LEDs are a wonderful technology. You put in a little bit of power, and you get out a wonderful amount of light. They’re efficient, cheap, and plentiful. We use them for so much!
What you might not have known is that these humble components have a secret feature, one largely undocumented in the datasheets. You can use an LED as a light source, sure, but did you know you can use one as a sensor?
If you’ve ever watched Predator, you’ve noted the tactical advantage granted to the alien warrior by its heat vision. Indeed, even with otherwise solid camoflauge, Dutch and his squad ended up very much the hunted.
And yet, back in reality, it seems the prey might be the one with the ability to sense in the infrared spectrum. Research has now revealed this unique ability may all be down to the hairs on the back of some of the smallest mammals.
Continue reading “Small Mammals Appear To Have A Secret Infrared Sense”
In case you haven’t heard, about a month ago MicroPython has celebrated its 11th birthday. I was lucky that I was able to start hacking with it soon after pyboards have shipped – the first tech talk I remember giving was about MicroPython, and that talk was how I got into the hackerspace I subsequently spent years in. Since then, MicroPython been a staple in my projects, workshops, and hacking forays.
If you’re friends with Python or you’re willing to learn, you might just enjoy it a lot too. What’s more, MicroPython is an invaluable addition to a hacker’s toolkit, and I’d like to show you why. Continue reading “Embedded Python: MicroPython Is Amazing”
A couple of weeks back we featured a story (third item) about a chunk of space jetsam that tried to peacefully return to Earth, only to find a Florida family’s roof rudely in the way. The 700-gram cylinder of Inconel was all that was left of a 2,360-kg battery pack that was tossed overboard from the ISS back in 2021, the rest presumably turning into air pollution just as NASA had planned. But the surviving bit was a “Golden BB” that managed to slam through the roof and do a fair amount of damage. At the time it happened, the Otero family was just looking for NASA to cover the cost of repairs, but now they’re looking for a little more consideration. A lawsuit filed by their attorney seeks $80,000 to cover the cost of repairs as well as compensation for the “stress and impact” of the event. This also seems to be about setting a precedent, since the Space Liability Convention, an agreement to which the USA is party, would require the space agency to cover damages if the debris had done damage in another country. The Oteros think the SLC should apply to US properties as well, and while we can see their point, we’d advise them not to hold their breath. We suppose something like this had to happen eventually, and somehow we’re not surprised to see “Florida Man” in the headlines.
Did you know you can get a “smart bed” that tracks your sleep, breathing, heart rate, and even regulates the temperature of the mattress? No? Well, you can get root access to one, too, as [Dillan] shows, and if you’re lucky, find a phone-home backdoor-like connection. The backstory to this hack is pretty interesting, too!
You see, a Sleep Number bed requires a network connection for its smart features, with no local option offered. Not to worry — [Dillan] wrote a Homebridge plugin that’d talk the cloud API, so you could at least meaningfully work with the bed data. However, the plugin got popular, Sleep Number didn’t expect the API to be that popular. When they discovered the plugin, they asked that it be shut down. Tech-inclined customers are not to be discouraged, of course.
Continue reading “Root Your Sleep Number Smart Bed, Discover It Phoning Home”
Developing free and open source software can be a thankless experience. Most folks do it because it’s something they’re passionate about, with the only personal benefit being the knowledge that there are individuals out there who found your work useful enough to download and install. So imagine how you’d feel if it turns out somebody was playing around with the figures, and the steady growth in the number of installs you thought your software had turned out to be fake.
That’s what happened just a few days ago to OctoPrint developer [Gina Häußge]. Although there’s no question that her software for remotely controlling and monitoring 3D printers is immensely popular within the community, the fact remains that the numbers she’s been using to help quantify that popularity have been tampered with by an outside party. She’s pissed, and has every right to be.
Continue reading “Long-Term OctoPrint Stat Manipulation Uncovered”
Way back in 2020, I actually read the proposed US legislation known as EARN IT, and with some controversy, concluded that much of the criticism of that bill was inaccurate. Well what’s old is new again, except this time it’s the European Union that’s wrestling with how to police online Child Sexual Abuse Material (CSAM). And from what I can tell of reading the actual legislation (pdf), this time it really is that bad.
The legislation lays out two primary goals, both of them problematic. The first is detection, or what some are calling “upload moderation”. The technical details are completely omitted here, simply stating that services “… take reasonable measures to mitigate the risk of their services being misused for such abuse …” The implication here is that providers would do some sort of automated scanning to detect illicit text or visuals, but exactly what constitutes “reasonable measures” is left unspecified.
The second goal is the detection order. It’s worth pointing out that interpersonal communication services are explicitly mentioned as required to implement these goals. From the bill:
Providers of hosting services and providers of interpersonal communications services that have received a detection order shall execute it by installing and operating technologies approved by the Commission to detect the dissemination of known or new child sexual abuse material or the solicitation of children…
This bill is careful not to prohibit end-to-end encryption, nor require that such encryption be backdoored. Instead, it requires that the apps themselves be backdoored, to spy on users before encryption happens. No wonder Meredith Whittaker has promised to pull the Signal app out of the EU if it becomes law. As this scanning is done prior to encryption, it’s technically not breaking end-to-end encryption.
You may wonder why that’s such a big deal. Why is it a non-negotiable for the Signal app to not look for CSAM in messages prior to encryption? For starters, it’s a violation of user trust and an intentional weakening of the security of the Signal system. But maybe most importantly, it puts a mechanism in place that will undoubtedly prove too tempting for future governments. If Signal can be forced into looking for CSAM in the EU, why not anti-government speech in China?
Continue reading “This Week In Security: Chat Control, Vulnerability Extortion, And Emoji Malware”
