Mark Foster's Blog

Category: General

Review: Adafruit ARDX Experimentation Kit for Arduino
My dad got me an ARDX Experimentation Kit for Arduino for my birthday. I just finished all the 13 experiments and I have to say it is a pretty awesome kit and a good introduction to the Arduino. The kit comes with a variety of input and output components/devices including:
- 10x Red and 10x Green LEDs
- 10mm Blue LED
- 5mm RGB LED
- Force Sensor
- DC Motor
- Hobby Servo
- Shift Register
- Piezo Element
- Pushbuttons
- Variable Resister/Potentiometer
- Photo Resister
- Temp Sensor
- Relay
Also included are some transistors, resistors, diodes, etc. After you finish going through the experiments this gives you a good head start once you decide to build your own project.

Another bonus to the kit is that is comes with a custom cut piece of clear acrylic to mount the included Arduino and a bread board. There are wiring sheets you can cut out and overlay on the bread board but I didn’t find these necessary.

Code for most of the projects can be found online at the URLs mentioned in the instructions with the exception of the last two experiments. For the RGB LED experiment I could not find the code online and I had trouble with the code printed in the manual. I had to make the color arrays regular variables instead of constants to get the code to work for me. I could not find the force sensor code online either but the code printed in the manual worked and was pretty trivial to enter.

Overall I have to say this is a great kit for someone that would like to learn how to use Arduino to interface with real world devices.

The ARDX kit comes with many electronic components and breadboard wires. More than needed to complete all the experiments.

The Arduino comes packaged in an interesting little box.

A 9 volt battery clip and power plug are included so you can run your Arduino without a USB connection for power.

The manual is complete with a deion of all the components, and 13 experiments.

One experiment uses the Arduino in combo with a transistor to control a small toy/hobby motor. Code is included to shut the motor on and off and run the motor at different speeds.

Experiment 5 shows you how to use a shift register to effectively add many more digital outputs to the Arduino.

An RGB LED experiment demonstrates how to combine the base colors to create additional colors.

Experiment 13 demonstrates how to use a pressure sensor with the Arduino. The Arduino increases the brightness of an LED as more pressure is applied.
April 14, 2012
TreeBot

For Christmas 2011 Pictometry had a holiday “Throwdown” challenge. Each department was given box of miscellaneous items that had to be incorporated into some sort of creation. The box was handed off from one engineer to the next. Everyone was too busy. Finally, with two days left before the judging, it was time to take action. With much help from my fellow engineers I built TreeBot, a remote control Christmas Tree with all the trimmings and wireless video for remote operation.

It consists of my old Duratrax Evader RC car with a Christmas Tree mounted to it, Christmas lights on a power inverter, an iPod Shuffle playing Christmas tunes on an amplified speaker and a 2.4 Ghz video transmitter for remote operation. It is decorated with various items we had to use in our creation. We came in second place behind Finance who did a Christmas Carol play using the items as props but I feel it was a good entry representative of engineering given the time constraints.

I took some pictures of TreeBot as I took it apart in case we decide to build something similar next year:

TreeBot

We used a cheap amplified speaker and an iPod Shuffle loaded with Christmas music to give TreeBot a voice.

A 2.4 Ghz video transmitter was used to transmit TreeBot’s perspective to a receiver wired to an old analog video monitor another engineer donated to the cause.

If I were to do it again I would use a wider angle lens for the video camera. Navigating around corners was particularly difficult because of the narrow field of view.

We made the face out of materials provided. The eyes are made from little sticky foam beads shaped into balls and the mouth is a strand of foam peanuts.

TreeBot was lit up using a standard strand of incandescent Christmas lights (provided) using a cheap power inverter on a 3000mAh 3S LiPo Battery pack.

Presents were secured to the tree using zip ties. Nylon zip ties were used extensively throughout TreeBot.

A piece of wood was placed into each of suspension points to keep the car from sitting on the ground under the weight of the Christmas Tree.

The skirt of TreeBot consisted of two pieces of cardboard from the box we were given cut into two half circles and then stapled together to form a semi-cone. It was covered with wrapping paper and garland was zip tied around the edge. The skirt was then zip tied to the Christmas Tree stand.

The stand that came with the Christmas Tree was zip tied to the car’s frame.

