V8 Javascript Fixes (Horrible!) Random Number Generator

December 28, 2015 by Elliot Williams 59 Comments

According to this post on the official V8 Javascript blog, the pseudo-random number generator (PRNG) that V8 Javascript uses in Math.random() is horribly flawed and getting replaced with something a lot better. V8 is Google’s fast Javascript engine that they developed for Chrome, and it’s used in Node.js and basically everywhere. The fact that nobody has noticed something like this for the last six years is a little bit worrisome, but it’s been caught and fixed and it’s all going to be better soon.

In this article, I’ll take you on a trip through the math of randomness, through to pseudo-randomness, and then loop back around and cover the history of the bad PRNG and its replacements. If you’ve been waiting for an excuse to get into PRNGs, you can use this bizarre fail and its fix as your excuse.

But first, some words of wisdom:

Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.
John von Neumann

John von Neumann was a very smart man — that goes without saying. But in two sentences, he conveys something tremendously deep and tremendously important about random variables and their mathematical definition. Indeed, when you really understand these two sentences, you’ll understand more about randomness than most everyone you’ll meet.

Continue reading “V8 Javascript Fixes (Horrible!) Random Number Generator” →

Is Robot Butter Better Butter?

December 28, 2015 by Dan Maloney 27 Comments

Humans have been making butter for thousands of years. If you have a cooperative cow or sheep and a means to agitate her milk, butter is not far behind. So why would you employ a $15,000 industrial robot to make butter? Because – robot butter!

Actually, Robutter is a design experiment by [Stephan], [Philipp], and [Jonas] to explore where craft ends and industrial processes begin, and to see how automation adds or removes values from traditional products. It’s a fair question, given that butter can be churned with everything from animal skins to massive continuous churns. So the team programmed [DIRK], a Fanuc LR Mate 200ic which is normally more at home on an assembly line, to carefully agitate a container of cream. After a bit of fiddling they found the optimal position and movements to produce a delicate butter that looks pretty tasty. The video after the break shows the process and the results, but sadly there’s no taste test of the Robutter against grocery store butter.

It may come as a surprise that Hackaday appears never to have featured a butter making project before. Sure, we’ve got a lot of food hacks, most of which seem to involve beer or coffee. But we did run across a recent article on a buttermilk pancake-making robot that you might like to check out.

Continue reading “Is Robot Butter Better Butter?” →

32C3: Towards Trustworthy X86 Laptops

December 28, 2015 by Brian Benchoff 38 Comments

Security assumes there is something we can trust; a computer encrypting something is assumed to be trustworthy, and the computer doing the decrypting is assumed to be trustworthy. This is the only logical mindset for anyone concerned about security – you don’t have to worry about all the routers handling your data on the Internet, eavesdroppers, or really anything else. Security breaks down when you can’t trust the computer doing the encryption. Such is the case today. We can’t trust our computers.

In a talk at this year’s Chaos Computer Congress, [Joanna Rutkowska] covered the last few decades of security on computers – Tor, OpenVPN, SSH, and the like. These are, by definition, meaningless if you cannot trust the operating system. Over the last few years, [Joanna] has been working on a solution to this in the Qubes OS pro ject, but everything is built on silicon, and if you can’t trust the hardware, you can’t trust anything.

And so we come to an oft-forgotten aspect of computer security: the BIOS, UEFI, Intel’s Management Engine, VT-d, Boot Guard, and the mess of overly complex firmware found in a modern x86 system. This is what starts the chain of trust for the entire computer, and if a computer’s firmware is compromised it is safe to assume the entire computer is compromised. Firmware is also devilishly hard to secure: attacks against write protecting a tiny Flash chip have been demonstrated. A Trusted Platform Module could compare the contents of a firmware, and unlock it if it is found to be secure. This has also been shown to be vulnerable to attack. Another method of securing a computer’s firmware is the Core Root of Trust for Measurement, which compares firmware to an immutable ROM-like memory. The specification for the CRTM doesn’t say where this memory is, though, and until recently it has been implemented in a tiny Flash chip soldered to the motherboard. We’re right back to where we started, then, with an attacker simply changing out the CRTM chip along with the chip containing the firmware.

But Intel has an answer to everything, and to the house of cards for firmware security, Intel introduced their Management Engine. This is a small microcontroller running on every Intel CPU all the time that has access to RAM, WiFi, and everything else in a computer. It is security through obscurity, though. Although the ME can elevate privileges of components in the computer, nobody knows how it works. No one has the source code for the operating system running on the Intel ME, and the ME is an ideal target for a rootkit.

Is there hope for a truly secure laptop? According to [Joanna], there is hope in simply not trusting the BIOS and other firmware. Trust therefore comes from a ‘trusted stick’ – a small memory stick that contains a Flash chip that verifies the firmware of a computer independently of the hardware in a computer.

This, with open source firmwares like coreboot are the beginnings of a computer that can be trusted. While the technology for a device like this could exist, it will be a while until something like this will be found in the wild. There’s still a lot of work to do, but at least one thing is certain: secure hardware doesn’t exist, but it can be built. Whether secure hardware comes to pass is another thing entirely.

You can watch [Joanna]’s talk on the 32C3 streaming site.

