ChatGPT, Bing, And The Upcoming Security Apocalypse

March 4, 2023 by 46 Comments

Most security professionals will tell you that it’s a lot easier to attack code systems than it is to defend them, and that this is especially true for large systems. The white hat’s job is to secure each and every point of contact, while the black hat’s goal is to find just one that’s insecure.

Whether black hat or white hat, it also helps a lot to know how the system works and exactly what it’s doing. When you’ve got the source code, either because it’s open-source, or because you’re working inside the company that makes the software, you’ve got a huge advantage both in finding bugs and in fixing them. In the case of closed-source software, the white hats arguably have the offsetting advantage that they at least can see the source code, and peek inside the black box, while the attackers cannot.

Still, if you look at the number of security issues raised weekly, it’s clear that even in the case of closed-source software, where the defenders should have the largest advantage, that offense is a lot easier than defense.

So now put yourself in the shoes of the poor folks who are going to try to secure large language models like ChatGPT, the new Bing, or Google’s soon-to-be-released Bard. They don’t understand their machines. Of course they know how the work inside, in the sense of cross multiplying tensors and updating weights based on training sets and so on. But because the billions of internal parameters interact in incomprehensible ways, almost all researchers refer to large language models’ inner workings as a black box.

And they haven’t even begun to consider security yet. They’re still worried about how to construct obscure background prompts that prevent their machines from spewing hate speech or pornographic novels. But as soon as the machines start doing something more interesting than just providing you plain text, the black hats will take notice, and someone will have to figure out defense.

Indeed, this week, we saw the first real shot across the bow: a hack to make Bing direct users to arbitrary (bad) webpages. The Bing hack requires the user to already be on a compromised website, so it’s maybe not very threatening, but it points out a possible real security difference between Bing and ChatGPT: Bing gives you links to follow, and that makes it a juicy target.

We’re right on the edge of a new security landscape, because even the white hats are facing a black box in the AI. So far, what ChatGPT and Codex and other large language models are doing is trivially secure – putting out plain text – but Bing is taking the first dangerous steps into doing something more useful, both for users and black hats. Given the ease with which people have undone OpenAI’s attempts to keep ChatGPT in its comfort zone, my guess is that the white hats will have their hands full, and the black-box nature of the model deprives them of their best hope. Buckle your seatbelts.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

TRS-80 Model 100 Inspires Cool Cyberdeck Build, 40 Years Down The Line

March 4, 2023 by 19 Comments

The TRS-80 Model 100 was a strange beast. When it debuted in 1983, it resembled nothing that was available at the time, and filled a gap between desktop computers and the mostly-not-invented-yet laptop segment of the market. Collectors covet these machines, but they’re getting harder to find four decades later. So, if you want one, you just might have to roll your own.

Honestly, it doesn’t appear [Roberto Alsina]’s purpose here we to recreate the Model 100 per se, but rather to take inspiration from its oddball form factor and experiment with the latest components. The design elements from the original that [Roberto]’s creation most strongly echo are the screen with the extreme landscape aspect ratio and the somewhat compressed keyboard. The latter is based on the cheapest mechanical 65% keyboard available, while the former is a 1920×480 LCD display intended for automotive applications. The display seems like it put up a fight, between its need for a custom HDMI cable to connect it to the Radxa Zero SBC under the hood as well as the custom kernel needed to support it.

Along with a USB hub for IO and some 18650s for power, everything went into a 3D printed case with considerably sleeker lines than the Model 100. It’s worth pointing out that [Roberto] didn’t have much experience with design or 3D printing when he kicked off this project. We love to see people stretching their skills like that, and we think the results are great in this case. We’ve seen a lot of Model 100 retrofits and brain transplants, but this may be the first time we’ve seen a build quite like this.

Showing balloon rising up, not too far from the ground, with one of the FOSDEM buildings and sky in the background

FOSDEM Sees Surprise Pico Balloon Event

March 4, 2023 by 23 Comments

At any vaguely-related conferences, groups of hackers sometimes come together to create an impact, and sometimes that impact is swinging something into an airspace of a neighboring country. [deadprogram] tells us that such a thing happened at FOSDEM, where a small group of hackers came together (Nitter) to assemble, program and launch a pico balloon they named TinyGlobo 1, which then flew all the way to France!

This balloon is built around a RP2040, and the firmware is written in TinyGo, a version of Go language for microcontroller use. As is fitting for a hacker group, both the hardware and software are open source. Don’t expect custom PCBs though, as it’s a thoroughly protoboarded build. But a few off-the-shelf modules will get you the same hardware that just flew a 400km route! For build experiences, there’s also a few tweets from the people involved, and a launch video, also embedded below.

