One of the first findings to note is that the backdoor doesn’t allow a user to log in over SSH. Instead, when an SSH request is signed with the right authentication key, one of the certificate fields is decoded and executed via a system() call. And this makes perfect sense. An SSH login leaves an audit trail, while this backdoor is obviously intended to be silent and secret.
It’s interesting to note that this code made use of both autotools macros, and the GNU ifunc, or Indirect FUNCtions. That’s the nifty feature where a binary can include different versions of a function, each optimized for a different processor instruction set. The right version of the function gets called at runtime. Or in this case, the malicious version of that function gets hooked in to execution by a malicious library. Continue reading “This Week In Security: XZ, ATT, And Letters Of Marque”→
While it might not seem like it to a novice, music turns out to be a highly mathematical endeavor with precise ratios between chords and notes as well as overall structure of rhythm and timing. This is especially true of popular music which has even more recognizable repeating patterns and trends, making it unfortunately an easy target for modern generative AI which is capable of analyzing huge amounts of data and creating arguably unique creations. This one, called Suno, does just that for better or worse.
Unlike other generative AI offerings that are currently available for creating music, this one is not only capable of generating the musical underpinnings of the song itself but can additionally create a layer of intelligible vocals as well. A deeper investigation of the technology by Rolling Stone found that the tool uses its own models to come up with the music and then offloads the text generation for the vocals to ChatGPT, finally using the generated lyrics to generate fairly convincing vocals. Like image and text generation models that have come out in the last few years, this has the potential to be significantly disruptive.
While we’re not particularly excited about living in a world where humans toil while the machines create art and not the other way around, at best we could hope for a world where real musicians use these models as tools to enhance their creativity rather than being outright substitutes, much like ChatGPT itself currently is for programmers. That might be an overly optimistic view, though, and only time will tell.
Imagine an electronics lab. If you grew up in the age of tubes, you might envision a room full of heavy large equipment. Even if you grew up in the latter part of the last century, your idea might be a fairly large workbench with giant boxes full of blinking lights. These days, you can do everything in one little box connected to a PC. Somehow, though, it doesn’t quite feel right. Besides, you might be using your computer for something else.
I’m fortunate in that I have a good-sized workspace in a separate building. My main bench has an oscilloscope, several power supplies, a function generator, a bench meter, and at least two counters. But I also have an office in the house, and sometimes I just want to do something there, but I don’t have a lot of space. I finally found a very workable solution that fits on a credenza and takes just around 14 inches of linear space.
How?
How can I pack the whole thing in 14 inches? The trick is to use only two boxes, but they need to be devices that can do a lot. The latest generation of oscilloscopes are quite small. My scope of choice is a Rigol DHO900, although there are other similar-sized scopes out there.
If you’ve only seen these in pictures, it is hard to realize how much smaller they are than the usual scopes. They should put a banana in the pictures for scale. The scope is about 10.5″ wide (265 mm and change). It is also razor thin: 3″ or 77 mm. For comparison, that’s about an inch and a half narrower and nearly half the width of a DS1052E, which has a smaller screen and only two channels.
A lot of test gear in a short run.
If you get the scope tricked out, you’ve just crammed a bunch of features into that small space. Of course, you have a scope and a spectrum analyzer. You can use the thing as a voltmeter, but it isn’t the primary meter on the bench. If you spend a few extra dollars, you can also get a function generator and logic analyzer built-in. Tip: the scope doesn’t come with the logic analyzer probes, and they are pricey. However, you can find clones of them in the usual places that are very inexpensive and work fine.
There are plenty of reviews of this and similar scopes around, so I won’t talk anymore about it. The biggest problem is where to park all the probes. Continue reading “The Short Workbench”→
We all know that we’re living in a surveillance state that would make Orwell himself shake his head, but it looks like at least one company in this space has gone a little rogue. According to reports, AI surveillance start-up Flock <<insert gratuitous “What the Flock?” joke here>> has installed at least 200 of its car-tracking cameras on public roads in South Carolina alone. That’s a serious whoopsie, especially since it’s illegal to install anything on state infrastructure without permission, which it appears Flock failed to obtain. South Carolina authorities are making a good show of being outraged about this, but it sort of rings hollow to us, especially since Flock now claims that 70% of the population (of the USA, we presume) is covered by their technology. Also, police departments across the country are in love with Flock’s service, which lets them accurately track the movements of potential suspects, which of course is everyone. No word on whether Flock will have to remove the rogue cameras, but we’re not holding our breath.
