Are There Better Things To Hurl Into Orbit Than A Sports Car?

We’ve been having a lively discussion behind the scenes here at Hackaday, about SpaceX’s forthcoming launch of their first Falcon Heavy rocket. It will be carrying [Elon Musk]’s red Tesla Roadster, and should it be a successful launch, it will place the car in an elliptical orbit round the Sun that will take it to the Martian orbit at its furthest point.

On one hand, it seems possible that [Musk]’s sports car will one day be cited by historians as the exemplar of the excesses of the tech industry in the early 21st century. After all, to spend the millions of dollars required to launch the largest reusable space launch platform ever created, and then use it to hurl an electric vehicle into orbit round the Sun seems to be such a gratuitous waste of resources, an act of such complete folly as to be criminal.

Surely even given that there is a reasonable chance of a first launch ending in fiery destruction it must be worth their while canvassing the universities and research institutions of the world with the offer of a free launch, after all there must be a significant amount of science that would benefit from some cost-free launch capacity! It seems a betrayal of the famous “Why explore space” letter from the associate science director of NASA to a nun who questioned the expenditure while so many in the developing world were starving.

Testing

But on the other hand, first launches of rockets are a hazardous endeavour, as the metaphorical blue touchpaper is lit on the world’s largest firework for the first time. Satellites are expensive devices, and it would be a foolhardy owner who entrusted their craft to a launch vehicle with a good chance of a premature splashdown.

Launch of first Arianne 5. Not where you want your pricey satellite.

First launches traditionally carry a ballast rather than a payload, for example NASA have used tanks of water for this purpose in the past. SpaceX has a history of novelty payloads for their test launches; their first Dragon capsule took a wheel of cheese into space and returned it to Earth. We picture Musk looking around a big warehouse and saying, “well, we got a lot of cars!”

There is a fascinating question to be posed by the launch of the car, just what did they have to do to it to ensure that it could be qualified for launch? Satellite manufacture is an extremely exacting branch of engineering, aside from the aspect of ensuring that a payload will work it must both survive the launch intact and not jeopardise it in any way. It’s safe to say that the Roadster will not have to function while in orbit as the roads of California will be far away, but cars are not designed with either the stresses of launch or the transition to zero gravity and the vacuum of space in mind. Will a glass windscreen originally specified for a Lotus Elise on the roads of Norfolk shatter during the process and shower the inside of the craft with glass particles, for example? There must have been an extensive space qualification programme for it to pass, from vibration testing through removal of any hazards such as pressurised gases or corrosive chemicals, if only the folks at SpaceX would share some its details that would make for a fascinating story in itself.

Space Junk

So the Tesla Roadster is a huge publicity stunt on behalf of SpaceX, but it serves a purpose that would otherwise have to have been taken by an unexciting piece of ballast. It will end up as space junk, but in an orbit unlikely to bring it into contact with any other craft. If its space-suited dummy passenger won’t be providing valuable data on the suit’s performance we’d be extremely surprised, and when it is finally retrieved in a few centuries time it will make a fascinating exhibit for the Smithsonian.

Given a huge launch platform and the chance to fill it with a novelty item destined for orbit,the Hackaday team stepped into overdrive with suggestions as to what might be launched were they in charge. They varied from Douglas Adams references such as a heart of gold or a whale and a bowl of petunias should the rocket abort and the payload crash to earth, to a black monolith and a few ossified ape remains to confuse space historians. We briefly evaluated the theory that the Boring Company is in fact a hiding-in-plain-sight construction organisation for a forthcoming Evil Lair beneath the surface of Mars, before concluding that maybe after all the car is a pretty cool thing to use as ballast for a first launch.

It may be reaching towards seven decades since the first space programmes successfully sent rockets beyond the atmosphere with the aim of exploration, but while the general public has become accustomed to them as routine events they remain anything but to the engineers involved. The Falcon Heavy may not have been developed by a government, but it represents every bit as astounding an achievement as any of its predecessors. Flinging an electric vehicle into orbit round the Sun is a colossal act of showmanship and probably a waste of a good car, but it’s also more than that. In hundreds of years time the IoT devices, apps, 3D printers, quadcopters or whatever else we toil over will be long forgotten. But there will be a car orbiting the Sun that remains a memorial to the SpaceX engineers who made its launch possible, assuming it doesn’t blow up before it gets there. What at first seemed frivolous becomes very cool indeed.

Global Resistor Shortage, Economics, and Consumer Behavior

The passive component industry — the manufacturers who make the boring but vital resistors, capacitors, and diodes found in every single electronic device — is on the cusp of a shortage. You’ll always be able to buy a 220 Ω, 0805 resistor, but instead of buying two for a penny like you can today, you may only get one in the very near future.

Yageo, one of the largest manufacturers of surface mount (SMD) resistors and multilayer ceramic capacitors, announced in December they were not taking new chip resistor orders. Yageo was cutting production of cheap chip resistors to focus on higher-margin niche-market components for automotive, IoT, and other industrial uses, as reported by Digitimes. Earlier this month, Yaego resumed taking orders for chip resistors, but with 15-20% higher quotes (article behind paywall, try clicking through via this Tweet).

