Hackaday Links: March 29, 2020

It turns out that whacking busted things to fix them works as well on Mars as it does on Earth, as NASA managed to fix its wonky “mole” with a little help from the InSight lander’s robotic arm. Calling it “percussive maintenance” is perhaps a touch overwrought; as we explained last week, NASA prepped carefully for this last-ditch effort to salvage the HP³ experiment, and it was really more of a gentle nudge that a solid smack with the spacecraft’s backhoe bucket. From the before and after pictures, it still looks like the mole is a little off-kilter, and there was talk that the shovel fix was only the first step in a more involved repair. We’ll keep an ear open for more details — this kind of stuff is fascinating, and beats the news from Earth these days by a long shot.

Of course, the COVID-19 pandemic news isn’t all bad. Yes, the death toll is rising, the number of cases is still growing exponentially, and billions of people are living in fear and isolation. But ironically, we’re getting good at community again, and the hacker community is no exception. People really want to pitch in and do something to help, and we’ve put together some resources to help. Check out our Hackaday How You Can Help spreadsheet, a comprehensive list of what efforts are currently looking for help, plus what’s out there in terms of Discord and Slack channels, lists of materials you might need if you choose to volunteer to build something, and even a list of recent COVID-19 Hackaday articles if you need inspiration. You’ll also want to check out our calendar of free events and classes, which might be a great way to use the isolation time to better your lot.

Individual hackers aren’t the only ones pitching in, of course. Maybe of the companies in the hacker and maker space are doing what they can to help, too. Ponoko is offering heavy discounts for hardware startups to help them survive the current economic pinch. They’ve also enlisted other companies, like Adafruit and PCBWay, to join with them in offering similar breaks to certain customers.

More good news from the fight against COVID-19. Folding@Home, the distributed computing network that is currently working on folding models from many of the SARS-CoV-2 virus proteins, has broken the exaFLOP barrier and is now the most powerful computer ever built. True, not every core is active at any given time, but the 4.6 million cores and 400,000-plus GPUs in the network pushed it over from the petaFLOP range of computers like IBM’s Summit, until recently the most powerful supercomputer ever built. Also good news is that Team Hackaday is forming a large chunk of the soul of this new machine, with 3,900 users and almost a million work units completed. Got an old machine around? Read Mike Sczcys’ article on getting started and join Team Hackaday.

And finally, just because we all need a little joy in our lives right now, and because many of you are going through sports withdrawal, we present what could prove to be the new spectator sports sensation: marble racing. Longtime readers will no doubt recognize the mad genius of Martin and his Marble Machine X, the magnificent marble-dropping music machine that’s intended as a follow-up to the original Marble Machine. It’s also a great racetrack, and Martin does an amazing job doing both the color and turn-by-turn commentary in the mock race. It’s hugely entertaining, and a great tour of the 15,000-piece contraption. And when you’re done with the race, it’s nice to go back to listen to the original Marble Machine tune — it’s a happy little song for these trying times.

Hackaday Podcast 060: Counting Bees, DogBox Transmissions, And The Lowdown On Vents, BiPAP, And PCR

Hackaday editors Elliot Williams and Mike Szczys recount the past week in hardware hacking. There’s a new king of supercomputing and it’s everyone! Have you ever tried to count bees? Precision is just a cleverly threaded bolt away. And we dig into some of the technical details of the coronavirus response with a close look at PCR testing for the virus, and why ventilators are so difficult to build.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Direct download (74.1 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 060: Counting Bees, DogBox Transmissions, And The Lowdown On Vents, BiPAP, And PCR”

This Week In Security: 0-Days, Pwn2Own, IOS And Tesla

LILIN DVRs and cameras are being actively exploited by a surprisingly sophisticated botnet campaign. There are three separate 0-day vulnerabilities being exploited in an ongoing campaigns. If you have a device built by LILIN, go check for firmware updates, and if your device is exposed to the internet, entertain the possibility that it was compromised.

The vulnerabilities include a hardcoded username/password, command injection in the FTP and NTP server fields, and an arbitrary file read vulnerability. Just the first vulnerability is enough to convince me to avoid black-box DVRs, and keep my IP cameras segregated from the wider internet.

