Month: November 2010

Getting a Esduino Communicating with Mac OS X

Just a word of warning everybody, we are going down super duper mega geek territory here. If you’re not sure what a Esduino is you’ll not give two shits about this post. This is mostly a guide for myself to serve as a reminder of how to get this thing running again should I forget. Since the information has potential to be useful to others out there I figured I post it up on a public page.

I’m not going to waste time explaining what an Esduino is beyond it being a Arduino board that uses a 9S12 microcontroller as its core. If you don’t know what it is chances are this guide is useless to you.

The Esduino by Technologicalarts comes with a FT232R USB to serial port converter built in. There are no built in drivers for this chip in Mac OS X thus you need to install them. The drivers can be found here (for Windows, Mac, and Linux). The installation guides can be found here. Summed up all you need to down is download the appropriated driver (I used the virtual COM port driver instead of the D2XX driver as I’m used to working with virtual COM ports) and install it.

Once the driver is installed you can plug your Esduino into one of your USB ports. You’ll notice nothing happened, that’s normal. In truth something did happen though, two new files were created in your /dev directory (if you’re unfamiliar with the UNIX underpinnings of OS X just ignore this part, it’s really irrelevant). The two new files will be called /dev/cu.usbserial-xxxxxxxx and /dev/tty.usbserial-xxxxxxxx with the xxxxxxxx being the serial number of the device you plugged in. The Esduino will also appear in the System Profiler under USB. I’ll make a quick note that those two files in your /dev directory will only appear when you plug the Esduino in, if you don’t see them you’re device probably isn’t plugged in.

Now your computer is communicating with the Esduino board, what’s next? Well you need to interact with it. All Esduino boards come pre-loaded with an application. This application can be interacted with through the virtual COM port. First before you begin flip the switch on the microcontroller into the run position. In order to communicate with the virtual COM port I found a good program called CoolTerm. Open CoolTerm and open the options dialog (click on the toolbar button labeled Options). Under the Serial Port Options group select usbserial-xxxxxxxx from the port combo box and then click the OK button. Now that you’re back to the main window click the Connect button on the tool bar and press the enter key. A text menu should appear and you’re up and running.

Yes this is the kind of thing I do for fun. See how messed up I am?

Lock Pick Laws in Minnesota

I’ve talked a lot on here about various gun laws in Minnesota. Personally I like talking about things that directly relate to my hobbies and guns are one of my big hobbies. Another hobby I have is lock picking. Just like firearms lock picks are tools, nothing more, yet people try to ascribe motive behind them. For example in many states (Californistan for example) possession of lock picks without being a certified locksmith can land you into deep water. In other states there has to be some form of intent to commit a criminal act in order to prosecute somebody for possession of lock picks.

As lock picking is one of my hobbies I often has a set of lock picks in my possession. Not only is picking locks fun but it’s a great parlor trick at a party to boot. So what are the laws in regard to lock picking in Minnesota?

First a disclaimer, I am not a lawyer. My interpretation of the law is based on how it’s written, my limited education in regards to legal language, and of course what I read from other people. This is not legal advice.

Well we’re lucky here as possession of lock picks alone can’t get you tossed into prison. The law regarding lock picks is established in Minnesota statute 2006, Section 609.59:

609.59 POSSESSION OF BURGLARY OR THEFT TOOLS.
Whoever has in possession any device, explosive, or other instrumentality with intent to use
or permit the use of the same to commit burglary or theft may be sentenced to imprisonment for
not more than three years or to payment of a fine of not more than $5,000, or both.

Lock picks usually fall under burglar tools as do crowbars and hammers. The key phrase in Minnesota law is the line that states, “with intent to use or prermit to use of the same to commit burglary or theft.” What that means is you can’t be arrested for simply possessing lock picks, you must be showing intent. So how do you show intent when it comes to possession lock picks? Generally by either trespassing or attempting to break into a locked area. Possessing lock picks will add to your sentence in other words but won’t get you nailed for anything alone.

That means you’re free to order lock picks and use them. You won’t get into trouble when you bring them to a friend’s house to demonstrate your little parlor trick or to teach others how to partake in the fun.

Calling a Bluff

Although I’ve never played for any extent of time I understand a big strategy in poker is to call somebody’s bluff. This is a great strategy in many regards but it’s also dangerous. Case in point Olin Corporation (they manufacture Winchester labeled ammunition) is moving it’s manufacturing plant after a union vote to refuse a pay freeze.

Basically members of the union thought Olin was bluffing and called them on it. Here in lies the example of why bluffing is dangerous, your opponent may very well be telling the truth. Personally there are a few things I’ll gamble on, my job isn’t one of them.

Fly the Unfriendly Accusation Skies

There are few letters that can be put together to cause massive rage in almost every person in the United States. One of those precious few seemingly innocuous strings of letters is TSA (Transportation Security Administration). Employees of the TSA do it all, they look at naked picture of you and your children, they feel up your junk, and they plant white powder in your luggage and threaten to arrest you for cocaine possession.

Yes, they do all of this and offer no additional security to fliers. TSA offers security theater, not actual security. The real problem is you’re giving a bunch of people a badge and some authority. With certain types of people this is a very bad idea because it gives them power trips. Frankly once we have an agency so corrupt that one of their employees has decided to fuck with an airline passenger by placing a substance that looks like cocaine on their person it’s time for some dismantlement.

Another Reason to Root Your Android Phone

If being able to use your Android phone for a Wi-Fi hotspot (without paying an additional fee to your service provider), being able to backup your data, and being able to run a stripped down version of Wireshark weren’t enough I have yet another reason, security.

