This week, Jonathan Bennett and Dan Lynch chat with Josh Bressers, VP of Security at Anchore, and host of the Open Source Security and Hacker History podcasts. We talk security, SBOMs, and how Josh almost became a Sun fan instead of a Linux geek.
– https://opensourcesecurity.io
– https://hackerhistory.com
– https://infosec.exchange/@joshbressers
– https://anchore.com
Continue reading “FLOSS Weekly Episode 807: Bitten By The Penguin”
The name BeOS is one which tends to evoke either sighs of nostalgia or blank stares, mostly determined by one’s knowledge of the 1990s operating system scene. Originally released in 1995 by Be Inc., it was featured primarily on the company’s PowerPC-based BeBox computers, as well as being pitched to potential customers including Apple, who was looking for a replacement for MacOS. By then running on both PowerPC and x86-based systems, BeOS remained one of those niche operating systems which even the free Personal Edition (PE) of BeOS Release 5 from 1998 could not change.
As one of the many who downloaded BeOS R5 PE and installed it on a Windows system to have a poke at it, I found it to be a visually charming and quite functional OS, but saw no urgent need to use it instead of Windows 98 SE or 2000. This would appear to have been the general response from the public, as no BeOS revival ensued. Yet even as BeOS floundered and Be Inc. got bought up, sold off and dissected for its parts, a group of fans who wanted to see BeOS live on decided to make their own version. First called OpenBeOS and now Haiku, it’s a fascinating look at a multimedia-centric desktop OS that feels both very 1990s, but also very modern.
With the recent release of the R1 Beta 5 much has been improved, which raises the interesting question of how close Haiku is to becoming a serious desktop OS contender.
Continue reading “Haiku OS’s Beta 5 Release Brings Us Into A New BeOS Era”
We see a fair few glitcher projects, especially the simpler voltage glitchers. Still, quite often due to their relative simplicity, they’re little more than a microcontroller board and a few components hanging off some wires. PicoGlitcher by Hackaday.IO user [Matthias Kesenheimer] is a simple voltage glitcher which aims to make the hardware setup a little more robust without getting caught up in the complexities of other techniques. Based on the Raspberry Pico (obviously!), the board has sufficient niceties to simplify glitching attacks in various situations, providing controllable host power if required.
A pair of 74LVC8T245 (according to the provided BoM) level shifters allow connecting to targets at voltages from 1.8 V to 5 V if powered by PicoGlitcher or anything in spec for the ‘245 if target power is being used. In addition to the expected RESET and TRIGGER signals, spare GPIOs are brought out to a header for whatever purpose is needed to control a
particular attack. If a programmed reset doesn’t get the job done, the target power is provided via a TPS2041 load switch to enable cold starts. The final part of the interface is an analog input provided by an SMA connector.
The glitching signal is also brought out to an SMA connector via a pair of transistors; an IRLML2502 NMOS performs ‘low power’ glitching by momentarily connecting the glitch output to ground. This ‘crowbarring’ causes a rapid dip in supply voltage and upsets the target, hopefully in a helpful way. An IRF7807 ‘NMOS device provides a higher power option, which can handle pulse loads of up to 66A. Which transistor you select in the Findus glitching toolchain depends on the type of load connected, particularly the amount of decoupling capacitance that needs to be discharged. For boards with heavier decoupling, use the beefy IRF7807 and accept the glitch won’t be as sharp as you’d like. For other hardware, the faster, smaller device is sufficient.
The software to drive PicoGlitcher and the hardware design files for KiCAD are provided on the project GitHub page. There also appears to be an Eagle project in there. You can’t have too much hardware documentation! For the software, check out the documentation for a quick overview of how it all works and some nice examples against some targets known to be susceptible to this type of attack.
For a cheap way to glitch an STM8, you can just use a pile of wires. But for something a bit more complicated, such as a Starlink user terminal, you need something a bit more robust. Finally, voltage glitching doesn’t always work, so the next tool you can reach for is a picoEMP.
