Surviving The Pandemic As A Hacker: Peering Behind The Mask

June 3, 2020 by Jenny List 30 Comments

We’re now several months into the global response to the COVID-19 pandemic, with most parts of the world falling somewhere on the lockdown/social distancing/opening up path.

It’s fair to say now that while the medical emergency has not passed, the level of knowledge about it has changed significantly. When communities were fighting to slow the initial spead, the focus was on solving the problem of medical protection gear and other equipment shortages at all costs with some interesting yet possibly hazardous solutions. Now the focus has moved towards protecting the general public when they do need to venture out, and as society learns to get life moving again with safety measures in place.

So, we all need masks of some sort. What type to do you need? Is one type better than another? And how do we all get them when everyone suddenly needs what was once a somewhat niche item?

Continue reading “Surviving The Pandemic As A Hacker: Peering Behind The Mask” →

Inputs Of Interest: ErgoDox Post-Mortem

June 2, 2020 by Kristina Panos 18 Comments

In the last installment, I told you I was building an open-source, split, ortholinear keyboard called the ErgoDox. I’m doing this because although I totally love my Kinesis Advantage, it has made me want to crack my knuckles and explore the world of split keyboards. Apparently there are several of you who want to do the same, as evidenced by your interest in the I’m Building an ErgoDox! project on IO. Thank you!

Well boys and girls, the dust has settled, the soldering iron has cooled, and the keycaps are in place. The ErgoDox is built and working. Now that it’s all said and done, let me tell you how it went. Spoiler alert: not great. But I got through it, and it keyboards just like it’s supposed to. I’m gonna lay this journey out as it happened, step by step, so you can live vicariously through my experience.

Continue reading “Inputs Of Interest: ErgoDox Post-Mortem” →

Linux Fu: Raspberry Pi Desktop Headless

June 1, 2020 by Al Williams 32 Comments

It seems to me there are two camps when it comes to the Raspberry Pi. Some people use them as little PCs or even laptops with a keyboard and screen connected. But many of us use them as cheap Linux servers. I’m in the latter camp. I have probably had an HDMI plug in a Pi only two or three times if you don’t count my media streaming boxes. You can even set them up headless as long as you have an Ethernet cable or are willing to edit the SD card before you boot the machine for the first time.

However, with the Raspberry Pi 4, I wanted to get to a desktop without fishing up a spare monitor. I’ll show you two ways to get a full graphical KDE desktop running with nothing more than a network connection.

The same principle applies to most other desktop environments, but I am using KDE and Ubuntu on the Pi, even though something lighter would probably perform better. But before we get there, let’s talk about how X11 has had a big identity crisis over the years.

The Plan

There are many ways to remotely access X programs, many of which are rarely used today. However, for this purpose, we are going to use SSH tunneling along with some special tricks to get the entire desktop running. It is easy to just run a single X program over SSH, and you’ve probably done that often. If so, you can skip to the next section.

Continue reading “Linux Fu: Raspberry Pi Desktop Headless” →

Physical Security Hack Chat With Deviant Ollam

June 1, 2020 by Dan Maloney 1 Comment

Join us on Wednesday, June 3 at noon Pacific for the Physical Security Hack Chat with Deviant Ollam!

You can throw as many resources as possible into securing your systems — patch every vulnerability religiously, train all your users, monitor their traffic, eliminate every conceivable side-channel attack, or even totally air-gap your system — but it all amounts to exactly zero if somebody leaves a door propped open. Or if you’ve put a $5 padlock on a critical gate. Or if your RFID access control system is easily hacked. Ignore details like that and you’re just inviting trouble in.

Once the black-hats are on the inside, their job becomes orders of magnitude easier. Nothing beats hands-on access to a system when it comes to compromising it, and even if the attacker isn’t directly interfacing with your system, having him or her on the inside makes social engineering attacks that much simpler. System security starts with physical security, and physical security starts with understanding how to keep the doors locked.

