The 4-20 MA Current Loop

July 19, 2017 by 114 Comments

The I/O capabilities built into most microcontrollers make it easy to measure the analog world. Say you want to build a data logger for temperature. All you need to do is get some kind of sensor that has a linear voltage output that represents the temperature range you need to monitor — zero to five volts representing 0° to 100°C, perhaps. Hook the sensor up to and analog input, whip up a little code, and you’re done. Easy stuff.

Now put a twist on it: you need to mount the sensor far from the microcontroller. The longer your wires, the bigger the voltage drop will be, until eventually your five-volt swing representing a 100° range is more like a one-volt swing. Plus your long sensor leads will act like a nice antenna to pick up all kinds of noise that’ll make digging a usable voltage signal off the line all the harder.

Luckily, industrial process engineers figured out how to deal with these problems a long time ago by using current loops for sensing and control. The most common standard is the 4-mA-to-20-mA current loop, and here we’ll take a look at how it came to be, how it works, and how you can leverage this basic process control technique for your microcontroller projects.

Continue reading “The 4-20 MA Current Loop”

This Week In Security: Default Passwords, Lock Slapping, And Mastodown

May 3, 2024 by 8 Comments

The UK has the answer to all our IoT problems: banning bad default passwords. Additionally, the new UK law requires device makers to provide contact info for vulnerability disclosures, as well as a requirement to advertise vulnerability fix schedules. Is this going to help the security of routers, cameras, and other devices? Maybe a bit.

I would argue that default passwords are in themselves the problem, and complexity requirements only nominally help security. Why? Because a good default password becomes worthless once the password, or algorithm leaks. Let’s lay out some scenarios here. First is the static default password. Manufacturer X makes device Y, and sets the devices to username/password admin/new_Complex_P@ssword1!. Those credentials make it onto a default password list, and any extra security is lost.

What about those devices that have a different, random-looking password for each device? Those use an algorithm to derive that password from the MAC address and/or serial number. That may help the situation, but the algorithm can be retrieved from the firmware, and most serial numbers are predictable in one way or another. This approach is better, but not a silver bullet.

So what would a real solution to the password problem look like? How about no default password at all, but no device functionality until the new password passes a cracklib complexity and uniqueness check. I have seen a few devices that do exactly this. The requirement for a disclosure address is a great idea, which we’ve talked about before regarding the similar EU legislation.

Continue reading “This Week In Security: Default Passwords, Lock Slapping, And Mastodown”

The IMac GPU Becomes Upgradeable, With PCIe

October 23, 2023 by 11 Comments

Over its long lifetime, the Apple iMac all-in-one computer has morphed from the early CRT models through those odd table-lamp machines into today’s beautiful sleek affairs. They look pretty, but is there anything that can be done to upgrade them? Maybe not today’s ones, but the models from the mid-2000s can be given some surprising new life. [LowEndMac] have featured a 2006 24″ model that’s received a much more powerful GPU, something we’d have thought to be impossible.

The iMacs from that era resemble a monitor with a slightly chunkier back, in which resides the guts of the computer. By then the company was producing machines with an x86 processor, and their internals share a lot of similarities with a laptop of the period. The card is a Mac Radeon model newer than the machine would ever be used with, and it sits in a chain of mini PCIe to PCIe adapters. Even then it can’t drive the original screen, so a replacement panel and power supply are taken from another monitor and grafted into the iMac case. This along with a RAM and SSD upgrade makes this about the most upgraded a 2006 iMac could be.

Of course, another approach is to simply replace the whole lot with an Intel NUC.

Mark Your Calendars, NASA Is Holding A Public Meeting On UFOs

May 15, 2023 by 22 Comments

We’re sorry, the politically correct term these days is “unidentified anomalous phenomena” (UAP), as it’s less likely to excite those with a predilection for tinfoil hats. But whether you call them flying objects or anomalous phenomena, it’s that unidentified part that has us interested.

Which is why we’ll be tuned into NASA TV at 10:30 a.m. EDT on May 31 — that’s when the agency has announced they’ll be broadcasting a meeting of an independent study team tasked with categorizing and evaluating UAP data. The public can even submit their own questions, the most popular of which will be passed on to the team.

Before you get too excited, the meeting is about how NASA can “evaluate and study UAP by using data, technology, and the tools of science”, and the press release explains that they won’t be reviewing or assessing any unidentifiable observations. So if you’re hoping for the US government’s tacit acknowledgment that we’re not alone in the universe, you’ll probably be disappointed. That said, they wouldn’t have to assemble a team to study these reports if they were all so easily dismissed. As always, interstellar visitors are dead last on the list of possible explanations, but some cases have too much hard evidence to be dismissed out of hand. They might not be little green men, but they are something.

