The White House Memory Safety Appeal Is A Security Red Herring

February 29, 2024 by 107 Comments

In the Holy Programming Language Wars, the lingua franca of system programming – also known as C – is often lambasted for being unsecure, error-prone, and plagued with more types of behavior that are undefined than ones that are defined by the C standards. Many programming languages were said to be ‘C killers’, yet C is still alive today. That didn’t stop the US White House’s Office of the National Cyber Director (ONCD) from putting out a report in which both C and C++ got lambasted for being ‘unsafe’ when it came to memory management.

The full report (PDF) is pretty light on technical details, while citing only blog posts by Microsoft and Google as its ‘expert sources’. The claim that memory safety issues are the primary cause of CVEs is not substantiated, or at least ignores the severity of CVEs when looking at the CISA statistics for active exploits. Beyond this call for ‘memory safety’, the report then goes on to effectively call for more testing and validation, while kicking in doors that were opened back in the 1970s already with the Steelman requirements and the High Order Language Working Group (HOLWG) of 1975.

What truly is the impact and factual basis of the ONCD report?

Continue reading “The White House Memory Safety Appeal Is A Security Red Herring”

NASA Found Another Super Earth With Tantalizing Possibilities

February 29, 2024 by 57 Comments

Earth is a rather special place, quite unlike the other planets in the solar system. It’s nestled at the perfect distance from the sun to allow our water to remain liquid and for life to flourish in turn. It’s a rare thing; most planets are either too close and scorching hot, or too far and freezing cold.

NASA is always on the hunt for planets like our own, and recently found a new super-Earth by the name of TOI-715b. The planet is larger than our own, but it’s position and makeup mean that it’s a prime candidate for further study. Let’s take a look at how NASA discovered this planet, and why it’s special.

Continue reading “NASA Found Another Super Earth With Tantalizing Possibilities”

An Automotive Locksmith On The Flipper Zero And Car Theft

February 29, 2024 by 61 Comments

Here in the hacker community there’s nothing we love more than a clueless politician making a fool of themselves sounding off about a technology they know nothing about. A few days ago we were rewarded in spades by the Canadian Minister of Innovation, Science and Industry François-Philippe Champagne, who railed against the Flipper Zero, promising to ban it as a tool that could be used to gain keyless entry to a vehicle.

Of course our community has roundly debunked this assertion, as capable though the Flipper is, the car industry’s keyless entry security measures are many steps ahead of it. We’ve covered the story from a different angle before, but it’s worth returning to it for an automotive locksmith’s view on the matter from [Surlydirtbag].

He immediately debunks the idea of the Flipper being used for keyless entry systems, pointing out that thieves have been using RF relay based attacks which access the real key for that task for many years now. He goes on to address another concern, that the Flipper could be used to clone the RFID chip of a car key, and concludes that it can in the case of some very old vehicles whose immobilizers used simple versions of the technology, but not on anything recent enough to interest a car thief.

Of course, to many readers this will not exactly be news. But it’s still important, because perhaps some of us will have had to discuss this story with non-technical people who might be inclined to believe such scare stories. Being able to say “Don’t take it from me, take it from an automotive locksmith” might just help. Meanwhile there is still the concern of CAN bus attacks to contend with, something the manufacturers could have headed off had they only separated their on-board subsystems.

Continue reading “An Automotive Locksmith On The Flipper Zero And Car Theft”

Pictures of the internals of the Starlink adapter

Restoring Starlink’s Missing Ethernet Ports

February 28, 2024 by 29 Comments

Internet connectivity in remote areas can be a challenge, but recently SpaceX’s Starlink has emerged as a viable solution for many spots on the globe — including the Ukrainian frontlines. Unfortunately, in 2021 Starlink released a new version of their hardware, cost-optimized to the point of losing some nice features such as the built-in Ethernet RJ45 (8P8C) port, and their proposed workaround has some fundamental problems to it. [Oleg Kutkov], known for fixing Starlink terminals in wartime conditions, has released three posts on investigating those problems and, in the end, bringing the RJ45 ports back.

Starlink now uses an SPX connector with a proprietary pinout that carries two Ethernet connections at once: one to the Dishy uplink, and another one for LAN, with only the Dishy uplink being used by default. If you want LAN Ethernet connectivity, they’d like you to buy an adapter that plugs in the middle of the Dishy-router connection. Not only is the adapter requirement a bother, especially in a country where shipping is impeded, the SPX connector is also seriously fragile and prone to a few disastrous failure modes, from moisture sensitivity to straight up bad factory soldering.

