Hackaday Columns

4621 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Anti-Gravity, Time Travel, And Teleportation: Dr. Hamming Gives Advice

June 1, 2021 by 27 Comments

You may not know the name [Richard Hamming], but you definitely use some of his work. While working for Bell Labs, he developed Hamming codes — the parent of a class of codes that detect, and sometimes correct, errors in everything from error-correcting memory to hard drives. He also worked on the Manhattan Project and was a lecturer at the Naval Postgraduate school.

Turns out [Hamming] has an entire class from the 1990s on YouTube and if you are interested in coding theory or several other topics, you could do worse than watch some of them. However, those videos aren’t what attracted me to the lectures. As the last lecture of his course, [Hamming] used to give a talk called “You and Your Research” and you can see one of the times he delivered it in the video below. You might think that it won’t apply to you because you aren’t a professional academic or researcher, but don’t be too quick to judge.

Turns out, [Hamming’s] advice — even by his own admission — is pretty general purpose for your career or even your life. His premise: As far as we know, you have one life to live, so why shouldn’t it be a worthwhile one by your definition of worthwhile.

Along the way, he has an odd combination of personal philosophy, advice for approaching technical problems, and survival skills for working with others. If you are in the field, you’ll probably recognize at least some of the names he drops and you’ll find some of this technical advice useful. But even if you aren’t, you’ll come away with something. Some of it seems like common sense, but it is different, somehow, to hear it spoken out loud. For example:

If you don’t work on important problems, it’s not likely that you’ll do important work.

One piece of technical advice? Don’t waste time working on problems you have no way to attack. He points out that anti-gravity, time travel, and teleportation would be very lucrative. But why work on them when there appears to be no way to even remotely accomplish them today. Well, at least when he said that. There has been a little progress on a form of teleportation, but that wasn’t what he was talking about anyway.

While not a hack in the traditional sense, examining your life, career, and technical research to improve your own effectiveness is something to take seriously. We were hoping he would throw in a joke about error-correcting your career, but unless we blinked, no such luck.

Hamming’s work on block codes was followed about ten years later by the Reed-Solomon code which is found nearly everywhere now. Hamming is also associated with the term “hamming distance,” something we talked about when discussing Gray code.

Continue reading “Anti-Gravity, Time Travel, And Teleportation: Dr. Hamming Gives Advice”

Satellite Communications Hack Chat

June 1, 2021 by No comments

Join us on Wednesday, June 2 at noon Pacific for the Satellite Comms Hack Chat with Paul Marsh!

All things considered, space isn’t that far away; you could drive the equivalent distance in an hour or two, with time for a couple of stops on the way. Of course, getting to space isn’t as simple as a Sunday drive, and yet despite the expense and trouble, we’ve still managed to fill our little corner of the solar system with an astonishing number of satellites.

Almost every single one of the spacecraft we’ve put in orbit represents a huge capital investment, both in terms of building something that can withstand the extreme environment up there and as far as the expense involved in getting it there. So once it gets there, it needs to start producing results, and for the most part that means sending some kind of messages back down to Earth. And those communications can be tempting indeed to hardware hackers.

Monitoring messages from on high is what the satcom radio hobby is all about. Learning how to do it properly can be tricky, though. What frequencies does one use? What are the modulation schemes? What kind of antennas would someone need? And what about tracking these birds as they whizz overhead?

To answer these questions and more, Paul Marsh from UHF-Satcom will stop by the Hack Chat. Paul has been interested in satellites since the early 1990s and coupled with his background in infosec and pentesting, he has uncovered a lot about the ins and outs of satellite snooping. Stop by the Hack Chat and learn how to sniff in on what’s going on upstairs.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, June 2 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links Column Banner

Hackaday Links: May 30, 2021

May 30, 2021 by 19 Comments

That collective “Phew!” you heard this week was probably everyone on the Mars Ingenuity helicopter team letting out a sigh of relief while watching telemetry from the sixth and somewhat shaky flight of the UAV above Jezero crater. With Ingenuity now in an “operations demonstration” phase, the sixth flight was to stretch the limits of what the craft can do and learn how it can be used to scout out potential sites to explore for its robot buddy on the surface, Perseverance.

While the aircraft was performing its 150 m move to the southwest, the stream from the downward-looking navigation camera dropped a single frame. By itself, that wouldn’t have been so bad, but the glitch caused subsequent frames to come in with the wrong timestamps. This apparently confused the hell out of the flight controller, which commanded some pretty dramatic moves in the roll and pitch axes — up to 20° off normal. Thankfully, the flight controller was designed to handle just such an anomaly, and the aircraft was able to land safely within five meters of its planned touchdown. As pilots say, any landing you can walk away from is a good landing, so we’ll chalk this one up as a win for the Ingenuity team, who we’re sure are busily writing code to prevent this from happening again.

