This Week In Security: In The Wild, Through Your NAT, And Brave

November 6, 2020 by 12 Comments

Most of the stories from this week are vulnerabilities dropped before fixes are available, many of them actively being exploited. Strap yourselves in!

Windows Kernel Crypto

The first is CVE-2020-17087, an issue in the Windows Kernel Cryptography Driver. The vulnerable system calls are accessible from unprivileged user-space, and potentially even from inside sandboxed environments. The resulting buffer overflow can result in arbitrary code executing in the kernel context, meaning this is a quick jump to root-level control over a victim system.

What exactly is the code flaw here that’s being attacked? It’s in a bit of buffer allocation logic, inside a binary-to-hex conversion routine. The function accepts an unsigned short length argument. That value is used to calculate the output buffer size, by multiplying it by six, and using an unsigned short to hold that value. See the problem? A sufficiently large value will roll over, and the output buffer size will be too small. It’s a value overflow that leads to a buffer overflow.

Because the problem is being actively exploited, the report has been made public just seven days after discovery. The flaw is still unpatched in Windows 10, as of the time of writing. It also seems to be present as far back as Windows 7, which will likely not receive a fix, being out of support. [Editor’s snarky note: Thanks, closed-source software.] Continue reading “This Week In Security: In The Wild, Through Your NAT, And Brave”

Lunar Ark Boldly Goes

November 6, 2020 by 27 Comments

[Sebastian and Karl-Johan] are two award-winning Danish Space Architects who are subjecting themselves to harsh, seemingly uninhabitable conditions, for science. The pair set out to build a lunar base that could land with the manned Moon missions in 2024. Like any good engineering problem, what good is a solution without testing? So the pair have placed their habitat in a Moon Analogue habitat and are staying in their habitat for two months. They want to really feel the remoteness, the bitter cold, and the fatigue of actually being on the moon. So far they are about halfway through their journey and expect to return home in December 2020.

When asking themselves where on Earth is it most like the Moon, they came up with Moriusaq, Greenland. It’s cold, remote, in constant sunlight this time of year, and it is a vast white monochrome landscape just like the moon. The first moon settlement missions are expected to be at the South Pole of the Moon, as known as the Peak of Eternal Light.
The habitat itself is a testament to the duo’s ingenuity. The whole structure folds to fit the tight space and weight requirements of rockets. Taking 2.9m3 (102 ft3) when stored, it expands 560% in volume to 17.2m3 (607 ft3). In Greenland, the structure needs to withstand -30ºC (-22ºF) and 90 km/h winds.

Because the South Pole is in constant sunlight, the temperature varies much less there than on the rest of the Moon, which makes Greenland a very good analogue temperature-wise. The foldable skin is covered in solar panels, both on the top of the bottom. The highly reflective nature of the Moon’s surface makes it easy to capture the light bouncing up onto the bottom of the habitat.

Several other bits of technology have been included onboard, like a 3D printer, a circadian light stimulation system, an algae reactor, and a weather simulation. Since both the Moon and Greenland are in constant sunlight, the pod helps regulate the circadian rhythms of the occupants by changing the hue and brightness throughout the day. The weather simulation tries to break up the monotony of space by introducing weather like a stormy day or rainbow colours.

Their expedition is still ongoing and they post daily mission updates. While some might call their foray into the unknown madness, we call it bold. Currently, NASA is planning its Artemis mission in 2024 and we hope that the lessons learning from the Lunark and other experiments culminate in a better experience for all astronauts.

Walmart Gives Up On Stock-Checking Robots

November 6, 2020 by 37 Comments

We’ve seen the Jetsons, Star Wars, and Silent Running. In the future, all the menial jobs will be done by robots. But Walmart is reversing plans to have six-foot-tall robots scan store shelves to check stock levels. The robots, from a company called Bossa Nova Robotics, apparently worked well enough and Walmart had promoted the idea in many investor-related events, promising that robot workers would reduce labor costs while better stock levels would increase sales.

So why did the retail giant say no to these ‘droids? Apparently, they found better ways to check stock and, according to a quote in the Wall Street Journal’s article about the decision, shoppers reacted negatively to sharing the aisle with the roving machines.

The robots didn’t just check stock. They could also check prices and find misplaced items. You can see a promotional video about the device below. Continue reading “Walmart Gives Up On Stock-Checking Robots”

A Super UPS For The Pi

November 5, 2020 by 57 Comments

One of the problems with using a Raspberry Pi or most other systems in a production environment is dealing with sudden shutdowns due to power loss. Modern operating systems often keep data in memory that should be on disk, and a sudden power cycle can create problems. One answer is an uninterruptible power supply, but maintaining batteries is no fun. [Scott] wanted to do better, so he built a UPS using supercapacitors.

