Driver station coding and other
 

Okay, I accidentally caused another thread to get hijacked and locked, so I thought I should create a new one specifically for this topic.

After my first season, I'd like to say is that, truthfully, the FIRST tools are poorly thrown together. Although I'm not as experienced here as some people, I'd like to say a few things about them and ask if anyone agrees.

The robot itself runs an unprotected FTP server. I really fear someone exploiting this, and I've already demonstrated that this is possible (no, I won't post the code). IMHO, they should either use a password, or, better yet, use encrypted SSH file transfer (SFTP).

The compiler doesn't support anything besides Windows, and some of us prefer Linux. The IDE I don't care about (I never use IDEs, just makefiles), but FIRST is limiting users' experiences by limiting who can program and on what operating system. IMHO, they should provide a build of the WPI library and compiler for Linux.

Another this is the library. Although it's obvious that tremendous effort was put into it, I can tell that it was rushed to be finished before the build season started. All I can say is that I hope it's better next year.

Agree? Disagree? Another other notes?

Re: Driver station coding and other
 

Do remember everything starts with bugs no matter what it is technologically. Things have to be fixed over time. I think if they keep this system it will eventually give us some better results. Interesting thoughts though.

Re: Driver station coding and other
 

I noticed this while playing with some file system stuff last year for some recording code and it didn't occur to me to bring it up during the beta or to use it for evil. Although shouldn't the encrypted bridge prevent such things from happening?

If I remember correctly, it has been this way (i.e. Windows "only") for a while and the new technology is just allowing the beginning the future of what can be done. It's just a matter of time.

Suggestions? Point out what's wrong to the developers of the libraries, otherwise it won't get fixed. Very hard to fix what isn't noticeably wrong.

-Tanner

Re: Driver station coding and other
 

Agreed, all this code is written by WPI Grad Students, who have lives of their own, its OKAY to mod their code! You can even send it to them and maybe they'll reconsider their methods

Re: Driver station coding and other
 

Isn't programming with the Java language already possible on non-Windows platforms?

Also, I should hope we can trust teams to be graciously professional enough to not hack the system.

Re: Driver station coding and other
 

This thread is very likely to go the same route as your posts in the other thread did.

Having said that I will repeat my claim that the robot is protected by WPA encryption when on the field. WPA encryption has not been fully cracked to my knowledge, although there are vulnerabilities with the handshaking which allow for offline dictionary attacks. I don't recall the exact length or nature of the keys in use but I believe they are randomly generated keys that at the very least contain lower case, upper case and digits. A key generated in this fashion, even of the minimum 8 characters, should take far too long to brute force unless you are extremely lucky.

If I am wrong and you have a way to crack a WPA key in a timeframe that would be useful for attacking the FRC network please let me know what it is via PM and I will gladly test it and agree with you after confirming it works.

An FTP password would either be obnoxious for teams (randomly generated) or more vulnerable to a dictionary attack than the WPA key (team chosen)

Re: Driver station coding and other
 

I believe I read somewhere (don't bother asking for a link) that all of the bots on the field are isolated between the DS and the bot, so no team can access another team's bot. This is most likely why you get assigned a specific station, since only that one is setup to recognize your robot IP

Also, Java can be built from linux. That's the entire point of Java, to be platform-independent. The robot runs a VM, so Java code can be made from any old java compiler.

Also, C++ is using a slightly modified version of GCC, so if you set the right command-line stuff I think a regular distribution of GCC might work

Re: Driver station coding and other
 

I never tried connecting to the wireless network while at the competition, but software on the robot or driver station, which are already on the network, could access other robots' files. This would mean it would have to be someone in the competition doing it, but that's still a vulnerability.

The FTP is handled behind the scenes by the IDE, isn't it? I suppose changing it to SSH and adding a password would be easy and require minimal user interaction, since the IDE can save the password just like a web browser would for your email.

As for the library, there was some messed up thing that had to be done with double inheritance with the Jaguar class, and I think a few bugs I can't remember. The naming scheme is also a bit arbitrary, but there wasn't anything too major (that I'm aware of), and I suspect that it's just because it's a relatively new technology.

And Java programming on Linux and Mac, while possible with the special bytecode thing it uses, would still limit our choices. If my preference is Linux and C++, I shouldn't have to choose between the two, should I?

Re: Driver station coding and other
 

The field control setup uses separate VPN for each team so being on "the network" does not give you access to other team's robots.

As for the FTP, while most teams use it simply for uploading code built through their IDE of choice quite a few teams use it for other things such as autonomous scripts, log files, and saving images.

Re: Driver station coding and other
 

Ah, okay. That's good to know.

Re: Driver station coding and other
 

Close. the field doesn't do VPNs, but it does do VLANs for each team. This means that traffic through the wifi router is effectively on six different subnets with no routing between. Also, the bridge is configured to join the network hosted by the field.

Greg McKaskle

Re: Driver station coding and other
 

Uggh, that's what I get for second guessing. I thought it was VLAN's but remembered a post that said VPN.

Re: Driver station coding and other
 

The WPI library would be the same if built on linux because the target is still the robot.

