Author: Sven Gregori

143 Articles

36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware

December 29, 2019 by 29 Comments

With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.

Unfortunately, when it comes to open source hardware, the number of steps and parties involved that are out of our control until we have a final product — production, logistics, distribution, even the customer — makes it substantially more difficult to achieve the same peace of mind. To make things worse, to actually validate the hardware on chip level, you’d ultimately have to destroy it.

On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself. And these aren’t any theoretical or “what if” scenarios, but actual possible options — of course, some of them come with a certain price tag, but in the end, with the right motivation, money is only a detail.

Continue reading “36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware”

36C3: Phyphox – Using Smartphone Sensors For Physics Experiments

December 29, 2019 by 7 Comments

It’s no secret that the average smart phone today packs an abundance of gadgets fitting in your pocket, which could have easily filled a car trunk a few decades ago. We like to think about video cameras, music playing equipment, and maybe even telephones here, but let’s not ignore the amount of measurement equipment we also carry around in form of tiny sensors nowadays. How to use those sensors for educational purposes to teach physics is presented in [Sebastian Staacks]’ talk at 36C3 about the phyphox mobile lab app.

While accessing a mobile device’s sensor data is usually quite straightforwardly done through some API calls, the phyphox app is not only a shortcut to nicely graph all the available sensor data on the screen, it also exports the data for additional visualization and processing later on. An accompanying experiment editor allows to define custom experiments from data capture to analysis that are stored in an XML-based file format and possible to share through QR codes.

Aside from demonstrating the app itself, if you ever wondered how sensors like the accelerometer, magnetometer, or barometric pressure sensor inside your phone actually work, and which one of them you can use to detect toilet flushing on an airplane and measure elevator velocity, and how to verify your HDD spins correctly, you will enjoy the talk. If you just want a good base for playing around with sensor data yourself, it’s all open source and available on GitHub for both Android and iOS.

Continue reading “36C3: Phyphox – Using Smartphone Sensors For Physics Experiments”

The Heat Of The Moments – Location Visualization In Python

December 5, 2019 by 7 Comments

Have you ever taken a look at all the information that Google has collected about you over all these years? That is, of course, assuming you have a Google account, but that’s quite a given if you own an Android device and have privacy concerns overruled by convenience. And considering that GPS is a pretty standard smartphone feature nowadays, you shouldn’t be surprised that your entire location history is very likely part of the collected data as well. So unless you opted out from an everchanging settings labyrinth in the past, it’s too late now, that data exists — period. Well, we might as well use it for our own benefit then and visualize what we’ve got there.

Location data naturally screams for maps as visualization method, and [luka1199] thought what would be better than an interactive Geo Heatmap written in Python, showing all the hotspots of your life. Built around the Folium library, the script reads the JSON dump of your location history that you can request from Google’s Takeout service, and overlays the resulting heatmap on the OpenStreetMap world map, ready for you to explore in your browser. Being Python, that’s pretty much all there is, which makes [Luka]’s script also a good starting point to play around with Folium and map visualization yourself.

While simply just looking at the map and remembering the places your life has taken you to can be fun on its own, you might also realize some time optimization potential in alternative route plannings, or use it to turn your last road trip route into an art piece. Just, whatever you do, be careful that you don’t accidentally leak the location of some secret military facilities.

[via r/dataisbeautiful]

Zombies Ate Your Neighbors? Tell Everyone Through LoRa!

December 4, 2019 by 24 Comments

As popular as the post-apocalyptic Zombie genre is, there is a quite unrealistic component to most of the stories. Well, apart from the whole “the undead roaming the Earth” thing. But where are the nerds, and where is all the apocalypse-proof, solar-powered tech? Or is it exactly this lack of tech in those stories that serves as incentive to build it in the first place? Well, maybe it doesn’t have to be the end of the world to seek for ways to cope with a collapse of our modern communication infrastructure either. Just think of natural disasters — an earthquake or hurricane causing a long-term power outage for example. The folks at [sudomesh] tackle exactly this concern with their fully open source, off-grid, solar-powered, LoRa mesh network, Disaster Radio.

The network itself is built from single nodes comprising of a battery-backed solar panel, a LoRa module, and either the ESP8266 or ESP32 for WiFi connectivity. The idea is to connect to the network with your mobile phone through WiFi, therefore eliminating any need for additional components to actually use the network, and have the nodes communicate with each other via LoRa. Admittedly, LoRa may not be your best choice for high data rates, but it is a good choice for long-range communication when cellular networks aren’t an option. And while you can built it all by yourself with everything available on [sudomesh]’s GitHub page, a TTGO ESP32 LoRa module will do as well.

