Hackaday Links: August 20, 2023

Hackaday Links Column Banner

In some ways, we’ve become a little jaded when it comes to news from Mars, which almost always has to do with the Ingenuity helicopter completing yet another successful flight. And so it was with the report of flight number 54 — almost. It turns out that the previous flight, which was conducted on July 22, suffered a glitch that cut the flight short by forcing an immediate landing. We had either completely missed that in the news, or NASA wasn’t forthcoming with the news, perhaps until they knew more. But the details of the error are interesting and appear related to a glitch that happened 46 flights before, way back in May of 2021, that involves dropped frames from the video coming from the helicopter’s down-facing navigational camera. When this first cropped up back on flight six, it was only a couple of missed frames that nearly crashed the craft, thanks to confusion between the video stream and the inertial data. Flight engineers updated the aircraft’s software to allow for a little more flexibility with dropped frames, which worked perfectly up until the aborted flight 53.

The report doesn’t say how many frames were dropped this time, but it was more than the threshold that was added in the software update, which triggered the “LAND_NOW” program — which clearly deserves the all-caps treatment — to run and forced the helicopter down to safety. They’re still giving the machine a thorough checkup, including flight 54, a brief “up-and-down” hop to generate data the team can use to find out what was going on. We’ll be keeping a close eye on this — Ingenuity doesn’t owe us anything at this point, but we’d sure hate to say goodbye right now.

Speaking of diagnostics, San Francisco’s fleet of robotaxis seems to be much in the news lately, and sadly, not much of it seems to be good. First, we spotted a report of an autonomous Chevy Bolt EV from ride-hailing company Cruise running very afoul of a semi-truck (presumably ICE and human-driven) in a most embarrassing way. The semi seems to have been trying to negotiate a left turn from a main thoroughfare onto a narrower side street, which often requires the driver to swing very wide to the right and basically block the entire roadway briefly. The robotaxi apparently was having none of this, though, and plunged right on, only to be smooshed by the trailer. Now, we’re not saying that this wouldn’t have happened if a human had been driving the Bolt — accidents like this happen all the time. But this seems like one of those edge cases where human emotions, namely the fear of large, heavy things moving close to you, would tend to keep a human driver at a safe distance until the truck completed the questionably legal turn. It’s hard to see how you can program the same sense of self-preservation into autonomous vehicles, and it seems like we may be seeing the results of that here.

Also from San Francisco come reports of people hailing driverless taxis for something other than the ride. We’ll let you read the article, but it seems safe to say that, despite having huge windows and cameras all over the place, some people feel like the lack of a human driver in the front seat and a couple of minutes to spare is all the excuse you need to get freaky. So next time you decide to hail a robotaxi, maybe bring along some wet wipes.

We ran across an interesting article on a talk that came from the bomb-scare-shortened DEF CON last week on the risks of ANSI escape sequences. If you’re unfamiliar with ANSI escapes, they make things like text highlighting on command lines possible. They’re immensely useful because they increase the legibility of an otherwise monochrome terminal session by giving you visual clues that make things stand out from the wall-of-text look. But being simple ASCII character sequences, it’s possible to craft an exploit that will insert ANSI escapes into a system’s log files and have arbitrary code executed when an admin runs the log through something like cat or grep. We’re not sure how practical this attack would be, or if there are any examples of ANSI escape exploits in the wild, but it does sound pretty devious.

Finally, here are two cool videos for your enjoyment. The first is a graphical representation of a coronal mass ejection (CME) in 2014 and how it interacted with different spacecraft as it blasted out from the Sun and into space. The CME started on October 14 and was detected by instruments aboard spacecraft sprinkled across the solar system from Venus to Pluto within a matter of months. The passing wave of charged particles also interacted with the Curiosity rover on the surface of Mars, and eventually even managed to catch up with Voyager 2 by March. That last one is a little humbling — after all, Voyager 2 left Earth in 1977, and the Sun caught up to it in just 153 days.

