U.S. military wants white-hat hackers to target its cyber security systems

‘Hack the Air Force’ invites vetted attackers to test its public Web sites

The U.S. military, which continues its interest in bug bounty programs as a way to improve cybersecurity, is launching a new contest next month.

Called “Hack the Air Force,” the new program will put certain of the branch’s Web sites up as targets for a set of international hackers who have been vetted by HackerOne, which is running the program.

The new contest follows on the Hack the Pentagon program last year that netted 138 vulnerabilities, and Hack the Army, which netted 118.

The new contest is open to researchers from the U.S., Canada, the U.K., Australia and New Zealand who have been vetted by HackerOne. The countries make up the Five Eyes intelligence alliance that monitors communications worldwide. Registration starts May 15.

“We have malicious hackers trying to get into our systems every day,” says Air Force Chief Information Security Officer Peter Kim. “It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture.”

In addition to these programs, the Department of Defense may launch another program that targets not Web sites but DoD infrastructure such as sensors in heating systems, according to Nextgov. This physical infrastructure can be exposed to the internet, which leaves it open to possible attacks.

The possibility of a bounty program against these systems was raised this week by Daryl Haegley, who is the program manager for the Office of the Assistant Secretary of Defense for Energy, Installations and Environment.

He says he is trying to get senior officials to buy into such a plan, Nextgov says.

Visits to 15 military sites found that 75% of devices in control systems run unsupported operating systems including Windows XP, Windows 98 and Windows 95, the report says.

The Hack the Pentagon program paid out a total of $75,000 to researchers who discovered vulnerabilities, with the individual prizes ranging from $1 to $15,000.

HackerOne hasn’t announced what the prize range is for Hack the Air Force.

Linux Big Bang:One Kernel, Countless Distros

Even if you're a newcomer to Linux, you've probably figured out that it is not a single, monolithic operating system, but a constellation of projects. The different "stars" in this constellation take the form of "distributions," or "distros." Each offers its own take on the Linux model.

To gain an appreciation of the plethora of options offered by the range of distributions, it helps to understand how Linux started out and subsequently proliferated. With that in mind, here's a brief introduction to Linux's history.

Linus Torvalds, Kernel Builder

Most people with any familiarity with Linux have heard of its creator, Linus Torvalds (pictured above), but not many know why he created it in the first place. In 1991, Torvalds was a university student in Finland studying computers. As an independent personal project, he wanted to create a Unix-like kernel to build a system for his unique hardware.

The "kernel" is the part of an operating system that mediates between the hardware, via its firmware, and the OS. Essentially, it is the heart of the system. Developing a kernel is no small feat, but Torvalds was eager for the challenge and found he had a rare knack for it.

As he was new to kernels, he wanted input from others to ensure he was on the right track, so he solicited the experience of veteran tinkerers on Usenet, the foremost among early Internet forums, by publishing the code for his kernel. Contributions flooded in.

After establishing a process for reviewing forum-submitted patches and selectively integrating them, Torvalds realized he had amassed an informal development team. It quickly became a somewhat formal development team once the project took off.

HunterMaclean forum tackles cybersecurity issues

“Our goal today is not to scare you,” HunterMaclean partner Diana McKenzie told the group of 150 invited business and community leaders gathered in Savannah Technical College’s Eckburg Auditorium Thursday for the Savannah law firm’s 2017 Critical Issues Forum on cybersecurity.

But after throwing out a few statistics, McKenzie clearly had the audience’s rapt attention.

“Cybersecurity is an $80 billion industry,” McKenzie said, adding that the average cost of a data breach is currently estimated at around $4 million, according to a study by the Ponemon Institute in Michigan, the industry’s gold-standard research firm.

“Our goal this morning is to give you some practical ideas on what you can do to make your organization, regardless of its size, more immune to cybersecurity threats,” she said.

Panelists for the discussion were James Ainslie, chief executive officer of Cape Augusta Digital Properties, a wholesale data development company; Kevin Mooney, senior director of enterprise data governance at the Cleveland Clinic Foundation, the country’s second-largest hospital system; and Sheryl Bunton, chief information officer for Savannah-based Gulfstream Aerospace.

Asked what they saw as the current challenges in data protection, each panelist had a different take, based on their own perspectives.

Bunton talked about breaches that make more sophisticated tools available to hackers.

“We all know about the CIA breach,” she said. “But what we don’t think about is how that breach has put some pretty high-tech monitoring tools that were used by the CIA out there on the dark web for purchase.

“You used to have to build your own, but now young or small-time hackers with limited skills can go out and buy software that will execute maliciously against whomever they want to attack,” she said.

