computer hacks

1402 Articles

computer hacks

Understanding And Using Unicode

July 28, 2023 by 43 Comments

Computer engineer [Marco Cilloni] realized a lot of developers today still have trouble dealing with Unicode in their programs, especially in the C/C++ world. He wrote an excellent guide that summarizes many of the issues surrounding Unicode and its encoding called “Unicode is harder than you think“. He first presents a brief history of Unicode and how it came about, so you can understand the reasons for the frustrating edge cases you’re bound to encounter.

There have been a variety of Unicode encoding methods over the years, but modern programs dealing with strings will probably be using UTF-8 encoding — and you should too. This multibyte encoding scheme has the convenient property of not changing the original character values when dealing with 7-bit ASCII text. We were surprised to read that there is actually an EBCDIC version of UTF still officially on the books today:

UTF-EBCDIC, a variable-width encoding that uses 1-byte characters designed for IBM’s EBCDIC systems (note: I think it’s safe to argue that using EBCDIC in 2023 edges very close to being a felony)

Continue reading “Understanding And Using Unicode”

Running A Modern Graphics Card In A 33 MHz PCI Slot

July 26, 2023 by 22 Comments

If you ever looked at a PCI to PCIe x16 adapter and wondered what’d happen if you were to stick a modern PCIe GPU in it, the answer apparently is ‘it works’ according to an attempt by [Circuit Rewind]. As long as you accept needing to supply external power with even a low-end GT 1030 card – as the PCI slot cannot provide enough power – and being limited to a single PCIe lane. This latter point isn’t so much of an issue as a single PCIe lane offers more bandwidth than the (shared) PCI bus anyway.

Despite the somewhat improvised setup, the GT 1030 card provided a decent 1080p experience in a range of games, after removing half of the 8 GB of system RAM before the configuration would work, probably due to VRAM mapping issues. Since the mainboard used also offered PCIe, the same card was run in a PCIe x4 slot, as well as in an x1 configuration, both with noticeably higher performance and putting the ‘why’ in ‘try’.

Perhaps unsurprisingly, a RTX 3080 also booted fine with external power and only 4 GB system RAM installed. Despite the PCIe x1 link, the system was able to finish a 3D benchmark and play Doom 2016, but with only 4 GB of system RAM and an old Athlon quad-core CPU, it was a terrible experience. Perhaps the most fascinating lesson to learn from this is that PCI and PCIe are amazingly compatible with only a simple translation bridge, even if high-performance graphics aren’t quite what PCI was meant for. After all, that’s why we got cursed with AGP for many years.

Continue reading “Running A Modern Graphics Card In A 33 MHz PCI Slot”

Grab Your ‘Scope’s Screen From The Command Line

July 25, 2023 by 9 Comments

Many of us have oscilloscopes and other instruments with built-in digital interfaces, but how many of us use them? [Andrej Radović] has a Tektronix TDS2022 which can print its screen to any of its various interfaces, and he set about automating the process of acquisition with a Bash script.

The easiest interface to use was the trusty serial port — hardly the fastest but definitely the best supported. But how does one retrieve an image fired down a serial port? Most of the post is devoted to spotting file headers in a Bash script monitoring the serial port, and streaming the result to a local file. There’s a discussion of the various formats supported by the Tek, with an ancient PCX bitmap format being chosen over Postscript for speed. The result is a decent quality screen grab, making the ‘scope that little bit more useful and perhaps extending its life.

Perhaps your instrument isn’t a TEK, but the chances are you can still make it bend to your will from a PC. Try it, with the magic of VISA.

This Week In Security: Dating App, WooCommerce, And OpenSSH

July 21, 2023 by 4 Comments

Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort of database this was, or how exactly it was accessed. But the result is 2.3 million exposed records, containing email address, photos — sometimes explicit, and more. Apparently also exposed were server backups and logs.

The good news here is that once [Jeremiah Fowler] discovered the database door unlocked and hanging open, he made a disclosure, and the database was secured. We can only hope that it wasn’t discovered by any bad actors in the meantime. The app has now disappeared from the Google Play store, and had just a bit of a sketchy air about it.

WooCommerce Under Siege

Back in March, CVE-2023-28121 was fixed in the WooCommerce plugin for WordPress. The issue here is an authentication bypass that allows an unauthenticated user to commandeer other user accounts.

Within a few months, working exploits had been derived from the details of the patch plugging the hole. It wasn’t hard. A function for determining the current user was explicitly trusting the contents of the X-WCPAY-PLATFORM-CHECKOUT-USER request header. Set that value in a request sent to the server, and ding, you’re administrator.

