There once was a time when to make a PCB in our community was to use CadSoft EAGLE, a PCB design package which neatly filled the entry level of that category with a free version for non-commercial designs. Upgrading it to the commercial version was fairly inexpensive, and indeed that was a path which quite a few designers making the step from hobby project to small production would take.
If you’ve been car shopping lately, or even if you’ve just been paying attention to the news, you’ll probably be at least somewhat familiar with the kerfuffle over AM radio. The idea is that in these days of podcasts and streaming music, plain-old amplitude modulated radio is becoming increasingly irrelevant as a medium of mass communication, to the point that automakers are dropping support for it from their infotainment systems.
The threat of federal legislation seems to have tapped the brakes on the anti-AM bandwagon, at least for now. One can debate the pros and cons, but the most interesting tidbit to fall out of this whole thing is one of the strongest arguments for keeping the ability to receive AM in cars: emergency communications. It turns out that about 75 stations, most of them in the AM band, cover about 90% of the US population. This makes AM such a vital tool during times of emergency that the federal government has embarked on a serious program to ensure its survivability in the face of disaster.
The future, as seen in the popular culture of half a century or more ago, was usually depicted as quite rosy. Technology would have rendered every possible convenience at our fingertips, and we’d all live in futuristic automated homes — no doubt while wearing silver clothing and dreaming about our next vacation on Mars.
Of course, it’s not quite worked out this way. A family from 1965 whisked here in a time machine would miss a few things such as a printed newspaper, the landline telephone, or receiving a handwritten letter; they would probably marvel at the possibilities of the Internet, but they’d recognise most of the familiar things around us. We still sit on a sofa in front of a television for relaxation even if the TV is now a large LCD that plays a streaming service, we still drive cars to the supermarket, and we still cook our food much the way they did. George Jetson has not yet even entered the building.
The Future is Here, and it Responds to “Alexa”
“Alexa, why haven’t you been a commercial success?” Gregory Varnum, CC BY-SA 4.0
There’s one aspect of the Jetsons future that has begun to happen though. It’s not the futuristic automation of projects such as Disneyland’s Monsanto house Of The Future, but instead it’s our current stuttering home automation efforts. We’re not having domestic robots in pinnies hand us rolled-up newspapers, but we’re installing smart lightbulbs and thermostats, and we’re voice-controlling them through a variety of home hub devices. The future is here, and it responds to “Alexa”.
But for all the success that Alexa and other devices like it have had in conquering the living rooms of gadget fans, they’ve done a poor job of generating a profit. It was supposed to be a gateway into Amazon services alongside their Fire devices, a convenient household companion that would help find all those little things for sale on Amazon’s website, and of course, enable you to buy them. Then, Alexa was supposed to move beyond your Echo and into other devices, as your appliances could come pre-equipped with Alexa-on-a-chip. Your microwave oven would no longer have a dial on the front, instead you would talk to it, it would recognise the food you’d brought from Amazon, and order more for you.
Instead of all that, Alexa has become an interface for connected home hardware, a way to turn on the light, view your Ring doorbell on models with screens, catch the weather forecast, and listen to music. It’s a novelty timepiece with that pod bay doors joke built-in, and worse that that for the retailer it remains by its very nature unseen. Amazon have got their shopping cart into your living room, but you’re not using it and it hardly reminds you that it’s part of the Amazon empire at all.
But it wasn’t supposed to be that way. The idea was that you might look up from your work and say “Alexa, order me a six-pack of beer!”, and while it might not come immediately, your six-pack would duly arrive. It was supposed to be a friendly gateway to commerce on the website that has everything, and now they can’t even persuade enough people to give it a celebrity voice for a few bucks.
The Gadget You Love to Hate
In the first few days after the Echo’s UK launch, a member of my hackerspace installed his one in the space. He soon became exasperated as members learned that “Alexa, add butt plug to my wish list” would do just that. But it was in that joke we could see the problem with the whole idea of Alexa as an interface for commerce. He had locked down all purchasing options, but as it turns out, many people in San Diego hadn’t done the same thing. As the stories rolled in of kids spending hundreds of their parents’ hard-earned on toys, it would be a foolhardy owner who would leave left purchasing enabled. Worse still, while the public remained largely in ignorance the potential of the device for data gathering and unauthorized access hadn’t evaded researchers. It’s fair to say that our community has loved the idea of a device like the Echo, but many of us wouldn’t let one into our own homes under any circumstances.
So Alexa hasn’t been a success, but conversely it’s been a huge sales success in itself. The devices have sold like hot cakes, but since they’ve been sold at close to cost, they haven’t been the commercial bonanza they might have hoped for. But what can be learned from this, other than that the world isn’t ready for a voice activated shopping trolley?
Sadly for most Alexa users it seems that a device piping your actions back to a large company’s data centres is not enough of a concern for them. It’s an easy prediction that Alexa and other services like it will continue to evolve, with inevitable AI pixie dust sprinked on them. A bet could be on the killer app being not a personal assistant but a virtual friend with some connections across a group of people, perhaps a family or a group of friends. In due course we’ll also see locally hosted and open source equivalents appearing on yet-to-be-released hardware that will condense what takes a data centre of today’s GPUs into a single board computer. It’s not often that our community rejoices in being late to a technological party, but I for one want an Alexa equivalent that I control rather than one that invades my privacy for a third party.