Continue reading “Restoring Starlink’s Missing Ethernet Ports”

Making A Dye-Sensitized Solar Cell Is Almost DIY-able

February 28, 2024 by 9 Comments

We see plenty of solar projects here on Hackaday, but they primarily consist of projects that use an off-the-shelf solar panel to power something else. We see very few projects where people actually create their own solar panels. And yet, that’s precisely what [Shih Wei Chieh] has done!

The project consists of a large dye-sensitized solar panel. These are a type of solar panel that can easily be created by the DIY builder, though their efficiency leaves something to be desired versus the best commercial types available. However, you can build them in any way you like to suit your application, which can have some potential benefits.

It consists of two pieces of FTO glass that is etched and prepared to become the electrodes for a string of solar cells. The cells have to be treated with titanium dioxide and then laced with silver traces, before being assembled with liquid electrolyte squirted in between. It’s finicky stuff, but the video almost makes it look easy… if you’re familiar with working in a chemistry lab, that is.

While it’s DIY-able, it’s at the outer edge of what some of us would be comfortable with. It does involve some steps with semi-obscure chemicals and the use of a kiln to produce the cells. The design shown here outputs around 5.8 volts and 51 milliamps. It’s not heaps, but it’s enough to run a low-power project for some time in an area with decent sun.

We’ve seen some other great solar projects over the years, too! Video after the break.

Continue reading “Making A Dye-Sensitized Solar Cell Is Almost DIY-able”

The Strange Metal Phase And Its Implications For Superconductivity

February 28, 2024 by 1 Comment

The behavior of electrons and the exact fundamentals underlying the phenomenon we call ‘electricity’ are still the subject of many competing theories and heated debates. This is most apparent in the area of superconducting research, where the Fermi liquid theory — which has has formed the foundation of much of what we thought we knew about interacting fermions and by extension electrons in a metal — was found to break down in cuprates as well as in other metals which feature a state that is a non-Fermi liquid, also called a ‘strange metal phase’.

This phase was the subject of a 2023 research article by [Liyang Chen] and colleagues in Science titled Shot Noise in a Strange Metal. As summarized in a Quanta Magazine article, the term ‘shot noise’ refers hereby to the quasiparticles that are postulated by the Fermi liquid theory to form part of the electrical current as electrons interact and ‘clump’ together, creating discrete ‘particles’ that can be measured like rain drops falling on a roof. [Liyang Chen] and colleagues created a 200 nm thin nanowire (pictured, top) out of ytterbium, rhodium and silicon, followed by cooling it down to a few Kelvin and measuring the current.

What the team found was no sign of these discrete quasiparticles, but rather non-Fermi liquid continuous current. Yet what is exactly the nature of this measured current? Quite a few attempts at explaining this phenomenon have been undertaken, e.g. Jianfan Wang et al. (2022) in rare-earth intermetallic compounds. More recently [Riccardo Arpaia] and colleagues explore charge density fluctuations (CDF) as a signature of the quantum critical point (QCP), which is a point in the phase diagram where a continuous phase transition takes place at absolute zero.

They studied the CDF using X-ray scattering in cuprate superconductors with a wide doping range, using the measured CDF as an indication of the QCP, indicating that the former may be a result of the latter. With these results mostly inspiring more discussion and research, it’ll probably be a while still before we risk replacing the Fermi liquid theory, or apply strange metal findings to produce high-temperature superconductors.

Ethernet For Hackers: Equipment Exploration

February 28, 2024 by 28 Comments

Last time, we talked about the surface-level details of Ethernet. They are fundamental to know for Ethernet hacking, but they’re also easy to pick up from bits and pieces online, or just from wiring up a few computers in your home network. Now, there’s also a bunch of equipment and standards that you will want to use with Ethernet – easy to find whether used or new, and typically as easy to work with. Let’s give you a few beacons!

Routers And Switches

Whenever you see a box with a few Ethernet ports, it’s either referred to as a router, or a switch, sometimes people will even use the word “hub”! Fortunately, it’s simpler than it may seem. A router is a smart device, typically with an OS, that ties two or more networks together – routing packers from one network to another, and typically taking care of things like handing out local IP addresses via DHCP. A switch merely helps Ethernet devices exchange packets between each other on the same level – it’s typically nowhere near as smart as a router gets. Oftentimes, a home router will contain a switch inside, so that you can plug in multiple of your home devices at once. That’s the main difference – a switch merely transmits packets between Ethernet-connected devices, while a router is a small computer taking care of packet forwarding between networks and possibly including an Ethernet switch on the side.
Continue reading “Ethernet For Hackers: Equipment Exploration”