This Week In Security: Terrapin, Seized Unseized, And Autospill

December 22, 2023 by 5 Comments

There’s a new SSH vulnerability, Terrapin (pdf paper), and it’s got the potential to be nasty — but only in an extremely limited circumstance. To understand the problem, we have to understand what SSH is designed to do. It replaces telnet as a tool to get a command line shell on a remote computer. Telnet send all that text in the clear, but SSH wraps it all inside a public-key encrypted tunnel. It was designed to safely negotiate an unfriendly network, which is why SSH clients are so explicit about accepting new keys, and alerting when a key has changed.

SSH uses a sequence counter to detect Man-in-the-Middle (MitM) shenanigans like packet deletion, replay, or reordering. That sequence isn’t actually included in the packet, but is used as part of the Message Authentication Check (MAC) of several encryption modes. This means that if a packet is removed from the encrypted tunnel, the MAC fails on the rest of the packets, triggering a complete connection reset. This sequence actually starts at zero, with the first unencrypted packet sent after the version banners are exchanged. In theory, this means that an attacker fiddling with packets in the pre-encryption phase will invalidate the entire connection as well. There’s just one problem.

The innovation from the Terrapin researchers is that an attacker with MitM access to the connection can insert a number of benign messages in the pre-encryption phase, and then silently drop the first number of messages in the encrypted phase. Just a little TCP sequence rewriting for any messages between, and neither the server nor client can detect the deception. It’s a really interesting trick — but what can we do with it?

For most SSH implementations, not much. The 9.6 release of OpenSSH addresses the bug, calling it cryptographically novel, but noting that the actual impact is limited to disabling some of the timing obfuscation features added to release 9.5.

Continue reading “This Week In Security: Terrapin, Seized Unseized, And Autospill”

Giant Demonstrator Explains How DLP Projectors Work

December 22, 2023 by 5 Comments

Texas Instruments developed digital mirror devices, and the subsequent digital light processing (DLP) projector, starting in the late 1980s. The technology is a wondrous and fanciful application of micro-scale electronics and optics. Most of us that have tangled with these devices have had to learn their mode of operation from diagrams and our own imagination. But what if you just built one at a large enough scale that you could see how it worked? Well, [jbumstead] did just that!

A real Digital Micromirror Device (DMD) consists of hundreds of thousands of mirrors, which would be impractical to recreate. This build settles for a simpler 5×5 array made using half-inch square mirrors. It uses solenoids to move each individual mirror between a flat and angled position to create the display. The solenoids are all under the command of an Arduino Mega which controls the overall state of the display and shows various patterns.

It’s not perfect, with the mirrors not quite matching in angles at all times, but it demonstrates the concept perfectly well. When you see it in action with light bouncing off it, you can easily understand how this could be used to make a display of many thousands of pixels in a projector arrangement. We’ve featured some other DLP hacks before, too, so dive in if you’re interested.

Continue reading “Giant Demonstrator Explains How DLP Projectors Work”

Open Source DC UPS Keeps The Low-Voltage Gear Going

December 22, 2023 by 27 Comments

We all like to keep our network gear running during a power outage — trouble is, your standard consumer-grade uninterruptible power supply (UPS) tends to be overkill for routers and such. Their outlet strips built quickly get crowded with wall-warts, and why bother converting from DC to AC only to convert back again?

This common conundrum is the inspiration for [Walker]’s DC UPS design, which has some interesting features. First off, the design is open source, which of course invites tinkering and repurposing. The UPS is built for a 12 volt supply and load, but that obviously can be changed to suit your needs. The battery bank is a 4S3P design using 18650 cells, and that could be customized as well. There’s an ideal diode controller that prevents DC from back-feeding into the supply when the lights go out, and a really interesting synchronous buck-boost converter in place of the power management chip you’d normally see in a UPS. The converter chip takes a PWM signal from an RP2040; there’s also an ESP32 onboard for web server and UI duties as well as an STM32 to run the BMS. The video below discusses the design and shows a little of the build.

We’ve seen a spate of DC UPS designs lately, some more elaborate than others. This one has quite a few interesting chips that most of us don’t normally deal with, and it’s nice to see how they’re used in a practical design.

Continue reading “Open Source DC UPS Keeps The Low-Voltage Gear Going”

Zerowriter Promises Zero Distractions While Writing

December 21, 2023 by 15 Comments

As great as full-blown desktop computers may be for web surfing, gaming, and what have you, they are theaters of distraction when it comes time to write. And while there are machines out there purpose-built for writing, the price tags run awfully high for what they are, which is essentially a microprocessor handling a keyboard and an E-ink display.

