2D Deltabot

3D Delta bots are very cool. They do pick and place, assembly, platform stabilization/movement, and a ton of things that they aren’t the best design for really. Looking at them, you even get the feeling that you could probably build one. And perhaps you could, but I demonstratively can’t, at least not without using components that aren’t from the crash pile or under a dollar on ebay/alibaba.closeup of a wire/posterboard wrist/knuckle

So after several rounds of totally not building one, I was sketching a little on what the movement would work like on a working one. It turns out that’s also not as cut and dry as I imagined, or perhaps my geometry is a little rusty. To get a bit more of a grip on things, I sketched at an equivalent two-dimensional version – just moving two arms (along a line or through rotating one end) connected to two more, connected to each other. That was still not that trivial, but much easier and should translate into 3d. But then I realized that *building* one would be cool. Not 3d cool, but still cool, and actually sort of skill-appropriate. So I sketched more, trying to figure out the sizing on the arms, and then I wrote up a slightly dirty html5 page to emulate them.

2D Delta Bot simulation

Quick control explanation: top sliders rotate the arms. The four fields are limits on how far they can rotate (click Apply limits and it’ll be pretty obvious). “Draw reachable” colors in the area your contraption can reach within the limits (it’s a on-off thing, starting and stopping continually drawing it, should really be a checkbox). “Sweep” runs it around arbitrarily a bit, drawing a line.
The ‘D’ slider changes distance between the fixed points. The s1/s2 adjusts the length of the two segments. These are the real adjustments of the operation in terms of changing what you can reach and how precisely.
middle bend + tiny servo

I’m planning on driving it with servos (to start), so range of motion for each leg will be around 180 degrees. It’s beneficial to use the whole range, since each “click” along is a long (or as angular) as it is, so mapping more of them to more of the end result is better. It’s also good if it doesn’t pull itself apart, slam into itself, or anything like that. Again, less intuitive than it seems. Eventually, decided on some tentative proportions. I went with 80 and 160 long arm segments, 150 apart. With  the limits -50 deg – 130 deg / 50 deg – 230 deg, but given the arbitrary origin that doesn’t mean much besides 180 degree range – to be determined on non-sim design.

Posterboard and wireAnd here is the meatspace implementation. I decided to consider.. whatever the units that look like pixels but are probably some kind of ninja browser unit.. to be mm in this version. It’s built from posterboard (97c/giant multi-sqare ft), copper wire (reused from junk) and two towerpro sg90 servos . If you don’t recognize them right off, they’re the standard “cheapest china could muster”, around $1.9-$2.1 each in 5-10 packs. They’re very strong, precise, and all around backing up their cost, but a big part of that is being half to price of anything even pretending to be decent quality. None the less, good experimenters. The speed here is my software walking it around randomly and gently – it can swipe the full 180 deg in half a second.

Well, about that.. there’s no positioning around the dial opening up a full 180 without slamming into each other or folding back over itself. I considered the connection points to be the “measure to” place, and was perhaps a little off on the side to side thing. High tolerances too. Either way, it works, but with range limited to around 60 degrees.

It’s controlled by and arduino nano knockoff (I’m sure the real deal would be ok). The only connections, despite the looks of it, is pin 9->signal (orange) on servo 1, pin 10->signal servo2, both reds to +5, both blacks to GND. USB to PC. It’s very rudimentary so far, but here’s a near-nothing sketch:

2d_delta.zip

It was written using the online editor (for no real reason) and is really just the servo library, as demoed in their examples and not much else. I still need to get a more controlled drive with a purpose going. The html5 browser sim is arguably more interesting in terms of software, though it’s pretty simple too. Perhaps I’ll write up the geometry a little better when I get to it. If it advances to something more, it may be going on instructables.com.

looks like a lot of wires, but it's mostly from having too few f-f and m-m ones - it's just pin9-10 -> servo1-2 orange, servo1-2 red/black -> +5/ground

looks like a lot of wires, but it’s mostly from having too few f-f and m-m ones – it’s just pin9-10 -> servo1-2 orange, servo1-2 red/black -> +5/ground. I put two bolts through it, mostly because the breadboard is a bit big and has two bolt holes in it right there..

