Hackaday Links Column Banner

Hackaday Links: March 10, 2024

March 10, 2024 by 17 Comments

We all know that we’re living in a surveillance state that would make Orwell himself shake his head, but it looks like at least one company in this space has gone a little rogue. According to reports, AI surveillance start-up Flock <<insert gratuitous “What the Flock?” joke here>> has installed at least 200 of its car-tracking cameras on public roads in South Carolina alone. That’s a serious whoopsie, especially since it’s illegal to install anything on state infrastructure without permission, which it appears Flock failed to obtain. South Carolina authorities are making a good show of being outraged about this, but it sort of rings hollow to us, especially since Flock now claims that 70% of the population (of the USA, we presume) is covered by their technology. Also, police departments across the country are in love with Flock’s service, which lets them accurately track the movements of potential suspects, which of course is everyone. No word on whether Flock will have to remove the rogue cameras, but we’re not holding our breath.

Continue reading “Hackaday Links: March 10, 2024”

Walking And Talking Through The UK National Museum Of Computing

March 5, 2024 by 17 Comments

I found myself in Milton Keynes, UK, a little while ago, with a few hours to spare. What could I do but rock over to the National Museum of Computing and make a nuisance of myself? I have visited many times, but this time, I was armed with a voice recorder and a mission to talk to everybody who didn’t run away fast enough. There is so much to see and do, that what follows is a somewhat truncated whistle-stop tour to give you, the dear readers, a flavour of what other exhibits you can find once you’ve taken in the usual sights of the Colossus and the other famous early machines.

A VT01 terminal showing "the adventure" game running
Click this image to play in your browser.

We expect you’ve heard of the classic text adventure game Zork. Well before that, there was the ingeniously titled “Adventure”, which is reported to be the first ‘interactive fiction’ text adventure game. Created initially by [Will Crowther], who at the time was a keen cave explorer and D & D player, and also the guy responsible for the firmware of the original Arpanet routers, the game contains details of the cave systems of Mammoth and Flint Ridge in Kentucky.

The first version was a text-based simulation of moving around the cave system, and after a while of its release onto the fledgling internet, it was picked up and extended by [Don Woods], and the rest is history. If you want to read more, the excellent site by [Rick Adams] is a great resource that lets you play along in your browser. Just watch out for the dwarfs. (Editor’s note: “plugh“.) During my visit, I believe the software was running on the room-sized ICL2966 via a VT01 terminal, but feel free to correct me, as I can’t find any information to the contrary.

A little further around the same room as the ICL system, there is a real rarity: a Marconi TAC or Transistorised Automatic Computer. This four-cabinet minicomputer was designed in the late 1950s as a ‘fast real-time computer’, is one of only five made, and this example was initially installed at Wylfa nuclear power station in Anglesey, intended as a monitoring and alarm system controller. These two machines were spare units for the three built for the Swedish air defence system, which were no longer required. Commissioned in 1968, this TAC ran continuously until 2004, which could make it one the longest continuously running computers in the world. The TAC has 4 kwords of 20-bit core memory, a paper tape reader for program loading and a magnetic drum storage memory. Unusually, for this period, the TAC has a micro-coded CISC architecture, utilising a whole cabinet worth of diode-matrix ROM boards to code the instruction set. This enabled the TAC to have a customizable instruction set. As standard, the TAC  shipped with trigonometric and other transcendental functions as individual instructions. This strategy minimized the program size and allowed more complex programs to fit in the memory.

Continue reading “Walking And Talking Through The UK National Museum Of Computing”

render of the Amiga juggler demo

The Juggler: In Rust

March 4, 2024 by 12 Comments

Back on the theme of learning to program by taking on a meaningful project — we have another raytracing demo — this time using Rust on the Raspberry Pi. [Unfastener] saw our previous article about writing a simple raytracer in spectrum BASIC and got inspired to try something similar. The plan was to recreate the famous juggler 3D demo, from the early days of 3D rendering on the Amiga.

The juggler story starts with an Amiga programmer called [Eric Graham] who created ssg, the first ray tracer application on a personal computer. A demo was shown to Commodore, who didn’t believe it was done on their platform, but a quick follow-up with the actual software used soon quelled their doubts. Once convinced, they purchased the rights to the demo for a couple of thousand dollars (in 1986 money, mind you) to use in promotional materials. [Eric] developed ssg into the popular Sculpt 3D, which became available also on Mac and Windows platforms, and kick-started a whole industry of personal 3D modelling and ray tracing.

Anyway, back to the point. [Unfastener] needed to get up the considerable Rust learning curve, and the best way to do that is to let someone else take care of some of the awkward details of dealing with GUI, and just concentrate on the application. To that end, they use the softbuffer and winit Rust crates that deal with the (important, yet frankly uninteresting) details of building frame buffers and pushing the pixels out to the window manager in a cross-platform way. Vecmath takes care of — you guessed it — the vector math. There’s no point reinventing that wheel either. Whilst [Unfastener] mentions the original Amiga demo took about an hour per frame to render, this implementation runs in real-time. To that end, the code performs a timed pre-render to determine the most acceptable resolution to get an acceptable frame rate, achieving a respectable 30 or so frames per second on a Pi 5, with the older Pis needing to drop the resolution a little. This goes to show how efficient Rust code can be and, how capable the new Pi is. How far we have come.

We saw another interesting rust-based raytracer a while back, which is kinda fun. We’ve also covered rust in other applications a few times, like inside the Linux kernel. Finally here’s our guide to getting started with rust, in case you need any more motivation to have a crack at this upcoming language.

