Books You Should Read: Red Team Blues

June 1, 2023 by 12 Comments

Martin Hench really likes playing on the Red Team — being on the attack. He’s a financial geek, understands cryptocurrency, understands how money is moved around to keep it hidden, and is really good at mining data from social media. He puts those skills together as a forensic accountant. Put simply, Martin finds money that people want hidden. Against his better judgment, Marty does the job of a lifetime, and makes an absolute mint. But that job had hair, and he’s got to live through the aftermath. It turns out, that might just be a challenge, as three separate groups want a piece of him.

Red Team Blues, a work of fiction by [Cory Doctorow] about cryptocurrency, trust, finance, and society as a whole. When [Doctorow] offered to send us a copy to review, we jumped at the chance, and can give it a hearty recommendation as a fun and thoughtful tale. The moral seems to be that while everyone plays the sordid finance game, the government should really work harder to disentangle the mess, but maybe we would do better if more people opted for integrity. There is also a real point to be made about the dark side of cryptocurrency, in that it enables crime, ransomware, and money laundering on a global scale. For all the pluses for privacy and anonymity, there’s some real downsides. The characters spend most of the book wrestling with that dichotomy in the background.

The book took something of a moralizing turn just over halfway through. Which, depending on your viewpoint, you’ll either really appreciate, or have to hold your nose a bit to get through. But the suspense pulls the reader through it, making for an overall enjoyable read. As an added bonus, you might end up with a better mental image of how the pieces of digital privacy, finance, and the real world all fit together.

The book has all the fun references to Tor, Signal, Bitcoin, and computer history you could want. And the central MacGuffin is an interesting one: a cryptocurrency that runs on proof-of-secure-enclave, eliminating the ridiculous power consumption of proof-of-work schemes. All of this with some rich Silicon Valley lore setting up the background. Our conclusion? Two wrenches up.

Opening Up ASIC Design

April 5, 2023 by 7 Comments

The odds are that if you’ve heard about application-specific integrated circuits (ASICs) at all, it’s in the context of cryptocurrency mining. For some currencies, the only way to efficiently mine them anymore is to build computers so single-purposed they can’t do anything else. But an ASIC is a handy tool to develop for plenty of embedded applications where efficiency is a key design goal. Building integrated circuits isn’t particularly straightforward or open, though, so you’ll need some tools to develop them such as OpenRAM.

Designing the working memory of a purpose-built computing system is a surprisingly complex task which OpenRAM seeks to demystify a bit. Built in Python, it can help a designer handle routing models, power modeling, timing, and plenty of other considerations when building static RAM modules within integrated circuits. Other tools for taking care of this step of IC design are proprietary, so this is one step on the way to a completely open toolchain that anyone can use to start building their own ASIC.

This tool is relatively new and while we mentioned it briefly in an article back in February, it’s worth taking a look at for anyone who needs more than something like an FPGA might offer and who also wants to use an open-source tool. Be sure to take a look at the project’s GitHub page for more detailed information as well. There are open-source toolchains if you plan on sticking with your FPGA of choice, though.

Hackaday Links Column Banner

Hackaday Links: March 5, 2023

March 5, 2023 by 40 Comments

Well, we guess it had to happen eventually — Ford is putting plans in place to make its vehicles capable of self-repossession. At least it seems so from a patent application that was published last week, which reads like something written by someone who fancies themselves an evil genius but is just really, really annoying. Like most patent applications, it covers a lot of ground; aside from the obvious capability of a self-driving car to drive itself back to the dealership, Ford lists a number of steps that its proposed system could take before or instead of driving the car away from someone who’s behind on payments.

Examples include selective disabling conveniences in the vehicle, like the HVAC or infotainment systems, or even locking the doors and effectively bricking the vehicle. Ford graciously makes allowance for using the repossessed vehicle in an emergency, and makes mention of using cameras in the vehicle and a “neural network” to verify that the locked-out user is indeed having, say, a medical emergency. What could possibly go wrong?

Continue reading “Hackaday Links: March 5, 2023”

Building Your Own Consensus

November 30, 2022 by 3 Comments

With billions of computers talking to each other daily, how do they decide anything? Even in a database or server deployment, how do the different computers that make up the database decide what values have been committed? How do they agree on what time it is? How do they come to a consensus?

But first, what is the concept of consensus in the context of computers? Boiled down, it is for all involved agents to agree on a single value. However, allowances for dissenting, incorrect, or faulting agents are designed into the protocol. Every correct agent must answer, and all proper agents must have the same answer. This is particularly important for data centers or mesh networks. What happens if the network becomes partitioned, some nodes go offline, or the software crashes weirdly, sending strange garbled data? One of the most common consensus algorithms is Raft. Continue reading “Building Your Own Consensus”

Buzzword Bingo Bitcoin Burial Burrowing Blueprint Balked At By Bureaucracy

August 4, 2022 by 46 Comments

Many of you will at some time have heard the unfortunate tale of [James Howells], a Welsh IT worker who threw away a hard drive containing 8,000 Bitcoin back in 2013. Over the years he’s hatched various schemes to persuade his local council to let him dig up the landfill where it’s reputed to be buried, and every time he’s been rebuffed. Despite the fall in the price of cryptocurrencies he’s back with another. With the added spice of AI and robot dogs alongside the cryptocurrency angle, it reads like a buzzword bingo card and adds a whole new meaning to “Bitcoin mining”. Seemingly despite generous offers the local council are still not keen on letting him dig for the drive.

