Hackaday Podcast Episode 256: 0, 256, 400, 0x100, And 10000000

February 9, 2024 by 23 Comments

For this week’s episode, we did something super special — we all convened to answer your burning questions about your hosts, both as hackers and as humans. We kick things off with a segment featuring a hearty round-table discussion between Elliot, Al, Dan, Kristina, and Tom. What’s on our benches? What do we type on? Go find out!

None of us figured out What’s That Sound though a few of us had some creative guesses. Can you guess the sound? There could be a t-shirt in it for ya.

Kristina and Elliot went on to have a normal podcast too, but since the round table section went so long, we’ll process up that section and put it out early next week.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download this epic monument of podcasting and savor it for the next 256 weeks.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

NIF’s Laser Fusion Experiment’s Energy Gain Passes Peer Review

February 9, 2024 by 53 Comments

Back in December of 2022, a team of researchers at the USA’s National Ignition Facility (NIF) announced that they had exceeded ‘scientific breakeven’ with their laser-based inertial confinement fusion (ICF) system. Their work has now been peer-reviewed and passed scrutiny, confirming that the energy put into fusing a small amount of deuterium-tritium fuel resulted in a net gain (Q) of 1.5.

Laser Bay 2, one of NIF's two laser bays
Laser Bay 2 at the NIF.

The key take-away here of course remains that ICF is not a viable method of producing energy, as we detailed back in 2021 when we covered the 1.3 MJ yield announcement, and again in 2022 following the subject of this now completed peer review.  The sheer amount of energy required to produce the laser energy targeting the fuel capsule and loss therein, as well as the energy required to manufacture each of these fuel capsules (Hohlraum) and sustaining a cycle make it a highly impractical proposition for anything except weapons research.

Despite this, it’s good to see that the NIF’s ICF research is bearing fruit, even if for energy production we should look towards magnetic confinement fusion (MCF), which includes the many tokamaks active today like Japan’s JT-60SE, as well as stellarators like Germany’s Wendelstein 7-X and other efforts to make MCF a major clean-energy source for the future.

This Week In Security: Broken Shims, LassPass, And Toothbrushes?

February 9, 2024 by 8 Comments

Linux has a shim problem. Which naturally leads to a reasonable question: What’s a shim, and why do we need it? The answer: Making Linux work wit Secure Boot, and an unintended quirk of the GPLv3.

Secure Boot is the verification scheme in modern machines that guarantees that only a trusted OS can boot. When Secure Boot was first introduced, many Linux fans suggested it was little more than an attempt to keep Linux distros off of consumer’s machines. That fear seems to have been unwarranted, as Microsoft has dutifully kept the Linux Shim signed, so we can all run Linux distros on our Secure Boot machines.

So the shim. It’s essentially a first-stage bootloader, that can boot a signed GRUB2 or other target. You might ask, why can’t we just ask Microsoft to sign GRUB2 directly? And that’s where the GPLv3 comes in. That license has an “anti-tivoization” section, which specifies “Installation Information” as part of what must be provided as part of GPLv3 compliance. And Microsoft’s legal team understands that requirement to apply to even this signing process. And it would totally defeat the point of Secure Boot to release the keys, so no GPLv3 code gets signed. Instead, we get the shim.

Now that we understand the shim, let’s cover how it’s broken. The most serious vulnerability is a buffer overflow in the HTTP file transfer code. The buffer is allocated based on the size in the HTTP header, but a malicious HTTP server can set that value incorrectly, and the shim code would happily write the real HTTP contents past the end of that buffer, leading to arbitrary code execution. You might ask, why in the world does the shim have HTTP code in it at all? The simple answer is to support UEFI HTTP Boot, a replacement for PXE boot.

The good news is that this vulnerability can only be triggered when using HTTP boot, and only by connecting to a malicious server or via a man-in-the-middle attack. With this in mind, it’s odd that this vulnerability is rated a 9.8. Specifically, it seems incorrect that this bug is rated low complexity, or a general network attack vector. In Red Hat’s own write-up of the vulnerability, they argue that the exploitation is high complexity, and is only possible from an adjacent network. There were a handful of lesser vulnerabilities found, and these were all fixed with shim 15.8. Continue reading “This Week In Security: Broken Shims, LassPass, And Toothbrushes?”

Flipped Bit Could Mark The End Of Voyager 1‘s Interstellar Mission

February 9, 2024 by 95 Comments

Sometimes it’s hard to read the tea leaves of what’s going on with high-profile space missions. Weighted down as they are with the need to be careful with taxpayer money and having so much national prestige on the line, space agencies are usually pretty cagey about what’s going on up there. But when project managers talk about needing a “miracle” to continue a project, you know things have gotten serious.

