Ordering Printed Circuit Boards – OSH Park

Ordering Printed Circuit Boards – OSH Park

Positivesosh_logo

  • Easy!
  • Quick
  • Cheap
  • Made in the USA

OSH Park made the ordering process so easy. I simply uploaded the zip file containing the board documents and it automatically processed everything. I was able to review what I uploaded to verify it looks good then place my order. I didn’t need to know board size, number of layers, thickness, or anything that some other ordering places require.

Negatives

  • Must order at least 3

Neutral

  • Can’t pick board colors

Personally I do not mind the purple boards but I could see some people wanting a specific color for some projects.

Recommendation

Timeline: Keep in mind Thanksgiving was during this period and may have slowed down the process.

  • Nov 19th – Placed Order
  • Nov 19th – Assigned to Panel and sent to fab
  • Nov 30th – OSH Park received from fab
  • Nov 30th – OSH Park shipped to me
  • Dec 5th – Arrived at my house

Yes, I would definitely recommend OSH Park for ordering custom printer circuit boards. Just for kicks, I uploaded the SparkFun Arduino Shield but to order three it was more expensive than ordering from SparkFun. If you need more options and know what you are doing then it might be better to check elsewhere but for a new developer that just wants a quick custom board this is a fantastic place to go. I am not an expert, by any means, but quality looks great to me.

Is Simply Enabling SSL Enough?

Is Simply Enabling SSL Enough?

aplusWhen I decided to actually start blogging again–even though I get very little traffic–I thought it was important to enable SSL because I believe in encryption. There was a time when anyone, with little to no IT knowledge, could sit at a Starbucks and intercept login information for anyone using the wireless. Nowadays that traffic is encrypted by default because of a push to increase security and protect your users. Now it is frowned upon it accept login credentials without SSL being configured. To keep this post short I will not get into information on what some people are calling the next cryptowars.

I moved this blog to a VPS provider and setup a simple LAMP stack with all the latest updates. Then from there I restored my blog and, finally, configured encryption. Good enough, right? Everything is fully up-to-date and encrypted so what is next? I came across various hardening guides and a free tool from Qualys called SSL Labs. This tool is capable of scanning a website from the outside and provides an in-depth look at the SSL configuration. I was a bit surprised when my website returned a C grade but after reviewing the report it made a lot of sense.

Configuration Issues

  • SSL 3 enabled (POODLE attack) – Grade capped to C
  • Accepts RC4 ciphers – Grade capped to B
  • Server does not support Forward Secrecy
  • Cert Chain contains anchor
  • Incorrect SNI alerts

Read More Read More

A New Year – We need more, not less democracy

A New Year – We need more, not less democracy

The other day while walking my dog I started thinking about some ideas and goals I have recently started building. As I have said before I spend quite a bit of time watching various security videos. Since the Snowden leaks those interests branched out to be more political and motivational. I have began to have a bigger part in that community but I was having trouble deciding where I wanted to go in life. I mean, I am not a programmer by any means so something like working for the Tor project seems impossible. I am not a lawyer so working for the EFF or the ACLU is unlikely. I have a lot of computer skills but most of them relate to businesses that manage many servers and applications. I enjoy things like a reliable paycheck and comfort.

Now without all these skills we can still do something. I do not need to figure out the master plan before I start something. I could begin learning to program, I could read more, I could setup SecureDrop in a lab environment, I could convert my Tor relay into an exit node, or I could even begin learning another language. I may never be the next Jacob Appelbaum working for the Tor Project and spreading awareness like the video above but small ideas are capable of becoming something larger. So you do not need to know your end goal to get started today.

Completed:

  • Install Signal
  • Install Tor
Protecting the Users

Protecting the Users

I came across this article on Ars Technica which talks about BlackBerry BES pulling out of the Pakistani market because they refused to supply a backdoor. Sean Gallagher quoted Marty Beard who is the BlackBerry COO saying this:

“While we regret leaving this important market and our valued customers there, remaining in Pakistan would have meant forfeiting our commitment to protect our users’ privacy. That is a compromise we are not willing to make.” Beard said that the Pakistani government demanded “the ability to monitor all BlackBerry Enterprise Service traffic in the country, including every BES e-mail and BES BBM message,” but that the company had refused, prompting the ban.

