This Week In Security: Loop DOS, Flipper Responds, And More!

March 22, 2024 by Jonathan Bennett 8 Comments

Here’s a fun thought experiment. UDP packets can be sent with an arbitrary source IP and port, so you can send a packet to one server, and could aim the response at another server. What happens if that response triggers another response? What if you could craft a packet that continues that cycle endlessly? That is essentially the idea behind Loop DoS (Denial of Service).

This unique avalanche of packets has been managed using specific implementations of several different network services, like TFTP, DNS, and NTP. There are several CVEs being used to track the issue, but CVE-2024-2169 is particularly odd, with the description that “Implementations of UDP application protocol are vulnerable to network loops.” This seems to be a blanket CVE for UDP, which is particularly inappropriate given that the first DoS of this sort was first reported in 2009 at the latest.

More details are available in a Google Doc. There some interesting tidbits there, like the existence of cross-protocol loops, and several legacy protocols that are vulnerable by design. The important thing to remember here is you have to have an accessible UDP port for this sort of attack to take place, so if you’re not using it, firewall it.

Flipper Flips Back

We’ve covered the saga of the Flipper Zero vs the Canadian government, in the context of car theft. The short version is that Canada has seen an uptick of car thefts from organized crime. Rather than meaningfully dealing with this problem, the Canadian government went looking for scapegoats, and found the Flipper Zero.

Well now, Flipper has responded, and put simply, the message is “stop the madness”. There has never been a confirmed case of using a flipper to steal a car, and it’s very unlikely it’s ever happened. On a modern car with proper rolling-code security, it’s not meaningfully possible to use the Flipper Zero for the theft. The two primary ways criminals actually steal cars are with dedicated keyfob repeaters and CAN bus hackers.

There is a petition to sign, and for Canadians, Flipper suggests contacting your local member of parliament. Continue reading “This Week In Security: Loop DOS, Flipper Responds, And More!” →

The Long Strange Trip To US Color TV

March 21, 2024 by Al Williams 48 Comments

We are always fascinated when someone can take something and extend it in a clever way without changing the original thing. In the computer world, that’s old hat. New computers improve, but can usually run old software. In the real world, the addition of stereo to phonograph records and color to photography come to mind.

But there are few stories as strange or wide-ranging as the path to provide color TV. And it had to be done in a way that a color set could still get a black and white picture and black and white sets could still watch a color signal without color. You’d think there would be a “big bang” moment where color TV burst on the scene — no pun involving color burst intended. But there wasn’t. Instead, there was a long, twisted path with many competing interests and ideas to go from a world in black and white to one tinted with color phosphor.

Background

In 1928, Science and Invention magazine had plans for building a mechanical TV (although not color)

It is hard to imagine, but John Logie Baird transmitted color images as early as 1928 using a mechanical scanner. Bell Labs had a demonstration system, also mechanical, in 1929. Baird broadcast using his system in 1938. Even earlier, around 1900, there were attempts to create mechanical color image systems. Those systems were fickle or impractical, though.

Electronic scanning was the answer, but World War II froze most consumer electronics development. Baird showed an electronic color system in late 1944. However, it would be 1953 before NTSC (the National Television System Committee) adopted the standard color TV signal for the United States. It would be almost 20 years later before SECAM and PAL were standardized in other parts of the world.

Of course, these are all analog standards. The world’s gone digital now, but for nearly 50 years, analog color TV was the way people consumed TV in their homes. By 1941, NTSC produced a standard in the United States, but not for color TV. TV adoption didn’t really take off until after the war. But by 1950, the US had some 6 million TV sets.

This was both a plus — a large market — and a negative. No one wanted to obsolete those 6 million sets. Well, at least, the government regulators and consumers didn’t. But most color systems would be incompatible with those existing black and white sets. Continue reading “The Long Strange Trip To US Color TV” →

FLOSS Weekly Episode 775: Meshtastic Central

March 20, 2024 by Jonathan Bennett 4 Comments

This week, Jonathan Bennett and Rob Campbell chat with Ben Meadors and Adam McQuilkin to talk about what’s new with Meshtastic! There’s a lot. To start with, your favorite podcast host has gotten roped into doing development for the project. There’s a new Rust client, there’s a way to run the firmware on Linux Native, and there’s a shiny new web-based flasher tool!

