This Week In Security: Browser Exploits, Play Protect, And Turn ON Your Firewall!

October 20, 2023 by 5 Comments

Google Chrome has done a lot of work on JavaScript performance, pushing the V8 engine to more and more impressive feats. Recently, that optimization has one more piece, the Maglev compiler, which sits between Sparkplug and TurboFan, as a mid-tier optimization step. With a Just In Time (JIT) system, the time saving of code optimization steps has to be carefully weighed against the time costs, and Maglev is another tool in that endless hunt for speed. And with anything this complicated, there’s the occasional flaw found in the system. And of course, because we’re talking about it here, it’s a security vulnerability that results in Remote Code Execution (RCE).

The trick is to use Maglev’s optimization against it. Set up a pair of classes, such that B extends A. Calling new B() results in an attempt to use the constructor from A. Which works, because the compiler checks to make sure that the constructors match before doing so. There’s another way to call a constructor in JS, something like Reflect.construct(B, [], Array);. This calls the B constructor, but indicates that the constructor should return an Array object. You may notice, there’s no array in the A class below. Tricking the compiler into using the parent class constructor in this fashion results in the array being uninitialized, and whatever happens to be in memory will set the length of the array. Continue reading “This Week In Security: Browser Exploits, Play Protect, And Turn ON Your Firewall!”

Debugging A 1950s Computer Sounds Like A Pain

October 20, 2023 by 24 Comments

Debugging computers in the 1950s sounds like it wasn’t an easy task. That’s one of the interesting facts from this fascinating talk by [Guy Fedorkow] about the Whirlwind, one of the first digital computers ever built. The development of this remarkable computer started at MIT (Funded by the US Navy) in 1949 as a flight simulator but pivoted to plotting interceptions in the early 1950s. That was because the USSR had just set off their first boosted nuclear bomb, which could be mounted on a missile or bomber. So, the threat of incoming missiles and atomic bombers became real, and the need arose to intercept nuclear bombers.

As a real-time computer, Whirlwind received radar data from radar stations around the US that showed the location of the interceptor and the incoming bogey, then calculated the vector for the two to meet up and, erm, have a frank exchange of views. So, how do you debug one of the first real-time computers? Carefully, it seems.

Continue reading “Debugging A 1950s Computer Sounds Like A Pain”

Commodore Datassette Does Barbershop Quartet

October 20, 2023 by 3 Comments

Okay, now this is just plain fun. [Linus Åkesson] modified a Commodore Datassette player to move its “mouth” and, when quadrupled, sing a clever barbershop tune called “Sweet End of Line” that’s a play on “Sweet Adeline“, a top hit from the summer of 1903.

What? Let us explain. Those with Commodore 64s who lacked disk drives often had the Datassette — a magnetic storage tape device, or cassette player used to load and save files. But they couldn’t open the doors themselves with a keypress, and they certainly couldn’t sing barbershop.

First off, [Linus] redirected the current that drives the magnetizing tape head through a speaker coil instead. Then he replaced the motor with a servo that opens the lid from the inside. A simple rubber band pulls the lid back shut. Software-wise, [Linus] is using a timer interrupt to run code that toggles the output signal, the rate of which determines the pitch.

Don’t worry — all of these modifications are reversible, so no Datassettes were truly harmed in the making. Don’t forget to check out the brief build/demo video after the break.

We’ve seen our share of tape players, but we’d never seen one with a crank until recently.

Continue reading “Commodore Datassette Does Barbershop Quartet”

You Can Now Order A Brand-New Amiga PCB

October 19, 2023 by 30 Comments

The Commodore 64 has been pulled apart, reverse engineered, replicated, and improved upon to no end over the last four decades or so. The Amiga 500 has had less attention, in part due to its greater level of sophistication. However, you can now order a brand-new Amiga-compatible PCB if you’re looking to put together a machine from surplus parts.

The design is known as Denise, and is apparently the work of an anonymous Swedish designer according to the Tindie listing. It’s not a direct replica of any one Amiga machine. Instead, it’s best described as “a compact A500+ compatible motherboard with two Zorro2 slots and a few additional features.”

