Slider

4929 Articles

Space Is Radioactive: Dealing With Cosmic Rays

December 8, 2020 by 44 Comments

Outer space is not exactly a friendly environment, which is why we go through great lengths before we boost people up there. Once you get a few hundred kilometers away from our beloved rocky planet things get uncomfortable due to the lack of oxygen, extreme cold, and high doses of radiation.

Especially the latter poses a great challenge for long-term space travel, and so people are working on various concepts to protect astronauts’ DNA from being smashed by cosmic rays. This has become ever more salient as NASA contemplates future manned missions to the Moon and Mars. So let’s learn more about the dangers posed by galactic cosmic rays and solar flares. Continue reading “Space Is Radioactive: Dealing With Cosmic Rays”

Exploring Custom Firmware On Xiaomi Thermometers

December 8, 2020 by 55 Comments

If we’ve learned anything over the years, it’s that hackers love to know what the temperature is. Seriously. A stroll through the archives here at Hackaday uncovers an overwhelming number of bespoke gadgets for recording, displaying, and transmitting the current conditions. From outdoor weather stations to an ESP8266 with a DHT11 soldered on, there’s no shortage of prior art should you want to start collecting your own environmental data.

Now obviously we’re big fans of DIY it here, that’s sort of the point of the whole website. But there’s no denying that it can be hard to compete with the economies of scale, especially when dealing with imported goods. Even the most experienced hardware hacker would have trouble building something like the Xiaomi LYWSD03MMC. For as little as $4 USD each, you’ve got a slick energy efficient sensor with an integrated LCD that broadcasts the current temperature and humidity over Bluetooth Low Energy.

You could probably build your own…but why?

It’s pretty much the ideal platform for setting up a whole-house environmental monitoring system except for one detail: it’s designed to work as part of Xiaomi’s home automation system, and not necessarily the hacked-together setups that folks like us have going on at home. But that was before Aaron Christophel got on the case.

We first brought news of his ambitious project to create an open source firmware for these low-cost sensors last month, and unsurprisingly it generated quite a bit of interest. After all, folks taking existing pieces of hardware, making them better, and sharing how they did it with the world is a core tenet of this community.

Believing that such a well crafted projected deserved a second look, and frankly because I wanted to start monitoring the conditions in my own home on the cheap, I decided to order a pack of Xiaomi thermometers and dive in.

Continue reading “Exploring Custom Firmware On Xiaomi Thermometers”

How To Get Into Lost Wax Casting (with A Dash Of 3D Printing)

December 7, 2020 by 24 Comments

I’ve always thought that there are three things you can do with metal: cut it, bend it, and join it. Sure, I knew you could melt it, but that was always something that happened in big foundries- you design something and ship it off to be cast in some large angular building churning out smoke. After all, melting most metals is hard. Silver melts at 1,763 °F. Copper at 1,983 °F. Not only do you need to create an environment that can hit those temperatures, but you need to build it from materials that can withstand them.

Turns out, melting metal is not so bad. Surprisingly, I’ve found that the hardest part of the process for an engineer like myself at least, is creating the pattern to be replicated in metal. That part is pure art, but thankfully I learned that we can use technology to cheat a bit.

When I decided to take up casting earlier this year, I knew pretty much nothing about it. Before we dive into the details here, let’s go through a quick rundown to save you the first day I spent researching the process. At it’s core, here are the steps involved in lost wax, or investment, casting:

  1. Make a pattern: a wax or plastic replica of the part you’d like to create in metal
  2. Make a mold: pour plaster around the pattern, then burn out the wax to leave a hollow cavity
  3. Pour the metal: melt some metal and pour it into the cavity

I had been kicking around the idea of trying this since last fall, but didn’t really know where to begin. There seemed to be a lot of equipment involved, and I’m no sculptor, so I knew that making patterns would be a challenge. I had heard that you could 3D-print wax patterns instead of carving them by hand, but the best machine for the job is an SLA printer which is prohibitively expensive, or so I thought. Continue reading “How To Get Into Lost Wax Casting (with A Dash Of 3D Printing)”

Sufficiently Advanced Technology And Justice

December 5, 2020 by 74 Comments

Imagine that you’re serving on a jury, and you’re given an image taken from a surveillance camera. It looks pretty much like the suspect, but the image has been “enhanced” by an AI from the original. Do you convict? How does this weigh out on the scales of reasonable doubt? Should you demand to see the original?

AI-enhanced, upscaled, or otherwise modified images are tremendously realistic. But what they’re showing you isn’t reality. When we wrote about this last week, [Denis Shiryaev], one of the authors of one of the methods we highlighted, weighed in the comments to point out that these modifications aren’t “restorations” of the original. While they might add incredibly fine detail, for instance, they don’t recreate or restore reality. The neural net creates its own reality, out of millions and millions of faces that it’s learned.

And for the purposes of identification, that’s exactly the problem: the facial features of millions of other people have been used to increase the resolution. Can you identify the person in the pixelized image? Can you identify that same person in the resulting up-sampling? If the question put before the jury was “is the defendant a former president of the USA?” you’d answer the question differently depending on which image you were presented. And you’d have a misleading level of confidence in your ability to judge the AI-retouched photo. Clearly, informed skepticism on the part of the jury is required.