Continue reading “FLOSS Weekly Episode 775: Meshtastic Central” →

The Lunar Odyssey: Moon Landings From The 1960s To Today’s Attempts

March 20, 2024 by Maya Posch 21 Comments

With the recent string of lunar landing attempts, it’s interesting to consider how much things have changed – or stayed the same – since the first soft landing attempts in the 1960s with the US Ranger and USSR Luna landers. During the 1950s the possibility of landing a spacecraft on the Moon’s surface was investigated and attempted by both the US and USSR. This resulted in a number of lunar lander missions in the 1960s, with the US’s Ranger 3 and 5 missing the Moon, Ranger 4 nearly missing it but instead crashing into the far side of the Moon, and eventually the USSR’s Luna 9 making the first touchdown on the lunar surface in 1966 after a string of USSR mission failures.

What’s perhaps most interesting was how these first US and USSR spacecraft managed to touch down, with Luna 9 opting to inflate a landing airbag and bounce until it came to a halt. This approach had doomed Luna 8, as its airbag got punctured during inflating, causing a hard crash. Meanwhile the US’s Surveyor 1 was the first US spacecraft to land on the Moon, opting to use a solid-fuel retrorocket to slow the craft down and three liquid-fueled vernier thrusters to prepare it for a drop down from 3.4 meters onto the lunar surface.

Now, nearly 60 years later, the landers we sent regularly make it to the lunar surface, but more often than not end up crashing or toppling over into awkward positions. How much have lunar landings really changed?

Continue reading “The Lunar Odyssey: Moon Landings From The 1960s To Today’s Attempts” →

PCB Design Review: ESP32-S3 Round LCD Board

March 19, 2024 by Arya Voronova 6 Comments

For our next installment, I have a lovely and daring PCB submitted by one of our readers, [Vas]. This is an ESP32-S3 board that also has an onboard round TFT display, very similar to the one we used on the Vectorscope badge. The badge is self-sufficient – it has an ESP32, it has a display, a programming connector, two different QWIIC ports you could surely use as GPIOs – what’s not to love?

This is a two-layer board, and I have to admit that I seriously enjoy such designs. Managing to put a whole lot of things into two layers is quite cool in my book, and I have great fun doing so whenever I get the opportunity. There’s nothing wrong with taking up more layers than needed – in fact, if you’re concerned about emitted/received noise or you have high-speed interfaces, four-layer is the way to go. But making complex boards with two layers is a nice challenge, and, it does tend to make these boards cheaper to manufacture as a very nice bonus.

Let’s improve upon it, and support [Vas]’s design. From what I can see looking at this board, we can help [Vas] a lot with ease of assembly, perhaps even help save a hefty amount of money if they go for third-party PCBA instead of sitting down with a stencil – which you could do with this board pretty easily, since all of the components on it, save for the display, are the ones you’d expect JLCPCB to stock.

Continue reading “PCB Design Review: ESP32-S3 Round LCD Board” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Offset-Stem Keycaps

March 18, 2024 by Kristina Panos 3 Comments

Love it or hate it, I think this is a really cool idea. [Leo_keeb] has designed a new set of keycaps for the Happy Hacking Keyboard (HHKB). The keycaps’ stems are offset to the left or right in order to turn this once-staggered keyboard into an ortholinear object.

So, how do they feel? There is a slight wobble to them, according to [Leo_keeb] — it’s a bit like pressing the left or right side of Tab. But the actuation is smooth, they say.

As you can see, these resin keycaps weren’t designed with the typical Cherry MX profile in mind, they are made for the Topre capacitive key switches of the HHKB. (No, those aren’t weird rubber domes.)

When I asked about sharing the STLs, [Leo_keeb] advised me that they might be willing to release STLs for Cherry MX switches in the US layout if there is enough interest.

Continue reading “Keebin’ With Kristina: The One With The Offset-Stem Keycaps” →

Hackaday Links: March 17, 2024

March 17, 2024 by Dan Maloney 16 Comments

A friend of ours once described computers as “high-speed idiots.” It was true in the 80s, and it appears that even with the recent explosion in AI, all computers have managed to do is become faster. Proof of that can be found in a story about using ASCII art to trick a chatbot into giving away the store. As anyone who has played with ChatGPT or its moral equivalent for more than five minutes has learned, there are certain boundary conditions that the LLM’s ~~creators~~ lawyers have put in place to prevent discussion surrounding sensitive topics. Ask a chatbot to deliver specific instructions on building a nuclear bomb, for instance, and you’ll be rebuffed. Same with asking for help counterfeiting currency, and wisely so. But, by minimally obfuscating your question by rendering the word “COUNTERFEIT” in ASCII art and asking the chatbot to first decode the word, you can slip the verboten word into a how-to question and get pretty explicit instructions. Yes, you have to give painfully detailed instructions on parsing the ASCII art characters, but that’s a small price to pay for forbidden knowledge that you could easily find out yourself by other means.

Continue reading “Hackaday Links: March 17, 2024” →