Some slightly messy notes re: todays JAR report release

This could and should probably be more organized. The report (here https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296.pdf) first goes over what attack vectors were used in very general terms. Nothing particularly surprising. It then dumps, tersely but importantly, a fat list of what current and historic groups, operations, and malwares are involved, directly or though being otherwise linked. This isn’t really *that* much more than just saying “It’s Fancy/Cozy Bear, aka Advanced Persistent Threat 28 and 29”, but despite being mostly a list of names and aliases, it gives a pretty good chain-of-proof in terms of linking up why, exactly, APT28/29 would be the aggressor here, and why it couldn’t really be anyone else. It’s kind of hard to get around except by claiming the specifics about these intrusions aren’t true, which is sort of possible – there isn’t much released about it nor, really, could there be, since it’d be little snipplets of access logs that can’t really be verified.

So while parsing through them, I jotted down these notes/links on the side. They vary in certainty and accuracy from “It’s been considered pretty much common knowledge among security people for decades” to “it’s the impression I got from reading the top three google hits”. It’s far from the last word, just *a* word, if nothing else to myself, so I have someplace to start if I read more.

<something>Duke (Modular infectors/payloads. Series of variations through the decades using new exploits and paths to infect with any of the Fancy/Cozy/Energetic payloads. Chaning command-and-control, but mostly unified at any point in time, prior to deploying payload (which then has it’s own C&C, if there is one)
https://cdn.securelist.com/files/2014/07/themysteryofthepdf0-dayassemblermicrobackdoor.pdf

BlackEnergy V2/3 (Modular payload/infector, DDoS bot. Has been used by the .ru underground for profit since ’07. It’s unclear if it was coopted by Fancy, allowed by Fancy to be coopted by the underground, or under what other arrangement the botnet(s) operate. v1.0 is very simple and do not look state-sponsored, v3 is advanced enough and gets spread by complicated enough vecorts to almost certainly be.)
https://www.sentinelone.com/wp-content/uploads/2016/01/BlackEnergy3_WP_012716_1c.pdf

Shedding Light on BlackEnergy With Open Source Intelligence

Carberb (Banking trojan/cred steal. Source leaked in 2013, many variants since)
https://www.rsaconference.com/writable/presentations/file_upload/ht-t06-dissecting-banking-trojan-carberp_copy1.pdf (slides – short short version)
http://delaat.net/rp/2012-2013/p42/report.pdf (more thourough report)

CHOPSTICK/CORESHELL (General purpose payload/payload modules. Overlapping use, closely linked to APT28 aka Fancy. Almost downloaders (download from central, run), but with minimalist inital kits for immediate recon/persistence)
https://tools.cisco.com/security/center/viewAlert.x?alertId=39835

Relentless Sofacy APT Attacks Armed With Zero Days, New Backdoors

Crouching Yei (2010- capaign originally thought to be a Cozy (APT29) creation, but shown to overlap with Fancy. Sometimes called Eneregetic Bear and considered a separate APT. Appears to be a joint operation or an organizationally separate group cooperating with both)

Dionis (Infector, ~2010-, linked to Cozy. Various vectors throughout updates)

Dragonfly (2013 campaign aimed at the western energy grid. Consided a product of Energetic Bear(aka Crouching Yeti), wherever they fit into the sceme of things. Uses a fairly isolated set of payloads and command and control infrastructure, and could probably have remained operational beyond *duke, blackeneregy, et al)
https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf

HAMMERTOSS (mid-2015 payload. Very stealthy payload, communicating over twitter/github. Focus on segnaography (hiding hot data inside innocent-looking data) and stealth over efficiency. Otherwise, average small downloader-with-some-bonuses. Attributed to Cozy)
https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf

Havex (2014 payload. Remote Admin Tool. Part of the dragonfly campaign, fairly narrowly targeted at US energy systems. The name sometimes includes some of the spreading tactics, such as exploit kits injected into sites likely to be vistited by true targets)

OLDBAIT (2014(ish, long running) payload. Credential stealer. Harvests login/pass/keyfiles from popular browsers/clients (extensible) and sends them back to command and control)

