Inside Two-Factor Authentication Apps

October 16, 2017 by Elliot Williams 66 Comments

Passwords are in a pretty broken state of implementation for authentication. People pick horrible passwords and use the same password all over the place, firms fail to store them correctly and then their databases get leaked, and if anyone’s looking over your shoulder as you type it in (literally or metaphorically), you’re hosed. We’re told that two-factor authentication (2FA) is here to the rescue.

Well maybe. 2FA that actually implements a second factor is fantastic, but Google Authenticator, Facebook Code Generator, and any of the other app-based “second factors” are really just a second password. And worse, that second password cannot be stored hashed in the server’s database, which means that when the database is eventually compromised, your “second factor” blows away with the breeze.

Second factor apps can improve your overall security if you’re already following good password practices. We’ll demonstrate why and how below, but the punchline is that the most popular 2FA app implementations protect you against eavesdropping by creating a different, unpredictable, but verifiable, password every 30 seconds. This means that if someone overhears your login right now, they wouldn’t be able to use the same login info later on. What 2FA apps don’t protect you against, however, are database leaks.

Continue reading “Inside Two-Factor Authentication Apps” →

Happy Ada Lovelace Day!

October 10, 2017 by Elliot Williams 74 Comments

Today is Ada Lovelace Day, a day to celebrate and encourage women in the fields of science and technology. The day is named after Augusta Ada King-Noel, Countess of Lovelace, born Byron. (You can see why we just call her Ada Lovelace.) She was a brilliant mathematician, and the writer of what’s probably the first real computer program — it computed the Bernoulli series. At least according Charles Babbage, in correspondence to Michael Faraday, she was an “enchanted math fairy”. Not only a proto-coder, she wrote almost all of the existing documentation about Babbage’s computation engine. She’s a stellar example of a brilliant and unique individual. If you were looking for a superhero to represent women in science and tech, Ada’s a good pick.

In our minds, she gets stiff competition from Marie Curie. Curie did fundamental research on radioactivity, is one of two people with Nobel Prizes in two different sciences, and got to name the two elements that she discovered. 2011 was the Year of Marie Curie in France and Poland. She has her own year in addition to her own unit. Even Spiderman doesn’t have those radioactive super powers!

Don’t Need Another Hero?

But on a day dedicated to getting more women into the technical arts, it’s also a little bit daunting to pick Lovelace or Curie as a symbol. Are you ever going to have something that equals “first computer program” or “two Nobel Prizes” on your résumé? We aren’t. It’s great to have heroes, but maybe we need more than just heroes — we also need mentors.

Continue reading “Happy Ada Lovelace Day!” →

Who Owns Arduino?

October 5, 2017 by Elliot Williams 67 Comments

Who owns Arduino? We don’t mean metaphorically — we’d say that’s the community of users and developers who’ve all contributed to this amazing hardware/software ecosystem. We mean literally. Whose chips are on the table? Whose money talks? It looks like ARM could have a stake!

The Arduino vs Arduino saga “ended” just under a year ago with an out-of-court settlement that created a private holding company part-owned by both parties in the prior dispute over the trademark. And then, [Banzi] and the original founders bought out [Musto]’s shares and took over. That much is known fact.

The murky thing about privately held companies and out-of-court settlements is that all of the details remain private, so we can only guess from outside. We can speculate, however, that buying out half of the Arduino AG wasn’t cheap, and that even pooling all of their resources together, the original founders just didn’t have the scratch to buy [Musto] out. Or as the Arduino website puts it, “In order to make [t]his a reality, we needed a partner that would provide us with the resources to regain full ownership of Arduino as a company… and Arm graciously agreed to support us to complete the operation.” That, and the rest of the Arduino blog post, sure looks like ARM provided some funds to buy back Arduino.

We reached out to [Massimo Banzi] for clarification and he replied:

“Hi arm did not buy nor invest in arduino. The founders + Fabio Violante still own the company. As I wrote in the blog post we are still independent, open source and cross platform.”

We frankly can’t make sense of these conflicting statements, at least regarding whether ARM did or didn’t contribute monetary resources to the deal. ARM has no press release on the deal as we write this. Continue reading “Who Owns Arduino?” →

Knitting ALUs (and Flipdots)

September 20, 2017 by Elliot Williams 6 Comments

[Irene Posch] is big into ~~knitted~~ fabric circuits. And while most of the textile circuits that we’ve seen are content with simply conducting enough juice to light an LED, [Irene]’s sights are set on ~~knittable~~ crafted arithmetic logic units (ALUs). While we usually think of transistors as the fundamental building-blocks of logic circuits, [Irene] has developed what is essentially a ~~knit~~ crochet relay. Be sure to watch the video after the break to see it in construction and in action.

