News

3276 Articles

An Optical Computer Architecture

March 12, 2024 by 13 Comments

We always hear that future computers will use optical technology. But what will that look like for a general-purpose computer? German researchers explain it in a recent scientific paper. Although the DOC-II used optical processing, it did use some conventional electronics. The question is, how can you construct a general computer that uses only optical technology?

The paper outlines “Miller’s criteria” for practical optical logic gates. In particular, any optical scheme must provide outputs suitable for introduction to another gate’s inputs and also support fan out of one output to multiple inputs. It is also desirable that each stage does not propagate signal degradation and isolate its outputs from its inputs. The final two criteria note that practical systems don’t depend on loss for information representation since this isn’t reliable across paths, and, similarly, the gates should require high-precision adjustment to work correctly.

The paper also identifies many misconceptions about new computing devices. For example, they assert that while general-purpose desktop-class CPUs today contain billions of devices, use a minimum of 32-bits of data path, and contain RAM, this isn’t necessarily true for CPUs that use different technology. If that seems hard to believe, they make their case throughout the paper. We can’t remember the last scientific paper we read that literally posed the question, “Will it run Doom?” But this paper does actually propose this as a canonical question.

Continue reading “An Optical Computer Architecture”

μRepRap: Taking RepRap Down To Micrometer-Level Manufacturing

March 10, 2024 by 30 Comments

When the RepRap project was started in 2005 by [Dr Adrian Bowyer], the goal was to develop low-cost 3D printers, capable of printing most of their own components. The project slipped into a bit of a lull by 2016 due to the market being increasingly flooded with affordable FDM printers from a growing assortment of manufacturers. Now it seems that the RepRap project may have found a new impetus, in the form of sub-millimeter level fabrication system called the μRepRap as announced by [Vik Olliver] on the RepRap project blog, with accompanying project page.

The basic technology is based around the OpenFlexure project’s Delta Stage, which allows for very precise positioning of an imaging element, or conceivably a fabrication tool. As a first step, [Vik] upgrade the original delta stage to a much reinforced one that can accept larger NEMA17 stepper motors. This also allows for standard 3D printer electronics to control the system much like an FDM printer, only at much smaller scales and with new types of materials. The current prototype [Vik] made has a claimed step accuracy of 3 µm, with a range of tools and deposition materials being considered, including photosensitive resins.

It should be noted here that although this is a project in its infancy, it has solid foundations due to projects like OpenFlexure. Will μRepRap kickstart micrometer-level manufacturing like FDM 3D printing before? As an R&D project it doesn’t come with guarantees, but color us excited.

Thanks to [Tequin] for the tip.

This Week In Security: Blame The Feds, Emergency Patches, And The DMA

March 8, 2024 by No comments

The temptation to “take the money and run” was apparently too much for the leadership of the AlphV ransomware crime ring. You may have heard of this group as being behind the breach of Change Healthcare, and causing payment problems for nearly the entire US Healthcare system. And that hack seems to be key to what’s happened this week.

It’s known that a $22 million payment made it through the bitcoin maze to the AlphV wallet on the 1st. It’s believed that this is a payment from Change Healthcare to recover ransomed files. An important detail here is that AlphV is a ransomware-as-a-service provider, and the actual hacking is done by “affiliates”, who use that service, and AlphV handles the infrastructure, maintaining the actual malware, and serving as a payment processor. That last one is key here.

A couple days after that big payment landed in the AlphV account, a seizure notice went up on the AlphV TOR site, claiming that it had been taken down by the FBI and associated agencies. There was something a bit odd about it, though. See, the FBI did seize the AlphV Tor site back in December. The seizure notice this time was an exact copy, as if someone had just done a “save page as”, and posted the copy.

There is precedent for a ransomware group to close up shop and disappear after hitting a big score. The disruption AlphV enabled in the US health care system painted a big target on them, and it didn’t take a tactical genius to realize it might be good to lay low for a while. Pocketing the entire $22 million ransom probably didn’t hurt either. The particularly nasty part is that the affiliate that actually pulled off the attack still claims to have four terabytes of sensitive data, and no incentive to not release it online. It’s not even entirely clear that Change Healthcare actually received a decryption key for their data. You do not want to deal with these people.

Continue reading “This Week In Security: Blame The Feds, Emergency Patches, And The DMA”

Yuzu And Citra Emulators Shut Down After Legal Pressure From Nintendo

March 5, 2024 by 36 Comments

In a move that came rather like a surprise to many, the company behind the well-known Switch and 3DS emulators Yuzu and Citra – Tropic Haze LLC – as reported by PC Gamer has shutdown both projects and associated websites as part of a US$2.4M settlement with Nintendo with a last message left on the Yuzu website. This comes in the wake of Nintendo suing Tropic Haze LLC over the Yuzu emulator, claiming that there’s ‘no lawful way to use Yuzu’, as it requires files extracted from a real Switch device to decrypt game files. Although Citra is not part of the lawsuit, it being made by the same developers seems to have resulted in it getting axed along with Yuzu as collateral damage.