Pawn Storm (2005-ongoing intelligence gathering campain. Very broad, tragets in russia, ukraine, usa, nato at large, gov and media, Includes waves of all Fancy payloads, spearphishing, iOS infections, fake sites, etc. Overly broad term often nearly meaning “anything Fancy is up to at the moment”)

Quedagh (BlackEnergy infector. More like a sub-module to blackenergy v3)

Sandworm (2014 infector. Used a particular set of exploits to spread a variety of payloads. Mostly notable for using enough unpatched exploits at once to be an obviously state-sponsored piece of code)

Seadaddy (+ SeaDuke, part of the infector stream. Hid in python code, which doesn’t compile and stays human readable, a fairly unusual vector)

SEDNIT/SEDKIT (Exploit kit series. Exploits browsers to install payloads when the user visits a site they’re installed at (watering hole exploit). Targeted to stick to infecting likely targets and otherwise do nothing, and mostly loaded on sites likely to be visited by good targets. Fancy product)

Sofancy (alias for Fancy/APT28/Fancy Bear)

SYNful knock (Cisco router plant/backdoor payload. Grants remote control of several Cisco routers. Sometimes confused for an exploit but isn’t – it’s code injected into a router firmware by arbitrary means which then allows remote control of it, just like most payloads (though extremely rarely aimed at routers))
https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html

SOURFACE (payload. Downloader/installer. Seems mostly introduced as another layer as getting and installing a larger payload after chopsticks/coreshell became increasingly contested)

Tiny Baron (payload. ~2014 remote control payload)

Waterbug (group of infetors/stage one payloads. Could be an operation or group of people who made them rather than the malware itself depending on who is speaking. Focusing on spearphishing/driveby attacks, with complex payloads. Clearly connected to Fancy/Cozy, but mostly using separate command and control)
https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf

How are LED Christmas lights wired?

Straight out the box

Straight out the box, Holidy time warm bright white mini lights

If you’re a bit like me, you may have wondered how Christmas (or any strands) of light are actually connected. I’ve sort of half figured it’s probably super obvious if I decided to actually look at them or take a few measurements, sometimes looked briefly at the mess of wires and realized that it’s not totally obvious from the outside, but I’ll look at it later sometime. Well, today was sometime – playing with microcontrollers I’ve used LEDs from a few strands I got last year after the season (they’re often $1.5-$2/50, or 3-4 cents/LED). So before messing up another one, I looked more carefully.

xm_org

Rearranged into chunks of like parts

Here they are after untwisting, untangling and generally wrangling all the wire into straight(ish) lines, then re-bunching lengths of wire and lengths of straight lights (light wired to light, no extra wires). Clearer? Well, since it’s still not 100% obvious, here’s some labels.

with labeled parts

with labeled parts

The lights by the green arrows with three wires going into them are probably the least clear part. It’s worth noticing (because it looked odd unraveled) that the two center lengths (cyan arrows) of wire are between two piles of half the lights, as though they were several feet apart rather than end-to-end as they originally appeared. First a peek at the three-wire thing.

Three wire socket closeup

Three wire socket closeup

Without the bulb, it’s pretty easy to see that two of the wires are just connected. It’s a T junction with and LED in on the part heading off toward the rest of the lights. This is the case on all four of them.

xmbulbAs an aside, this is what’s inside the removed bulb, after unbending the legs and pulling out the bulb. It’s, well, and LED. Little dip on top to diffuse it, then a bigger diffuser over that to make it look more like a “normal” bulb, and a little socket to connect the whole thing. The legs are longer on one side to signify polarity (just like normal LEDs bought as components).

as a circuit

as a circuit

So simplifying the 3-wire-lights and drawing the wires as wires, it’ll look like this. The power is connected straight through (potentially to more strands) and in between there are two sets of 25 LEDs connected. Each side is connected in the opposite direction. This is how a normally direct current low voltage LED can run off 110v alternating current straight from the grid. Since there’s 25 of them, they experience a 110/25 = 4.4v drop each, which is fairly appropriate. There are resistors on the legs of a few to cut back on the current (didn’t get a picture, sorry). Those look slightly randomly inserted (soldered onto one of the legs of a bulb) which kinda of makes sense I guess – doesn’t matter where as long as it’s somewhere in each bunch. Since they’re light emitting diodes they only allow current in one direction, so when the AC is turned the other direction, they’re not conducting (or lighting up).