Bolt’s were used as a standoff to level the Christmas Tree stand on the car. Zip ties were again employed to secure the Christmas Tree stand to the bolt heads.

It was not terribly shocking to find that the cheap power inverter wasn’t putting out the advertised voltage even though our input voltage met specifications. Regardless, it was enough to power a strand of Christmas lights.

This is the car frame after everything was removed.

The car has been returned to its former self.

April 1, 2012
Funbat Scratch Build

I just finished a scratch build of the Funbat, an RC plane design that uses Dollar Tree foam board designed by Bloody Micks. I posted build pictures here on RCGroups.com. Now I just need a nice calm day.

March 4, 2012
PHP/Apache running on Linux won’t connect to a PostgreSQL server
SELinux will block PHP/Apache from connecting to PostgreSQL (and probably any other DB) by default on some Linux distributions. If you are trying to get PHP to connect to a PostreSQL DB on a linux box for the first time and you are sure your pg_hba.conf on the target box is setup correctly then try this:
```
setsebool -P httpd_can_network_connect 1
```
This should configure SELinux to allow Apache/PHP to connect to other hosts.
January 25, 2012
National Broadband Map Review
The National Telecommunications and Information Administration (NTIA) in collaboration with the FCC has published a series of broadband maps on a new site called National Broadband Map (NBM). These maps show what broadband services are available throughout the United States as well as other interesting broadband data.

Hit this link and click the “Explorer the Map” option on their main page to see a map of the US with shaded areas where selected broadband services are available. You can click different selections above the map to toggle the various broadband technologies. To see other maps such as advertised versus actual broadband speeds click on the “Show Gallery” option in the lower right hand corner.

Rochester, NY does pretty well on advertised versus actual although there a few slower than advertised points here and there. Upload performance data is also available. Usually the cable and DSL providers don’t brag much about upload performance likely because in most cases it is lousy compared to download performance. I think upload performance will become more important to the typical internet user than it as in the past now that people are sharing their pictures and video online.

The NBM site use a variety of open source technologies including:
- JQuery – My favorite JavaScript library.
- Modernizr – A JavaScript library to detect browser capabilities.
- OpenLayers – Provides a JavaScript API to display WFS and WMS GIS layers.
- GeoServer – A Java based server software that provides WFS and WMS services.
What is particularly interesting about the site is the developer resources. They provide a series of API’s you can call from your own web applications to use their data. Output formats include XML, JSON, and JSONP implementations. If you want to use the data locally without the APIs you can download it.

I do have a couple criticisms regarding the maps and ironically, they are bandwidth related. The first is that there are too many tiles returned when viewing the default map of the US. I noticed the map was a little slow to fill in. When I enabled Firebug and clicked on the “Explore the Map” option off the main page, over 500 tiles were pulled down. In fact, Firefox/Firebug became unresponsive. I would expect less than 30 256×256 tiles need to be pulled down for a reasonably sized browser window. I wager there is something goofy going on like a bounding box not set for the area displayed.

My second criticism is that the site is not using gzip to compress JavaScript files. Modern web applications tend to lay on the JavaScript pretty heavy and this one is no exception. OpenLayers.js is nearly 1MB all by itself. By enabling gzip on sites with large JavaScript files you can significantly improve site performance. This is a good topic for a future post.

Overall I think the National Broadband Map Site is an excellent resource. It provides very useful data on broadband technologies/speeds, makes this data available via APIs or download, and also demonstrates a variety of open source web application technologies.

Is it worth the $20 million that contractors were paid to build the map? I would say certainly not at first glance but I would want to hear the whole story before I jump to conclusions. I.e. how much of that $20 million was spent on actual development? I am much more skeptical of the alleged $293 million required to collect the data.
February 24, 2011
MsMpEng.exe – Microsoft Security Essentials high CPU Utilization
If you are running Microsoft Security Essentials with real-time protection enabled on a machine running ThinkVantage Access Connections you might notice the MsMpEng.exe service consuming most of your CPU time. This will cause your Lenevo laptop to run obnoxiously slow. Allegedly this issue was fixed with a new version of Access Connections but on a laptop I was working on the problem persisted even after I updated Access Connections.