What makes this issue so legally hairy is that even though an emulator by itself isn’t illegal, requiring proprietary firmware and keys already gets one into contested territory about the legality of dumping said files from a console, even if you own it. This was already an issue with the first Playstation emulators, which require the Playstation BIOS image to even boot, but left the emulator developers mostly untouchable. What seems to have set off Nintendo’s lawyers here would seem to be the way that the Yuzu developers leaned into the copyright infringement (often incorrectly called ‘piracy’) angle, giving Nintendo’s legal team enough exposed flesh to launch a ballistic legal strike.

Continue reading “Yuzu And Citra Emulators Shut Down After Legal Pressure From Nintendo”

This Week In Security: Forksquatting, RustDesk, And M&Ms

March 1, 2024 by 14 Comments

Github is struggling to keep up with a malware campaign that’s a new twist on typosquatting. The play is straightforward: Clone popular repositories, add malware, and advertise the forks as the original. Some developers mistake the forks for the real projects, and unintentionally run the malware. The obvious naming choice is forksquatting, but the researchers at apiiro went with the safer name of “Repo Confusion”.

The campaign is automated, and GitHub is aware of it, with the vast majority of these malicious repositories getting removed right away. For whatever reason, the GitHub algorithm isn’t catching all of the new repos. The current campaign appears to publishing millions of forks, using code from over 100,000 legitimate projects. It’s beginning to seem that the squatting family of attacks are here to stay.

RustDesk and Odd Certificates

The RustDesk remote access software is interesting, as it’s open source, allows self-hosting, and written in Rust. I’ve had exploring RustDesk as a todo item for a long time, but a bit of concerning drama has just finished playing out. A user pointed out back in November that a test root certificate was installed as part of the RustDesk installation. That root cert is self-signed with SHA1. There is also concern that the RustDesk binaries are signed with a different certificate.

There have been new events since then. First, there was a Hacker News thread about the issue earlier this month. The next day, CVE-2024-25140 was registered with NIST, ranking an insane CVE 9.8 CVSS. Let’s cut through some FUD and talk about what’s really going on.

Continue reading “This Week In Security: Forksquatting, RustDesk, And M&Ms”

Air Canada’s Chatbot: Why RAG Is Better Than An LLM For Facts

February 28, 2024 by 29 Comments

Recently Air Canada was in the news regarding the outcome of Moffatt v. Air Canada, in which Air Canada was forced to pay restitution to Mr. Moffatt after the latter had been disadvantaged by advice given by a chatbot on the Air Canada website regarding the latter’s bereavement fare policy. When Mr. Moffatt inquired whether he could apply for the bereavement fare after returning from the flight, the chatbot said that this was the case, even though the link which it provided to the official bereavement policy page said otherwise.

This latter aspect of the case is by far the most interesting aspect of this case, as it raises many questions about the technical details of this chatbot which Air Canada had deployed on its website. Since the basic idea behind such a chatbot is that it uses a curated source of (company) documentation and policies, the assumption made by many is that this particular chatbot instead used an LLM with more generic information in it, possibly sourced from many other public-facing policy pages.

Whatever the case may be, chatbots are increasingly used by companies, but instead of pure LLMs they use what is called RAG: retrieval augmented generation. This bypasses the language model and instead fetches factual information from a vetted source of documentation.

Continue reading “Air Canada’s Chatbot: Why RAG Is Better Than An LLM For Facts”

Big Chemistry: Hydrofluoric Acid

February 27, 2024 by 32 Comments

For all of the semiconductor industry’s legendary reputation for cleanliness, the actual processes that go into making chips use some of the nastiest stuff imaginable. Silicon oxide is comes from nothing but boring old sand, and once it’s turned into ultrapure crystals and sliced into wafers, it still doesn’t do much. Making it into working circuits requires dopants like phosphorous and boron to give the silicon the proper semiconductor properties. But even then, a doped wafer doesn’t do much until an insulating layer of silicon dioxide is added and the unwanted bits are etched away. That’s a tall order, though; silicon dioxide is notoriously tough stuff, largely unreactive and therefore resistant to most chemicals. Only one substance will do the job: hydrofluoric acid, or HFA.

HFA has a bad reputation, and deservedly so, notwithstanding its somewhat overwrought treatment by Hollywood. It’s corrosive to just about everything, it’s extremely toxic, and if enough of it gets on your skin it’ll kill you slowly and leave you in agony the entire time. But it’s also absolutely necessary to make everything from pharmaceuticals to cookware, and it takes some big chemistry to do it safely and cheaply.

Continue reading “Big Chemistry: Hydrofluoric Acid”