During that phase, the ones in the opposite direction come on instead, then after 1/60th of a second it switches. For a while in between, both are dark. It’s all so fast that I could probably just pretend it’s not noticeable, but actually if you look at them, they actually flicker pretty obviously. If you move a bulb rapidly through the air in front of you so that you see a streak of light, you’ll notice that it’s not actually a streak, it’s a dotted line as it goes on/off while you move it. If you hold one from each bunch next to each other and do the same, you can see that each line is “there” at opposite times, like -_-_-_-_. I tried to get some pictures, but persistence of vision phenomena like that (similar to a tv screen) doesn’t really show up well on camera, especially not one ones without a shutter speed setting..

schema  So what about the lengths of wire? Well, here they are drawn closer to scale/position. As you can see, if we require the power in and out at the ends (rather than the center) we do need another wire going forward, meaning we have to match the length once just to have our ground/zero/cathode to connect it to, and then, as they block opposite-direction flow, also an open vcc/power/anode too to connect the other bunch. in circuit, that means there will be four “spans” of wire, and two are indeed between the lights.

That’s about all of it. In short, yes, it was a pretty trivial circuit once unraveled and looked at. But if you wanted to see without the hassle of untangling one, there you go. Now on to seeing what would be the most reasonable way to individually control them.

Charliplexing LEDs on an Arduino Nano

12 LED charlieplex, 4 pins, Arduino Nano (clone)

12 LED charlieplex, 4 pins, Arduino Nano (clone)

“Charlieplexing” is a way to drive more than one LED per output pin on ports/processors that can set their pins to input in addition to 0 and 1. It’s done by connecting two LEDs in opposite directions between any two pairs of pins from the ones used. Here, four are, so 1<->2, 1<->3, 1<->4, 2<->3, 2<->4, 3<->4 (six pairs). When using them, all pins are set to INPUT (they will not provide nor sink voltage or current) except two. Those final two are 1,0 or 0,1 – i.e. +5v and ground, lighting one of the two LEDs connected to it depending on direction.

In order to appear to have more than one lit, cycle through and quickly light each that should be lit in turn and do it at a fast enough rate to not be seen (50 Hz at least). Here’s brief example code, should work on most Atmega based Arduinos, perhaps others too (dunno about interrupts – it’s usually similar but it’s not standardized).

/*
 * Charlieplexer example
 * 
 * Controls 12 LEDs using 4 output pins. This is done using combinations of 0/1/INPUT and the
 * diode behavior of LEDs to selectively power arbitrary single ones, then using a timer
 * interrupt to rapidly cycle through those that should appear lit. The array "bri" determines which should be lit.
 * 
 * Circuit:
 * The four pins used are connected to D12-D8 (the leftmost four on an Arduino Nano).
 * Each is connected to a resistor. Two LEDs, in opposite directions, are then connected
 * between each possible two-pin selection, i.e. 1-2 1-3 1-4 2-3 2-4 3-4
 * The current will pass through two resistors and one LED when on. If they're evenly lit
 * ("extra" time from off-LEDs isn't given to on-LEDs) the duty cycle will be ~8% (8% lit, 92% unlit).
 * The resistor should be chosen accordingly. 2.4kOhmn works, but is pretty dim. 240 Ohm would still be
 * well within current limits.
 * 
 * Patrik Lundin, 2016
 * 
 * This example code is public domain
 */

  // Number of LEDs
#define PL 12
  // "Frequency", but really delay per pre-divisor on the timer interrupt
#define fq 100

  // Display state, i.e. which LED should be lit (or not) this cycle
int ds = 0;

  // Array holding on/ff values for LEDs. byte because I might implement partially lit sometime.
//byte bri[] = { 0,0,0,0,0,0,0,0,0,0,0,0 };
byte bri[] = { 255,0,255,0,255,0,255,0,255,0,255,0 };
//byte bri[] = { 255,0,0,0,0,0,0,0,0,0,0,0 };