And finally finally — shoulda used a 555, and they did:

But does it bother anyone else that they’ve got this poor chip walking backward?

14 thoughts on “Hackaday Links: August 20, 2023

  1. ANSI (or in this case pre-ANSI) escape sequences were discovered to be a vulnerability 50 years ago, when I was in college. The school had a PDP-10 timesharing system that originally had an ASR-33 for the system console, which was replaced by a Hazeltine 2000 display terminal. We figured in the late one night that if the operator left the console logged-in when they left for the evening, we could send a specially formatted “talk” message to the console that let us execute arbitrary commands at operator privilege level. The correct way to do this was arbitrary command. We used this exploit for several weeks to do things like boost the priority of our programs, remove CPU usage limits, copy the password file (they were not encrypted back then), etc. That ended when someone forgot the final clear screen sequence and the operator saw it the next morning. The solution was simple, switch the Hazeltine out for an ASR-33 long enough for them to modify the talk command (and in other contexts, like email) to filter out all non-text sequences. This was passed back to DEC as a patch for all TOPS-10 and 20 systems.

    1. Sorry, the message got garbled due to use of angle brackets:

      [clear screen sequence] arbitrary command [position cursor to next line][send screen sequence][clear screen sequence]

  2. The 555 is obviously walking in the right direction. It’s a cyclops after all as evidenced by the one eye, and clearly the exit orifice is marked at the number one and number two end which appropriately come out the butt end.

  3. My first real “hack” used escape sequences on an Amiga BBS. The Excelsior! multiline BBS software had an internal markup language called IPL, and most IPL command were translated into ANSI escape sequences when they were sent to a user’s line. But there were a few others that didn’t map to ANSI, including one to insert an arbitrary delay. That’s the one I used, so this isn’t really an ANSI hack, but I figured I’d describe it here regardless.

    With delays, you can achieve the guard-time required by a Hayes modem to accept its own +++ escape sequence.

    Ordinarily, users on the BBS couldn’t edit IPL commands themselves; they existed “behind a veil” of sorts. But there was a plugin for the multiline chat module, that allowed users to change the colors of their nicknames in chat, by inserting IPL escape codes into the name field. But in another part of the board, the name field was user-editable.

    So I’d go to the Colorific plugin, set my name to a rainbow (plenty of IPL escapes to play with), then go to the other name editing field, delete everything but the IPL escapes, and add my commands back in.

    To run them, I’d pop into chat, whereupon my name (containing all the IPL code) would be sent to the line of everyone in chat, as part of displaying my entry message. So if I put (delay)+++(delay)ATH(enter), the BBS’s modems would hang up on all the chatters, including me.

    So the first thing I had to do was change the escape character on _my own_ modem from a + to something else, by using ATS2=65 for instance. (Do this by popping into a chat room with nobody else in it, so only my line gets the change-the-escape-character command, and now responds to (delay)AAA(delay) instead of + like everyone else’s lines. Then, go back and edit the command back to the ATH sequence, join the main chat room, and watch the board hang up on everyone but me.

    The sysop was none too pleased, but he was impressed, and convinced me to knock it off.

      1. Right you are, and it’s only part of the story.

        Because you see, the BBS software didn’t know the lines had been hung up. It expected to be in control of that process, and I had subverted that. Which meant the lines were still in an active session, as far as the software was concerned, and if I added a longer string of commands to my “name”, I could make them do more fun stuff.

        Like dial out.

        The BBS lines were normal lines as far as the phone company was concerned, and indeed the BBS itself would occasionally originate calls to other boards to swap mail, or to set up a link system. So the lines could place calls. And since I was now controlling the modems, I could make them place calls.

        And if whoever answered the call happened to answer with a modem, they’d be dropped into the active logged-in session of whatever user had just been booted off.

        I’ll leave the rest to the reader’s imagination, but it was a fun couple of days before the sysop caught on.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.