Instagram filter used: Lo-fi
Photo taken at: Scarborough Historical Museum
Category: goatee-stroking musing, or something
-
Artisanal Hardware Random Number Generator
Artisanal Hardware Random Number Generator — scruss
(the Flickr page has popup notes about the circuit.)Trickles out a few thousand made-with-love organic random numbers per second to the attached Arduino. The circuit is essentially Rob Seward’s True Random Number Generator v1 (after Will Ware, et al) which uses a MAX232 to power two reverse-biased 2N3904s to create avalanche noise. Another 2N3904 amplifies the resulting noise into something an Arduino can sample using AnalogRead(). Many modern processors include hardware RNGs (such as RdRand in recent Intel chipsets) so this circuit is just a toy now.
My interest in random number generators didn’t just arise from yesterday’s post. I’ve had various circuits breadboarded for months gathering dust, so I thought I’d pull out the most successful one and photograph it. Hardware RNGs seem to be a popular hobby electronics obsession, and there are many designs out there in variable states of “working†and/or “documentedâ€. I wanted one that could be powered from the 5V rail of an Arduino, and didn’t use too many expensive components. Rob’s RNG Version 2 circuit and code is the basis, but I replaced the 12V external supply with the MAX232 circuit he used in version 1.
Perhaps the reason that there are so many RNG projects out there in various states of abandonment is that making a good, reliable hardware RNG is hard. Just a few of the things you have to think about are:
- Analogue sources of noise can fade over time; power supplies droop as capacitors age, contacts can corrode, … How do you deal with this fade? If the output becomes so small, can you rely on those few bits from your A→D converter to be useful noise?
- Could someone try to attack your RNG so they can influence the results of your secure transactions? How would you detect it? How would you signal to the data user that something is amiss securely, such that an attacker couldn’t fake distress behaviour?
- What if the generator just stops? How do you flag that in a trusted “no really i mean it and it’s really me saying this not some attacker honest no†way? There may still be a tiny bit of noise that your circuit picks up; are you sure it’s your kind of noise, or some attacker trying to inject noise into your system? Remember, testing for real noise is exceptionally hard, and you can’t guarantee that a hardware RNG that worked today will work properly tomorrow.
(I’d like to thank Peter Todd for providing most of those issues over a pint and a chat during from a keysigning event. Peter saved me from spending too many hours working on this by hinting that — just maybe — I didn’t actually know what I was doing…)
If you want to read more on how to build a proper hardware RNG, the article “Understanding Intel’s Ivy Bridge Random Number Generator†and its references make a good (if very technical in places) introduction. I’m nowhere near paranoid enough to experiment further with RNG design, although I do have all the components to build an LM393-based XR232USB…
-
Like I need /more/ pens…
Uhoh. Wonder Pens sells pens — neato pens — and they are in Toronto. The Platinum Preppy they sent me free with my first order writes better than any $4 fountain pen should.
-
Ten year blog anniversary!
I’ve been at We Saw a Chicken … for 10 years now. From a tiny first post to now, it’s always been filed firmly under “misc.â€: no theme, no ads, no plan, and (until recently) no readers ☹
It’s been on two different hosts and two different platforms. It’s still obscurely named. It took a brief orange-carpeted journey into the 1970s. Dave‘s picture of a tiny bunny in my hands still gets more hits than I can believe. There was the whole WindSave thing, and the whole other pointless and ugly megabins thing. Then there was Raspberry Pi and The Quite Rubbish Clock; I got more hits in a week than I got in the previous nine years.
-
clean up your GnuPG keyring
For reasons too annoying to explain, my GnuPG keyring was huge. It was taking a long time to find keys, and most of them weren’t ones I’d use. So I wrote this little script that strips out all of the keys that aren’t
- yours, or
- signatories to your key.
The script doesn’t actually delete any keys. It produces shell-compatible output that you can pipe or copy to a shell. Now my keyring file is less than 4% the size (or more precisely, 37‰) of the size it was before.
#!/bin/bash # clean_keyring.sh - clean up all the excess keys # my key should probably be the first secret key listed mykey=$(gpg --list-secret-keys | grep '^sec' | cut -c 13-20 | head -1) if [ -z $mykey ] then # exit if no key string echo "Can't get user's key ID" exit 1 fi # all of the people who have signed my key mysigners=$(gpg --list-sigs $mykey | grep '^sig' | cut -c 14-21 | sort -u) # keep all of the signers, plus my key (if I haven't self-signed) keepers=$(echo $mykey $mysigners | tr ' ' '\012' | sort -u) # the keepers list in egrep syntax: ^(key|key|…) keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;') # show all the keepers as a comment so this script's output is shell-able echo '# Keepers: ' $keepers # everyone who isn't on the keepers list is deleted deleters=$(gpg --list-keys | grep '^pub'| cut -c 13-20 | egrep -v ${keepers_egrep}) # echo the command if there are any to delete # command is interactive if [ -z $deleters ] then echo "# Nothing to delete!" else echo 'gpg --delete-keys' $deleters fiFiles:
- clean_keyring.sh (SHA-1 checksum: 8c71dabca84c33201184fe348ae35310622d2be6)
- clean_keyring.sh.txt — gpg signature.
