server

77 Articles

Possible Spyware On Samsung Phones

January 9, 2020 by 118 Comments

[Editor’s note: There’s an ongoing back-and-forth about this “spyware” right now. We haven’t personally looked into it on any phones, and decoded Wireshark caps of what the cleaner software sends home seem to be lacking — it could be innocuous. We’re leaving our original text as-run below, but you might want to take this with a grain of salt until further evidence comes out. Or keep us all up to date in the comments. But be wary of jumping to quick conclusions.]

Samsung may have the highest-end options for hardware if you want an Android smartphone, but that hasn’t stopped them from making some questionable decisions on the software they sometimes load on it. Often these phones come with “default” apps that can’t be removed through ordinary means, or can’t even be disabled, and the latest discovery related to pre-loaded software on Samsung phones seems to be of a pretty major security vulnerability.

This software in question is a “storage cleaner” in the “Device Care” section of the phone, which is supposed to handle file optimization and deletion. This particular application is made by a Chinese company called Qihoo 360 and can’t be removed from the phone without using ADB or having root. The company is known for exceptionally bad practices concerning virus scanning, and the software has been accused of sending all information about files on the phone to servers in China, which could then turn all of the data it has over to the Chinese government. This was all discovered through the use of packet capture and osint, which are discussed in the post.

These revelations came about recently on Reddit from [kchaxcer] who made the original claims. It seems to be fairly legitimate at this point as well, and another user named [GeorgePB] was able to provide a temporary solution/workaround in the comments on the original post. It’s an interesting problem that probably shouldn’t exist on any phone, let alone a flagship phone competing with various iPhones, but it does highlight some security concerns we should all have with our daily use devices when we can’t control the software on the hardware that we supposedly own. There are some alternatives though if you are interested in open-source phones.

Thanks to [kickaxe] for the tip!

Photo from Pang Kakit [CC BY-SA 3.0 DE (https://creativecommons.org/licenses/by-sa/3.0/de/deed.en)]

Laptop Like It’s 1979 With A 16-Core Z80 On An FPGA

December 10, 2019 by 38 Comments

When life hands you a ridiculously expensive and massively powerful FPGA dev board, your first reaction may not be to build a 16-core Z80 laptop with it. If it’s not, perhaps you should examine your priorities, because that’s what [Chris Fenton] did, with the result being the wonderfully impractical “ZedRipper.”

Our first impression is that we’ve got to start hanging around a better class of lab, because [Chris] came by this $6000 FPGA board as the result of a lab cleanout; the best we ever scored was a few old Cat-5 cables and some power strips. The Stratix FPGA formed the heart of the design, surrounded by a few breakout boards for the 10.1″ VGA display and the keyboard, which was salvaged from an old PS/2. The 16 Z80 cores running in the FPGA are connected by a ring-topology network, which [Chris] dubs the “Z-Ring”. One of the Z80 cores, the server core, runs CP/M 2.2 and a file server called CP/NET, while the other fifteen machines are clients that run CP/NOS. A simple window manager shows 80 x 25 character terminal sessions for the server and any three of the clients at once, and the whole thing, including a LiPo battery pack, fits into a laser-cut plywood case. It’s retro, it’s modern, it’s overkill, and we absolutely love it.

Reading over [Chris]’s build log puts us in the mood to break out our 2019 Superconference badge and try spinning up a Z80 of our own. If you decide to hack the FPGA-est of conference badges, you might want to check out what [Sprite_TM] has to say about it. After all, he designed it. And you’ll certainly want to look at some of the awesome badge hacks we saw at Supercon.

Thanks to [yNos] for the tip.

Raspberry Pi NAS Makes Itself At Home In Donor PC

November 1, 2019 by 49 Comments

It’s safe to say that most of us have at least one Raspberry Pi hanging from a USB cable someplace, silently hammering away at some unglamorous task that you’d rather not do on a “real” computer. With as cheap as they are, it’s not like there’s a big concern about where it sets up shop. But if you’re like [Jeremy S. Cook] and want your $35 Linux computer to be a permanent member of the family, then his tips on turning an old PC into a gloriously overkill Pi NAS may be of interest.

The main component [Jeremy] salvages from the old Lenovo desktop PC is, obviously, the case itself. Stripped of its original components, the case gives him plenty of room to mount the Pi as well as a couple of hard drives and a powered USB hub. To prevent the bottom of the Raspberry Pi from shorting out against the metal computer case, he designed and 3D printed a mount for it. Everything else is held down with hook and loop fastener, making it quick and easy to move things around and make adjustments.

While it might not be strictly necessary, [Jeremy] also took the time to salvage the computer’s old heatsink. Being far too large to fit on the Pi as-is, he ran a line down the back of it with his mill and snapped it in half. He uses a bit of thermal tape to hold the bisected heatsink onto the Pi’s SoC, with a couple pieces of electrical tape to make sure it doesn’t short out on anything.

Raspberry Pi NAS builds are exceptionally popular, and we’ve seen more than we can count over the years. You can build one out of parts from IKEA, and if you don’t mind plastic, you can always 3D print the whole thing. If you really want to go minimal, you can even hang some files on the network with little more than a Pi Zero stuck into a USB port.

Continue reading “Raspberry Pi NAS Makes Itself At Home In Donor PC”

Custom Lego Server Case Looks As Though It Came Straight From A Data Center

September 11, 2019 by 12 Comments

The picture above appears to show two unremarkable 2U rack servers, of the kind that are probably hosting the page you’re reading right now. Nothing special there – until you look carefully and realize that the rack server case on the left is made entirely from Lego. And what’s more, the server even works.

