Linux-Fu: Your Own Dynamic DNS

movies amateur pornIt is a problem as old as the Internet. You want to access your computer remotely, but it is behind a router that randomly gets different IP addresses. Or maybe it is your laptop and it winds up in different locations with, again, different IP addresses. There are many ways to solve this problem and some of them are better than others.

A lot of routers can report their IP address to a dynamic DNS server. That used to be great, but now it seems like many of them hound you to upgrade or constantly renew so you can see their ads. Some of them disappear, too. If your router vendor supplies one, that might be a good choice, until you change routers, of course. OpenWRT supports many such services and there are many lists of common services.

However, if you have a single public accessible computer, for example a Web server or even a cloud instance, and you are running your own DNS server, you really don’t need one of those services. I’m going to show you how I do it with an accessible Linux server running Bind. This is a common setup, but if you have a different system you might have to adapt a bit.

There are many ways to set up dynamic DNS if you are willing to have a great deal of structure on both sides. Most of these depend on setting up a secret key to allow for DNS updates and some sort of script that calls nsupdate or having the DHCP server do it. The problem is, I have a lot of client computers and many are set up differently. I wanted a system where the only thing needed on the client side was ssh. All the infrastructure remains on the DNS server.

Continue reading “Linux-Fu: Your Own Dynamic DNS”

Running A Successful Hacker Camp In A Pandemic: BornHack 2020

You could say 2020 is The Year That Didn’t Happen, or perhaps even The Year That Everything Happened Online. All the international cons and camps have been cancelled, and we’ve spent our time instead seeing our friends in Jitsi, or Zoom.

But there was one camp that wasn’t cancelled. The yearly Danish hacker camp BornHack has gone ahead this year with significantly reduced numbers and amid social distancing, turning it from what is normally one of the smaller and more intimate events into the only real-world event of 2020.

I bought my ticket early in the year and long before COVID-19 became a global pandemic, so on a sunny day in August I found myself in my car with my friend Dani from FizzPop hackerspace in Birmingham taking the ferry for the long drive through the Netherlands and Germany to Denmark.

Continue reading “Running A Successful Hacker Camp In A Pandemic: BornHack 2020”

CNC On The Desktop Hack Chat

Join us on Wednesday, August 26 at noon Pacific for the CNC on the Desktop Hack Chat with Matt Hertel and John Allwine!

Once limited to multi-million dollar machines on the floors of cavernous factories, CNC technology has moved so far downscale in terms of machine size that it’s often easy to lose track of where it pops up. Everything from 3D-printers to laser engravers use computer numeric control to move a tool to some point in three-dimensional space, and do it with unmatched precision and reproducibility.

CNC has gotten so pervasive that chances are pretty good that there’s a CNC machine of some sort pretty close to everyone reading this, with many of those machines being homebrew designs. That’s the backstory of Pocket NC, a company that was literally started in a one-bedroom apartment in 2011 by Matt and Michelle Hertel. After a successful Kickstarter that delivered 100 of their flagship five-axis desktop CNC mills to backers, they geared up for production and now turn out affordable machine tools for the masses. We’ve even seen some very complex parts made on these mills show up in projects we’ve featured.

For this Hack Chat, we’ll be joined by Pocket NC CTO and co-founder Matt Hertel and John Allwine, who recently joined the company as Principal Software Engineer. We’ll discuss not only Pocket NC’s success and future plans, but the desktop CNC landscape in general. Drop by with your questions regarding both the hardware and the software side of CNC, about turning an idea into a business, and where the CNC world and next-generation manufacturing will be heading in the future.

join-hack-chatOur Hack Chats are live community events in the?Hackaday.io?Hack Chat group messaging. This week we’ll be sitting down on Wednesday, August 26 at 12:00 PM Pacific time. If time zones baffle you as much as us, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links: August 23, 2020

Apple, the world’s first trillion-dollar company — give or take a trillion — has built a bit of libertarian cachet by famously refusing to build backdoors into their phones, despite the entreaties of the federal government. So it came as a bit of a surprise when we read that the company may have worked with federal agents to build an “enhanced” iPod. David Shayer says that he was one of three people in Apple who knew about the 2005 program, which was at the behest of the US Department of Energy. Shayer says that engineers from defense contractor Bechtel, seemed to want to add sensors to the first-generation iPod; he was never clued in fully but suspects they were adding radiation sensors. It would make sense, given the climate in the early 2000s, walking down the street with a traditional Geiger counter would have been a bit obvious. And mind you, we’re not knocking Apple for allegedly working with the government on this — building a few modified iPods is a whole lot different than turning masses of phones into data gathering terminals. Umm, wait…

A couple of weeks back, we included a story about a gearhead who mounted a GoPro camera inside of a car tire. The result was some interesting footage as he drove around; it’s not a common sight to watch a tire deform and move around from the inside like that. As an encore, the gearhead in question, Warped Perception, did the same trick bit with a more destructive bent: he captured a full burnout from the inside. The footage is pretty sick, with the telltale bubbles appearing on the inside before the inevitable blowout and seeing daylight through the shredded remains of the tire. But for our money, the best part is the slo-mo footage from the outside, with the billowing smoke and shredded steel belts a-flinging. We appreciate the effort, but we’re sure glad this guy isn’t our neighbor.

