Month: August 2020

This Week In Security: XCode Infections, Freepik, And Crypto Fails

August 28, 2020 by 8 Comments

There is a scenario that keep security gurus up at night: Malware that can detect software compilation and insert itself into the resulting binary. A new Mac malware, XCSSET (PDF), does just that, running whenever Xcode is used to build an application. Not only is there the danger of compiled apps being malicious, the malware also collects data from the developer’s machine. It seems that the malware spreads through infected Xcode projects.

WordPress Plugins

WordPress has a complicated security track record. The core project has had very few serious vulnerabilities over the years. On the other hand, WordPress sites are routinely compromised. How? Generally through vulnerable plugins. Case in point? Advanced Access Manager. It’s a third party WordPress plugin with an estimate 100,000 installations. The problem is that this plugin requires user levels, a deprecated and removed WordPress feature. The missing feature had some unexpected results, like allowing any user to request administrator privileges.

The issue has been fixed in 6.6.2 of the plugin, so if you happen to run the Advanced Access Manager plugin, make sure to get it updated. Beyond that, maybe it’s time to do an audit on your WordPress site. Uninstall unused plugins, and make sure the rest are up to date, along with the WordPress installation itself. Continue reading “This Week In Security: XCode Infections, Freepik, And Crypto Fails”

Open Hardware Laptop Built On Power PC ISA

August 28, 2020 by 17 Comments

Since Apple switched to Intel chips in the mid-00s, the PowerPC chips from Motorola and the PowerPC Instruction Set Architecture (ISA) that they had been using largely fell by the wayside. While true that niche applications like supercomputing still use the Power ISA on other non-Apple hardware, the days of personal computing with PowerPC are largely gone unless you’re still desperately trying to keep your Power Mac G5 out of the landfill or replaying Twilight Princess. Luckily for enthusiasts, though, the Power ISA is now open source and this group has been working on an open-source laptop based on this architecture.

While development is ongoing and there are no end-user products available yet, the progress that this group has made shows promise. They have completed their PCB designs and schematics and have a working bill of materials, including a chassis from Slimbook. There are also prototypes with a T2080RDB development kit and a NXP T2080 processor, although they aren’t running on their intended hardware yet. While still in the infancy, there are promising videos (linked below) which show the prototypes operating smoothly under the auspices of the Debian distribution that is tailored specifically for the Power ISA.

We are excited to see work continue on this project, as the Power ISA has a number of advantages over x86 in performance, ARM when considering that it’s non-proprietary, and even RISC-V since it is older and better understood. If you want a deeper comparison between all of these ISAs, our own [Maya Posch] covered that topic in detail as well as covered the original move that IBM made to open-source the Power ISA.

Continue reading “Open Hardware Laptop Built On Power PC ISA”

Over-Engineered Single Button Timer

August 28, 2020 by 13 Comments

Feature creep is typically something to be avoided, since watching a relatively simple project balloon into a rat’s nest of complexity often leads to ineffective, or even abandoned, projects. On the other hand, if you can maintain a tight focus, it’s not always a bad thing. [cbm80Amiga] shows us how to drill down and add specific features in this single-button timer without losing focus on what the original project was all about.

The timer is based on an Arduino Pro Mini and an HX1230 LCD with a simple piezo speaker for audible alerts. A single button controls operation of the timer, with short presses incrementing each digit and long presses moving on to the next digit. Controlling button presses this finely is a project in its own, but then [cbm80Amiga] moves on to other features such as backlight control, low power modes which allow it to operate for around two years on a single battery charge, preset times for various kitchen uses, and different appearance settings.

Honestly we aren’t sure how you could cram any more features on this timer without fundamentally altering the designed simplicity. It doesn’t fall into the abyss of feature creep while being packed with features, and it’s another example of how keeping things simple is often a recipe for success.

Thanks to [Hari] for the tip!

Continue reading “Over-Engineered Single Button Timer”

38 Years Later, The Atari 2600 Learns To Speak

August 27, 2020 by 11 Comments

Back in the early 1980s, there was a certain fad in making your computer produce something resembling human speech. There were several hardware solutions to this, adding voices to everything from automated telephone systems to video game consoles, all the way to Steve Jobs using the gimmick to introduce Macintosh to the world in 1984. In 1982, a software-based version of this synthesis was released for the Atari 8-bit line of computers, and ever since them [rossumur] has wondered whether or not it could run on the very constrained 2600.

Fast-forward 38 years and he found out that the answer was that yes, it was indeed possible to port a semblance of the original 1982 Software Automatic Mouth (or SAM) to run entirely on the Atari 2600, without any additional hardware. To be able to fit such a seemingly complicated piece of software into the paltry 128 bytes (yes, bytes) of RAM, [rossumur] actually uses an authoring tool in order to pre-calculate the allophones, and store only those in the ROM. This way, the 2600 alone can’t convert text to phonemes, but there’s enough space left for the allophones, which are converted into sound, that about two minutes of speech can fit into one cartridge. As for why he went through the trouble, we quote the author himself: “Because creating digital swears with 1982 speech synthesis technology on a 1977 game console is exactly what we need right now.”

For this project, [rossumur] has written an incredibly interesting article on speech synthesis in order to explain the SAM engine used here. And this isn’t his first time on the website either, always cramming software where it shouldn’t fit, such as a “Netflix”-like streaming service, or 8-bit console emulators, both on nothing but an ESP32 microcontroller. Check this one out in action after the break.