Building a cross environment on Linux would require
- build a ppc cross compiler for x86 linux
- integrate and test compiler in eclipse
- test the method for downloading the code to robot
- support all of the above for all the users

versus
- taking the existing wind river environment and deploy

When you consider that supporting the environment on windows is taking
all of the current volunteer time, you can see why adding another platform of
limited utility to a small number of users is not a priority.

If you can convince a small group of robo linux enthusiasts to build the
environment, you could grow support for this endeavor.

Re: Driver station coding and other
 

GCC was ported to Linux almost twenty years ago. It can be easily targeted to vxWorks PPC.
Not really. Eclipse already runs on Linux as well.
FTP on a normal non-VPN connection. (or non-VLAN or whatever)
Which required Windows. As I said, not everyone uses Windows.
Good idea. This would be easier, of course, if there were some sort of open specifications on how the virtual terminal monitor thing works. Is it SSH? Telnet? RSH?

In the meantime, I'll try getting GCC and WPIlib to work together on Linux and maybe write a small IDE in PyGTK.

Re: Driver station coding and other
 

Yes, but an attacker can only get to the robot through the WPA encryption

1) FTP transmits passwords clear-text, so adding a password to normal FTP is pretty pointless.
2) SFTP isn't very common, FTPS (SSL) would be a better option.

1) the build of WPIlib would be the same, as it will be built for the target system :P
2) Java is already supported for ``Linux''
3) C++ is not out-of-the-box supported on *NIX systems, people have gotten it working. Notable posts I've found are here, and here. I haven't tinkered with this, as we used Java this year, and have been pretty busy. Now that we've been knocked out of the competition, I think I'll get this working, and throw together a .deb package.*
4) LabVIEW can be developed on ``Linux'', but you must specially request the Linux version of LabVIEW (no cost for FRC teams). Though the RTM needed to deploy is Windows only.
5) Just be glad that the whole thing is open-source, and not a black-box system like 2008 and earlier.

All I can say is that I hope you file some patches before next year. It's fully BSD-3 licensed, on a public SCM. When free-software sucks, you don't get to gripe about it, you find what you don't like, write a patch, and fix it.

*If anyone has any pointers on getting this working, or has experience with other package formats, PM me.

Re: Driver station coding and other
 

Yes! Pygtk FTW!

I have made some mockups in the past of a tabbed toolbar IDE, would you like me to post them here?

Re: Driver station coding and other
 

Sure.

Although not my preferred language/toolkit combo, PyGTK would be portable to both Linux, Mac, and almost anything else with Python and GTK.

And now GCC is slowly downloading, configuring, compiling, etc...

Re: Driver station coding and other
 

They are Grad students, they DON'T have lives of their own.:D

The issue I mentioned before is that you don't NEED to break the WPA key (which I can do fairly consistently in less than ~30 mins).

All you have to do for this system is make the wireless 'reconnect', which will make it reconnect, thus getting stuck in 'disabled' mode for the rest of the match. Making the wireless connection reset is extremely easy, and I'll leave googling it as an exercise to the reader.

Since hacking a WPA key takes a short period of time, a person in the stands could capture the hash during practice/qual matches, then crack them at their convenience. This would allow the person to alter the assembly on the cRio at the wrong time, which I would imagine could cause immense problems.

Re: Driver station coding and other
 

I'm not sure security is something to be focused on in FIRST as the spirit of gracious professionalism is always in play. When I was a freshman, FIRST still used the old radio receivers which I bet would probably be easier to mess with than the current routers.

Will the system ever be perfect? No.
Will it every be 100% secure? No. Does it need to be? I don't think so.

With the field having a reputation of having errors every few regionals, I don't think adding a better security system in the communications would help one thing a bit.

-Tanner

Re: Driver station coding and other
 

Oh really?

I believe this would be the same wireless that YOUR robot is operating on. Any attempts to interfere with it during one of your matches will not only knock out your bot, but it would be detected as a field fault and be a replayed match. Anyways, there is nothing interfering with the connection between the classmate and the FMS, so the auto-disable will be over-ridden by the field sending enable commands to the DS, re-activating the bot as soon as the connection is established again

First of all, un-GP

Second, most likely the FMS would catch it. The FTP connections to the cRIO would probably make it into the logs. Also, for anything to take effect a reboot is required, which I'm sure is noticed.

Re: Driver station coding and other
 

Well, well, well. :cool:

Re: Driver station coding and other
 

Assuming your goal was to give you an advantage, and not just wreck the event. OR you weren't just trying to ruin a different team's score. Also, you can often do targeted attacks this way since they are all on a different VLAN and use different keys. The re-sync with the FMS takes a while, which would put the bot out of service for up to minutes.

Very un-GP, however nefarious characters exist everywhere. You would think FTP connections to the cRIO would make the logs, however someone would have to be watching. AND your goal could be to attack for their NEXT match, so the reboot when they started next match would take effect.

Re: Driver station coding and other
 

If you really think that, you should have been around even a few years ago... things were much, much worse. The system in place today is easy to use and, quite simply, works. The average student can write and download code to the robot without running into any hassles, which was NOT true about the old IFI system (there were times with that system where i would be forced to bang my head for several hours just to get code to download... then do it all over again the following week!).

