Welcome

Welcome to my digital home! There are lots of articles you might find helpful buried in this site on topics such as modifying an Alfa Romeo 159, rebuilding a Lotus 7 (Robin Hood 2B), not to mention a ton of stuff on technology in general. It’s all here somewhere, so use the search function or navigate using the menu structure. if you want to talk, reach out via the contact function, I usually do answer!

Random Post Selection
InfoSecCourtesy of the Institute for Information Security Professionals As I mentioned in the opening CEO article, the inaugural Top Gun event in Manchester was a great success on many fronts.  We had 20 participants, organised into the Red and Blue teams, plus 5 members of the Control Team, and the day just seemed to fly past, so intense was the concentration, interaction, ingenuity and fun. We cannot give too much away as to the content of the case study or the processes we followed on the day, for fear that we might spoil some of the element of surprise for participants in future events.  Suffice to say that those who were there threw themselves into the exercise and, accordingly got the most out of it, as well as proposing a few additional suggestions for developing and improving it for future players. Let us however, convey the particular views of a member of one of the teams, and let them tell you what they thought of the event. “TopGun, The Blue View. (Jay Abbott, PwC) I have to admit, I was genuinely sceptical about the TopGun event as the idea of playing the Security equivalent of Battleships during one of my busiest times of the year was not one that featured far up the “to do” list, that said, I am genuinely pleased that I made the time to attend. We arrived with very little information about what was planned, and were immediately split into two teams, Red and Blue, The Red were of course the attackers, and Blue were the defenders and the teams split had been pre-planned by the organisers to ensure that a good cross section of skills rested in each team to keep things fair. The remit was simple, we each were given suitable pieces of a puzzle, i.e. some deliberately sketchy information related to the organisation, typical of that you would find on your first day of work or your first information gathering exercise. From there it was a case of building a better picture of what you have and figuring out the best way forward (sound familiar?). At this point, the teams were physically split and departed into adjacent “war rooms” to prepare their respective strategies. We each could communicate with our “control” staff, who acted as the coordination of the event and holders of information. The co-ordination role was pivotal in the success of the event as they were able to coordinate the virtual attack and defence strategies in real-time to keep the feeling of real-life and to ensure that the game was fair. From a blue perspective it was business as usual, we had a budget and an environment to protect, we had to evaluate the skills in our team, establish specialism’s that could work in key streams, and run the entire thing like a project. All in all it was a very worthwhile day that created a great deal of discussion and provoked much debate. What I personally took from the day was something that I see all too often, but is perhaps not as obvious to all, to quote Paul Dorey on the day it is summed up in the phrase “Security is Asymmetric”. Put simply this is the fact that someone attacking an organisation need only find one hole or vulnerability in order to succeed, while those protecting the organisation must try to plug every hole and mitigate every vulnerability to be secure.” Event wrap-up discussion and lessons learnt – great work everyone! The participants captured their comments on an evaluation form and we are reviewing and acting on those comments.  They also scored the event out of a scale of 1 to 5, and rated the event at 4.3 overall, but with specific scores of 4.5 for facilitation and presentation, and 4.6 for opportunity to discuss and exchange ideas.  A great success by any measure. Thanks to all involved, and to PwC, our hosts for the day. Courtesy of the Institute for Information Security Professionals [...]