We can’t help feeling sorry for the guy — after all, in the early days of cryptocurrency the coins were a worthless curiosity so it’s not impossible there are readers with similar stories. But we’re curious how well the drive will have survived its 9-year interment even if the AI robot arm and robot dog security would ensure its recovery. With that much cash at stake the best in the data recovery business will no doubt be unleashed on whatever remains they might recover, but in the unfriendly environment of a festering landfill we’d be curious as to whether chemical action might have corroded the platters to the point at which nothing might remain. Wales has a high rainfall unlike the American southwest, so we doubt it would survive as well as an Atari cartridge.

Meanwhile, tell us your cryptocurrency might-have-beens in the comments.

Landfill Site sign by Geographer, CC BY-SA 2.0.

Hackaday Links Column Banner

Hackaday Links: July 3, 2022

July 3, 2022 by 10 Comments

Looks like we might have been a bit premature in our dismissal last week of the Sun’s potential for throwing a temper tantrum, as that’s exactly what happened when a G1 geomagnetic storm hit the planet early last week. To be fair, the storm was very minor — aurora visible down to the latitude of Calgary isn’t terribly unusual — but the odd thing about this storm was that it sort of snuck up on us. Solar scientists first thought it was a coronal mass ejection (CME), possibly related to the “monster sunspot” that had rapidly tripled in size and was being hyped up as some kind of planet killer. But it appears this sneak attack came from another, less-studied phenomenon, a co-rotating interaction region, or CIR. These sound a bit like eddy currents in the solar wind, which can bunch up plasma that can suddenly burst forth from the sun, all without showing the usually telltale sunspots.

Then again, even people who study the Sun for a living don’t always seem to agree on what’s going on up there. Back at the beginning of Solar Cycle 25, NASA and NOAA, the National Oceanic and Atmospheric Administration, were calling for a relatively weak showing during our star’s eleven-year cycle, as recorded by the number of sunspots observed. But another model, developed by heliophysicists at the U.S. National Center for Atmospheric Research, predicted that Solar Cycle 25 could be among the strongest ever recorded. And so far, it looks like the latter group might be right. Where the NASA/NOAA model called for 37 sunspots in May of 2022, for example, the Sun actually threw up 97 — much more in line with what the NCAR model predicted. If the trend holds, the peak of the eleven-year cycle in April of 2025 might see over 200 sunspots a month.

So, good news and bad news from the cryptocurrency world lately. The bad news is that cryptocurrency markets are crashing, with the flagship Bitcoin falling from its high of around $67,000 down to $20,000 or so, and looking like it might fall even further. But the good news is that’s put a bit of a crimp in the demand for NVIDIA graphics cards, as the economics of turning electricity into hashes starts to look a little less attractive. So if you’re trying to upgrade your gaming rig, that means there’ll soon be a glut of GPUs, right? Not so fast, maybe: at least one analyst has a different view, based mainly on the distribution of AMD and NVIDIA GPU chips in the market as well as how much revenue they each draw from crypto rather than from traditional uses of the chips. It’s important mainly for investors, so it doesn’t really matter to you if you’re just looking for a graphics card on the cheap.

Speaking of businesses, things are not looking too good for MakerGear. According to a banner announcement on their website, the supplier of 3D printers, parts, and accessories is scaling back operations, to the point where everything is being sold on an “as-is” basis with no returns. In a long post on “The Future of MakerGear,” founder and CEO Rick Pollack says the problem basically boils down to supply chain and COVID issues — they can’t get the parts they need to make printers. And so the company is looking for a buyer. We find this sad but understandable, and wish Rick and everyone at MakerGear the best of luck as they try to keep the lights on.

And finally, if there’s one thing Elon Musk is good at, it’s keeping his many businesses in the public eye. And so it is this week with SpaceX, which is recruiting Starlink customers to write nasty-grams to the Federal Communications Commission regarding Dish Network’s plan to gobble up a bunch of spectrum in the 12-GHz band for their 5G expansion plans. The 3,000 or so newly minted experts on spectrum allocation wrote to tell FCC commissioners how much Dish sucks, and how much they love and depend on Starlink. It looks like they may have a point — Starlink uses the lowest part of the Ku band (12 GHz – 18 GHz) for data downlinks to user terminals, along with big chunks of about half a dozen other bands. It’ll be interesting to watch this one play out.

This Week In Security: More State-Sponsored Activity, Spring4Shell

April 1, 2022 by 4 Comments

[Editor’s note: There is a second, fake iteration of this column out today. This is obviously the real column.]

An alert from CISA, combined with an unsealed pair of indictments, sheds some new light on how Russian hackers pursue high-value targets. The key malware here is Triton, essentially a rootkit designed for the Tricon safety systems, widely deployed at refineries and other infrastructure facilities. One of the early deployments of this was to a Saudi oil plant in 2017. This deployment seems to have been botched, as it caused malfunctions and shut the plant down for about a week.

The new information is confirmation that the same operators, out of the “Central Scientific Research Institute of Chemistry and Mechanics”, attempted to target US facilities with the same campaign. The Wired coverage initially struck me as odd, as it detailed how these Russian attackers researched US refineries, looking for the most promising targets. How exactly did US intelligence agencies know about the research habits of agents in Russia? The details of the indictment has the answer: They were researching US refineries by downloading papers from the US Department of Energy. As the IP addresses of this Russian research group is known and tracked, it was easy enough for US agencies to make the connection.

Continue reading “This Week In Security: More State-Sponsored Activity, Spring4Shell”