Let’s Talk Intel, Meltdown, And Spectre

January 5, 2018 by 150 Comments

This week we’ve seen a tsunami of news stories about a vulnerability in Intel processors. We’re certain that by now you’ve heard of (and are maybe tired of hearing about) Meltdown and Spectre. However, as a Hackaday reader, you are likely the person who others turn to when they need to get the gist of news like this. Since this has bubbled up in watered-down versions to the highest levels of mass media, let’s take a look at what Meltdown and Spectre are, and also see what’s happening in the other two rings of this three-ring circus.

Meltdown and Spectre in a Nutshell

These two attacks are similar. Meltdown is specific to Intel processors and kernel fixes (basically workarounds implemented by operating systems) will result in a 5%-30% speed penalty depending on how the CPU is being used. Spectre is not limited to Intel, but also affects AMD and ARM processors and kernel fixes are not expected to come with a speed penalty.

Friend of Hackaday and security researcher extraordinaire Joe Fitz has written a superb layman’s explanation of these types of attacks. His use of the term “layman” may be a little more high level than normal — this is something you need to read.

The attack exploits something called branch prediction. To boost speed, these processors keep a cache of past branch behavior in memory and use that to predict future branching operations. Branch predictors load data into memory before checking to see if you have permissions to access that data. Obviously you don’t, so that memory will not be made available for you to read. The exploit uses a clever guessing game to look at other files also returned by the predictor to which you do have access. If you’re clever enough, you can reconstruct the restricted data by iterating on this trick many many times.

For the most comprehensive info, you can read the PDF whitepapers on Meltdown and Spectre.

Update: Check Alan Hightower’s explanation of the Meltdown exploit left as a comment below. Quite good for helping deliver better understanding of how this works.

Frustration from Kernel Developers

These vulnerabilities are in silicon — they can’t be easily fixed with a microcode update which is how CPU manufacturers usually workaround silicon errata (although this appears to be an architectural flaw and not errata per se). An Intel “fix” would amount to a product recall. They’ve already said they won’t be doing a recall, but how would that work anyway? What’s the lead time on spinning up the fabs to replace all the Intel chips in use — yikes!

So the fixes fall on the operating systems at the kernel level. Intel should be (and probably is behind the scenes) bowing down to the kernel developers who are saving their bacon. It is understandably frustrating to have to spend time and resources patching these vulnerabilities, which displaces planned feature updates and improvements. Linus Torvalds has been throwing shade at Intel — anecdotal evidence of this frustration:

“I think somebody inside of Intel needs to really take a long hard look at their CPU’s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.”

That’s the tamest part of his message posted on the Linux Kernel Mailing List.

Stock Sales Kerfuffle is Just a Distraction

The first thing I did on hearing about these vulnerabilities on Tuesday was to check Intel’s stock price and I was surprised it hadn’t fallen much. In fact, peak to peak it’s only seen about an 8% drop this week and has recovered some from that low.

Of course, it came out that back in November Intel’s CEO Bryan Krzanich sold off his Intel stock to the tune of $24 Million, bringing him down to his contractual minimum of shares. He likely knew about Meltdown when arranging that sale. Resist the urge to flame on this decision. Whether it’s legal or not, hating on this guy is just a distraction.

What’s more interesting to me is this: Intel is too big to fail. What are we all going to do, stop using Intel and start using something else? You can’t just pull the chip and put a new one in, in the case of desktop computers you need a new motherboard plus all the supporting stuff like memory. For servers, laptops, and mobile devices you need to replace the entire piece of equipment. Intel has a huge market share, and silicon has a long production cycle. Branch prediction has been commonplace in consumer CPUs going back to 1995 when the Pentium Pro brought it to the x86 architecture. This is a piece of the foundation that will be yanked out and replaced with new designs that provide the same speed benefits without the same risks — but that will take time to make it into the real world.

CPUs are infrastructure and this is the loudest bell to date tolling to signal how important their design is to society. It’s time to take a hard look at what open silicon design would bring to the table. You can’t say this would have been prevented with Open design. You can say that the path to new processors without these issues would be a shorter one if there were more than two companies producing all of the world’s processors — both of which have been affected by these vulnerabilities.