To help us dig into that, Deviant Ollam will stop by the Hack Chat. Deviant works as a physical security consultant and he’s a fixture on the security con circuit and denizen of many lockpicking villages. He’s well-versed in what it takes to keep hardware safe from unauthorized visits or to keep it from disappearing entirely. From CCTV systems to elevator hacks to just about every possible way to defeat a locked door, Deviant has quite a bag of physical security tricks, and he’ll share his insights on keeping stuff safe in a dangerous world.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, June 3 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links: May 31, 2020

May 31, 2020 by Dan Maloney 18 Comments

We begin with sad news indeed as we mark the passing of Marcel van Kervinck on Monday. The name might not ring a bell, but his project, the Gigatron TTL computer, certainly will. We did a deep dive on the microprocessor-less computer a while back, and Marcel was a regular at conferences and on the Gigatron forums, supporting users and extending what the computer can do. He was pretty candid about his health issues, and I’ll add that when I approached him a few weeks ago out of the blue about perhaps doing a Hack Chat about Gigatron, he was brutally honest about how little time he had left and that he wouldn’t make it that long. I was blown away by the grace and courage he displayed. His co-conspirator Walter Belger will carry on the Gigatron mission, including joining us for a Hack Chat on June 24. In the meantime, this might be a great time to pick up a Gigatron kit before they’re all sold out and get busy soldering all those delicious through-hole TTL chips.

May of 2020 is the month that never seems to end, and as the world’s focus seems to shift away from the immediate public health aspects of the ongoing COVID-19 pandemic to the long-term economic impact of the response to it, we happened across a very interesting article on just that topic. Mike Robbins from the Circuit Lab has modeled the economic impact of the pandemic using analog circuit simulations. He models people as charges and the flow of people between diseases states as currents; the model has capacitors to store the charge and allow him to measure voltages and filters that model the time delays needed for public policy changes to be adopted. It’s a fascinating mashup of engineering and policy. You can play with the model online, tweak parameters, and see what you come up with.

One of the things that the above model makes clear is that waiting to fully reopen the economy until a vaccine is ready is a long and dangerous game. But there has at least been some progress on that front, as Massachusetts biotech firm Moderna announced success in Phase 1 clinical trials of its novel mRNA vaccine against SARS-CoV-2. It’s important to temper expectations here; Phase 1 trials are only the beginning of human testing, aimed at determining the highest treatment dose that won’t cause serious side effects. Phase 2 and Phase 3 trials are much more involved, so there’s a long way to go before the vaccine, mRNA-1273, is ready for use. If you need to brush up on how these new vaccines work, check out our handy guide to mRNA vaccines.

In happier news, the “moar memory” version of the Raspberry Pi 4 is now on sale. Eben Upton announced that the 8GB version of the Pi 4 is now available for $75. The upgrade was apparently delayed by the lack of an 8GB LPDDR SDRAM chip in a package that would work in the Pi manufacturing process. They’ve also released a beta of a 64-bit version of the Raspberry Pi OS, if you’re interested in a bleeding-edge flex.

And finally, for those who missed the first wave of the computer revolution and never had a blinkenlight machine, you can at least partially scratch that itch with this Internet-connected Altair 8800. Jesse Downing has written a queueing system that allows users to connect to the machine via ssh and use Microsoft BASIC 5.0 on CP/M. Need to see those glorious front panels lights do their thing? Jesse has kindly set up a live stream for that, with an overlay of the current console output. It’s a great way to relive your misspent youth, or to get a taste of what computing was like when soldering skills were a barrier to entry.

DMCA Vs Hacker

May 30, 2020 by Elliot Williams 46 Comments

This week featured a large kerfuffle over a hack that you probably read about here on Hackaday: [Neutrino] wedged an OLED screen and an ESP32 into a Casio calculator. REACT, an anti-counterfeiting organization, filed DMCA copyright takedowns on Casio’s behalf everywhere, including GitHub and YouTube, and every trace of [Neutrino]’s project was scrubbed from the Internet.

The DMCA is an interesting piece of legislation. It’s been used to prevent people from working on their tractors, from refilling printer ink cartridges, and to silence dissenting opinions, but it’s also what allows us to have the Internet that we know and love, in a sense.