  // Values to write to PORTB. Determines which pin is powered
byte pv[] = { 
    0b00001000, 
    0b00000100,
    0b00010000, 
    0b00001000,  
    0b00010000, 
    0b00000100,
    0b00000010,
    0b00000100,
    0b00000010,
    0b00001000,
    0b00000010,
    0b00010000,
    0
  };
  // Values to write to DDRB for each LED. Determines High impedence (disconnect) pins.
  // The two selected will be 5v and GND as determined by pv
byte ps[] = { 
    0b00001100, 
    0b00001100,
    0b00011000, 
    0b00011000,
    0b00010100,
    0b00010100,
    0b00000110,
    0b00000110,
    0b00001010,
    0b00001010,
    0b00010010,
    0b00010010,
    0 
  };

ISR(TIMER1_COMPA_vect){
  byte ods;

    // check if current LED is lit, if so light it.
  if(bri[ds]) {
    PORTB = pv[ds];
    DDRB = ps[ds];
  } else {
    DDRB = 0;
    PORTB = 0;
  }

    // next LED (for next cycle). Back to 0 at PL
  if(ds==PL)
    ds = 0;
  else
    ds++;

/* // This snipplet can replace the above to skip over any unlit LEDs.
   // This gives lit LEDs more time (brightness), but unevenly.
  ods = ds;
  do {
    if(ds==PL)
      ds = 0;
    else
      ds++;
  } while(!bri[ds] && ods!=ds);
  */
}

void setup_int() { // Start timer interrupt
  cli();
  TCCR1A = 0;
  TCCR1B = 0;

  OCR1A = fq; 
  // Some approximate refresh speeds at an unknown prescaler setting:
    //156 400 hz 125 500 hz 100 625 hz
    //78  800 hz, 69 905 hz, 50 1250 Hz

  TCCR1B |= (1 << WGM12); // CTC mode |8
    // Don't have my notes on the prescaler - uncommenting the bottom |= puts it at "very slow".
  TCCR1B |= (1 << CS12); // |4
  //TCCR1B |= (1 << CS10); // Prescaler |1 
  TIMSK1 |= (1 << OCIE1A); // Enable timer compare 
  sei(); 
} 

long sttime; // time storage for the main loop 

void setup() { 
  DDRB = 0; 
  PORTB = 0; 
  Serial.begin(9600); 
  Serial.println("Go"); 
  setup_int(); 
  sttime = millis(); 
} 

void loop() { 
  int inc; 
  byte ch; 
  long now; 

    // This isn't part of the charlieplexing - it's just a loop that blinks (inverts) all LEDs once per second 
     // so it does at least something even by itself. 

  now = millis(); 
  if(now-sttime>1000) { // if it's been 1000 milliseconds blink
    sttime+=1000;
    for(inc=0;inc<=PL;inc++) { 
       // Invert on/off (or opposite brightness if that was implemented) 
      ch = bri[inc]; bri[inc] = 255 - ch; 
    } 
  } 
  if(Serial.available()>0) { // Does nothing, but here you/I could add actions for chars gotten over serial (debug)
    inc = Serial.read();
    switch(inc) {
      case 'l':
      break;
      default:
      break;
    }
  }
}

 

Approving ADB debugging on a broken-touch android

I like to play with partially broken phones and tablets. Well, kind of anyway, it comes with it’s own frustrations, but they’re an often overlooked source of hardware. Most of their neat things (screen, sensors, audio, wifi, bluetooth..) aren’t really possible to separate out – things are so integrated now – but they also come with their own CPU/GPU. Often a powerhouse by embedded standards, certainly enough to pass things along to a lesser but more accessible arduino or desktop. I tend toward android, because even though it’s not a raspberry pi, they’re somewhat linux-ish, and can often be made to run something approximating a small server with Deploy Linux, kbox3, termux, or even just busybox with some add-ons.

