Fnord.

Yep, I finally had a project where I needed a cheap OSX-compatible analog input (gonna build a temp & humidity monitor using LM35CAZ and Ohmic SC-600), and finally had the forehead-slapping moment of

I don’t need an ADC per se; I need a board with ADCs on it.

Yep, for example an Arduino. So I’ve got one, $34, working already. One trick on OSX that tripped me up – you have to open the Arduino.app/Contents/Info.plist file and set the java version from 1.4+ to 1.5 – OSX bug. Otherwise you get RXTX errors, which are a red herring. Here it is, blink code and all:

Nice board. I got mine from Sparkfun, and it was here in a few days. Should be easy to hack on, there sure is a lotta chatter around this board. I suspect that the Arduino, just like my beloved mechanical watches, are fun because they’re hackable and comprehensible, two things that modern computers are increasingly lacking.

One of the languages I’ve wanted to learn for a while is Python. There’s a lot of interesting buzz about it, from Dr Chuck and the google app engine launch, and after skimming a book it looked quite cool. Going back a bit, Miro at Fermilab wrote their cluster control software in Python, and he and I worked together as his code was a client to my server. I also hacked around a bit in Sage for the ABC project.

However, for me at least, to learn a language I really need a project. Otherwise, as with Ruby, the new knowledge doesn’t get used and never transitions to permanent memory. When the chance came up recently at work to use Python on a NASA project, I was all over it and have been having an obscenely good time so far. It’s fast to learn, easy to code, almost fun to refactor, and has made tricky tasks quite simple. I’m a fan!

Today I found an interesting article in Embedded Systems, about a new platform from Synapse Wireless that uses a Python-based virtual machine for low-power mesh networks, on 8-bit chips. Similar to the Sun ‘Spot’ platform, but Python instead of Java. 

Those are some of the hardware for sale, there’s also an eval kit:

At 149 for the eval kit, I’m tempted. I’m a little annoyed that it doesn’t include ADC, though. You have to cough up $380 for their ‘network eval kit‘ or $145 for the ‘end device‘ to get that. Which is annoying; the entire idea of a sensor network is to have, y’know, sensors. 

Anyway.

Unlike the MSP430 ZigBee boards I’ve messed with, this one has some real advantages:

• Coded in Python! VM only takes 40KB of memory, which is impressive for an 8-bit platform.
• Write and deploy code interactively from the desktop via wireless – sorta like Spot but easier to use.
• Nice terminal strips for connecting your own hardware.

We use Bittorrent to download open-source software and also broadcast TV. (Just programs that are over-the-air free, as I don’t want the RIAA/MPAA mafia on my case). Unfortunately, bittorrent traffic really slows throughput on our network, and I can’t tell if the router or the DSL modem is to blame. I’ve tried setting BT as the lowest priority on the router, and also using the speed limiting features of the Transmission client we use. Neither solves the problem.

From googling and reading, it seems that the large number of TCP connections opened is the most likely culprit. However, that’s inherent to the BT protocol, so although I can limit the number of connections it’s not really a solution. From everything I’ve read, there simply doesn’t exist a SOHO router really built to handle the hundreds or thousands of connections.

After reading quite a bit and thinking about it, here’s my wishlist:

1. Wired-only router with 10/100 ports. Gigabit is nice but not useful given my connection speed.
2. Fanless, low power, no moving parts. This rules out using an old desktop machine.
3. VPN endpoint with at least PPTP support.
4. SNMP reporting ability.
5. IPv6 dual-stack or 6to4 support.
6. QoS/priority by protocol

1. Web GUI for setup and configuration
2. More than one IP and port on the LAN side, so I could setup multiple subnets
3. syslog support
4. Ability to have multiple WAN ports – someday I want to try BGP and similar routing.

M0n0wall is really close, but OpenBSD’s pf has a few unique tricks I don’t think Monowall can do:

1. Packet filtering based on TCP fingerprint. This is invaluable for spam blocking, as a rule that says ‘no Windows machines can connect to inbound SMTP’ is a nearly-complete block for botnet-generated spam.
2. Simple anti-spoofing, activated with a single line.
3. Packet scrubbing. (Read all about it)

After a lot of reading, my current solution looks like this:

That’s a Soekris 5501, which at 433 or 500MHz could actually run most of my server software too – more than a little overkill for this. Then again, for $320 its 2 to 3x the price of a SOHO router like my RV042. Liveable, and it’s worth it to get the capacity overhead.

Update 11/25/08: The m1m1wall firewall from Netgate looks better – $205 instead of 320, preinstalled with pfsense or m0n0wall. 256 vs 512MB, which is no problem. Best of all, you can get it in red!

For software:

1. OpenBSD plus pf, install via OpenSoekris. Update – see below, pfsense may be our winner.
2. pfw for GUI management and setup of firewall rules
3. SNMP from OpenBSD is looking pretty easy, and of course syslog and IPv6 are built in.

I like it. I think I’ll ebay off the 2U Cisco router, with its fans and 200+ watt heat, and buy one of these instead.

More reading if you’re curious:

1. Slashdot thread on routers, bittorrent, TCP connection limits.
2. Blog post OpenBSD on Soekris
3. SmallNetBuilder on Untangle, which is similar but Linux-based
4. OpenBSD on Soekris plus state-preserving failover (CARP, more advanced than I can use here.)
5. Soekris product page.
6. Soekris also sells a HiFn-based VPN accelerator chip, which can be added later if I need it. Nice.
7. IPv6 intro and IPv6 wiki.

As an amusing footnote, I was researching gigabit switches with SNMP support, so that I could monitor my backbone using Cacti. You can now get 24 ports of SNMP-managed gigabit for $300 from Netgear (GS724T), but the amusing part is that the 16-port version costs the same! Ahh, someday when I outgrow my 8-port maybe.

Update 11/18/08: Commenter timf points me to pfsense, which I had missed, and appears to meet every one of my wishes. Oops. OK, less work for me. Thanks!

Update 11/25: Added m1m1wall hw/sw combo.

Much more time. Check out this 38-part (!) series on creating an FPGA from scratch

Damned impressive. However, I fail the first requirement:

1. Make sure you have plenty of time to spare.

Ahh well. Impressive piece of work.

This is a new thing for Java to tackle. A sub-$400-dollar box for industrial controls and similar applications, which to do have mostly been C/C++/assembly or similar. Fully equipped, too:

Development kit is 1500, so its out of my price range, still pretty cool.
Full article is here on EE Times.