This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9

September 27, 2024 by 15 Comments

It looks like there’s finally hope for sane password policies. The US National Institue of Standards and Technology, NIST, has released a draft of SP 800-63-4, the Digital Identity Guideline.

There’s password guidance in there, like “SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords” and “SHALL NOT require users to change passwords periodically.” NIST approved passwords must be at least 8 characters long, with a weaker recommendation of at least 15 characters. Security questions like name of first pet get the axe. And it’s strongly recommended that all ASCII and Unicode characters should be acceptable for passwords.

This is definitely moving in the right direction. NIST guidelines are only binding for government services and contractors, though they do eventually get picked up by banks and other industries. So there’s hope for sane password policies eventually.

Tank Hacking

Researchers at Bitsight are interested in infrastructure security, and they opted to take a closer look at Automatic Tank Gauging (ATG) systems. Those are found at gas stations, as well as any other facility that needs automated monitoring of liquids or gasses in a tank. There is an actual ATG message format, originally designed for RS-232 serial, and woefully unprepared for the interconnected present. The protocol allows for an optional security code, but it maxes out at only six alpha-numeric characters.

Among the vulnerabilities getting announced today, we have a pair of CVSS 10 command injection flaws, a quartet of 9.8 authentication bypass flaws, with one of those being a hardcoded credential — AKA a backdoor. The other CVSS9+ flaw is a SQL injection, with a trio of slightly less serious flaws. Continue reading “This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9”

Reviving A 15-Year Old Asus EeePC With Modern MX Linux

September 25, 2024 by 71 Comments
Welcome back to 2010 and the Asus eeePC Netbook, Seashell series. (Credit: Igor Ljubuncic)
Welcome back to 2010 and the Asus eeePC Netbook, Seashell series. (Credit: Igor Ljubuncic)

It’s often said these days that computers don’t become outdated nearly as quickly as they did in the past, with even a decade-old computer still more than capable of handling daily tasks for the average person. Testing that theory, [Igor Ljubuncic] revisited the Asus eeePC which he purchased back in 2010. Although it’s not specified exactly which model it is, it features an Intel Atom N450 (1 core, 2 threads) running at 1.67 GHz, 1 GB of 667 MHz DDR2 and a 250 GB HDD, all falling into that ultra-portable, 10.1″ Netbook category.

When new, the netbook came with Windows 7 Starter Edition, which [Igor] replaced with Ubuntu Netbook Remix 10.04, which was its own adventure, but the netbook worked well and got dragged around the world on work and leisure assignments. With increasingly bloated updates, Ubuntu got replaced by MX Linux 18, which improved matters, but with the little CPU struggling more and more, [Igor] retired the netbook in 2019. That is, until reviving it recently.

Upon booting, the CMOS battery was of course empty, but the system happily continued booting into MX Linux. The Debian update repositories were of course gone, but changing these to the archive version allowed for some (very old) updates. This raised the question of whether modern Linux would even run on this ancient Atom CPU, the answer of which turned out to be a resounding ‘yes’, as MX Linux still offers 32-bit builds of its most recent releases. A 15 minute upgrade process later, and a 2 minute boot later, the system was running a Linux 6.1 kernel with Xfce desktop.

As for the performance, it’s rather what you expect, with video playback topping out at 480p (on the 1024×600 display) and applications like Firefox lacking the compact density mode, wasting a lot of screen space. Amazingly the original battery seems to still deliver about half the runtime it did when new. All of which is to say that yes, even a ‘low-end’ 2010-era netbook can still be a very usable system in 2024, with a modern OS.

Winamp Releases Source Code, But Is It Really Open?

September 24, 2024 by 58 Comments

The 1990s seem to have reached that point at which they are once more considered cool, and ephemera of the decade has become sought-after. One of the unlikely software hits from the period was Winamp, the MP3 player of choice in an era when time spent on dodgy file sharing sites or peer to peer sharing would snag you almost any music you wanted. Decades later its interface is still widely copied, but now you can try the original again as its source code has been made available. It’s not what we’d call open source though, even though they seem to be making an effort to imply as much with phrases such as “opening up its source code“.

If you’d like to have a go with it you can snag a copy from this GitHub repository, and you’ll need a particular version of Visual Studio 2019 to build it. Any celebrations will be muted though by paragraph five of the Winamp Collaborative License, which prohibits distribution of modified versions or forks, and stipulates that only the official maintainers can distribute it. This doesn’t sound like open source to us, indeed it seems they’re just looking for community maintenance for free, which probably isn’t too surprising from a brand which went all-out to join the NFT bandwagon a couple of years ago.

So have a look for nostalgia’s sake if you want, but we’d suggest going for something more community driven if you want to do anything with it.

Header: Christiaan Colen, CC BY-SA 2.0.

Most Powerful Laser Diodes, Now More Powerful

September 24, 2024 by 31 Comments

Many hobbies seem to have a subset of participants who just can’t leave well enough alone. Think about hot rodders, who squeeze every bit of power out of engines they can, or PC overclockers, who often go to ridiculous ends to milk the maximum performance from a CPU. And so it goes in the world of lasers, where this avalanche driver module turns Nichia laser diodes into fire-breathing beasts.

