#qi-hardware IRC log for Tuesday, 2014-09-02

nicksydneywpwrak: another day another WiFi https://www.indiegogo.com/projects/xwifi-a-fingertip-sized-wifi-module-open-source :)00:00
DocScrutinizer05duh! 19 "free" modules available still (1$ + facebook-like)00:18
DocScrutinizer05too bad, I got no facebook account ;-P00:18
whitequarkI don't get one thing though, is 00:20
whitequarkit doesn't seem to have any kind of security measures00:20
whitequarkso anyone on your network could do whatever they want00:20
whitequarkasked them00:24
DocScrutinizer05I think you need to set the password via USB or whatever?00:27
DocScrutinizer05or it has hardcoded password ;-P00:27
whitequarkif it's just password, then it's shit00:28
whitequarkanyone with a sniffer on the same network figures it out in a minute00:28
DocScrutinizer05well, I mean that WPA thing 00:28
whitequarkno difference if WPA or dedicated password00:29
whitequarksuppose you want to control it remotely -- you're screwed00:29
DocScrutinizer05sorry, you lost me00:29
whitequarkif the protocol itself doesn't have any kind of request signing and/or encryption, you can't just port forward it and control it remotely00:29
whitequarkexposing it to the internet00:29
whitequarkif the protocol does and the firmware is not written by morons (it probably is, but another story), you can00:30
DocScrutinizer05err, I don't think this is a regular WiFi adapter00:30
whitequarkwhat do you mean?00:30
DocScrutinizer05InternetOfThings, it's meant for remote control, not general purpose internet data transfer00:31
whitequarksure. so?00:31
DocScrutinizer05So I guess it has a way to set WPA-passphrase and that's it00:31
whitequarkwell, and that's dumb.00:31
DocScrutinizer05WPA2 maybe even00:31
whitequarkadding request signing with sha256 is like an hour of work and it already makes requests unforgeable00:32
whitequarkencrypting them is a bit harder, but still can be done00:32
DocScrutinizer05WPA *is* encryption, no?00:32
whitequarkWPA only matters locally00:32
whitequarkand also00:33
whitequarkif the adversary is in your network, you're screwed00:33
DocScrutinizer05sorry, I don't get it00:33
whitequarkif you forward the traffic to this WiFi thing, you're screwed too00:33
whitequarkthe only case where you're protected by WPA is: 1) the device only EVER communicates inside the network and there is no way to address it from outside 2) ALL of the hosts on the network are trusted00:34
DocScrutinizer05ooh, you want it to have encryption on higher level, not on-the-air00:34
DocScrutinizer05so you could hook up the thing to arbitrary public hotspots00:34
whitequarknot necessarily00:34
whitequarkso I could just say to my home router "expose this IP:port to web"00:34
whitequarkand still be safe00:34
whitequarkthis will be a very common use case00:35
nicksydneyi think probably in terms of security it's not that strong 00:35
whitequarknicksydney: my point is that adding request signing is *trivial*00:35
whitequarkadding encryption is less trivial because you need to use a proper mode00:35
whitequarki.e. authenticated encryption00:35
whitequarkAES-GCM, or xsalsa20+poly130500:36
DocScrutinizer05you probbaly should implement such stuff on your firewall/router, or on a proxy resp concentrator in your network00:36
whitequark1) that's too much to ask of most users of the device00:36
whitequark2) if your network is insecure, and it is, it doesn't help00:37
DocScrutinizer05most users don't want to control the thing from remote via public internet00:37
whitequarkof course they do00:37
whitequarkthis is what already happens00:37
whitequarksource: several full internet scans, published recently00:37
DocScrutinizer05hmm, silly00:37
whitequarksee point 2 anyway00:38
whitequarkif your passphrase is "iloveyou" (it is), WPA2 is as good as open00:38
DocScrutinizer05my home automation works different: I have a CCU-1 embedded linux device that has a web frontend on intra(inter)net00:38
DocScrutinizer05this CCU-1 controls all the gadgets00:39
DocScrutinizer05well, for me it's simple since the gadgets all are 866MHz, not any WiFi and no TCP-IP either00:40
whitequarksure, I'm just saying that if you have real-world people who are not huge nerds and just want their problem solved00:40
whitequarkthis is how the device should work.00:40
DocScrutinizer05I can see how users buy such WiFi home automation gadgets since they want to communicate to them directly with their iPhone00:41