3DWhy this Kit? This kit is well built and well packaged which combined with the relative cost is absolute value for money for the print size. It does suffer a number of issues though and the “community guide” is an invaluable asset in the build of these printers. The community around this printer is great and has many people both skilled and novice, all of whom seem happy to help. The community is mostly in the Facebook Group, or at least that is where I found them! There is an extremely detailed and maintained “Community Guide” that contains a wealth of information about the printer, its issues, its features and how to get the most out of it. This can be found linked from the Facebook Group or can be downloaded from this link. One of the best features for a first time builder like me was the very extensive video build guides from: ruiraptor. His 15 video series on the full build process took all the pain out of this for me. That said, It would have taken more pain out of it if I had watched all 15 videos before starting to build the printer as sometimes he will show you how to do something the “TEVO Way” and then his own way, which is often much better! The community guide also holds some key information not covered in detail or at all in the videos such as the BL Touch installation. TEVO Black Widow 3D printer – All assembly videos Aside from the support. Guides and quality of this printer, the main reasoning behind the choice was the build area. A whopping 370mm x 250mm x 300mm build area was exactly what I needed to support some of the planned projects that I will use this for. Where to buy it? Do not buy this kit off ebay! Buy it direct from the manufacturer shop via AliExpress. This will ensure you get the latest version direct from the manufacturer stock rather than an old one that has been sat in someone’s stock room for a while. At the time of writing this, V3 was the latest. A key reason for this is that early versions of this printer had some serious faults such as an earthing issue on the power switch that could electrocute you! Additional Mandatory Parts: 12 x 28mm Cast Aluminium Corner Brackets 24 x 8mm M5 High Tensile Butten Flange Allen Bolts 24 x CNBTR M5 Thread T Spring Nut 20 Series EU 1 x Red Button 4 Pin DPST ON/OFF Illuminated Rocker Switch AC 250V 15A 1 x 2 metres of 10mm Expandable Braided Sleeving 1 x 1 roll of 9mm cloth wiring tape 1 x Standard Floated Glass 400mm x 250mm x 3mm with Polished edge (from local glazier) 1 x Right-Angle USB2.0 B Male to USB B Female Socket Panel Extension Cable Cord Optional Parts: 7 x Solid V Xtreme Wheel 8 x Mini V Xtreme Wheel 1 x 24v 40mm Layer Fan 1 x 3m of 28 AWG red & black silicon wire for layer fan 2 x pair of 2 PIN JST SM Plug Socket Connectors – Soldered / Crimp 1 x 400mm x 250mm PrintBite+ Optional Tools 1 x 15 or 30cm metal ruler 1 x 8mm flexible head ratchet spanner 1 x 60 in 1 S2 Tool Steel Precision Screwdriver Nutdriver Bit Repair Tools Kit hv2n Tools & Assembly Although the kit comes with all the tools you need to build it, it does make it quite hard work if you only use them. The additional tools suggested make light work of the job and if you don’t have them, come in handy in many other places! The general assembly is straight forward, although if you are following the build videos, make sure you have watched them all first. I found that in certain videos, Rui would build something and take it apart then show you a better way to  build it! If your following the video for the first time this can mean you build somethings twice or more. Modifications Let me fist answer the question of why modify? These kits are “Open Build” based which essentially means that they are based on 100% open sourced common components that have been pulled together to make this kit. TEVO have a number of custom parts size / length and manufactured their own versions to suit this kit perfectly which makes this kit very good.   That said, a number of parts in this kit such as wheels or angle brackets are not the absolute best that are available, and as with anything built to a market price point, some compromises exist. It is these compromises I am not willing to accept and that I wanted to tackle as part of the build process. Joints I was unhappy with the quality of the L brackets given the need for a true and non-flexing chassis and as such decided to opt for the 28mm cast aluminium brackets instead. These make a much stronger connection that is less likely to flex during use. For me this was key as a chassis of this size will likely have a lot of pressure put on the joints and any flex in a joint will lead to an inaccuracy in the layer. Wheels I was not initially going to replace the wheels despite hearing about the issue of some users reporting flat spots. Unfortunately, this turned out to be a bad decision and in fact I needed to replace the stock wheels straight away. Essentially, the stock wheels will deform if they are left in the same position for a period of time due to the malleable nature of the material used. What I was not expecting in my build was for the heat bed carriage wheels to do this within the first 24 hours! Some people suggested that this is simply because they were too tight, but personally I don’t think that they are as you need to have them tight enough to stop all lateral movement or “wobble” as this will effect print quality. For me, the wheels deformed very quickly so it was better to change them for a much harder polycarbonate compound that is less prone to deformation. Rocker Switch Although supposedly fixed in V3 with a new style toggle switch, the possibility of getting electrocuted didn’t appeal. Looking at the toggle switch that comes with the kit, its metal and rated at 12v /20a which just doesn’t sit right with me given its switching the mains live wire directly :/. Instead I opted for a much better quality 250VAC / 15A plastic illuminated switch to ensure that I am insulated from any potential shorts in the switch that could give me a nasty jolt. Drag Chains Each of the drag chains can cause the wires to rub and eventually fail unless they are put into nylon sleeving. This sleeving helps to prevent the rubbing and allows the chains to keep everything neat. It is also useful for hiding the mess of cables that connects the control box to the printer and keeping everything untangled. Layer Fan A Layer fan is option but seems to be quite a common modification. Even if you are not installing a layer fan on day 1, I do recommend running  the cable for the fan through all of the sleeves and drag chains while you build it to save having to take it all apart at a later date when you decide you want one. Its worth running the wire (30 gauge