Hackaday Links: March 3, 2024

Hackaday Links Column Banner

Who’d have thought that $30 doorbell cameras would end up being security liabilities? That’s the somewhat obvious conclusion reached by Consumer Reports after looking at some entry-level doorbell cameras available through the usual outfits and finding glaring security gaps which are totally not intentional in any way.

All these cameras appear to be the same basic hardware inside different enclosures, most supporting the same mobile app. Our favorite “exploit” for these cameras is the ability to put them into a pairing mode with the app, sometimes by pressing a public-facing button. Slightly more technically challenging would be accessing images from the app using the camera’s serial number, or finding file names being passed in plain text while sniffing network traffic. And that’s just the problems CR identified; who knows what else lurks under the covers? Some retailers have stopped offering these things, others have yet to, so buyer beware.

Speaking of our techno-dystopian surveillance state, if you’ve had it with the frustrations and expense of printers, has Hewlett-Packard got a deal for you. They want you to never own a printer again, preferring that you rent it from them instead. Their “All-In Plan” launched this week, which for $6.99 a month will set up up with an HP Envy inkjet printer, ink deliveries, and 24/7 tech support. It doesn’t appear that paper is included in the deal, so you’re on your own for that, but fear not — you won’t go through much since the entry-level plan only allows 20 prints per month. Plans scale up to 700 prints per month from an OfficeJet Pro for the low, low price of $36. The kicker, of course, is that your their printer has to be connected to the Internet, and HP can pretty much brick the thing anytime they want to. The terms of service also explicitly state that they’ll be sending your information to advertising partners, so that’ll be fun. This scheme hearkens back to the old pre-breakup days of AT&T, where you rented your phone from the phone company. That model made a lot more sense when the phone (probably) wasn’t listening in on everything you do. This just seems like asking for trouble.

“Enhance, enhance…” Credit: NASA/JPL-Caltech/LANL/CNES/IRAP/Simeon Schmauß

It’s been a while since Ingenuity‘s final rough landing on Mars permanently grounded the overachieving helicopter, long enough that it’s time for the post-mortem analyses to begin. The first photographic evidence we had was a shadowgram from one of the helicopter’s navigational cameras, showing damage to at least one of the rotor tips, presumably from contact with the ground. Then we were treated to a long-distance shot from Ingenuity‘s rover buddy Perseverance, which trained its MASTCAM instruments on the crash zone and gave us a wide view of its lonely resting place.

Now, geovisual design student [Simeon Schmauβ] has taken long shots made with the rover’s SuperCam instrument and processed them into amazingly detailed closeups, which show just how extensive the damage really is. One rotor blade sheared clean off on contact, flying 15 meters before gouging a hole in the regolith. Another blade looks to be about half gone, while the remaining two blades show the damaged tips we’ve already seen. That the helicopter is still on its feet given the obvious violence of the crash is amazing, as well as an incredible piece of luck, since it means the craft’s solar panel is pointing in roughly the right direction to keep it powered up.

You know things are getting weird in the world when the US government starts talking about memory-safe programming. That’s what happened this week, and we’re still trying to wrap our heads around this. Luckily, Maya Posch did an in-depth look at the proposal from the White House Office of the National Cyber Director — you know it’s important because “cyber” is right in the name. Her take is switching from C/C++ to inherently memory-safe languages wouldn’t really have that much of an impact, because not a lot of vulnerabilities are coming from that direction anymore. Granted, there was a time when CVEs that boiled down to buffer overflows were coming fast and furious, but most of those bugs seem to have been shaken out. Infosec pro [lcamtuf] largely seems to agree that memory safety issues are no longer low-hanging fruit, making the great point that the combination of PHP, SQL, and JavaScript has probably done far more damage than all the buffer overflow exploits ever found combined.

And finally, if you’ve got an hour to spare, you’d do worse than to spend it watching Animagraffs latest video, which is an up close and personal tour of the greatest airplane ever made: the SR-71 Blackbird (fight me). The 3D renders in this video are fantastic, and the level of detail, especially in the cockpit, is just astonishing. We never knew the Blackbird wasn’t a fly-by-wire plane; we just figured something that cool and futuristic-looking wouldn’t have cables and bellcranks connecting the stick and rudder pedals to the control surfaces. Sure, there are hydraulic actuators back on the elevons and rudders, and the mechanical mixer is a work of art, but the pilot being physically connected to the control surfaces is pretty amazing.

26 thoughts on “Hackaday Links: March 3, 2024

  1. Not surprisingly I’ve done both, I’ve read an excellent book on the big black bird, and seen one upclose. She lives at the museum that the Air Force has on their base in Ohio near where the Wright Brothers lived, and NCR was last known to be working.

    1. Somewhere on YouTube exists a video of the guy who designed the engines. He appears to maybe work at the museum, maybe not, and basically delivers a dissertation on the design and performance, seemingly off the cuff.
      I’m going to mess this up but: The engines have a totally analog computer built in that uses mechanical check valves and stuff and uses the flowing fuel itself! Anything else, like any electronics, would get way too hot.

  2. “We never knew the Blackbird wasn’t a fly-by-wire plane…”

    The SR-71 first flew in 1964, and its A-12 predecessor first flew in 1962. Would have been very early to have FBW.

  3. If you read the ars technica article (after agreeing that up to 99 or more ars-partners can access your data… IRONY ALERT), you’ll probably notice that even though the article is about cheap cameras from dubious sources, it turns out that all of the big players in the market are playing fast and loose with customer data and security.

    1. We’re on our Second Brother Laser Printer. Recently figured out it had an ethernet connection so its even on our network. Once in a great great while, like every other year, we need to reorder toner. Every five years it might need a drum. Its not in color but UPS has a color printer we can use if needed.

    1. I think thanks to HP and a few likeminded companies we reached a point where the vast majority of people are at the point where they will ‘never own a printer again’ by choice.
      People use PDF’s and digital stuff like that, and if they want a picture printed they go to the drugstore or some such and put a USB-stick or memory card in a printing machine.
      Even offices aren’t enthusiastic about owning printers and rather do things digital at this point I think.

  4. “The kicker, of course, is that your their printer has to be connected to the Internet, and HP can pretty much brick the thing anytime they want to.”

    Sounds like standard operating procedure to me.

    My HP laser printer worked for 10 years. Then after a forced update it suddenly would only print one page at a time. You could send it one page and it would print but send it three pages and it would print the first page over and over until it ran out of paper.

    The host computer could be any of multiple versions of windows, linux or android I tested.

  5. Epson’s EcoTank product line uses the opposite of HP’s business model:

    The printers are expensive, and that’s where they make their money, so the ink is dirt cheap.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.