DocScrutinizer05then exposing them to the public net is a logical next step, though pretty silly00:41
whitequarkyes yes00:41
whitequarkexactly what I mean00:41
whitequarkit may be silly, but you can at least make it possible to have it secure00:42
whitequark(still have to not set the password to 123456! but oh well)00:42
DocScrutinizer05but probably those users don't even care ;-P00:42
DocScrutinizer05"duh! why should I worry when some idiot thinks it's funny to switch my living room light on and off?"00:43
DocScrutinizer05"such idiot cannot exist"00:43
whitequarkyou should have seen the recent VNC scan of entire web00:43
DocScrutinizer05I seen it00:44
whitequarkoh, yeah, it's amusing00:44
DocScrutinizer05well, maybe not the most recent00:44
whitequarka lot of german municipal systems exposed00:44
whitequarksewer control, power stations, etc00:44
DocScrutinizer05yeah, THAT is stupid00:44
whitequarkthe things I seen there are unbelievable00:45
DocScrutinizer05maybe I should scan my town's "IP-range" to find a few funny opportunities to save some money or do entertaining stuff ;-)00:46
mthI guy I knew in school thought it was funny to cycle through the neighbourhood, pointing a TV remote at random living rooms and see if their TV responded00:46
mthsince a lot of them used RC5, it worked pretty well00:47
mthso there is always someone who will prank you like that00:47
DocScrutinizer05yeah, we already improved that prank by using a 15W IR flood light00:47
mtheven more over the internet, where the chance of getting caught is a lot smaller00:47
whitequarkDocScrutinizer05: HAHAHA00:48
whitequarkthat's great00:48
DocScrutinizer05IR laser is also useful, for a slightly different "attack scheme"00:49
whitequarkyou're evil00:49
DocScrutinizer05I know ;-)00:50
ray__hi there can i use librewrt with tp-mr3420? wouter [20:10] <ray__> want sure new to this01:14
whitequarkDocScrutinizer05: any chance you know a good guide for building class E amplifiers?01:23
whitequarka book maybe01:23
DocScrutinizer05class E?01:23
whitequarkclass E.01:23
DocScrutinizer05I admit I don't even know class E01:23
whitequarkkeyed amplifier with LC matching network01:23
ray__ there can i use librewrt with tp-mr3420? wouter [20:10] <ray__> want sure new to this01:24
whitequarkI've been told it's a good idea to use a class E one for my PSU01:24
ray__whats oo01:24
whitequarkless power dissipation, simpler01:24
ray__white did you see my q01:24
DocScrutinizer05we see your q, we don't know an answer when we don't answer01:25
DocScrutinizer05whitequark: that sounds like class-D to me01:25
whitequarkclass-D is PWM, class-E is halfsine though01:26
whitequarkand I think there are other differences01:26
whitequarkhttps://en.wikipedia.org/wiki/Amplifier#Class_E has a good overview01:27
whitequarkThe class-E/F amplifier is a highly efficient switching power amplifier, typically used at such high frequencies that the switching time becomes comparable to the duty time. As said in the class-D amplifier, the transistor is connected via a serial LC circuit to the load, and connected via a large L (inductor) to the supply voltage. 01:27
whitequarkindeed, this is exactly my case01:27
ray__what happens if change subnet?01:27
DocScrutinizer05whitequark: yepo, I see01:27
ray__from the default01:27
whitequarkhm, maybe my Horowitz and Hill has it01:28
ray__what happens when i change default subnetmas?01:28
whitequarkno, doesn't cover PAs at all01:29
ray__white did you see my q about subnetmas01:31
whitequarkray__: I have no idea what are you asking at all01:31
ray__white sorry im austic01:32
whitequarkplease read http://www.catb.org/esr/faqs/smart-questions.html01:32
ray__white what if i change from befault subnet mas to sothing eles what will it do?01:32
DocScrutinizer05aaah, you're thinking about your 100W 12kV thing01:32
whitequarkDocScrutinizer05: sure01:33
whitequarkoh, found http://people.physics.anu.edu.au/~dxt103/class-e/01:34
ray__white did you understand my q that time01:34
ray__white lets try tyhis one more time01:36
DocScrutinizer05whitequark: there you are :-)01:36
DocScrutinizer05hail anu.edu.au01:36
ray__white what happnes if change the default subnet mask?01:36
DocScrutinizer05ray__: what's your topic?01:37
ray__want to knwo what dose changeing the default subnet mask dose?01:37
DocScrutinizer05nothing good01:37
ray__im just woundering01:37
DocScrutinizer05I'm pretty sure you're not supposed to change it01:38
ray__mine tell me i can DocScrutinizer05 01:40
