How Does Time Work On The Moon?

March 26, 2024 by Lewin Day 46 Comments

We’re looking to go back to the Moon. Not just with robots this time, but with astronauts, too! They’ll be doing all kinds of interesting things when they get there. Maybe they’ll even work towards establishing a more permanent presence for humanity on the lunar surface, in which case they’ll have to get up in the morning, eat breakfast, and get to work.

This raises the question—how does time work on the Moon? As simple as they can be down here, Earthly days and years have little meaning up there, after all. So what’s going on up there?

Continue reading “How Does Time Work On The Moon?” →

This Week In Security: Loop DOS, Flipper Responds, And More!

March 22, 2024 by Jonathan Bennett 8 Comments

Here’s a fun thought experiment. UDP packets can be sent with an arbitrary source IP and port, so you can send a packet to one server, and could aim the response at another server. What happens if that response triggers another response? What if you could craft a packet that continues that cycle endlessly? That is essentially the idea behind Loop DoS (Denial of Service).

This unique avalanche of packets has been managed using specific implementations of several different network services, like TFTP, DNS, and NTP. There are several CVEs being used to track the issue, but CVE-2024-2169 is particularly odd, with the description that “Implementations of UDP application protocol are vulnerable to network loops.” This seems to be a blanket CVE for UDP, which is particularly inappropriate given that the first DoS of this sort was first reported in 2009 at the latest.

More details are available in a Google Doc. There some interesting tidbits there, like the existence of cross-protocol loops, and several legacy protocols that are vulnerable by design. The important thing to remember here is you have to have an accessible UDP port for this sort of attack to take place, so if you’re not using it, firewall it.

Flipper Flips Back

We’ve covered the saga of the Flipper Zero vs the Canadian government, in the context of car theft. The short version is that Canada has seen an uptick of car thefts from organized crime. Rather than meaningfully dealing with this problem, the Canadian government went looking for scapegoats, and found the Flipper Zero.

Well now, Flipper has responded, and put simply, the message is “stop the madness”. There has never been a confirmed case of using a flipper to steal a car, and it’s very unlikely it’s ever happened. On a modern car with proper rolling-code security, it’s not meaningfully possible to use the Flipper Zero for the theft. The two primary ways criminals actually steal cars are with dedicated keyfob repeaters and CAN bus hackers.

There is a petition to sign, and for Canadians, Flipper suggests contacting your local member of parliament. Continue reading “This Week In Security: Loop DOS, Flipper Responds, And More!” →

diagram of the radicle node-to-node connectivity

Radicle: An Open-Source, Peer-to-Peer, GitHub Alternative

March 16, 2024 by Dave Rowntree 26 Comments

The actions of certain large social networks have recently highlighted how a small number of people possess significant power over the masses and how this power is sometimes misused. Consequently, there has been a surge in the development of federated (or decentralized) services, such as Mastodon and Matrix. But what about development? While GitHub and similar services are less likely to be used for political manipulation, they are still centralized services with a common failure point. Radicle is an open-source, peer-to-peer collaboration stack built on top of Git but backed with public key cryptography as a standard and a gossip protocol to ensure widespread data sharing across the network and, thus, some fault tolerance.

Essentially, code and associated documentation are secured cryptographically with an identity. The Git protocol is used for actual data transfer from peer-to-peer, which means that updates are only sent as deltas, not complete copies, maximizing channel bandwidth efficiency. A custom gossip protocol is used for metadata transfer around the network of peers. The projects had a local-first ideology, with users running a full-stack node on their hardware and all features available, even offline, which is great for laptop users who move around locations with sporadic access to the internet.

Judging from their Zulipchat instance, this is a highly active space, so perhaps it is worth diving in and seeing if it floats your boat. Fancy getting onto the Fediverse, but only have a spare MS-DOS machine to try it on? We’ve got it covered. Want to use Git but not online? You need a private Git server. Finally, too much Git? How about Gitless?

Thanks [Anonymous] for the tip! No, that wasn’t lost on us :D

The Insurance Buys The Wheelchair, But Not The App To Run It

March 9, 2024 by Jenny List 35 Comments

The writer Cory Doctorow coined the term enshittification to describe the way that services decline in quality as their users become the product. He was talking about online services when he came up with the word, but the same is very much true when it comes to hardware. Items which once just worked now need apps and online services, with marginal benefit to the user if any. It’s one thing when it’s your soundbar or your washing machine, but thanks to Lemmy user [@win95] from the Netherlands we’ve seen a far more egregious example. People with disabilities are being provided with new powered wheelchairs through their medical insurance, but are then discovering that unaffordable in-app purchases are needed to use their features. Continue reading “The Insurance Buys The Wheelchair, But Not The App To Run It” →

Hackaday Podcast Episode 261: Rickroll Toothbrush, Keyboard Cat, Zombie Dialup

March 8, 2024 by Kristina Panos 1 Comment

This week, Editor-in-Chief Elliot Williams and Kristina Panos met up in a new disposable location to give the lowdown on this week’s best hacks. First up in the news — the Home Sweet Home Automation contest is still going strong. You’ve still got plenty of time, so get on over to Hackaday.IO and start your entry today. In the news, the UK is asking how powerful an electric bike should be (more than 250 Watts, certainly), and legal pressure from Nintendo has shut down two emulators.