Continue reading “Mark Your Calendars, NASA Is Holding A Public Meeting On UFOs”

This Week In Security: GoDaddy, Joomla, And ClamAV

February 24, 2023 by 1 Comment

We’ve seen some rough security fails over the years, and GoDaddy’s recent news about a breach leading to rogue website redirects might make the highlight reel. The real juicy part is buried on page 30 of a PDF filing to the SEC.

Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.

That multi-year campaign appears to goes back to at least October 2019, when an SSH file was accessed and altered, leading to 28,000 customer SSH usernames and passwords being exposed. There was also a 2021 breach of the GoDaddy WordPress environment, that has been linked to the same group.

Reading between the lines, there may be an implication here that the attackers had an ongoing presence in GoDaddy’s internal network for that entire multi-year period — note that the quote above refers to a single campaign, and not multiple campaigns from the same actor. That would be decidedly bad.

Joomla’s Force Persuasion

Joomla has a critical vulnerability, CVE-2023-23752, which is a trivial information leak from a web endpoint. This flaw is present in all of the 4.x releases, up to 4.2.8, which contains the fix. The issue is the Rest API, which gives access to pretty much everything about a given site. It has an authentication component, of course. The bypass is to simply append ?public=true. Yes, it’s a good old “You don’t need to see his identification” force suggestion.

There’s even a PoC script that runs the request and spits out the most interesting data: the username, password, and user id contained in the data. It’s not quite as disastrous as that sounds — the API isn’t actually leaking the administrative username and password, or even password hash. It’s leaking the SQL database information. Though if your database is accessible from the Internet, then that’s pretty much as bad as it could be. Continue reading “This Week In Security: GoDaddy, Joomla, And ClamAV”

FPS Game Engine Built In Ancient Macintosh HyperCard Software

January 27, 2023 by 14 Comments

Wolfenstein 3D and Doom are great examples of early FPS games. Back in that era, as Amiga was slowly losing its gaming supremacy to the PC, Apple wasn’t even on the playing field. However, [Chris Tully] has used the 90s HyperCard platform to create an FPS of his own, and it’s charming in what it achieves.

If you’re not familiar with it, HyperCard was a strange combination of database, programming language, and graphical interface system all rolled into one. It made developing GUI apps for the Macintosh platform simpler, with some limitations. It was certainly never intended for making pseudo-3D video games, but that just makes [Chris’s] achievement all the more impressive.

At this stage, [Chris’s] game doesn’t feature any NPCs, weapons, or items yet. It’s thus more of a First Person Walker than First Person Shooter. It features four small rooms with perpendicular, vertical walls, rendered either greyscale or 8-bit color. Now that he’s got the basic engine running, [Chris] is looking to recreate a bit of a Doom RPG experience, rather than copying Doom itself. He hopes to add everything from monsters to weapons, lava, and working HUD elements. If you want to dive in to the code, you can – HyperCard “stacks”, as they’re known, are made up of readily editable scripts.

[Chris] built the project to celebrate the aesthetic and limitations of the original Mac platform. While it could technically run on original hardware, it would run incredibly slowly. It currently takes several seconds to update the viewport on an emulated Mac Plus with 4MB of RAM. Thankfully, emulation on a modern PC can be sped up a lot to help the framerate.

We love seeing HyperCard pushed far beyond its original limits. We’ve seen it before, too, such as when it was used on a forgotten 90s Apple phone prototype. If you’ve been hacking away on retro software yourself, we’d love to see your projects on the tipsline!

Hello (Many Quantum) World(s)

February 17, 2022 by 9 Comments

Historically, the first program you write for a new computer language is “Hello World,” or, if you are in Texas, “Howdy World.” But with quantum computing on the horizon, you need something better. Like “Hello Many Worlds.” [IonQ] proposes what that looks like and then writes it in seven different quantum languages in a post you should check out.

Here’s the description of the simple program:

The basic quantum program we’ll write is simple. It creates a fully-entangled state between two qubits, and then measures this state. This state is sometimes called a Bell State, or Bell Pair, after physicist John Stewart Bell.

The measurement results for this program should give us 0 for both qubits or 1 for both qubits, in equal amounts. When running these, we’ll be able to tell that we’re running on real hardware because that’s not always what we get! These errors are what currently limit quantum computers, but the first steps to overcome this with quantum error correction have already begun.

Continue reading “Hello (Many Quantum) World(s)”