Continue reading “This Week In Security: 0-Days, Pwn2Own, IOS And Tesla”

Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars

About a year ago, Zachary McCoy took a bike ride around his neighborhood in Gainesville, Florida. It may have been forgettable to him, but not to history. Because McCoy used an app to track his mileage, the route was forever etched in the Google-verse and attached to his name.

On the day of this ill-fated bike ride, McCoy passed a certain neighbor’s house three times. While this normally wouldn’t raise alarm, the neighbor happened to be the victim of a burglary that day, and had thousands of dollars worth of jewelry stolen. The Gainesville police had zero leads after a four-day investigation, so they went to the county to get a geofence warrant. Thanks to all the location data McCoy had willingly generated, he became the prime suspect.

Continue reading “Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars”

Wind Farms In The Night: On-Demand Warning Lights Are Coming

There appears to be no shortage of reasons to hate on wind farms. That’s especially the case if you live close by one, and as studies have shown, their general acceptance indeed grows with their distance. Whatever your favorite flavor of renewable energy might be, that’s at least something it has in common with nuclear or fossil power plants: not in my back yard. The difference is of course that it requires a lot more wind turbines to achieve the same output, therefore affecting a lot more back yards in total — in constantly increasing numbers globally.

Personally, as someone who encounters them occasionally from the distance, I find wind turbines mostly to be an eyesore, particularly in scenic mountainous landscapes. They can add a futuristic vibe to some otherwise boring flatlands. In other words, I can not judge the claims actual residents have on their impact on humans or the environment. So let’s leave opinions and emotions out of it and look at the facts and tech of one issue in particular: light pollution.

This might not be the first issue that comes to mind when thinking about wind farms. But wind turbines are tall enough to require warning lights for air traffic safety, and can be seen for miles, blinking away in the night sky. From a pure efficiency standpoint, this doesn’t seem reasonable, considering how often an aircraft is actually passing by on average. Most of the time, those lights simply blink for nothing, lighting up the countryside. Can we change this?

Continue reading “Wind Farms In The Night: On-Demand Warning Lights Are Coming”

Side-Channel Attacks Hack Chat With Samy Kamkar

Join us on Wednesday, March 25 at noon Pacific for the Side-Channel Attacks Hack Chat with Samy Kamkar!

In the world of computer security, the good news is that a lot of vendors are finally taking security seriously now, with the result that direct attacks are harder to pull off. The bad news is that in a lot of cases, they’re still leaving the side-door wide open. Side-channel attacks come in all sorts of flavors, but they all have something in common: they leak information about the state of a system through an unexpected vector. From monitoring the sounds that the keyboard makes as you type to watching the minute vibrations of a potato chip bag in response to a nearby conversation, side-channel attacks take advantage of these leaks to exfiltrate information.

Side-channel exploits can be the bread and butter of black hat hackers, but understanding them can be useful to those of us who are more interested in protecting systems, or perhaps to inform our reverse engineering efforts. Samy Kamkar knows quite a bit more than a thing or two about side-channel attacks, so much so that he gave a great talk at the 2019 Hackaday Superconference on just that topic. He’ll be dropping by the Hack Chat to “extend and enhance” that talk, and to answer your questions about side-channel exploits, and discuss the reverse engineering potential they offer. Join us and learn more about this fascinating world, where the complexity of systems leads to unintended consequences that could come back to bite you, or perhaps even help you.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, March 25 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Continue reading “Side-Channel Attacks Hack Chat With Samy Kamkar”

Ask Hackaday: What Should We Be Doing During Coronavirus Lockdown?

There’s a lot of good in the world and that includes you. Humanity has a way of coming together at crucial moments and we have certainly reached that with the outbreak and spread of the novel coronavirus. At this point, most people’s daily lives have been turned upside down. We can all have an impact on how this plays out.

It’s scary, it’s real, but we will get through this. What we need to focus on now is how we can behave that will lead to the best outcomes for the largest number of people. The real question is, how can we help? If you’re stuck at home it’s easy to feel powerless to help but that’s not true. Let’s cover a few examples, then open up the discussion in the comments so we can hear what has been working for you.

Continue reading “Ask Hackaday: What Should We Be Doing During Coronavirus Lockdown?”