The Caption CERN Contest has been going great guns thanks to the community of users over on Hackaday.io. The contest just finished up its seventh week of finding funny captions for images which CERN has in their archives. CERN has decades of great photo documentation of their projects. Unfortunately they don’t know which project each image goes with, or who exactly is in the image. We’re helping them out where we can, by letting CERN know any information we can find on their photos. We’re also having some fun along the way, by giving out a T-Shirt for the best caption each week.
Here are some of the best quotes from week 7
“Are Socks and Sandals acceptable safety equipment for the Demolition Pit? Yes, because these are Kelvar socks and Zylon sandals being testing. Quite uncomfortable, but these feet will survive a close proximity blast.” – [controlmypad]
“Check it out! One tube for each Ninja Turtle” – [OzQube]
“Before the LHC, hunting for the Higgs was much less glamorous.” – [Tachyon]
The winner of course is [Tim] with the featured image at the top of this article.
If [Tachyon] sounds familiar, that’s because he came up with the best caption back in week 6. Runners up for week 6 were:
“Damn Mario Brothers ….. ‘gotta save the princess’ How about watching where you’re going for once. – [Scott Galvin]
“Here at CERN, you don’t get shafted. You get tubed.” – [Rollyn01]
“Thank god the separator caught him. Another 50 meters, and he’d be nothing but quarks.” – [Curtis Carlsen]
Click past the break to check out this week’s image!
Some people just want to watch the world burn. Others want to spread peace, joy and mustaches. [Joe Grand] falls into the latter group this time around. His latest creation is Mustache Mayhem, a hack, video game, and art project all rolled into one. This is a bit of a change from deconstructing circuit boards or designing electronic badges, but not completely new for [Joe], who wrote SCSIcide and Ultra SCSIcide for the Atari 2600 back in the early 2000’s.
Mustache Mayhem is built into a Nintendo Virtual Boy housing. The Virtual Boy itself was broken, and unfortunately was beyond repair. [Joe] removed most of the stock electronics and added a BeagleBone Black, Logitech C920 webcam, an LCD screen and some custom electronics. He kept the original audio amplifier, speakers, and controller connector. Angstrom Linux boots into [Joe’s] software, which uses OpenCV to detect faces and overlay mustaches. Gameplay is simple: Point the console at one or more faces. If you see a mustache, press the A button on the controller! The more faces and mustaches on-screen at once, the more points, or “mojo” the player gets. The code is up on Github, and can be built with Xcode targeted to the Mac, or directly on the BeagleBone Black.
[Joe’s] goal for the project was to make a ridiculous game that looks like it could have come out in the 90’s. He also used Mustache Mayhem as a fun way to learn some new skills which will come in handy for more serious projects in the future.
We caught up with [Joe] for a quick interview about his new creation.
How did you come up with the idea for Mustache Mayhem?
I was selling a bunch of my video game collection at PRGE (Portland Retro Gaming Expo) a few years ago and had a broken Virtual Boy that no one bought. A friend of mine was at the table and said I had to do something with it. I thought “People wear cosplay and walk around at conventions, so what if I could do something with the Virtual Boy that you could walk around with?” That was the seed.
A few months later, Texas Instruments sent me the original production release of the BeagleBone Black (rev. A5A). Eighteen months after that I actually started the project. The catalyst was to do something for an upcoming Portland, OR art show (Byte Me 4.0), which is an annual event that shows off interactive technology-based artwork. I wrote up a little description and got accepted. I had less than 2 months to actually get things working and it ended up taking about a month of full-time work. It was much more work than I expected for such a silly project. I originally was going to do something along the lines of walking around in a Doom-like perspective and shooting people when their faces were detected.
That would be pretty darn cool. How did you get from Doom to Mustaches?