Ainslie agreed, adding that a major concern for him was the lack of human capital to mitigate cybersecurity threats.

More people needed

“As the bar is lowered on skills needed to hack, one of the biggest issues in the industry is that we don’t have enough people to address the growing threat,” he said.

Mooney said there are several concerns specific to the health care arena, including ransomware and hacked medical devices.

“Ransomware has really shone a light some glaring deficiencies in health care security,” he said. “There are certain hospital systems, for example, that actually still don’t back up their systems.

“When one of these systems is attacked by ransomware, they are going to get shut down and critical care is not going to happen,” he said. “This becomes a very dangerous thing.”

Medical devices – items such as pacemakers, insulin pumps and the like - have the potential to become security nightmares, as there are literally millions of such devices out there with connectivity and the ability to communicate,” Mooney said, adding that studies show as many as 70 percent of these devices don’t encrypt their communications.

“That makes them easy pickings.”

So, what can companies do to combat data breaches?

“The first thing we need to do is change the culture with a broad corporate education program,” Ainslie said. “We all know what cybersecurity is, but we can’t see it in the same way we see a physical security breach and so we tend to ignore it.”

Mooney agreed.

“Everyone who touches data should be trained,” he said. “We need cyberdefenders at every level of the organization and that means proactive training on the front end and building out a comprehensive response plan, because breaches are not a matter of ‘if’ but ‘when.’

“Finally, when a breach does occur, you need to take those lessons learned and implement them into the next training module.”

Tips for small and medium-sized firms

You don’t have to be a big corporation to protect yourself from a cyberattack, Bunton said, adding that there are a lot of small, low-cost practices that will help keep data more secure.

“Even the smallest companies need to practice what I call good IT hygiene,” she said.

“Replace your equipment. Don’t wait until it is so end-of-life that there is no patching available.

“If you buy your routers and other network equipment from a Best Buy or other big retailer, don’t use the default password that it came with. Change your password.

“Have your people change their passwords on a regular basis and make sure those passwords are complex. One of the things we find is that people tend to go to the familiar when creating passwords.

“Don’t use your children’s names and/or birth dates, don’t use a known address or your phone number,” she said.

“A good password would be a short sentence with some numbers, using the number 2 for ‘to’ or 4 for ‘for.’

“The other thing is to make sure everyone who works for you practices good email protocol,” she said. “More than 80 percent of large-scale email breaches start with a single employee clicking on a payload from a single email.”

Bunton recalled that a large former employer had an active, persistent threat that her department traced back to an HR employee in Minnesota who had clicked on a $10 off coupon for Papa John’s Pizza.

“Trust me, it wasn’t a coupon for pizza,” she said.

For issues like that, having some sort of filter in place can help, but the most important thing is to concentrate on educating employees on managing their email, she said.

“If it seems too good to be true, it almost always is,” she said.

Ethical Hacking Emerges as Unique Career Path in Cybersecurity

companies, now more than ever, are seeking qualified cybersecurity professionals to keep pace with the growing number of cyberattacks. Today, corporations and organizations across all sectors face millions of attacks each day, which cost more than $1 billion in losses annually. While the biggest names often dominate the headlines, trends have shown that small businesses are in fact the fastest-growing targets of hackers. Despite this rise in breaches, most companies lack the cybersecurity software and trained professionals to keep their networks and data safe.

Unfortunately, the need for cybersecurity professionals in today’s job landscape exceeds the number of qualified individuals. According to an ISACA survey, 37 percent of companies say fewer than one in four candidates for information security positions possess the necessary qualifications. Furthermore, only 59 percent of companies receive at least five applicants per job opening.

White Hat Hackers

As businesses seek to protect themselves against the ever-evolving threats of the internet, a career path has emerged in the form of certified ethical hackers, also known as “white hat” hackers. These individuals are professionals trained to

Kali Linux

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.

Development

Kali Linux is preinstalled with over 300 penetration-testing programs, including Armitage (a graphical cyber attack management tool), nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper password cracker, Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners. Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Knoppix. The third core developer Raphaël Hertzog joined them as Debian expert.

Kali Linux is based on Debian Testing. Most packages Kali uses are imported from the Debian repositories.

Kali Linux is developed using a secure environment with only a small number of trusted people that are allowed to commit packages, with each package being signed by the developer. Kali also has a custom-built kernel that is patched for injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Supported platforms

Kali Linux is distributed in 32-bit and 64-bit images for use on hosts based on the x86 instruction set and as an image for the ARM architecture for use on the BeagleBoard computer and on Samsung's ARM Chromebook.

