Blog

Attacks on my Server: The Data

I try to maintain a reasonably secure webserver.

A webserver is a computer, connected to the public internet, that does things (serves pages, etc.) whenever anyone asks it to. This makes it an easy thing to attack: the first step toward attacking a computer is usually getting it to do your bidding, and a webserver does your bidding every time you click a link.

My system logs show that I get attacked several times a day, like (I imagine) most computers on the Internet. Fortunately, most attacks bounce off — not because I have some magic security-foo, but rather because the software I’m using — specifically publicfile — doesn’t work the way the attackers expect it to.

While I am not so naive or foolish as to say that my server is “secure” — I’m sure it has some exploitable hole, and it runs in a distant facility that probably forgets to lock the doors sometimes — these attacks are of mostly academic interest.

Here’s some data I’ve collected from the past month or so of attacks. I figure this might help someone else detect or prevent an attack in the future.

Ultimate Guide to 3D Printing

Back in the Fall, I was invited to contribute to Make Magazine’s Ultimate Guide to 3D Printing. (That’s me on the front page, squinting at the Ultimaker wiki.)

If you’re in the market for a 3D printer, it’s a great place to start! We spent a weekend really putting these printers through their paces.

Introducing swddude

I love the ARM Cortex-M series of microcontrollers. The sheer computational power they pack into a teensy, low-power package is almost embarrassing.

But, many Cortex-M parts are small — 4x4 millimeters small — and don’t have the pins left over for JTAG. For these parts, ARM introduced a new debug interface, called SWD.

Unfortunately, SWD isn’t well-supported by open-source tools. Support is in progress in most of them — including my personal favorite, OpenOCD — but I’ve had bad luck so far.

Anton Staaf was having the same issue, and decided to do something about it. He tricked the cheap, commonly-available FTDI FT232H chip into speaking the line-level SWD protocol. We’ve teamed up and, a week or so later, have something to show for it.

Being a Social Hacker

I may spend a lot of my time working on robots, but I like people. I’ve noticed this in my professional life: I’m happier and more productive working on a small team, rather than solo.

My day job has me working alone a lot of the time, so at the beginning of March, I decided to take matters into my own hands and “find the others.” I knew about Noisebridge in San Francisco, but they didn’t quite seem like my people — when I joined their IRC channel they suggested I jump in front of a train, in fact.

So I was delighted to discover a hackerspace right down the street from me: Ace Monster Toys in Oakland.

Making Thingiverse Faster

Thingiverse has deployed my modifications to Thingiviewer, which were first seen on this very site powering the 3D Thing Previews. The internet is now just a little bit better. Woot!