OK, that last bit might be a little overstated, but there’s no denying the coolness of what laser jock [Les Wright] has accomplished here. In his endless quest for more optical power, [Les] happened upon a paper describing a simple driver circuit that can dump massive amounts of current into a laser diode to produce far more optical power than they’re designed for. [Les] ran with what few details the paper had and came up with a modified avalanche driver circuit, with a few niceties for easier testing, like accommodation for different avalanche transistors and a way to test laser diodes in addition to the Nichia. He also included an onboard current sensing network, making it easy to hook up a high-speed oscilloscope to monitor the performance of the driver.

For testing, [Les] used a high-voltage supply homebrewed from a Nixie inverter module along with a function generator to provide the pulses. The driver was able to push 80 amps into a Nichia NUBM47 diode for just a few nanoseconds, and when all the numbers were plugged in, the setup produced about 67 watts of optical power. Not one to let such power go to waste, [Les] followed up with some cool experiments in laser range finding and dye laser pumping, which you can check out in the video below. And check out our back catalog of [Les]’ many laser projects, from a sketchy tattoo-removal laser teardown to his acousto-optical filter experiments. Continue reading “Most Powerful Laser Diodes, Now More Powerful”

Digital Audio Workstation In A Box

September 23, 2024 by 4 Comments

Although it’s still possible to grab a couple of friends, guitars, and a set of drums and start making analog music like it’s 1992 and there are vacant garages everywhere yearning for the sounds of power chords, the music scene almost demands the use of a computer now. There are a lot of benefits, largely that it dramatically lowers the barrier to entry since it greatly reduces the need for expensive analog instruments. It’s possible to get by with an impressively small computer and only a handful of other components too, as [BAussems] demonstrates with this tiny digital audio workstation (DAW).

The DAW is housed inside a small wooden box and is centered around a Behringer JT-4000 which does most of the heavy lifting in this project. It’s a synthesizer designed to be as small as possible, but [BAussems] has a few other things to add to this build to round out its musical capabilities. A digital reverb effects pedal was disassembled to reduce size and added to the DAW beneath the synthesizer. At its most basic level this DAW can be used with nothing but these components and a pair of headphones, but it’s also possible to add a smartphone to act as a sequencer and a stereo as well.

For a portable on-the-go rig, this digital audio workstation checks a lot of the boxes needed including MIDI and integration with a computer. It’s excellent inspiration for anyone else who needs a setup like this but doesn’t have access, space, or funds for a more traditional laptop- or desktop-centered version. For some other small on-the-go musical instruments we recently saw a MIDI-enabled keyboard not much larger than a credit card.

The Surprising Effects Of Fast Food Kiosks

September 21, 2024 by 81 Comments

For as long as there have been machines, there have been fears of machines taking your job. One of the latest incarnations of this phenomenon is the fast-food ordering kiosk. No longer will you have some teenager asking you if you want fries with that. These days, you are more likely going to find the question on a touch screen. So, are those poor kids out of an entry-level job? Apparently not, according to a recent CNN story.

According to McDonald’s, a business that embraces the kiosks, the new technology increases sales and creates more jobs, albeit more jobs further behind the counter. Part of the reason is that while “Do you want fries with that” is a cliche, it is also a sound business practice. Cashiers should try to upsell but don’t always do so. The kiosk always remembers to offer you an apple pie or whatever else they want to move today.

Continue reading “The Surprising Effects Of Fast Food Kiosks”

There’s No Lower Spec Linux Machine Than This One

September 21, 2024 by 47 Comments

It’s not uncommon for a new distro version to come out, and a grudging admission that maybe a faster laptop is on the cards. Perhaps after seeing this project though, you’ll never again complain about that two-generations-ago 64-bit multi-core behemoth, because [Dimitri Grinberg] — who else! — has succeeded in booting an up-to-date Linux on the real most basic of processors. We’re not talking about 386s, ATmegas, or 6502s, instead he’s gone right back to the beginning. The Intel 4004 was the first commercially available microprocessor back in 1971, and now it can run Linux.

So, given the 4004’s very limited architecture and 4-bit bus, how can it perform this impossible feat? As you might expect, the kernel isn’t being compiled to run natively on such ancient hardware. Instead he’s achieved the equally impossible-sounding task of writing a MIPS emulator for the venerable silicon, and paring back the emulated hardware to the extent that it remains capable given the limitations of the 1970s support chips in interfacing to the more recent parts such as RAM for the MIPS, an SD card, and a VFD display. The result is shown in the video below the break, and even though it’s sped up it’s clear that this is not a quick machine by any means.

We’d recommend the article as a good read even if you’ll never put Linux on a 4004, because of its detailed description of the architecture. Meanwhile we’ve had a few 4004 stories over the years, and this one’s not even the first time we’ve seen it emulate something else.

Continue reading “There’s No Lower Spec Linux Machine Than This One”