The developers of Kali Linux aim to make Kali Linux available for ARM devices.

Kali Linux is already available for BeagleBone Black, HP Chromebook, CubieBoard 2, CuBox, CuBox-i, Raspberry Pi, EfikaMX, Odroid U2, Odroid XU, Odroid XU3, Samsung Chromebook, Utilite Pro, Galaxy Note 10.1, and SS808.

With the arrival of Kali NetHunter, Kali Linux is also officially available on smartphones such as the Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, OnePlus One, and some Samsung Galaxy models.

Features

Kali Linux has a dedicated project set aside for compatibility and porting to specific Android devices, called Kali Linux NetHunter.

It is the first Open Source Android penetration testing platform for Nexus devices, created as a joint effort between the Kali community member “BinkyBear” and Offensive Security. It supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as Bad USB MITM attacks.

BackTrack (Kali's predecessor) contained a mode known as forensic mode, which was carried over to Kali via live boot. This mode is very popular for many reasons, partly because many Kali users already have a bootable Kali USB drive or CD, and this option makes it easy to apply Kali to a forensic job. When booted in forensic mode, the system doesn't touch the internal hard drive or swap space and auto mounting is disabled. However, the developers recommend that users test these features extensively before using Kali for real world forensics.

Tools

Kali Linux includes many well known security tools, including:

• Nmap
• Aircrack-ng
• Kismet
• Wireshark
• Metasploit Framework
• Burp suite
• John the Ripper
• Social Engineering Toolkit
• Maltego
• Ettercap
• OWASP ZAP
• IJURED MAP

Download Kali linux:Click here

Official Site:Kali Linux

'Relay Hack' Lets Thieves Steal Cars Using $22 of Electronics

Chinese security researchers demonstrated a way to gain access to a car using cheap electronics.

New cars feature more integrated software than ever, and with that software comes security vulnerabilities. As a recent security issue with Hyundai's Blue Link app demonstrates, telematics and other connected systems aren't immune to tampering. That could potentially make life easier for car thieves. Researchers from Chinese security firm Qihoo 360 recently demonstrated a technique called a "relay hack" that can be used to break into cars using a pair of transceivers cobbled together for just $22, according to Wired.

Those cheap transceivers were used to extend the range of a car's key fob by up to 1,000 feet. This tricks the car's onboard sensors into thinking the key fob is close buy, allowing hackers to unlock the doors. This presumably only works on newer cars with keyless entry, which automatically unlocks doors without the driver having to actually press a key fob button.

The relay hack also requires one thief to be close to the actual key fob, wherever it is. The transceivers pick up the signal from that fob and extend the range so that the car can be unlocked even if the driver isn't nearby. Such an attack could be used on a person shopping in a store or working in an office, with a car parked outside, Qihoo researcher Jun Li told Wired.

The researchers tested their hack on a Chinese-market BYD Qin and Chevrolet Captiva. However, the keyless-entry systems for those cars are manufactured by Dutch firm NXP, which also supplies systems to cars sold in the U.S.

Hijacking key fob signals isn't unheard of. Last year, researchers at Germany's ADAC demonstrated a similar hack on 24 vehicles using what they said was $225 worth of equipment, while a security flaw uncovered by German engineering firm Kasper & Oswald enabled thieves to clone key fobs for virtually every Volkswagen Group car made since 1995.

While these types of hacks are a serious issue, they're not quite as sinister as the popular image of car hacking, fueled by a 2015 demonstration in which security researchers took control of a Jeep Cherokee using a laptop. The relay hack allows third parties to gain access to a car, but it does not allow them to gain control of one while someone else is driving.

The open world of automation

In recent years, automation technology has undergone rapid change. Examples of this include the Internet of Things (IoT), Industry 4.0 or the constantly growing threat posed by unauthorised access attempts and malware. What does all this mean for manufacturers and users? And what opportunities could arise from such technological developments? The new PLCnext Technology for the up-and-coming controllers from Phoenix Contact provides practical answers.

Like its customers, Phoenix Contact as a traditional manufacturer and a driving force for innovation in automation technology is constantly trying to determine which future trends are really relevant and which solutions the current and future market will expect. It is important to identify the individual aspects of new technological trends and to then determine their impact on the daily work of developers and the needs of users. 

In order to identify the key characteristics of a modern control architecture, the specialists at Phoenix Contact have examined the requirements of both long-term users and sales partners. One thing that these target groups are concerned about is how they can bring solutions to market faster than their competitors. They also want to be able to offer an ever-increasing number of product versions with minimal effort and to meet the IT security needs of as many different applications as possible. Can the challenges of the forward-looking Industry 4.0 project be met? In any case, the relevant approaches will contribute to successful business operations. 

