Hackaday Links: November 21, 2021

November 21, 2021 by Dan Maloney 28 Comments

As the most spendiest time of the year rapidly approaches, it’s good to know that your hard-earned money doesn’t have to go towards gifts that are probably still sitting in the dank holds of container ships sitting at anchor off the coast of California. At least not if you shop the Tindie Cyber Sale that started yesterday and goes through December 5. There’s a lot of cool stuff on sale, so it shouldn’t be too hard to find something; to sweeten the deal, Jasmine tells us that there will be extra deals going live on Black Friday and Cyber Monday. But wait, there’s more — follow Tindie on Twitter for bonus discount codes.

Blue is the old black, which was the new blue? At least when it comes to “Screens of Death” it is, since Microsoft announced the Windows 11 BSOD will revert back from its recent black makeover to the more familiar blue theme. You’ll have to scroll down a bit, perhaps three-quarters of the way through the list of changes. Again, the change seems completely cosmetic and minor, but we’d still love to know what kind of research went into making a decision like this.

From the “One Man’s Trash” department, we have a request for help from reader Mike Drew who picked up a bunch — like, a thousand — old tablet computers. They originally ran Windows but they can run Linux Mint just fine, and while they lack batteries and the back cover, they’re otherwise complete and in usable condition, at least judging by the pictures he shared. These were destined for the landfill, but Mike is willing to send batches of 10 — no single units, please — to anyone who can cover the cost of packaging and shipping. Mike says he’ll be wiping the tablets and installing Mint, and will throw in a couple of battery cables and a simple instruction sheet to get you started. If you’re interested, Mike can be reached at michael.l.drew@gmail.com. Domestic shipping only, please. Here’s hoping you can help a fellow hacker reclaim a room in his house.

Answering the important questions: it turns out that Thanos couldn’t have snapped half of the universe out of existence after all. That conclusion comes from a scientific paper, appearing in the Journal of the Royal Society. While not setting out to answer if a nigh-invulnerable, giant purple supervillain could snap his fingers, it’s pretty intuitive that wearing any kind of gloves, let alone a jewel-encrusted metal gauntlet, makes it hard to snap one’s fingers. But the mechanics of snapping is actually pretty cool, and has implications beyond biomechanics. According to the paper, snapping is actually an example of latch-mediated spring actuation, with examples throughout the plant and animal kingdoms, including the vicious “one-inch punch” of the tiny mantis shrimp. It turns out that a properly executed human finger snap is pretty darn snappy — it takes about seven milliseconds to complete, compared to 150 milliseconds for an eye blink.

And finally, it seems like someone over at Id Software is a bit confused. The story began when a metal guitarist named Dustin Mitchell stumbled across the term “doomscroll” and decided that it would make a great name for a progressive thrash metal band. After diligently filing a trademark application with the US Patent and Trademark Office, he got an email from an attorney for Id saying they were going to challenge the trademark, apparently because they feel like it will cause confusion with their flagship DOOM franchise. It’s hard to see how anyone who lived through the doomscrolling years of 2020 and 2021 is going to be confused by a thrash metal band and a 30-year-old video game, but we suppose that’s not the point when you’re an attorney. Trademark trolls gonna troll, after all.

Hackaday Podcast 145: Remoticon Is On, Movie FX, Cold Plasma, And The Purest Silicon

November 19, 2021 by Tom Nardi 3 Comments

With literally just hours to go before the 2021 Hackaday Remoticon kicks off, editors Tom Nardi and Elliot Williams still managed to find time to talk about some of the must-see stories from the last week. There’s fairly heavyweight topics on the docket this time around, from alternate methods of multiplying large numbers to the incredible engineering that goes into producing high purity silicon. But we’ll also talk about the movie making magic of Stan Winston and some Pokemon-themed environmental sensors, so it should all balance out nicely. So long as the Russian’s haven’t kicked off the Kessler effect by the time you tune in, we should be good.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (52 MB)

Continue reading “Hackaday Podcast 145: Remoticon Is On, Movie FX, Cold Plasma, And The Purest Silicon” →

This Week In Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, And The Blacksmith

November 19, 2021 by Jonathan Bennett 21 Comments

Intel has announced CVE-2021-0146, a vulnerability in certain processors based on the Atom architecture, and the Trusted Platform Module (TPM) is at the center of the problem. The goal of the system around the TPM is to maintain system integrity even in the case of physical access by an attacker, so the hard drive is encrypted using a key stored in a secure chip on the motherboard. The TPM chip holds this encryption key and provides it during the boot process. When combined with secure boot, this is a surprisingly effective way to prevent tampering or data access even in the case of physical access. It’s effective, at least, when nothing goes wrong.

