MRRF 17: Laser Resin Printers

The Midwest RepRap Festival is the best 3D printer con on the planet. In the middle of Indiana, you’ll find the latest advances for CNC hot glue guns and the processes that make squirting filament machines better, more accurate, and more efficient. There’s more to 3D printing than just filament-based machines, though, and for the last few MRRFs we’ve been taking a look at resin-based machines.

While most of the current crop of resin printers use either DLP projectors or LCDs and a big, bright backlight [Mark Peng]’s Moai printer uses a 150 mW laser diode and galvos. This is somewhat rare in the world of desktop 3D printers, thanks in no small part to the ugliness between Formlabs and 3D Systems. Still, it’s a printer that looks fantastic and produces prints that are far beyond what’s possible with a filament-based machine.

Continue reading “MRRF 17: Laser Resin Printers”

From XP to 10, DoubleAgent pwns all your Windows?

The Cybellum team published a new 0-day technique for injecting code and maintaining persistency on a target computer, baptized DoubleAgent. This technique uses a feature that all Windows versions since XP provide, that allows for an Application Verifier Provider DLL to be installed for any executable. The verifier-provider DLL is just a DLL that is loaded into the process and is supposedly responsible for performing run-time verifications for the application. However, its internal behaviour can be whatever an attacker wants, since he can provide the DLL himself.

Microsoft describes it as:

Application Verifier is a runtime verification tool for unmanaged code. Application Verifier assists developers in quickly finding subtle programming errors that can be extremely difficult to identify with normal application testing. Using Application Verifier in Visual Studio makes it easier to create reliable applications by identifying errors caused by heap corruption, incorrect handle and critical section usage. (…)

The code injection occurs extremely early during the victim’s process initialization, giving the attacker full control over the process and no way for the process to actually detect what’s going on. Once a DLL has been registered as a verifier provider DLL for a process, it would permanently be injected by the Windows Loader into the process every time the process starts, even after reboots, updates, reinstalls, or patches.

So it’s all over for Windows right? Well… no. The thing is, to register this DLL, the registered process has to have administrator rights so it can write the proper key to the Windows Registry. Without these permissions, there is no way for this attack to work. You know, the kind of permissions that allow you to install software for all users or format your own hard-drive. So, although this technique has its merit and can present challenges to processes that absolutely must maintain their integrity (such as the Cybellum team points out in the Anti-Virus software case), some other security flaw had to occur first so you can register this sort of ‘debugging DLL’.

If you already have administrator permissions you can do pretty much what you want, including DLL injection to fool anti-virus software. (Though it might be easy just to disable or remove it.)  This new tool has the advantage of being stealthy, but is a 0-day that requires root a 0-day?

[via The Hacker News]

NASA’s 2017-2018 Software Catalog is Out

Need some help sizing your beyond-low-Earth-orbit vehicle? Request NASA’s BLAST software. Need to forecast the weather on Venus? That would be Venus-GRAM (global reference atmospheric model). Or maybe you just want to play around with the NASA Tensegrity Robotics Toolkit. (We do!) Then it’s a good thing that part of NASA’s public mandate is making their software available. And the 2017-2018 Software Catalog (PDF) has just been released.

Unfortunately, not everything that NASA does is open source, and a substantial fraction of the software suites are only available for code “to be used on behalf of the U.S. Government”. But still, it’s very cool that NASA is opening up as much of their libraries as they are. Where else are you going to get access to orbital debris engineering models or cutting-edge fluid dynamics modelers and solvers, for free?

We already mentioned this in the Links column, but we think it’s worth repeating because we could use your help. The catalog is 154 pages long, and we haven’t quite finished leaf through every page. If you see anything awesome inside, let us know in the comments. Do any of you already use NASA’s open-source software?

Storing Data on a Single Atom

In the electronics industry, the march of time brings with it a reduction in size. Our electronic devices, while getting faster, better and cheaper, also tend to get smaller. One of the main reasons for this is the storage medium for binary data gets smaller and more efficient. Many can recall the EPROM, which is about the size of your thumb. Today we walk around with SD cards that can hold an order of magnitude more data, which can fit on your thumb’s nail.