red & black) from the control box to the print head and putting a 2 pin JST connector on it ready for the addition of a fan at a later date. You can also add a break where all of the other cables join from the control box to the printer and using a JST connector (male & female) to match the stock wiring setup Wiring / Controller Box. The way in which TEVO suggest to organise the controller box is flawed and Rui does a great job in showing you a much better way. Essentially you need to transpose the holes for the motherboard and mosfet from one side panel to the other, and then mark and drill holes on the original side where the motherboard and mosfet were to be located, in order to mount the PSU on its side. The result is much more space, much less cable mess, better airflow and room to work! The other major change to the controller box is the power switch. If you use the power switch I suggested you are going to have to cut a square hole around the existing round one. A Dremil some painters tape and patients is all you need. And just remember if you make a total hash of it, you can always print a new one once your printer is up and running! Firmware Upgrade I’m a subscriber to “the latest version is best” way of life and as such, job one, even before an actual print, is to upgrade the firmware to the latest version. The printer I bought came with 1.1.0 RC7, while at the time of writing this, 1.1.8 (RC8 V4) was available. The best guide on how to perform the upgrade is here from Rui: How to easily configure and flash firmware to a TEVO BlackWidow 3D printer Calibration This stage is key. Take your time on Video’s 13 & 14 and make sure your eSteps and extrusion is perfect. If you have opted for the BL Touch (recommended) then you do need to follow the community guide on how to calibrate it, but once done its ability to self level the bed before a print is so time saving. First Print The first print is always going to be nerve wracking but as long as you have taken your time with everything during the build process and especially the calibration, then it will come out just fine. Here we have my first print, a 20mm XZY Calibration cube printed at 0.2mm layer height: Key Builds Universal Spool Holder Part Cooling Duct for Tevo Black Widow & 40mm Fan Its best if you print the part cooler and one of the velocity stacks first. Then assemble that and fit it before printing the rest. Overall the quality is very good though: Build Gallery ” order_by=”sortorder” order_direction=”ASC” returns=”included” maximum_entity_count=”500″] [...]
GeneralThe Problem: Ok, so anyone who has worked with sound equipment before would have been greatly disappointed shortly after taking the M-Audio Xponent out of the box. Essentially, it’s a bit crap. The main bug-bears are the faders, often referred to as being made by “Fisher Price”.They are loose, and generally feel nothing like a proper mixer, so anyone used to using pro audio equipment is going to feel short changed (I know I did!). That said, once you get over them, and there are some tricks you can apply to make them feel less annoying, the other primary bug-bear is Torq. This software can only be described as an epic fail! I gave it a shot, I persevered with it for a long time, and have come to the conclusion that its beat detection engine was programmed using chaos theory. I have mixed on many different platforms, decks (belt and DD), CDJ’s (from first gen to modern) and midi software from TraktorScratch V1.0 through to the usual suspects of today. What all of these platforms allow you to do is beat match with little effort if you’ve got a good ear. Torq on the other hand, seems to want to fight this process and in my own experience, creates a clinical/harsh environment to align beats without getting nasty overlay (beat on beat cancelation). If you persevere I am sure you can personally compensate for this and actually become good at “mixing with Torq” but IMO I don’t think it appropriate to change my mixing style after 20 years just to accommodate crap software. This problem brings us to the solution I have discovered. I don’t take credit for pulling this together, many people better than me have toiled long and hard to make this work and have done some excellent work on the subject. All I wanted to do was have a rant, show you how easy it is to make the Xponent better and then credit those who did the work. The Solution: Native Instruments have invested a lot of time and energy into refining the Traktor product to what it is today. I have used different iterations of it since Scratch v1.0 (the first ever version) and it just keeps  improving! The most recent version is Traktor Pro V1.x, I am using 1.2.4 and it is truly phenomenal. I won’t go into it in too much detail, but will say this much, its intuitive, just like it should be, has some amazing effects available out of the box and “just works perfectly”  What more could you ask for? Of course, Despite the Xponent being a Midi Control Surface and a Sound Card, it’s been locked into Torq to proliferate the spread of the evil program, but, there is a way you can break out of this and turn your midi control surface back into a programmable 2-way midi surface like any other. It’s actually quite simple: While you switch the device on, press and hold the number 2 Queue button + the Lock Button on the left deck. It’s that simple, hold them till it’s all booted up, and to check its worked, press any button, if it lights up then fades away, it’s not worked and you need to power off and try again. If it does not light up, you’re in business and you have a midi control surface ready to use with any Digital DJ software you want! At this stage you have a couple of options, start mapping the buttons yourself or grab a map that has already been put together. Personally, I like to short-cut things, so I would grab a predesigned map. After a good look around and a few failed starts, I found a mapping from HolyCT based on the work of DJ Kad listed in the NI Forums. It is amazing! It has all the mappings you would want, full documentation and even a browser mode so you can use the jog wheels to browse your track lists without the keyboard and mouse! It makes use of the X/Y Pad and is IMO a very well put together map for the Xponent. Bringing the good features from the Xponent to a well written and user friendly piece of software like Traktor Pro, is a marriage made in heaven! I am truly blown away with the usability and playability of the combination, and it has convinced me to stick with my Xponent for the time being. It may not be the best controller in its class, but it has some cool features and once you get used to the faders, it’s not all bad! [...]