-
A better image rollover with Ultimate TinyMCE
Probably best to retire my ad hoc image rollover in wordpress, as Ultimate TinyMCE has it covered. Sure, it’s a plugin, but it makes it so much easier. After uploading your two images, select an image and put the two URLs into the Mouse Over/Out fields:
Easy! And no digging into the page source, either.
-
I’ve been waiting for this day for more than 30 years …
I really never though I’d see this happen, but The Complete Uncle really looks like it’s going to get published.
-
Forward to Libraries: Toronto Public Library added
If you’re starting your research on Wikipedia, you’ll need to see what books are available on a subject for further study. Previously, you’d need to trawl the references manually, but John Mark Ockerbloom‘s Forward To Libraries (FTL) service makes that a whole lot easier. What FTL does is allow you to reach into nearly any library’s catalogue search from a subject link on Wikipedia.
John’s been getting some great press on this service, so I asked him to add Toronto Public Library to FTL. Here’s how it works:
- First, visit the FTL: Toronto Public Library page. This sets a cookie in your browser so it will remember to direct links to TPL.
- Now, let’s do some browsing … how about reading more about Nellie McClung, the Canadian feminist, author, social activist and politician:
- If you scroll down to the External links section, there’s a Library resources box:
- If you select the About Nellie McClung: Resources in your library link, you’ll be taken to the TPL search results for books about her:
- If you select the By Nellie McClung: Resources in your library link, you’ll see all the books written by Nellie in the Toronto Public Library:
Pretty neat, huh? Try other articles, like Pierre Trudeau, Arduino or the Canadian Shield.
It’s not actually that hard to add Library resources boxes to Wikipedia articles. There’s a tutorial in the Template:Library resources box page that shows you how. Researching the locator is the most difficult part, and that gets a lot easier the more you add.
-
hey, it’s the sun … heyu and sunwait and cron on the Raspberry Pi
Yep, springtime’s coming, and today’s the first day I know it, despite the -5.8°C outside. I know spring is coming because my sunrise-adjusted lights came on before my alarm today. I’m controlling them with a Raspberry Pi, cron, and X10.
I’d described how to build and use heyu previously, so I won’t go into it further. I use sunwait to control the timing relative to local sunrise and sunset. Sunwait is a simple C program which builds quickly, and you can put the executable somewhere in your path.
(NB: newer versions of sunwait use a completely incompatible command line format. Everything here refers to the 2004 version I linked to above, which does exactly what I need in the way it’s described here.)
You need to know your latitude and longitude to use sunwait. To check its setting for the day, you can call it with the
-poption:$ sunwait -p 43.729N 79.292W Using location:            43.729000N, 79.292000W Date:                       6 Feb 2013 Local time:                 7:44 Day length:                10:13 hours With civil twilight        11:10 hours With nautical twilight     12:18 hours With astronomical twilight 13:25 hours Length of twilight: civil  0:28 hours                  nautical  1:02 hours              astronomical  1:35 hours Current specified time zone: EST (-5 from UTC) Sun transits meridian 1231 EST                   Sun rises 0726 EST, sets 1736 EST       Civil twilight starts 0656 EST, ends 1806 EST    Nautical twilight starts 0622 EST, ends 1840 EST Astronomical twilight starts 0548 EST, ends 1913 EST
So for me, today’s sunrise is at 0726, and sunset is at 1736. All sunwait does is wait until a specific solar time is reached, and then exit. Whatever command you call after sunwait, therefore, is what gets run at the right time. So if I wanted X10 device H1 to come on an hour before sunrise, I’d run:
sunwait sun up -1:00:00 43.729N 79.292W; heyu on h1
Remembering to run this every day before sunrise would be a pain, so this is where cron helps. cron uses a slightly odd config file that is edited using the
crontab -ecommand. Here’s the relevant bit of my crontab, showing the light control times:# m h dom mon dow  command  01 00  *  *  *  /usr/local/bin/sunwait sun up -1:00:00 43.729N 79.292W; /usr/local/bin/heyu on h1  02 00  *  *  *  /usr/local/bin/sunwait sun up +1:00:00 43.729N 79.292W; /usr/local/bin/heyu off h1  03 00  *  *  *  /usr/local/bin/sunwait sun down -1:00:00 43.729N 79.292W; /usr/local/bin/heyu on h1  45 22  *  *  *  /usr/local/bin/heyu off h1
(you can view your crontab with
crontab -l)The columns in crontab are:
- minute
- hour
- day of month
- month
- day of week
- command
So the four crontab lines mean:
- Every day at 00:01, wait until an hour before sunrise and turn light H1 on
- Every day at 00:02, wait until an hour after sunrise and turn light H1 off
- Every day at 00:03, wait until an hour before sunset and turn light H1 on
- At 22:45, turn light H1 off.
So for quite a bit of the day, there are a couple of sunwait tasks just quietly waiting until sunrise or sunset to do their thing. cron, incidentally, is picky about executable paths; that’s why I specified full paths to both sunwait and heyu.
What I’d really like to do is have time on this machine update without a network connection, because it’s running from a particularly messy router set up in a spare bedroom. I should investigate a real-time clock, with GPS time updates from an I²C GPS, talking through a bluetooth console. In my copious free time, of course.
