Hackaday Links: May 16, 2021

May 16, 2021 by Dan Maloney 19 Comments

With the successful arrival of China’s first Mars lander and rover this week, and the relatively recent addition of NASA’s Perseverance rover and its little helicopter sidekick Ingenuity, Mars has collected a lot of new hardware lately. But while the new kids on the block are getting all the attention, spare a thought for the reliable old warhorse which has been plying Gale Crater for the better part of a decade now — Curiosity. NASA has been driving the compact-car-sized rover around Mars for a long time now, long enough to rack up some pretty severe damage to its six highly engineered wheels, thanks to the brutal Martian rocks. But if you think Curiosity will get sidelined as its wheels degrade, think again — the rover’s operators have a plan to continue surface operations that includes ripping off its own wheels if necessary. It’s a complex operation that would require positioning the wheel over a suitable rock and twisting with the steering motor to peel off the outer section of the wheel, leaving a rim to drive around on. JPL has already practiced it, but they predict it won’t be necessary until 2034 or so. Now that’s thinking ahead.

With all the upheaval caused by the ongoing and worsening semiconductor shortage, it might seem natural to expect that manufacturers are responding to market forces by building new fabs to ramp up production. And while there seems to be at least some movement in that direction, we stumbled across an article that seems to give the lie to the thought that we can build our way out of the crisis. It’s a sobering assessment, to say the least; the essence of the argument is that 20 years ago or so, foundries thought that everyone would switch to the new 300-mm wafers, leaving manufacturing based on 200-mm silicon wafers behind. But the opposite happened, and demand for chips coming from the older 200-mm wafers, including a lot of the chips used in cars and trucks, skyrocketed. So more fabs were built for the 200-mm wafers, leaving relatively fewer fabs capable of building the chips that the current generation of phones, IoT appliances, and 5G gear demand. Add to all that the fact that it takes a long time and a lot of money to build new fabs, and you’ve got the makings of a crisis that won’t be solved anytime soon.

From not enough components to too many: the Adafruit blog has a short item about XScomponent, an online marketplace for listing your excess inventory of electronic components for sale. If you perhaps ordered a reel of caps when you only needed a dozen, or if the project you thought was a done deal got canceled after all the parts were ordered, this might be just the thing for you. Most items offered appear to have a large minimum quantity requirement, so it’s probably not going to be a place to pick up a few odd parts to finish a build, but it’s still an interesting look at where the market is heading.

Speaking of learning from the marketplace, if you’re curious about what brands and models of hard drives hold up best in the long run, you could do worse than to look over real-world results from a known torturer of hard drives. Cloud storage concern Backblaze has published their analysis of the reliability of the over 175,000 drives they have installed in their data centers, and there’s a ton of data to pick through. The overall reliability of these drives, which are thrashing about almost endlessly, is pretty impressive: the annualized failure rate of the whole fleet is only 0.85%. They’ve also got an interesting comparison of HDDs and SSDs; Backblaze only uses solid-state disks for boot drives and for logging and such, so they don’t get quite the same level of thrash as drives containing customer data. But the annualized failure rate of boot SDDs is much lower than that of HDDs used in the same role. They slice and dice their data in a lot of fun and revealing ways, including by specific brand and model of drive, so check it out if you’re looking to buy soon.

And finally, you know that throbbing feeling you get in your head when you’re having one of those days? Well, it turns out that whether you can feel it or not, you’re having one of those days every day. Using a new technique called “3D Amplified Magnetic Resonance Imaging”, or 3D aMRI, researchers have made cool new videos that show the brain pulsating in time to the blood flowing through it. The motion is exaggerated by the imaging process, which is good because it sure looks like the brain swells enough with each pulse to crack your skull open, a feeling which every migraine sufferer can relate to. This reminds us a bit of those techniques that use special algorithms to detects a person’s heartbeat from a video by looking for the slight but periodic skin changes that occurs as blood rushes into the capillaries. It’s also interesting that when we spied this item, we were sitting with crossed legs, watching our upper leg bounce slightly in time with our pulse.