If wobbling UAVs on another planet aren’t enough cringe for you, how about a blind mechanical demi-ostrich drunk-walking up and down a flight of stairs? The work comes from the Oregon State University and Agility Robotics, and the robot in question is called Cassie, an autonomous bipedal bot with a curious, bird-like gait. Without cameras or lidar for this test, the robot relied on proprioception, which detects the angle of joints and the feedback from motors when the robot touches a solid surface. And for ten tries up and down the stairs, Cassie did pretty well — she only failed twice, with only one counting as a face-plant, if indeed she had a face. We noticed that the robot often did that little move where you misjudge the step and land with the instep of your foot hanging over the tread; that one always has us grabbing for the handrail, but Cassie was able to power through it every time. The paper describing how Cassie was trained is pretty interesting — too bad ED-209’s designers couldn’t have read it.

So this is what it has come to: NVIDIA is now purposely crippling its flagship GPU cards to make them less attractive to cryptocurrency miners. The LHR, or “Lite Hash Rate” cards include new-manufactured GeForce RTX 3080, 3070, and 3060 Ti cards, which will now have reduced Ethereum hash rates baked into the chip from the factory. When we first heard about this a few months ago, we puzzled a bit — why would a GPU card manufacturer care how its cards are used, especially if they’re selling a ton of them. But it makes sense that NVIDIA would like to protect their brand with their core demographic — gamers — and having miners snarf up all the cards and leaving none for gamers is probably a bad practice. So while it makes sense, we’ll have to wait and see how the semi-lobotomized cards are received by the market, and how the changes impact other non-standard uses for them, like weather modeling and genetic analysis.

Speaking of crypto, we found it interesting that police in the UK accidentally found a Bitcoin mine this week while searching for an illegal cannabis growing operation. It turns out that something that uses a lot of electricity, gives off a lot of heat, and has people going in and out of a small storage unit at all hours of the day and night usually is a cannabis farm, but in this case it turned out to be about 100 Antminer S9s set up on janky looking shelves. The whole rig was confiscated and hauled away; while Bitcoin mining is not illegal in the UK, stealing the electricity to run the mine is, which the miners allegedly did.

And finally, we have no idea what useful purpose this information serves, but we do know that it’s vitally important to relate to our dear readers that yellow LEDs change color when immersed in liquid nitrogen. There’s obviously some deep principle of quantum mechanics at play here, and we’re sure someone will adequately explain it in the comments. But for now, it’s just a super interesting phenomenon that has us keen to buy some liquid nitrogen to try out. Or maybe dry ice — that’s a lot easier to source.

Retrotechtacular: The Drama Of Metal Forming

May 29, 2021 by 22 Comments

It may seem overwrought, but The Drama of Metal Forming actually is pretty dramatic.

This film is another classic of mid-century corporate communications that was typically shown in schools, which the sponsor — in this case Shell Oil — seeks to make a point about the inevitable march of progress, and succeeds mainly in showing children and young adults what lay in store for them as they entered a working world that needed strong backs more than anything.

Despite the narrator’s accent, the factories shown appear to be in England, and the work performed therein is a brutal yet beautiful ballet of carefully coordinated moves. The sheer power of the slabbing mills at the start of the film is staggering, especially when we’re told that the ingots the mill is slinging about effortlessly weigh in at 14 tons apiece. Seeing metal from the same ingots shooting through the last section of a roller mill at high speed before being rolled into coils gives one pause, too; the catastrophe that would result if that razor-sharp and red-hot metal somehow escaped the mill doesn’t bear imagining. Similarly, the wire drawing process that’s shown later even sounds dangerous, with the sound increasing in pitch to a malignant whine as the die diameter steps down and the velocity of the wire increases.

There are the usual charming anachronisms, such as the complete lack of safety gear and the wanton disregard for any of a hundred things that could instantly kill you. One thing that impressed us was the lack of hearing protection, which no doubt led to widespread hearing damage. Those were simpler times, though, and the march of progress couldn’t stop for safety gear. Continue reading “Retrotechtacular: The Drama Of Metal Forming”

Living Robots: Revisiting BEAM

May 29, 2021 by 40 Comments

You’re hit by the global IC shortage, reduced to using stone knives and bearskins, but you still want to make something neat? It’s time to revisit BEAM robots.