Naturally, we must ask ourselves where the limit lies. Just how small can memory storage get? How about a single atom! IBM along with a handful international scientists have managed to store two bits of information on two pairs of holmium atoms. Using a scanning tunneling microscope, they were able to write data to the atoms, which held the data for an extended period of time.

Holmium is a large atom, weighing in at a whopping 67 AMU. It’s a rare earth metal from the lanthanide series on the periodic table. Its electron configuration is such that many of the orbiting electrons are not paired. Recall from our article on the periodic table that paired electrons must have opposite spin, which has the unfortunate consequence of causing the individual magnetic fields to cancel. The fact that holmium has so many unpaired electrons makes it ideal for manipulation.

While you won’t be seeing atom-level memory on the next Raspberry Pi, it’s still neat to see what the future holds.

Thanks to [Itay] for the tip!

Via Gizmodo.

So Long, and Thanks for all the Crystals

There was a time when anyone involved with radio transmitting — ham operators, CB’ers, scanner enthusiasts, or remote control model fans — had a collection of crystals. Before frequency synthesis, became popular, this was the best way to set an accurate frequency. At one time, these were commonly available, and there were many places to order custom cut crystals.

One of the best-known US manufacturers of quartz crystals still around is International Crystal Manufacturing (ICM). Well, that is, until now. ICM recently announced they were ceasing operations after 66 years. They expect to completely shut down by May.

In a letter on their website, Royden Freeland Jr. (the founder’s son), committed to fulfilling existing orders and possibly taking some new orders, raw materials permitting. The company started making products out of Freeland’s father’s garage in 1950.

Another big name that might still be around is Jan Crystals. We say might, because although their website is live, there’s not much there and the phone number is not quite disconnected but it is “parked.” There are also some posts on the Internet (where everything is true) indicating they are out of business.

Even if you didn’t do radio work, crystals are a staple in digital systems where an accurate clock is necessary and some types of filters, too. Of course, you can still get them, you just may not be able to get them made in the United States soon.

If you want to know more about the technology behind crystals [Jenny] has you covered. Crystals are one of those things that have not changed much in a long time, so you might enjoy the very 1960’s vintage U. S. Air Force training film below.

Continue reading “So Long, and Thanks for all the Crystals”

WikiLeaks Unveils Treasure Trove of CIA Documents

The latest from WikiLeaks is the largest collection of documents ever released from the CIA. The release, called ‘Vault 7: CIA Hacking Tools Revealed’, is the CIA’s hacking arsenal.

While Vault 7 is only the first part in a series of leaks of documents from the CIA, this leak is itself massive. The documents, available on the WikiLeaks site and available as a torrent, detail the extent of the CIA’s hacking program.

Of note, the CIA has developed numerous 0-day exploits for iOS and Android devices. The ‘Weeping Angel’ exploit for Samsung smart TVs,  “places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on.” This Fake-Off mode enables a microphone in the TV, records communications in the room, and sends these recordings to a CIA server. Additionally, the CIA has also developed tools to take over vehicle control systems. The purpose of such tools is speculative but could be used to send a moving car off the road.

It is not an exaggeration to say this is the most significant leak from a government agency since Snowden, and possibly since the Pentagon Papers. This is the documentation for the CIA’s cyberwarfare program, and there are more leaks to come. It will be a while until interested parties — Hackaday included — can make sense of this leak, but until then WikiLeaks has published a directory of this release.

Header image source (CC BY 2.0)

Nvidia Announces Jetson TX2 High Performance Embedded Module

The last year has been great for Nvidia hardware. Nvidia released a graphics card using the Pascal architecture, 1080s are heating up server rooms the world over, and now Nvidia is making yet another move at high-performance, low-power computing. Today, Nvidia announced the Jetson TX2, a credit-card sized module that brings deep learning to the embedded world.

The Jetson TX2 is the follow up to the Jetson TX1. We took a look at it when it was released at the end of 2015, and the feelings were positive with a few caveats. The TX1 is still a very fast, very capable, very low power ARM device that runs Linux. It’s low power, too. The case Nvidia was trying to make for the TX1 wasn’t well communicated, though. This is ultimately a device you attach several cameras to and run OpenCV. This is a machine learning module. Now it appears Nvidia has the sales pitch for their embedded platform down.

Continue reading “Nvidia Announces Jetson TX2 High Performance Embedded Module”