Et Tu, Red Hat?

June 23, 2023 by Jonathan Bennett 94 Comments

Something odd happened to git.centos.org last week. That’s the repository where Red Hat has traditionally published the source code to everything that’s a part of Red Hat Enterprise Linux (RHEL) to fulfill the requirements of the GPL license. Last week, those packages just stopped flowing. Updates weren’t being published. And finally, Red Hat has published a clear answer to why:

Red Hat has decided to continue to use the Customer Portal to share source code with our partners and customers, while treating CentOS Stream as the venue for collaboration with the community.

Sounds innocuous, but what’s really going on here? Let’s have a look at the Red Hat family: RHEL, CentOS, and Fedora.

RHEL is the enterprise Linux distribution that is Red Hat’s bread and butter. Fedora is RHEL’s upstream distribution, where changes happen fast and things occasionally break. CentOS started off as a community repackaging of RHEL, as allowed under the GPL and other Open Source licenses, for people who liked the stability but didn’t need the software support that you’re paying for when you buy RHEL.

Red Hat took over the reigns of CentOS back in 2014, and then imposed the transition to CentOS Stream in 2020, to some consternation. This placed CentOS Stream between the upstream Fedora, and the downstream RHEL. Some people missed the stability of the old CentOS, and in response a handful of efforts spun up to fill the gap, like Alma Linux and Rocky Linux. These projects took the source from git.centos.org, and rebuilt them into usable community operating systems, staying closer to RHEL in the process.

Red Hat has published a longer statement elaborating on the growth of CentOS Stream, but it ends with an interesting statement: “Red Hat customers and partners can access RHEL sources via the customer and partner portals, in accordance with their subscription agreement.” What exactly is in that subscription agreement? Well according to Alma Linux, “the way we understand it today, Red Hat’s user interface agreements indicate that re-publishing sources acquired through the customer portal would be a violation of those agreements.” Continue reading “Et Tu, Red Hat?” →

Hackaday Podcast 224: Star Wars Holograms, Tricorders, And Other Sensors

June 23, 2023 by Al Williams No comments

Elliot and Al got together to discuss this week’s projects, and you’re invited! You’ll hear news about replaceable batteries in the EU, along with some news about the Hackaday Op Amp Challenge winners and the start of a new contest. This week’s choice hacks ranged from a Star Wars-style volumetric display, navigation using cosmic rays, measuring car speed with microphones, and a crazy 3D printing technique that will blow you away.

There’s plenty more where that came from. Ever tried to land a model rocket vertically? How about building a punched card reader? The can’t miss articles this week cover a thermal camera review and the unintended consequences if AM radio bites the dust.

If you want to read along, the links are below for you to check out. Be sure to leave us your thoughts in the comments.

Click play to get started. Or download a non-AI-generated (we promise) file for your offline listening pleasure.

Continue reading “Hackaday Podcast 224: Star Wars Holograms, Tricorders, And Other Sensors” →

Commodore Floppy Drive Fixing Chaos

June 23, 2023 by Maya Posch 7 Comments

One of the best parts of retrocomputing is that you can obtain so many broken systems and peripherals for repairing and other assorted fun. This was the wholesome activity that [Drygol] embarked on recently with a gaggle of Commodore floppy disk drives that he obtained, involving a lot of cleaning, soldering, calibrating and other assorted entertainment. This follows cold on the heels of an earlier repair session of a stash of Commodore 1541 FDDs.

Testing Commodore FDD head alignment using the 1541 diagnostic cartridge.

As with any such devices, the first thing to do is to clean the heck out of them, to remove forty-odd years of dust and other debris, followed by testing of functionality, replacing dead ICs and the usual round of (electrolytic) capacitor replacement. Retrobrighting gives it that fresh-out-of-packaging look, which leaves just the calibrating of these drives. This procedure is essential to make sure the read/write head is aligned with the tracks on the disks, and is the most fiddly part of the process.

What helps a lot here is the 1541 diagnostic cartridge by [World of Jani] that displays real-time information on the drive while you are tweaking its speed and head alignment. All you have to do is tweak the speed potentiometer, and adjust the position of the drive motor, which takes a bit of patience and a steady hand. After this repair session a few Mitsumi drives unfortunately remained dead due to busted coils. Despite a valiant repair attempt on the heads by manually rewinding the coils, this remains a topic for a potential part III.

This Week In Security: NOAuth, MiniDLNA, And Ticket To Ride

June 23, 2023 by Jonathan Bennett 4 Comments

There’s a fun logic flaw in how multiple online services handle OAuth logins, that abuses Microsoft’s Azure Active Directory service to allow account takeovers. The problem is how a site handles the “Sign In With Microsoft” option, when there’s an existing account under the same email address. This is an irritating problem for an end-user, when a site offers multiple sign-in options. Trying to remember which option was used to set up an account is a struggle, so many services automatically merge accounts.

