The past few days have been busy if you’re trying to keep up with the pace of computer security news. Between a serious Chromium bug that’s actively being exploited on Windows 7 systems, the NSA releasing one of their tools as an open source project, and a new Spectre-like speculative execution flaw in Intel processors, there’s a lot to digest.
Continue reading “Spoiler, Use-After-Free, And Ghidra: This Week In Computer Security”
Google+ is dead. Granted people have been saying that much for years now, but this time it’s really true. As of April, Google’s social media experiment will officially go the way of Reader, Buzz, Wave, Notebook, and all the other products that the search giant decided they were no longer interested in maintaining. Unfortunately in the case of Google+, the shutdown means losing a lot of valuable content that was buried in the “Communities” section of the service. Or at least that’s what we all thought.
Thanks to the efforts of [Michael Johnson], many of those Google+ communities now have a second chance at life. After taking a deep dive into the data from his own personal Google+ account, he realized it should be possible to write some code that would allow pulling the content out of Google’s service and transplanting it into a Discourse instance. With some more work, he was even able to figure out how to preserve the ownership of the comments and posts. This is no simple web archive; you can actually log into Discourse with your Google account and have all of your old content attributed to you. Continue reading “Google+ Communities Won’t Go Down Without A Fight”
As reported by The Register, hackers can now listen in on conversations happening around your computer by turning a hard drive into a microphone. There are caveats: the hack only works if these conversations are twice as loud as a blender, or about as loud as a lawn mower. In short, no one talks that loud, move along, nothing to see here.
The attack is to be presented at the 2019 IEEE Symposium on Security and Privacy, and describes the attack as a modification of the firmware on a disk drive to read the Position Error Signal that keeps read/write heads in the optimal position. This PES is affected by air pressure, and if something is affected by air pressure, you’ve got a microphone. In this case, it’s a terrible microphone that’s mechanically coupled to a machine that has a lot of vibrations including the spinning platter and a bunch of fans inside the computer. This is an academic exercise, and not a real attack, and either way to exfiltrate this data you need to root the computer the hard drive is attached to. It’s attacks all the way down.
The limiting factor in this attack is that it requires a very loud conversation to be held near a hard drive. To record speech, the researchers had to pump up the volume to 85 dBA, or about the same volume as a blender crushing some ice. Recording music through this microphone so that Shazam could identify the track meant playing the track back at 90 dBA, or about the same volume as a lawnmower. Basically, this isn’t happening.
The interesting bit of this hack isn’t using a hard drive as a microphone. It’s modifying the firmware on a hard drive to do something. We’ve seen some hacks like this before, but the latest public literature on hard drive firmware hacking is years old. If you’ve got a tip on how to hack hard drives, even if it’s to do something that’s horribly impractical, we’d love to see it.
Panelization of printed circuit boards is a very helpful trick for any PCB design tool to have. By panelizing boards, you can get them ready for automated assembly. You can put testing rigs right on the panel. You can combine different boards to reduce your PCB production cost. But Eagle, Fritzing, and KiCad don’t have proper panelization tools, only hacks and third-party tools to get something close to proper panelization. [Flemming] just created a new utility for KiCad that makes multiple copies of a board connected via mouse bites. It’s not complete panelization functionality, but for a lot of us, it’ll be good enough.
The video demo for this utility (try not to click on that because we’re going to blow some bandwidth with this link) starts off by importing a board into Pcbnew, making several copies of the board, arranging these boards to have 3-4mm spacing, and drawing ‘hint lines’ for the script, telling it where the mouse bites should go. The script runs, and boom, mouse bites and a panel.
This is a KiCad specific tool, and we’ve seen other tools for KiCad that make multiple copies of a board. We’ve also seen tools that take raw Gerbers of multiple designs and turn them into a panel. [Flemming]’s efforts are the closest we’ve seen to having all the features you want out of a panelization utility bild exclusively for KiCad.
While this tool will give you a set of Gerbers with multiple copies of a board connected with mouse bites, this is not in any way a complete solution to panelizing PCBs. If you’re panelizing PCBs, you’ll want to add fiducials in the corners of the full panel, which this tool does not allow you to do. You might want to have one complete ‘frame’ as a panel — effectively a rectangular piece of fiberglass that holds all your PCBs — which this tool does not allow you to do. Since you don’t get a frame, it’s impossible to run programming or testing signals to the frame that would be needed for assembly, but not necessary in production. That said, unless you’re going to spend thousand on Altium or use Open tools that have critical flaws such as GerberPanelizer, this is the best option you’ve got.