Take for example this security exploit. It’s fixed on Android 2.2 but not 1.6. What’s the big deal? Many carriers and handset manufacturers haven’t pushed out the 2.2 update to older phones meaning many phones are now vulnerable with no hope of a fix in site. Unlike a personal computer a phone generally can’t be updated willy nilly. For example I can’t go to the store and purchase a new copy of Android to install on my phone, I have to wait for the manufacturers and carriers to push updates out to me.

How does rooting help? Rooting (at least unlocking the NAND) allows you to install custom ROMs. ROMs are basically the installation of the operating system. Many phones that have seen obsolescence from their manufacturers and carriers have updated custom ROMs available for them. These custom ROMs are maintained by the Android community and can offer updates that otherwise wouldn’t be available. If you have a rooted phone with an old version of Android you may want to see if there are any updated custom ROMs available out there. Sadly this is the only way you’ll probably see a fix for any current and future vulnerabilities.

Missing the Point

I seriously don’t understand Oracle. The bought up Sun Microsystems a while ago and have been working hard on ruining all obtained products as quickly as possible. Although Sun was never good at monetizing what they produced they made some great stuff and were usually pretty open with it. Java, OpenOffice, and Solaris were all open source products by the time they ended up being bought by Oracle.

The main benefit of Java has always been the ability to “write once, run everywhere.” Java doesn’t always deliver on that promise by nine times out of ten it does. I know a lot of people still give Java flak for being slow, bloated, and a device to butcher babies but frankly anybody who’s worked with it on a serious project generally walks away feeling that Java is a viable tool to get jobs done. I rather enjoy the fact that I can write a piece of software, compile it once, and then run it on my Windows, Linux, and Mac.

Apparently Oracle doesn’t understand this advantage and are now looking to monetize Java. I have no problem with monetizing a product, I’m a free market advocate after all. The problem I have is how Oracle is planning on going about monetizing Java. Their talking about releasing to version of the Java Development Kit (JDK), a free one and a premium one. By the sounds of it the premium version of the JDK will contain performance improvements in addition to some additional libraries (mostly for interacting with Oracle’s other products).

For a product like Java divergence is a bad thing. Once you remove the guarantee that an application you wrote will run on any platform with a Java Virtual Machine you’ve also removed the only real advantage. If there are two versions of the virtual machine the most likely outcome is people will only write software to target the free version as that’s the only version you can guarantee people will be willing to obtain. Java has always had a reputation for poor performance (a reputation that should be abolished at this point) so having performance only in the paid version is going to hurt the product’s reputation even more.

Frankly I just don’t understand Oracle’s strategy. They seemed to have purchased Sun just to ruin their products as fast as possible. Thankfully this purchase happened after groups already implemented clean room developments of the Java Virtual Machine and Application Programmer Interfaces (APIs) which gives us an alternative to whatever Oracle comes out with.

When a Fix Isn’t a Fix

A bit back I mentioned Firesheep, a Firefox plugin that allowed you to easily steel session cookies on open wireless networks. Frankly this plugin has exploded in popularity (which is the only reason I heard about it) and now people are trying to fix the problem. The problem is simple, websites use unencrypted channels to send authentication information to clients. The only real fix for Firesheep is websites switching from HTTP to HTTPS. Once web site traffic is encrypted Firesheep no longer works, plain and simple.

Instead of legitimate fixes through people are working on hacks to get around Firesheep. Take for example BlackSheep, a Firefox plugin that informs you if somebody on the network is using Firesheep. The problem here is nothing actually getting fixed. The vulnerability still exists and frankly that’s the whole problem. If you want a better fix to avoid getting your session cookie high jacked by Firesheep you can look into using HTTPS Everywhere. HTTP Everywhere isn’t a perfect solution by any means as it only works with specific websites but it’s far better than using something like BlackSheep that will just inform you if somebody is using Firesheep on your network.

The bottom line is what Firesheep does has always been possible. Firesheep simply made a technical task easy enough for anybody to do it, nothing more. Teaching awareness of the problem was the goal and it’s done exactly that will many websites finally talking about rolling out HTTPS secured sites in lieu of their current unencrypted sites.

Celebrate Rebellion

Remember, remember the Fifth of November,
The Gunpowder Treason and Plot,
I know of no reasom
Why the Gunpowder Treason
Should ever be forgot.

405 years ago today a man by the name of Guy Fawkes decided to roll a few wheelbarrows of gun powder below the House of Lords and blow the kind to Hell and back again. The plot ended in failure as he was captured by one of the guards before lighting the fuse but the idea is still sound.

The problem stemmed from the fact that England had separated their church from Rome founding the Protestant Church of England. In order to get appointed to an official church position you had to swear an alliance to the monarch of England which rather clashes with the whole idea of Catholicism. The bottom line is life turned to shit for Catholics in the country who become more and more persecuted.

So what do you do when you’re a member of a group of people being persecuted in a monarchy? Well since a monarchy doesn’t lend itself well to hearing outside opinions your go to plan B which is to kill the monarch. The idea was simple, blow up the House of Lords during the State Opening of Parliament. This was supposed to signal a rebellion in the Midlands that would ultimately end with a Catholic princess placed upon the throne.

I’ve always found this piece of history interesting. It demonstrates quite well that you can only persecute a people so far before they’ll rise up against you. Fast forward 405 years. Our methods of rebellion have become far less violent thanks in part to the formation of democracy. But this election season the people of the United States showed the ruling party that we were unhappy with their Health Insurance Company Enrichment Act, continued bailouts, war, and all sort of other unpleasant things. Sadly the rebellion just put into place more of the same but it does who people take note of what the ruling party do and will rebel as best as they can find to.

So yes remember the fifth of November as a day to celebrate rebellion against oppressive rule.