Many of us have oscilloscopes and other instruments with built-in digital interfaces, but how many of us use them? [Andrej Radović] has a Tektronix TDS2022 which can print its screen to any of its various interfaces, and he set about automating the process of acquisition with a Bash script.
The easiest interface to use was the trusty serial port — hardly the fastest but definitely the best supported. But how does one retrieve an image fired down a serial port? Most of the post is devoted to spotting file headers in a Bash script monitoring the serial port, and streaming the result to a local file. There’s a discussion of the various formats supported by the Tek, with an ancient PCX bitmap format being chosen over Postscript for speed. The result is a decent quality screen grab, making the ‘scope that little bit more useful and perhaps extending its life.
Perhaps your instrument isn’t a TEK, but the chances are you can still make it bend to your will from a PC. Try it, with the magic of VISA.
Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort of database this was, or how exactly it was accessed. But the result is 2.3 million exposed records, containing email address, photos — sometimes explicit, and more. Apparently also exposed were server backups and logs.
The good news here is that once [Jeremiah Fowler] discovered the database door unlocked and hanging open, he made a disclosure, and the database was secured. We can only hope that it wasn’t discovered by any bad actors in the meantime. The app has now disappeared from the Google Play store, and had just a bit of a sketchy air about it.
WooCommerce Under Siege
Back in March, CVE-2023-28121 was fixed in the WooCommerce plugin for WordPress. The issue here is an authentication bypass that allows an unauthenticated user to commandeer other user accounts.
Within a few months, working exploits had been derived from the details of the patch plugging the hole. It wasn’t hard. A function for determining the current user was explicitly trusting the contents of the X-WCPAY-PLATFORM-CHECKOUT-USER request header. Set that value in a request sent to the server, and ding, you’re administrator.
And now the cows are coming home to roost. Active exploitation started in earnest on July 14, and the folks at Wordfence clocked a staggering 1.3 million exploitation attempts on the 16th. What’s particularly interesting is that the Wordfence data gathering system saw a huge increase in requests for the readme.txt file that indicates the presence of the WooCommerce plugin on a WordPress site. These requests were observed before the attacks got started, making for an interesting early warning system. Continue reading “This Week In Security: Dating App, WooCommerce, And OpenSSH”→
[Xander Naumenko] has created something truly impressive — a working RISC-V CPU completely contained in a Terraria world. And then for added fun, he wrote the game of pong, playable in real time, from within the game of Terraria. It’s all based on the in-game wiring system, combined with a bit of a hack that uses the faulty lamp mechanic to create a very odd AND gate. In Terraria, the existing logic gates have timing issues that make them a no-go for complicated projects like this one. The faulty lamp is intended to do randomized outputs, by stacking multiple inputs to get a weighted output when a clock signal is applied. The hack is to simply give this device a single input, turning it into a clocked IF gate. Two of them together in series makes a clocked AND gate, and two in parallel make a clocked OR gate.
Why would [Xander] embark on this legendary endeavor? Apparently after over eight thousand hours clocked in game, one gets a bored of killing slimes and building NPC houses. And playing with the game’s wiring system turned on a metaphorical lightbulb, that the system could be used to build interesting systems. A prototype CPU, with a completely custom instruction set came next, and was powerful enough to compute Fibonacci. But that obviously wasn’t enough. Come back after the break for the rest of the story and the impressive video demonstration.
We live in a world where most of us take the transistor for granted. Within arm’s length of most people reading this, there are likely over ten billion of them sending electrons in every direction. But the transistor was not the first technology to come around to make the computer a possibility, but if you go to the lengths of building something with an alternative, like this vacuum tube computer, you may appreciate them just a tiny bit more.
This vacuum tube computer is called GLASNOST, which according to its creator [Paul] means “glass, no semiconductors” with the idea that the working parts of the computer (besides the passive components) are transparent glass tubes, unlike their opaque silicon-based alternatives. It boasts a graphical display on an oscilloscope, 4096 words of memory, and a custom four-bit architecture based only on NOT, NOR, and OR gates which are simpler to create with the bulky tubes.
The project is still a work in progress but already [Paul] has the core memory figured out and the computer modeled in a logic simulator. The next steps are currently being worked through which includes getting the logic gates to function in the real world. We eagerly await the next steps of this novel computer and, if you want to see one that was built recently and not in the distant past of the 1950s, take a look at the Electron Tube New Automatic Computer that was completed just a few years ago.
The RISC-V ISA specification contains the recipe for everything from the humblest of microcontrollers to the most accomplished of high-end application processors, but it’s fair to say that at our end of the market it’s mostly been something for the lower end. There are plenty of inexpensive small RISC-V microcontrollers, but so far not much powerful enough for example to run a Linux-based operating system.