This reminds us of the Supercon 2022 balloon story — darn copycats! If you’re interested in the more Earthly details of this year’s FOSDEM open source development conference, check out our recent coverage.

Showing the end result - a Defender machine copy in all its glory, with a colourful front panel with joysticks.

Defender Arcade Rebuilt To Settle A Childhood Memory

March 3, 2023 by 7 Comments

[Jason Winfield] had a nemesis: the Defender arcade machine. Having put quite a number of coins into one during his childhood, he’s since found himself as a seasoned maker, and decided to hold a rematch on his own terms. For this, he’s recreated the machine from scratch, building it around the guts of a Dell laptop, and he tells us the story what it took to build a new Defender in this day and age.

Defender was a peculiar machine — it was in cocktail table format, unlike many other arcade machines of that period. From pictures, he’s redesigned the whole thing in Fusion 360, in a way more desk-friendly format, but just as fancy looking as before.

As for the laptop, gutting it for its mainboard, screen, and speakers was a surprisingly painless procedure — everything booted up first try. A few board-fitted brackets and a swap from a HDD to a USB flashdrive for the OS later, the electronics were ready. As he was redesigning the entire arcade machine anyway, the new design control panel was also trimmed down for ease of use, while preserving the original colorful look.

All in all, an impressive build from [Jason]. After all was set and done, we don’t doubt that he went on to, let’s say, settle some old scores. It’s not the first time we see a desktop-sized arcade cabinet, and you gotta admire the skills making such a machine smaller while sticking to the old-timey aesthetic! Or, perhaps, would you like a cabinet that’s more subtle?

Continue reading Defender Arcade Rebuilt To Settle A Childhood Memory”

Will Carmakers Switch Clay For Computers?

March 3, 2023 by 47 Comments

The 3D printing revolution has transformed a lot of industries, but according to [Insider Business] the car industry still uses clay modeling to make life-sized replicas of new cars. The video below shows a fascinating glimpse of the process of taking foam and clay and making it look like a real car. Unlike the old days, they do use a milling machine to do some rough work on the model, but there’s still a surprising amount of manual work involved. Some of the older film clips in the video show how hard it was to do before the CNC machines.

The cost of these models isn’t cheap. They claim that some of the models have cost $650,000 to create. We assume most of that is in salaries. Some models take four years to complete and a ton of clay.

Continue reading “Will Carmakers Switch Clay For Computers?”

PCB Makes 7 Segment Displays

March 3, 2023 by 9 Comments

Of course, there’s nothing unusual about using 7-segment displays, especially in a clock. However, [Edison Science Corner] didn’t buy displays. Instead, he fabricated them from a PCB using 0805 LEDs for the segments. You can see the resulting clock project in the video below.

While the idea is good, we might have been tempted to use a pair of LEDs for each segment or used a diffuser to blur the LEDs. The bare look is nice, but it can make reading some numerals slightly confusing.

Continue reading “PCB Makes 7 Segment Displays”

A Hackaday.io page screenshot, showing all the numerous CH552 projects from [Stefan].

All The USB You Can Do With A CH552

March 3, 2023 by 11 Comments

Recently, you might have noticed a flurry of CH552 projects on Hackaday.io – all of them with professionally taken photos of neatly assembled PCBs, typically with a USB connector or two. You might also have noticed that they’re all built by one person, [Stefan “wagiminator” Wagner], who is a prolific hacker – his Hackaday.io page lists over a hundred projects, most of them proudly marked “Completed”. Today, with all these CH552 mentions in the Hackaday.io’s “Newest” category, we’ve decided to take a peek.

The CH552 is an 8-bit MCU with a USB peripheral, with a CH554 sibling that supports USB host, and [Stefan] seriously puts this microcontroller to the test. There’s a nRF24L01+ transceiver turned USB dongle, a rotary encoder peripheral with a 3D-printed case and knob, a mouse wiggler, an interface for our beloved I2C OLED displays, a general-purpose CH55x devboard, and a flurry of AVR programmers – regular AVRISP, an ISP+UPDI programmer, and a UPDI programmer with HV support. Plus, if USB host is your interest, there’s a CH554 USB host development board specifically. Every single one of these is open-source, with PCBs designed in EasyEDA, the firmware already written (!) and available on GitHub, and a lovingly crafted documentation page for each.

[Stefan]’s seriously put the CH552 to the test, and given that all of these projects got firmware, having these projects as examples is a serious incentive for more hackers to try these chips out, especially considering that the CH552 and CH554 go for about 50 cents a piece at websites like LCSC, and mostly in friendly packages. We did cover these two chips back in 2018, together with a programming guide, and we’ve seen things like badges built with its help, but having all these devices to follow is a step up in availability – plus, it’s undeniable that all the widgets built are quite useful by themselves!