Screenshot of eBay listings with Gigaset IoT devices being sold, now basically useless

A Giga-Sunset For Gigaset IoT Devices

In today’s “predictable things that happened before and definitely will happen again”, we have another company in the “smart device” business that has just shuttered their servers, leaving devices completely inert. This time, it’s Gigaset. The servers were shuttered on the 29th of March, and the official announcement (German, Google Translate) states that there’s no easy way out.

It appears that the devices were locked into Gigaset Cloud to perform their function, with no local-only option. This leaves all open source integrations in the dust, whatever documentation there was, is now taken down. As the announcement states, Gigaset Communications Gmbh has gotten acquired due to insolvency, and the buyer was not remotely interested in the Smart Home portion of the business. As the corporate traditions follow, we can’t expect open sourcing of the code or protocol specification or anything of the sort — the devices are bricks until someone takes care of them.

If you’re looking for smart devices on the cheap, you might want to add “Gigaset” to your monitored search term list — we’ll be waiting for your hack submissions as usual. After all, we’ve seen some success stories when it comes to abandoned smart home devices – like the recent Insteon story, where a group of device owners bought out and restarted the service after the company got abruptly shut down.

We thank [Louis] for sharing this with us!

Complex Organic Chemistry In Sulfuric Acid And Life On Venus

Finding extraterrestrial life in any form would be truly one of the largest discoveries in humankind’s history, yet after decades of scouring the surface of Mars and investigating other bodies like asteroids, we still have found no evidence. While we generally assume that we’re looking for carbon-based lifeforms in a water-rich environment like Jupiter’s moon Europa, what if complex organic chemistry would be just as happy with sulfuric acid (H2SO4) as solvent rather than dihydrogen monoxide (H2O)? This is the premise behind a range of recent studies, with a newly published research article in Astrobiology by [Maxwell D. Seager] and colleagues lending credence to this idea.

Previous studies have shown that organic chemistry in concentrated sulfuric acid is possible, and that nucleic acid bases – including adenosine, cytosine, guanine, thymine and uracil which form DNA – are also stable in this environment, which is similar to that of the Venusian clouds at an altitude where air pressure is roughly one atmosphere. In this new article, twenty amino acids were exposed to the concentrations of sulfuric acid usually found on Venus, at 98% and 81%, with the rest being water. Of these, 11 were unchanged after 4 weeks, 9 were reactive on their side chains, much like they would have been in pure water. Only tryptophan ended up being unstable, but as the researchers note, not all amino acids are stable in water either.

Continue reading “Complex Organic Chemistry In Sulfuric Acid And Life On Venus”

Two ICL PERQ 1 workstation computers, Department of Computer Science, North Machine Hall, James Clerk Maxwell Building, University of Edinburgh. (Credit: J. Gordon Hughes)

The Flex Computer System: UK’s Forgotten Capability Computer Architecture

During the 1970s many different computer architectures were being developed, many of them focused on making computer systems easier and more effective to use. The Flex Machine developed at the UK Ministry of Defence’s Royal Signals and Radar Establishment (RSRE) was one of them, falling in the category of Capability Architectures. These architectures required hardware with programmable microcode, which required either custom hardware, or computer systems like the Xerox Alto-inspired ICL PERQ (pictured). What’s interesting about Flex is that it didn’t just remain in the 1980s as a quaint footnote, but as detailed by [Martin C. Atkins] – who worked on the system – evolved into the Ten15 system, which later got renamed to TenDRA.

Capability architectures have a long history – including the Intel iAPX 432 and more recent implementations – but they all have in common is that they effectively implement an object-based memory architecture, rather than the low-level, flat memory space that we usually see with computer systems. These object-based capabilities, as they were termed, provides a level of memory protection and security that would be hard to implement otherwise. The book Capability-Based Computer Systems by [Henry M. Levy] forms a good introduction here.

Continue reading “The Flex Computer System: UK’s Forgotten Capability Computer Architecture”

Hands-On: NVIDIA Jetson Orin Nano Developer Kit

NVIDIA’s Jetson line of single-board computers are doing something different in a vast sea of relatively similar Linux SBCs. Designed for edge computing applications, such as a robot that needs to perform high-speed computer vision while out in the field, they provide exceptional performance in a board that’s of comparable size and weight to other SBCs on the market. The only difference, as you might expect, is that they tend to cost a lot more: the current top of the line Jetson AGX Orin Developer Kit is $1999 USD

Luckily for hackers and makers like us, NVIDIA realized they needed an affordable gateway into their ecosystem, so they introduced the $99 Jetson Nano in 2019. The product proved so popular that just a year later the company refreshed it with a streamlined carrier board that dropped the cost of the kit down to an incredible $59. Looking to expand on that success even further, today NVIDIA announced a new upmarket entry into the Nano family that lies somewhere in the middle.