I found myself in Milton Keynes, UK, a little while ago, with a few hours to spare. What could I do but rock over to the National Museum of Computing and make a nuisance of myself? I have visited many times, but this time, I was armed with a voice recorder and a mission to talk to everybody who didn’t run away fast enough. There is so much to see and do, that what follows is a somewhat truncated whistle-stop tour to give you, the dear readers, a flavour of what other exhibits you can find once you’ve taken in the usual sights of the Colossus and the other famous early machines.
Click this image to play in your browser.
We expect you’ve heard of the classic text adventure game Zork. Well before that, there was the ingeniously titled “Adventure”, which is reported to be the first ‘interactive fiction’ text adventure game. Created initially by [Will Crowther], who at the time was a keen cave explorer and D & D player, and also the guy responsible for the firmware of the original Arpanet routers, the game contains details of the cave systems of Mammoth and Flint Ridge in Kentucky.
The first version was a text-based simulation of moving around the cave system, and after a while of its release onto the fledgling internet, it was picked up and extended by [Don Woods], and the rest is history. If you want to read more, the excellent site by [Rick Adams] is a great resource that lets you play along in your browser. Just watch out for the dwarfs. (Editor’s note: “plugh“.) During my visit, I believe the software was running on the room-sized ICL2966 via a VT01 terminal, but feel free to correct me, as I can’t find any information to the contrary.
A little further around the same room as the ICL system, there is a real rarity: a Marconi TAC or Transistorised Automatic Computer. This four-cabinet minicomputer was designed in the late 1950s as a ‘fast real-time computer’, is one of only five made, and this example was initially installed at Wylfa nuclear power station in Anglesey, intended as a monitoring and alarm system controller. These two machines were spare units for the three built for the Swedish air defence system, which were no longer required. Commissioned in 1968, this TAC ran continuously until 2004, which could make it one the longest continuously running computers in the world. The TAC has 4 kwords of 20-bit core memory, a paper tape reader for program loading and a magnetic drum storage memory. Unusually, for this period, the TAC has a micro-coded CISC architecture, utilising a whole cabinet worth of diode-matrix ROM boards to code the instruction set. This enabled the TAC to have a customizable instruction set. As standard, the TAC shipped with trigonometric and other transcendental functions as individual instructions. This strategy minimized the program size and allowed more complex programs to fit in the memory.
Back on the theme of learning to program by taking on a meaningful project — we have another raytracing demo — this time using Rust on the Raspberry Pi. [Unfastener] saw our previous article about writing a simple raytracer in spectrum BASIC and got inspired to try something similar. The plan was to recreate the famous juggler 3D demo, from the early days of 3D rendering on the Amiga.
The juggler story starts with an Amiga programmer called [Eric Graham] who created ssg, the first ray tracer application on a personal computer. A demo was shown to Commodore, who didn’t believe it was done on their platform, but a quick follow-up with the actual software used soon quelled their doubts. Once convinced, they purchased the rights to the demo for a couple of thousand dollars (in 1986 money, mind you) to use in promotional materials. [Eric] developed ssg into the popular Sculpt 3D, which became available also on Mac and Windows platforms, and kick-started a whole industry of personal 3D modelling and ray tracing.
Anyway, back to the point. [Unfastener] needed to get up the considerable Rust learning curve, and the best way to do that is to let someone else take care of some of the awkward details of dealing with GUI, and just concentrate on the application. To that end, they use the softbuffer and winit Rust crates that deal with the (important, yet frankly uninteresting) details of building frame buffers and pushing the pixels out to the window manager in a cross-platform way. Vecmath takes care of — you guessed it — the vector math. There’s no point reinventing that wheel either. Whilst [Unfastener] mentions the original Amiga demo took about an hour per frame to render, this implementation runs in real-time. To that end, the code performs a timed pre-render to determine the most acceptable resolution to get an acceptable frame rate, achieving a respectable 30 or so frames per second on a Pi 5, with the older Pis needing to drop the resolution a little. This goes to show how efficient Rust code can be and, how capable the new Pi is. How far we have come.
We’ve seen quite a few DIY 2G networks over the years, but the 4G field has been relatively barren. Turns out, there’s an open source suite called srsRAN that lets you use an SDR for setting up an LTE network, and recently, we’ve found a blog post from [MaFrance351] (Google Translate) that teaches you everything you could need to know if you ever wanted to launch a LTE network for your personal research purposes.
For a start, you want a reasonably powerful computer, a transmit-capable full-duplex software defined radio (SDR), suitable antennas, some programmable SIM cards, and a few other bits and pieces like SIM card programmers and LTE-capable smartphones for testing purposes. Get your hardware ready and strap in, as [MaFrance351] guides you through setting up your own base station, with extreme amounts of detail outlining anything you could get caught up on.