In particular, the “safe harbor” provision absolves online platforms like YouTube and GitHub from liability for content they host, so long as they remove it when someone makes a copyright claim on it. So if a content owner, say Casio, issues a takedown notice for [Neutrino]’s GitHub and YouTube content, they have to comply. If he believes the request to be made in error, [Neutrino] can then file a counter-notice. After ten to fourteen days, presuming no formal legal action has been taken, the content must be reinstated. (See Section 512(g).)

Both the takedown notice and counter-notice are binding legal documents, sworn under oath of perjury. Notices and counter-notices can be used or abused, and copyright law is famously full of grey zones. The nice thing about GitHub is that they publish all DMCA notices and counter-notices they receive, so here it is for you to judge yourself.

Because of the perjury ramifications, we can’t say that the folks at REACT who filed the takedown knowingly submitted a bogus request in bad faith — that would be accusing them of breaking federal law — but we can certainly say that it looks like they’re far off base here. They’re certainly not coders.

The good news is that the code is back up on GitHub, but oddly enough the video describing the hack is still missing on YouTube.

But here’s how this looks for Casio and REACT: they saw something that was unflattering to a product of theirs — that it could be used for cheating in school — and they sent in the legal attack squad. If that’s the case, that’s rotten.

Spacing Out: All The Orbital News You’re Missing

May 30, 2020 by Jenny List 19 Comments

We keep finding more great space stories than we can cover, so here’s a speed-run through the broader picture of the moment as it applies to space flight.

The big news this week was the first launch of a manned SpaceX Crew Dragon capsule to the ISS. I was excited because the pass en route to the space station was scheduled to be visible from the UK at dusk, and on Wednesday evening I perched atop a nearby hill staring intently at the horizon. Except it had been cancelled due to bad weather. The next launch window is planned for today and you can watch it live.

Meanwhile, fashion is the other piece of this manned-launch’s appeal. Their sharply-designed spacesuits have attracted a lot of attention, moving on from the bulky functional Michelin Man aesthetic of previous NASA and Roscosmos garments for a positively futuristic look that wouldn’t be out of place in Star Trek. Never mind that the two astronauts are more seasoned space dog than catwalk model, they still look pretty cool to us. Against the backdrop of a political upheaval at the top of NASA, this first crewed orbital mission from American soil since the retirement of the Shuttle has assumed an importance much greater than might be expected from a run-of-the-mill spaceflight.

While we’re on the subject of the ISS, it’s worth noting that we’re approaching twenty years since the first crew took up residence there, and it has been continuously crewed ever since as an off-planet outpost. This is an astounding achievement for all the engineers, scientists, and crews involved, and though space launches perhaps don’t have the magic they had five decades ago it’s still an awe-inspiring sight to see a man-made object big enough to discern its shape pass over in the night sky. We understand that current plans are to retain the station until at least 2030, so it’s a sight that should remain with us for a while longer.

Closer to Earth are a couple of tests for relative newcomers to the skies. When Richard Branson’s Virgin group isn’t trying to boot millionaires off the planet through its Virgin Galactic operation, it’s aiming to cheaply fling small satellites into orbit from a rocket-toting airborne Boeing 747 with its Virgin Orbit subsidiary. Their first test launch sadly didn’t make it to space, once the rocket had flawlessly launched from the airliner it suffered a fault and the mission had to be aborted. Getting into space is hard.

The second test was never intended to make it into space, but is no less noteworthy. The British company Skyrora have performed a successful ground test of their Skylark L rocket, aiming for a first launch next year and for offering low-earth orbit services by 2023. This is significant because it will be the first British launch since the ill-fated Black Arrow launch in 1971, and with their Scottish launch site the first ever from British soil. If you’ve seen Skyrora mentioned here before, it is because they were behind the retrieval of the Black Arrow wreckage from the Aussie outback that we mentioned when we wrote about that programme.

Looking forward to the coming week, especially today’s rescheduled SpaceX launch. This time however, I’ll check the weather conditions before climbing any hills.