Continue reading “Hackaday Links: May 16, 2021” →

Should I Automate This?

May 15, 2021 by Elliot Williams 65 Comments

The short answer to the question posed in the headline: yes.

For the long answer, you have to do a little math. How much total time you will save by automating, over some reasonable horizon? It’s a simple product of how much time per occurrence, times how many times per day it happens, times the number of days in your horizon. Or skip out on the math because there’s an XKCD for that.

What’s fun about this table is that it’s kind of a Rorschach test that gives you insight into how much you suffer from automatitis. I always thought that Randall was trying to convince himself not to undertake (fun) automation projects, because that was my condition at the time. Looking at it from my current perspective, it’s a little bit shocking that something that’ll save you five seconds, five times a day, is worth spending twelve hours on. I’ve got some automating to do.

To whit: I use pass as my password manager because it’s ultimately flexible, simple, and failsafe. It stores passwords on my hard drive, and my backup server, encrypted with a GPG key that I have printed out on paper in a fireproof safe. Because I practice good cookie hygiene, I end up re-entering my passwords daily. Because I keep my passwords separate from my browser, that means entering username and password by cut-and-paste. There’s your five seconds, five times per day. Maybe two seconds, ten times, but it’s all the same. It shouldn’t take me even as long as twenty minutes to whip up a script that puts username and password into selection and clipboard for one-click pasting. Why haven’t I done this yet? I’m going to get on it as soon as I’m done with this newsletter.

But the this begs the question. If you spend up to twelve hours on every possible 25-second-per-day savings, when will you ever get your real work done? Again, math gives us the answer. One eight-hour workday * 25 seconds * 12 hours (pessimistically) of labor = 1.58 years before everything that needs automating will be. Next week’s newsletter might be a little bit delayed.

What do you see in the XKCD “Is it worth the time” table? Automate more, or step back from the cliff edge?

Hackaday Podcast 118: Apple AirTag Hacked, Infill Without Perimeters, Hair-Pulling Robots, And Unpacking The 555

May 14, 2021 by Mike Szczys 5 Comments

Hackaday editors Elliot Williams and Mike Szczys gather to ooh and aah over a week of interesting hacks. This week we’re delighted to welcome special guest Kristina Panos to talk about the Inputs of Interest series she has been working on over the last couple of years. In the news is the effort to pwn the new Apple AirTags, with much success over the past week. We look at turning a screenless Wacom tablet into something more using a donor iPad, stare right into the heart of a dozen 555 die shots, and watch what happens when you only 3D print the infill and leave the perimeters out.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~55 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 118: Apple AirTag Hacked, Infill Without Perimeters, Hair-Pulling Robots, And Unpacking The 555” →

This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6

May 14, 2021 by Jonathan Bennett 26 Comments

Some weeks are slow, and the picking are slim when discussing the latest security news. This was not one of those weeks.

First up is Fragattacks, a set of flaws in wireless security protocols, allowing unauthenticated devices to inject packets into the network, and in some cases, read data back out. The flaws revolve around 802.11’s support for packet aggregation and frame fragmentation. The whitepaper is out, so let’s take a look.

Fragmentation and aggregation are techniques for optimizing wireless connections. Packet aggregation is the inclusion of multiple IP packets in a single wireless frame. When a device is sending many small packets, it’s more efficient to send them all at once, in a single wireless frame. On the other hand, if the wireless signal-to-noise ratio is less than ideal, shorter frames are more likely to arrive intact. To better operate in such an environment, long frames can be split into fragments, and recombined upon receipt.

There are a trio of vulnerabilities that are built-in to the wireless protocols themselves. First up is CVE-2020-24588, the aggregation attack. To put this simply, the aggregation section of a wireless frame header is unauthenticated and unencrypted. How to exploit this weakness isn’t immediately obvious, but the authors have done something clever.

