The Computer We All Wish We’d Had In The 8-Bit Era

August 31, 2024 by 38 Comments

The 8-bit home computers of yore that we all know and love, without exception as far as we are aware, had an off the shelf microprocessor at heart. In 1983 you were either in the Z80 camp or the 6502 camp, with only a relatively few outliers using processors with other architectures.

But what if you could have both at once, without resorting to a machine such as the Commodore 128 with both on board? How about a machine with retargetable microcode? No, not the DEC Alpha, but the Isetta from [RoelH]— a novel and extremely clever machine based upon 74-series logic, than can not only be a 6502 or a Z80, but can also run both ZX Spectrum games, and Apple 1 BASIC. We would have done anything to own one of these back in 1983.

If retargetable microcode is new to you, imagine the instruction set of a microprocessor. If you take a look at the die you’ll find what is in effect a ROM on board, a look-up table defining what each instruction does. A machine with said capability can change this ROM, and not merely emulate a different instruction set, but be that instruction set. This is the Isetta’s trick, it’s not a machine with a novel RISC architecture like the Gigatron, but a fairy conventional one for the day with the ability to select different microcode ROMs.

It’s a beautifully designed circuit if you’re a lover of 74 logic, and it’s implemented in all surface mount on a surprisingly compact PCB. The interfaces are relatively modern too, with VGA and a PS/2 keyboard. The write-up is comprehensive and easy to understand, and we certainly enjoyed digging through it to understand this remarkable machine. We were lucky enough to see an Isetta prototype in the flesh over the summer, and we really hope he thinks about making a product from it, we know a lot of you would be interested.

This Week In Security: The Rest Of The IPv6 Story, CVE Hunting, And Hacking The TSA

August 30, 2024 by 1 Comment

We finally have some answers about the Windows IPv6 vulnerability — and a Proof of Concept! The patch was a single change in the Windows TCP/IP driver’s Ipv6pProcessOptions(), now calling IppSendError() instead of IppSendErrorList(). That’s not very helpful on its own, which is why [Marcus Hutchins]’s analysis is so helpful here. And it’s not an easy task, since decompiling source code like this doesn’t give us variable names.

The first question that needs answered is what is the list in question? This code is handling the option field in incoming IPv6 packets. The object being manipulated is a linked list of packet structs. And that linked list is almost always a single member list. When calling IppSendErrorList() on a list with a single member, it’s functionally equivalent to the IppSendError() in the fixed code. The flaw must be in the handling of this list with multiple members. The only way to achieve that criteria is to send a lot of traffic at the machine in question, so it can’t quite keep up with processing packets one at a time. To handle the high throughput, Windows will assemble incoming packets into a linked list and process them in batch.

So what’s next? IppSendErrorList(), takes a boolean and passes it on to each call of IppSendError(). We don’t know what Microsoft’s variable name is, but [Marcus] is calling it always_send_icmp, because setting it to true means that each packet processed will generate an ICMP packet. The important detail is that IppSendError() can have side effects. There is a codepath where the packet gets reverted, and the processing pointer is set back to the beginning of the packet. That’s fine for the first packet in the list, but because the function processes errors on the entire list of packets, the state of the rest of those packets is now much different from what is expected.

This unexpected but of weirdness can be further abused through IPv6 packet fragmentation. With a bit of careful setup, the reversion can cause a length counter to underflow, resulting in data structure corruption, and finally jumping code execution into the packet data. That’s the Remote Code Execution (RCE). And the good news, beyond the IPv6-only nature of the flaw, is that so far it’s been difficult to actually pull the attack off, as it relies on this somewhat non-deterministic “packet coalescing” technique to trigger the flaw.

Continue reading “This Week In Security: The Rest Of The IPv6 Story, CVE Hunting, And Hacking The TSA”

A Non-Musical Use Case For 8-Track

August 28, 2024 by 23 Comments

There was a time in the not-too-distant past when magnetic tape was the primary way of listening to and recording audio. Most of us are familiar with the cassette tape, a four-track system that plays first one side of the tape, then the other. There was the eight-track tape as well which did not have quite as much popularity or longevity but did have a few interesting features that [Serial Hobbyism] took advantage of to make an interactive game.

The defining feature of the eight-track system, beyond the obvious eight tracks on the tape, is that the tape runs in a continuous loop, never needing to be stopped or flipped over. Instead, four buttons select pairs of the eight tracks, moving a head immediately to make the switch on-the-fly. [Serial Hobbyism]’s game plays a trivia-style audio recording and asks the player to answer questions by pushing one of the four “program” buttons to switch tracks. If the correct track is selected, the recorded audio congratulates the player and then continues on with the game. Likewise, if an incorrect track is selected, the recording notes that and the game continues.

Another interesting feature of this game is that it can be played without modifying an eight-track player, as the selectable tracks are a core function of this technology. They can be used in a similar way as cassette tapes to store computer data and a data recorder similar to the eight-track system was used on the Voyager space probes, although these only bear a passing resemblance.