First off, if you really fear someone exploiting this, then you haven't fully grasped one of the core concepts of FIRST - Gracious Professionalism. Trying to do something like this is, quite simply, cheating, and if it happens (and when it gets caught) you can be sure FIRST would be pretty strict.

Second, FIRST puts into place sufficient safeguards to ensure nothing accidental happens to the robots while they're on the field. Your average person in the stands, playing around on their laptop, isn't going to "accidentally" get connected to the secure field system. They aren't going to be able to "accidentally" do anything to the robots through the network. It would take a dedicated, intentional, and somewhat lengthy (at least 30 minutes if they're an expert, probably more like 2-10 hours for a good comp sci-focused student) process to be able to seriously negatively affect the robots.

Welcome to the real world. Out here, a vast majority of work is done on Windows. In fact, where i work we have to do everything on Windows except for the actual deployment, which goes to some AIX boxes. As for not using IDEs and only makefiles... you really don't know what you're missing out on. makefiles are handy, I use them all the time... but you really do need an IDE once your project gets past a certain size. Imagine trying to work on a project with several thousand files and millions of lines of code... you aren't going to do that with VI. Get used to IDEs now, learn how to use them effectively. They provide shortcuts that will make you a better programmer.

Again, you should have seen what we had before. The library we have today works. It's not perfect, it may be missing a few things, but it's a heck of a lot better than what we had with IFI. Most importantly, it can be picked up by anyone. Someone with no code experience can pick it up, read a little documentation, and have a driving robot very quickly. You couldn't do that before.


All that said, if you don't like the current state of things, you have two options. You can sit here and complain about it, hoping that someone fixes it for you, or you can go out there and fix it yourself.

You want to be able to code, compile, and download on linux? Make it happen! start up the project, get the basic outline, and get it up on sourceforge. Post here about your efforts, and you'll find people willing to help. Before long, you'll have something working. It may remain as a community supported project for the rest of time, or FIRST/WPI/NI may pick it up and integrate it into their offerings, but either way you will have had a material impact on the program.

You think the security FIRST has for its network on the field isn't sufficient? Do the research, create a well-written white paper on robot security, and make some suggestions for improvements. Work with your own robot to implement some of these suggestions. Create youtube videos demonstrating the exploit and how your suggestions make it impossible.

In short, be productive about this. Its clear you're passionate about the subject. Use that passion to improve things for everyone, instead of sitting behind a keyboard whining about what FIRST should do for you. I can promise you - if you take some of these "problems" your posting about here and lead efforts to fix them, you'll be better for it. It will change the way you look at problems in the future. It will give you something great to talk about when interviewing for college or jobs.

Re: Driver station coding and other
 

There's a lot of people around here that will disagree with you on this statement, including me. The IFI system is alive and well in the VEX world (the VEX microcontroller is very similar to the IFI RC used by FRC in the past), and thousands of students all over the world use it successfully. So, I'd say that "the average student" is able to work with the IFI stuff just fine.
I do that every day at Motorola, along with hundreds or thousands of other engineers here. I've worked with several different groups here, and all the products I've worked on have been built from a command line with make (and they've all had 1000s of files and millions of lines of code). Makefiles are very stable - we can build code that's 20 years old here without issue. If we did everything in an IDE, we'd have very little chance of being able to build our current projects 20 years in the future, when whatever IDE of choice today is long gone. Makefiles also make it easy to parallelize builds, which is important if it takes 6-8 hours to compile your code. Oh, and I do indeed do all my coding here with Vim, as do many others.

Re: Driver station coding and other
 

This is absolutely true -- the limiting factor is the development environments in use, not the WPI library.

With respect to Java development using NetBeans, I believe that after the initial imaging of the cRIO, you would be able to use NetBeans on a Linux machine to write your robot code without any troubles.

With respect to C++ development using Wind River Workbench, I believe that after the initial cRIO imaging, you could use Wind River Workbench for Linux (see http://www.windriver.com/products/pr...PO_WB_0109.pdf ) without any troubles. The only issue here is that you would need your own license for Wind River Workbench, as the one that is provided for FIRST is only for Windows development systems.

I confess to not knowing what options exist for running LabView on Linux hosts.

Re: Driver station coding and other
 

LabVIEW for linux and Mac target local execution. For FRC, they will work for editing VIs, but the RT cross-targetting was dropped several releases back.

A quick comment on makefiles and IDEs -- don't be afraid of either one. Good IDEs are great at organizing workflow and integrating different tools into a somewhat cohesive experience. Bad or mediocre IDEs are a waste of launch time.

Make and other script oriented build environments are still with us, and in fact at least a few of the NI internal VxWorks developers choose to work from command line and text editor. If you poke around a bit, I suspect you can do FRC without the IDE.

Internally, LV development has been multi-platform for over twenty years. One of the cool things about that is exposure to many different development tools. We've always had at least one IDE and at least one non-IDE platform. It ebbs and flows.

Greg McKaskle