46 stories


1 Share

LED Matrix with ESPHome & HomeAssistant

When I'm in the workshop, I usually wear my hearing protection all the time. That's good for my ears, but it drives Kaddi nuts when she wants to talk to me. Because I will neither hear her scream, nor will I notice my phone buzzing in my pockets…

So of course I had to find a solution. I needed some kind of visual alarm and maybe a way to get a short message.


I decided to use a flashing light for the alarm and a LED pixel matrix for the message part. Connect both to an ESP32, add a few more components and voila…

Most of the stuff I already had. I just needed to buy the light and the LED Matrix.

Wiring it all up was relatively straight forward. I connected the all the ground and Vcc connections on the back of the matrix with some beefier speaker wires, so that all LEDs would get enough juice.

Matrix connections

To power the ESP32 I had planned to simply provide 5V to the Vin pin. Just like I usually do with my ESP8266s. However it just didn't want to work. After a lot of googling, I finally found the answer: on some boards the WiFi won't be enabled when powering from Vin. Only when powered via USB, the WiFi will work. What a pain.

So I cut up one of my many microUSB cables and soldered to that. Problem solved.

Everything else was simple. The MOSFET is used to turn on and off the 12V flash light. Since this uses up the only 3.3v pin, the arcade button is using the internal pull up and is wired to ground and a GPIO.

Component Test


The idea is to have a way to set a text in HomeAssistant and that will make the box flash and scroll the message on the display. To do so a text input helper was needed first in HomeAssistant.

    name: Message
    initial: ""
    icon: "mdi:chat"

Next an ESPHome config is needed. The code published by Richard Nauber got me quickly started, but I made a couple of adjustments.

# LED Matrix

  devicename: esp32-03
  xscrollpadding: "4" # in pix

  name: $devicename
  platform: ESP32
  board: esp32dev
# Enable logging

# Enable Home Assistant API

  port: 80

  password: !secret ota_password

  ssid: "W00t"
  password: !secret wifi_password
  # Enable fallback hotspot (captive portal) in case wifi connection fails
    ssid: "${devicename} Fallback Hotspot"
    password: !secret ap_password


########## Setup #######################

  - id: start
    mode: restart
      - switch.turn_on: led_matrix_flash
      - delay: 60s
      - script.execute: stop
  - id: stop
      - script.stop: start
      - switch.turn_off: led_matrix_flash
      - homeassistant.service:
          service: input_text.set_value
            value: ""
            entity_id: input_text.led_matrix_text

  - platform: homeassistant
    name: "Matrix Text"
    entity_id: input_text.led_matrix_text
    id: led_matrix_text
    internal: true
      - if:
              id: led_matrix_text
              state: ""
            - script.execute: start

  - id: tinyfont
    file: "ttf/dogicapixel.ttf"
    size: 8
    glyphs: '''äöüß!"%()+,-_.:*=°?~#0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz'
  - platform: fastled_clockless
    chipset: WS2812B
    pin: GPIO4
    num_leds: 256
    rgb_order: GRB
    name: "led_matrix"
    id: led_matrix_light
    default_transition_length: 0s
    color_correct: [50%, 50%, 50%]
    internal: true
    restore_mode: ALWAYS_ON
  - platform: addressable_light
    id: led_matrix_display
    addressable_light_id: led_matrix_light
    width: 32
    height: 8
    pixel_mapper: |-
      if (x % 2 == 0) {
        return (x * 8) + y;
      return (x * 8) + (7 - y);
    rotation: 0°
    update_interval: 200ms
    lambda: |-
          static int16_t xpos = it.get_width();
          const char * text = id(led_matrix_text).state.c_str();
          auto color = Color(0, 0, 255);
          int x_start, y_start;
          int width, height;
            0, 0, text, id(tinyfont), 
            &x_start, &y_start, &width, &height
          if(xpos < -1 * (width + $xscrollpadding)) {
            xpos = it.get_width();
          if(width <= it.get_width()) {
            xpos = 0;
  - platform: gpio
    pin: GPIO23
    name: "LED Matrix Flash"
    id: led_matrix_flash
    internal: true
    restore_mode: ALWAYS_OFF
  - platform: gpio
      number: GPIO13
      inverted: true
        input: true
        pullup: true
    name: "LED Matrix Confirm"
    id: led_matrix_confirm
    internal: true
        - script.execute: stop

My start and stop scripts control the flashing light and will stop the whole thing automatically after one minute. The stop script is also triggered by the button, so I can end the madness early.