Continue reading “A Non-Musical Use Case For 8-Track”

A Simple But Effective Receiving Loop Antenna

August 25, 2024 by 21 Comments

There’s a joke in the world of radio that all you need for a HF antenna is a piece of wet string, but the truth is that rudimentary antennas rarely perform well. Random pieces of wire may pull in some signal, but along with it comes a ton of unwanted interference and noise. It’s thus worth putting in the effort to make a better antenna, and if you’re not fortunate enough to have a lot of space, your best choice may be a magnetic loop. [Robert Hart] takes us through the design of a receive-only coaxial loop. It’s referred to as a Moebius loop because the conductor takes a “twist” path between the inner and outer halfway around.

The idea of a loop antenna is simple enough. It’s an inductor intended to respond to the magnetic portion of the wave rather than the electric part. They’re normally made of a single turn of wire in a loop of diameter well below half a wavelength, and, in their transmitting versions, they are often tuned to resonance by an air-spaced variable capacitor. Coaxial loops like this one provide enhanced resistance to electrical noise. He’s using some rather expensive Andrews coax for its rigidity, but the less well-heeled can use cheaper stuff without penalty. The result, when put on a frame of PVC pipe and a speaker stand, is an excellent portable receiving antenna, and if we’re being honest, something we might also consider in our own shack.

Continue reading “A Simple But Effective Receiving Loop Antenna”

Comparing AliExpress Vs LCSC-Sourced MOSFETs

August 24, 2024 by 26 Comments
The fake AliExpress-sourced IRFP460 MOSFETs (Credit: Learn Electronics Repair, YouTube)

These days, it’s super-easy to jump onto the World Wide Web to find purported replacement parts using nothing but the part identifier, whether it’s from a reputable source like Digikey or Mouser or from more general digital fleamarkets like eBay and AliExpress. It’s hardly a secret that many of the parts you can buy online via fleamarkets are not genuine. That is, the printed details on the package do not match the actual die inside. After AliExpress-sourced MOSFETs blew in a power supply repair by [Learn Electronics Repair], he first tried to give the MOSFETs the benefit of the doubt. Using an incandescent lightbulb as a current limiter, he analyzed the entire PSU circuit before putting the blame on the MOSFETs (IRFP460) and ordering new ones from LCSC.

Buying from a distributor instead of a marketplace means you can be sure the parts are from the manufacturer. This means that when a part says it is a MOSFET with specific parameters, it almost certainly is. A quick component tester session showed the gate threshold of the LCSC-sourced MOSFETs to be around 3.36V, while that of the AliExpress ‘IRFP460’ parts was a hair above 1.8V, giving a solid clue that whatever is inside the AliExpress-sourced MOSFETs is not what the package says it should be.

Unsurprisingly, after fitting the PSU with the two LCSC-sourced MOSFETs, there was no more magic smoke, and the PSU now works. The lesson here is to be careful buying parts of unknown provenance unless you like magic smoke and chasing weird bugs.

Continue reading “Comparing AliExpress Vs LCSC-Sourced MOSFETs”

You Can Get A Precision Instrument-Guided Landing Even In Antarctica

August 23, 2024 by 8 Comments

Traditional airports spend big money to install instrument landing systems (ILS) to guide planes in safely. In places like Antarctica, though, it’s simply not possible to permanently install a massive antenna array for localization, particularly with all the ice shifting about on the regular. As covered by Flightradar24, the solution to this is to use a transponder landing system (TLS) instead.

Comparatively compact! Credit: ANPC

A TLS tracks planes by using multilateration—basically, transponder signals are picked up by multiple antennas and the time delays are used to figure out the position of the aircraft. It then sends the guidance signals a plane would normally expect to receive from an ILS transmitter array, for horizontal and vertical guidance. These signals appear to the plane to be coming from antennas located as per a typical ILS array, with the TLS able to generate signals from ‘virtual emanation points” as needed. This allows the TLS to generate different landing approaches to suit different planes and conditions. From the pilot and aircraft side, it’s all perfectly transparent.

In Antarctica’s McMurdo station, landings are handled by a TLS system that barely takes up more space than a single shipping crate. The system can be set up in just a few hours, unlike a traditional ILS which takes significant installation work spanning weeks or months at best. At the moment, though, the landing strip at McMurdo is stable enough that the system only needs periodic realignment every three years or so.

You might assume that if you’re approaching Antarctica by plane, everything would be on manual. However, the creature comforts of modern airports are available even at one of the the most southerly airports on Earth!

 

A Field Guide To The North American Substation

August 22, 2024 by 15 Comments

Drive along nearly any major road in the United States and it won’t be long before you see evidence of the electrical grid. Whether it’s wooden poles strung along the right of way or a line of transmission towers marching across the countryside in the distance, signs of the grid are never far from view but often go ignored, blending into the infrastructure background and becoming one with the noise of our built environment.

But there’s one part of the electrical grid that, despite being more widely distributed and often relegated to locations off the beaten path, is hard to ignore. It’s the electrical substation, more than 55,000 of which dot the landscape of the US alone. They’re part of a continent-spanning machine that operates as one to move electricity from where it’s produced to where it’s consumed, all within the same instant of time. These monuments of galvanized steel are filled with strange, humming equipment of inscrutable purpose, seemingly operating without direct human intervention. But if you look carefully, there’s a lot of fascinating engineering going on behind those chain-link fences with the forbidding signage, and the arrangement of equipment within them tells an interesting story about how the electrical grid works, and what the consequences are when it doesn’t.

Continue reading “A Field Guide To The North American Substation”