So, why not build one yourself, then? That’s the idea behind the Zerowriter, which, as you may have guessed, is based on the Raspberry Pi Zero. The Zero 2 W to be exact: [zerowriter]  says that the extra power over the original Zero is quite useful.

In addition, there’s a 4.2″ Waveshare E-ink display and the Vortex Core 40% keyboard inside the 3D-printed enclosure. The design is based on the Penkesu computer, although in the Zerowriter, the Pi sits behind the screen instead of underneath the keyboard. [zerowriter] built an application on top of the Waveshare demo program that’s easy to use and modify.

The price tag for this build comes in around $200, which is a fraction of similar commercial products. Most of the cost is in this particular keyboard, although 40%s are, broadly speaking, not cheap. We would love to see someone make a keyboard for this.

Looking to make something a bit bigger? Be sure to check out the MUSE.

A series of plates and tubes sits in a tank of water. The plates are square with what looks to be a white coating.

Desalinating Water With The Sun

December 21, 2023 by 12 Comments

Getting fresh water from salt water can be difficult to do at any kind of scale. Researchers have developed a new method of desalinating water that significantly reduces its cost. [via Electrek]

By mimicking the thermohaline circulation of the ocean, the researchers from MIT and Shanghai Jiao Tong University were able to solve one of the primary issues with desalination systems, salt fouling. Using a series of evaporator/condenser stages, the seawater is separated into freshwater and salt using heat from the sun.

Evaporating water to separate it from salt isn’t new, but the researchers took it a step further by tilting the whole contraption and introducing a series of tubes to help move the water along and create eddy currents. These currents help the denser, saltier water move off of the apparatus and down deeper into the fluid where the salt doesn’t cause an issue with the device’s operation. The device should have a relatively long lifetime since it has no moving parts and doesn’t require any electricity to operate.

The researchers believe a small, suitcase-sized device could produce water for a family for less than the cost of tap water in the US. The (paywalled) paper is available from Joule.

If you’re curious about other drinking water hacks, check out this post on Re-Imagining the Water Supply or this previous work by the same researchers.

VU Meter Built With Neat Graphical VFD Display

December 21, 2023 by 14 Comments

VFD displays are beloved for their eerie glow that sits somewhere just off what you’d call blue. [mircemk] used one of these displays to create an old-school VU meter that looks straight out of a 1970s laboratory. 

The build uses an Arduino Nano as the brains of the operation, which uses its analog inputs to process incoming audio into decibel levels for display on a VU meter. It’s then charged with driving a GP1287 VFD display. Unlike some VFDs that have preset segments that can be illuminated or switched off, this is a fully graphical dot matrix display that can be driven as desired. Thus, when it’s not acting as a bar graph VU meter, it can also emulate old-school moving-needle meters. Though, it bears noting, the slow updates the Arduino makes to the display means it’s kind of like those dodgy skeumorphic music apps of the 16-bit era; i.e. it’s quite visually jerky.

Overall, it’s a neat project that demonstrates how to work with audio, microcontrollers, and displays all in one. We’ve featured other projects from [mircemk] before, too, almost all of which appear in the same blue and grey project boxes. Video after the break.

Continue reading “VU Meter Built With Neat Graphical VFD Display”

Making A Guitar Go To Eleven, The Hard Way

December 21, 2023 by 10 Comments

At the end of the day, all it takes to make a guitar go to eleven is a new knob. Making the knob is another thing — that takes a shop full of machine tools, the expertise to use them, and a whole bunch of time. Then again, if you’re pressed for time, it looks like a 3D printer will do nicely too.

While the 3D printing route is clearly the easier option, it sure seems as if [Chronova Engineering] is more about the journey than the destination. In need of some knob bling for an electric guitar, he takes us through the lengthy process (nicely summarized in the video below) of crafting one from a bar of solid brass. Like all good machining projects, this one starts with making the tools necessary to start the actual build; in this case, it’s a tool to cut the splines needing to mate with the splines on the guitar’s potentiometer shaft. That side quest alone represents probably a third of the total effort on this project, and results in a tool that’s used for all of about 30 seconds.

Aside from spline cutting, there are a ton of interesting machining tidbits on display here. We particularly liked the use of a shaping technique to form the knurling on the knob, as opposed to a standard rotary method, which would have been difficult given the taper on the knob body. Also worth noting are the grinding step that puts a visually interesting pattern on the knob’s top surface, as well as the pantograph used to etch the knob’s markings.

Congrats to [Chronova Engineering] for a great-looking build, and the deep dive into the machinist’s ways. If you’re still interested in custom brass knobs but don’t have a machine shop, we can help with that.

Continue reading “Making A Guitar Go To Eleven, The Hard Way”