Very often, the main issue is that either the screen is broken or the screen works but has no touch capability. No-screen you’re usually stuck flashing something custom (depends a lot on device) but on many devices, no-touch (but working screen) can be handled by plugging in a mouse/keyboard via usb-otg. That is, one of those little wires with usb-micro-b on one end and a USB female (as you see on a hub or computer) to plug the mouse/kb/combo into on the other end. With this, you’ll often get a mouse pointer, and you can (sort of) limp yourself along installing something more permanent.

However, if it’s a fairly recent android, you’ll soon bump into another roadblock. Ok, I just did, not sure about others. Trying to activate USB adb debugging (so you can shell in from desktop, push/pull apps and data, root it, so on) requires both the usb port (pops up a permissions box) *and* touch or mouse (to click ok). If you disconnect the usb to the desktop, the popup goes away.

If you have root (or other enhanced access), you can add a key in /data/misc/adb/adb_keys and set a local variable (ADB_KEY on windows) to match, letting you in without he OK. If you it’s a debug build, you can do “adb disable-verity” to disable checking it. I had neither. So, another way around I saw mentioned is a bluetooth mouse. If you have one, pair that (can be done with the usb mouse in), good to go. If you don’t (me) you can use TrueMouse Lite on another, non-broken, android to fully emulate a mouse. There’s a ton of other remotes, but most require an app on the client side, and usually android isn’t supported. TrueMouse does require root, and is a 9 day trial, but it shows up as a true BT mouse. So any other rooted and functioning android, in my case an LG Fuel from a $5 special tracfone sale, works. Click the OK, boom, access.

Saying the alphabet backwards

Being tested for a concussion? Trying to convince a police officer you’re not high as a kite? This won’t really help you – normal people can’t do it anyway. It’s rarely used as a “brain works” thing, especially if an authority figure asks, they’re just rattling you a bit. If you decide to squarely designate yourself “the kind of person who obviously practiced reciting the alphabet backwards”, be sure to follow up by further segmenting that to “by that I mean geek, not drunk/druggie”.

But, either way, if you want to say the alphabet backwards, here’s a way to mnemonic it. It’s partly by some guy on reddit, partly me adding stuff back in that I forgot over and over.

When first asked, your try will probably be “ZYX”. Good job, like most people, you know the last three. If not.. learn them.

Next, we’ll name two states – West Virginia and Utah. Their abbreviations are “WV UT” which are the next four. I don’t have a universal reason those are the two states, but if nothing else perhaps you can eek out “W” as the fourth from last (before X) and thus go “Oh yeah, WV. UT”.

Next, the phrase “It’s our cue, pee on Martin Luther King Jr”. This is not recommended behavior, nor is it any reflection on his legacy. It’s merely a sentence that has the appropriate letter sounds – “tS R Q P on MLK Jr”. Since you’ll have forgotten the order of things, it actually overlaps by a letter – you just said “UT”, so peek at your own prior answer and go “starts with T. Oh yeah, iTS R Q..”. The main tripup is feeling that “cue” should have something like “to” after it (perhaps notice that you just said T) and that Jr only stands for J, (MLKJ, nor MLKJR). Again, it might help that you said R just then, by the “its”.

Next, do a jihg (and misspell it with h) because you’re fed up (or chased by feds, if you wish). Again, one letter overlap – with any luck the “MLKJ” will lead you to “J.. oh yeah, JIHG.. FED”.

There’s no overlap for the next bit. In fact there is no next bit – you are here supposed to realize you said “D”, and through sheer brainpower figure out that “CBA” is the finishing three. In summary:

ZYX (think of how it ends..) WV UT (West Virginia, UTah) SRQPONMLKJ (t-> It’s our cue, pee on MLK Jr) JIGH FED (j->do jig with bonus h, because fed up) CBA (d->that’s hella early in the alphabet – I’ll reverse ABC live)

Practice a bit and you’ll convince yourself you can do it. Try it again in a few days or hours (set an alarm or something) and patch what you ended up forgetting after all. Try again in another same unit (day, hour) if it’s still there, do another in a week. Two of those, and done – stuck forever. It may well be that you just remember it in a day, then in a week, and realize this whole exercise was sufficiently absurd to stick it in your brain. Go forth and wait years for a situation where you might be able to earn bragging rights with it, hope it’s still there by then.

