Add WebUSB Support To Firefox With A Special USB Device

March 15, 2025 by Maya Posch 7 Comments

RP2040-based Pico board acting as U2F dongle with Firefox. (Credit: ArcaneNibble, GitHub)

The WebUSB standard is certainly controversial. Many consider it a security risk, and, to date, only Chromium-based browsers support it. But there is a workaround that is, ironically, supposed to increase security. The adjacent Universal 2nd Factor (U2F) standard also adds (limited) USB support to browsers. Sure, this is meant solely to support U2F USB dongles for two-factor authentication purposes, but as [ArcaneNibble] demonstrates using U2F-compatible firmware on a Raspberry Pi RP2040, by hijacking the U2F payload, this API can be used to provide WebUSB-like functionality.

Continue reading “Add WebUSB Support To Firefox With A Special USB Device” →

My Scammer Girlfriend: Baiting A Romance Fraudster

March 15, 2025 by Maya Posch 21 Comments

Nobody likes spam messages, but some of them contain rather fascinating scams. Case in point, [Ben Tasker] recently got a few romance scam emails that made him decide to take a poke at the scam behind these messages. This particular scam tries to draw in marks with an attached photo (pilfered from Facebook) and fake personal details. Naturally, contacting scammers is a bad idea, and you should never provide them with any personal information if you decide to have some ‘fun’.

The games begin once you contact them via the listed email address, as they’re all sent from hacked/spoofed email accounts. After this you have to wait for the scammers to return to the campaign on their monthly cycle, so give it a few weeks. Analyzing image metadata provides some clues (e.g. the FBMD prefix in IPTC tags set by Meta, as well as timezone info). The IP address from the email headers pointed to a VPN being used, so no easy solution here.

After establishing contact, the scammers try to coax the mark into ‘helping’ them move to their country, with Skype out-call numbers received on [Ben]’s burner phone that seem designed to add to the realism. Then ‘disaster’ strikes and the mark is asked to transfer a lot of money to help their new ‘love’. Naturally, [Ben] wasn’t a gullible mark, and set up a few traps, including a custom domain and website that’d log any visitor (i.e. the scammer).

Continue reading “My Scammer Girlfriend: Baiting A Romance Fraudster” →

C+P: Combining The Usefulness Of C With The Excellence Of Prolog

March 14, 2025 by Maya Posch 8 Comments

In a move that will absolutely not over-excite anyone, nor lead to any heated arguments, [needleful] posits that their C Plus Prolog (C+P for short) programming language is the best possible language ever. This is due to it combining the best of the only good programming language (Prolog) with the best of the only useful programming language (C). Although the resulting mash-up syntax that results may trigger Objective-C flashbacks, it’s actually valid SWI-Prolog, that is subsequently converted to C for compilation.

Language flamewars aside, the motivation for C+P as explained in the project’s README was mostly the exploring of macros in a system programming language. More specifically, by implementing a language-within-a-language you can add just about any compile-time feature you want including – as demonstrated in C+P – a form of generics. Even as a way to have a bit of fun, C+P comes dangerously close to being a functional prototype. Its main flaw is probably the lack of validation and error messages, which likely leads to broken C being generated.

Also mentioned are the Nim and Haxe languages which can be compiled (transpiled) to C or C++, which is somewhat of a similar idea as C+P, as well as cmacro (based on Common Lisp) and the D language.

Utah’s FORGE: A Research Laboratory For Enhanced Geothermal Systems

March 14, 2025 by Maya Posch 6 Comments

Geothermal heat is a tantalizing source of energy that’s quite literally right below our feet. At the same time geothermal energy is hard to develop as the Earth’s crust is too thick in most places, limiting this to areas where magma is close enough to the surface and the underground rock permeable enough for water. The Utah FORGE facility is a field site were researchers are developing and testing ways to increase the scope of geothermal energy.

An Enhanced Geothermal System (EGS) is designed to be capable of using geothermal energy where this is normally not feasible through a technique that’s reminiscent of the hydraulic fracturing (‘fracking’) used by the oil and gas industry, but rather than creating more fractures, it instead uses hydro-shearing to prop open existing fractures and thus create the through-flow of water needed to extract geothermal energy.