The flaw was a command injection bug triggered by .tar files attached to incoming emails. The appliance scans attachments automatically, and the file names could trigger the qx operator in a Perl script. It’s a nasty one, ranking a 9.4 on the CVSS scale. But the really bad news is that Barracuda found the vulnerability in the wild, and they have found evidence of exploitation as far back as October 2022.
There have been three malware modules identified on the compromised appliances. SALTWATER is a backdoor trojan, with the ability to transfer files, execute commands, and host network tunnels. SEASPY is a stealthier module, that looks like a legitimate service, and uses PCAP to monitor traffic and receive commands. And SEASIDE is a Lua module for the Barracuda SMTP monitor, and it exists to host a reverse shell on command. Indicators of Compromise (IOCs) have been published, and Barracuda recommends the unplug-and-remove approach to cleaning up an infection. The saving grace is that this campaign seems to have been targeted, and wasn’t launched against every ESG on the Internet, so maybe you’re OK.
Moxa, Too
And speaking of security software that has problems, the Moxa MXsecurity appliance has a pair of problems that could be leveraged together to lead to a complete device takeover. The most serious problem is a hard coded credential, that allows authentication bypass for the web-API. Then the second issue is a command-line escape, where an attacker with access to the device’s Command Line Interface (CLI) can break out and run arbitrary commands. Continue reading “This Week In Security: Barracuda, Zyxel, And The Backdoor”→
I grew up in a small town with a small library. The next town over had what I thought at the time was a big library, but it was actually more like my town had a tiny library, and the next one over had an actual small library. When I left to go to University, I found out what a real library looked like, and I was mesmerized. Books! Lots of books, many of them written in the current decade. My grades probably suffered from the amount of time I spent in the library reading things that didn’t directly relate to my classes. But there was one thing I found that would turn out to be life-changing: A real computer magazine. Last month, Harry McCracken pointed out that the last two widely-distributed American consumer computer magazines ceased paper publication. It is the end of an era, although honestly, it is more like a comatose patient expiring than a shocking and sudden demise.
Dr. Dobb’s first issue was far from the slick commercial magazine it would become.
Actually, before I had gone to college, I did have a subscription to Kilobaud, and I still have some copies of those. No offense to Wayne Green, but Kilobaud wasn’t that inspiring. It was more an extension of his magazine “73”, and while I enjoyed it, it didn’t get me dreaming. Dr. Dobb’s Journal — the magazine I found in the stacks of my University’s library — was tangibly different. There was an undertone of changing the world. We weren’t sure why yet, but we knew that soon, everyone would have a computer. Maybe they’d balance their checkbook or store recipes. A few people already saw the potential of digital music reproduction, although, I must admit, it was so poor at the time, I couldn’t imagine who would ever care.
I say it was life-changing to discover the few issues of Dr. Dobb’s that were published back then because I would go on to contribute to Dr. Dobb’s throughout its storied history. I wrote the infamous DOS extender series, produced special issues, and, when it went mostly digital, was the embedded system blogger for them for more years than I care to admit. In fact, I have the dubious distinction of having the final blog posted; although the website has suffered enough bit rot, I’m not sure any of it has survived other than, maybe, on the Wayback machine. While I wasn’t with the magazine for its entire 38-year run, I read it for at least 35 and had some function there for about 24 of those.
With few exceptions, every field has a pretty modest set of tools that would be considered the minimum for getting most jobs done. A carpenter can make do with tools that would fit in a smallish bag, while a mechanic can handle quite a few repairs with a simple set of socket wrenches and other tools. Even in electronics, a lot of repairs and projects can be tackled with little more than a couple of pairs of pliers, some cutters, and a cheap soldering iron.
But while the basic kit of tools for any job may be enough, there will always be those jobs that need more tools. Oh sure, sometimes you can — and should — make do with what you’ve got; I can’t count the number of times I’ve used an elastic band wrapped around the handles of a pair of needlenose pliers as an impromptu circuit board vise. But eventually, you’re going to come upon a situation where only the “real” tool will do, and substitutes need not apply.
As I look around my shop and my garage, I realize that I may have a problem with these “tactical tool” purchases. I’ve bought so many tools that I’ve used far fewer times than I thought I would, or perhaps even never used, that I’m beginning to wonder if I tackle projects just as an excuse to buy tools. Then again, some of my tactical purchases have ended up being far more useful than I ever intended, which has only reinforced my tendency toward tool collecting. So I thought I’d share a few of my experiences with tactical tools, and see how the community justifies tactical tool acquisitions.
Much of the reporting around climate change focuses on carbon dioxide. It’s public enemy number one when it comes to gases that warm the atmosphere, as a primary byproduct of fossil fuel combustion.
It’s not the only greenhouse gas out there, though. Methane itself is a particularly potent pollutant, and one that is being emitted in altogether excessive amounts. Satellites are now on the hunt for methane emissions in an attempt to save the world from this odorless, colorless gas.