DocScrutinizer05hehe! >>the proof of the pudding is in the eating<<01:53
DocScrutinizer05whitequark: no wonder I never heard of 2class E amp" before. In my book this classifies more for a TX oscillator than what I understand is an amplifier01:57
whitequarkI was surprised too01:58
DocScrutinizer05would be pretty hard to make a audio amp out of this ;-)01:58
whitequarkpfff, who needs audio01:59
DocScrutinizer05actually I wondered how the heck they would modulate that thing01:59
DocScrutinizer05100% preferably01:59
whitequarkyou just change the supply voltage of the amplifier01:59
DocScrutinizer05which is what they did, on a morse rate of 0.1 char/minute02:00
whitequarklike, use a controlled boost converter for that02:00
whitequarkat least that is what I will do02:00
ray__any one want some green apple cookie?02:02
ray__trying to be nice 202:05
ray__2+2= 402:05
DocScrutinizer05when that's a turing test then you didn't pass it yet ;-)02:07
ray__i know marry popion movie02:10
DocScrutinizer05alas I don't02:10
ray__DocScrutinizer05: you a bot?02:10
DocScrutinizer05maybe ;-)02:10
ray__DocScrutinizer05: so you are?02:10
DocScrutinizer05some think I am, yes02:10
ray__DocScrutinizer05: im for real02:10
ray__DocScrutinizer05: school starts soon02:11
DocScrutinizer05I'll proceed to the shower and see if any shorts are caused ;-)02:11
Action: DocScrutinizer05 waves02:12
DocScrutinizer05we shouldn't be hostile to him, eh?02:13
whitequarkDocScrutinizer05: btw, a less braindead version of that poettering thing02:15
whitequarkhttp://nixos.org/nixos/about.html outlines the benefits02:17
whitequarkwpwrak: remind me, which is the good rigol today?03:32
whitequarkthe *B series I can find here is either sold out or has very little RAM03:41
whitequark1074Z seems nicest so far. lot of RAM, big screen, four channels03:44
wpwrakwhitequark: 1000Z is nice. 4 chan, low cost, hackable (if you think of buying all the options individually, then you'd be better off with directly buying a higher-end scope),07:18
wpwrakwhitequark: drawbacks: 1) sample rate gets mercilessly divided down to 250 MSa/s. 2) intensity grading not as nice as in the better rigols.07:20
wpwrakbut if you can live with these limitations, then it's a good choice. if you want fancier, you could get a 2000. but they come only with 2 channels and hacking them is much  harder.07:21
wpwrak3rd option is siglent. new kid on the block in that range. their sds2000 looks quite promising but still had a number of ugly quirks in the firmware (plus a stupidly placed knob). a bit cheaper than the rigol 2000, less unbundling, and goes up to 4 analog channels.07:23
eintopfwpwrak: when I have money, I will ask you about an oscilloscope and then I will buy it. I am 100% sure you are the expert about low cost oscilloscopes in home environment.07:30
eintopfwpwrak: do you think I can build an own oscilloscope with an high ADC sampler and some serial wire connection to pc. PC runs an application which plot data from serial.07:31
eintopfthis will be slow, but it's a possible solution to build one?07:32
wpwrakserial = usb, yes :)07:32
wpwrakah, build a complete device07:32
eintopfftdi chip07:32
wpwrakwell yes, but it'll be a toy, not really useful07:32
eintopfwpwrak: this would be a post on hackaday!07:33
wpwraknaw, there's already a ton of "arduinoscopes" and such junk07:33
eintopfgrml :(, somebody stole my idea. I doesn't know this.07:33
eintopfand arduinologicanalyzers, too?07:34
wpwraki'm sure there are some as well07:34
wpwraki built one with the ben :) actually somewhat useful - does a few dozen MHz07:34
eintopfanother idea was to buy some arm with fpga and built an open usb debugger with that.07:34
eintopfbut I can't programm a fpga. The usb debugger should work with usbmon.07:35
eintopfand many companies are angry to me, who sells some kind of this hardware for 2000 eu07:35
wpwrakyou could consider it a learning opportunity :)07:36
wpwrakand no, you won't be able to sell something like this at such a high price :)07:36
wpwrakfpga-based LAs do of course exist, too. and they're relatively inexpensive.07:36
eintopfso all my ideas are already developed07:38
eintopfokay, an android app/iphone app with gpg encryption to load something in the cloud07:38
eintopfin connection with an anelok07:38
eintopfso we have already some popular members like rihanna07:39
eintopfbut then you need to put some swarozky stones on the anelok!07:39