I saw a TI BeagleBoard demo called “boothstache” which drew mustaches on faces and tweeted the pictures. I thought that doing something non-violent with mustaches would be more suitable (and funny) to actually show my kids. I also secretly wanted to use this project as a way to experiment with Linux, write some code, and learn about face detection and image processing with OpenCV, which I plan to use for some actual computer security research in the future. Mustache Mayhem turned out to be a super cool project and I’m really happy with it. I sort of feel guilty spending so much time on it, since it’s basically just a one-off prototype, but I just got so obsessed with making it exactly as I wanted.
You mentioned on your website that Mustache was “designed to challenge the paradigms of personal privacy and entertainment.” What exactly did you mean there?
The technique is deceptively simple. Dynamic RAM is organized into a matrix of rows and columns. By performing fast reads on addresses in the same row, bits in adjacent rows can be flipped. In the example image to the left, fast reads on the purple row can cause bit flips in either of the yellow rows. The Project Zero team discovered an even more aggressive technique they call “double-sided hammering”. In this case, fast reads are performed on both yellow rows. The team found that double-sided hammering can cause more than 25 bits to flip in a single row on a particularly vulnerable computer.
Why does this happen? The answer lies within the internal structure of DRAM, and a bit of semiconductor physics. A DRAM memory bit is essentially a transistor and a capacitor. Data is stored by charging up the capacitor, which immediately begins to leak. DRAM must be refreshed before all the charge leaks away. Typically this refresh happens every 64ms. Higher density RAM chips have forced these capacitors to be closer together than ever before. So close in fact, that they can interact. Repeated reads of one row will cause the capacitors in adjacent rows to leak charge faster than normal. If enough charge leaks away before a refresh, the bit stored by that capacitor will flip.
Cache is not the answer
If you’re thinking that memory subsystems shouldn’t work this way due to cache, you’re right. Under normal circumstances, repeated data reads would be stored in the processor’s data cache and never touch RAM. Cache can be flushed though, which is exactly what the Project Zero team is doing. The X86 CLFLUSH opcode ensures that each read will go out to physical RAM.
Wanton bit flipping is all fine and good, but the Project Zero team’s goal was to use the technique as an exploit. To pull that off, they had to figure out which bits they were flipping, and flip them in such a way as to give elevated access to a user level process. The Project Zero team eventually came up with two working exploits. One works to escape Google’s Native Client (NaCL) sandbox. The other exploit works as a userspace program on x86-64 Linux boxes.
Native Client sandbox escape exploit
Google defines Native Client (NaCL) as ” a sandbox for running compiled C and C++ code in the browser efficiently and securely, independent of the user’s operating system.” It was designed specifically as a way to run code in the browser, without the risk of it escaping to the host system. Let that sink in for a moment. Now consider the fact that rowhammer is able to escape the walled garden and access physical memory. The exploit works by allocating 250MB of memory, and rowhammering on random addresses, and checking for bit flips. Once bit flips are detected, the real fun starts. The exploit hides unsafe instructions inside immediate arguments of “safe” institutions. In an example from the paper:
Viewed from memory address 0x20EA0, this is an absolute move of a 64 bit value to register rax. However, if we move off alignment and read the instruction from address 0x20EA02, now it’s a SYSCALL – (0F 05). The NaCL escape exploit does exactly this, running shell commands which were hidden inside instructions that appeared to be safe.
Linux kernel privilege escalation exploit
The Project Zero team used rowhammer to give a Linux process access to all of physical memory. The process is more complex than the NaCL exploit, but the basic idea revolves around page table entries (PTE). Since the underlying structure of Linux’s page table is well known, rowhammer can be used to modify the bits which are used to translate virtual to physical addresses. By carefully controlling which bits are flipped, the attacking process can relocate its own pages anywhere in RAM. The team used this technique to redirect /bin/ping to their own shell code. Since Ping normally runs with superuser privileges, the shell code can do anything it wants.