 

http://blogs.blackberry.com/2015/11/why-blackberry-is-exiting-pakistan/

While reading comments and looking for more information I saw BlackBerry criticized for possible past issues or people saying that the market was super small anyways so it basically does not matter. Either way, it seems that BlackBerry is standing up for the users and doing their best to protect them. It looks like more companies are starting to fight for the users and push back against governments demanding this type of access. It would be interesting to see if the same sentiment would apply to the United States. So far Apple seems to be leading the way in this regard. Although without open source software it is impossible to tell if they are saying one thing in public and doing another thing behind closed doors…

Building my own Tastic RFID Thief, Part 1

Building my own Tastic RFID Thief, Part 1

RFID-TagIn 2013 I watched the original Defcon presentation where they presented the RFID thief. Bishop Fox designed a tool for pen-testing and to demonstrate a weakness in the ID card system. This long-range RFID reader is able to collect and store card information that could be written to a new card at a later time or used in a replay attack.

Bishop Fox’s goal:

Our goal is to make it easy for security professionals to re-create this tool so that they can perform RFID physical penetration tests and better demonstrate the risks posed by these technologies to their management.  The hope is that they can get up and running quickly, even if they don’t have an RFID or electrical engineering background.

At the time I thought it was such a cool device and wanted to build one but it was rather expensive. Recently while searching through my bookmarks–which is a nearly impossible task–I found the device again and decided to make it. Although I do not have a particular use for the device I thought it would be a good learning experience and a chance to start learning the Arduino. I want to point out that I do not have any electrical engineering experience but have a lot of soldering experience. With the information provided on their website Bishop Fox has definitely been able to accomplish their goal and the device was really easy for me to make.

Shubham Shah also released a great article going over how he built his Tastic RFID Thief. Found here: https://shubh.am/guide-to-building-the-tastic-rfid-thief/

I do not feel like it is necessary to rewrite all of the great work that these people have already been done but I will talk about the things that I have done differently.

Read More Read More

Flash BLHeli Multi to Turnigy 6A ESC

Flash BLHeli Multi to Turnigy 6A ESC

A while ago I wanted to get into quadcopters but after my building my first one I ran into technical issues and lost interest. Now that the sport is picking up popularity with commercial developments and FPV racing I decided to try again. I still had all my equipment and started building a micro tricopter.

If you look into building a custom multicopter most people will recommend you reflash your ESCs with aftermarket firmware designed for this purpose. They will fly with the stock firmware but can perform better after being flashed. Unfortunately there is a lot of information for all the different ESC models and much of it is outdated. Looking back to 2012/2013 you might find owSilProg. This is where I started and found out it very outdated but I was still able to successfully flash old firmware using it.

I am going to document how I flashed my Turnigy Plush 6A with the latest BLHeli Revision which is 14.3. The cool thing is with the later versions of BLHeli the software can be updated using the ESC plug instead of soldering to the pin outs again but I will cover this in another article. This process should also work for all ESCs that are built upon SILABS chips.

Read More Read More

Ditching the ASA 5505, Part 2

Ditching the ASA 5505, Part 2

pfsenseimage02In a previous post I discussed some of the political motivation for beginning to remove Cisco from my network and replace it with opensource software. Jacob Appelbaum likes to say, “Free Software for Freedom”.

Instead of buying new hardware I decided to repurpose an old SuperMicro server I had built to run FreeNAS a few years ago. The motherboard is a simple MicroATX with an Intel Atom D525 and 4GB of RAM housed inside of a small SuperMicro 1U case. While I was thinking about this transition I decided the biggest thing I would miss were the two Power Over Ethernet (POE) interfaces that the ASA 5505 had. After a tiny bit of digging I discovered StarTech has a PCI Express POE Gigabit Ethernet adapter with two or four ports. It supports IEEE 802.3at so it wont have any trouble powering access points.