First, for the purposes of explanation, we will assume that there is already a TCP connection established between the victim and an attacker controlled server. This could be as simple as an advertisement being displayed on a visited web page, or an image linked to in an email. We will also assume that the attacker is performing a Man in the Middle attack on the target’s wireless connection. Without the password, this only allows the attacker to pass the wireless frames back and forth unmodified, except for the aggregation header data, as mentioned. The actual attack is to send a special IP packet in the established TCP connection, and then modify the header data on the wireless frame that contains that packet.

When the victim tries to unpack what it believes to be an aggregated frame, the TCP payload is interpreted as a discrete packet, which can be addressed to any IP and port the attacker chooses. To put it more simply, it’s a packet within a packet, and the frame aggregation header is abused to pop the internal packet out onto the protected network. Continue reading “This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6” →

Toyota’s Hydrogen-Burning Racecar Soon To Hit The Track

May 13, 2021 by Lewin Day 90 Comments

With the rise of usable electric cars in the marketplace, and markets around the world slowly phasing out the sale of fossil fuel cars, you could be forgiven for thinking that the age of the internal combustion engine is coming to an end. History is rarely so cut and dry, however, and new technologies aim to keep the combustion engine alive for some time yet.

Toyota’s upcoming Corolla Sport-based hydrogen-burning racer. Credit: Toyota media

One of the most interesting technologies in this area are hydrogen-burning combustion engines. In contrast to fuel cell technologies, which combine hydrogen with oxygen through special membranes in order to create electricity, these engines do it the old fashioned way – in flames. Toyota has recently been exploring the technology, and has announced a racecar sporting a three-cylinder hydrogen-burning engine will compete in this year’s Fuji Super TEC 24 Hour race.

Hydrogen Engines?

The benefit of a hydrogen-burning engine is that unlike burning fossil fuels, the emissions from burning hydrogen are remarkably clean. Burning hydrogen in pure oxygen produces only water as a byproduct. When burned in atmospheric air, the result is much the same, albeit with small amounts of nitrogen oxides produced. Thus, there’s great incentive to explore the substitution of existing transportation fuels with hydrogen. It’s a potential way to reduce pollution output while avoiding the hassles of long recharge times with battery electric technologies. Continue reading “Toyota’s Hydrogen-Burning Racecar Soon To Hit The Track” →

Simple Encryption You Can Do On Paper

May 12, 2021 by Jenny List 73 Comments

It’s a concern for Europeans as it is for people elsewhere in the world: there have been suggestions among governments to either outlaw, curtail, or backdoor strong end-to-end encryption. There are many arguments against ruining encryption, but the strongest among them is that encryption can be simple enough to implement that a high-school student can understand its operation, and almost any coder can write something that does it in some form, so to ban it will have no effect on restricting its use among anyone who wants it badly enough to put in the effort to roll their own.

With that in mind, we’re going to have a look at the most basic ciphers, the kind you could put together yourself on paper if you need to.

Continue reading “Simple Encryption You Can Do On Paper” →

The Mysterious Wobble Of Muons

May 11, 2021 by Moritz v. Sivers 8 Comments

You might think that particle physicists would be sad when an experiment comes up with different results than their theory would predict, but nothing brightens up a field like unexplained phenomena. Indeed, particle physicists have been feverishly looking for deviations from the Standard Model. This year, there have been tantalizing signs that a long unresolved discrepancy between theory and experiment will be confirmed by new experimental results.

In particular, the quest to measure the magnetic moment of muons started more than 60 years ago, and this has been measured ever more precisely since. From an experiment in 1959 at CERN in Switzerland, to the turn of the century at Brookhaven, to this year’s result at Fermilab, the magnetic moment of the muon seems to be at odds with theoretical predictions.

Although a statistical fluke is basically excluded, this value also relies on complex theoretical calculations that are not all in agreement. Instead of heralding a new era of physics, it might just be another headline too good to be true. But some physicists are mumbling “new particle” in hushed tones. Let’s see what all the fuss is about.

Continue reading “The Mysterious Wobble Of Muons” →