If logging is enabled in Access Connections the “AccConnAdvanced.html” file will continuously be updated. Microsoft Security Essentials appears to then scan this file over and over again after each change. This is probably causing the processor to burn your precious battery life away. This way Lenovo can sell more battery pack upgrades. 😉

There are two ways to fix this: Add an exception to Microsoft Security Essentials or disable logging in Access Connections.

If you want to continue logging Access Connection activity you can add an exclusion in Microsoft Security Essentials:
1. Open up Microsoft Security Essentials and click on the “Settings” tab.
2. Select “Excluded files and locations”.
3. Click the “Browse…” button and select the “AccConnAdvanced.html” which, should be under “C:\Program Files\ThinkPad\ConnectUtilities\” by default. Click “OK”.
4. Click “Add” and then “Save changes”. MsMpEng.exe CPU utilization should then drop to around 0%.
Here is how you can disable logging in Access Connections (at least on Windows XP).
1. Launch Access Connections: “Start”->”Programs”->”ThinkVantage”->”Access Connections”.
2. Once Access Connections is up switch the view to “Advanced” by clicking the “Advanced” button in the upper right hand corner.
3. Click the “Tools” tab and then “Diagnostics” and then the “Event Log” tab on the Diagnostics Tools screen.
4. Click “Disable Logging” and then click “Close”. The AccConnAdvanced.html file should no longer grow and MsMpEng.exe CPU utilization should drop to nearly 0%.
January 25, 2011
How to add a custom context menu to a Spark TextArea in Flex 4
There is a current known issue with adding custom context menus on a RichEditableText Spark component:
http://bugs.adobe.com/jira/browse/SDK-23926

This includes the TextArea component. Essentially, any custom context menus will not show up. There is a work around mentioned in the comments for the bug on Adobe’s website but I thought I would re-hash and show an example since this had me a bit stumped.

The work around is to attach the context menu to the TextArea’s TextDisplay object via the “textDisplay()” accessor method. I have created a simple example with source.
```
    
        
    
    
        
    
    
        
    
    
```
May 22, 2010
SWFObject flashvars, params, and attributes
I have been working with SWFObject a bit lately and was a little confused by how the flashvars, params, and attributes arguments for the embedSWF() function differ from each other and what exactly SWFObject did with them. Based on the documentation, I did a little experiment where I used each and then viewed the generated source using the Web Developer Toolbar for Firefox.

Here is my HTML and SWFObject JavaScript which uses the dynamic publishing method as described in the SWFObject Documentation:
```
Embed Fail
```
Here is what the generated source looks like after I load the page in Firefox and SWFObject has done its thing:
As you can see the attributes are just attributes to the object tag. The parameters show up inside of param tags with one param tag for each param following the object tag. I would be curious to hear if anyone has used the “attributes” and “parameters” arguments when embedding Flash with SWFObject and for what.

The flashvars argument is the most useful in my case because that is how you can get external data passed into the SWF. I think a lot of folks load in their data into a Flash movie using a separate call to load an XML document. That is the way to go if you are pulling a large amount of data dynamically based on some type of user input.

If you only have a few name value pairs that are not going to change, passing these in during the embed using flashvars is probably the better option. Assigning these values during the embed will save a second round trip you would normally make to get an XML document.

So let’s say you decide you want to pass in a couple key-value pairs to a Flash movie using SWFObject. In the code example above there are two key-value pairs we assign to flashvars: “my_flashvar1” and “my_flashvar1”. Now you will want access these two inside your ActionScript code.

For ActionScript 2 it would look something like this:
```
trace(_level0.my_flashvar1);
trace(_level0.my_flashvar2);
```
ActionScript 3 requires another line of code to get to the same place:
```
var paramList:Object = this.root.loaderInfo.parameters;
trace(paramList["my_flashvar1"]);
trace(paramList["my_flashvar2"]);
```
A word of caution: When you use SWFObject’s embedSWF() function there are quite a few optional parameters. Be sure that you put a “false” in for optional parameters you don’t intend to use before any parameters you ARE going to use. In the embed example below I want to use the flashvars option but I don’t want to use the option to specify an express install file so I put in a false in that spot. Also, just be careful in general because there are a total of 10 different arguments for the embedSWF() function (including all the optional ones) so it is easy to get them in the wrong order and such.
```
swfobject.embedSWF("Test.swf", "embedhere", "300", "250", "9.0.0", false, flashvars);
```
Take a look at the SWFObject documentation for a description of each parameter.

