Slider

4973 Articles

Hackaday Links Column Banner

Hackaday Links: August 21, 2022

August 21, 2022 by 3 Comments

As side-channel attacks go, it’s one of the weirder ones we’ve heard of. But the tech news was filled with stories this week about how Janet Jackson’s “Rhythm Nation” is actually a form of cyberattack. It sounds a little hinky, but apparently this is an old vulnerability, as it was first noticed back in the days when laptops commonly had 5400-RPM hard drives. The vulnerability surfaced when the video for that particular ditty was played on a laptop, which would promptly crash. Nearby laptops of the same kind would also be affected, suggesting that whatever was crashing the machine wasn’t software related. As it turns out, some frequencies in the song were causing resonant vibrations in the drive. It’s not clear if anyone at the time asked the important questions, like exactly which part of the song was responsible or what the failure mode was on the drive. We’ll just take a guess and say that it was the drive heads popping and locking.

Continue reading “Hackaday Links: August 21, 2022”

Dream Projects Face Reality

August 20, 2022 by 26 Comments

Do you ever get a project stuck in your mind? An idea so good you just keep thinking about it? Going over iterations and options and pros and cons in the back of your mind, or maybe on paper, but having not yet subjected it to the hard work of pulling it into reality? I’ve had one of those lurking around for the last couple weeks, and it’s time for me to get building.

And I’ve got to get started soon, because it’s rare that any project makes the leap from thought to reality unscathed, and when I hold on to the in-thought project too long, I become far too fond of some of the details and nuances that just might not make the cut, or might get in the way of getting a first pass finished. When I really like a (theoretical) solution to a (theoretical) problem, I’ll try to make it work a lot longer than I should, and I can tell I’m getting attached to this one now.

The only cure to this illness is to get prototyping. When the rubber hits the road, and the bolts are tightened, either the solution is a good one or it’s not, and no amount of dreaming is going to change that. Building is a great antidote to the siren song of a dream project. Although it feels now like I don’t want the fantasy to have to adapt to reality, as it inevitably will, I know that getting something working feels a lot better. And it frees me up to start dreaming on the next project… To the workshop!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

This Week In Security: Secure Boot Bypass, Attack On Titan M, KASLR Weakness

August 19, 2022 by 9 Comments

It’s debatable just how useful Secure Boot is for end users, but now there’s yet another issue with Secure Boot, or more specifically, a trio of signed bootloaders. Researchers at Eclypsium have identified problems in the Eurosoft, CryptoPro, and New Horizon bootloaders. In the first two cases, a way-too-flexible UEFI shell allows raw memory access. A startup script doesn’t have to be signed, and can easily manipulate the boot process at will. The last issue is in the New Horizon Datasys product, which disables any signature checking for the rest of the boot process — while still reporting that secure boot is enabled. It’s unclear if this requires a config option, or is just totally broken by default.

The real issue is that if malware or an attacker can get write access to the EFI partition, one of these signed bootloaders can be added to the boot chain, along with some nasty payload, and the OS that eventually gets booted still sees Secure Boot enabled. It’s the perfect vehicle for really stealthy infections, similar to CosmicStrand, the malicious firmware we covered a few weeks ago.
Continue reading “This Week In Security: Secure Boot Bypass, Attack On Titan M, KASLR Weakness”

Bufferbloat, The Internet, And How To Fix It

August 18, 2022 by 48 Comments

There’s a dreaded disease that’s plagued Internet Service Providers for years. OK, there’s probably several diseases, but today we’re talking about bufferbloat. What it is, how to test for it, and finally what you can do about it. Oh, and a huge shout-out to all the folks working on this problem. Many programmers and engineers, like Vint Cerf, Dave Taht, Jim Gettys, and many more have cracked this nut for our collective benefit.

When your computer sends a TCP/IP packet to another host on the Internet, that packet routes through your computer, through the network card, through a switch, through your router, through an ISP modem, through a couple ISP routers, and then finally through some very large routers on its way to the datacenter. Or maybe through that convoluted chain of devices in reverse, to arrive at another desktop. It’s amazing that the whole thing works at all, really. Each of those hops represents another place for things to go wrong. And if something really goes wrong, you know it right away. Pages suddenly won’t load. Your VoIP calls get cut off, or have drop-outs. It’s pretty easy to spot a broken connection, even if finding and fixing it isn’t so trivial.