I adjusted the scrolling code a bit so that words always scroll in from the right instead of weirdly starting at the left. If the message is short enough to be shown in full, no scrolling is done.

I'm using the Dogica font by Rob Mocci. It's an 8×8 pixel font, so it's perfect for the matrix display. To make the font available to ESPHome, I copied the font files to config/esphome/ttf via SSH.


With the software out of the way, it was time to put everything into a nice box.

I 3D printed this grid model off Thingiverse to have a nice separation between the pixels.

Matrix grid

For a diffuser, Kaddi had the great idea to cut up an IKEA Trofast storage container. The bandsaw made quick work of it. Strips of the same plastic were also used to keep the matrix in place later on.

Diffuser build

The front got roughly cut out of plywood on my scroll saw before a final cut and a chamfer was made on the router table. Use all the tools!

Front panel on the scroll saw

In the bottom I added two magnets. A old piece of metal got screwed on top of my homemade air filter and the magnets are used to fix the box up there. The power supply I mounted at the back of the box with some adhesive velcro.

Final product

diy, workshop, electronics, homeassistant, esphome
Similar posts:
I'm not sure if I will keep this model. I would prefer something brighter

Add or read comments to this article »»

Copyright © 2022 Andreas Gohr
This feed is for personal, non commercial use in the subscriber's feedreader only.
All contents (especially texts and images) are protected by copyright law and may not be republished outside of splitbrain.org without prior consent. Texts may be quoted in extracts under fair use policy. [digital fingerprint: sb97741286f601b4a0d496dc8bae242e6d]

Read the whole story
55 days ago
Share this story

Don’t Forget to Tune Stats Collector for PostgreSQL 14 and Older

1 Share
Tune Stats Collector for PostgreSQL 14 and Older

Recently I blogged about a significant improvement in PostgreSQL 15: PostgreSQL 15: Stats Collector Gone? What’s New? While there is great cheer for this upcoming improvement, we could see a few comments about “inefficiencies” in previous versions.

That brought me to the realization that even though the feature to tune stats collector is part of the official documentation and recommendations, and there were many blog posts in the past about it, I rarely see someone trying to tune it in practice.  So I feel it is worth a reminder again.

Option for PostgreSQL 14 and older

Simply, moving the directory in which the stats files are generated (stats_temp_directory) to a location in RAMFS or TEMPFS, which are RAM-based filesystems, can save the IO overhead while making the stats collector much more efficient and accurate.

PostgreSQL documentation also officially advises so to reduce the impact.

For better performance, stats_temp_directory can be pointed at a RAM-based file system, decreasing physical I/O requirements. When the server shuts down cleanly, a permanent copy of the statistics data is stored in the pg_stat subdirectory so that statistics can be retained across server restarts.

Reference: PostgreSQL Documentation

How much space is required?

The current location where stats files are generated can be checked by inspecting the value of stats_temp_directory.

On Red Hat clones, the default location will be within the data directory.

postgres=# show stats_temp_directory ;

and on Debian/Ubuntu, it will be in /var/run/postgresql, for example:

postgres=# show stats_temp_directory ;

Once the location is identified, it is just a matter of checking the size of that directory using

df -h.

Generally, it won’t be higher than a few hundred MBs. The size depends on the number of databases and objects (tables and indexes) within those databases. More importantly, what are the statistics collected, which is controlled by parameters like

  as mentioned in PostgreSQL Documentation.

Ramfs or tempfs?

There are two main RAM-based filesystems: ramfs and tempfs.

A ramfs can be mounted using a /etc/fstab entry like

ramfs /var/lib/pgsql_stats_ram ramfs size=1G,uid=postgres,gid=postgres 0 0

However, there are a couple of disadvantages. Even if we specify the uid and gid, as shown above, the

will be mounted as root :(. and we need a script or method to change ownership or grant permission to the “postgres” account under which PostgreSQL will be running.