Teaching Alexa To 3D Print

January 5, 2018 by 21 Comments

Sometimes a gadget like Alexa or Google Home is a solution looking for a problem. Then the problem you’ve been looking for hits you square in the face. I’ve confessed before that I have an oscilloscope problem. I also have a microcontroller development board habit. It appears now I have too many 3D printers. I recently finished building my latest one, an Anet A8 I picked up on Black Friday. While calibrating it, I found myself juggling a screwdriver, a pair of pliers, and trying to operate the thing all at one time. I realized I had to come up with a better way.

I don’t know if it qualifies as an addiction yet, but I also have an Alexa in every room (although I call it “Computer” because I’m a Star Trek fan) and a Google Home device almost everywhere. Why can’t I get one of these assistants to operate my printer for me? What are assistants for, after all, other than telling Dad jokes?

You’d think adding voice control to a 3D printer would a bit difficult. With the right tools, it is actually pretty easy. Luckily those tools aren’t anything special… if you want a set up like mine, where Alexa controls your 3D printer, read on.

Continue reading “Teaching Alexa To 3D Print”

Automatic Dust Collection For The Whole Shop

January 5, 2018 by 19 Comments

If you’ve got a woodworking area, or even if you’ve just got something that really churns out dust like a belt sander or table saw, there’s an excellent chance you hate sawdust with a passion. It gets all over your clothes, jams up everything mechanical, and as a fun little bonus can be explosive if not handled properly. Thankfully newer tools tend to come with their own dust collection bags (back in the old days, you weren’t really a man unless you were coughing up wood fibers), but if you’ve got a half a dozen tools with half a dozen different dust bags you’ve got to empty, that can get pretty annoying.

Especially if you take woodworking as seriously as [Brad Wright] does. Over on his YouTube channel [DIY Builds], he quickly runs through the construction of a whole-shop dust collection system with some very neat features. Not everyone needs a system this intricate, but the tips and tricks he shows off during the build are great and can certainly be adapted to less grandiose setups.

Dust collection connector with closeable gate
One of the scratch-built gates.

[Brad] goes into a bit more detail in this gallery, revealing that the heart of the build is a Harbor Freight dust collection system that he modified into a cyclone separator. Big chunks fall down into the 55 gallon bucket, and what’s left gets blown out of the shop via a louvered vent through an exterior wall. An intricate system of 4 inch PVC pipe is then used to connect up each individual machine’s dust collection port. Even individual hand sanders get into the act via a three way manifold. His table saw lacked a dust port, so he enclosed the motor with a piece of plywood and made his own.

One of the most interesting aspects of the build is the scratch-built blast gates. These are essentially valves which open and close the different sections of the PVC where they mate to the individual stations. This prevents the dust collection system from wasting suction by trying to pull from all the stations at once when only one is in use at any given time. [Brad] even wired up the blast gates with switches that will turn the dust collection system on when the gate is open, and off when it’s closed.

This isn’t the first time we’ve covered the lengths people will go to rid their shop of dust. Cyclone dust separators are an especially popular build, using everything from sheet metal to 3D printed parts.

Continue reading “Automatic Dust Collection For The Whole Shop”

Finding Your Motorbike Using Wi-Fi

January 5, 2018 by 18 Comments

An urban planner once told me that every car requires at least four times as much space as they actually occupy. Each needs a spot on the roads, and three available parking spaces: one at home, one at work, and one to shop. Motorcycles are much smaller, but they still spend most of their time parked.

Motorcycles are the primary means of transport in Southeast Asia, and learning to safely drive one is an essential part of adapting to life here. Assuming it’s not pouring rain and you’re not flooded past your ankles, it’s actually quite a pleasant experience… until you have to park.

Unlike the parking lots you may be familiar with, there’s no expectation that your bike won’t be moved. In fact, it might very well end up on another floor, in another parking lot, or behind hundreds of impassable parked bikes on the roof. In the latter case, the attendant will shrug and suggest you come back in a few hours. Eventually, this won’t even register as a frustration – you will simply reason that there are plenty of other things that are more convenient here, like the weather (recent typhoon aside) or unlimited symmetrical fiber to the home for USD 5 a month.