An Actual Working Hoverboard

December 27, 2015 by James Hobson 79 Comments

What with 2015 being the apparent “year of the hoverboard”, we have a final contender before the year ends. It’s called the ArcaBoard from ArcaSpace, A private space company. And it doesn’t use magnets, or superconductors, or any smoke and mirrors — just a whole lot of ducted fans.

Thirty-six of them to be precise. The ArcaBoard uses 36 electric motors with an apparent 7.55HP each, powered by a massive bank of lithium ion batteries. Together, they produce 430 pounds of thrust, which allows most riders to float around quite easily. Even with that huge power drain, it apparently lasts for a whole 20 minutes, which is pretty impressive considering its size.

Continue reading “An Actual Working Hoverboard” →

Pewter Casting With PLA

December 27, 2015 by Al Williams 12 Comments

Over on Hackaday.io, [bms.had] is showing his technique for 3D printing molds that he uses to cast (lead-free) pewter objects. The process looks simple enough, and if you have a 3D printer, you only need some lead-free pewter, a cheap toaster oven, and PLA filament. He’s made two videos (below) that do an excellent job of showing the steps required.

Even though the pewter is hot enough to melt the PLA, it doesn’t appear to be a major problem if you quench the piece fast enough. According to [bms.had], a slower quench will melt some PLA although that creates a smoother surface. You can see the 0.31 mm layer lines in the cast, though, although you can use any layer height you like to control that. Creating the mold is simple (the videos use Tinkercad, although anything suitable for creating 3D models would work). You essentially attach a funnel to your part and make the entire part a hole inside an enveloping shape.

Continue reading “Pewter Casting With PLA” →

Hackaday Links: December 27th, 2015

December 27, 2015 by Brian Benchoff 20 Comments

PCBs can be art – we’ve known this for a while, but we’re still constantly impressed with what people can do with layers of copper, fiberglass, soldermask, and silkscreen. [Sandy Noble] is taking this idea one step further. He took C64, Spectrum, and Sinclair PCBs and turned them into art. The results are incredible. These PCBs were reverse engineered, traced, and eventually turned into massive screen prints. They look awesome, and they’re available on Etsy.

$100k to bring down drones. That’s the tagline of the MITRE Challenge, although it’s really being sold as, “safe interdiction of small UAS that pose a safety or security threat in urban areas”. You can buy a slingshot for $20…

[styropyro] mas made a name for himself on Youtube for playing with very dangerous lasers and not burning his parent’s house down. Star Wars is out, and that means it’s time to build a handheld 7W laser. It’s powered by two 18650 cells, and is responsible for more than a few scorch marks on the walls of [styropyro]’s garage.

Everybody is trying to figure out how to put Ethernet and a USB hub on the Pi Zero. This means a lot of people will be launching crowdfunding campaigns for Pi Zero add-on boards that add Ethernet and USB. The first one we’ve seen is the Cube Infinity. Here’s the thing, though: they’re using through-hole parts for their board, which means this won’t connect directly to the D+ and D- USB signals on the Pi Zero. They do have a power/battery board that may be a little more useful, but I can’t figure out how they’re doing the USB.

[Keith O] found a fascinating video on YouTube and sent it into the tips line. It’s a machine that uses a water jet on pastries. These cakes start out frozen, and come out with puzzle piece and hexagon-shaped slices. Even the solution for moving cakes around is ingenious; it uses a circular platform that rotates and translates by two toothed belts. Who would have thought the latest advancements in cutting cakes and pies would be so fascinating?

It’s time to start a tradition. In the last links post of last year, we took a look at the number of views from North Korea in 2014. Fifty-four views, and we deeply appreciate all our readers in Best Korea. This year? For 2015, we’ve logged a total of thirty-six views from the Democratic People’s Republic of Korea. That’s a precipitous drop that deserves an investigation. Pyongyang meetup anyone?

Turning The Pi Zero Into A USB Gadget

December 27, 2015 by Brian Benchoff 60 Comments

The Raspberry Pi Zero is limited, or so everyone says, and everyone is trying to cram a USB hub and WiFi adapter on this tiny, tiny board. One thing a lot of people haven’t realized is that the Raspberry Pi Zero comes with a USB OTG port, meaning it can function as a USB device rather than a USB host. This means the Raspi can become a serial device with just a USB cable, an Ethernet device, MIDI device, camera, or just about anything else you can plug into a USB port. Adafruit has your back with a tutorial for using the USB OTG port as a serial and Ethernet interface, and the possible applications are extremely interesting.

The only requirement for using the USB OTG port for device applications is an update to the kernel. This is easily installed by dumping a few files on an SD card and a employing bit of command line wizardry. The simplest example is setting up the Pi Zero as a USB serial device, allowing anyone to log into a serial console on the Pi with just a USB cable.

A slightly more interesting application is setting up the Pi as an Ethernet gadget. This effectively tunnels all the networking on the Pi Zero through a USB cable and a separate computer. The instructions are extremely OS-specific, but the end result is the same: you can apt-get on a Pi Zero to your heart’s desire with a new kernel loaded onto the SD card and a USB cable.

This experimentation is just scratching the surface of what is possible with the OTG port on the Pi Zero. MIDI devices are easy, and with a ton of GPIOs, the Pi Zero itself could become a very interesting musical instrument. Want the Pi Zero to be a storage device? That’s easy too. The USB Gadget will end up being one of the most exciting uses for the Pi Zero, and we can’t wait to see what everyone will come up with next.