Part Number: ST2000PEXPSE

IMG_20151117_210420216

IMG_20151117_194152707

Read More Read More

Aaron Swartz Day 2015

Aaron Swartz Day 2015

Monday I discovered the video below on Youtube. It included many speakers that I enjoy listening to and introduced me to an event which I was previously unaware of.

It is coincidence that about a month ago I was reintroduced to Aaron Swartz through a video documentary. It covered his life growing up, his work on the Creative Commons, various other projects, activism, unfortunate legal troubles, and finally a sad ending to his short but incredibly successful life. I remembered hearing about what was going on back in 2011 but I did not follow the story at the time. To summarize, basically, Aaron created a program to download academic journal articles from a database named JSTOR which was free to access at the MIT campus. He was charged with two counts of wire fraud and 11 violations of the Computer Fraud and Abuse Act. Even though MIT and JSTOR decided to not persue charges it seemed like someone wanted to make an example out of him.

One of his projects was called DeadDrop which was designed to allow anonymous people to disclose information securely. His project has since been picked up by a new team of people and was renamed SecureDrop. Many news organizations have adopted SecureDrop since the Snowden leaks including, The Intercept and The Guardian.

This even was designed as a hackathon weekend to help develop SecureDrop in remembrance of Aaron.

The list is growing

The list is growing

It probably is not the worst list to be on but–personally–I do not remember voting on which lists should exist in the first place. It is scary to think of all the other lists we do not know about yet considering simple metadata can put you on an assassination list.

Source

Screenshot from 2015-11-12 08:42:40

Ditching the ASA 5505 for pfSense

Ditching the ASA 5505 for pfSense

Tor-onion-2011-flat.svgIn the last year or two I have been watching a lot of security focused talks. Most of them relate to the Snowden leaks, anonymity, and various computer security topics. Jacob Appelbaum–who is a software developer and journalist–has been one of my favorite people to watch. He works for the Tor project and his talks typically include technical facts, political ideas, people who he considers are assholes, and lots of question and answer. Due to the nature of his work he lives in exile in Germany and has been advised to not return to the United States.

I will never forget how he opened one of his speeches by quoting his father.

When the next holocaust comes, it will be your fault for not having stopped it.

He goes on to relate that motivational guilt to implementing a technical action plan and how we can resist mass surveillance or other forms of oppression.

It is a great and more recent video which can be found here: YouTube – ‘A technical action plan’

Going back to July 2011, at REcon, Appelbaum gave a talk about Internet Filtering and demonstrated what techniques various countries were using. It is interesting to note that this video is well before the Snowden leaks and we already had some idea of how the NSA was tapping the internet.

YouTube Source – Recon 2011 Internet Filtering by Jacob Appelbaum

His talk focused on oppression and how various companies provide technical solutions to help countries basically track down people and in some cases kill them. Starting just after the 57 minute mark Appelbaum begins to summarize his trip to Egypt. He told some companies that he was consulting for a small country and he wanted to oppress the citizens. He said the guy there from Cisco was like, “yeah, don’t worry about that”. Cisco went on to talk about how their devices are in all the major telecos in Egypt and they are working on getting it deployed in other places. “We can identify exact users and totally help you find those people”.

If anyone has proof that Cisco has stopped providing tools to hunt down people in oppressive countries I would love to see it in the comments.

To be fair Appelbaum talks about other major companies doing similar things but Cisco is the one that relates most to me. While Cisco may be a staple product in my work life I do not need to choose to support them at home. **Please remember this blog represents my current views which may not align with my employer** I will also be working on another post which relates to the more technical aspects of my pfSense installation. If you are interested in watching more of Jacob Appelbaum I would recommend searching for other his presentations such as, ‘To Protect and Infect Part 2’, ‘Not My Department’, and ‘People Think They’re Exempt From NSA’.