As a result, there are rumors of runs on passive components at the Shenzhen electronics market, and several tweets from members of the electronics community have said the price of some components have doubled. Because every electronic device uses these ‘jellybean’ parts, a decrease in supply or increase in price means some products won’t ship on time, margins will be lower, or prices on the newest electronic gadget will increase.

The question remains: are we on the brink of a resistor shortage, and what are the implications of manufacturers that don’t have the parts they need?

Continue reading “Global Resistor Shortage, Economics, and Consumer Behavior”

Opt-Out Fitness Data Sharing Leads to Massive Military Locations Leak

People who exercise with fitness trackers have a digital record of their workouts. They do it for a wide range of reasons, from gathering serious medical data to simply satisfying curiosity. When fitness data includes GPS coordinates, it raises personal privacy concerns. But even with individual data removed, such data was still informative enough to spill the beans on secretive facilities around the world.

Strava is a fitness tracking service that gathers data from several different brands of fitness tracker — think Fitbit. It gives athletes a social media experience built around their fitness data: track progress against personal goals and challenge friends to keep each other fit. As expected of companies with personal data, their privacy policy promised to keep personal data secret. In the same privacy policy, they also reserved the right to use the data shared by users in an “aggregated and de-identified” form, a common practice for social media companies. One such use was to plot the GPS data of all their users in a global heatmap. These visualizations use over 6 trillion data points and can be compiled into a fascinating gallery, but there’s a downside.

This past weekend, [Nathan Ruser] announced on Twitter that Strava’s heatmap also managed to highlight exercise activity by military/intelligence personnel around the world, including some suspected but unannounced facilities. More worryingly, some of the mapped paths imply patrol and supply routes, knowledge security officers would prefer not to be shared with the entire world.

This is an extraordinary blunder which very succinctly illustrates a folly of Internet of Things. Strava’s anonymized data sharing obsfucated individuals, but didn’t manage to do the same for groups of individuals… like the fitness-minded active duty military personnel whose workout habits are clearly defined on these heat maps. The biggest contributor (besides wearing a tracking device in general) to this situation is that the data sharing is enabled by default and must be opted-out:

“You can opt-out of contributing your anonymized public activity data to Strava Metro and the Heatmap by unchecking the box in this section.” —Strava Blog, July 2017

We’ve seen individual fitness trackers hacked and we’ve seen people tracked through controlled domains before, but the global scope of [Nathan]’s discovery puts it in an entirely different class.

[via Washington Post]

Local Infrastructure: The Devil is in the Details

About two months ago I rode my bike to work like any other day, but on the way home a construction project seemed to have spontaneously started at one of the bridges that I pass over. Three lanes had merged into one which, for a federal highway, seemed like a poorly planned traffic pattern for a such a major construction project. As it happens, about an hour after I biked across this bridge that morning both outside sections of the bridge fell into the water. There was no other physical damage that seemed to explain why parts of a bridge on U.S. 1 would suddenly collapse.

The intriguing thing about this bridge collapse was that the outer retaining wall and about half of the sidewalk on both the northbound side and the southbound side had fallen into the water at the same time. This likely wasn’t caused by something like a boat impact, car accident, or an overweight truck. Indeed, Florida Department of Transportation (FDOT) investigated the incident and found that two post tension wires that held these sections of the bridge together had failed, making it unsafe for pedestrians and bicyclists but also for any boaters below. Continue reading “Local Infrastructure: The Devil is in the Details”

Spectre and Meltdown: Attackers Always Have The Advantage

While the whole industry is scrambling on Spectre, Meltdown focused most of the spotlight on Intel and there is no shortage of outrage in Internet comments. Like many great discoveries, this one is obvious with the power of hindsight. So much so that the spectrum of reactions have spanned an extreme range. From “It’s so obvious, Intel engineers must be idiots” to “It’s so obvious, Intel engineers must have known! They kept it from us in a conspiracy with the NSA!”

We won’t try to sway those who choose to believe in a conspiracy that’s simultaneously secret and obvious to everyone. However, as evidence of non-obviousness, some very smart people got remarkably close to the Meltdown effect last summer, without getting it all the way. [Trammel Hudson] did some digging and found a paper from the early 1990s (PDF) that warns of the dangers of fetching info into the cache that might cross priviledge boundaries, but it wasn’t weaponized until recently. In short, these are old vulnerabilities, but exploiting them was hard enough that it took twenty years to do it.

Building a new CPU is the work of a large team over several years. But they weren’t all working on the same thing for all that time. Any single feature would have been the work of a small team of engineers over a period of months. During development they fixed many problems we’ll never see. But at the end of the day, they are only human. They can be 99.9% perfect and that won’t be good enough, because once hardware is released into the world: it is open season on that 0.1% the team missed.

The odds are stacked in the attacker’s favor. The team on defense has a handful of people working a few months to protect against all known and yet-to-be discovered attacks. It is a tough match against the attackers coming afterwards: there are a lot more of them, they’re continually refining the state of the art, they have twenty years to work on a problem if they need to, and they only need to find a single flaw to win. In that light, exploits like Spectre and Meltdown will probably always be with us.