That’s it!
January 25, 2010
25 ways to insecurity

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors was recently released by CWE/SANS.

Most of the items are old news but I think it is a good checklist that should be on the boiler plate for web application design documents. By putting security requirements in the software specification and design documents, the project manager can then allocate time and resources to security aspects of development. In addition, it reminds developers to ask themselves if the software is meeting those requirements throughout the development process. This is opposed to thinking about security after the entire application has been written and discovering a fundamental design flaw that will require re-writing a good portion of the application.

I particularly appreciate that each item on the CWE/SANS list is weighted including weakness prevalence, remediation cost, attack frequency, attacker awareness, etc. No project has an unlimited budget but you can prioritize on where to focus your resources to achieve the most secure solution. Generally it is a good idea to ensure that the cost of defeating an application’s security far outweighs any benefits to be gained from doing so. The cost of defeating an application might include labor time, computing resources, fines, and threat of jail time with a cell mate named Bubba, etc.

It is quite a challenge to develop secure web applications because generally by their nature they need to accept user input. I believe that it is typically much more difficult develop a secure system than it is to break in to the system given the same number of hours so there is often more burden on the developer. It might take only two or three days to develop a working database driven web application but many additional weeks to harden it against attacks and make it reliable, scalable, and highly available. Including security requirements in the software specification and design is essential to planning and allocating resources.

Ideally automated tests should be included to continuously test vulnerabilities throughout the life of an application. This way security vulnerabilities introduced by code changes will be detected early in the development process instead of later in production. Automated tests could attempt buffer overflows, sql injections, etc. and could be executed prior to a developer’s check-in or on a nightly cron job that automatically checks out the code and runs the tests against it. Although costly to implement initially, automated security testing will likely pay for itself many times over the course of an application’s life. I plan to talk more about automated testing in future posts.

January 13, 2009
My Geek Christmas
I think we are done with our various Christmas celebrations and my friends and family over-did for me this year (as usual):
- Lego Imperial Star Destroyer – Star Wars Set 6211. My awesome wife got this for me. Many of the folks I work with at BlueTie have proudly decorated their cubicles with Legos and I am clearly behind in the Legos arms race. It is time to play catch up. I plan to post a build log on my photo blog site.
- Herbie the Mousebot Kit from the Make Magazine store, Maker SHED. It is a light seeking robot kit with just a PC board and some parts (soldering iron not included). The interesting thing about this kit is that it uses a simple LM386 audio amplifier IC as the “logic controller” instead of a PLC or micro-controller.
- Smart and Gets Things Done: Joel Spolsky’s Concise Guide to Finding the Best Technical Talent by Joel Spolsky. I previously have read Joel on Software (the book with the really long title/not the blog) and was interested in Joel’s take on hiring developers. Both books are mostly a rehash of content Joel has posted on his blog but in a convenient book format that can easily be read at my in-laws house over the holidays. It is a quick read and I finished it last weekend. I will post a review in a bit.
- Linux Application Development (paperback) (2nd Edition). Although I don’t have any allegiances to a particular platform, most of my recent development at work has been on Linux so I want to become more familiar with Linux system development.
- Java Phrasebook (Developer’s Library). I already have PHP Phrasebook (Developer’s Library) and found it pretty handy and now I have the Java version. Just a heads up though… it doesn’t have much Selvlet, JSP, or EJB stuff. All the examples can be done using J2SE.
- The Elements of Photography: Understanding and Creating Sophisticated Images. I have a photo blog in addition to this one and I am always looking for ways to improve my photography process beyond simple simple snap shots.
I also received some gift cards:
- Amazon.com Gift Card
- Barnes and Noble
I bought a little something for myself. My soldering irons are getting a bit old and I wanted a nice solder station to build my Mousebot with:
- Weller WLC100 Soldering Station For Hobbyist And Diyer
December 31, 2008
Another geek blog…

I intend to post my web development notes here for my own reference and in hopes that others might find some useful bits.

December 13, 2008