Hardware-independent platform 

In order to meet these requirements, PLCnext Technology will be redeveloped from scratch. For all of these activities, the focus is on users. It became clear at an early stage that openness and consistency were important features. Through the use of Linux as the operating system, PLCnext Technology can use a standard basis on virtually all hardware architectures. Linux is not only absolutely real-time capable, it also offers Phoenix Contact - and therefore its customers - quick participation in the latest developments of the Linux community. However, it is only one operating system and so does not yet meet the needs of all existing and future challenges.

With PLCnext Technology, Phoenix Contact is now offering a hardware-independent platform which uses Linux and makes it easy to benefit from the advantages of this system. At the same time it offers all the stability and functions expected of a modern control concept. Unlike other solutions, with PLCnext Technology the developer no longer has to worry about which PLC will actually later be used. At the end of the project, the developer simply selects a controller with PLCnext Technology in the relevant performance class. This means that the application can be scaled flexibly and complete solutions can be reassembled repeatedly .

Any language

The basis of PLCnext Technology is an intelligent layer between the application program and operating system, which all system components use to exchange data synchronously and in real time, and which also provides easy access to system services such as Ethernet sockets. Due to their open interfaces, the user can use the intermediate layer to integrate and install their own programs (Apps) without problems and to communicate with all other system components and the operating system. This is true regardless of whether the programs are created conventionally in IEC 61131-3, in high-level language – such as C# or C/C++ - or via Matlab Simulink. The developer decides on the most suitable software tool for the relevant application or can even combine various tools. While an IEC 61131-3 programmer can use the new PC Worx Engineer software or generate and upload models directly in Matlab Simulink, a high-level language programmer can choose between Visual Studio and Eclipse. This means that every employee is developing in their preferred tool, which eliminates any costs for training in other programming tools.

So PLCnext Technology can be used to create all the specified programs. They can be executed both in cyclic and in event-based tasks. Multi-core systems are also supported. Stringent real-time requirements with minimal jitter can also be met. This means that developers can create solution modules and then freely reuse them, which leads to shorter development times and modular system concepts.

Supporting current and future transmission standards 

While the developer decides on the programming languages and the necessary tools, the controller must conform to the communication landscape and directives of the end customer or industry. It is, therefore, important for it to support key transmission standards and to be open for additional protocols. One relevant standard is OPC UA. Increasing numbers of industrial components exchange data flexibly and securely via this non-proprietary protocol and thus create intelligent and networked systems. PLCnext Technology therefore features an integrated OPC UA server as standard. In this context, the connection of all components to the intermediate layer is a particular advantage. In conjunction with integrated synchronous data loggers and the OPC UA server, a comprehensive data acquisition and signaling solution can be created in a few minutes without any programming.

In addition, PLCnext Technology works with proven PROFICLOUD services and also supports the integration of proprietary cloud solutions. This represents a step toward preventive diagnostics and IoT. Conventional fieldbus systems – such as PROFIBUS, CAN, Modbus/RTU, and INTERBUS – as well as real-time Ethernet standards –  such as PROFINET and Modbus/TCP – are, of course, also supported. PLCnext Technology is therefore consistently designed for the later integration of additional protocols so that users can respond flexibly to future developments. 

Programming software bundles

The success of a project will depend not only on the controller and its basic technology, but also on its optimal integration into development tools. While developing PLCnext Technology, the team at Phoenix Contact in addition to providing the best possible engineering support has concentrated on ensuring that the developer can use their own methods when necessary. As a result, all PLCnext Technology components are modular, and all important parts can be configured. This ensures that the user has full control of the system.

Thanks to the bundling of all functions, in most cases the new PC Worx Engineer software can be used for programming and configuration of the PLC. Its interface also focuses on the user and is therefore consistently designed for user-friendly operation. In addition to IEC 61131-3 programming, all functions – such as web visualisation, functional safety, and the modularity of PLCnext Technology – are included in this tool. Due to the central configuration, data can be shared for example with synchronous data loggers, the OPC UA server or the web visualisation with just a few clicks of the mouse. PC Worx Engineer also has integrated safety functions so that safety controllers can also be programmed directly. 

Access security 

Now and in future, industry-specific requirements for IT security should be added to the existing functions. Network security and remote maintenance are undoubtedly important, but there is more to IT security than this. Demands on modern systems include integrity, availability, and above all the confidentiality of all data. This is only possible with a deep integration of different mechanisms and procedures on all levels of PLCnext Technology, as well as the PC Worx Engineer development environment.