A supercapacitor UPS is nearly ideal. The caps charge quickly and don’t wear out as a battery does. The capacitors also don’t care if they stay in storage for a long time. The only real downside is they don’t have the capacity that batteries can have, but for a small computer like a Pi Zero it is pretty easy to gang up enough capacitors to do the job.

Continue reading “A Super UPS For The Pi”

Purdue’s Powerful Paint Could Cancel Climate Change

November 5, 2020 by 76 Comments

What if a building could stay cool simply because of its paint job? We’re not talking about putting flames on the sides. Purdue engineers have come up with a formulation of white paint that reflects the heat from sunlight and keeps surfaces cooler than their surroundings. Depending on the location, a building with this paint on the roof may not need air conditioning.

Radiative cooling paint is not a completely new animal, but the formulation developed at Purdue is quite impressive compared to commercially-available paints that only reflect 80-90% of sunlight.

Purdue’s paint reflects 95.5% of sunlight. It can keep surfaces up to 18°F cooler than their surroundings, even in direct sunlight. Where does the heat go? The paint radiates infrared heat, so it escapes the atmosphere and goes into deep space.

How does it do this? With abundantly available calcium carbonate fillers — the chalky stuff that antacids are made of. The paint absorbs next to no UV rays because of the wide band gaps in the atomic structure of calcium carbonate. Take a brief tour of this amazing paint after the break.

We wonder how many rooftops and roadways we’d have to paint with this stuff to have a chance at reversing climate change. It’s not terribly expensive to make, so the problem shifts to widespread education and adoption. What do you think?

Continue reading “Purdue’s Powerful Paint Could Cancel Climate Change”

Open Source Lego Controller

November 5, 2020 by 15 Comments

A mechanical and manufacturing engineer by day, [Tyler Collins] taught himself electronics and firmware development in his spare time and created an open source Lego controller called Evlōno One. It is based on the STM32 and Arduino ecosystems, and compatible with a impressive variety of existing Lego controllers, sensors and actuators. [Tyler] encountered Lego Mindstorms while helping in an after-school program, and got to wondering whether he could make a more flexible controller. We’d have to say he succeeded, and it’s amazing how much he has packed into this 4 x 4 single-height brick format.

The Evlōno One is based on an ESP32 dual-core MCU, and has WiFi, Bluetooth, and an IR transmitter for wireless connectivity. It also boasts USB-C power delivery, three motor controllers, speakers, LEDs and a button. Dig through the Kickstarted page for more details on these interfaces and specifications. Both the firmware and the hardware will be published as open source on GitHub.

Although [Tyler] has the prototypes all running, he notes this is his first big production effort. FCC certification testing and production mold tooling are the two biggest items driving the scheduled Feb 2021 shipments. If computer driven Lego modeling is one of your hobbies, definitely check out [Tyler]’s project. And if you missed our [Daniel Pikora]’s FOSSCON 2018 presentation about the intersection (collision) of Legos and Open Source, our article must-read for you folks in the Adult Fan of Lego (AFOL) community.

Continue reading “Open Source Lego Controller”

Giant Blacksmith Vise From Start To Finish

November 5, 2020 by 17 Comments

In any proper workshop you want to be able to securely hold a workpiece, whether it’s a tiny PCB or a heavy piece of forged steel. [Jason Marburger] from Fireball Tool needed a really large heavy-duty vise, so he built himself a massive 1490 lbs / 676 kg floor-standing blacksmith vise from scratch.

Blacksmith vises are designed to take a lot of heavy abuse, such as holding heavy pieces of steel that are being hammered. [Jason]’s vise stands about 3 feet tall, and the main frame components were cut from 1 5/8 inch (41.3 mm) steel with a water jet cutter. The jaws are operated with a large hand wheel connected to a lead screw. Bearings on the lead screw allow the hand wheel to be spun like a flywheel, allowing it to be quickly opened and closed. The weight of the moving jaw keeps the lead screw under tension, eliminating any backlash. This allows for really fine control over the holding force, which [Jason] demonstrates by carefully clamping a tiny screw. With the hand wheel alone the vise can exert 12880 lb / 5800 kg, but a hydraulic lift was also added, boosting the force to 30000 lbs. The deep throat allows a large object to be clamped, and the jaws can also be offset to clamp something to the side of the vise.

The vise was beautifully finished with powder coating and pin striping, which will no doubt wear over time if it’s properly used, but the vise itself should last a few lifetimes. While this isn’t something you can really build in a home workshop, it is always inspiring to see what is possible with a bit more tools, knowledge and skill. The build is documented in a 4 part series (link in first paragraph), but we’ve added a short highlights reel below for your viewing pleasure.

Continue reading “Giant Blacksmith Vise From Start To Finish”