Continue reading “38 Years Later, The Atari 2600 Learns To Speak”

Cold Tube Draws The Heat

August 27, 2020 by 63 Comments

If you live anywhere near the tropics, air conditioning isn’t a luxury but a necessity. The problem however is that humid climates can cause conventional air conditioners to draw more power to dehumidify the air than it requires to just cool it, which increases the power needed to run the unit. Back in 1963, there was a proposal to create a cooling system that didn’t foster condensation and couple it with different methods of removing humidity. Researchers in Singapore have now created such a system. It uses a membrane that is permeable to infrared radiation but prevents condensation around the cooling unit.

You can see a video of the apparatus in a pavilion in the Singapore heat in the video below. Chilled water runs through tubes behind a membrane that passes thermal radiation. Since the tubes are not exposed to the ambient atmosphere, condensation is minimal. But heat radiates from the warmer area to the much colder area of the tubes.

Continue reading “Cold Tube Draws The Heat”

Hands-On: BornHack 2020 Badge Has 9×32 Of Bling Fed By CircuitPython

August 27, 2020 by 4 Comments

Despite widespread pandemic cancellations, BornHack still happened this year and they even managed to once again bring an electronic badge to all attendees. If you missed it, I’ve already published an overview of the hacker camp itself. Today let’s dig into the 2020 BornHack badge!

Designed by Thomas Flummer and manufactured in Denmark, it takes the form of a PCB in the shape of a roughly 60 degree circular arc with most of its top side taken up by a 9 by 32 array of SMD LEDs. There is the usual 4-way button array and space for an SAO connector on the rest of the front face, while on the rear are a set of GPIO pads and a pair of AA battery holders for power. Connectivity is via USB-C and infra-red, and usefully there is also a power on/off switch.

At the heart of its hardware is a SAMD21G18A ARM Cortex M0+ microcontroller which is perhaps not the most exciting of chips, but the hardware becomes more interesting with the LED drivers. A pair of the IS31FL3731 chips (you may recognise from Brian Benchoff’s Mr. Robot badge) each drive half of the Charliplexed LED array. These versatile chips take the bother of scanning the LED matrix away from the microcontroller with their own internal frame registers fed from an I2C interface. This choice both makes the best use of the relatively meagre microcontroller in this application, and opens the way for the software choice. This badge runs Adafruit’s CircuitPython, and can thus be programmed over the USB connection in the same way as any other CircuitPython board. To test this I put aside my GNU/Linux laptop, and picked up something considerably less versatile to test its ease of use: a Chromebook.


# configure I2C
i2c = busio.I2C(board.SCL, board.SDA)

# turn on LED drivers
sdb = DigitalInOut(board.SDB)
sdb.direction = Direction.OUTPUT
sdb.value = True

# set up the two LED drivers
display = adafruit_is31fl3731.Matrix(i2c, address=0x74)
display2 = adafruit_is31fl3731.Matrix(i2c, address=0x77)

text_to_show = "BornHack 2020 - make clean"

CircuitPython devices mount as a disk drive in which can be found a Python file that can be edited with the code of your choice. The BornHack badge ships with code to display a BornHack banner text, which serves as a quick introduction to the capabilities of its display. It’s noticeable that the text scrolling performance leaves something to be desired, but this microcontroller is hardly one of the more powerful supported by the CircuitPython platform. The Chromebook was happily able to edit the code, though viewing the Python serial console necessitated diving into its Linux virtual machine.

The BornHack badge then, an attractive design that fulfils the aim of being capable and easy to program through its use of the popular CircuitPython platform, and through its decent sized LED matrix and available GPIOs with the chance of seeing a use beyond the camp as a general purpose display/experimentation platform. It may not be the most powerful of badges, but it does its job well. In particular it has achieved the feat missed by so many others, of arriving at the camp fully assembled and with working hardware and software. You can see more about it in Thomas’ badge presentation at the camp (cut from a stream, talk begins at 5:27) which we’ve placed below the break.

We look forward to seeing its influence upon other similar badges. Meanwhile if you are interested, you can compare it with the 2019 BornHack badge which we reviewed last year.

Continue reading “Hands-On: BornHack 2020 Badge Has 9×32 Of Bling Fed By CircuitPython”

Print-in-Place Engine Aims To Be The Next Benchy

August 27, 2020 by 19 Comments

While there are many in the 3D-printing community who loudly and proudly proclaim never to have stooped to printing a 3DBenchy, there are far more who have turned a new printer loose on the venerable test model, just to see what it can do. But Benchy is getting a little long in the tooth, and with 3D-printers getting better and better, perhaps a better benchmarking model is in order.

Knocking Benchy off its perch is the idea behind this print-in-place engine benchmark, at least according to [SunShine]. And we have to say that he’s come up with an impressive model. It’s a cutaway of a three-cylinder reciprocating engine, complete with crankshaft, connecting rods, pistons, and engine block. It’s designed to print all in one go, with only a little cleanup needed after printing before the model is ready to go. The print-in-place aspect seems to be the main test of a printer — if you can get this engine to actually spin, you’re probably set up pretty well. [SunShine] shares a few tips to get your printer dialed in, and shows a few examples of what can happen when things go wrong. In addition to the complexities of the print-in-place mechanism, the model has a few Easter eggs to really challenge your printer, like the tiny oil channel running the length of the crankshaft.

Whether this model supplants Benchy is up for debate, but even if it doesn’t, it’s still a cool design that would be fun to play with. Either way, as [SunShine] points out, you’ll need a really flat bed to print this one; luckily, he recently came up with a compliant mechanism dial indicator to help with that job.

Continue reading “Print-in-Place Engine Aims To Be The Next Benchy”