Hackaday Links: December 12, 2021

Hackaday Links Column Banner

It looks as though the Mars Ingenuity flight team is starting to press the edge of the envelope a bit. The tiny rotorcraft, already 280-something sols into a mission that was only supposed to last for about 30 sols, is taking riskier flights than ever before, and things got particularly spicy during flight number 17 this past week. The flight was a simple up-over-and-down repositioning of the aircraft, but during the last few meters of descent at its landing zone, Ingenuity dipped behind a small hill and lost line-of-sight contact with Perseverance. Without the 900-MHz telemetry link to the rover, operators were initially unable to find out whether the chopper had stuck the landing, as it had on its previous 16 flights. Thankfully, Perseverance picked up a blip of data packets about 15 minutes after landing that indicated the helicopter’s battery was charging, which wouldn’t be possible if the craft were on its side. But that’s it as far as flight data, at least until they can do something about the LOS problem. Whether that involves another flight to pop up above the hill, or perhaps even repositioning the rover, remains to be decided.

Thinking up strong passwords that are memorable enough to type when they’re needed is never easy, and probably contributes more to the widespread use of “P@$$w0rD123” and the like than just about anything. But we got a tip on a method the musically inclined might find useful — generating passwords using music theory. It uses standard notation for chords to come up with a long, seemingly random set of characters, like “DMaj7|Fsus2|G#9”. It’s pretty brilliant, especially if you’ve got the musical skills to know what that would sound like when played — the rest of us can click here to find out. But since we can’t carry a tune in a bucket, we’ll just stick with the “correct horse battery staple” method.

Looks like you can only light so many roofs on fire before somebody starts to take an interest in what’s going on. At least that seems to be the case with Tesla, which is now under investigation by the US Security and Exchanges Commission for not keeping its shareholders and the public looped in on all those pesky solar array fires it was having back in the day. The investigation stems from a 2019 whistleblower complaint by engineer Steven Henkes, who claims he was fired by Tesla after pointing out that it really would be best not to light their customers’ buildings on fire with poorly installed solar arrays. It’s interesting that the current investigation has nothing to do with the engineering aspects of these fires, but rather the financial implications of disclosure. We discussed some of those problems before, which includes dodgy installation practices and seems to focus on improperly torqued MC4 connectors.

Staying with the Tesla theme, it looks like the Cybertruck is going to initially show up as a four-motor variant. The silly-looking vehicle is also supposed to sport four-wheel steering, which will apparently make it possible to drive diagonally. We’ve been behind the wheel for nearly four decades at this point and can count on no hands the number of times diagonal driving would have helped, and while there might be an edge case we haven’t bumped into yet, we suspect this is more about keeping up with the competition than truly driving innovation. It seems like if they were really serious about actually shipping a product, they’d work on the Cybertruck windshield wiper problem first.

And finally, as I’m sure you’re all aware by now, our longtime boss Mike Szczys is moving on to greener pastures. I have to say the news came as a bit of shock to me, since I’ve worked for Mike for over six years now. In that time, he has put me in the enviable position of having a boss I actually like, which has literally never happened to me before. I just thought I’d take the chance to say how much I appreciate him rolling the dice on me back in 2015 and giving me a chance to actually write for a living. Thanks, Mike, and best of luck with the new gig!

14 thoughts on “Hackaday Links: December 12, 2021

  1. On the subject of the Cybertruck, as a former commercial driver, I can say there were more then enough times I could have benefited from 4 wheel steering such as in older larger city locations. I believe it would have made for a much more manuverable docking and positioning of trailers. It could have put the truck in a position that the side mirrors would have more useful in tightly spaced trailers at loading bays. I would much rather depend on my own vision instead of having some guy try and spot for me in a blind area! So places have special motor rigs that put the trailer in front where vision is unrestricted with very short wheel bases which aids dramatically in the movement of long trailer and short, short trailers ca be harder to dock sometimes and sometimes the longer trailers are impossible with over the road pulling trucks. You can see the results from time to time where the air foils are smashed on the back of the semis and the sides of trailers are wrecked. However a system for 4 wheel steer would be impractical for an over the road heavy duty, there simply isn’t enough room for that with 2 sets of dual wheels unless the steer angle was very small.

  2. Actual crab movement, as in straight sideways, would be great for parallel parking: it would enormously speed up a process that can seem very slow and frustrating to both the person trying to park and the people waiting for the road to clear.
    I’ve spent some time trying to figure out how to put a set of four pneumatic lifts at/near the corners of my weird vintage car, similar to the lifts F1 cars have, only with little perpendicular-to-normal-travel rollers on the bottom so the car could slide sideways into on-street parking places.

    1. I’ve seen an advert for the jackall system in a pitman book from the 1920s. it had 4 hydraulic jacks powered off the car for changing wheels. you would have to modify it with rollers though.

