DNS-over-HTTPS Is The Wrong Partial Solution

Openness has been one of the defining characteristics of the Internet for as long as it has existed, with much of the traffic today still passed without any form of encryption. Most requests for HTML pages and associated content are in plain text, and the responses are returned in the same way, even though HTTPS has been around since 1994.

But sometimes there’s a need for security and/or privacy. While the encryption of internet traffic has become more widespread for online banking, shopping, the privacy-preserving aspect of many internet protocols hasn’t kept pace. In particular, when you look up a website’s IP address by hostname, the DNS request is almost always transmitted in plain text, allowing all the computers and ISPs along the way to determine what website you were browsing, even if you use HTTPS once the connection is made.

The idea of also encrypting DNS requests isn’t exactly new, with the first attempts starting in the early 2000s, in the form of DNSCrypt, DNS over TLS (DoT), and others. Mozilla, Google, and a few other large internet companies are pushing a new method to encrypt DNS requests: DNS over HTTPS (DoH).

DoH not only encrypts the DNS request, but it also serves it to a “normal” web server rather than a DNS server, making the DNS request traffic essentially indistinguishable from normal HTTPS. This is a double-edged sword. While it protects the DNS request itself, just as DNSCrypt or DoT do, it also makes it impossible for the folks in charge of security at large firms to monitor DNS spoofing and it moves the responsibility for a critical networking function from the operating system into an application. It also doesn’t do anything to hide the IP address of the website that you just looked up — you still go to visit it, after all.

And in comparison to DoT, DoH centralizes information about your browsing in a few companies: at the moment Cloudflare, who says they will throw your data away within 24 hours, and Google, who seems intent on retaining and monetizing every detail about everything you’ve ever thought about doing.

DNS and privacy are important topics, so we’re going to dig into the details here. Continue reading “DNS-over-HTTPS Is The Wrong Partial Solution”

The Long History Of Fast Reactors And The Promise Of A Closed Fuel Cycle

The discovery of nuclear fission in the 1930s brought with it first the threat of nuclear annihilation by nuclear weapons in the 1940s, followed by the promise of clean, plentiful power in the 1950s courtesy of nuclear power plants. These would replace other types of thermal plants with one that would produce no exhaust gases, no fly ash and require only occasional refueling using uranium and other fissile fuels that can be found practically everywhere.

The equipment with which nuclear fission was experimentally proven in 1938.

As nuclear reactors popped up ever faster during the 1950s and 1960s, the worry about running out of uranium fuel became ever more present, which led to increased R&D in so-called fast reactors, which in the fast-breeder reactor (FBR) configuration can use uranium fuel significantly more efficiently by using fast neutrons to change (‘breed’) 238U into 239Pu, which can then be mixed with uranium fuel to create (MOX) fuel for slow-neutron reactors, allowing not 1% but up to 60% of the energy in uranium to be used in a once-through cycle.

The boom in uranium supplies discovered during the 1970s mostly put a stop to these R&D efforts, with some nations like France still going through its Rapsodie, Phénix and SuperPhénix designs until recently finally canceling the Generation IV ASTRID demonstrator design after years of trying to get the project off the ground.

This is not the end of fast reactors, however. In this article we’ll look at how these marvels of engineering work and the various fast reactor types in use and under development by nations like Russia, China and India.

Continue reading “The Long History Of Fast Reactors And The Promise Of A Closed Fuel Cycle”

Saying Farewell To Another B-17 And Its Crew

The harsh reality of keeping historical airplanes airworthy and flying is that from time to time one will crash. Thus it was that on October 2nd a Boeing B-17 Flying Fortress crash-landed after technical troubles. Incidentally, this is the very same airplane which we covered only a number of days ago. Painted to look like another B-17 of WWII (Nine-o-Nine, variant B-17G-30-BO), this late-model B-17G-85-DL aircraft wasn’t finished in time to join World War II, but instead spent its 74 years being a flying museum to these amazing airplanes.

Details about the cause of the crash are still scarce, but from radio communication between the crew and tower, it’s understood the B-17 was having having issues with the number 4 engine, which was seen sputtering and smoking by a witness. The airplane’s pilots tried to perform an emergency landing at Bradley International Airport, Connecticut, where it had taken off from only moments ago. Unfortunately the aircraft ran off the runway and struck a building, after which it burst into flames. The NTSB has indicated that they have dispatched a team to investigate the crash, and say that a preliminary report is likely two weeks away.

Of the thirteen people on board, seven died, with the remaining six surviving with injuries. One person on the ground was injured as well. The vintage bomber (civilian registration number N93012) has been all but completely destroyed in the fire, with only a section of the wing and tail remaining recognizable.

We feel terrible about such loss of life and hope the injured make a speedy recovery. The loss of yet another B-17 is also tough to swallow, as this leaves just ten airworthy B-17s. How long until we say farewell to this part of our history, with the final flight of a B-17, or its kin?

(Thanks to Pez for this update)

Using PoE With A Raspberry Pi 3 For About Two Bucks

When the Raspberry Pi 3 Model B+ was announced in March of 2018, one of its new features was the ability to be (more easily) powered via Power-over-Ethernet (PoE), with an official PoE HAT for the low price of just twenty-one USA bucks. The thing also almost worked as intended the first time around. But to some people this just isn’t good enough, resulting in [Albert David] putting out a solution he calls “poor man’s PoE” together for about two bucks.

