You Need More Weird

April 25, 2020 by Elliot Williams 61 Comments

What do you do when you need to solve a problem creatively? Me, I go for a walk, preferably in the woods. It’s about as far away from the desk and computer as possible, and somehow getting outside of the box that is my office helps me to think outside of the metaphorical box as well. Maybe it’s the fresh air, maybe it’s the exercise. Or maybe, it’s putting my physical head in a different (head)space that helps me to think differently.

Psychologists are finding that being outside, being an outsider, or even just being exposed to the straight-up strange can help you think weirder, that is, more creatively. That artists, authors, and other hyper-creative folks are often a little bit odd is almost a cliche. Think of the artists who did their best work while under the influence of drugs, mental illness, or drastic dislocations.

The good news is that you might not have to go so far. Psychologists are able to measure increases in creative problem solving simply by exposing people to weirdness. And you don’t have to go on a magic-mushroom trip to get there either. In one study, this was playing in an upside-down VR world before answering a questionnaire, for instance. Ray Wilson meant it tongue-in-cheek when he suggested that building a silly synthesizer would help you think, but who’s laughing now that science is backing him up?

So if you find yourself, as I do, stuck inside the same four walls, make sure that you break out of the box from time to time. Expose your brain to weird, for your own creativity’s sake. Make some time for a completely wacky project. And of course, read more Hackaday! (We’ve got weird.)

Researchers Break FPGA Encryption Using FPGA Encryption

April 23, 2020 by Elliot Williams 18 Comments

FPGAs are awesome — they can be essentially configured into becoming any computing device you want. Simply load your selected bitstream into the device on boot, and it behaves like a different piece of hardware. With great power comes great responsibility.

You might try to hack a given FPGA system by getting between the EEPROM that stores the bitstream and the FPGA during bootup, but FPGA manufacturers are a step ahead of you. Xilinx 7 series FPGAs have an onboard encryption and signing engine, and facilities for storing a secret key. Once the security bit is set, bitstreams coming in have to be encrypted to protect from eavesdropping, and HMAC-signed to assure that they are authentic. You can’t simply read the bitstream in transit or inject your own.

Researchers at Ruhr University Bochum and Max Planck Institute for Cybersecurity and Privacy in Germany have figured out a way to use the FPGA’s own encryption engine against itself to break both of these security guarantees for the entire mainstream 7-series. The attack abuses a MultiBoot function that allows you to specify an address to begin execution after reboot. The researchers send 32 bits of the encoded payload as a MultiBoot address, the FPGA decrypts it and stores it in a register, and then resets because their command wasn’t correctly HMAC signed. But because the WBSTAR register is meant to be readable on boot after reset, the payload is still there in its decrypted form. Repeat for every 32 bits in the bitstream, and you’re done.

Pulling off this attack requires physical access to the FPGA’s debug pins and up to 12 hours, so you only have to worry about particularly dedicated adversaries, but the results are catastrophic — if you can reconfigure an FPGA, you can make it do essentially anything. Security-sensitive folks, we have three words of consolation for you: “restrict physical access”.

What does this mean for Hackaday? If you’re looking at a piece of hardware with a hardened Xilinx 7-series FPGA in it, you’ll be able to use it, although it’s horribly awkward for debugging due to the multi-hour encryption procedure. Anyone know of a good side-channel bootloader for these chips? On the other hand, if you’re just looking to dig secrets out from the bitstream, this is a one-time cost.

This hack is probably only tangentially relevant to the Symbiflow team’s effort to reverse-engineer an open-source toolchain for this series of FPGAs. They are using unencrypted bitstreams for all of their research, naturally, and are almost done anyway. Still, it widens the range of applicability just a little bit, and we’re all for that.

[Banner image is a Numato Lab Neso, and comes totally unlocked naturally.]

A Jaw-Dropping Demo In Only 256 Bytes

April 21, 2020 by Elliot Williams 58 Comments

“Revision” is probably the Olympics of the demoscene. The world’s best tiny graphics coders assemble, show off their works, and learn new tricks to pack as much awesome into as few bytes as possible or make unheard-of effects on limited hardware. And of course, there’s a competition. Winning this year’s 256-byte (byte!) competition, and then taking the overall crowd favorite award, was [HellMood]’s Memories.