Earlier this year, we covered a story where the encryption key could be sniffed directly from the motherboard, by tapping the traces connecting the TPM to the CPU. It was pointed out that TPM 2.0 can encrypt the disk encryption key on the traces, making this attack impossible.

The entire Trusted Compute Model is based on the premise that the CPU itself is trustworthy. This brings us back to Intel’s announcement that a debug mode could be enabled via physical access. In this debug mode, the CPU master key can be extracted, leading to complete compromise. The drive encryption key can be recovered, and unsigned firmware can be loaded to the Management Engine. This means data in the TPM enclave and the TPM-stored encryption key can be compromised. Updated firmware is rolling out through motherboard vendors to address the problem. Continue reading “This Week In Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, And The Blacksmith” →

Know Audio: Get Into The Groove

November 18, 2021 by Jenny List 62 Comments

The legendary Technics SL1200 direct-drive turntable, as used by countless DJs. Dydric [CC BY-SA 2.5)], via Wikimedia Commons. — The legendary Technics SL1200 direct-drive turntable, as used by countless DJs. Photo by Dydric CC-BY-SA 2.5

For me, the vinyl record player is the spiritual home of my audio listening experience, probably because I’m of the last generation to grow up when vinyl was king. The 12″ album, with its full-size sleeve and copious sleeve notes, used to be an integral part of musical enjoyment that hasn’t been adequately replicated in the age of streaming.

And like anyone who became an adult while CD players were still expensive luxury items, I started my journey into Hi-Fi with a turntable set-up that sounded pretty good. Since a new generation have in recent years rediscovered vinyl, it’s once again something that should be part of any review of audio technology.

I would have started this piece with a full run-down of the constituent parts of a good turntable, but since that’s a piece that I wrote back in 2017, it’s time to investigate some of the audiophile claims about vinyl recordings. It’s fair to say that this is an area where a lot of complete rubbish is spouted by people who should know better, and that’s something I find immensely entertaining to poke fun at. Buckle up. Continue reading “Know Audio: Get Into The Groove” →

Back of Rigol DS1104Z oscilloscope with the Ethernet and USB ports visible.

SCPI: On Teaching Your Devices The Lingua Franca Of Laboratories

November 17, 2021 by Maya Posch 31 Comments

One could be excused for thinking sometimes that the concept of connecting devices with other devices for automation purposes is a fairly recent invention. Yet for all the (relatively) recent hype of the Internet of Things and the ‘smart home’, laboratories have been wiring up their gear to run complicated measurement and test sequences for many decades now, along with factories doing much the same for automating production processes.

Much like the chaotic universe of IoT devices, lab equipment from different manufacturers feature a wide number of incompatible protocol and interface standards. Ultimately these would coalesce into IEEE-488.1 (GPIB) as the physical layer and by 1990 the first Standard Commands for Programmable Instruments (SCPI) standard was released that built on top of IEEE-488.

SCPI defines (as the name suggests) standard commands to interact with instruments. It has over the past decades gone on to provide remote interaction capabilities to everything from oscilloscopes and power supplies to exotic scientific equipment. Many off the shelf devices a hobbyist can buy today feature an SCPI interface via its Ethernet, USB or RS-232C port(s) that combined with software can be used to automate one’s home lab.

Even better is that it’s relatively straightforward to add SCPI functionality to one’s own devices as well, so long as it has at least an MCU and some way to communicate with the outside world.

Continue reading “SCPI: On Teaching Your Devices The Lingua Franca Of Laboratories” →

Hackaday Links: November 14, 2021

November 14, 2021 by Dan Maloney 21 Comments

If you’re an infrastructure dweeb, it’s hard to drive past an electrical substation and not appreciate the engineering involved in building something like that. A moment’s thought will also make it hard to miss just how vulnerable a substation is to attack, especially those located way out in the hinterlands. And now we’re learning that late year, someone in Pennsylvania noticed this vulnerability and acted on it by attacking a substation with a commercial drone. Rather than trying to fly explosives over the substation fence, the attacker instead chose to dangle a copper wire tether under the drone, in an attempt to cause a short circuit. The attempt apparently failed when the drone crashed before contacting any conductors, and the attacker appears to have been ignorant of the extensive protective gear employed at substations that likely would have made a successful attack only a temporary outage. But it still points to the vulnerability of the grid to even low-skill, low-cost attacks.