And so things now sit with Voyager 1, humanity’s most distant scientific outpost, currently careening away from Mother Earth at 17 kilometers every second and unable to transmit useful scientific or engineering data back to us across nearly a light-day of space. The problem with the 46-year-old spacecraft cropped up back in November, when Voyager started sending gibberish back to Earth. NASA publicly discussed the problem in December, initially blaming it on the telemetry modulation unit (TMU) that packages data from the remaining operable scientific instruments along with engineering data for transmission back to Earth. It appeared at the time that the TMU was not properly communicating with the flight data system (FDS), the main flight computer aboard the spacecraft.

Since then, flight controllers have determined that the problem lies within the one remaining FDS on board (the backup FDS failed back in 1981), most likely thanks to a single bit of corrupted memory. The Deep Space Network is still receiving carrier signals from Voyager, meaning its 3.7-meter high-gain antenna is still pointing back at Earth, so that’s encouraging. But with the corrupt memory, they’ve got no engineering data from the spacecraft to confirm their hypothesis.

The team has tried rebooting the FDS, to no avail. They’re currently evaluating a plan to send commands to put the spacecraft into a flight mode last used during its planetary fly-bys, in the hope that will yield some clues about where the memory is corrupted, if indeed it is. But without a simulator to test the changes, and with most of the engineers who originally built the spacecraft long gone now, the team is treading very carefully.

Voyager 1 is long past warranty, of course, and with an unparalleled record of discovery, it doesn’t owe us anything at this point. But we’re not quite ready to see it slip into its long interstellar sleep, and we wish the team good luck while it works through the issue.

Power Supply Efficiency Measurements

February 9, 2024 by 12 Comments

Even if you don’t have a Rohde Schwarz oscilloscope, you can still enjoy their recent video about using an oscilloscope to measure power supply efficiency. Of course, you don’t have to have a scope to do this. You can use a voltmeter and an ammeter, but it is very straightforward if you have a four-channel scope with a pair of current probes.

Of course, if you can measure the voltage and the current at the input, you can calculate the input power. Then again, most scopes these days can do the math for you. Then, you make the same measurement and calculation at the output. If you know the input and output power, you can calculate a percentage or many scopes can do it for you now.

Continue reading “Power Supply Efficiency Measurements”

[Usagi] Whips A Chain Printer Into Shape

February 8, 2024 by 7 Comments

What does it take to get a 47-year-old printer working? [Usagi Electric] shows us it’s not too hard, even if you don’t exactly know what you’re doing.  When we last left this project, he’d tested and verified his power supply was working. This week, after a bit of cleaning, it was time to dig into the mechanics.

If you haven’t seen a chain printer in action before, definitely check one out. They’re big, loud, and sound a bit like a turbine when they spool up. The type chains on these printers never stops moving. This means the printer has to know exactly where a particular letter is before launching one of 66 hammers at it. If the timing is off, parts will fly. To the average computer user, they’re quite intimidating.

Thankfully [Usagi’s] printer was in pretty good shape. When he flipped the big power switch, there was plenty of strange noises, culminating in the test pattern of dollar signs. Probably an early reminder to customers that they needed to order more print supplies.

Continue reading “[Usagi] Whips A Chain Printer Into Shape”

A line-art diagram of the microfluidic device. On the left, in red text, it says "Fibrillization trigger (CPB pH 5.0). There is a rectangular outline of the chip in grey, with a sideways trapezoid on the left side narrowing until it becomes an arrow on the right. At the right is an inset picture of the semi-transparent microfluidic chip and the text "Negative Pressure (Pultrusion)." Above the trapezoid is the green text "MaSp2 solution" and below is "LLPS trigger (CPB pH 7.0)" in purple. The green, purple, and red text correspond with inlets labeld 1, 2, and 3, respectively. Three regions along the arrow-like channel from left to right are labeled "LLPS region," "pH drop," and in a much longer final section "Fiber assembly region."

Synthetic Spider Silk

February 8, 2024 by 7 Comments

While spider silk proteins are something you can make in your garage, making useful drag line fibers has proved a daunting challenge. Now, a team of scientists from Japan and Hong Kong are closer to replicating artificial spider silk using microfluidics.

Based on how spiders spin their silk, the researchers designed a microfluidic device to replicate the chemical and physical gradients present in the spider. By varying the amount of shear and chemical triggers, they tuned the nanostructure of the fiber to recreate the “hierarchical nanoscale substructure, which is the hallmark of native silk self-assembly.”

We have to admit, keeping a small bank of these clear, rectangular devices on our desk seems like a lot less work than keeping an army of spiders fed and entertained to produce spider silk Hackaday swag. We shouldn’t expect to see a desktop microfluidic spider silk machine this year, but we’re getting closer and closer. While you wait, why not learn from spiders how to make better 3D prints?

If you’re interesting in making your own spider silk proteins, checkout how [Justin Atkin] and [The Thought Emporium] have done it with yeast. Want to make your spider farm spiders have stronger silk? Try augmenting it with carbon.