PLCnext Technology therefore offers security by design, so that security aspects can be implemented according to IEC 62443. IT security is, therefore, no longer an obstacle, but is the key to new project ideas based on PLCnext Technology.

With PLCnext Technology, Phoenix Contact meets the needs of developers and users in a simple manner. This makes it possible to shorten development times, minimise costs, and enables the people involved to focus on the project and their core tasks. 

Snapdragon processors for embedded systems

Fig 1

Since its establishment in 1985, Qualcomm has been involved in the mobile communications market, although its Qualcomm Technologies arm has made forays into other areas, such as MEMs based displays and wireless vehicle charging.

Numbering base stations and mobile phone manufacturing amongst its earlier activities, the company narrowed its focus to the design of mobile phone processors. In particular, Qualcomm is known for the Snapdragon range of SoCs, some featuring CPUs designed by the company under the terms of an architectural license from ARM. But two recent announcements have signalled something of a change in the company’s outlook. One, the launch of the Centriq 2400, brings data centres within its target markets. The other was the announcement in September 2016 that its Snapdragon 410E and 600E processors would be available through distribution. The E in the product names is significant; both devices are aimed at the embedded systems market.

Leon Farasati, director of product management for Qualcomm’s embedded business, said: “Qualcomm is traditionally a mobile company, but we started to see demand for Snapdragon devices from the embedded world. What we realised was that our business model didn’t work for the embedded market.”

The issue was that the mobile market comprises a ‘handful’ of OEMs, according to Farasati, who buy chips in huge volumes. It’s the reverse for the embedded market. Farasati continued: “There are many potential customers who will buy in low volumes. It’s taken us a while to sort things out.”

The introduction of the Snapdragon 600E and 410E processors, along with global availability through distribution is said by Qualcomm to address the needs of ‘highly fragmented consumer, enterprise and industrial categories’. The Snapdragon embedded portfolio includes development boards, commercial ready modules and discrete processors for board level designs.

The two processors selected for embedded applications have both been available to the mobile market for a couple of years. “But their feature sets are right for the embedded market,” Farasati noted, “as is their performance and price.”

One of the changes which Qualcomm has had to make is to do with product availability. In the rapidly changing mobile communications world, long term availability isn’t an issue; but it is for embedded systems. “We have committed to making the 410E and 600E available for 10 years,” Farasati asserted. “And we also needed to make them available via distribution.” That latter point has been covered through an agreement with Arrow Electronics.

Last September, Raj Talluri, senior vice president, product management, with Qualcomm Technologies, said: “Snapdragon is a powerful and versatile processor with many potential applications in a variety of IoT applications. We can now offer this technology to a much wider range of customers with the additional benefit of long-term support and availability.”

According to David West, Arrow Electronics’ senior vice president: “Arrow looks forward to offering Qualcomm’s Snapdragon processors and complementing them with the full range of parts and engineering services we can offer to help customers through to commercialisation.”

The 410E and 600E are targeted at a wide range of applications, all under the general heading of IoT. But Qualcomm notes that potential markets include digital signage, medical imaging, point of sale systems and industrial robotics.

Justifying its move, Qualcomm noted ‘these embedded processors offer device manufacturers, solution providers and system integrators tremendous options for speeding commercialisation through a variety of off-the-shelf and custom modules, as well as the freedom for a chip on board design’.

The Snapdragon 600E , built around Qualcomm’s 1.5GHz quad core Krait 300 CPU, is said to be suitable for building advanced systems. Immersive 3D graphics are available via the Adreno 320 GPU and Qualcomm’s Hexagon DSP. Connectivity is provided through integrated Bluetooth 4.0 Low Energy, Bluetooth 3.x, IEEE802.11a/b/g/n/ac and GPS. It also comes with SATA, SD3.0, DDR memory, eMMC storage, HDMI, LVDS, HSIC, and PCIe interfaces.

Meanwhile, the Snapdragon 410E boasts a quad core Cortex-A53 processor, blending high performance with low power consumption. Multimedia is supported by the Adreno 306 GPU and Hexagon DSP, while connectivity options include Bluetooth 4.1, Bluetooth Low Energy, IEEE802.11b/g/n and GPS. This, Qualcomm contends, suits the processor to smart home, medical equipment and industrial automation applications, amongst others.

Farasati added: “The Hexagon DSP is full time processor and one of the things we’ve been looking at is having a real time OS running on the DSP and maybe on Snapdragon itself.”

