Posts

Showing posts from 2018

A portable Program Increment (PI) planning wall

Image
Program Increment Planning is a powerful piece of the SAFE framework that provides a structured way of managing cross team work in time blocks larger than a development sprint.  It provides Program level view into something that is otherwise a set of independent of team streams. My current team meets for 1-1/2 days on a quarterly basis to align the next quarter's deliverables.  We bring in our 5 development teams, the product owners, the business line product owners and our cross functional support teams, DBA, CM, OPS, etc.  This meeting gives a one wall view of our coordinated deliverables and exposes our cross team dependencies and their timeframes. Our PI planning wall is normally 8 feet tall and probably 8 feet wide.  We have struggled with how to maintain the wall after the PI planning so that we can track how well the plan reflected the actual work we do/did.  I recently visited with AmTote International. Their Agile Program Director gave us a quick walkthrough of their

My first DEFCON Experience.

Image
DEFCON is the   hoodie conference that follows the BlackHat  suit  conference.  It has a very different feel from other security conferences with no corporate sponsors, no advertising, no marketing mailing list and an aggressive inclusion policy.  Normally I can go to a conference, sit in some sessions and do a little lab work and feel like a success.   DEFCON is all about participation and inclusion.  There is an entire wall of competitions often called Capture the Flag (CTF)  that originate in the various villages.   It has 20+ semi-structured lab tracks.  Attendees literally wear the results of their conference activities. DEFCON 26 was my first visit to the Las Vegas hacker conference.  I was completely unprepared for the almost any of the lab / village sessions that I worked on.  It was still awesome but I would have gotten so much more out of it with some serious preparation. Prepare There is a good chance  you will be a complete poser  at DEFCON if you are not al

The DEFCON 26 Experience Day 0 Registration

Image
The CON is what you make of it . I arrived in Las Vegas at my first DEFCON the night before registration.  We finally got to bed around 1:30 in the morning.  The registration line had already started... DEFCON 26 Registration The main part of the conference starts on Friday.  Workshops start on Thursday. Registration starts Thursday morning at Caesars. Most of the activities start on Friday. I got in line Thursday at 5:30 AM along with several thousand of my closest friends.  Some folks spent the night in order to make sure they got the electronic badges.  Another few thousand joined the line behind me. You basically show up at Caesars with $280 in registration cash for plus whatever cash you need to purchase shirts and other SWAG.  I'd recommend having access to other cash in case you run into other swag you want from the villages or vendor area. Registration opened at 6:00 AM.  They register approximately 20,000 people on Thursday. Registration is a cash only, no rece

Who shares in a company's success?

Profit sharing is designed to reward hard work and drive behavior for the good of the business. Hewlett Packard had a profit sharing plan in the 80s and 90s that fed all job titles and pay ranges.  I participated an HP plan that made all profit sharing plans after that point complicated, opaque and tilted towards the higher paid employees.  The HP 10% Profit Sharing Plan HP distributed 10% of the company's profit to the employees on a semi-annual basis . This meant everyone was reminded of the company's health every 6 months.  Seniority and time served played no part in the formula.  This was unlike many of today's two tiered retirement or incentive programs where younger hires have weaker deal. The Profit Sharing bonus was pro-rated based on the employees salary capped at $100,000  basis.  The pro rating and salary cap meant the paid out dollar amounts for factory line employees and executives profit sharing amounts were closely aligned. Payout The HP plan paid e

Caution: Feed an Open Source Project and it might become yours.

Image
Hear my cautionary tale, I fed an OSS project 14 years ago. This article was published in 2018.  It followed me home and I've been keeping it on life support since that time.  OSS is great but  know this  about small or slow moving projects: "it may follow you home if you feed it"  We needed a patch for a project back in 2004. The original author wasn't interested in the project any more. I became a contributor and pushed out that release and 10 more with ever slowing rate of change.  The last release was mid 2015.  You would think the project was dead, given that the last release: migrated to Windows 7 APIs, added mostly stable 64 bit support, compiled against java 6 and used Visual Studio 2013 for the MS integration. Soruceforge dropped the project version control system, CVS, in 2015. Two folks recently (2018) submitted a couple new fixes. A quick site check showed the project still has over 900 downloads per week! That was a surprise. That compelled me to p

Demonstrating Docker on Raspberry Pi is more than a party trick.

Image
Big pieces of the 2018 Microsoft Build conference were about applied machine models and secure IOT. One of the keynote demos was called "Scott or Not" where a Raspberry PI used a machine learning vision model to determine if the person in front of a camera "looked like Scott". Some of the most interesting parts of the demo were not obvious without a both demo later in the day. Hobbyist are often ok with a hand crafted build using manual script instructions. That approach doesn't work in a commercial environment with 100s or 1000s of units. Microsoft took a more enterprise approach by creating a modular demo that supported easier automation. The demonstration code is organized in a modular fashion using Docker images. Individual functions of the pipeline are isolated to their own containers. This makes it possible to update tools, languages and code without any updates to the core system. Demonstration Flow The diagram on the right shows the flow for the vi