Microsoft has released the code for the Calculator app. This move is the latest in Microsoft’s efforts to capitalize on the Open Source community. Previous efforts have been the Open Sourcing of an extremely old version of DOS, and shoehorning Linux into Windows somehow in a way that’s marginally more user-friendly than spinning up a VM or popping over to your Linux partition. Oh yeah, Microsoft bought Github. Can’t forget that.
The release of the code for the Calculator app means now you too can truly verify all your calculations are correct. To build the Calculator app, you’ll need a Windows 10 computer and Visual Studio. You might think that this is the same code that’s been shipping for 30 years — it’s a simple calculator, right? Not so: the Calculator for Windows 8 had a strange and odd bug where the square root of 4, minus two, did not equal zero. Floating point is hard, kids.
Of special interest to the community, it’s now possible to disable telemetry sent from the Calculator app to Microsoft servers. Yes, the Calculator app knows you forgot how to divide, and wow man, six times nine, you needed help with that? Fortunately, telemetry can be disabled in developer’s builds by disabling the SEND_TELEMETRY build flag. Now Microsoft won’t know you don’t do math so good.
At the time of this writing, we could not be bothered to contact Microsoft to find out when the pinball game or Ski Free will be updated and Open Sourced.
Hackaday is hosting a meetup in Ho Chi Minh City, Vietnam on Sunday, March 24th. We’d love to see you there!
Sean Boyce lives in HCMC — you’ve likely enjoyed several of his articles detailing some of the culture, like keeping track of your scooter when parking in busy areas, and squashing myths about the quality of the coffee. In less than two weeks Mike Szczys will be stopping in to visit Sean and this is a great reason to host a Hackaday meetup!
Join Sean and Mike at Trung Nguyên Legend Café from 7-10 pm on Sunday, March 24th for a bring-a-hack style meetup. If you have a hardware project you’ve been working on, come and show it off as an excellent conversation starter. If not, that’s fine too. We’ve also lined up three short talks spanning topics from robotics to analog electronics. Of course if you’re excited about giving a talk, let us know in the comments below and we’ll work on squeezing you in.
Hackaday tries to host live events in all corners of the world, and it’s exciting to add Vietnam to the list. Head on over to the event page for more info, and we look forward to seeing you there! Of course if you happen to be on the other side of the world this coming weekend, there’s a Hackaday Mini-Unconference happening in Cambridge, UK!
When you need to roll sheet or thin flat bar stock into an arc, you need a rolling machine, also known as a slip roll. If you’ve priced these lately, you’ll know that they can be rather expensive, especially if you are only going to use them for one or two projects. While building a fenced enclosure for his dog, [Tim] realized he could use steel fence posts and connectors to build his own slip roll for much less, and posted a video about it on his YouTube channel.
The key realization was that not only are the galvanized posts cheap and strong, but the galvanized coating would act as a lubricant to reduce wear, especially when augmented with a bit of grease. The build looks pretty straightforward, and a dedicated viewer could probably re-create a similar version with little difficulty. The stock fence connectors serve double-duty as both fasteners and bushings for the rollers, and a pair of turnbuckles supplies tension to the assembly.
The one tricky part is the chain-and-sprocket linkage which keeps the two bottom rollers moving in tandem. [Tim] cut sprockets from some plate steel with his plasma cutter, but mentions that similar sprockets can be found cheaply online and only need to be modified with a larger hole. Although most of the build is held together with set screws in the fence post fittings, the sprockets appear to be welded to the galvanized pipe. We’re sure [Tim] knows that welding galvanized steel can lead to metal fume fever, so we were hoping the video would caution viewers to remove the zinc coating on those parts before welding.
[Tim] demonstrates forming some 4 mm flat steel into circles, and the operation seems easy enough, especially given the inexpensive nature of this build. Overall, this seems like the sort of thing we could see ourselves trying on a lazy Saturday afternoon – it certainly seems like more fun than building a fence with the parts, so be sure to check out the video, after the break.