The basic construction is a coil of conductive thread that forms an electromagnet, and a magnetic bead suspended on an axle so that it can turn in response to the field. To create a relay, a flap of knit conductive thread is attached to the bead, which serves as the pole for what’s essentially a fabric-based SPDT switch. If you’ve been following any of our relay-logic posts, you’ll know that once you’ve got a relay, the next step to a functioning computer is a lot of repetition.

How does [Irene] plan to display the results of a computation? On knit-and-bead flipdot displays, naturally. Combining the same electromagnet and bead arrangement with beads that are painted white on one side and black on the other yields a human-readable one-bit display. We have an unnatural affinity for flipdot displays, and making the whole thing out of fabric-store components definitely flips our bits.

Anyway, [Irene Posch] is a textile-tech artist who you should definitely be following if you have any interest in knittable computers. Have you seen anything else like this? Thanks [Melissa] for the awesome tip!

Continue reading “Knitting ALUs (and Flipdots)” →

Hackaday’s London Meetup Was A Corker

September 18, 2017 by Elliot Williams 15 Comments

Upstairs at the Marquis Cornwallis pub in central London, around 75 Hackadayers convened, ate well, drank well, and were generally merry. Nearly everyone in attendance brought a hack with them, which meant that there was a lot to see in addition to all that socializing to be done.

I spoke with a huge number of people who all said the same thing: that it was fantastic to put faces to the names of the writers, hackers, and other readers. As a writer, I finally got to meet in person some of the people who’ve produced some of my favorite hacks, in addition to most that were totally new to me. I can’t say how often I heard “Oh you’re the person behind that project. I loved that one.” A real sense of the Hackaday community was on display. Continue reading “Hackaday’s London Meetup Was A Corker” →

Piezomagnetic Trick Shrinks 2.5 GHz Antennas

September 15, 2017 by Elliot Williams 20 Comments

To a ham radio operator used to “short”-wave antennas with lengths listed in tens of meters, the tiny antennas used in the gigahertz bands barely even register. But if your goal is making radio electronics that’s small enough to swallow, an antenna of a few centimeters is too big. Physics determines plausible antenna sizes, and there’s no way around that, but a large group of researchers and engineers have found a way of side-stepping the problem: resonating a nano-antenna acoustically instead of electromagnetically.

Normal antennas are tuned to some extent to the frequency that you want to pick up. Since the wavelength of a 2.5 GHz electromagnetic wave in free space is 120 cm mm, most practical antennas need a wire in the 12-60 cm mm range to bounce signals back and forth. The trick in the paper is to use a special piezomagnetic material as the antenna. Incoming radio waves get quickly turned into acoustic waves — physical movement in the nano-crystals. Since these sound waves travel a lot slower than the speed of light, they resonate off the walls of the crystal over a much shorter distance. A piezoelectric film layer turns these vibrations back into electrical signals.

Ceramic chip antennas use a similar trick. There, electromagnetic waves are slowed down inside the high-permittivity ceramic. But chip antennas are just slowing down EM waves, whereas the research demonstrated here is converting the EM to sound waves, which travel many orders of magnitude slower. Nice trick.

Granted, significant material science derring-do makes this possible, and you’re not going to be fabricating your own nanoscale piezomagnetic antennas any time soon, but with everything but the antenna getting nano-ified, it’s exciting to think of a future where the antennas can be baked directly into the IC.

Thanks [Ostracus] for the tip in the comments of this post on antenna basics. Via [Science Magazine].

Bodging On More Flash Memory

September 10, 2017 by Elliot Williams 32 Comments

[Curmudegeoclast] found himself running out of flash memory on a Trinket M0 board, so he decided to epoxy and fly-wire a whopping 2 MB of extra flash on top of the original CPU.

We’ll just get our “kids these days” rant out of the way up front: the stock SAMD21 ARM chip has 256 kB (!) of flash to begin with, and is on a breakout board with only five GPIO pins, for a 51 kB / pin ratio! And now he’s adding 2 MB more? That’s madness. The stated reason for [Curmudegeoclast]’s exercise is MicroPython, which takes up a big chunk of flash just for the base language. We suspect that there’s also a fair amount of “wouldn’t it be neat?” in the mix as well. Whatever.

The hack is a classic. It starts off with sketchy wires soldered to pins and breadboarded up with a SOIC expander board. Following that proof of concept, some degree of structural integrity is brought to the proceedings by gluing the flash chip, dead-bug, on top of the microcontroller. We love the (0805?) SPI pullup resistor that was also point-to-point soldered into place. We would not be able to resist the temptation to entomb the whole thing in hot glue for “long-term” stability, but there are better options out there, too.

This hack takes a minimalist board, and super-sizes it, and for that, kudos. What would you stuff into 2 MB of free flash on a tiny little microcontroller? Any of you out there using MicroPython or CircuitPython care to comment on the flash memory demands? 256 kB should be enough for anyone.