When it comes to building Lego computers, [Mike Schropp] is the guy to call. We’ve previously featured his Lego gaming computer, a striking case wrapped around what was a quite capable machine by 2016 standards, as well as an earlier case that reminds us a little of a NeXT. His reputation for Lego-clad computers led server maker Silicon Mechanics to commission a case for a trade show, and [Mike] jumped at the challenge.

Making a home-grade machine is one thing, but supporting all the heavy drives, power supplies, and fans needed to make the machine work is something else. He used a combination of traditional Lego pieces along with a fair sampling of parts from the Lego Technics line to pull off the build, which looks nearly perfect. Sadly, the Lego unit sizes make the case slightly taller than 2U, but that’s a small quibble when everything else matches so well, even the colors. And the fact that the server works, obviously important for a trade show demo, is pretty amazing too. The power supplies are even hot-swappable!

Congratulations to [Mike] on yet another outstanding Lego creation.

What Happened With Supermicro?

May 14, 2019 by 45 Comments

Back in October 2018, a bombshell rocked the tech industry when Bloomberg reported that some motherboards made by Supermicro had malicious components on them that were used to spy or interfere with the operation of the board, and that these motherboards were found on servers used by Amazon and Apple. We covered the event, looking at how it could work if it were true. Now seven months have passed, and it’s time to look at how things shook out.

Continue reading “What Happened With Supermicro?”

Blowing The Dust Off Of An IBM AS/400 Server

January 13, 2019 by 111 Comments

If you’ve never seen an IBM AS/400 machine, don’t feel bad. Most people haven’t. Introduced in 1988 as a mid-range server line, it used a unique object-based operating system and was geared specifically towards business and enterprise customers. Unless you’re a particularly big fan of COBOL you probably won’t have much use for one today, but that doesn’t mean they aren’t worth playing around with if the opportunity presents itself.

So when a local IT company went belly up and was selling their old hardware, including a late 90’s era IBM AS/400e Series, [Rik te Winkel] jumped at the chance to take this unique piece of computing history home. He knew it was something of a risk, as maintenance and repair tasks for these machines were intended to be done by IBM certified technicians rather than the DIYer, leaving little in the way of documentation or even replacement parts. But in the end it worked out, and best of all, he documented the successful process of dragging this 90’s behemoth into the blinding light of the twenty-first century for all the world to see.

After getting the machine home and sitting through its thirty minute boot process, [Rik] was relieved to see the code 01 B N pop on the server’s display. This meant the system passed all the internal checks and was ready to go, he just had to figure out how to talk to the thing. Built to be a pure server, the machine didn’t offer any video output so he’d have to log into it over the network.

[Rik] noted that there was no new DHCP entry in his router for the server, but of course that was hardly surprising as the machine would have certainly had a static IP when it was in use. So he shut the server down, plugged it directly into his laptop’s Ethernet port, and watched the output of Wireshark as it went through its arduous boot sequence. Eventually he started to pick up packets coming from the IP address 10.10.10.9, and he had his target.

There are a few clients out there that allow you to remotely log into an AS/400, so he downloaded one and pointed it to the server’s IP. He was surprised to see the operating system was apparently in Dutch, but at least he was in. He tried a few common usernames and passwords, helped along by the fact that this OS from a somewhat more innocent era will actually tell you if you have the username right or wrong, and eventually managed to hack the Gibson with the classic admin/admin combo.

So he was in, but now what? [Rik] decided that he couldn’t truly call this machine bested until he could pull up the Hackaday Retro Edition, so he started work on writing a program to let him pull down the page directly on the AS/400 in IBM’s proprietary Report Program Generator (RPG) programming language. You know, as one does. He didn’t quite feel up to writing a whole HTML parser, but he got as far as generating a HTTP GET request, downloading the page’s source, and opening it up as a local file. That’s good enough for us.

Our very own [Al Williams] documented his adventures poking around an Internet-connected AS/400 machine, which might serve as a helpful primer if you ever find one of these delightfully oddball computers kicking around the local recycling center.

The Space Station Has A Supercomputer Stowaway

December 10, 2018 by 59 Comments

The failed launch of Soyuz MS-10 on October 11th, 2018 was a notable event for a number of reasons: it was the first serious incident on a manned Soyuz rocket in 35 years, it was the first time that particular high-altitude abort had ever been attempted, and most importantly it ended with the rescue of both crew members. To say it was a historic event is something of an understatement. As a counterpoint to the Challenger disaster it will be looked back on for decades as proof that robust launch abort systems and rigorous training for all contingencies can save lives.

But even though the loss of MS-10 went as well as possibly could be expected, there’s still far reaching consequences for a missed flight to the International Space Station. The coming and going of visiting vehicles to the Station is a carefully orchestrated ballet, designed to fully utilize the up and down mass that each flight offers. Not only did the failure of MS-10 deprive the Station of two crew members and the experiments and supplies they were bringing with them, but also of a return trip which was to have brought various materials and hardware back to Earth.

But there’s been at least one positive side effect of the return cargo schedule being pushed back. The “Spaceborne Computer”, developed by Hewlett Packard Enterprise (HPE) and NASA to test high-performance computing hardware in space, is getting an unexpected extension to its time on the Station. Launched in 2017, the diminutive 32 core supercomputer was only meant to perform self-tests and be brought back down for a full examination. But now that its ticket back home has been delayed for the foreseeable future, NASA is opening up the machine for other researchers to utilize, proving there’s no such thing as a free ride on the International Space Station.

Continue reading “The Space Station Has A Supercomputer Stowaway”