Cliffleblog!

Project Loon

While I’ve been blogging about my personal projects off and on, I’ve been awfully quiet about my day job. Now I can tell you why.

The internet is an amazing technology for empowering people to connect with their loved ones, develop new ideas, find kindred spirits, start businesses, and educate one another. But it works best when everyone can participate.

Soon, they’ll be able to.


My Recommended Publicfile Patches

While djb is perhaps best known for writing qmail, he also wrote a web server, publicfile. Like his other software, publicfile is simple and robust. I use it to serve this site, among other software.

Characteristically for djb, publicfile is pretty minimal out of the box. Here are a few patches I applied to the source to make my server faster, more flexible, and easier to use.

Read More…

Ultimate Guide to 3D Printing

Back in the Fall, I was invited to contribute to Make Magazine’s Ultimate Guide to 3D Printing. (That’s me on the front page, squinting at the Ultimaker wiki.)

If you’re in the market for a 3D printer, it’s a great place to start! We spent a weekend really putting these printers through their paces.


Attacks on my Server: The Data

I try to maintain a reasonably secure webserver.

A webserver is a computer, connected to the public internet, that does things (serves pages, etc.) whenever anyone asks it to. This makes it an easy thing to attack: the first step toward attacking a computer is usually getting it to do your bidding, and a webserver does your bidding every time you click a link.

My system logs show that I get attacked several times a day, like (I imagine) most computers on the Internet. Fortunately, most attacks bounce off — not because I have some magic security-foo, but rather because the software I’m using — specifically publicfile — doesn’t work the way the attackers expect it to.

While I am not so naive or foolish as to say that my server is “secure” — I’m sure it has some exploitable hole, and it runs in a distant facility that probably forgets to lock the doors sometimes — these attacks are of mostly academic interest.

Here’s some data I’ve collected from the past month or so of attacks. I figure this might help someone else detect or prevent an attack in the future.

Read More…

Introducing swddude

I love the ARM Cortex-M series of microcontrollers. The sheer computational power they pack into a teensy, low-power package is almost embarrassing.

But, many Cortex-M parts are small — 4x4 millimeters small — and don’t have the pins left over for JTAG. For these parts, ARM introduced a new debug interface, called SWD.

Unfortunately, SWD isn’t well-supported by open-source tools. Support is in progress in most of them — including my personal favorite, OpenOCD — but I’ve had bad luck so far.

Anton Staaf was having the same issue, and decided to do something about it. He tricked the cheap, commonly-available FTDI FT232H chip into speaking the line-level SWD protocol. We’ve teamed up and, a week or so later, have something to show for it.

Presenting: swddude, the dead-simple programmer for SWD microcontrollers. (By “dead-simple” I mean “rather braindead” but it works!) Currently it can flash code onto the LPC111x, LPC11Cxx, and LPC13xx series. Support for more chips is in progress.

I’ve posted a mirror of the code on GitHub for your cloning pleasure. Happy hacking!


Language-Independent Sandboxing of Just-In-Time Compilation and Self-Modifying Code

This paper, presented at PLDI ‘11, describes a key innovation behind Native Client, which is (as far as I’m aware) an industry first: the ability to verify the safety of a code-generating program, like a JIT or language runtime, and that of its output, on the fly. We can even support self-modifying code, with very little runtime overhead for verification. I firmly believe that active runtimes involving some degree of JIT code generation are the future, and this paper shows that we don’t have to sacrifice security or reliability to support them.

I designed the mechanisms behind this technology with Bennet Yee and David Sehr, for x86, x86-64, and ARM processors. The rest of the authors did the hard part: implementing it in a portable way and shipping it to the masses. If you’re using Chrome, you’re already using this technology.

We received an internal Google award for this paper.


Kallisti Makerbot Software

To keep track of exactly what software, patches, etc. I run on my MakerBot Cupcake, I created a repository on GitHub.

Read More and Download…
 

Introducing the 3G5D Mini

Picture of the 3G5D Mini on a MakerBot Cupcake

As long-time readers know, I have an original MakerBot Cupcake. I’ve been frustrated with the upgrade path using official MakerBot Industries parts (which can be best summarized as “don’t upgrade”).

Then I saw Rob Giseburt’s 3G 5D Shield. It’s a clever upgrade board that breaks out some previously unused (on my bot) signals to drive an additional stepper. Inspired, I built my own version — much smaller, so that it doesn’t obstruct the reset button or JTAG port.

I give you: the 3G 5D Mini. It works great, and it’s completely compatible with Rob’s firmware (available through ReplicatorG). I’m getting the best print quality I’ve ever had, all thanks to a couple dollars’ worth of connectors.


Drawers

I wanted a small toolchest to organize hand tools and soldering supplies in my office. Because I don’t like having to design anything more than once, I wrote a parametric chest-of-drawers generator in OpenSCAD. It’s adaptable to any material, any size, and any number of drawers. Go crazy!

Read More and Download…
 

Older Posts