  3. https://en.wikipedia.org/wiki/Quadrasteer
    GM quadrasteer did it earlier. there’s been varying degree’s of 4-wheel/rear-wheel steering over the years before that, most notably in japanese sports cars to improve cornering capability, with GM’s version being one of the latest and most comprehensive put into production. most of the sports car variations only allowed the wheels to ‘turn’ a few degrees.

    just this year, toyota patented a 4-wheel steering system as well that would compare, and slightly exceed the capabilities of GM’s system by allowing wheels to be independently turned in either direction. but no production announcements yet.
    https://drivetribe.com/p/toyota-has-patented-a-radical-new-VlfYGisATQ60FZcl8ZeEAQ?iid=ZOfvOZB-SHiVVBzVTzRn4Q

    the japanese sports car systems never caught on, or got past being a high end novelty to most, and GM’s system never caught on much either despite appealing to an entirely different demographic, even at only $1,000 added cost to MSRP to the trucks. the added complexity ultimately doomed itself. many owners locked the system straight later, or converted back to a normal rear solid axle after system maintenance costs started looming over any possible advantage that the system had.

    given the current rate, i’m watching for the Canadian Willock Swivel Frame to pop back into existence.
    https://www.macsmotorcitygarage.com/the-truck-with-a-hinge-in-the-middle-the-willock-swivel-frame/

  4. I have big doubts about the brute-force resistance of passwords composed of a group of chords.

    I consider the original article very poorly researched and lacking on technical details, and so I don’t think it’s worthy of being included on HaD’s links. It doesn’t mention how many different chords exist, and therefore what is the amount of entropy provided by each chord in a multi-chord password. Without knowing this, we can’t make any decisions on what is the minimum acceptable number of chords to have a brute force resistant password.

    A quote from the article:
    DMaj7|Fsus2!G#9
    According to kaspersky, this password requires 3261 centuries to be broken by a brute force attack. Compared to the previously tool-generated password, it has the same strength and the same length. However, it is much easier to remember, at least in my opinion.

    Kaspersky’s password checker considers a “regular” brute force program that is trying any combination of characters or common words. It obviously doesn’t try a list of chords. If people start generating chord-based passwords, brute force crackers would quickly add checking for this to their arsenal. It’s just a matter of adding another word list, consisting of all the possible chords (a word list of most common chords would be likely enough). The password mentioned above, with just two chords, would be cracked in a jiffy.

    I’m not a musician, but a quick check told me that there are more than 4000 chords, but around 70 “can cover most situations”. I am guessing people (especially non-musicians) would probably use chords from the “can cover most situations” list, not some extra special ones. The 2-chord password mentioned is just 4900 possible combinations, if using 70 chords, or 16 million combinations, if using the 4000 something.

    Let’s compare this proposed method with Diceware, a well-known method for generating passphrases using ordinary dice. For each word, the (6-sided) dice is rolled 5 times, a corresponding word is selected from a word list. That’s 7776 unique words, compared to 70 (or 4000+) chords. Now for the punch line, a quote: Originally, in 1995, Diceware creator Arnold Reinhold considered five words (64.6 bits [of entropy]) the minimal length needed by average users. However, in 2014 Reinhold started recommending that at least six words (77.5 bits [of entropy]) be used.

    Even if using all the 4000+ chords, you’d need to use 6 random chords to provide a password with around 72 bits entropy, and 7 chords if you want to beat the 6-word Diceware password.

    The method is usable, but it has to be applied in a proper way, otherwise there is a high risk of insecure passwords.
    Use the complete array of 4000+ chords listed in chord libraries, and randomly select 6-7 chords. It’s quite important for the selection to be random, don’t use a common pattern from a favorite tune.

    I really think most people would be much better off if they used a password manager to generate long and completely random passwords, a different one for every particular website or service. Then you just have to remember one (or a few) good passwords or passphrases for your password manager’s database(s). And use 2FA wherever it’s supported.

    1. If you use actual music, it’s a very, very small search space. Spelled-out words and chord progressions have very low entropy.

      If you use the works of Green Day, there are only three chords anyway. Ba-dum-tss!

      Problem is, now that this is on Hackaday, someone will write a Jack the Ripper algo for it, and the game is over.

      1. Unfortunately, this is very very true. Any password-creation scheme is only as secure as how few people know about it. It’s the O.G. “security through obscurity”… and it’s sadly a necessary evil. Even in the era of password managers and generators, there will always be use cases (system logins, sites and apps that explicitly disable both autofill and Ctrl-V, etc) where you have no choice but to hand-type, and thus remember, a password.

        1. I don’t quite get your point. Cryptographic algorithms are published and their details and implementations are out in the open. Their security comes from their intrinsic computational difficulty.
          Same goes with the password-creation. Sure, you can have insecure passwords that seem secure only until the method of their generation is revealed. And you can also have secure passwords, generated by well-publicized methods, such as Diceware.

          In places where I have to hand-type the password, I can still keep it in my password manager (KeePassXC). If my computer is not available, I can look the password up at any time with an app on my smartphone (Keepass2Android). For these hand-typing cases, it makes sense to choose a passphrase that is longer but doesn’t involve a lot of special characters. By the way, KeePassXC includes a password generator, and also a passphrase generator that uses Diceware word lists.

  5. Four wheel steering has some handling advantages for high performance cars, but the use cases for the Cybertruck won’t get much from that. The advantages that might have some real benefit are easier parking and making some trailer maneuvers simpler.

    The four motor option does not strike me as silly; I think it’s actually the direction that EVs will go in the future. Using separate motors for each drive wheel eliminates the need for mechanical differentials, replacing them instead with software that can be more flexible and possibly save weight. Two wheel drive EVs will have two motors and all wheel model drive models will have four. For me the surprise is that it has taken this long; I figured that companies making bespoke EVs (rather than adapting existing ICE designs) didn’t do that from day one. Rivian did; the R1S and R1T are quad motor vehicles.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.