If you actually manage to do it enough times to make the sentences and words fade out (like you were supposed to do with the alphabet song, but it never happened and you still have to start singing it to access alphabetic order) knowing it actually has real live uses if you deal with alphabetized data (like a library, or the herbal supplements at walmart) – you’re often presented with “You’re on M, need to go to F, how far is that?”. It’d be better to actually know the alphabet as a non-sequential thing, like knowing the ordinal for each letter (A=1 B=2 C=3 .. but so that you can do ordinal->letter->ordinal in arbitrary order, not by singing and counting) but a solid compromise is being able to do both “F..GHIJKLM.. six more between” and “M..LKJIHGF.. six in the other direction”.

Setting up domain mail service through yandex

Yandex is a google-like service in Russia. It’s the fourth largest search engine world wide, and also provides things like mail, online storage, DNS, etc. It’s slightly less stringent about checking accessing IP, which can be bad (if your account gets hacked, it may be less protected from geographically unlikely access) but also good (if you actually travel, or need to access it from a VPN or a remote server, they will allow you to do so, while google has a tendency to demand phone verification or just plain kick you out on the basis that you look like you hacked your own account).

Supplies:

A domain, including access to it’s DNS records.

Somewhere to access them from.

Step 1: Set up an account at yandex.com. This can be done from passport.yandex.com or by clicking “log in” and then “register” on any yandex page. It will ask you for a name, address, and phone number. If you don’t feel like supplying a recovery phone, click “I don’t have a cell phone” – it’ll be ok with that and ask you to instead supply a recovery question. Pick as strong of a password as you need to and make note of it and your recovery question(s)/answers – while they’re laxer with where you choose to access your account they are harsher than google in terms of recovery. Do not count on being able to recover from a lost password/recovery Q – it’s not totally impossible, but it’s also highly likely that it’ll be permanently lost.

Step 2: Go to domain.yandex.com. Enter your domain name in the “connect domain”. If you aren’t logged in with the account you made, you’ll be asked to do so.

Step 3: Demonstrate that the domain is yours. They provide a few options, but the easiest is probably to add a specified NS record. They’ll give you a hostname (y2a3n323a234f.yourdomain.com or something) that you’ll be asked to add as an alias (CNAME) for one of their hosts. Add it to your DNS settings, if using bind, add a “y2a3n323a234f IN CNAME the.host.they.said.ru” to the zone file, update it’s serial number so it propagates and tell bind to restart or reload (usually “service bind9 reload” (or …restart). Give it a bit to spread though the DNS network. If possible check from another perspective (such as your own machine if it’s not using the same DNS server authoritative to your domain) by looking up your CNAME (nslookup y2a3n323a234f.yourdomain.com from windows or linux prompt). Once it seems established though out that it’s there, click the button on the yandex page to tell them to look for it. If you tell it to check too soon and too many times, it will throttle you (usually tell you to wait a half hour before rechecking) so it’s worth giving it a bit to make sure it’s out there. If it throttles you, double check that you did in fact add the correct CNAME and that it’s visible and wait out your timeout. There’s no real way around this and it is necessary to avoid DNS poisoning attacks (sending out false information getting central DNS caches to temporarily misreport).

Step 4: Once they admit it’s your domain, add MX records for their hosts. They’ll tell you where, usually a few hosts like mail34.yandex.com. They’ll quote you exact MX records and priorities to add, in the vast majority of cases the recommended settings are what you’ll want (I can’t really think of a situation where they wouldn’t be).

Step 5: Set up mailboxes and/or catchall address (where to send xyzzy@yourdomain.com if there is no xyzzy mailbox). You can set up something like 1000 free, though they say if you need more or more storage, contact them – I’m not sure what they’d do or charge if you somehow needed more.