Phone connected to the DIY LTE network playing a YouTube video, with antennas in the background

Building Your Own 4G LTE Base Station

March 3, 2024 by 14 Comments

We’ve seen quite a few DIY 2G networks over the years, but the 4G field has been relatively barren. Turns out, there’s an open source suite called srsRAN that lets you use an SDR for setting up an LTE network, and recently, we’ve found a blog post from [MaFrance351] (Google Translate) that teaches you everything you could need to know if you ever wanted to launch a LTE network for your personal research purposes.

For a start, you want a reasonably powerful computer, a transmit-capable full-duplex software defined radio (SDR), suitable antennas, some programmable SIM cards, and a few other bits and pieces like SIM card programmers and LTE-capable smartphones for testing purposes. Get your hardware ready and strap in, as [MaFrance351] guides you through setting up your own base station, with extreme amounts of detail outlining anything you could get caught up on.

Continue reading “Building Your Own 4G LTE Base Station”

The White House Memory Safety Appeal Is A Security Red Herring

February 29, 2024 by 102 Comments

In the Holy Programming Language Wars, the lingua franca of system programming – also known as C – is often lambasted for being unsecure, error-prone, and plagued with more types of behavior that are undefined than ones that are defined by the C standards. Many programming languages were said to be ‘C killers’, yet C is still alive today. That didn’t stop the US White House’s Office of the National Cyber Director (ONCD) from putting out a report in which both C and C++ got lambasted for being ‘unsafe’ when it came to memory management.

The full report (PDF) is pretty light on technical details, while citing only blog posts by Microsoft and Google as its ‘expert sources’. The claim that memory safety issues are the primary cause of CVEs is not substantiated, or at least ignores the severity of CVEs when looking at the CISA statistics for active exploits. Beyond this call for ‘memory safety’, the report then goes on to effectively call for more testing and validation, while kicking in doors that were opened back in the 1970s already with the Steelman requirements and the High Order Language Working Group (HOLWG) of 1975.

What truly is the impact and factual basis of the ONCD report?

Continue reading “The White House Memory Safety Appeal Is A Security Red Herring”

This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!

February 16, 2024 by 7 Comments

Reading through a vulnerability report about ClamAV, I came across a phrase that filled me with dread: “The file name is not sanitized”. It’s a feature, VirusEvent, that can be enabled in the ClamnAV config. And that configuration includes a string formatting function, where the string includes %v and %s, which gets replaced with a detected virus name and the file name from the email. And now you see the problem, I hope: The filename is attacker supplied input.

Where this really gets out of hand is what ClamAV does with this string. execle("/bin/sh", "sh", "-c", buffer_cmd, NULL, env). So let’s talk defensive program design for a minute. When it comes to running a secondary command, there are two general options, system() and the exec*() family of system calls. system() is very simple to use. It pauses execution of the main process and asks the operating system to run a string, just as if the user had typed that command into the shell. While this is very convenient to use, there is a security problem if any of that command string is user-supplied. All it takes is a semicolon or ampersand to break assumptions and inject a command.

To the rescue comes exec(). It’s a bit more complicated to use, requiring the programmer to manually call fork() and wait(). But it’s not running the command via the shell. exec() executes a program directly, totally eliminating the potential for command injection! Except… oops.

Yeah, exec() and related calls don’t offer any security protections when you use them to execute /bin/sh. I suspect the code was written this way to allow running a script without specifying /bin/sh in the config. The official fix was to disable the filename format character, and instead supply it as an environment variable. That certainly works, and that fix is available in 1.0.5, 1.2.2, and 1.3.0.

The real danger here is that we have another case where some hardware appliance manufacturer has used ClamAV for email filtering, and uses this configuration by default. That’s how we get orders from CISA to unplug your hardware, because it’s already compromised. Continue reading “This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!”

How Many Time Zones Are There Anyway?

February 14, 2024 by 38 Comments

Nowadays, it’s an even bet that your newest project somehow connects to the Internet and, thus, to the world. Even if it doesn’t, if you share your plans, someone might reproduce your creation in some far distant locale. If your design uses time, you might need to think about time zones. Easy, right? That’s what [Zain Rizvi] thought until he tried to deploy something that converted between timezones. You can learn from his misconceptions thanks to a detailed post he provides.

You might think, “What’s the big deal?” After all, there’s UTC, and then there are 12 time zones ahead of UTC and 12 time zones later. But that’s not even close to true.

As [Zain] found out, there are 27 hours in a full-day cycle if you count UTC as one hour. Why? Because some islands in the Pacific wanted to be on the wrong side of the International Date Line. So there are a few extra zones to accommodate them.

You can’t even count on time zones being offset by an hour from the previous zone. Several zones have a half-hour offset from UTC (for example, India’s standard time is 5.5 hours from UTC). But surely the offset is always either a whole number or a number where the fractional part is 0.5, right?

Um, no. Nepal wants the sun to be directly over the mountain at noon, so it offsets by 45 minutes! [Zain] wonders — as we do — what would happen if the mountain shifted over time? Until 1940, Amsterdam used a 20-minute offset. Some cities are split with one half in one time zone and another in the other.

Of course, there are the usual problems with multiple names for each zone, both because many countries want their own zone and because the exact same zone is different in different languages. Having your own zone is not just for vanity, though. Daylight savings time rules will vary by zone and even, in some cases, only in certain parts of a zone. For example, in the United States, Arizona doesn’t change to daylight savings time. Oh, except for the Navajo Nation in Arizona, which does! Some areas observe daylight savings time that starts and ends multiple times during the year. Even if you observe daylight savings time, there are cases where the time shift isn’t an entire hour.

Besides multiple names, common names for zones often overlap. For example, in the United States, the Eastern Standard Time zone differs from Australia’s. Confused? You should be.

Maybe we should have more respect for multiple time zone clock projects. We’ve noticed these problems before when we felt sorry for the people who maintain the official time zone database.