If the idea itself sounds familiar, we did indeed cover similar projects like HELPER and Skrypt earlier this year, showing that LoRa really seems to be a popular go-to for off-grid communication. But well, whether we really care about modern communication and helping each other out when all hell breaks loose instead of just primevally defending our own lives is of course another question.

Pack Your Bags – Systemd Is Taking You To A New Home

October 16, 2019 by 177 Comments

Home directories have been a fundamental part on any Unixy system since day one. They’re such a basic element, we usually don’t give them much thought. And why would we? From a low level point of view, whatever location $HOME is pointing to, is a directory just like any other of the countless ones you will find on the system — apart from maybe being located on its own disk partition. Home directories are so unspectacular in their nature, it wouldn’t usually cross anyone’s mind to even consider to change anything about them. And then there’s Lennart Poettering.

In case you’re not familiar with the name, he is the main developer behind the systemd init system, which has nowadays been adopted by the majority of Linux distributions as replacement for its oldschool, Unix-style init-system predecessors, essentially changing everything we knew about the system boot process. Not only did this change personally insult every single Perl-loving, Ken-Thompson-action-figure-owning grey beard, it engendered contempt towards systemd and Lennart himself that approaches Nickelback level. At this point, it probably doesn’t matter anymore what he does next, haters gonna hate. So who better than him to disrupt everything we know about home directories? Where you _live_?

Although, home directories are just one part of the equation that his latest creation — the systemd-homed project — is going to make people hate him even more tackle. The big picture is really more about the whole concept of user management as we know it, which sounds bold and scary, but which in its current state is also a lot more flawed than we might realize. So let’s have a look at what it’s all about, the motivation behind homed, the problems it’s going to both solve and raise, and how it’s maybe time to leave some outdated philosophies behind us.

Continue reading “Pack Your Bags – Systemd Is Taking You To A New Home”

What’s In A Name? Tales Of Python, Perl, And The GIMP

September 18, 2019 by 58 Comments

In the older days of open source software, major projects tended to have their Benevolent Dictators For Life who made all the final decisions, and some mature projects still operate that way. Guido van Rossum famously called his language “Python” because he liked the British comics of the same name. That’s the sort of thing that only a single developer can get away with.

However, in these modern times of GitHub, GitLab, and other collaboration platforms, community-driven decision making has become a more and more common phenomenon, shifting software development towards democracy. People begin to think of themselves as “Python programmers” or “GIMP users” and the name of the project fuses irrevocably with their identity.

What happens when software projects fork, develop apart, or otherwise change significantly? Obviously, to prevent confusion, they get a new name, and all of those “Perl Monks” need to become “Raku Monks”.  Needless to say, what should be a trivial detail — what we’ve all decided to call this pile of ones and zeros or language constructs — can become a big deal. Don’t believe us? Here are the stories of renaming Python, Perl, and the GIMP.

Continue reading “What’s In A Name? Tales Of Python, Perl, And The GIMP”

Broken HP-48 Calculator Reborn As Bluetooth Keyboard

August 16, 2019 by 8 Comments

Considering their hardware specification, graphing calculators surely feel like an anachronism in 2019. There are plenty of apps and other software available for that nowadays, and despite all preaching by our teachers, we actually do carry calculators with us every day. On the other hand, never underestimate the power of muscle memory when using physical knobs and buttons instead of touch screen or mouse input. [epostkastl] combined the best of both worlds and turned his broken HP-48 into a Bluetooth LE keyboard to get the real feel with its emulated counterpart.

Initially implemented as USB device, [epostkastl] opted for a wireless version this time, and connected an nRF52 based Adafruit Feather board to the HP-48’s conveniently exposed button matrix pins. For the software emulation side, he uses the Emu48, an open source HP calculator emulator for Windows and Android. The great thing about Emu84 is that it supports fully customizable mappings of regular keyboard events to the emulated buttons, so you can easily map, say, the cosine button to the [C] key. The rest is straight forward: scanning the button matrix detects button presses, maps them to a key event, and sends it as a BLE HID event to the receiving side running Emu84.

As this turns [epostkastl]’s HP-48 essentially into a regular wireless keyboard in a compact package — albeit with a layout that outshines every QWERTY vs Dvorak debate. It can of course also find alternative use cases, for examples as media center remote control, or a shortcut keyboard. After all, we’ve seen the latter one built as stomp boxes and from finger training devices before, so why not a calculator?

Continue reading “Broken HP-48 Calculator Reborn As Bluetooth Keyboard”