The White House Memory Safety Appeal Is A Security Red Herring

February 29, 2024 by 107 Comments

In the Holy Programming Language Wars, the lingua franca of system programming – also known as C – is often lambasted for being unsecure, error-prone, and plagued with more types of behavior that are undefined than ones that are defined by the C standards. Many programming languages were said to be ‘C killers’, yet C is still alive today. That didn’t stop the US White House’s Office of the National Cyber Director (ONCD) from putting out a report in which both C and C++ got lambasted for being ‘unsafe’ when it came to memory management.

The full report (PDF) is pretty light on technical details, while citing only blog posts by Microsoft and Google as its ‘expert sources’. The claim that memory safety issues are the primary cause of CVEs is not substantiated, or at least ignores the severity of CVEs when looking at the CISA statistics for active exploits. Beyond this call for ‘memory safety’, the report then goes on to effectively call for more testing and validation, while kicking in doors that were opened back in the 1970s already with the Steelman requirements and the High Order Language Working Group (HOLWG) of 1975.

What truly is the impact and factual basis of the ONCD report?

Continue reading “The White House Memory Safety Appeal Is A Security Red Herring”

A cat sits on a dark green mid-century modern bench next to a cat-sized black piano. A black bowl sits beneath the piano to catch food. An abstract green, blue, and tan picture in a black frame is on the wall above the cat and a black bar stool can be seen around the corner. It looks like the sort of photo you'd see on Instagram or in an interior design magazine.

Piano Feeder Gets Pets Playing For Their Supper

February 29, 2024 by 21 Comments

If you ever watched a video of Piano Cat and wondered if your cat could learn to play, then [Sebastian Sokołowski] has a possible solution with this combination piano tutor and cat feeder.

Starting with a CNC cut MDF enclosure, [Sokołowski] developed a cat feeder that would fit in the rear of the piano. It had to be reliable, consistent, and easy to disassemble. He walks us through his testing for each of these features and says the feeder was the most difficult part of the project to develop due to the propensity of pet feeder mechanisms to jam.

A custom PCB takes the key presses from the piano (with functional black keys) and outputs the sound from a speaker in the back. Lessons progress through increasing difficulty automatically, encouraging your cat to learn what the different keys can do. Food is dispensed after a performance or on a schedule set through the accompanying smartphone app. All the files are available if you want to build your own, but there is a wait list available if you want a completed version to give to less technically-inclined cat staff.

We’re certainly no stranger to the creatures that rule the internet here at Hackaday, having featured other cat feeders, new research into spaying cats, or even open source robo-cats.

Continue reading “Piano Feeder Gets Pets Playing For Their Supper”

NASA Found Another Super Earth With Tantalizing Possibilities

February 29, 2024 by 57 Comments

Earth is a rather special place, quite unlike the other planets in the solar system. It’s nestled at the perfect distance from the sun to allow our water to remain liquid and for life to flourish in turn. It’s a rare thing; most planets are either too close and scorching hot, or too far and freezing cold.

NASA is always on the hunt for planets like our own, and recently found a new super-Earth by the name of TOI-715b. The planet is larger than our own, but it’s position and makeup mean that it’s a prime candidate for further study. Let’s take a look at how NASA discovered this planet, and why it’s special.

Continue reading “NASA Found Another Super Earth With Tantalizing Possibilities”

An Automotive Locksmith On The Flipper Zero And Car Theft

February 29, 2024 by 61 Comments

Here in the hacker community there’s nothing we love more than a clueless politician making a fool of themselves sounding off about a technology they know nothing about. A few days ago we were rewarded in spades by the Canadian Minister of Innovation, Science and Industry François-Philippe Champagne, who railed against the Flipper Zero, promising to ban it as a tool that could be used to gain keyless entry to a vehicle.

Of course our community has roundly debunked this assertion, as capable though the Flipper is, the car industry’s keyless entry security measures are many steps ahead of it. We’ve covered the story from a different angle before, but it’s worth returning to it for an automotive locksmith’s view on the matter from [Surlydirtbag].

He immediately debunks the idea of the Flipper being used for keyless entry systems, pointing out that thieves have been using RF relay based attacks which access the real key for that task for many years now. He goes on to address another concern, that the Flipper could be used to clone the RFID chip of a car key, and concludes that it can in the case of some very old vehicles whose immobilizers used simple versions of the technology, but not on anything recent enough to interest a car thief.