Biology, electronics, aesthetics, and mechanics — Mark Tilden came up with the idea of minimalist electronic creatures that, through inter-coupled weak control systems and clever mechanical setups, could mimic living bugs. And that’s not so crazy if you think about how many nerves something like a cockroach or an earthworm have. Yet their collection of sensors, motors, and skeletons makes for some pretty interesting behavior.

My favorite BEAM bots have always been the solar-powered ones. They move slowly or infrequently, but also inexorably, under solar power. In that way, they’re the most “alive”. Part of the design trick is to make sure they stay near their food (the sun) and don’t get stuck. One of my favorite styles is the “photovore” or “photopopper”, because they provide amazing bang for the buck.

Back in the heyday of BEAM, maybe 15 years ago, solar cells were inefficient and expensive, circuits for using their small current were leaky, and small motors were tricky to come by. Nowadays, that’s all changed. Power harvesting circuits leak only nano-amps, and low-voltage MOSFETs can switch almost losslessly. Is it time to revisit the BEAM principles? I’d wager you’d put the old guard to shame, and you won’t even need any of those newfangled microcontroller thingies, which are out of stock anyway.

If you make something, show us!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 120: Chip Shortage, VGA Glitching, Truly Owning Roku, And Omniballs

May 28, 2021 by 4 Comments

Hackaday editors Elliot Williams and Mike Szczys recount a week of awesome hacks. One you might have missed involves a Roku-based smart TV that was rooted and all secrets laid bare for the sole purpose of making an Ambilight setup work with it. We take a look at a creative blade-tracking system for a scrollsaw CNC project, and a robot arm that brings non-flat layers to 3D printing and envisions composite material printing. There’s a great template for video glitching using inexpensive VGA to CGA converter boards, cleanly squeezed into a nice enclosure. We are a bit giddy for the omniwheel robot designs [James Bruton] has been showing off. And we finish out the show with a great conversation happening this week on Hackaday: people from throughout the community share how the chip shortage is affecting their projects.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (Weighing in around 55 MB.)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 120: Chip Shortage, VGA Glitching, Truly Owning Roku, And Omniballs”

This Week In Security: M1RACLES, The Full Half-Double, And Patch Gaps

May 28, 2021 by 10 Comments

We occasionally make fun of new security vulnerabilities that have a catchy name and shiny website. We’re breaking new ground here, though, in covering a shiny website that makes fun of itself. So first off, this is a real vulnerability in Apple’s brand-new M1 chip. It’s got CVE-2021-30747, and in some very limited cases, it could be used for something malicious. The full name is M1ssing Register Access Controls Leak EL0 State, or M1RACLES. To translate that trying-too-hard-to-be-clever name to English, a CPU register is left open to read/write access from unprivileged userspace. It happens to be a two-bit register that doesn’t have a documented purpose, so it’s perfect for smuggling data between processes.

Do note that this is an undocumented register. If it turns out that it actually does something important, this vulnerability could get more serious in a hurry. Until then, thinking of it as a two-bit vulnerability seems accurate. For now, however, the most we have to worry about is that two processes can use this to pass information back and forth. This isn’t like Spectre or Rowhammer where one process is reading or writing to an unrelated process, but both of them have to be in on the game.

The discoverer, [Hector Martin], points out one example where this could actually be abused: to bypass permissions on iOS devices. It’s a clever scenario. Third party keyboards have always been just a little worrying, because they run code that can see everything you type, passwords included. The long-standing advice has been to never use such a keyboard, if it asks for network access permissions. Apple has made this advice into a platform rule — no iOS keyboards get network access. What if a device had a second malicious app installed, that did have Internet access permissions? With a covert data channel, the keyboard could shuffle keystrokes off to its sister app, and get your secrets off the device.

So how much should you care about CVE-2021-30747? Probably not much. The shiny site is really a social experiment to see how many of us would write up the vulnerability without being in on the joke. Why go to the hassle? Apparently it was all an excuse to make this video, featuring the appropriate Bad Apple!! music video.

Half-Double’ing Down on Rowhammer

A few days ago, Google announced the details of Half-Double, and the glass is definitely Half-Double full with all the silly puns that come to mind. The concept is simple: If Rowhammer works because individual rows of ram are so physically close together, does further miniaturization enable attacks against bits two rows away? The answer is a qualified yes.