One other big change addressed by Qualcomm is the operating system. “It’s Android in the mobile market,” Farasati noted, “but it’s Linux in the embedded world. So Qualcomm has become a member of the Linaro organisation. And because we need a strong ecosystem, we have created a community.”

Another issue differentiating the mobile and embedded worlds is packaging. “We needed a different package,” Farasati admitted. “We had to change the package to something which could be guaranteed to have a 10 year lifetime.”

Where the 600E is supplied in a 23 x 23mm BGA, with 784 balls at a pitch of 0.8mm, the 410E comes in Qualcomm’s nanoscale package – or NSP – measuring 14 x 12mm, with 760 balls spaced at 0.4mm.

While Qualcomm has started with two parts, Farasati said there will be more added. “But, before we do bring out more E parts,” he noted, “we will need to have everything in place.”

There is also the continuing issue of availability. Although Arrow was named as the first distributor for Qualcomm’s embedded processors, it said that a global distribution network would be established.

THE BEST PLACES TO LEARN TO CODE FOR FREE

If you’re brand new to the world of coding and web development, it makes sense to start by teaching yourself using all the free resources online.

That way, you can discover what you like and don’t like before investing money into a certain coding language or set of courses.

However, there are so many free resources and classes and books to choose from. Here are some of the best.

To make things easier, I broke them down based on topic. Use the table of contents below to jump around.

 Codecademy

Codecademy is where most people who are new to coding get their start. If you haven’t been to the site yet…where have you been!? The platform revolves around interactive learning; that is, you read a little, type you code right into the browser, and see results immediately.

Codewars

Codewars offers a fun way to learn coding. With a martial-arts theme, the program is based on challenges called “kata.” Complete them to earn honor and progress to higher ranks.

 Coursera

Large online course library, where classes are taught by real university professors. All courses are free of charge, but you have the option to pay for a “Coursera Verified Certificate” to prove course completion. These cost between $30 and $100 depending on the course.

 edX

An open-source higher education program governed by MIT and Harvard. Offers 107 courses under the “computer science” category, teaching various coding languages.

Free Code Camp

Teaches coding first through an established curriculum (approx. 800 hours total), then by giving you hands-on experience working on projects for nonprofits.

GA Dash

General Assembly’s free online learning platform. Entirely project-based. You build a “project” with each walk-through.

They are one of the very few options that have a course on how to build a Tumblr theme from scratch

 Khan Academy

Tons of subjects (as their front page says, “You can learn anything”), including many on computer programming. A few courses are offered for younger kids, too.

MIT OpenCourseware

Competition to get into MIT may be stiff, but accessing their course material has no minimum SAT score. They maintain an online library of every subject they teach, with no account required for access.

The Odin Project

Made by the creators of Viking Code School—a premiere online coding bootcamp. The Odin Project is their free version. Check in for support from other students using the online chat group!

Udacity

Offers individual courses, as well as “nanodegrees” that train you for specific careers like front-end web developer or data analyst. Course materials are free, but nanodegrees require a tuition fee.

Udemy

Paid and free courses. Courses can be created by anyone, so make sure to read reviews. Coupons can also be easily found, too. Check out their development courses here.

The Code Player

A compilation of video tutorials to help you walk through a process from start to finish. Good for learning “smaller” projects/tasks one at a time.

Atmel AVR

AVR is a family of microcontrollers developed by Atmel beginning in 1996. These are modified Harvard architecture 8-bit RISC single-chip microcontrollers. AVR was one of the first microcontroller families to use on-chip flash memory for program storage, as opposed to one-time programmable ROM, EPROM, or EEPROM used by other microcontrollers at the time.

AVR microcontrollers find many applications as embedded systems; they are also used in the Arduino line of open source board designs.

history

The AVR architecture was conceived by two students at the Norwegian Institute of Technology (NTH), Alf-Egil Bogen and Vegard Wollan.

The original AVR MCU was developed at a local ASIC house in Trondheim, Norway, called Nordic VLSI at the time, now Nordic Semiconductor, where Bogen and Wollan were working as students. It was known as a μRISC (Micro RISC) and was available as silicon IP/building block from Nordic VLSI. When the technology was sold to Atmel from Nordic VLSI, the internal architecture was further developed by Bogen and Wollan at Atmel Norway, a subsidiary of Atmel. The designers worked closely with compiler writers at IAR Systems to ensure that the AVR instruction set provided efficient compilation of high-level languages.

Atmel says that the name AVR is not an acronym and does not stand for anything in particular. The creators of the AVR give no definitive answer as to what the term "AVR" stands for. However, it is commonly accepted that AVR stands for Alf and Vegard's RISC processor.Note that the use of "AVR" in this article generally refers to the 8-bit RISC line of Atmel AVR Microcontrollers.