Another problem with ramfs is that we won’t be able to see the size using the df command. But there is an advantage also: ramfs is dynamically resizable, and it can grow dynamically as needed.  This eliminates the problem of estimating the size required. However, ramfs cannot use swap if required, so there is a slight risk of a system hang, especially on those systems with high memory constraints.

Considering the risk and demerits, ramfs is less popular, and tempfs is the one which is generally used.

Here is a sample /etc/fstab entry for tempfs:

tmpfs /var/lib/pgsql_stats_tmp tmpfs size=1G,uid=postgres,gid=postgres 0 0

Once this filesystem is mounted, it will appear as a regular filesystem, unlike ramfs:

$ df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 1.0G 0 1.0G 0% /var/lib/pgsql_stats_tmp

And it is now a matter of instructing PostgreSQL to use this location as the stats_temp_directory. Please remember that this is a dynamic parameter and doesn’t need a PostgreSQL to bounce.

ALTER SYSTEM SET stats_temp_directory = '/var/lib/pgsql_stats_tmp';

We just need to signal (SIGHUP) the PostgreSQL to reload the new configuration.

select pg_reload_conf();

Another option is to make use of /dev/shm. However, it is recommended to maintain a subdirectory that is owned by the Postgres user account with strict permissions.

What are the options for DBaaS?

Restrictions imposed by Database as a Service (DBaaS) generally prevent the users from even starting to estimate the RAM-based filesystem required. Some of the cloud vendors like AWS give instructions on how to setup ramdisk for their DBaaS solution (RDS). Similar documentation exists for the Aurora offering, also. However, I couldn’t see any doc for size estimation.

Many other cloud vendors who offer DBaaS solutions are entirely silent about the stats_temp_directory.

Additional note

Taking the stat_temp_directory outside of the data directory needs additional care if we plan to run multiple instances in the same host machine. Each PostgreSQL instance/cluster needs to have its own stat_temp_directory.

Read the whole story
55 days ago
Share this story

Clicking past the warning that you are about to cross the airtight hatchway: Vulnerable file type that you are warned about


For some reason, there was a brief spike in security vulnerability reports related to a developer tool which has a specific file type for defining startup macros. When you ran the developer tool and installed a startup macro, the reports said that you could trigger a hang or a crash in the tool, which is a denial of service or potential arbitrary code execution.

Startup macros are already known to be dangerous because they are basically a miniature scripting language, and one of the commands in the miniature scripting language is capable of launching external processes with arbitrary command lines. It’s so dangerous that if you try to open it, the program first makes you acknowledge the danger.

Security Warning
You should only import startup macros from trustworthy sources because startup macros can run arbitrary executables. Would you like to import and apply this startup macro file?

In other words, this file is equivalent to code.

If you want to attack somebody with this file, you don’t have to play fuzzing games and prime the target address space with just the right kind of heap spray or sequence of allocations, so that you can deliver your crafted file that triggers an exploitable crash. There’s no need to go to all that effort. All you have to do is put your exploit directly in the macro file as a command line!

It’s like saying that you found a bug in the batch file parser that, with effort, could lead to arbitrary code execution. You already have arbitrary code execution because you’re a batch file. Instead of playing sneaky games with the batch file parser, just put the command you want to run in the batch file.

The people filing security reports against the developer tool had to click “OK” to get past the warning dialog that said, “Clicking OK may lead to arbitrary code execution.” And then they were upset that there was the potential for arbitrary code execution.

The post Clicking past the warning that you are about to cross the airtight hatchway: Vulnerable file type that you are warned about appeared first on The Old New Thing.

Read the whole story
55 days ago
Share this story

UNREDACTED Magazine Issue 004

1 Share

The FOURTH issue of UNREDACTED Magazine is now available for FREE:



Read the whole story
65 days ago
Share this story

Introducing Hintfo

1 Share
I was in the grocery store the other day and saw two young kids looking at a picture on a cellphone. (Well, "kids" may not be right; they might have been in college, but they all look so young.) One of them said, "Oh my Gawd! Is that real?" and the other immediately replied, "I don't know. Check the metadata!" I don't know what picture they were looking at, but clearly the concept of metadata has reached critical mass. These kids knew that, hidden in the file, there might be helpful and informative information, just waiting to be discovered.

