A webserver is a computer, connected to the public internet, that does things
(serves pages, etc.) whenever anyone asks it to. This makes it an easy thing
to attack: the first step toward attacking a computer is usually getting it to
do your bidding, and a webserver does your bidding every time you click a link.
My system logs show that I get attacked several times a day, like (I imagine)
most computers on the Internet. Fortunately, most attacks bounce off — not
because I have some magic security-foo, but rather because the software I’m
using — specifically publicfile — doesn’t work the way the attackers
expect it to.
While I am not so naive or foolish as to say that my server is “secure” —
I’m sure it has some exploitable hole, and it runs in a distant facility that
probably forgets to lock the doors sometimes — these attacks are of mostly
academic interest.
Here’s some data I’ve collected from the past month or so of attacks. I figure
this might help someone else detect or prevent an attack in the future.
I love the ARM Cortex-M series of microcontrollers. The sheer computational
power they pack into a teensy, low-power package is almost embarrassing.
But, many Cortex-M parts are small — 4x4 millimeters small — and don’t have
the pins left over for JTAG. For these parts, ARM introduced a new debug
interface, called SWD.
Unfortunately, SWD isn’t well-supported by open-source tools. Support is in
progress in most of them — including my personal favorite, OpenOCD — but
I’ve had bad luck so far.
Anton Staaf was having the same issue, and decided to do something about it.
He tricked the cheap, commonly-available FTDI FT232H chip into speaking the
line-level SWD protocol. We’ve teamed up and, a week or so later, have
something to show for it.
I may spend a lot of my time working on robots, but I like people. I’ve noticed
this in my professional life: I’m happier and more productive working on a small
team, rather than solo.
My day job has me working alone a lot of the time, so at the beginning of March,
I decided to take matters into my own hands and “find the others.” I knew about
Noisebridge in San Francisco, but they didn’t quite seem like my people
— when I joined their IRC channel they suggested I jump in front of a
train, in fact.
So I was delighted to discover a hackerspace right down the street from me:
Ace Monster Toys in Oakland.
Thingiverse has deployed my modifications to Thingiviewer, which were first
seen on this very site powering the 3D Thing Previews. The internet is now just
a little bit better. Woot!