That being said, with a little technology the problem could be lessened a bit while waiting for automated parking lots to become commonplace. On rare occasions I see people with little radio emitters that make their headlights flash, but they’re not terribly common here and require carrying yet another thing on my already full key chain (homes here typically use several different locks). It seemed pretty easy to pull off something similar using my smart phone with an ESP8266 running NodeMCU. I had been meaning to try out the sleep modes to save battery power anyway, so off I went.

Continue reading “Finding Your Motorbike Using Wi-Fi”

Imaging The Neighborhood With Solar Panels

January 5, 2018 by 27 Comments

Like many people who have a solar power setup at home, [Jeroen Boeye] was curious to see just how much energy his panels were putting out. But unlike most people, it just so happens that he’s a data scientist with a deep passion for programming and a flair for visualizations. In his latest blog post, [Jeroen] details how his efforts to explain some anomalous data ended with the discovery that his solar array was effectively acting as an extremely low-resolution camera.

It all started when he noticed that in some months, the energy produced by his panels was not following the expected curve. Generally speaking, the energy output of stationary solar panels should follow a clear bell curve: increasing output until the sun is in the ideal position, and then decreasing output as the sun moves away. Naturally cloud cover can impact this, but cloud cover should come and go, not show up repeatedly in the data.

Expected versus actual power output.

[Jeroen] eventually came to realize that the dips in power generation were due to two large trees in his yard. This gave him the idea of seeing if he could turn his solar panels into a rudimentary camera. In theory, if he compared the actual versus expected output of his panels at any given time, the results could be used as “pixels” in an image.

He started by creating a model of the ideal energy output of his panels throughout the year, taking into account not only obvious variables such as the changing elevation of the sun, but also energy losses through atmospheric dispersion. This model was then compared with the actual power output of his solar panels, and periods of low efficiency were plotted as darker dots to represent an obstruction. Finally, the plotted data was placed over a panoramic image taken from the perspective of the solar panels. Sure enough, the periods of low panel efficiency lined up with the trees and buildings that are in view of the panels.

We’ve seen plenty of solar hacks, but this one has to be something of a first. Usually people are more worried about maximizing efficiency or tracking the sun with them.

GhettoLED boombox with LED strips lighting up speakers

This Boombox Hack Is Lit

January 5, 2018 by 10 Comments

Old boomboxes make great hacks. Their design is iconic; yes they look dated but that really just builds on the nostalgic urge to have one hanging around. Plus their big cases simply invite adding things inside in a way impossible with contemporary electronics.

[Danc0rp] hacked his JVC M70 boombox to make the speakers glow with animated light, bumping VU meters, and a pulsing horizontal bar above the tape deck. The effect is superb. The cones of the speakers act like a projection surface and the grilles hide the LEDs until they activate, and enhance the effects once unleashed. It is one of the best LED speaker hacks we’ve ever seen.

Custom board with Arduino UNO
Custom board with Arduino UNO

The light effects are provided by LED strips, which for the speakers are attached just inside the outer rim. The brains behind it all is an Arduino UNO. To connect to it, he soldered components to a blank Arduino prototyping board. That board takes input from the boombox’s line-out and does some filtering (an attempt to address some ground noise) before passing the signal on to the Arduino. That board also interfaces between the Arduino and the LED strips. The schematic is available on his GitHub page. He’d like to replace the board with a custom PCB instead and is looking for design help.

The result is not only beautiful but professional looking too. This makes us wonder why boomboxes don’t come this way. See it for yourself in the video below.

Continue reading “This Boombox Hack Is Lit”

TRS-80 Model 100 Goes Cellular

January 4, 2018 by 10 Comments

There are a few old products that have rabid fan bases, and the TRS-80 Model 100 is one of those. Depending on your point of view it’s either a small laptop or a large organizer, but in 1983 it was the ultimate computer on the go. The $1100 version had a whopping 8K of memory and the LCD screen showed 8 lines of 40 characters in glorious monochrome. One cool feature was the built-in 300 baud phone modem, which [Trammell Hudson] wanted to try, but he doesn’t have a landline. He tried a VOiP phone, but it wouldn’t wedge into the acoustic couplers well enough. Then he decided to go cellular.

He had already hooked up an old ITT 500 series dial phone to an Adafruit Fona ceullar board. He even has Teensy software to decode the dial, drive the dial tone and otherwise make the phone work. This time he hooked a handset up through a headset jack.

Continue reading “TRS-80 Model 100 Goes Cellular”