If you watch it in the live-stream from Revision, you’ll hear the crowd going (virtually) wild, and the announcer losing his grip and gasping for words. It’s that amazing. Not only are more effects put into 2⁸ bytes than we thought possible, but there’s a full generative MIDI score to go with it. What?!?

But almost as amazing is [HellMood]’s generous writeup of how he pulled it off. If you’re at all interested in demos, minimal graphics effects, or just plain old sweet hacks, you have your weekend’s reading laid out for you. [HellMood] has all of his references and influences linked in as well. You’re about to go down a very deep rabbit hole.

Continue reading “A Jaw-Dropping Demo In Only 256 Bytes” →

The Game That Launched 1,000 Hackers

April 18, 2020 by Elliot Williams 6 Comments

John Conway passed away this week. Even if you don’t know much about mathematics, you will probably know nearly everyone’s favorite cellular automata ruleset: Conway’s “Game of Life”. It’s so much a part of our cultural history, that proto-hacker Eric Scott Raymond suggested using the glider as the hacker emblem.

The idea that a very simple set of rules, applied equally and everywhere, could result in “life” was influential in my growth as a young hacker, and judging from the comments on our article about Conway, I’m not alone. But I won’t lie: I was a kid and thought that it could do much more than make pretty patterns on the screen. I was both right and wrong.

Although amazingly complex machines can be built in Conway’s Life, just check out this video for proof, in the end no grand unifying theory of cellular automata has emerged. As a research topic Conway’s chosen field of mathematics, cellular automata is a backwater. It didn’t really go anywhere. Or did it?

Implementing Conway’s Life in BASIC on a Tandy Color Computer was one of the first things that launched me on my geeky path. It ranks with MENACE: the matchbox-based machine learning algorithm from the 1960’s and an introduction to Markov Chains in the form of a random text generator in my young algorithmic life, all of which I incidentally read about in Martin Gardner’s column in “Scientific American”. Conway’s Life, along with some dumb horse-race game, also taught me about bad random-number generators: the screen would populate the same “randomly” every time on the old CoCo.

So maybe Conway didn’t want to be remembered just for his “Life” because it was a bit of a mathematical dead-end. But in terms of its impact on the world, an entire generation of hackers, and my own personal life, it was able to fill up significantly more than a screen full of pixels. Here’s to Conway, his “Life”, and everyone else who is inspiring the next. You’re not just gliders, you’re glider guns!

[Game of Life example shown in this article is John Conway’s Game of Life – 1.0 written in Python by Nick Jarvis and Nick Wayne]

Google And Apple Reveal Their Coronavirus Contact Tracing Plans: We Kick The Tires

April 16, 2020 by Elliot Williams 85 Comments

Google and Apple have joined forces to issue a common API that will run on their mobile phone operating systems, enabling applications to track people who you come “into contact” with in order to slow the spread of the COVID-19 pandemic. It’s an extremely tall order to do so in a way that is voluntary, respects personal privacy as much as possible, doesn’t rely on potentially vulnerable centralized services, and doesn’t produce so many false positives that the results are either ignored or create a mass panic. And perhaps much more importantly, it’s got to work.

Slowing the Spread

As I write this, the COVID-19 pandemic seems to be just turning the corner from uncontrolled exponential growth to something that’s potentially more manageable, but it’s not clear that we yet see an end in sight. So far, this has required hundreds of millions of people to go into essentially voluntary quarantine. But that’s a blunt tool. In an ideal world, you could stop the disease globally in a couple weeks if you could somehow test everyone and isolate those who have been exposed to the virus. In the real world, truly comprehensive testing is impossible, and figuring out whom to isolate is extraordinarily difficult due to two factors: COVID-19 has a long incubation period during which it is nonetheless transmissible, and some or even most people don’t know they have it. How can you stop what you can’t see, and even when you can detect it, it’s a week too late?

One promising approach is to isolate those people who’ve been in contact with known cases during the stealth contagion period. To do this is essentially to keep a diary of everyone you’ve been in contact with for the last week or two, and then if you eventually test positive for COVID-19, alert them all so that they can keep from infecting others even before they test positive: track and trace. Doctors can do this by interviewing patients who test positive (this is the “contact tracing” we’ve been hearing so much about), but memory is imperfect. Enter a technological solution. Continue reading “Google And Apple Reveal Their Coronavirus Contact Tracing Plans: We Kick The Tires” →

Can Solid Save The Internet?