eintopfwpwrak: (selling) it was not my goal to selling such device. Goal is too have a open source community driven stable device for something like that. ;)07:40
eintopfsniffing usb devices07:41
wpwrak(glass) i'm sure she can afford real diamonds ;)07:46
wpwrak(open) there's also an open critter of that kind. also, there's bitscope07:46
wpwrakwhat they all have in common: they're not very good. e.g., the fpga-based LAs often just use the fpga memory. so they can't store long sequences.07:47
eintopfa doctorand of my university works with hash algorithmn (tested SHA-3 candidates) he use xillinx fpga's07:49
eintopfand the linux IDE07:49
eintopfhe always are very angry about the IDE07:49
eintopfalways broken07:49
eintopferror messages like windows07:49
eintopfwpwrak: (low memory) but when you have a high bus, like PCI-E and connected FPGA, you can use the memory from arm processor or something else07:51
eintopfand I mean dma activated etc... you can already buy some solutions like this07:51
wpwrak(sythesis tools) everybody hates them. have you seen this ? http://captiongenerator.com/4460/Hitler-manages-a-FPGA-design-company07:55
wpwrakthose fpga-LAs normally go USB. yes, if you made a board that goes into a pc, you could do something a lot nicer07:56
wpwrakbut also a lot harder to get right07:56
kyakwpwrak: amazing ! :)07:57
eintopfthat's not funny when you know german language08:07
eintopfokay... a little bit08:07
wpwrakturn off the sound :)08:08
eintopfyea, but the most funny part is the angry reaction speaking08:12
eintopfand this isn't funny if you know what he is talking about.08:13
eintopfIn the 00er years of the internet there was something similar like this. "Fanta world news"08:13
eintopfsome japanese news and you can put own subtitle on it 08:14
eintopfthat was funny!08:15
eintopfbut I never know what they really talked about08:16
eintopfwpwrak: do you can also speak some japanese?08:16
wpwraknope, none of the asian languages08:22
eintopfwpwrak: but you decrypt sometimes asian datasheets?09:08
wpwrakwith a lot of luck ... and a lot of english :)09:11
whitequarkwpwrak: yeah I think 1074z12:43
kyakwpwrak: http://hackaday.com/2014/09/02/developed-on-hackaday-chromefirefox-appsextensions-developers-needed13:02
kyakdunno maybe you've seen13:02
wpwrakkyak: the apps extension ? no. but it's a logical piece. mooltipass ? sure. has a bit different goals than anelok, though. last time i checked, it was designed around a smart card.14:57
Action: DocScrutinizer05 is undecided if likes "moolti"17:46
DocScrutinizer05sounds like Jovovich in "the 5th element"17:47
wpwrakyeah, that's where they "stole" the name. let's hope it won't get them into legal trouble.18:15
DocScrutinizer05let's hope it's not as pathetic as the original muhltipass18:16
DocScrutinizer05Jovovich is hot, but the movie is more like a huge parody18:17
DocScrutinizer05I'd be reluctant to use it for a branding18:17
Action: whitequark pokes ltspice18:18
whitequarkltspice seems pretty cool, except it apparently hasn't evolved since about uhh18:18
DocScrutinizer05watch out, I heard it pokes back18:18
whitequarkeither the GUI or the engine18:19
DocScrutinizer05N-either ?18:19
Action: DocScrutinizer05 glances at quics18:20
DocScrutinizer05err qucs18:20
whitequarkeither GUI or engine have not evolved, or, neither GUI nor engine have evolved18:20
whitequarkI would expect better understanding of boolean logic from you :>18:21
DocScrutinizer05exactly, the first is a logic XOR, the second a logic NAND18:21
wpwrakwhitequark: now you know the exact age of the world, according to "young earth" creationists :)18:22
whitequarkDocScrutinizer05: oh18:22
whitequarkfoiled by my own deeds!18:22
whitequarkwpwrak: the world was created at 00:00 Jan 1 198018:23
wpwrakaka D(OS)-day ;-)18:27
whitequarkit's Unix epoch, no?18:27
whitequarkor was it 1970?18:27
whitequarkright, 197018:27
DocScrutinizer05jr@saturn:~> date -d@018:28
DocScrutinizer05Do 1. Jan 01:00:00 CET 197018:28
DocScrutinizer05jr@saturn:~> TZ='America/Los_Angeles' date -d@018:30
DocScrutinizer05Mi 31. Dez 16:00:00 PST 196918:30
Action: DocScrutinizer05 starts musing18:31
DocScrutinizer05the world got created all the same time?18:31
DocScrutinizer05and when same time, then absolute, or same local time?18:31
whitequark-d specifies offset including timezone18:32
whitequarknot Unix time, in fact18:33
whitequark(because Unix time is at UTC)18:33
--- Wed Sep 3 201400:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!