Day: May 19, 2023

Custom Glove Guides Wearers’ Dreams

May 19, 2023 by 6 Comments

For as much advancement as humanity has made in modern medicine even in the last century alone, there’s still plenty we don’t understand about the human body. That’s particularly true of the brain, where something as common as dreams are the subject of active debate about their fundamental nature, if they serve any purpose, and where they originate. One research team is hoping to probe a little further into this mystery, and has designed a special glove to help reach a little deeper into the subconscious brain.

The glove, called Dormio, has a number of sensors and feedback mechanisms which researchers hope will help explore the connection between dreaming and creativity. Volunteers were allowed to take a nap while wearing the glove, which can detect the moment they began entering a specific stage of sleep. At that point, the device would provide an audio cue to seed an idea into the dreams, in this case specifically prompting the sleeper to think about trees. Upon awakening, all reported dreaming about trees specifically, and also demonstrated increased creativity in tests compared to control groups.

While this might not have the most obvious of implications, opening the brain up to being receptive of more creative ideas can have practical effects beyond the production of art or music. For example, the researchers are also investigating whether the glove can help individuals with post-traumatic stress disorder manage nightmares. From a technical perspective this glove isn’t much different from some other devices we’ve seen before, and replicating one to perform similar functions might be possible for most of us willing to experiment on ourselves.

This Week In Security: .zip Domains, Zip Scanning

May 19, 2023 by 17 Comments

The world may not be ready, but the .zip Top Level Domain (TLD) is here. It’s a part of the generic TLD category, which was expanded to allow applications for custom TLDs. Google has led the charge, applying for 101 such new TLDs, with .zip being one of the interesting ones. Public registration for .zip domains has been open for a couple weeks, and some interesting domains have been registered, like update.zip, installer.zip, and officeupdate.zip.

The obvious question to ask is whether this new TLD can be abused for scamming and phishing purposes. And the answer is yes, sure it can. One of the trickiest ways is to use the AT symbol @ in a URL, which denotes user info at the beginning of the URL. It usually is used to include a username and password, like http://username:password@192.168.1.1/. That is pretty obvious, but what about https://google.com@bing.com? Still looks weird. The catch that really prevents this technique being abused is that slashes are disallowed in user data, so a abusive URL like https://google.com∕gmail∕inbox@bing.com is right out.

Except, take a look at that last link. Looks like it has slashes in it, so it should take you to google, and ignore the AT symbol. But it doesn’t, it goes to Bing. You may have guessed, it’s Unicode shenanigans again. Those aren’t slashes, they’re U2215, the division slash. And that means that a .zip TLD could be really sneaky, if the apparent domain is one you trust. Continue reading “This Week In Security: .zip Domains, Zip Scanning”

Building A Giant Vacuum Tube Smart Lamp

May 19, 2023 by 12 Comments

Vacuum tubes are pretty, which is why they’re often showcased externally on exquisitely-expensive home Hi-Fi hardware. But if you just want to gaze at their beauty without making any noise, why not build this vacuum tube lamp from [Noel Törjék] instead?

[Noel] got into some creative reuse with this build, with the main body consisting of a bell jar and wooden bowls. The internal structure is then created from jar lids, wire, metal sheeting, steel rods, and galvanized wire mesh. Simple modelling techniques are used to assemble the internal parts of the “valve,” including the grid and the electrodes and so on. As for light, [Noel] employed a ZigBee LED driver that he could control over his smart home setup via a Philips Hue bridge.

The final result looks like an extra-large tube. Anyone who knows what it is will spot that it’s not a real one, but they’re also exactly the audience that will appreciate it for what it is. Everyone else will probably just think you’ve taken an interest in strange art-deco replica lighthouses. It’s not the first time we’ve seen replica valves around these parts, though, and we’re sure it won’t be the last!

North Korean Karaoke Machine Teardown

May 19, 2023 by 9 Comments

Karaoke is a very popular pastime in Seoul — there are venues where you can sing on a stage, sing in rooms with your friends, and even sing solo in coin-operated karaoke booths on the bullet train. Apparently it is also popular in North Korea as well — [Martyn Williams] of the North Korea Tech blog reported on an interesting teardown by web hacker [Will Scott]. It is the Tianchi v700 machine, a Chinese product tailored for North Korean users, obtained online back in 2020.

Unlike the karaoke machines encountered by this author in South Korea, the v700 form factor is a 19.5-inch Android tablet with touch-screen and all the necessary interfaces you’d expect: external video, speakers, and microphone, as well as WiFi and Ethernet for content upgrade and online payment systems. Not surprisingly, the connectivity aspects of the machine are not used in the North Korean model, but with a large catalog of pre-loaded music, it’s perfectly usable as a stand-alone device.

[Will] dug into the innards of the machine and discovered it was powered by an Allwinner ARM processor (seemingly the H6 V200, a quad-core ARM Cortex-A53). He also found it uses a swappable external disk to hold the songs, but all the files were encrypted. You can read more details in the blog post linked above, but eventually he was successful in decoding the disk and accessing the material.

The V700 consults both “/proc/cpuinfo” to learn the CPU serial number of the device it is on, and a binary file associated with the device file system structure as part of its method for determining its AES (Advanced Encryption Standard) key. It then ignores all of these device-specific items, and reverts back to a static key “87654321” stored in the binary.

All the songs on the disk were posted up on the Internet Archive. Check them out if you’re curious what North Korean karaoke songs sound and look like. One video that caught our attention was about CNC machines (see the video linked below the break). [Martyn] has been covering technology issues related to North Korea since 2011. In 2016, he learned after the fact that his website had been banned by the South Korean authorities. Believing this was in error, he appealed the ban and eventually prevailed in the courts. We wrote about some of [Will]’s research on consumer computing technology back in 2017 if you’re interested in learning more.

Continue reading “North Korean Karaoke Machine Teardown”