At Cal, even though my major was software, I had to take several electronics courses. When I got to college I had programming experience, but not the first clue about electronics. Resistors, LEDs, logic gates, karnaugh maps, and EPROMs were well outside my understanding. But within the first few weeks of classes they had us building digital alarm clocks and television remote controls from scatch. The first iterations were all resistors on breadboards, then we moved to chips and EEPROMs… which certainly made the breadboards neater. Things got much more complex a couple semesters in, when we had to design and implement CPUs – and the design not only had to work , but it actually had to meet design specifications for low power, low chip count, and high clock rates. Regardless, I loved the hardware classes, and I gave serious consideration to changing my major from software to hardware. But that pretty well died when I left college.
Over the last couple months I have been picking up some basic projects for fun. Little stuff like replacing light bulbs with LEDs in an old stereo receiver, putting automated light switches into some of the wall plates, and making my own interconnect cables. A new multimeter and soldering iron, and I was off to the races. Pretty simple stuff, but then I wanted to do something a little more complex. I had a couple ideas but wanted to see if other people had already done something similar. As with most projects, I consulted The Google, and that’s when I stumbled on the world of Arduino.
This little device keeps coming up on chat boards for all the projects I was looking at. I start doing my research I found the Arduino documentary which resulted in one of those “Oh, holy $#^!” moments. As long as I have been around software and participated in open source software projects, I had never considered the possibility of open source hardware. About 1/3 of the way into the documentary, they talk about physically creating objects from open source plans, using Arduino as the controller, and creating complex electronic control systems by assembling simple circuits other people have posted on the net. There are all sorts of how-tos on digital audio converters and, since Arduino offers the basic infrastructure to communicate with the computer through a USB port, it provides a common controller interface.
Technically I have been aware of Arduino for a couple years now, as I see them at DEFCON, but I never really thought about owning one. My impression was that it was a toy for instructional purposes. That assessment is way off the mark. I mean, screwdrivers and hammers are incredibly simple tools, but essential when working on your home improvement/car/whatever. This thing is a simple-to-use but very powerful tool for interfacing computers and other logic controllers with just about any electronic device. I am sure those of you who have been playing with these for a few years are saying “Well, duh!”, so I acknowledge I am late to the party. But if you are not aware of this little device, it’s a cool tool with hundreds of easy examples for learning about electronics.
So I just placed my order for a starter set, and am now looking for plans to build my own DAC for my iMac. I am hopeful it will sound better than the standard ones you can buy. Playing with malicious USB drives sounds interesting as well.
And don’t forget our Cloud Security Alliance training February 13th in San Francisco!
On to the Summary:
Mike Rothman: Firewalls are Evolving.
Adrian’s DB2 Security Overview white paper.
Nice mention by Schwartz Communications.
Mike Rothman: The Greenfield Project. I know it’s lame to vote for yourself. But this is a great thought experiment.
Rich: Microsoft, Oracle, or Other. Not really about security, but Adrian does a great job explaining the current database market drivers.
Adrian Lane & David Mortman: Intel’s Red Herring.
Mike Rothman: He Who is Not Busy Being Born is Busy Dying. What Gunnar said. Yes, we do security, but we need to get smarter about the business. Period.
Rich: The New School on the Ponemon data breach study. While Larry’s methodology has improved significantly, I think the cost-per-record-lost metric is one of the most misleading in our industry. There is no way it will accurately reflect your own losses with such wide variation between organizations.
Adrian Lane: Russell eviscerates the Ponemon study.
Pepper: Android Trojan details. Multiple very clever and very naughty bits combine to ‘hear’ and exfiltrate spoken or punched-in credit card data.
David Mortman: Seven Dirty Words of Cloud Security.
Apple Taps Former Navy Information Warrior David Rice for Global Director of Security.
Five men arrested on a charge of launcing pro-WikiLeaks DDoS attacks.
Facebook hack apparently an API bug. Accounts were not hijacked.
“White Space” tracking database. Not security news, but an interesting look at some of behind-the-scene details on reuse of TV spectrum and Google’s thirst for data.
DHS to End Color-Coded ‘Threat Level’ Advisories. I know many of you are crying in a corner, asking how you can conduct yourselves without the big colorful fear-o-meter.
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to our very own David Mortman , in response to Intel’s Red Herring.
What a load of crap from Intel. I love the “it’s not signature based, it’s completely radical”. I’m not holding my breath – sounds like it’s going to be heuristic, which sounds a whole like the original AV stuff that Norton got from Dr. Tippet oh 20+ years ago now.