Qualcomm Buys NXP In Largest Ever Semiconductor Deal

Reuters has reported that Qualcomm will purchase NXP for $38 Billion in the largest semiconductor deal ever.

This deal was rumored last month in a deal worth about $30 Billion. Qualcomm’s name should be familiar to all Hackaday readers – they have an immense portfolio of mobile processors, automotive chips, and a ton of connectivity solutions for WiFi, Bluetooth, and every other bit of the EM spectrum. NXP should also be familiar for their hundreds of ARM devices, automotive devices, and Freescale’s entire portfolio.

The deal for $38 Billion is just a bit larger than the previous largest semiconductor deal, Avago’s purchase of Broadcom for $37 Billion.

This latest acquisition has followed acquisitions of ARM Holdings by Japan’s Softbank, On and Fairchild, Avago and Broadcom, NXP and Freescale, Microchip and Atmel, Intel and Altera, and a few dozen we’re forgetting right now. The good news is this immense industry consolidation won’t result in a single gigantic chip maker; there will probably be two or three gigantic chip companies in the future. If I may dredge up an observation from a Mergers and Acquisition post from this summer, this trend didn’t go well for Hughes, Fairchild, Convair, Douglas, McDonnell Douglas, North American, Grumman, Northrop, Northrop Grumman, Bell, Cessna, Schweizer or Sikorsky. It went very well for Lockheed, Boeing, and Textron.

Physics or Phiction?

Do you remember Gilligan’s Island? For many people of a certain age, “The Professor” was our first impression of what a scientist was like. Even in those simpler times, though, you probably couldn’t find anyone like the professor; a jack of all trades, he sort of knew everything about everything (except, apparently, how to make a boat).

Real scientists tend to hyper-specialize. Getting grant money, publication pages, and just advancing the state of the art means that you get more and more focused on more obscure things. It is getting to the point that two scientists in the same field may not be able to really understand each other. You see the same thing in engineering to some degree. Not many digital designers can talk about the frequency dependence of Early effect in bipolar transistors, but not many device gurus can talk intelligently about reservation techniques for superscalar CPUs.

There’s now a website that lets you guess if a physics paper title is real or if it made up jibberish. The site, snarXiv, gets the real titles from arXiv, the site that contains many preprint papers. For example, we were asked to guess if “Brane Worlds with Bolts” was a real paper or if it was “Anthropic Approaches to the Flavor Problem.” (For the record, it was the one about branes.) Give it a whirl!

Botnet Recall of Things

After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.

Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to 300 million 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)

Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.

Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)

Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.

Via threatpost.

Codebender Shuts Down

Codebender.cc was a cloud based IDE for Arduino development. It was made for hackers by a few fellows in Greece. Unfortunately, while they saw some serious success, they were never able to convert it all the way into a viable business.

By November 31st Codebender.cc will be completely shut down. They assure users that the site will be in read-only mode for as long as the end of the year, but longer if the traffic justifies it. Codebender made it all the way to 10,000 monthly active users, but hosting and administration overshadowed this success to the tune of 25,000 dollars a month. Not so much as far as businesses go, but without revenue it’s more than enough to shut down a site. Their business plan aimed to tailor their services for specific chip manufacturers and other companies but those deals never came together.

It’s a pity, we were excited to see if Codebender could continue to grow. They were certainly doing some really interesting stuff like remote code upload. As the comments on the site show, many users, especially educators and Chromebook users, loved Codebender — your code isn’t stuck on one computer and where there was a browser there was an IDE.

Two paid services will remain (starting at $10/month) at addresses with different TLDs. But the post does mention that the Codebender project started as Open Source. Their GitHub repo isn’t a clear path for rolling your own, but if you do manage to hack together a working Codebender implementation we’d love to hear about it.

Supercapacitor Uses No Carbon

Supercapacitors have found a myriad of uses due to their ability to rapidly charge and then deliver the power efficiently. Currently, production of supercapacitors requires materials made out of carbon which requires high temperatures and poses other manufacturing difficulties.

Researchers announced a new type of supercapacitor that uses no carbon and could have advantages over conventional technologies. The new research focuses on metal-organic frameworks, or MOFs. This material is extremely porous with a sponge-like structure. Since supercapacitors require large surface areas, that makes MOFs an interesting material for that application. However, MOFs are not very electrically conductive, which is a disadvantage.

Continue reading “Supercapacitor Uses No Carbon”

You Might Not Be Able To Read This

Early today, some party unleashed a massive DDoS attack against Dyn, a major DNS host. This led to a number of websites being completely inaccessible. DNS is the backbone of the Internet. It is the phone book that turns URLs into IP addresses. Without it, the Internet still works, but you won’t be able to find anything.

Over the past few months, security professionals have suggested — in as responsible terms as possible — that something big could happen. In early September [Bruce Schneier] wrote, Someone Is Learning How To Take Down The Internet. The implication of this very general warning is that someone — possibly a state actor, but don’t be too sure about that — was figuring out how to attack one of the core services of the web. The easiest way to effectively ‘turn off the Internet’ for everyone is a Distributed Denial of Service attack against root servers, DNS servers, or some other service that plays a key role in the web.

Dyn is responding well to the attack this morning, and the Internet is safe from attack for the time being. As for who is responsible for the attack, what the goal is, and if this will happen again, no one knows. An attack on this scale is most certainly someone with a very large pocketbook or a state actor (Russia, China, the US, UK, Germany, Israel, or the like) but that’s not a given. It’s also not given the DDoS attacks have stopped. You might not be able to read this, but if you can, it might be a good idea to find a shortwave radio.

Hajime, Yet Another IoT Botnet

Following on the heels of Mirai, a family of malware exploiting Internet of Things devices, [Sam Edwards] and [Ioannis Profetis] of Rapidity Networks have discovered a malicious Internet worm dubbed Hajime which targets Internet of Things devices.

Around the beginning of October, news of an IoT botnet came forward, turning IP webcams around the world into a DDoS machine. Rapidity Networks took an interest in this worm, and set out a few honeypots in the hopes of discovering what makes it tick.

Looking closely at the data, there was evidence of a second botnet that was significantly more sophisticated. Right now, they’re calling this worm Hajime.

Continue reading “Hajime, Yet Another IoT Botnet”