Step 6: Done. Start using. When logging in to a mailbox the first time (logout and go to the address they supply to log in with username only, or log in at mail.yandex.com with the full address (user@domain.com) and pass) they’ll ask you to enter new recovery information, name, and accept TOS for that particular address (so that if it’s not yours, the new user, too, accepts them). These sub-accounts can be recovered (or deleted, modified, etc) using the main account you used to create the domain, so that isn’t as picky. They have even less recourse for recovering from them directly though – as admin of the domain they’re considered your users/your problem if they forget their password. If you wish to use imap/pop/etc for third party clients, this can be activated in their setup screens. Some push options are available, support depends a bit on the third party client. There are mobile apps available (similar to gmail) which work as a more user friendly way to set up push notifications but with the same downsides as any third party apps.

ONN Model NB14W1201 2000mAh Power Bank

Onn Powerbank model ONB14W1201, $2 clearance buy, but handy and functional. Reading a bunch last night about Li-ion chargers, I had a sudden urge to look inside.

Peeking into it. Wait, is that..

..roundness? This looks so much like a plain standard cell, or one of those half-length ones.

It’s a plain ol’ 18650 Li-ion cell with a little driver! The white parts pop apart down the other side, btw..

Circuit closeup

Looks like standard ICs and they left the numbers on. I’ll look into it more later, but these look like what I bumped into constantly hunting obscure Shenzen parts no one has sheets for.

Driver Board

Another for good measure in case something is out of focus.

It’s spot welded in (as internal batteries or individual cells usually are – the strips are often zink plated stainless to handle the heat changes. But it could probably be modified to charge 18650 (probably the most common Li-ion cell around and the basis for most “normal” high power rechargables) or to recharge your phone with infinite 2000-2300 mAh chunks for a few bucks a cell. Possibly even expanded with a few in parallel but that might get adventurous current wise. Will have to see what the ICs claim to be.

Got caught up in a DNS amplified DDoS attack

Sure I’ve heard them mentioned. Along with everything else that’s wrong with traditional DNS, a great deal of it is done via UDP as opposed to TCP. I.e. no “Hi Server! (msg1)” – “Hi Client! This a connection? (inre:msg1, msg2)” – “It sure is, dear Server! (inre:msg2, msg3)” – “Cool! What? (inre:msg3, msg4)” and so on, lobbing packets of information back and forth, all pieced together. No, DNS goes “Hi I’m client X I need to look up Y”, “Ok cool, heres YINFO”. Since there’s no connection, you can lie about the sending address, causing the server to shove the response at some innocent other host, which will sit there when suddnely “Ok, cool, heres YINFO!”. It’ll go “Wut?” to itself and toss it. But, as an extension of overloading a server with junk traffic, this can make you suddenly much louder – ask a question with a *really* long answer, and suddenly you can not just cause people to deal with your puny internet connection but cause them to receive many times that much form other servers you’ve tricked into sending it.

So until now, my DNSes have always been limited enough to not have this happen. But seeing up a new server, DNS was the main issue – it hung multiple times from lack of functioning DNS. So I wasn’t too careful, and suddenly someone, many many someones, were requesting lots and lots of data.

So, now thinking for an additional second about it, I realize there’s really not much preventing this besides just not taking requests from outsiders. But there has to be some slack too – it’s not like everyone can have individual DNSes, nor can it be 100% centralized. And here, I’m not even sure how should have answers, but at least a decent chunk of local boxes.

Then when you do block, or (as I first did) just rip down your DNS shingle altogether for now, it’s not really stopping it much at first. After all, the point here is to shove traffic at someone else – there’s no real way to see if it makes it. It’s possible (and a good idea for effective mayhem) to mix it up and throw an answer back to yourself (more like “a place you control”) to make sure you’re not wasting your traffic sending into nothing, but.. that’s riskier than just sending it to the target, and a little trickier, and there isn’t that much punishment for slacking off and not checking often.

Finally fail2ban (set to bounce the requests with orders to the next router up that packets going “from” one for the targets to my dns needs to find another route, nothing down this path) started working, set up per https://debian-administration.org/article/623/Blocking_a_DNS_DDOS_using_the_fail2ban_package . After a set time, it’ll start accepting again, but after a set amount.. ban again. It’s working pretty well and slowing it down. Looks like the herds are moving on. But that was way more of a thing than I expected. Worth configuring carefully the first time, I think.