Alfa 159This post covers the interior lighting modifications made to my 2008 Alfa Romeo 159 TI.For the exterior LED conversion guide, click here. This modification is worth completing as a single project as the results are a dramatic change in the mood of the interior of the car at night. The original filament bulbs are very yellow so choosing a good LED that puts out a colour range around 6000K changes the feel of the car to a much cooler, relaxed and crisp feel.The parts required to complete this conversion are as follows: 7 x w5w / 501 Type bulbs (all CANBUS) (Puddles, Maps & Glove box) 2 x 42mm FESTOON type bulbs (CANBUS) (Cabin & Boot) Expected Cost: £35-40 Required Tools: One Bojo trim removal kit “Bojo Bars” (£30) …or a few screwdrivers and a steady hand! I personally used two of these Festoon type bulbs for the courtesy lights in the front of the car and the boot and four of these 501 type bulbs for the rest of the courtesy & map lights in the front and rear of the car. These were a good balance of brightness and colour, and matched well as I did not want to flood-light the car at night. For the puddle lights and the glove-box I wanted more light so I chose these 501 type bulbs that provided much more light output than the other ones, as these were areas of the conversion that would benefit from more light output. It is important to understand that the bulbs you use must be CANBUS ready. What this means is that the LEDs have additional resistance added to them that simulates the load of a normal filament bulb so that the cars internal computers do not think that the bulbs are blown. This is due to the fact that modern cars put a small electrical current across the lighting circuits to check that the bulb has not blown, and to report an error if it has, so you know to fix it. While the interior lights don’t report the errors, the circuit still has a small electrical current across it, so if you do not use CANBUS friendly bulbs you will find that some of the lights never turn off and instead stay illuminated (all be it quite dimly) forever! Here are some images taken from an iPhone, which explains why they look very dark. Its not actually dark at all!    The following expanding links give you the specific guides for each light unit to perform this upgrade yourself:   The front courtesy light is a single unit with several components in it including switches, alarm sensors and the B&M microphone so care is required when replacing the bulbs. The unit itself is held in place with a series of clips down each side that hold it against the roof lining (1a in diagram). You will need 1 x 42mm Festoon bulb (1 in diagram) and 2 x 501 bulbs (2c in diagram) to upgrade this component, below is the removal guide from eLearn: Like the front courtesy light, this unit is held against the roof lining by a series of clips (1a in diagram). care must again be exercised so as not to damage the unit during removal. You will need 2 x 501 type bulbs (1c in diagram) for this light unit. Below is the removal guide from eLearn: The puddle lights are located in the base of each front door and provide illumination of the ground when the doors open. They are held in place using a simple clip mechanism (1b in diagram) and are a self contained plastic unit which the bulb sits inside. You will need 2 x 501 type bulbs (1c in diagram) to complete both doors. The guide below from eLearn shows how to remove the units: The glove box makes use of the same style bulb holder as the puddle lights and requires a single 501 type bulb (2 in diagram). The eLearn guide below shows how to remove it: The boot light makes use of the final 42mm Festoon bulb (4b in diagram) and is located behind a simple clip on housing (1c & 1b in diagram). The eLearn guide below shows how to remove this: [...]
GeneralI have been working with a large retailer of late who is a heavy user of Sun & Solaris. As you can imagine, this is perfectly normal, and in fact, considered best practice for what they are doing. That said though, in an area such as retail, with low margins and profits based on sheer quantity, surely a leap of faith into the “dark side” or as we prefer to call it, Linux, would be a better option? Once upon a time the argument was simple, RISC architecture was simply ahead of the game, by a long way, but guess what, x86 grew up, caught up, and overtook. These days, the performance you get out of multi-core x86 is significantly more than it’s RISC based equivalent. I realise that point could be considered contentious by the purists out there, but for mainstream computing in a world that is ever more cost concious, I struggle see how any argument for RISC can win over x86. Once you have your x86 base, you can go with an x86 version of Solaris (not that you would) or thanks to Sun not playing silly games, you can actually use something useful, such as Redhat, Suse, Ubuntu or if you so desire, Novell.This additional flexibility is core to getting the base of your platform right. Large scale architectures need solid foundations to remain stable, perform and scale as desired. Lets consider it for a moment. Sparc vs x86 & Solaris vs Linux, well to be honest, there is barley anything in the comparison except cost. Sun make x86 hardware based on multi-core AMD processors which are blisteringly fast and being manufactured by Sun, they are rock solid. Now. If I were that retailer, I know where I would be looking to spend my money, but thats not what I am there to talk to them about, so I’ll keep it for my blog and not overstep my scope. [...]