Of course, to many readers this will not exactly be news. But it’s still important, because perhaps some of us will have had to discuss this story with non-technical people who might be inclined to believe such scare stories. Being able to say “Don’t take it from me, take it from an automotive locksmith” might just help. Meanwhile there is still the concern of CAN bus attacks to contend with, something the manufacturers could have headed off had they only separated their on-board subsystems.

Continue reading “An Automotive Locksmith On The Flipper Zero And Car Theft”

A “Full” Keyboard For $5*

February 29, 2024 by 14 Comments

Sure, we’ve all seen PCB business cards at this point, but what about giving away a full-blown keyboard at meetups and such? That’s just how cost-effective the idawgz32 keyboard is. How on Earth can it cost so little? [sporewoh] used the CH552 microcontroller, which comes in around a dollar and only needs a couple of capacitors to get it up and running. The firmware is FAK.

As [sporewoh] writes in this blog post about the keyboard, they did some analysis and realized that most of the cost of their previous tiny board came from the switches. In addition to switching up the switches, [sporewoh] performed a few tricks to get the cost down, like making the key spacing 9 mm x 9 mm so that the overall board is less than 100 mm x 100 mm (which triggers a deal at a certain board house).

Unfortunately, the switches turned out not to be so good. They had greater travel and required more actuation force than the ones [sporewoh] was used to with previous board. The switches were also scratchy, which was solved with a little Krytox. But ultimately, they are pretty unreliable, so the next revision will use Panasonic EVQP0N02Bs.

If this seems familiar, you may be recalling this $3 macro pad which uses the same chip, or maybe the fact that we’ve covered the CH552 in detail.

*Thanks to the current CAD to USD exchange rate.

A beige computer with a CRT monitor. A black LCD sits atop a stack of 3 devices next to it and a set of power control switches (the orange light up kind). There appear to be 8 floppy drives available.

Flux Is Your Friend For Archiving Old Floppy Disks

February 28, 2024 by 13 Comments

Nothing screams retrocomputing quite like floppy drives. If you want to preserve some of your favorite computing memories like that paper you wrote about the joys of the Information Superhighway, [Shelby] from Tech Tangents has a detailed dive into how to preserve the bits off those old floppies.

Back in the day, the best way to get data off an old drive was to fire up an old computer. Now, with new devices specifically designed for harvesting data off of old floppies like the KryoFlux and the Greaseweazle, you can get the full flux map of the disk. With this, you can build binary image files and actually pull files and duplicate disks from vintage systems.

Some systems, like PCs, Macs, and Commodores are well-understood and are simple to preserve, while others take quite a bit of work to figure out. [Shelby] walks us through some of the more common disk formats as well as some real oddballs like Microsoft Adventure which features inconsistent formatting as a form of early DRM (boo).

Want to do your own preservation? We’ve covered a couple different methods in the past.

Continue reading “Flux Is Your Friend For Archiving Old Floppy Disks”

Pictures of the internals of the Starlink adapter

Restoring Starlink’s Missing Ethernet Ports

February 28, 2024 by 29 Comments

Internet connectivity in remote areas can be a challenge, but recently SpaceX’s Starlink has emerged as a viable solution for many spots on the globe — including the Ukrainian frontlines. Unfortunately, in 2021 Starlink released a new version of their hardware, cost-optimized to the point of losing some nice features such as the built-in Ethernet RJ45 (8P8C) port, and their proposed workaround has some fundamental problems to it. [Oleg Kutkov], known for fixing Starlink terminals in wartime conditions, has released three posts on investigating those problems and, in the end, bringing the RJ45 ports back.

Starlink now uses an SPX connector with a proprietary pinout that carries two Ethernet connections at once: one to the Dishy uplink, and another one for LAN, with only the Dishy uplink being used by default. If you want LAN Ethernet connectivity, they’d like you to buy an adapter that plugs in the middle of the Dishy-router connection. Not only is the adapter requirement a bother, especially in a country where shipping is impeded, the SPX connector is also seriously fragile and prone to a few disastrous failure modes, from moisture sensitivity to straight up bad factory soldering.

Continue reading “Restoring Starlink’s Missing Ethernet Ports”