronics, Mobile Phones, Screencasts, Skype |
Permalink
| Comments (1)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 18, 2008
Origami Wall-E
Brian Chan figured out how to make this origami Wall-E from a single uncut square of paper. It looks like a 2 hour project for someone with decent folding skill. My mind is officially blown. Images and the Wall-E folding pattern are available on Brian's site. I found the above time-lapse video on MIT's TechTV video site. The site looks like a YouTube for hackers and is also well worth checking out.
Brian Chan's Origami Wall-E
Wall-E Folding @ MIT TechTV
Posted by Jason Striegel |
Jul 18, 2008 10:32 PM
Design |
Permalink
| Comments (0)
| TrackBack
| Digg It
| Tag w/del.icio.us
July 17, 2008
Binary Arduino clock
Check out Daniel Andrade's binary LED clock built using the Arduino. It's well thought out, including controls for setting the time and hibernating with the LEDs off. Each hour and minute digit is represented in binary form, so it's actually fairly easy to read once you get accustomed to it.
The circuit and source are available from Daniel's site. If you're ahead of the game and already thinking about what to do this Saturday afternoon, this might be a fun option to add to the list.
DIY: Binary Clock with Arduino
Posted by Jason Striegel |
Jul 17, 2008 08:57 PM
Electronics |
Permalink
| Comments (2)
| TrackBack
| Digg It
| Tag w/del.icio.us
Bloggers
Welcome to the Hacks Blog!
Brian Jepson
Jason Striegel
Phillip Torrone
Categories
- Ajax
- Amazon
- AppleTV
- Astronomy
- Baseball
- BlackBerry
- Blogging
- Body
- Cars
- Cryptography
- Data
- Design
- Education
- Electronics
- Energy
- Events
- Excel
- Excerpts
- Firefox
- Flash
- Flickr
- Flying Things
- Food
- Gaming
- Gmail
- Google Earth
- Google Maps
- Government
- Greasemonkey
- Hacks Series
- Hackszine Podcast
- Halo
- Hardware
- Home
- Home Theater
- iPhone
- iPod
- IRC
- iTunes
- Java
- Kindle
- Knoppix
- Language
- LEGO
- Life
- Lifehacker
- Linux
- Linux Desktop
- Linux Multimedia
- Linux Server
- Mac
- Mapping
- Math
- Microsoft Office
- Mind
- Mind Performance
- Mobile Phones
- Music
- MySpace
- MySQL
- NetFlix
- Network Security
- olpc
- OpenOffice
- Outdoor
- Parenting
- PCs
- PDAs
- Perl
- Philosophy
- Photography
- PHP
- Pleo
- Podcast
- Podcasting
- Productivity
- PSP
- Retro Computing
- Retro Gaming
- Science
- Screencasts
- Security
- Shopping
- Skype
- Smart Home
- Software Engineering
- Sports
- SQL
- Statistics
- Survival
- TiVo
- Transportation
- Travel
- Ubuntu
- Video
- Virtualization
- Visual Studio
- VoIP
- Web
- Web Site Measurement
- Windows
- Windows Server
- Wireless
- Word
- World
- Xbox
- Yahoo!
- YouTube
Archives
Recent Posts
- Pringles can macro photography
- YouTube Comment Snob
- iPhone macro focus
- Multitouch touch-pad support for Linux laptops
- Dealing with large numbers of files in Unix
- Wii Physics
- Display batting stats in a Google Gadget
- Roomba controlled by Wii Balance Board
- Pixlr: Flash photo editor
- The smallest program ever
www.flickr.com
|
Most read entries (last 30 days)
- Change the message on HP printers
- LED security camera disruptor
- HOWTO: Reset a lost OS X password
- Unbrick or downgrade any PSP
- Star Wars music played by a floppy drive
- HOWTO - Read/Write to NTFS drives in OS X
- HOWTO - Install Ubuntu on the Asus Eee PC
- Make a cheap Xbox 360 Wireless Adapter with DD-WRT
- Free airport WiFi
- T-Zones and iPhone: the $5.99 data plan
- Play MS-DOS Games on Vista
- Using Google as a Proxy (or HOW TO: View MySpace at School)
- Pocket PC iPhone conversion
- HOWTO - Fix a "Red Ring of Death" Xbox 360
- Howto: Download Youtube and Google Videos
© 2008 O'Reilly Media, Inc.
All trademarks and registered trademarks appearing on makezine.com are the property of their respective owners.
Recent comments