There are lots of tools for displaying metadata, but most are too technical for the average user. The better tools just allow you to provide a file and see the metadata information. For this simple online "upload and see results" approach, one of the best tools out there was called Jeffrey's Exif Viewer.

Jeffrey's Exif Viewer was a basic wrapper around ExifTool for metadata extraction. This online service was very easy to use: upload and see the metadata. It was so widely used in the forensics community, that you could just mention "Jeffrey's" and people knew exactly what you were talking about.

As an online service, Jeffrey's evaluated all kinds of files -- not just pictures. However, it only displayed metadata. It didn't do any other kind of analysis. (In contrast, FotoForensics includes metadata along with other kinds of analysis, but only works on pictures. It's a different niche market for a different use case.)

Jeffrey's had been around for a very long time. (Since 2006!) But at the beginning of May this year, it suddenly went offline. If you visit the site today, all you see is a plain-text response: "Jeffrey's Exif Viewer is unavailable at the moment." It's been saying that for over four months.

I wrote to Jeffrey Friedl (creator of the site) and asked him about this outage. He told me that at the beginning of May, a few TikTok celebrities (is that really a thing?) mentioned his service. Those TikTokers had millions of followers, so his site was immediately slammed by users. The volume was so intense that it crashed his server.

But it was worse than that: Jeffrey said that he had been paying for bandwidth out of his own pocket. This was fine as long as it didn't cost him much to run it. However, this massive flood of users immediately ate up his bandwidth budget. Even with his crashed site, there were still people trying to reach his server and driving up his bandwidth costs. When the flood finally ebbed, he couldn't continue running this incredibly useful online service. (As I understand it, it's down until he can figure out how to afford to bring it back up.)

Even though I have my own forensic service, I occasionally used Jeffrey's, especially when talking people through how to do metadata analysis. As an analyst, it's good to know multiple ways to do the same task. When giving classes, I often recommended his online service. This is why it was quite a shock when it became unavailable and stayed down for months. Having it gone is a hardship.

Introducing Hintfo

There's definitely a niche for people who just want to evaluate metadata. While there are a few sites out there that do something similar to Jeffrey's, most are wrapped in ads and trackers, return minimal metadata, and/or run by questionable (and often unidentifiable) groups who don't say how they plan to use the data. (A few examples include exif-viewer.com, https://exifdata.com/, and https://jimpl.com/. I'm not including hyperlinks since I don't know who runs these services or how they use the data. You should use them at your own risk.)

After chatting with Jeffrey last July, I decided to create my own "just metadata viewer". Since metadata contains helpful hints and internal information about files, I named my new service Hintfo (it's online at https://hintfo.com/). It works as easily as Jeffrey's: You upload a file to Hintfo and it shows you the metadata.

Of course, I had to give it my own twist. For example, there are different types of metadata. The big three are external, implicit, and explicit.
  • External metadata is information about the file, but not stored inside the file. For example, if you look at the directory listing on your computer, each file has a file name and time stamp; those are external metadata. For forensic use, files are often tracked by a cryptographic checksum, like MD5, SHA1, or SHA256. Those checksums are computed based on the file's contents, but the checksum values are not stored inside the file.

  • Implicit metadata is information derived from structural information. For example, if the file format only defines one color channel, then the metadata extractor can determine that it is a grayscale or monochrome image. Most image formats also have fields that identify the image dimensions. The dimensions are not explicitly metadata; that's structural information that implies meta information.

  • Explicit metadata are what we usually think of when someone talks about metadata. These are usually well-known data structures, like EXIF or XMP, and contain informative information, such as modification times, authorship, copyright, or application information
Hintfo separates out the external metadata from the rest of the fields.

Different Views

When people start playing with metadata, the first things they notices are the different fields that are available (date, copyright, dimensions, etc.). Then they notice the different types of metadata (EXIF, XMP, IPTC, ICC Profile, and many more). However, the different types of metadata refer to different data structures. Different metadata viewers may display the same data structures differently.

For Hintfo, I always use ExifTool and MediaInfo for evaluating files. Phil Harvey's ExifTool is an excellent tool for extracting a wide range of implicit and explicit metadata fields. However, MediaInfo sometimes finds other ways to display metadata, and for audio and video files, it often provides more detail than ExifTool.

