Slider

4936 Articles

All About USB-C: Illegal Adapters

December 27, 2022 by 107 Comments

Let’s be clear – it’s not enough to have USB-C to USB-C cables. There’s a lot of cables that we might want to acquire for our day-to-day use, perhaps, for a transition period while we still own some amount of devices not adorned with a USB-C connector. However, the USB-C specification only accounts for a limited amount of kinds of cables, explicitly or implicitly excluding a range of cables that you might want to buy or make.

It’s my firm belief that, as a hacker, you should be able to buy any USB-C contraption that you could ever need. Hackers don’t need restrictions driven by marketing – they need understanding of how a piece of tech can or cannot be used, based on how it operates internally. I would like you to provide with such understanding, so that you can make informed decisions.

On the other hand, USB-C is designed to be used by less-than-skilled people, even if it often fails at that. (Cable labelling, anyone?) Clear definitions of what complies to a standard can help enforce it. Here’s the notorious story of a USB-C cable that killed a Chromebook, and launched a career of explaining USB-C specifics online for [Benson Leung]. There’s many such failure stories, in fact. Today, we’ll go through USB-C contraptions which might or might not fail you, depending on how you use them. Continue reading “All About USB-C: Illegal Adapters”

Hackaday Links Column Banner

Hackaday Links: December 25, 2022

December 25, 2022 by 21 Comments

Looks like it’s lights out on Mars for the InSight lander. The solar-powered lander’s last selfie, sent back in April, showed a thick layer of dust covering everything, including the large circular solar panels needed to power the craft. At the time, NASA warned that InSight would probably give up the ghost sometime before the end of the year, and it looks like InSight is sticking to that schedule. InSight sent back what might be its last picture recently, showing the SEIS seismic package deployed on the regolith alongside the failed HP3 “mole” experiment, which failed to burrow into the soil as planned. But one bad experiment does not a failed mission make — it was wildly successful at most everything it was sent there to do, including documenting the largest marsquake ever recorded. As it usually does, NASA has anthropomorphized InSight with bittersweet sentiments like “Don’t cry, I had a good life,” and we’re not quite sure how we feel about that. On the one hand, it kind of trivializes the engineering and scientific accomplishments of the mission, but then again, it seems to engage the public, so in the final rinse, it’s probably mostly harmless.

Continue reading “Hackaday Links: December 25, 2022”

Your Next Airport Meal May Be Delivered By Robot

December 23, 2022 by 26 Comments

Robot delivery has long been touted as a game-changing technology of the future. However, it still hasn’t cracked the big time. Drones still aren’t airdropping packages into our gutters by accident, nor are our pizzas brought to us via self-driving cars.

That’s not to say that able minds aren’t working on the problem. In one case, a group of engineers are working ton a robot that will handle the crucial duty of delivering food to hungry flyers at the airport.

Continue reading “Your Next Airport Meal May Be Delivered By Robot”

This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability

December 23, 2022 by 6 Comments

It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever a pull request is opened. But that pull request is run in some part of the target’s development environment, and there’s been a few clever attacks found over the years that take advantage of that. There’s now another one, what Legit Security calls Github Environment Injection, and there were some big-name organizations vulnerable to it.

The crux of the issue is the $GITHUB_ENV file, which contains environment variables to be set in the Actions environment. Individual variables get added to this file as part of the automated action, and that process needs to include some sanitization of data. Otherwise, an attacker can send an environment variable that includes a newline and completely unintended environment variable. And an unintended, arbitrary environment variable is game over for the security of the workflow. The example uses the NODE_OPTIONS variable to dump the entire environment to an accessible output. Any API keys or other secrets are revealed.

This particular attack was reported to GitHub, but there isn’t a practical way to fix it architecturally. So it’s up to individual projects to be very careful about writing untrusted data into the $GITHUB_ENV file.

Continue reading “This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability”

BBC World Service Turns 90

December 22, 2022 by 23 Comments

If you’ve ever owned a shortwave radio, you’ve probably listened at least a little to the BBC World Service. After all, they are a major broadcasting force, and with the British Empire or the Commonwealth spanning the globe, they probably had a transmitter close to your backyard. Recently, the BBC had a documentary about their early years of shortwave broadcasting. It is amazing both because it started so simply and when you think how far communications have progressed in just a scant 100 years.

Today, the BBC World Service broadcasts in over 40 languages distributing content via radio, TV, satellite, and the Internet. Hard to imagine it started with four people who were authorized to spend 10 pounds a week.

Continue reading “BBC World Service Turns 90”

Blood Pressure Monitoring, Courtesy Of Cameras And AI

December 21, 2022 by 60 Comments

At the basic level, methods of blood pressure monitoring have slowly changed in the last few decades. While most types of sphygmomanometer still rely on a Velcro cuff placed around the arm, the methodology used in measurement varies. Analog mercury and aneroid types still abound, while digital blood pressure monitors using electrical sensors have become mainstream these days.

Researchers have now developed a new non-invasive method of measurement that does away with the arm cuff entirely. The method relies entirely on video capture with a camera and processing via AI.

Continue reading “Blood Pressure Monitoring, Courtesy Of Cameras And AI”

Big Chemistry: Liquefied Natural Gas

December 21, 2022 by 44 Comments

The topic of energy has been top-of-mind for us since the first of our ancestors came down out of the trees looking for something to eat that wouldn’t eat them. But in a world where the neverending struggle for energy has been abstracted away to the flick of a finger on a light switch or thermostat, thanks to geopolitical forces many of us are now facing the wrath of winter with a completely different outlook on what it takes to stay warm.

The problem isn’t necessarily that we don’t have enough energy, it’s more that what we have is neither evenly distributed nor easily obtained. Moving energy from where it’s produced to where it’s needed is rarely a simple matter, and often poses significant and interesting engineering challenges. This is especially true for sources of energy that don’t pack a lot of punch into a small space, like natural gas. Getting it across a continent is challenging enough; getting it across an ocean is another thing altogether, and that’s where liquefied natural gas, or LNG, comes into the picture.

Continue reading “Big Chemistry: Liquefied Natural Gas”