Day: April 28, 2023

Transistors That Grow On Trees

April 28, 2023 by 16 Comments

Modern technology is riddled with innovations that were initially inspired by the natural world. Velcro, bullet trains, airplanes, solar panels, and many other technologies took inspiration from nature to become what they are today. While some of these examples might seem like obvious places to look, scientists are peering into more unconventional locations for this transistor design which is both inspired by and made out of wood.

The first obvious hurdle to overcome with any electronics made out of wood is that wood isn’t particularly conductive, but then again a block of silicon needs some work before it reliably conducts electricity too. First, the lignin is removed from the wood by dissolving it in acetate, leaving behind mostly the cellulose structure. Then a conductive polymer is added to create a lattice structure of sorts using the wood cellulose as the structure. Within this structure, transistors can be constructed that function mostly the same as a conventional transistor might.

It might seem counterintuitive to use wood to build electronics like transistors, but this method might offer a number of advantages including sustainability, lower cost, recyclability, and physical flexibility. Wood can be worked in a number of ways once the lignin is removed, most notably when making paper, but removing the lignin can also make the wood relatively transparent as well which has a number of other potential uses.

Thanks to [Adrian] for the tip!

This Week In Security: Session Puzzling, Session Keys, And Speculation

April 28, 2023 by 7 Comments

Last week we briefly mentioned a vulnerability in the Papercut software, and more details and a proof of concept have been published. The vulnerability is one known as session puzzling. That’s essentially where a session variable is used for multiple purposes, or gets incorrectly set. In Papercut, it was possible to trigger the SetupCompleted class on a server that had already finished that initial setup process. And part of SetupCompleted validated the session of the current user. In a normal first-setup case, that might make sense, but as anyone could trigger that code, it allowed anonymous users to jump straight to admin.

The other half of the exploit leverages the “print script” feature, which lets admins write code that runs on printing. A simple java.lang.Runtime.getRuntime().exec('calc.exe'); does the trick to jump from web interface to remote code execution. The indicators of compromise are reasonable generic, including User "admin" logged into the administration interface. and Admin user "admin" modified the print script on printer "".. A Shodan search turns up around 1,700 Papercut servers accessible from the Internet, which prompts the painfully obvious observation that your internal print auditing solution’s web interface definitely should not be exposed online.

Apache Superset

Superset is a nifty data visualization tool for showing charts, graphs, and all sorts of pretty data sets on a dashboard. It also has some weirdness with using web sessions for user management. The session is stored on the user side in a cookie, signed with a secret key. This works great, unless the key used is particularly weak. And guess what, the default configuration of Superset uses a pre-populated secret key. thisismysecretkey is arguably a bad key to start with, but it turns out it’s also shared by more than 70% of the accessible Superset servers.

Continue reading “This Week In Security: Session Puzzling, Session Keys, And Speculation”

Checking Out And Reviving A Batch Of Used Floppy Disks

April 28, 2023 by 29 Comments

With the last manufacturer of 3.5″ floppy disks (FDs) having shut down in 2010, those who are still using this type of storage medium for production and/or retrocomputing purposes have to increasingly rely on a dwindling stack of new old stock, or the used market. With the purported unreliability of this type of magnetic media in mind, what are the chances of a box of used FDs — whether DD or HD format — still working in 2023? That’s the question which [VWestLife] set out to answer in a recent video when he bought a stash of these real-life save icons in 720 kB format from eBay.

To his delight, he found that he could read most of the disks without issues, revealing contents that had been on there since the 1990s. All but four also could be formatted without issues, the problematic disks reported bad sectors, which was a bit of a bummer. As a practical demonstration of how fun magnetic media is, he then proceeded to try and fix these four disks with a bulk eraser tool. This is a rather brute-force tool that uses a rapidly fluctuating electromagnetic field to scramble the bits on magnetic media.

As the cause of reported bad sectors and other issues can be due to sector alignment issues from years of constant writing by different drives, this may sometimes fix a disk. In this case one of the bad disks was fixed, while a second still showed bad sectors while the remaining two refused to format at all. Assuming one can get a box of old FDs for cheap and has a few hours to kill, it’s not a bad way to refill that stack of empty FDs.

Of course if you can’t fix that old floppy, you can always make an IR filter out of it.

Continue reading “Checking Out And Reviving A Batch Of Used Floppy Disks”

The Cheap And Available Microwave Playground

April 28, 2023 by 11 Comments

There’s something of a mystique about RF construction at the higher frequencies, it’s seen as a Black Art only practiced by elite wizards. In fact, UHF and microwave RF circuitry is surprisingly simple and easy to understand, and given the ready availability of low-noise block downconverters (LNBs) for satellite TV reception there’s even a handy source of devices to experiment on. It’s a subject on which [Polprog] has brought together a handy guide.

A modern LNB has some logic for selecting one of a pair of local oscillators and to use vertical or horizontal polarization, but remains otherwise a very simple device. There’s an oscillator, a mixer, and an RF amplifier, each of which uses microwave transistors that can with a little care be repurposed. The page demonstrates a simple transmitter, but it’s possible to create more powerful  devices by using the amplifier stage “in reverse”.

Meanwhile the oscillator can be moved by loading the dielectric resonators with PVC sleeving, and the stripline filters can even be modified with a fine eye for soldering and some thin wire. Keep an eye out in thrift stores and yard sales for old satellite dishes, and you can give it a go yourself. It’s a modern equivalent of the UHF tuner hacking enjoyed by a previous generation.