While the $499 price tag of the Jetson Orin Nano Developer Kit may be a bit steep for hobbyists, there’s no question that you get a lot for your money. Capable of performing 40 trillion operations per second (TOPS), NVIDIA estimates the Orin Nano is a staggering 80X as powerful as the previous Nano. It’s a level of performance that, admittedly, not every Hackaday reader needs on their workbench. But the allure of a palm-sized supercomputer is very real, and anyone with an interest in experimenting with machine learning would do well to weigh (literally, and figuratively) the Orin Nano against a desktop computer with a comparable NVIDIA graphics card.

We were provided with one of the very first Jetson Orin Nano Developer Kits before their official unveiling during NVIDIA GTC (GPU Technology Conference), and I’ve spent the last few days getting up close and personal with the hardware and software. After coming to terms with the fact that this tiny board is considerably more powerful than the computer I’m currently writing this on, I’m left excited to see what the community can accomplish with the incredible performance offered by this pint-sized system.

Continue reading “Hands-On: NVIDIA Jetson Orin Nano Developer Kit”

This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis

If you use PHP, you likely use the Composer tool for managing dependencies, at least indirectly. And the good folks at SonarSource found a nasty, potential supply chain attack in this tool, when used in the Packagist repository. The problem is the support for arbitrary README filenames. When a package update shows up on Packagist, that service uses a Version Control Service (VCS) like Git or Mercurial to pull the specified readme location. That pull operation is subject to argument injection. Name your branch --help, and Git will happily run the help argument instead of doing the pull intended. In the case of Git commands, our intrepid researchers were unable to weaponize the issue to achieve code execution.

Composer also supports projects that use Mercurial as their VCS, and Mercurial has a --config option that has… interesting potential. It allows redefining a Mecurial command as a script snippet. So a project just has to contain a malicious payload.sh, and the readme set to --config=alias.cat=!hg cat -r : payload.sh|sh;,txt. For those keeping track at home, the vulnerability is that this cursed string of ugly is accepted by Composer as a valid filename. This uses the --config trick to redefine cat as a bit of script that executes the payload. It ends in .txt because that is a requirement of Composer.

So let’s talk about what this little hack could have been used for, or maybe still used for on an unpatched, private install of Packagist. This is an unattended attack that jumps straight to remote script execution — on an official package repository. If discovered and used for evil, this would have been a massive supply chain attack against PHP deployments. Instead, thanks to SonarSource, it was discovered and disclosed privately back in April. The official Packagist repo at packagist.org was fixed the day after disclosure, and a CVE and updated packages went out six days later. Great work all around.
Continue reading “This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis”

The Quiet Before The Storm?

My wife and I are reading a book about physics in the early 1900s. It’s half history of science and half biography of some of the most famous physicists, and it’s good fun. But it got me thinking about the state of physics 120 years ago.

What we’d now call classical mechanics was fully settled for quite a while, and even the mysterious electricity and magnetism had been recently put to rest by Maxwell and Heaviside. It seemed like there was nothing left to explain for a while. And then all the doors broke wide open.

As much as I personally like Einstein’s relativity work, I’d say the most revolutionary change in perspective, and driver of the most research in the intervening century, was quantum mechanics. And how did it all start? In the strangest of ways – with Niels Bohr worrying about why hydrogen and helium gasses gave off particular colors when ionized, which lead to his model of the atom and the idea of energy in quantum packets. Or maybe it was De Broglie’s idea that electrons could behave like waves or magnets, from slit and cathode-ray experiments respectively, that lead to Heisenberg’s uncertainty principle.

Either way, the birth of the strangest and most profound physics revolution – quantum mechanics – came from answering some ridiculously simple and straightforward questions. Why does helium emit pink, and how do TVs work? (I know, they didn’t have TVs yet…) Nobody looking at these phenomena, apart or together, could have thought that answering them would have required a complete re-thinking of how we think about reality. And yet it did.

I can’t help but wonder if there are, in addition to the multi-bazillion dollar projects like the Large Hadron Collider or the James Webb Space Telescope, some simpler phenomena out there that we should be asking “why?” about. Are we in a similar quiet before the storm? Or is it really true that the way to keep pushing back the boundaries of our ignorance is through these mega-projects?

Lenses: From Fire Starters To Smart Phones And VR

In antiquity, we see examples of magnifying crystals formed into a biconvex shape as early as the 7th century BC. Whether the people of that period used them either for fire-starting purposes or vision is unclear. Still, it is famously said that Emperor Nero of Rome watched gladiator games through an emerald.

Needless to say, the views we get through modern lenses are a lot more realistic. So how did we get from simple magnifying systems to the complex lens systems we see today? We start with a quick journey through the history of the camera and the lens, and we’ll end up with the cutting edge in lens design for smartphone cameras and VR headsets.

Continue reading “Lenses: From Fire Starters To Smart Phones And VR”