Kristina’s cigar box kalimba…

…with hand-wound pickup!

Then it’s on to What’s That Sound. Kristina failed again, although she was pretty confident about her answer. Can you get it? Can you figure it out? Can you guess what’s making that sound this week? If you can, and your number comes up, you get a special Hackaday Podcast t-shirt.

But then it’s on to the hacks, beginning with a Wi-Fi toothbrush hack from [Aaron Christophel]. This can only mean the beginning of some epic toothbrush firmware, right? From there, we marvel at moving cat food, the ultimate bulk material, and the idea of spoofing a whole cloud of drones. Finally, we examine one of Jenny’s Daily Drivers in the form of Damn Small Linux (the other DSL), and reminisce about dial-up (speaking of DSL).

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Continue reading “Hackaday Podcast Episode 261: Rickroll Toothbrush, Keyboard Cat, Zombie Dialup” →

Ethernet For Hackers: Transformers, MACs And PHYs

March 7, 2024 by Arya Voronova 21 Comments

We’ve talked about Ethernet basics, and we’ve talked about equipment you will find with Ethernet. However, that’s obviously not all – you also need to know how to add Ethernet to your board and to your microcontroller. Such low-level details are harder to learn casually than the things we talked about previously, but today, we’re going to pick up the slack.

You might also have some very fair questions. What are the black blocks near Ethernet sockets that you generally will see on boards, and why do they look like nothing else you see on circuit boards ever? Why do some boards, like the Raspberry Pi, lack them altogether? What kind of chip do you need if you want to add Ethernet support to a microcontroller, and what might you need if your microcontroller claims to support Ethernet? Let’s talk.

Transformers Make The Data World Turn

One of the Ethernet’s many features is that it’s resilient, and easy to throw around. It’s also galvanically isolated, which means you don’t need a ground connection for a link either – not until you want a shield due to imposed interference, at which point, it might be that you’re pulling cable inside industrial machinery. There are a few tricks to Ethernet, and one such fundamental Ethernet trick is transformers, known as “magnetics” in Ethernet context.

Each pair has to be put through a transformer for the Ethernet port to work properly, as a rule. That’s the black epoxy-covered block you will inevitably see near an Ethernet port in your device. There are two places on the board as far as Ethernet goes – before the transformer, and after the transformer, and they’re treated differently. After the transformer, Ethernet is significantly more resilient to things like ground potential differences, which is how you can wire up two random computers with Ethernet and not even think about things like common mode bias or ground loops, things we must account for in audio, or digital interfaces that haven’t yet gone optical somehow.

Continue reading “Ethernet For Hackers: Transformers, MACs And PHYs” →

Unlimited Cloud Storage YouTube Style

February 22, 2024 by Al Williams 76 Comments

[Adam Conway] wanted to store files in the cloud. However, if you haven’t noticed, unlimited free storage is hard to find. We aren’t sure if he wants to use the tool he built seriously, but he decided that if he could encode data in a video format, he could store his files on YouTube. Does it work? It does, and you can find the code on GitHub.

Of course, the efficiency isn’t very good. A 7 K image, for example, yielded a 9-megabyte video. If we were going to store files on YouTube, we’d encrypt them, too, making it even worse.

The first attempt was to break the file into pieces and encode them as QR codes. Makes sense, but it didn’t work out. To get enough data into each frame, the modules (think pixels) in the QR code were small. Combined with video compression, the system was unreliable.

Simplicity rules. Each frame is 1920×1080 and uses a black pixel as a one and a white pixel as a zero. In theory, this gives about 259 kbytes per frame. However, to help avoid problems decoding due to video compression, the real bits use a 5×5 pixel block, so that means you get about 10 kbytes of data per frame.

The code isn’t perfect. It can add things to the end of a file, for example, but that would be easy to fix. The protocol could use error correction and compression. You might even build encryption into it or store more data — old school cassette-style — using the audio channel. Still, as a proof of concept, it is pretty neat.

This might sound like a new idea, but people way back in the early home computer days could back up data to VCRs. This isn’t even the first time we’ve seen it done with YouTube.