Cinema Display LED control with 9V-12V ESP8266 Web Switch

Image
I picked up one of the A 4 Cinematic Light Box  devices to use as a team sign in an Agile Program Increment planning meeting.  The unit requires 6 AA batteries. That seemed wasteful so I added a 9V barrel jack to it to power it with a 9V wall wart. The next step in turning a $15 box into a $40 project was to add an ESP8266 relay board to enable WiFi control for the sign light.  My controller is ESP8266 Link Sprite LinkNode R1  that was locally available at Microcenter for $11. Basic Circuit. The basic idea is to turn the ESP8266 into a 9V switch that needed no external power. I wanted to tap the 9V intended for the display LEDs and drop it to 5V to run the ESP8266 without need of a 2nd power source. Two diodes tap power from either jack and sends it to the ESP8266 and relay circuits.  It doesn't matter which jack is used as the inbound power source and which as the outbound to the display. Either will work because of the two diodes. They are arranged a way that doesn

Protecting the Pi: Restricting SSH to the USB gadget

Image
Why? ssh is a remote login that is pretty much the only way to work on a headless Raspberry Pi without an attached keyboard/monitor or serial console cable. Remote login capability is a security risk even with something like SSH.  There are some good articles that describe how to lock down SSH via password change or other security measures. I decided to limit SSH to specific network interfaces. Raspberry PIs can have several network interfaces. The only hardwire network interfaces Raspberry Pi Zero when it is in Network Gadget mode. I only truly trust the USB private LAN ( usb0)  since it requires a direct connection and cannot be directly seen by any other device. Interfaces Our Raspberry PI can have several different Network Interfaces.  All of them are candidates for allowing or denying SSH or other inbound access. Linux lets us manage ssh by letting us configure port related ALLOW / DENY on all network interfaces. We can create inbound iptables firewall rules.  The scrip

Create unique Raspberry Pi host names

Image
Why bother? IOT can generate a lot of things, with each new function implemented by a new device.  Raspberry Pi devices are unix systems where each one has a name. It works best if the names on the network are unique. Manually naming IOT devices can get pretty tedious.  The following script generates a "unique" host-name based on existing device specific identifiers. The script can generate host-names based on identifiers or retrieve host names from a config file. Better living through scripting Run the script as a non privileged user to see the calculated name. Run the script with escalated privilege to change the host-name. Past the following into a file on your Raspberry Pi. This file is available on GitHub #!/bin/bash # Created 2018-03-20 http://joe.blog.freemansoft.com # derived from 2017-08-18 https://raspberrypi.stackexchange.com/questions/42145/raspberry-pi-hardware-id # script to set Pi hostname based on MAC (or Serial number) # This script should be

HTTP control, relay control and OTA/HTTP firmware updates using an ESP8266 for just $11

Image
The ESP8266 came out a few years ago and people were really excited about its capabilities. I stayed away from it because there were no tools, no decent peripheral libraries, and a questionable supply chain.  Fast forward to today and the situation has dramatically changed. Software development is now supported in the Arduino IDE, the PlatformIO development platform and by NodeMCU. Microcenter stocks several different ESP8266 boards by AdaFruit, Link Sprite, and others. They had the LinkSprite with mounting holes, a relay and onboard voltage regulation for sale at $11 so I bought one. The board is smaller than a playing card but larger than many other ESP8266 SBCs. I like the Link Sprite because it is case ready and has soldered-in headers for peripherals. The  Link Sprite LinkNode R1 is essentially compatible with the Wemos D1 retired from a programming point of view. A video version of this blog is available on YouTube . A Simple Program for Relay Control This program on Git

Setting up the Raspberry Pi Zero without HDMI or OTG

Image
The Raspberry Pi Zero W is a full featured Raspberry Pi that includes USB, GPIO connector and built-in wireless connectivity. The main limitations of the Pi Zero is its' lack of USB ports, the use of USB OTG and weaker single core CPU, similar to the first generation Raspberry Pi. A raspberry Pi Zero is an ideal device for embedded applications where higher level programming capabilities and a Linux footprint are desired. Pi Zero Programming Options The Pi Zero is a full featured Raspberry Pi with built in video, HDMI, USB, and a full Linux operating system.  You have exactly the same development platform options as the Pi2/Pi3.  The Pi Zero's USB OTG feature means that the Raspberry Pi Zero can act as a peripheral instead of acting as a controller.  Raspberry Pi developers have written drivers/gadgets that emulate USB disk drives, USB Ethernet adapters and others.  The Ethernet gadget makes the Pi Zero appear to a USB connected computer as if the Pi was an Ethernet card th

DotNet Core script case sensitivity on Linux systems, like AWS AMI

I recently ran into an issue where I was unable to deploy a DotNet Core 1.0 application in AWS using their CodeStar / CodePipeline / CodeDeploy / CodeBuild tooling.  The REST service started off as a simple demo .Net 1.x ASP.Net that was generated as a demo in AWS CodeStar.  I converted the source code, build and deployment components to DotNet 2.0. It worked great. Problem The service build / deployment broke in AWS when I added Swagger endpoint documentation that included information from C# XML documentation generated and stored an XML file. Startup failed saying they couldn't find the <ServiceName>.xml documenation file. This manifested as a build failure in CodePiepline/CodeDeploy. bin\Release\netcoreapp2.0\TokenService.xml not found Builds ran and deployed fine on my local machine in Debug and Release modes. Cause Microsoft's recommended " dotnet publish " command line may generate conflicting path with csproj files when using manipulating an