April 4, 2020 by Elliot Williams 32 Comments

We ran an article on Solid this week, a project that aims to do nothing less than change the privacy and security aspects of the Internet as we use it today. Sir Tim Berners-Lee, the guy who invented the World Wide Web as a side project at work, is behind it, and it’s got a lot to recommend it. I certainly hope they succeed.

The basic idea is that instead of handing your photos, your content, and your thoughts over to social media and other sharing platforms, you’d store your own personal data in a Personal Online Data (POD) container, and grant revocable access to these companies to access your data on your behalf. It’s like it’s your own website contents, but with an API for sharing parts of it elsewhere.

This is a clever legal hack, because today you give over rights to your data so that Facebook and Co. can display them in your name. This gives them all the bargaining power, and locks you into their service. If instead, you simply gave Facebook a revocable access token, the power dynamic shifts. Today you can migrate your data and delete your Facebook account, but that’s a major hassle that few undertake.

Mike and I were discussing this on this week’s podcast, and we were thinking about the privacy aspects of PODs. In particular, whatever firm you use to socially share your stuff will still be able to snoop you out, map your behavior, and target you with ads and other content, because they see it while it’s in transit. But I failed to put two and two together.

The real power of a common API for sharing your content/data is that it will make it that much easier to switch from one sharing platform to another. This means that you could easily migrate to a system that respects your privacy. If we’re lucky, we’ll see competition in this space. At the same time, storing and hosting the data would be portable as well, hopefully promoting the best practices in the providers. Real competition in where your data lives and how it’s served may well save the Internet. (Or at least we can dream.)

COVID-19 Statistics: Reading The Tea Leaves

March 28, 2020 by Elliot Williams 63 Comments

If you’ve been tracking the spread of the COVID-19 pandemic around the world, as we have, you’ve doubtless seen a lot of statistics. The raw numbers look shocking, and in many cases they are, but as always it’s crucially important to ask yourself what the numbers mean.

For instance, our own Tom Nardi put together a counter that displays the total number of COVID-19 cases in the US. It’s a cool project that puts together some web-scraping, a nice OLED screen, and a 3D-printed network display. When this is all over, it can be easily re-trained to show some other statistic of interest, and it’s a great introduction to a number of web APIs. However, it’s looking at the wrong number.

Let me explain. Diseases spread exponentially: the more people who have it, the more people are spreading it. And exponential curves all look the same when you plot out their instantaneous values — the raw number of COVID-19 cases. Instead, what distinguishes one exponential from another is the growth parameter, and this is related to the number of new cases per day, or more correctly, to the day-to-day change in new cases.

If left unchecked, and especially in the early stages of spread, the number of new cases grows every day. But as control efforts, mainly social distancing, take effect, the rate at which the number of new cases can slow, or even go negative. That’s the plan, anyway.

As is very well explained by this video from 3 Blue, 1 Brown, if this were a naturally spreading epidemic, the point at which the new cases just starts to decline marks the halfway point in the course of the disease. Here, we’re hoping that particularly strict quarantining procedures will cut this run even shorter, but if you’re interested in how the disease is spreading, the point when daily new infections turns around is what you’re looking for.

Why not put the daily difference in new cases on your desktop, then? These numbers are noisy, and the difference jumps all around. To be serious, you would probably want to put a moving average on the new cases figure, and look at that difference. Or simply show the new cases instead and look for it to drop for a few days in a row.

Still, this won’t be a perfect measure. For starters, COVID-19 seems to incubate for roughly a week without symptoms. This means that whatever numbers we have, they’re probably a week behind the actual situation. We won’t see the effects of social distancing for at least a week, and maybe more.

Further complicating things is the availability of tests, human factors like weekends when more people get tested but fewer government reporting offices are open, timezones, etc. (What happened on Feb. 13?)

I’m not going to go so far as to say that the COVID-19 stats that we see are useless — actually far from it. But if you’re going to armchair quarterback this pandemic, do it right. Plot out the daily new cases, maybe apply a little smoothing, at least in your head, and realize that whatever you’re seeing now probably represents what happened last week.

When you finally see the turning point, you may celebrate a little, because that means the halfway point was a week ago. We’ve seen it happen in China around Feb 2, and I’m looking forward to it happening here. I hope it happens wherever you are, and soon.

We will get through this. Stay safe, all. And keep yourself uninfected to keep others uninfected.