It’s a situation that’s slowly changing though, and it looks as though things may have taken a turn for the better as a new BeagleBoard has appeared using a RISC-V chip. The BeagleV-Ahead has a BeagleBone form factor and packs an Alibaba T-Head TH1520 SoC, a 2GHz quad-core part with a GPU and DSP components on-board. They link to a selection of distributors, from which one can seemingly be bought for about $170.
It’s a departure from the ARM chips that have until now powered the BeagleBoard line, but its appearance shouldn’t come as a surprise to seasoned Beagle watchers as they announced their RISC-V developments back in 2021. We’re guessing they too had to contend with the chip shortage which hit other players such as Raspberry Pi, so we’re pleased to see a product on the market. In particular though we’re pleased to see one on a BeagleBoard. because unlike a random no-name single board computer they’re a manufacturer who supports their products.
There’s a page with a good choice of operating systems for the board, and we hope that this means they provide kernel support for this SoC. This is the real benefit of buying a BeagleBoard or a Raspberry Pi, because cheap competitors will typically support only one kernel version compared with their years of support. So while this board is by no means cheap, we’re hoping it heralds a new wave of powerful RISC-V computers. Something to look forward to indeed.
As a recent emigre from the Ubuntu Linux distribution to Manjaro, I’ve had the chance to survey the field as I chose a new distro, and I realised that there’s a whole world of operating systems out there that we all know about, but which few of us really know. Hence this is the start of what I hope will be a long-running series, in which I try different operating systems in my everyday life as a Hackaday writer, to find out about them and then to see whether they can deliver on the promise of giving me a stable platform on which to earn a living.
For that they need an internet connection and a web browser up-to-date enough to author Hackaday stories, as well as a decent graphics package. In addition to using the OS every day though, I’ll also be taking a look at what makes it different from all the others, what its direction and history is, and how user-friendly it is as an experience. Historical systems such as CP/M are probably out of the question as are extremely esoteric ones such as the famous TempleOS, but this still leaves plenty of choice for an operating system tourist. Join me then, as I try all the operating systems.
A Distro From The 1990s, Today
When deciding where to start on this road, there was an obvious choice. Slackware was the first Linux-based distribution I tried back in 1995, I’m not sure which version it was , but it came to me via a magazine coverdisk. It was by no means the first OS that captured my attention as I’d been an Amiga user for quite a few years at that point, but at the moment I can’t start with AmigaOS as I don’t have nay up-to-date Amiga-compatible hardware.
July 2023 also marks the 30th anniversary for the distro making it the oldest one still in active development, so this seems the perfect month to start this series with the descendant of my first Linux distro. Slackware 15 comes as a 3.8 GB ISO file download for 64-bit computers, and my target for the distro was an old desktop PC with an AMD processor and a big-enough spinning rust hard disk which had been a high-end gaming system a little over ten years ago. Not the powerhouse it once was, but it cost me nothing and it’s adequate for my needs. Installed on a USB Flash drive the Slackware installer booted, and I was ready to go. Continue reading “Jenny’s Daily Drivers: Slackware 15”→
At the heart of all computers is a clock, a dedicated timepiece ensuring that all of the parts of the computer are synchronized and can work together to execute the instructions that the computer receives. Clock speeds for most modern off-the-shelf computers and smartphones operate around a billion cycles per second, and even clocks that tick at a human-dizzying speed of a million times per second have been around since at least the 1970s. But there’s no reason a computer can’t run at a much slower speed, as [Greg] demonstrates in this video where he slows down a 6502 processor to a single clock cycle per second.
To reduce the clock speed from the megahertz range down to a single hertz or single clock cycle per second, [Greg] is using the pendulum from an actual clock. He attaches a small magnet to the bottom of the pendulum which is counted by a sensor as it swings past. Feeding that pulse into a monostable conditioner yields a clock signal which is usable for one of his 6502-based computers, and at this extremely slow rate, it’s possible to see the operation of a lot of the computers’ inner workings a step at a time. In fact, he optimized the computer’s operation as this slow speed let him see some inefficiencies in the program he was running.
It helps if your processor is static, of course. Older CPUs with dynamic storage for registers and some with limited-range PLLs would not work with this technique. The 8080A, for example, required a clock of at least 500 kHz.
Not only can this computer use a pendulum clock as the basis for its internal clock, but [Greg] also rigged up a mechanism to use a heartbeat. Getting in a little bit of exercise to increase his heart rate first will noticeably increase the computer’s speed. And, if you’re looking to get a deeper glimpse into the inner workings of a computer, we’d recommend looking at one which forgoes transistors in favor of relays.