Unfortunately, we’ve all seen countless examples of “zoom, enhance” in movies and TV shows being successfully used to nab the perps and nail their convictions. We haven’t seen nearly as much detailed analysis of how adversarial neural networks create faces out of a scant handful of pixels. This, combined with the almost magical resolution of the end product, would certainly sway a jury of normal folks. On the other hand, the popularity of intentionally misleading “deep fakes” might help educate the public to the dangers of believing what they see when AI is involved.

This is just one example, but keeping the public interested in and educated on the deep workings and limitations of the technology that’s running our world is more important than ever before, but some of the material is truly hard. How do we separate the science from the magic?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

This Week In Security: IOS Wifi Incantations, Ghosts, And Bad Regex

December 4, 2020 by 8 Comments

I hope everyone had a wonderful Thanksgiving last week. My household celebrated by welcoming a 4th member to the family. My daughter was born on Wednesday morning, November 25th. And thus explains what I did last week instead of writing the normal Hackaday column. Never fear, we shall catch up today, and cover the news that’s fit to be noticed.

iOS Zero-click Wifi Attack

[Ian Beer] of Google’s Project Zero brings us the fruit of his lockdown-induced labors, a spectacular iOS attack. The target of this attack is the kernel code that handles AWDL, an Apple WiFi protocol for adhoc mesh networks between devices. The most notable feature that makes use of AWDL is AirDrop, Apple’s device-to-device file sharing system. Because AWDL is a proprietary protocol, the WiFi hardware can’t do any accelerated processing of packets. A few years back, there was an attack against Broadcom firmware that required a second vulnerability to jump from the WiFi chip to the device CPU. Here, because the protocol is all implemented in Apple’s code, no such pivot is necessary.

And as you’ve likely deduced, there was a vulnerability found. AWDL uses Type-Length-Value (TLV) messages for sending management data. For a security researcher, TLVs are particularly interesting because each data type represents a different code path to attack. One of those data types is a list of MAC addresses, with a maximum of 10. The code that handles it allocates a 60 byte buffer, based on that maximum. The problem is that there isn’t a code path to drop incoming TLVs of that type when they exceed 60 bytes. The remainder is written right past the end of the allocated buffer.

There is more fun to be had, getting to a full exploit, but the details are a bit too much to fully dive in to here. It interesting to note that [Ian] ran into a particular problem: His poking at the target code was triggering unexpected kernel panics. He discovered two separate vulnerabilities, both distinct from the vuln he was trying to exploit.

Finally, this exploit requires the target device to have AWDL enabled, and many won’t. But you can use Bluetooth Low Energy advertisements to trick the target device into believing an Airdrop is coming in from a trusted contact. Once the device enables AWDL to verify the request, the attack can proceed. [Ian] reported his findings to Apple way back in 2019, and this vulnerability was patched in March of 2020.

Via Ars Technica.
Continue reading “This Week In Security: IOS Wifi Incantations, Ghosts, And Bad Regex”

Game Cartridges And The Technology To Make Data Last Forever

December 3, 2020 by 69 Comments

Game cartridges are perhaps the hardiest of all common storage schemes. Short of blunt traumatic force or application of electrical surges to the cartridge’s edge connectors, damaging a game cartridge is hard to do by accident. The same is also true for the data on them, whether one talks about an Atari 2006 cartridge from the late 1970s or a 1990s Nintendo 64 cartridge.

The secret sauce here are mask ROMs (MROM), which are read-only memory chips that literally have the software turned into a hardware memory device. A mask layer unique to each data set is used when metalizing the interconnects during chip fabrication. This means that the data stored on them is as durable as the processor in the game console itself. Yet this is not a technology that we can use in our own hobby projects, and it’s not available for personal long-term data storage due to the costs associated with manufacturing what is essentially a custom chip.

Despite its value as truly persistent storage, MROM has fallen out of favor over the decades. You may be surprised to find a lot of what’s currently used in the consumer market is prone to data corruption over time spans as short as one year to one decade depending on environmental conditions.

So what are we to do if we need to have read-only data that should remain readable for the coming decades?

Continue reading “Game Cartridges And The Technology To Make Data Last Forever”

A Case For Project Part Numbers

December 2, 2020 by 32 Comments

Even when we share the design files for open source hardware, the step between digital files and a real-world mechatronics widget is still a big one. That’s why I set off on a personal vendetta to find ways to make that transfer step easier for newcomers to an open source mechantronics project.

Today, I want to spill the beans on one of these finds: part numbers, and showcase how they can help you share your project in a way that helps other reproduce it. Think of part numbers as being like version numbers for software, but on real objects.

I’ll showcase an example of putting part numbers to work on one of my projects, and then I’ll finish off by showing just how part numbers offer some powerful community-building aspects to your project.

A Tale Told with Jubilee

To give this idea some teeth, I put it to work on Jubilee, my open source toolchanging machine. Between October 2019 to November 2020, we’ve slowly grown the number of folks building Jubilees in the world from 1 to more than 50 chatting it up on the Discord server. Continue reading “A Case For Project Part Numbers”