Rowhammer is a nasty vulnerability, but the sky isn’t falling just yet. Google has already patched NaCL by removing access to the CLFLUSH opcode, so NaCL is safe from any currently known rowhammer attacks. Project Zero didn’t run an exhaustive test to find out which computer and RAM manufacturers are vulnerable to rowhammer. In fact, they were only able to flip bits on laptops. The desktop machines they tried used ECC RAM, which may have corrected the bit flips as they happened. ECC RAM will help, but doesn’t guarantee protection from rowhammer – especially when multiple bit flips occur. The best protection is a new machine – New RAM technologies include mitigation techniques. The LPDDR4 standard includes “Targeted Row Refresh” (TRR) and “Maximum Activate Count” (MAC), both methods to avoid rowhammer vulnerability. That’s a good excuse to buy a new laptop if we ever heard one!
Hackaday contributor and new homeowner [James Hobson] had a dilemma on his hands. He had rented a commercial drum sander to begin a floor refinishing project. Like many before him, James was a bit too aggressive with the drum sander in places. The uneven stripes didn’t show up until the sander was returned and the floor was stained. Renting the sander again would be an expensive prospect. There had to be a better answer…
That’s when [James] put on his [Hacksmith] cape and got to work. He built himself a DIY floor sander (YouTube Link) using four Ryobi orbital sanders, some scrap wood, and a bit of ingenuity. [James] screwed the four sanders to a plywood sub plate, then added a top plate with a handle. He even gave the sander its own outlet strip so he wouldn’t be dragging four power cords behind him.
[James] found that synthetic steel wool pads weren’t cutting through the floor very well, so he upgraded to 220 grit sandpaper. That did the trick, and the sander worked great. Now he won’t have to rent a drum sander when it comes time to refinish the first floor of his new house!
Guy #1 “Pay close attention: If anything goes wrong, press this BIG RED BUTTON. Then count to ten.”
Guy #2″ What does it do?”
Guy #1 “Absolutely nothing… it just gives you something to do while you’re dying a horrible, painful death.” – [Lorin Briand]
“We’ve miniaturized the mainframe – only 21,480 tubes!.” – [Tim]
“Watch my finger…now, you are getting very sleepy…fund this project…sleeeeepy…” – [Erik Ratcliffe]
The winner this week is [johnowhitaker] with the following caption:
‘Any moment now…’ An elderly visitor waits skeptically for the ‘funny tingling’ experienced by anyone within 3m of the machine as it runs a specific program.
CERN scientists and engineers often find themselves in interesting positions. However, we’re not sure if this CERN staffer ever expected to be quite where he is now!
The only hard information we have to go on is the album this title of the image: “SEPARATEURS ELECTRO STATICS MONTAGE DES ELECTRODES”. Our French isn’t as good as our C++ or x86 assembly, but that sounds like electrostatic separators. Which separators, on which beamline, and in what decade? Your guess is as good as our’s, or CERN’s for that matter.
Add your humorous caption as a comment to this project log. Make sure you’re commenting on the project log, not on the project itself. As always, if you actually have information about the image or the people in it, let the folks at CERN know on the original image discussion page.
If you really want to see what’s happening at CERN, enter The Hackaday Prize! You could win a trip to Geneva, Switzerland to visit CERN yourself (not to mention a trip to space)!
Nothing quite beats the warm glow of a tube. What better way to enjoy that glow than to use it to read numbers? Nixie tubes were created by Haydu Brothers Laboratories, and popularized by Burroughs Corp in 1955. The name comes from NIX I – or “Numeric Indicator eXperimental No. 1″. By the mid 1970’s, seven segment LED’s were becoming popular and low-cost alternatives to Nixies, but they didn’t have the same appeal. Nixie tubes were manufactured all the way into the 1990’s. There’s just something about that tube glow that hackers, makers, and humans in general love. This week’s Hacklet highlights the best Nixie (and Nixie inspired) projects on Hackaday.io!