InfoSecI was recently asked to comment on the new Chip & Pin attack created by Prof Ross Anderson from Cambridge University. In my original comment released to the press I make an assertion in relation to a change in process that “breaks the circuit” of this attack – see below: Jay Abbott, director in charge of Threat & Vulnerability Management, PricewaterhouseCoopers LLP (PwC), said:“Essentially, what the scientists have come up with is a very effective and simple way of exploiting weaknesses in the system. However, it is important to bear in mind that the fraud requires a very specific scenario to become effective. “A simple process change by the retailer of asking for the card holder to hand over the card would break the circuit, although this isn’t always possible as sometimes the card reader is fixed to a point on the other side of the counter. “At present, the customer is accountable for the fraud as banks argue that PIN verified transactions are secure. Given this attack demonstrates a clear method of bypassing the PIN system, this assertion by the banks stands on shakier ground.” With the original comment came a caveat, which as you would normally expect, was not quoted by the media, this caveat was that the process change suggested brought with it the opportunity for cards to be skimmed, which was in fact one of the original reasons behind the Chip & Pin changes. In fact, the change works in the favour of the retailer rather than the consumer, however, before you hang me, allow me to demonstrate the rationale behind this. Consider first that Chip & Pin is in fact “two factor” authentication, which anyone in the security business will explain is more secure than “one factor” authentication. The first factor is the card itself or the “chip” in this instance, the second factor is the “Pin” which in this context operates as a pass code. Given both elements are authenticators in their own right, both are required, and as such any attack must include them both. The attack designed by Prof Ross Anderson targets the Pin aspect of the authentication, and relies on the original card accessed through a series of technology components that have to be connected together in some way. The method shown in this attack makes use of concealment to hide these components on the person of the attacker, and relies on a custom built “attack” card with wires hidden up the sleeve of the attacker, back to the other components involved. The obvious way to therefore detect and prevent this attack at the retailer is by separating the card from the attacker, thus showing the wires and revealing the ruse. The cloning of cards must be treated separately as the current methods of cloning (that I am aware of at this point in time) only create “yes cards” which would not work in this attack scenario as they are not true copies and would be detected by the PoS equipment as fraudulent. As I understand it, there is no economically viable way of cloning Chip & PIN Cards effectively at this time. Any cloning would still focus on the magnetic stripe data, which can be easily cloned, but is not accepted by the retailers (usually) when a Chip & PIN card is presented. This of course is at the discretion of the retailer and out of the control of the consumer or the banks. This brings us to the counter argument, specifically in relation to the increased risk of your card getting skimmed/cloned by the retailer when you hand it over. Een if it were viable to clone the chip cards, given that a card skimmed by a retailer would typically not get the pin as well (this of course is not always the case), using the now cloned card would have to make use of Prof Ross Anderson’s attack method, which if the aforementioned process change was implemented, would not work, so in effect increasing the risk of cloning, but decreasing the risk of a successful attack using the cloned card and “breaking the circuit”. This of course relies on the premise that the use of the cards magnetic strip is in fact not viable, and therefore if anything, reinforces the use of Chip & PIN ironically. Of course in real life the Magstrip is regularly used, but that, again is outside the scope of this discussion and considered irrelevant in the face of the specific discussion around Prof Andersons attack. There is always of course the argument for using a small form factor wireless transmission device to remove the need for wires, but given the form factor of a credit card and the inability to alter this form factor without raising suspicion, I am personally unsure that significant enough range for a TX/RX comms loop could be achieved given the power that could be implemented into a credit card sized device. Again, in my original comments to the press I clearly stated that the system needed to be fixed, and that the attack was effective, so this is not me suggesting that we should brush this under the carpet, in fact it is simply looking at what we can potentially do NOW to protect the system, while its eventual upgrade is debated and planned. Don’t forget, in this context I am just as much of a concerned consumer as you. [...]