But Hintfo doesn't stop there. Depending on the type of file you upload, Hintfo may use other metadata extraction tools. For example, pdfinfo often displays more information about PDF files, 7zip displays information about zip files, RAR files, and other file formats. I also have metadata extractors for fonts, executable files, and a few other file formats.

Retaining Data? Nope

Although I operate both FotoForensics and Hintfo, I'm not running them the same way. The public FotoForensics service is a research service that retains data for use in developing new forensic solutions. Hintfo doesn't do that. I gave Hintfo very little disk space; it doesn't retain files for more than a few minutes. Moreover, the files are locked to your HTTP session; when your session expires (about 20 minutes), the file is gone.

So what does Hintfo retain?
  • The mime type of uploaded files. If I start seeing a ton of PDF files being analyzed, then maybe I'll figure out some better way to display PDF metadata. If I see lots of videos, then I'll look into adding better video support.

  • Anything that crashes. I've sandboxed and restricted the access of every metadata viewer. If someone figures out a way to crash a metadata viewer, then I want to know about it. At minimum, I'll alert the software provider and let them know about the crash. (E.g., If a file crashes objdump, then I'll keep a copy of the malicious file in order to replicate the crash and inform the maintainers of objdump. But I won't keep copies if there's no crash.)
Most people think that there's always a catch. If you're not paying for the service directly, then you're paying for it indirectly. However, I truly believe that the public needs access to more tools and better tools for evaluating files. Jeffrey's Exif Viewer was provided out of the goodness of his heart; I'm trying to do the same thing with Hintfo. With Jeffrey's being unavailable, I'm hoping that Hintfo will fill the void for a general purpose and easy to use online metadata viewer. Enjoy!
Read the whole story
67 days ago
Share this story

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

1 Share

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.”

A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019.

On June 22, KrebsOnSecurity published Meet the Administrators of the RSOCKS Proxy Botnet, which identified Denis Kloster, a.k.a. Denis Emelyantsev, as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer.

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog, which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.” Kloster’s blog even included a group photo of RSOCKS employees.

“Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”

The Bulgarian news outlet 24Chasa.bg reports that Kloster was arrested in June at a co-working space in the southwestern ski resort town of Bansko, and that the accused asked to be handed over to the American authorities.

“I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Kloster reportedly told the Bulgarian court this week. “I am not a criminal and I will prove it in an American court.”

Launched in 2013, RSOCKS was shut down in June 2022 as part of an international investigation into the cybercrime service. According to the Justice Department, the RSOCKS botnet initially targeted Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers; later in its existence, the RSOCKS botnet expanded into compromising additional types of devices, including Android devices and conventional computers, the DOJ said.

The Justice Department’s June 2022 statement about that takedown cited a search warrant from the U.S. Attorney’s Office for the Southern District of California, which also was named by Bulgarian news outlets this month as the source of Kloster’s arrest warrant.

When asked about the existence of an arrest warrant or criminal charges against Kloster, a spokesperson for the Southern District said, “no comment.”

Update, Sept. 24, 9:00 a.m. ET: Kloster was named in a 2019 indictment (PDF) unsealed Sept. 23 by the Southern District court.

The employees who kept things running for RSOCKS, circa 2016. Notice that nobody seems to be wearing shoes.

24Chasa said the defendant’s surname is Emelyantsev and that he only recently adopted the last name Kloster, which is his mother’s maiden name.

As KrebsOnSecurity reported in June, Kloster also appears to be a major player in the Russian email spam industry. In several private exchanges on cybercrime forums, the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010.

Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, the defendant in this case probably knows quite a bit about other top players in the botnet spam and malware community.

A Google-translated version of the Rusdot spam forum.

Despite maintaining his innocence, Kloster reportedly told the Bulgarian judge that he could be useful to American investigators.

“America is looking for me because I have enormous information and they need it,” Kloster told the court, according to 24Chasa. “That’s why they want me.”

The Bulgarian court agreed, and granted his extradition. Kloster’s fiancee also attended the extradition hearing, and reportedly wept in the hall outside the entire time.

Kloster turned 36 while awaiting his extradition hearing, and may soon be facing charges that carry punishments of up to 20 years in prison.

Read the whole story
67 days ago
Share this story
Next Page of Stories