Among the first of the AVR line was the AT90S8515, which in a 40-pin DIP package has the same pinout as an 8051 microcontroller, including the external multiplexed address and data bus. The polarity of the RESET line was opposite (8051's having an active-high RESET, while the AVR has an active-low RESET), but other than that the pinout was identical.

The AVR 8-bit microcontroller architecture was introduced in 1997. By 2003, Atmel had shipped 500 million AVR flash microcontrollers. The Arduino platform for simple electronics projects was released in 2005 and featured ATmega8 AVR microcontrollers.

Device overview

The AVR is a modified Harvard architecture machine, where program and data are stored in separate physical memory systems that appear in different address spaces, but having the ability to read data items from program memory using special instructions.

Basic families

• tinyAVR – the ATtiny series

• 0.5–16 KB program memory

• 6–32-pin package

• Limited peripheral set

• megaAVR – the ATmega series

• 4–256 KB program memory

• 28–100-pin package

• Extended instruction set (multiply instructions and instructions for handling larger program memories)

• Extensive peripheral set

• XMEGA – the ATxmega series

• 16–384 KB program memory

• 44–64–100-pin package (A4, A3, A1)

• 32-pin package: XMEGA-E (XMEGA8E5)

• Extended performance features, such as DMA, "Event System", and cryptography support

• Extensive peripheral set with ADCs

• Application-specific AVR

• megaAVRs with special features not found on the other members of the AVR family, such as LCD controller, USB controller, advanced PWM, CAN, etc.

• FPSLIC (AVR with FPGA)

• FPGA 5k to 40k gates

• SRAM for the AVR program code, unlike all other AVRs

• AVR core can run at up to 50 MHz

• 32-bit AVRs

In 2006, Atmel released microcontrollers based on the 32-bit AVR32 architecture. This is a completely different architecture unrelated to the 8-bit AVR, intended to compete with the ARM-based processors. It has a 32-bit data path, SIMD and DSP instructions, along with other audio- and video-processing features. The instruction set is similar to other RISC cores, but it is not compatible with the original AVR (nor any of the various ARM cores).

Device architecture

Flash, EEPROM, and SRAM are all integrated onto a single chip, removing the need for external memory in most applications. Some devices have a parallel external bus option to allow adding additional data memory or memory-mapped devices. Almost all devices (except the smallest TinyAVR chips) have serial interfaces, which can be used to connect larger serial EEPROMs or flash chips.

Program memory

Program instructions are stored in non-volatile flash memory. Although the MCUs are 8-bit, each instruction takes one or two 16-bit words.

The size of the program memory is usually indicated in the naming of the device itself (e.g., the ATmega64x line has 64 KB of flash, while the ATmega32x line has 32 KB).

There is no provision for off-chip program memory; all code executed by the AVR core must reside in the on-chip flash. However, this limitation does not apply to the AT94 FPSLIC AVR/FPGA chips.

Internal data memory

The data address space consists of the register file, I/O registers, and SRAM. Some small models also map the program ROM into the data address space, but larger models do not.

Internal registers

The AVRs have 32 single-byte registers and are classified as 8-bit RISC devices.

In the tinyAVR and megaAVR variants of the AVR architecture, the working registers are mapped in as the first 32 memory addresses (0000₁₆–001F₁₆), followed by 64 I/O registers (0020₁₆–005F₁₆). In devices with many peripherals, these registers are followed by 160 “extended I/O” registers, only accessible as memory-mapped I/O (0060₁₆–00FF₁₆).

Actual SRAM starts after these register sections, at address 0060₁₆ or, in devices with "extended I/O", at 0100₁₆.

Even though there are separate addressing schemes and optimized opcodes for accessing the register file and the first 64 I/O registers, all can also be addressed and manipulated as if they were in SRAM.

The very smallest of the tinyAVR variants use a reduced architecture with only 16 registers (r0 through r15 are omitted) which are not addressable as memory locations. I/O memory begins at address 0000₁₆, followed by SRAM. In addition, these devices have slight deviations from the standard AVR instruction set. Most notably, the direct load/store instructions (LDS/STS) have been reduced from 2 words (32 bits) to 1 word (16 bits), limiting the total direct addressable memory (the sum of both I/O and SRAM) to 128 bytes. Conversely, the indirect load instruction's (LD) 16-bit address space is expanded to also include non-volatile memory such as Flash and configuration bits; therefore, the LPM instruction is unnecessary and omitted.