So far FORGE has reported the successful creation of a geothermal reservoir where before there was none. This facility is located in the Milford valley in southwest Utah, which has some hydrothermal activity at the nearby Roosevelt Hot Springs, but through EGS other parts of this valley and similar areas could conceivably be used for generating electricity and for community heating as well. In a 2024 study by University of Utah scientists, it is described how the Milford valley’s volcanic past has left a large body of magma below a thick barrier of granitic rock that could provide access to geothermal resources with EGS to create the requisite fluid permeability.

FORGE is not the only facility working on EGS, but many other sites around the world having ceased activities after issues ranging from induced seismicity, susceptibility to earthquakes and budget shortages. Much like fracking, EGS is likely to cause earthquakes. Whether EGS can be made economically feasible still remains to be seen.

Image Credit: Eric Larson, Flash Point SLC

BritCSS: Write CSS With British English Spellings

March 13, 2025 by Maya Posch 37 Comments

Everyone knows that there is only one proper English, with the rest being mere derivatives that bastardize the spelling and grammar. Despite this, the hoodlums who staged a violent uprising against British rule in the American colonies have somehow made their uncouth dialect dominant in the information technologies that have taken the world by storm these past decades. In this urgent mission to restore the King’s English to its rightful place, we fortunately have patriotic British citizens who have taken it upon themselves to correct this grave injustice. Brave citizens such as [Declan Chidlow], whose BritCSS project is a bright beacon in these harrowing times.

Implemented as a simple, 14 kB JavaScript script to be included in an HTML page, it allows one to write CSS files using proper spelling, such as background-colour and centre. Meanwhile harsh language such as !important is replaced with the more pleasant !if-you-would-be-so-kind. It is expected that although for now this script has to be included on each page to use BritCSS, native support will soon be implemented in every browser, superseding the US dialect version. [Declan] has also been recommended to be awarded the Order of the British Empire for his outstanding services.

High-Speed Reservoir Computing With Integrated Laser Graded Artificial Neurons

March 13, 2025 by Maya Posch 2 Comments

So-called neuromorphic computing involves the use of physical artificial neurons to do computing in a way that is inspired by the human brain. With photonic neuromorphic computing these artificial neurons generally use laser sources and structures such as micro-ring resonators and resonant tunneling diodes to inject photons and modulate them akin to biological neurons.

General reservoir computing with laser graded neuron. (Credit: Yikun Nie et al., 2024, Optica)

One limitation of photonic artificial neurons was that these have a binary response and a refractory period, making them unlike the more versatile graded neurons. This has now been addressed by [Yikun Nie] et al. with their research published in Optica.

The main advantage of graded neurons is that they are capable of analog graded responses, combined with no refractory period in which the neuron is unresponsive. For the photonic version, a quantum dot (QD) based gain section was constructed, with the input pulses determining the (analog) output.

Multiple of these neurons were then combined on a single die, for use in a reservoir computing configuration. This was used with a range of tests, including arrhythmia detection (98% accuracy) and handwriting classification (92% accuracy). By having the lasers integrated and the input pulses being electrical in nature, this should make it quite low-power, as well as fast, featuring 100 GHz QD lasers.

Pixel Watch 3’s Loss Of Pulse Detection: The Algorithms That Tell Someone Is Dying

March 12, 2025 by Maya Posch 63 Comments

More and more of the ‘smart’ gadgets like watches and phones that we carry around with us these days come with features that we’d not care to ever need. Since these are devices that we strap onto our wrists and generally carry in close proximity to our bodies, they can use their sensors to make an estimation of whether said body is possibly in the process of expiring. This can be due to a severe kinetic event like a car crash, or something more subtle like the cessation of the beating of one’s heart.

There is a fairly new Loss of Pulse Detection (LoPD) feature in Google’s Pixel Watch 3 that recently got US FDA approval, allowing it to be made available in the US after previously becoming available in over a dozen European countries following its announcement in August of 2024. This opt-in feature regularly polls whether it can detect the user’s pulse. If not found, it cascades down a few steps before calling emergency services.

The pertinent question here is always whether it is truly detecting a crisis event, as nobody wants to regularly apologize for a false alert to the overworked person staffing the 911 or equivalent emergency line. So how do you reliably determine that your smart watch or phone should dial emergencies forthwith?

Continue reading “Pixel Watch 3’s Loss Of Pulse Detection: The Algorithms That Tell Someone Is Dying” →