Let’s look at some factors that paved the way to Intel’s current embarrassing situation.

Continue reading “Spectre and Meltdown: Attackers Always Have The Advantage”

The 348,296th Article About Cryptocurrency

The public has latched onto the recent market events with an intense curiosity brought about by a greed for instant riches. In the last year alone, the value of Bitcoin has risen by 1,731%. We’re talking gold rush V2.0, baby. Money talks, and with a resounding $615 billion held up in cryptocurrencies, it is clear why this is assuredly not the first cryptocurrency article you have read — maybe even today. An unfortunate side effect of mass interest in a subject is the wildfire-like spread of misinformation. So, what exactly is a blockchain, and what can you still do now that everyone has finally jumped on the cryptocurrency bandwagon?

Continue reading “The 348,296th Article About Cryptocurrency”

Let’s Talk Intel, Meltdown, and Spectre

This week we’ve seen a tsunami of news stories about a vulnerability in Intel processors. We’re certain that by now you’ve heard of (and are maybe tired of hearing about) Meltdown and Spectre. However, as a Hackaday reader, you are likely the person who others turn to when they need to get the gist of news like this. Since this has bubbled up in watered-down versions to the highest levels of mass media, let’s take a look at what Meltdown and Spectre are, and also see what’s happening in the other two rings of this three-ring circus.

Meltdown and Spectre in a Nutshell

These two attacks are similar. Meltdown is specific to Intel processors and kernel fixes (basically workarounds implemented by operating systems) will result in a 5%-30% speed penalty depending on how the CPU is being used. Spectre is not limited to Intel, but also affects AMD and ARM processors and kernel fixes are not expected to come with a speed penalty.

Friend of Hackaday and security researcher extraordinaire Joe Fitz has written a superb layman’s explanation of these types of attacks. His use of the term “layman” may be a little more high level than normal — this is something you need to read.

The attack exploits something called branch prediction. To boost speed, these processors keep a cache of past branch behavior in memory and use that to predict future branching operations. Branch predictors load data into memory before checking to see if you have permissions to access that data. Obviously you don’t, so that memory will not be made available for you to read. The exploit uses a clever guessing game to look at other files also returned by the predictor to which you do have access. If you’re clever enough, you can reconstruct the restricted data by iterating on this trick many many times.

For the most comprehensive info, you can read the PDF whitepapers on Meltdown and Spectre.

Update: Check Alan Hightower’s explanation of the Meltdown exploit left as a comment below. Quite good for helping deliver better understanding of how this works.

Frustration from Kernel Developers

These vulnerabilities are in silicon — they can’t be easily fixed with a microcode update which is how CPU manufacturers usually workaround silicon errata (although this appears to be an architectural flaw and not errata per se). An Intel “fix” would amount to a product recall. They’ve already said they won’t be doing a recall, but how would that work anyway? What’s the lead time on spinning up the fabs to replace all the Intel chips in use — yikes!

So the fixes fall on the operating systems at the kernel level. Intel should be (and probably is behind the scenes) bowing down to the kernel developers who are saving their bacon. It is understandably frustrating to have to spend time and resources patching these vulnerabilities, which displaces planned feature updates and improvements. Linus Torvalds has been throwing shade at Intel — anecdotal evidence of this frustration:

“I think somebody inside of Intel needs to really take a long hard look at their CPU’s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.”

That’s the tamest part of his message posted on the Linux Kernel Mailing List.

Stock Sales Kerfuffle is Just a Distraction

The first thing I did on hearing about these vulnerabilities on Tuesday was to check Intel’s stock price and I was surprised it hadn’t fallen much. In fact, peak to peak it’s only seen about an 8% drop this week and has recovered some from that low.

Of course, it came out that back in November Intel’s CEO Bryan Krzanich sold off his Intel stock to the tune of $24 Million, bringing him down to his contractual minimum of shares. He likely knew about Meltdown when arranging that sale. Resist the urge to flame on this decision. Whether it’s legal or not, hating on this guy is just a distraction.

What’s more interesting to me is this: Intel is too big to fail. What are we all going to do, stop using Intel and start using something else? You can’t just pull the chip and put a new one in, in the case of desktop computers you need a new motherboard plus all the supporting stuff like memory. For servers, laptops, and mobile devices you need to replace the entire piece of equipment. Intel has a huge market share, and silicon has a long production cycle. Branch prediction has been commonplace in consumer CPUs going back to 1995 when the Pentium Pro brought it to the x86 architecture. This is a piece of the foundation that will be yanked out and replaced with new designs that provide the same speed benefits without the same risks — but that will take time to make it into the real world.

CPUs are infrastructure and this is the loudest bell to date tolling to signal how important their design is to society. It’s time to take a hard look at what open silicon design would bring to the table. You can’t say this would have been prevented with Open design. You can say that the path to new processors without these issues would be a shorter one if there were more than two companies producing all of the world’s processors — both of which have been affected by these vulnerabilities.