His solution makes it extra cheap by using so-called passive PoE, which injects a voltage onto the conductors of the network cable being used for PoE, without bothering with any kind of handshake. In general this is considered to be a very reliable (albeit non-standard) form of PoE that works great until something goes up in smoke. It’s also ridiculously cheap, with a PoE injector adapter (RJ-45 plug & 2.1×5.5 mm power jack to RJ-45 jack) going for about 80 cents, and a DC-DC buck converter that can handle the input of 12V for about 50 cents.

The rest of the $2 budget is mostly spent on wiring and heatshrink, resulting in a very compact PoE solution that plugs straight into the PoE header on the Raspberry Pi 3 board, with the buck converter outputs going into the ground and +5V pins on the Raspberry Pi’s GPIO header.

A fancier solution would implement any of the standard PoE protocols to do the work of negotiating a suitable voltage. Maybe this could be the high-tech, $5 solution featuring an MCU and a small PCB?

When Your Car Breaks Down, Simply Hack It Into A Simulator

When [Nishanth]’s Subaru BRZ came to a sudden halt, he was saddened by the wait to get a new engine installed. Fortunately, he was able to cheer himself up by hacking it into a car simulator in the mean time. This would have the added benefit of not being limited to just driving on the Road Atlanta where the unfortunate mishap occurred, but any course available on Forza and similar racing games.

On paper it seemed fairly straight-forward: simply tap into the car’s CAN bus for the steering, throttle, braking and further signals, convert it into something a game console or PC can work with and you’re off to the races. Here the PC setup is definitely the cheapest and easiest, with a single part required: a Macchina M2 Under the Dash kit ($97.50). The XBox required over $200 worth of parts, including the aforementioned Macchina part, an XBox Adaptive Controller and a few other bits and pieces. And a car, naturally.

https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fd49697c6-29ae-4b4d-a27b-e2da019d32de%2FUntitled.png?table=block&id=ed4e1bf2-91c6-4494-8e0f-f10964620869&width=5120&cache=v2

The Macchina M2 is the part that listens to the CAN traffic via the OBD2 port, converting it into something that resembles a USB HID gamepad. So that’s all a matter of plug’n’play, right? Not so fast. Every car uses their own CAN-based system, with different peripherals and addresses for them. This means that with the Macchina M2 acquired, [Nishanth]’s first task was to reverse-engineer the CAN signals for the car’s controls.

At this point the story is pretty much finished for the PC side of things, but the XBox One console is engineered to only accept official peripherals. The one loop-hole here is the Adaptive Controller, designed for people with disabilities, which allows the use of alternative inputs. This also enables using a car as an XBox One controller, which is an interesting side-effect.

Continue reading “When Your Car Breaks Down, Simply Hack It Into A Simulator”

Tilt Five: A Fresh Take On Augmented Reality Tabletop Gaming

Tilt Five is an Augmented Reality (AR) system developed by Jeri Ellsworth and a group of other engineers that is aimed at tabletop gaming which is now up on Kickstarter. Though it appears to be a quite capable (and affordable at $299) system based on the Kickstarter campaign, the most remarkable thing about it is probably that it has its roots at Valve. Yes, the ones behind the Half Life games and the Steam games store.

Much of the history of the project has been covered by sites, such as this Verge article from 2013. Back then [Jeri Ellsworth] and [Rick Johnson] were working on project CastAR, which back then looked like a contraption glued onto the top of a pair of shades. When Valve chose to go with Virtual Reality instead of AR, project CastAR began its life outside of Valve, with Valve’s [Gabe] giving [Jeri] and [Rick] his blessing to do whatever they wanted with the project.

What the Tilt Five AR system looked like in its CastAR days. (credit: The Verge)

Six years later Tilt Five is the result of the work put in over those years. Looking more like a pair of protective glasses along with a wand controller that has an uncanny resemblance to a gas lighter for candles and BBQs, it promises a virtual world like one has never seen before. Courtesy of integrated HD projectors that are aimed at the retroreflective surface of the game board.

A big limitation of the system is also its primary marketing feature: by marketing it as for tabletop gaming, the fact that the system requires this game board as the projection surface means that the virtual world cannot exist outside the board, but for a tabetop game (like Dungeons and Dragons), that should hardly be an issue. As for the games themselves, they would run on an external system, with the signal piped into the AR system. Game support for the Tilt Five is still fairly limited, but more titles have been announced.

(Thanks, RandyKC)

Dealing With Invasive Species Through Robotics

Throughout its history, humankind’s travels have often brought unwelcome guests along for the ride, and sometimes introduced species into a new environment for a variety of reasons. These so-called invasive species are all too often responsible for widespread devastation in ecosystems, wiping out entire species and disrupting the natural balance. Now researchers are testing the use of robots for population control of these invasive species.

The mosquitofish is the target of current research by NYU Tandon School of Engineering and the University of Western Australia. Originally from parts of the US and Mexico, it was introduced elsewhere for mosquito control, including in Australia. There it has become a massive problem, destroying native species that used to eat mosquitoes. As a result the mosquito problem has actually worsened.

As the main issue with these invasive species is that they do not have any natural predators that might control their numbers, the researchers created robots which mimic the look and motion of natural predators. In the case of the mosquitofish the largemouth bass is its primary predator. The theory was that by exposing the mosquitofish to something that looks and moves just like one of these predator fish, they would exhibit the same kind of stress response.

So far laboratory tests under controlled condition have confirmed these expectations, with the mosquitofish displaying clear signs of stress upon exposure to the robotic largemouth bass. Even better, they displayed decreasing weight and were found to avoid potentially dangerous areas, indicating that instead of focusing on foraging, they were in survival mode. This should limit their environmental impact, including their ability to procreate.

Who knows, before long the surface waters of Australia may be home to the first robotic species of fish.

(Thanks, [Qes])