Quick refresher, Rowhammer is an attack first demonstrated against DDR3 back in 2014, where rapid access to one row of memory can cause bit-flip errors in the neighboring row. Since then, there have been efforts by chip manufacturers to harden against Rowhammer, including detection techniques. At the same time, researchers have kept advancing the art through techniques like Double-Sided Rowhammer, randomizing the order of reads, and attempts to synchronize the attack with the ram’s refresh intervals. Half-Double is yet another way to overcome the protections built into modern ram chips.

We start by specifying a particular ram row as the victim (V). The row right beside it will be the near aggressor row (N), and the next row over we call the far aggressor row (F). A normal Rowhammer attack would simply alternate between reading from the near aggressor and a far-off decoy, rapidly toggling the row select line, which degrades the physical charge in neighboring bits. The Half-Double attack instead alternates between the far aggressor and a decoy row for 1000 cycles, and then reads from the near aggressor once. This process is repeated until the victim row has a bit flip, which often happens within a few dozen iterations. Because the hammering isn’t right beside the victim row, the built-in detection applies mitigations to the wrong row, allowing the attack to succeed in spite of the mitigations.

More Vulnerable Windows Servers

We talked about CVE-2021-31166 two weeks ago, a wormable flaw in Windows’ http.sys driver. [Jim DeVries] started wondering something as soon as he heard about the CVE. Was Windows Remote Management, running on port 5985, also vulnerable? Nobody seemed to know, so he took matters into hiis own hands, and confirmed that yes, WinRM is also vulnerable to this flaw. From what I can tell, this is installed and enabled by default on every modern Windows server.

And far from his optimistic assertion that surely no-one would expose that to the Internet… It’s estimated that there over 2 million IPs doing just that.

More Ransomware

On the ransomware front, there is an interesting story out of The Republic of Ireland. The health system there was hit by Conti ransomware, and the price for decryption set at the equivalent of $20 million. It came as a surprise, then, when a decryptor was freely published. There seems to be an ongoing theme in ransomware, that the larger groups are trying to manage how much attention they draw. On the other hand, this ransomware attack includes a threat to release private information, and the Conti group is still trying to extort money to prevent it. It’s an odd situation, to be sure.

Inside Baseball for Security News

I found a series of stories and tweets rather interesting, starting with the May Android updates at the beginning of the month. [Liam Tung] at ZDNet does a good job laying out the basics. First, when Google announced the May Android updates, they pointed out four vulnerabilities as possibly being actively exploited. Dan Goodin over at Ars Technica took umbrage with the imprecise language, calling the announcement “vague to the point of being meaningless”.

Shane Huntley jumped into the fray on Twitter, and hinted at the backstory behind the vague warning. There are two possibilities that really make sense here. The first is that exploits have been found for sale somewhere, like a hacker forum. It’s not always obvious if an exploit has indeed been sold to someone using it. The other possibility given is that when Google was notified about the active exploit, there was a requirement that certain details not be shared publicly. So next time you see a big organization like Google hedge their language in an obvious and seemingly unhelpful way, it’s possible that there’s some interesting situation driving that language. Time will tell.

The Patch Gap

The term has been around since at least 2005, but it seems like we’re hearing more and more about patch gap problems. The exact definition varies, depending on who is using the term, and what product they are selling. A good working definition is the time between a vulnerability being public knowledge and an update being available to fix the vulnerability.

There are more common reasons for patch gaps, like vulnerabilities getting dropped online without any coordinated disclosure. Another, more interesting cause is when an upstream problem gets fixed and publicly announced, and it takes time to get the fix pulled in. The example in question this week is Safari, and a fix in upstream WebKit. The bug in the new AudioWorklets feature is a type confusion that provides an easy way to do audio processing in a background thread. When initializing a new worker thread, the programmer can use their own constructor to build the thread object. The function that kicks off execution doesn’t actually check that it’s been given a proper object type, and the object gets cast to the right type. Code is executed as if it was correct, usually leading to a crash.

The bug was fixed upstream shortly after a Safari update was shipped. It’s thought that Apple ran with the understanding that this couldn’t be used for an actual RCE, and therefore hadn’t issued a security update to fix it. The problem there is that it is exploitable, and a PoC exploit has been available for a week. As is often the case, this vulnerability would need to be combined with at least one more exploit to overcome the security hardening and sandboxing built into modern browsers.

There’s one more quirk that makes this bug extra dangerous, though. On iOS devices, when you download a different browser, you’re essentially running Safari with a different skin pasted on top. As far as I know, there is no way to mitigate against this bug on an iOS device. Maybe be extra careful about what websites you visit for a few days, until this get fixed.

Via Ars Technica