In the XMEGA variant, the working register file is not mapped into the data address space; as such, it is not possible to treat any of the XMEGA's working registers as though they were SRAM. Instead, the I/O registers are mapped into the data address space starting at the very beginning of the address space. Additionally, the amount of data address space dedicated to I/O registers has grown substantially to 4096 bytes (0000₁₆–0FFF₁₆). As with previous generations, however, the fast I/O manipulation instructions can only reach the first 64 I/O register locations (the first 32 locations for bitwise instructions). Following the I/O registers, the XMEGA series sets aside a 4096 byte range of the data address space, which can be used optionally for mapping the internal EEPROM to the data address space (1000₁₆–1FFF₁₆). The actual SRAM is located after these ranges, starting at 2000₁₆.

GPIO ports

Each GPIO port on a tiny or mega AVR drives up to eight pins and is controlled by three 8-bit registers: DDRx, PORTx and PINx, where x is the port identifier.

• DDRx: Data Direction Register, configures the pins as either inputs or outputs.
• PORTx: Output port register. Sets the output value on pins configured as outputs. Enables or disables the pull-up resistor on pins configured as inputs.
• PINx: Input register, used to read an input signal. On some devices, this register can be used for pin toggling: writing a logic one to a PINx bit toggles the corresponding bit in PORTx, irrespective of the setting of the DDRx bit.

xmegaAVR have additional registers for push/pull, totem-pole and pullup configurations.

EEPROM

Almost all AVR microcontrollers have internal EEPROM for semi-permanent data storage. Like flash memory, EEPROM can maintain its contents when electrical power is removed.

In most variants of the AVR architecture, this internal EEPROM memory is not mapped into the MCU's addressable memory space. It can only be accessed the same way an external peripheral device is, using special pointer registers and read/write instructions, which makes EEPROM access much slower than other internal RAM.

However, some devices in the SecureAVR (AT90SC) family use a special EEPROM mapping to the data or program memory, depending on the configuration. The XMEGA family also allows the EEPROM to be mapped into the data address space.

Since the number of writes to EEPROM is limited – Atmel specifies 100,000 write cycles in their datasheets – a well designed EEPROM write routine should compare the contents of an EEPROM address with desired contents and only perform an actual write if the contents need to be changed.

Note that erase and write can be performed separately in many cases, byte-by-byte, which may also help prolong life when bits only need to be set to all 1s (erase) or selectively cleared to 0s (write).

Program execution

Atmel's AVRs have a two-stage, single-level pipeline design. This means the next machine instruction is fetched as the current one is executing. Most instructions take just one or two clock cycles, making AVRs relatively fast among eight-bit microcontrollers.

The AVR processors were designed with the efficient execution of compiled C code in mind and have several built-in pointers for the task.

Instruction set

The AVR instruction set is more orthogonal than those of most eight-bit microcontrollers, in particular the 8051 clones and PIC microcontrollers with which AVR competes today. However, it is not completely regular:

• Pointer registers X, Y, and Z have addressing capabilities that are different from each other.
• Register locations R0 to R15 have more limited addressing capabilities than register locations R16 to R31.
• I/O ports 0 to 31 can be bit addressed, unlike I/O ports 32 to 63.
• CLR affects flags, while SER does not, even though they are complementary instructions. CLR set all bits to zero, and SER sets them to one. (CLR is pseudo-op for EOR R, R; and SER is short for LDI R,$FF. Math operations such as EOR modify flags, while moves/loads/stores/branches such as LDI do not.)
• Accessing read-only data stored in the program memory (flash) requires special LPM instructions; the flash bus is otherwise reserved for instruction memory.

Additionally, some chip-specific differences affect code generation. Code pointers (including return addresses on the stack) are two bytes long on chips with up to 128 KB of flash memory, but three bytes long on larger chips; not all chips have hardware multipliers; chips with over 8 KB of flash have branch and call instructions with longer ranges; and so forth.

The mostly regular instruction set makes programming it using C (or even Ada) compilers fairly straightforward. GCC has included AVR support for quite some time, and that support is widely used. In fact, Atmel solicited input from major developers of compilers for small microcontrollers, to determine the instruction set features that were most useful in a compiler for high-level languages.

1. AVR tutorials
2. AVR Helpful Videos 
3. Atmel AVR Manual Pdf
4. ATmega 328 Datasheet
5. ATmega 8L Datasheet 
6. ATmega 16A Datasheet
7. Atmel-8271-8-bit-AVR-Microcontroller-ATmega48A-48PA-88A-88PA-168A-168PA-328-328P_datasheet
8. Atmel-2513-8-bit-AVR-Microntroller-ATmega162_Datasheet