We start with [Sascha Grant] and Nixie Temperature Display. [Sascha] mixed an Arduino, a Dallas DS18B20 Temperature sensor, and three IN-12A Nixie tubes to create a simple three digit temperature display. We really love the understated laser-cut black acrylic case. An Arduino Pro Micro reads the Dallas 1-wire sensor and converts the temperature to BCD. High voltage duties are handled by a modular HV power supply which bumps 9V up to the required 170V. Controlling the Nixie tubes themselves are the classic K155ID1 BCD to decimal converter chips – a favorite for clock builders.
Next up is [Christoph] with Reading Datasheets and Driving Nixie Tubes. Chips like the K155ID1, and the 74141 make driving Nixie tubes easy. They convert Binary Coded Decimal (BCD) to discrete outputs to drive the cathodes of the Nixie. More importantly, the output drivers of this chip are designed to handle the high voltages involved in driving Nixie tubes. These chips aren’t manufactured anymore though, and are becoming rare. [Christoph] used more common parts. His final drive transistor is a MPSA42 high voltage NPN unit. Driving the MPSA42’s is a 74HC595 style shift register. [Christoph] used a somewhat exotic Texas Instruments TPIC6B595 with FET outputs, but any shift register should work here. The project runs on a Stellaris Launchpad, so it should be Arduino compatible code.
[Davedarko] has the fixietube clock. Fixietube isn’t exactly a Nixie. It’s an LED based display inspired by Nixie tubes. Modern amber LEDs aren’t quite the same as classic Nixies, but they get pretty darn close. [Dave] designed a PCB with a 3×5 matrix of LEDs to display digits. A few blue LEDs add a bit of ambient light. The LEDs are driven with a 74HC595 shift register. The entire assembly mounts inside a tiny glass jam jar, giving it the effect of being a vacuum tube. The results speak for themselves – fixietubes certainly aren’t Nixies, but they look pretty darn good. Add a nice 3D printed case, and you’ve got a great project which is safe for anyone to build.
Finally, we have [Johnny.drazzi] with his Open Nixie Clock Display. [Johnny] has been working on Open Nixie for a few years. The goal is to create a Nixie based clock display which can be driven over the SPI bus. So far, [Johnny] has 6 Russian IN-12 tubes glowing with the help of the ubiquitous K155ID1 BCD to decimal converter. The colons of the clock are created with two INS-1 neon indicators. [Johnny] spends a lot of time analyzing the characteristics of a Nixie tube – including the strike voltage, and steady state current. If you’re interested in building a Nixie circuit yourself, his research is well worth a read!
Origami cranes are cool, but do you know what’s cooler? Origami cranes dancing to the beat. That’s the challenge [Basami Sentaku] took on when he created Dancing Paper (YouTube link). You might remember [Basami] from his 8 bit harmonica hack. In Dancing Paper, paper cranes seem to dance all on their own – even performing some crazy spinning moves. Of course, the “magic” is due to some carefully written code, and magnets, lots of magnets.
Using magnets to move objects from below isn’t a new concept. Many of us have seen the “ice skating pond” Christmas decoration which uses the same effect. Unlike the skating pond,Dancing Paper has moving parts (other than the cranes themselves). Under the plastic surface are a series of individually controlled electromagnets. Each of the supporting dancers has a line of four magnets, while the featured dancer in the center has a 5×5 matrix. The 41 electromagnets were wound around bolts with the help of a Tamiya motor and gearbox.
The actual dance moves are controlled by C code which appears to be running on an Atmel microcontroller. Of course a microcontroller wouldn’t be able to drive those big coils, so some beefy TO-220 case transistors were employed to switch the loads. The cranes themselves needed a bit of modification as well. Thin pieces of wire travel from the neodymium magnets on their feet up to the body of the crane. The wire provides just enough support to keep the paper from collapsing, while still being flexible enough to boogie down.
Click past the break to see Dancing Paper in action!