The problem is that the Microsoft Azure authentication information includes an email address, but Microsoft hasn’t done any verification that the account in question actually controls that address. And in fact, it’s trivial for the Azure admin to change that address at whim. So if the service accepts that email address as authoritative, and auto-merges the accounts, it’s a trivial account takeover. And it’s more than just a theoretical problem, as researchers at descope were able to demonstrate the attack, and have found multiple medium and large services that were vulnerable, as well as at least two authentication providers that themselves were vulnerable to this attack.

Microsoft has pushed updates to the Azure AD service to make the issue easier to avoid, though it seems that the unverified “email” field is still being sent on authentication transactions. There is a new flag, “RemoveUnverifiedEmailClaim” that eliminates the issue, and is enabled by default for new applications. Unfortunately this means that existing vulnerable applications will continue to be vulnerable until fixed on the application side. Continue reading “This Week In Security: NOAuth, MiniDLNA, And Ticket To Ride” →

Easy Modifications For Inexpensive Radios

June 23, 2023 by Bryan Cockfield 65 Comments

Over the past decade or so, amateur radio operators have benefited from an influx of inexpensive radios based around a much simpler design than what was typically commercially available, bringing the price of handheld dual-band or GMRS radios to around $20. This makes the hobby much more accessible, but they have generated some controversy as they tend to not perform as well and can generate spurious emissions and other RF interference that a higher quality radio might not create. But one major benefit besides cost is that they’re great for tinkering around, as their simplified design is excellent for modifying. This experimental firmware upgrade changes a lot about this Quansheng model.

With the obligatory warning out of the way that modifying a radio may violate various laws or regulations of some localities, it looks like this modified firmware really expands the capabilities of the radio. The chip that is the basis of the radio, the BK4819, has a frequency range of 18-660 MHz and 840-1300 MHz but not all of these frequencies will be allowed with a standard firmware in order to comply with various regulations. However, there’s typically no technical reason that a radio can’t operate on any arbitrary frequency within this range, so opening up the firmware can add a lot of functionality to a radio that might not otherwise be capable.

Some of the other capabilities this modified firmware opens up is the ability to receive in various other modes, such as FM and AM within the range of allowable frequencies. To take a more deep dive on what this firmware allows be sure to check out the original GitHub project page as well, and if you’re curious as to why these inexpensive radios often run afoul of radio purists and regulators alike, take a look at some of the problems others have had in Europe.

Powerful Water Pump Is Modular In Nature

June 23, 2023 by Lewin Day 28 Comments

If you’ve got one decently powerful DC motor, you could conceivably build a water pump. Gang up ten of them, however, and you could build something considerably more powerful, as [akashv44] demonstrates.

The design is straightforward, relying on simple impeller pumps driven by RS-775 DC motors. The pump housings and impellers are all 3D printed. They’re designed so that the motor integrates neatly with the pump housing, and so that multiple pumps can easily be ganged up into a single larger unit. [akashv44] demonstrates a build using ten individual pump units with a large manifold, allowing the output of all the pumps to be combined into one single outlet.

The concept is straightforward enough, and running on a 48-volt power supply, it’s clear that the pump can move a significant amount of water. Notably, though, it would be possible to improve significantly with some design changes. Currently, the water path from the pumps must make several 90-degree turns, harming efficiency. We’d love to see the pumps angled nicely into more advanced manifolds which would more smoothly combine the streams together. This would likely result in a far greater output from the system.

In any case, 3D printing pumps is an increasingly popular pastime around here.

Will The Lilium Jet Work? A Deep-Dive Into The Physics Behind EVTOL Aircraft

June 22, 2023 by Maya Posch 27 Comments

The Lilium Jet is a proposed eVTOL (electric Vertical Take Off and Landing) aircraft that the German company Lilium GmbH has claimed it will bring to the market ‘soon’, which would made it the first eVTOL aircraft in the world to enter into commercial service. As anyone who has any experience with VTOL knows, it’s a tricky subject to engineer, let alone when you want to do it fully electric. In a deep-dive video on the Lilium Jet and eVTOL in general, [John Lou] goes through the physics behind VTOL take-off, landing and flight, as well as range and general performance.

It is clear that Lilium’s presented aircraft concept has many issues, some of which are due to new and unproven technologies, while others seem to be founded in over-promising and likely under-delivering. With Lilium having signed a number of contracts to deliver the first Pioneer Edition Lilium Jets and commercial service promised by 2025, it’s hard to ignore that the first full prototype of the 7-seater Lilium Jet is supposed to fly this year.

Although as [John] points out in the video, eVTOL is not an impossible concept, it is important to remain realistic about what is physically possible, and not seek to push the boundaries. When the UK introduced its first mass-produced VTOL jet in the form of the Harrier, it too faced an uncomfortable time as bugs got ironed out. As these eVTOL aircraft would be carrying real human passengers, it’s a good place to realize that although you can pick a fight with physics, you will never come out on the winning side.

Hopefully Lilium realizes this too, and these sleek, battery-powered aircraft will truly take to the skies in a few years.

Continue reading “Will The Lilium Jet Work? A Deep-Dive Into The Physics Behind EVTOL Aircraft” →