We’ve probably all had the experience of using someone’s janky app and thinking, “Pfft! I could write something better than this!” That’s what a bunch of parents of school-age kids in Sweden thought, and they went ahead and did exactly that. Unfortunately, it didn’t turn out quite the way they expected. The problem app was called Skolplattform, which was supposed to make it easy for Stockholm’s parents to keep track of their kids’ progress at school. The app, which cost 1 billion Swedish Krona to develop, is by all accounts a disaster. But some frustrated parents managed to reverse engineer the API and build a new, better one on top of it. This resulted in Öppna Skolplattformen, an open-source app that actually works. Not to be upstaged, the city of Stockholm accused the parents of cyber crimes and data breaches. They also engaged the parents in an “API war”, constantly changing their system to nerf the new app and forcing the parents to rewrite it. In the end, the parents won, with Stockholm changing its position after a police report found that all data being accessed were voluntarily made public by the city. But it’s still a cautionary tale about the dangers of one-upping The Man.

Sam Battles is in a bit of a moral bind, and it’s something that others in our community may run into. Sam is perhaps better known as “Look Mum, No Computer” on YouTube, and as the proprietor of the “This Museum Is (Not) Obsolete” showcase of retro technology in England. He’s also an avid builder of analog synthesizers, including a world-record synth with a thousand oscillators called the “Megadrone.” He’d like to tackle another build to try to break his own records, but in a time of fragile supply chains and other woes too numerous to mention, doing so would likely require the world’s entire supply of some components. Hence the dilemma: do any of us as hobbyists have a moral obligation to tread lightly when it comes to component selection? It’s an interesting question, and one that’s sure to engender strong opinions, which of course we encourage you to share in the comments section. Please just try to keep it civil.

Continue reading “Hackaday Links: November 14, 2021” →

Peek Behind The Curtains: Conference Badge Design

November 13, 2021 by Elliot Williams 4 Comments

In the before-times, back when we could have in-person Hackaday Supercons, there was always the problem of the badge. Making a few hundred small electronic thingies, for a smart but broad range of hackers, is tricky. We always want it to do something all on its own, but also ideally to allow enough free range that the motivated badge hacker can make it into something exquisite. Add in the fact that some attendees are hardware types and some are software types, and toss in a price constraint too. Oh, and it has to look good. Tough problem.

Here’s one extreme solution: the badge at the first Supercon. Faced with essentially zero budget and a tight time constraint, the Hackaday team punted — and produced a prototype board, but had tons of parts on hand for everyone to draw from. And the Hackaday crowd delivered. This was the badge that demonstrates what happens if you leave everything open.

Contrast with the 2018 Belgrade and Supercon badges, which were essentially the same except for color. Here, the hardware interface was limited to a 9-pin header, but the badge itself was a fully functional microcomputer, complete with keyboard and screen. Most of the hacks were written in the native BASIC, though a few hearty souls played around with the alternative CP/M system. This was our most software badge.

Our last in-person badge, the 2019 Supercon badge, was free rein for both hardware and software hackers. The whole thing was based on an FPGA, with completely custom gateware written by Sprite_tm running RISC-V, but based loosely on the Z80 architecture. This was probably also the badge with the highest hurdle to hackers, but you all came through with inventive hardware add-ons, but also a team that came through with a custom Linux OS running on this never-before-seen virtual environment, enabled by a hardware SDRAM cartridge hack.

And finally, even before the global supply crisis, even a tight-knit conference like ours could stock-out the world’s supply of a given component. The untold story of the 2016 Belgrade badge is that Voja Antonic bought out the world’s supply of Kingbright 8×8 common-cathode LED matrixes, and had to redesign the board in the last minute to incorporate the common-anode parts too. (Or was it vice-versa?) Lesson learned, the 2016 Supercon badge traded out the LED modules for discrete LEDs. Not gonna stock out on red LEDs.

So that’s a long-winded introduction to Thomas Flummer’s unofficial Remoticon 2 badges. With the parts crisis and a virtual conference, you’re on your own to source the badge. Splitting the freedom vs. in-built functionality problem like Samson, he’s got two boards — one a breadboard and the other fully populated. And like all his badges, they both look great. If you manage to get one made by Remoticon next week, be sure to show it off in the Bring-a-Hack. And if you don’t get it in time, bring it by in person to the 2022 Supercon!