And now the cows are coming home to roost. Active exploitation started in earnest on July 14, and the folks at Wordfence clocked a staggering 1.3 million exploitation attempts on the 16th. What’s particularly interesting is that the Wordfence data gathering system saw a huge increase in requests for the readme.txt file that indicates the presence of the WooCommerce plugin on a WordPress site. These requests were observed before the attacks got started, making for an interesting early warning system. Continue reading “This Week In Security: Dating App, WooCommerce, And OpenSSH”

This RISC-V CPU Games In Rust From Inside The Game

July 17, 2023 by 14 Comments

[Xander Naumenko] has created something truly impressive — a working RISC-V CPU completely contained in a Terraria world. And then for added fun, he wrote the game of pong, playable in real time, from within the game of Terraria. It’s all based on the in-game wiring system, combined with a bit of a hack that uses the faulty lamp mechanic to create a very odd AND gate. In Terraria, the existing logic gates have timing issues that make them a no-go for complicated projects like this one. The faulty lamp is intended to do randomized outputs, by stacking multiple inputs to get a weighted output when a clock signal is applied. The hack is to simply give this device a single input, turning it into a clocked IF gate. Two of them together in series makes a clocked AND gate, and two in parallel make a clocked OR gate.

Why would [Xander] embark on this legendary endeavor? Apparently after over eight thousand hours clocked in game, one gets a bored of killing slimes and building NPC houses. And playing with the game’s wiring system turned on a metaphorical lightbulb, that the system could be used to build interesting systems. A prototype CPU, with a completely custom instruction set came next, and was powerful enough to compute Fibonacci. But that obviously wasn’t enough. Come back after the break for the rest of the story and the impressive video demonstration.

Continue reading “This RISC-V CPU Games In Rust From Inside The Game”

GLASNOST Is A Computer That Makes Transparency A Priority

July 17, 2023 by 7 Comments

We live in a world where most of us take the transistor for granted. Within arm’s length of most people reading this, there are likely over ten billion of them sending electrons in every direction. But the transistor was not the first technology to come around to make the computer a possibility, but if you go to the lengths of building something with an alternative, like this vacuum tube computer, you may appreciate them just a tiny bit more.

This vacuum tube computer is called GLASNOST, which according to its creator [Paul] means “glass, no semiconductors” with the idea that the working parts of the computer (besides the passive components) are transparent glass tubes, unlike their opaque silicon-based alternatives. It boasts a graphical display on an oscilloscope, 4096 words of memory, and a custom four-bit architecture based only on NOT, NOR, and OR gates which are simpler to create with the bulky tubes.

The project is still a work in progress but already [Paul] has the core memory figured out and the computer modeled in a logic simulator. The next steps are currently being worked through which includes getting the logic gates to function in the real world. We eagerly await the next steps of this novel computer and, if you want to see one that was built recently and not in the distant past of the 1950s, take a look at the Electron Tube New Automatic Computer that was completed just a few years ago.

At Last, A Beagle V In The Wild

July 13, 2023 by 41 Comments

The RISC-V ISA specification contains the recipe for everything from the humblest of microcontrollers to the most accomplished of high-end application processors, but it’s fair to say that at our end of the market it’s mostly been something for the lower end. There are plenty of inexpensive small RISC-V microcontrollers, but so far not much powerful enough for example to run a Linux-based operating system.

It’s a situation that’s slowly changing though, and it looks as though things may have taken a turn for the better as a new BeagleBoard has appeared using a RISC-V chip. The BeagleV-Ahead has a BeagleBone form factor and packs an Alibaba T-Head TH1520 SoC, a 2GHz quad-core part with a GPU and DSP components on-board. They link to a selection of distributors, from which one can seemingly be bought for about $170.

It’s a departure from the ARM chips that have until now powered the BeagleBoard line, but its appearance shouldn’t come as a surprise to seasoned Beagle watchers as they announced their RISC-V developments back in 2021. We’re guessing they too had to contend with the chip shortage which hit other players such as Raspberry Pi, so we’re pleased to see a product on the market. In particular though we’re pleased to see one on a BeagleBoard. because unlike a random no-name single board computer they’re a manufacturer who supports their products.

There’s a page with a good choice of operating systems for the board, and we hope that this means they provide kernel support for this SoC. This is the real benefit of buying a BeagleBoard or a Raspberry Pi, because cheap competitors will typically support only one kernel version compared with their years of support. So while this board is by no means cheap, we’re hoping it heralds a new wave of powerful RISC-V computers. Something to look forward to indeed.