Continue reading “Use PicoGlitcher For Voltage Glitching Attacks”
Even in the advanced world of 2024, robots are still better in science fiction than in reality. Star Trek gave us the erudite and refined Data, Rogue One gave us the fierce yet funny K-2SO, and Big Hero 6 gave us the caring charmer named Baymax. All these robots had smarts, capability, and agency. More than that, though—they were faithful(ish) companions to humans, fulfilling what that role entails.
The thing is, we’re not gonna get robots like that unless somebody builds them. [Angela Sheehan] is a artist and an educator, and a maker—and she’s trying to create exactly that. She came down to the 2023 Hackaday Supercon to tell us all about her efforts to create cuddly companion bots for real.
Applying solder paste to a new custom PCB is always a little nerve-racking. One slip of the hand, and you have a smeared mess to clean up. To make this task a little easier, [Max Scheffler] built the Stencil Fix Portable, a compact self-contained vacuum table to hold your stencil firmly in place and pop it off cleanly every time.
The Stencil Fix V1 used a shop vac for suction, just like another stencil holder we’ve seen. The vacuum can take up precious space, makes the jig a little tricky to move, and bumping the hose can lead to the dreaded smear and colorful language. To get around this [Max] added a brushless drone motor with a 3D printed impeller, with a LiPo battery for power. The speed controller gets its PWM signal from a little RP2040 dev board connected to a potentiometer. [Max] could have used a servo tester, but he found the motor could be a little too responsive and would move the entire unit due to inertia from the impeller. The RP2040 allowed him to add a low pass filter to eliminate the issue. The adjustable speed also means the suction force can be reduced a little for easy alignment of the stencil before locking it down completely.
We love seeing tool projects like these that make future projects a little easier. Fortunately, [Max] made the designs available so you can build your own.
Continue reading “Portable Solder Paste Station Prevents Smears With Suction”
It probably comes as little surprise that our planet is practically buzzing with radio waves. Most of it is of our own making, with cell phones, microwaves, WiFi, and broadcasts up and down the spectrum whizzing around all the time. But our transmissions aren’t the only RF show in town, as the Earth itself is more than capable of generating radio signals of its own, signals which you can explore with a simple sferics receiver like this one.
If you’ve never heard of sferics and other natural radio phenomena, we have a primer to get you started. Briefly, sferics, short for “atmospherics,” are RF signals in the VLF range generated by the millions of lightning discharges that strike the Earth daily. Tuning into them is a pretty simple proposition, as [DX Explorer]’s receiver demonstrates. His circuit, which is based on a design by [K8TND], is just a single JFET surrounded by a few caps and resistors, plus a simple trap to filter out the strong AM broadcast signals in his area. The output of the RF amplifier goes directly into an audio amp, which could be anything you have handy — but you risk breaking [Elliot]’s heart if you don’t use his beloved LM386.
This is definitely a “nothing fancy” build, with the RF section built ugly style on a scrap of PCB and a simple telescopic whip used for an antenna. Tuning into the Earth’s radio signals does take some care, though. Getting far away from power lines is important, to limit AC interference. [DX Explorer] also found how he held the receiver was important; unless he was touching the ground plane of the receiver, the receiver started self-oscillating. But the pips, crackles, and pings came in loud and clear on his rig; check out the video below for the VLF action.
Continue reading “Homebrew Sferics Receiver Lets You Tune Into Earth Music”
If you’re looking for a hackerspace while on your travels, there is more than one website which shows them on a map, and even tells you whether or not they are open. This last feature is powered by SpaceAPI, a standard way for hackerspaces to publish information about themselves, including whether or not they are closed.
Given such a trove of data then it’s hardly surprising that [S3lph] would use it to create a gigantic map of central Europe with lights in the appropriate places (German language, Google Translate link) to show the spaces and their status.
The lights are a set of addressable LEDs and the brain is an ESP32, making this an accessible project for most hackers with the time to assemble it. Unsurprisingly then it’s not the first such map we’ve seen, though it’s considerably more ambitious than the last one. Meanwhile if your hackerspace doesn’t have SpaceAPI yet or you’re simply curious about the whole thing, we took a look at it back in 2021.
Thanks [Dave] for the tip.