That’s an obvious problem. What if you have a non-obvious problem? Sites load, but just a little slower than it seems like they used to. You know how to use a command line, so you try a ping test. Huh, 15.0 ms off to Google.com. Let it run for a hundred packets, and essentially no packet loss. But something’s just not right. When someone else is streaming a movie, or a machine is pushing a backup up to a remote server, it all falls apart. That’s bufferbloat, and it’s actually really easy to do a simple test to detect it. Run a speed test, and run a ping test while your connection is being saturated. If your latency under load goes through the roof, you likely have bufferbloat. There are even a few of the big speed test sites that now offer bufferbloat tests. But first, some history. Continue reading “Bufferbloat, The Internet, And How To Fix It”

Chips Remembered: The Scenix/Ubicom/Parallax SX

August 17, 2022 by 70 Comments

If you are a bibliophile, going to a used bookstore is a distinctly pleasant experience. Sure, you might discover an old book that you want to read. But at least some of the endorphin rush comes from seeing old friends. Not humans, but books you read years or even decades ago. Most often, you don’t buy the book — you probably have one stashed in a box somewhere. But it is a happy feeling to see an old friend and maybe thumb through it reading a passage or two among shelves of musty books. I wish we had something like that for chips. Outside of a few notable exceptions, chips tend to have a short life span of popularity and then give way to other chips. This is especially true of CPUs. One that I especially miss is the Scenix/Ubicom/Parallax SX chip.

I had a bookstore-like experience with this processor the other day. I produced a few products based around these chips and I have a small stash of them left. I jealously guard the hardware needed to program them “just in case.” Well, naturally, someone needed a few for some reason so I had to dig it all up. Knowing these might be some of the last of the unprogrammed SX chips in the world made me a little nostalgic.

The Story

In the late 1990s, a company called Scenix started producing a microcontroller called the SX in a few footprint sizes. So the SX18 was, for example, an 18-pin part. By 1999, they were already in full swing with the SX18 and SX28 and they introduced the SX52.

Of course, a lot of companies produced microcontrollers. The Scenix offering was a bit special. In those days, the Microchip PIC was the king of the hill. The PIC is an odd beast that evolved from a very limited controller made to be small and inexpensive. Notably, while it could support relatively high clock frequencies — 20 MHz was common — each normal instruction took 4 clock cycles. So when your crystal said 20 MHz, you were running instructions at 5 MHz.

Continue reading “Chips Remembered: The Scenix/Ubicom/Parallax SX”

We’re Hiring: Come Join Us!

August 17, 2022 by 37 Comments

You wake up in the morning, and check Hackaday over breakfast. Then it’s off to work or school, where you’ve already had to explain the Jolly Wrencher to your shoulder-surfing colleagues. And then to a hackspace or back to your home lab, stopping by the skull-and-cross-wrenches while commuting, naturally. You don’t bleed red, but rather #F3BF10. It’s time we talked.

The Hackaday writing crew goes to great lengths to cover all that is interesting to engineers and enthusiasts. We find ourselves stretched a bit thin and it’s time to ask for help. Want to lend a hand while making some extra dough to plow back into your projects? We’re looking for contributors to write a few articles per week and keep the Hackaday flame burning.

Contributors are hired as private contractors and paid for each article. You should have the technical expertise to understand the projects you write about, and a passion for the wide range of topics we feature. You’ll have access to the Hackaday Tips Line, and we count on your judgement to help us find the juicy nuggets that you’d want to share with your hacker friends.

If you’re interested, please email our jobs line (jobs at hackaday dot com) and include:

  • One example article written in the voice of Hackaday. Include a banner image, at least 150 words, the link to the project, and any in-links to related and relevant Hackaday features. We need to know that you can write.
  • Details about your background (education, employment, interests) that make you a valuable addition to the team. What do you like, and what do you do?
  • Links to your blog/project posts/etc. that have been published on the Internet, if any.

What are you waiting for? Ladies and Gentlemen, start your applications!

Coils In The Road Could Charge EVs While Driving

August 17, 2022 by 131 Comments

One of the primary issues with EVs is that you need to pull over and stop to get a charge. If there isn’t a high-speed DC charger available, this can mean waiting for hours while your battery tops up.

It’s been the major bugbear of electric vehicles since they started hitting the road in real numbers. However, a new wireless charging setup could allow you to juice up on the go.

Electric Highways

Over the years, many proposals have been made to power or charge electric vehicles as they drive down the road. Many are similar to the way we commonly charge phones these days, using inductive power transfer via magnetic coils. The theory is simple. Power is delivered to coils in the roadway, and then picked up via induction by a coil on the moving vehicle.

Taking these ideas from concept into reality is difficult, though. When it comes to charging an electric vehicle, huge power levels are required, in the range of tens to hundreds of kilowatts. And, while a phone can sit neatly on top of a charging pad, EVs typically require a fair bit of ground clearance for safely navigating the road. Plus, since cars move at quite a rapid pace, an inductive charging system that could handle this dynamic condition would require huge numbers of coils buried repeatedly into the road bed. Continue reading “Coils In The Road Could Charge EVs While Driving”