Denise is just a PCB, though. No emulated chips or other components are included. To use the PCB, you’ll need a full set of Amiga custom chips and a suitable Motorola 68000-series CPU to suit. It can be used with either OCS or ECS chipsets. At this stage, it’s only verified to work with the 2MB version of the Agnus chip, though the creators believe it should work with a 1MB “Diet Agnus.”  Some modern conveniences are on hand, too. A pair of microcontrollers will allow the use of Amiga or PC keyboards, along with Amiga or PS/2 style mice, including support for scroll wheels.

Given the number of damaged, battered, and corroded Amiga PCBs out there, it’s great that there is a source of fresh, new PCBs for restoration purposes. Video after the break.

Continue reading “You Can Now Order A Brand-New Amiga PCB”

Electrically controlled behaviors of the lateral α-In2Se3 Fe-FET. a) Hysteresis loop of Id–Vd curve of the planar Fe-FET with 29 nm thick α-In2Se3. b) Band diagram of the ferroelectric switching mechanism. (Credit: Miao et al., 2023)

New Type Of Ferroelectric Memory Constructed Using α-In2Se3 Material

October 19, 2023 by 4 Comments

The ferroelectrical properties of materials have found a variety of uses over the years, including in semiconductor applications. Ferroelectric memory is among the most interesting and possibly world-changing as it could replace today’s fragile and (relatively) slow NAND Flash with something that’s more robust and scalable. Yet as with any good idea, finding the right materials and process to implement it is half the battle. Here is where a recently released paper in Advanced Science by Shurong Miao and colleagues demonstrates a FeFET-based memory cell design using α-In2Se3 material on platinum-based source-drain electrodes. Continue reading “New Type Of Ferroelectric Memory Constructed Using α-In2Se3 Material”

Humble Arduino As PLC

October 19, 2023 by 35 Comments

On the surface, a programmable logic controller (PLC) might seem like nothing more than a generic microcontroller, perhaps outfitted to operate in industrial settings with things like high temperatures or harsh vibrations. While this is true to some extent, PLCs also have an international standard for their architecture and programming languages. This standard is maintained by the International Electrotechnical Commission, making it so that any device built under these specifications will be recognizable to control engineers and maintenance personnel worldwide. And, if you use this standard when working with certain Arduinos, this common platform can become a standard-compliant PLC as well.

The IDE itself supports programming ladder diagrams, functional block diagrams, and other programming systems covered under the IEC 61131-3 standard. Not only that, it allows the combination of these types of PLC programming with Arduino sketches. The system offers many of the perks of PLC programming alongside the familiar Arduino platform, and supports a number of protocols as well including CANOpen, Modbus RTU, and Modbus TCP. It can also be used for monitoring a PLC system, essentially adding IoT capabilities to existing systems, enabling continuous monitoring, debugging, and program updates.

While not every Arduino is a great platform to build a PLC around, there are a few available for those looking for a system a little less proprietary and a little more user-friendly than typical PLC systems tend to be. There’s a reason that PLCs are built around an international standard and generally have certain hardware in mind to run it, though, and this comparison of a Raspberry Pi with an off-the-shelf PLC goes into detail about why certain components aren’t good choices for PLCs.

Tank Boots Are A Dangerous Way To Get Around Town

October 19, 2023 by 12 Comments

Rollerskates are all well and good, but they’re even more fun when they’re powered. Then again, why stick with wheels, when you can have the off-road benefits of tracked propulsion? That’s precisely what [Joel] was thinking when he built this impressive set of Tank Boots.

The build uses a set of tracks from a tracked snowblower, sourced for $50. The tracks are a simple design sans suspension, consisting of a pair of plastic wheels inside the tracks and run via a chain drive. Each snowblower track was given a metal frame with a ski boot and a motor, gearbox, and controller straight out of a power drill. Power was courtesy of a lithium-polymer battery pack.

Riding the boots isn’t easy, with falls and tumbles rather common. Regardless, they get around great offroad in a way that regular rollerblades never could. Bolted together, they make a great tank chair, too. We’ve actually looked at the benefits of tracks versus wheels before, too. Video after the break.