Speaking of graphic footage, things are not going well for some remote radio sites in California. Some towers that host the repeaters used by public service agencies and ham radio operators alike have managed to record their last few minutes of life as wildfires sweep across the mountains they’re perched upon. The scenes are horrific, like something from Dante’s Inferno, and the burnover shown in the video below is terrifying; watch it and you’ll see a full-grown tree consumed in less than 30 seconds. As bad as the loss of equipment is, it pales in comparison to what the firefighters face as they battle these blazes, but keep in mind that losing these repeaters can place them in terrible jeopardy too.

Continue reading “Hackaday Links: August 23, 2020”

Seeing The Skill Is Better Than Seeing The Project

Pulling off a flashy project that gets the viral-media hug of widespread approval feels great. Getting there is no easy path to walk and often times the craft that went into a finished project doesn’t even take the back seat but gets no mention at all. Often I find I’m more impressed by — or a least my attention is more strongly captured by — the skills put on display as prominently as the finished build.

Case-in-point this week comes from the model railroad work of [Diorama111]. Seeing an OLED screen in the nose of an HO scale locomotive just like the real-life version is impressive, but how many people missed the one-off soldering masterpiece that went into this one? You’ll marvel at the SMD techniques used with through-hole protoboard on this one.

Occasionally we do get to look over the shoulder of the master as decades of skills are shared for the purpose of passing them on. So was the case back in May when we watched as [Leo] walked through his tips and tricks for prototyping at the electronics bench. This included a lot of non-obvious but clever stuff; tips on working with copper tape for solder buses, using Teflon tubing with bare wire instead of stripping PVC-insulated wire, and a deep dive into copper clad prototyping.

So remember all of us hardware geeks when you look to tell the story of your project. We want to know how it was done at least as much as what was done. There was a time when electronic designers were a separate work group from electronic technicians (and wow, those technicians were in a league of their own). These days we all have that technician hat hanging on our workbenches and I’m always interested in packing in yet another unlearnt skill. Throw us a bone!

Hackaday Podcast 081: Mask-apult, Beef Tallow, Grinding Melted Plastic, And Stretching Flowing Metal

Hackaday editors Mike Szczys and Tom Nardi chew the beef tallow as they take a tour through some of the best and most interesting articles from the past week, from kicking off another round of the popular Circuit Sculpture contest to building artisan coffee makers. We’ll look at the engineering behind the post-apocalyptic face mask launcher of our nightmares, and stand in awe at the intersection of orbiting spacecraft and lawn emojis. Several tiny remote controlled vehicles will be discussed, and we’ll take an unexpected look at how extruding plastic and aluminum might not be so different after all. Make sure to stick around until the end to learn why a little-known locomotive technology of the 1840s really sucked.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~65 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 081: Mask-apult, Beef Tallow, Grinding Melted Plastic, And Stretching Flowing Metal”

This Week In Security: Bluetooth Hacking, NEC Phones, And Malicious Tor Nodes

One of the fun things about vulnerability research is that there are so many places for bugs to hide. Modern devices have multiple processors, bits of radio hardware, and millions of lines of code. When [Veronica Kovah] of Dark Mentor LLC decided to start vulnerability research on the Bluetooth Low Energy protocol, she opted to target the link layer itself, rather than the code stack running as part of the main OS. What’s interesting is that the link layer has to process data before any authentication is performed, so if a vulnerability is found here, it’s guaranteed to be pre-authentication. Also of interest, many different devices are likely to share the same BLE chipset, meaning these vulnerabilities will show up on many different devices. [Veronica] shares some great info on how to get started, as well as the details on the vulnerabilities she found, in the PDF whitepaper. (Just a quick note, this link isn’t to the raw PDF, but pulls up a GitHub PDF viewer.) There is also a video presentation of the findings, if that’s more your speed.

The first vuln we’ll look at is CVE-2019-15948, which affects a handful of Texas Instruments BT/BLE chips. The problem is in how BLE advertisement packets are handled. An advertisement packet should always contain a data length of at least six bytes, which is reserved for the sending device address. Part of the packet parsing process is to subtract six from the packet length and do a memcpy using that value as the length. A malicious packet can have a length of less than six, and the result is that the copy length integer underflows, becoming a large value, and overwriting the current stack. To actually turn this into an exploit, a pair of data packets are sent repeatedly, to put malicious code in the place where program execution will jump to.

The second vulnerability of note, CVE-2020-15531 targets a Silicon Labs BLE chip, and uses malformed extended advertisement packets to trigger a buffer overflow. Specifically, the sent message is longer than the specification says it should be. Rather than drop this malformed message, the chip’s firmware processes it, which triggers a buffer overflow. Going a step further, this chip has non-volatile firmware, and it’s possible to modify that firmware permanently. [Veronica] points out that even embedded chips like these should have some sort of secure boot implementation, to prevent these sort of persistent attacks.
Continue reading “This Week In Security: Bluetooth Hacking, NEC Phones, And Malicious Tor Nodes”