This Week In Security: SolarWinds And FireEye, WordPress DDoS, And Enhance!

December 18, 2020 by Jonathan Bennett 11 Comments

The big story this week is Solarwinds. This IT management company supplies network monitoring and other security equipment, and it seems that malicious code was included in a product update as early as last spring. Their equipment is present in a multitude of high-profile networks, like Fireeye, many branches of the US government, and pretty much any other large company you can think of. To say that this supply chain attack is a big deal is an understatement. The blame has initially been placed on APT42, AKA, the Russian hacking pros.

The attack hasn’t been without some positive effects, as Fireeye has released some of their internal tooling as open source as a result. Microsoft has led the official response to the attack, managing to win control of the C&C domain in court, and black-holing it.

The last wrinkle to this story is the interesting timing of the sale of some Solarwinds stock by a pair of investment firms. If those firms were aware of the breech, and sold their shares before the news was made public, this would be a classic case of illegal insider trading. Continue reading “This Week In Security: SolarWinds And FireEye, WordPress DDoS, And Enhance!” →

Remoticon Video: How To Use Max In Your Interactive Projects

December 17, 2020 by Mike Szczys 14 Comments

When you want to quickly pull together a combination of media and user interaction, looking to some building blocks for the heavy lifting can be a lifesaver. That’s the idea behind Max, a graphical programming language that’s gained a loyal following among anyone building art installations, technology demos (think children’s museum), and user Kiosks.

Guy Dupont gets us up to speed with a how to get started with Max workshop that was held during the 2020 Hackaday Remoticon. His crash course goes through the basics of the program, and provides a set of sixteen demos that you can play with to get your feet under you. As he puts it, if you need sound, video, images, buttons, knobs, sensors, and Internet data for both input and output, then Max is worth a look. Video of the workshop can be found below.

Continue reading “Remoticon Video: How To Use Max In Your Interactive Projects” →

Teardown: Siemens 8mm SMD Parts Feeder

December 16, 2020 by Jenny List 22 Comments

Many of Hackaday’s readers will be no stranger to surface mount electronic components, to the extent that you’ll likely be quite comfortable building your own surface-mount projects. If you have ever built a very large surface-mount project, or had to do a number of the same board though, you’ll have wished that you had access to a pick-and-place machine. These essential components of an electronics assembly line are CNC robots that pick up components from the reels of tape in which they are supplied, and place them in the appropriate orientation in their allotted places on the PCB. They are an object of desire in the hardware hacker community and over the years we’ve seen quite a few home-made examples. Their workings are easy enough to understand, but there is still much to gain by studying them, thus it was very interesting indeed to see a friend acquiring a quantity of surplus Siemens component feeders from an older industrial pick-and-place machine. A perfect opportunity for a teardown then, to see what makes them tick.

Continue reading “Teardown: Siemens 8mm SMD Parts Feeder” →

Remoticon Video: Intro To Modern Synthesis Using VCV Rack

December 15, 2020 by Dan Maloney 10 Comments

Modular synthesizers, with their profusion of knobs and switches and their seemingly insatiable appetite for patch cables, are wonderful examples of over-complexity — the best kind of complexity, in our view. Play with a synthesizer long enough and you start thinking that any kind of sound is possible, limited only by your imagination in hooking up the various oscillators, filters, and envelope generators. And the aforementioned patch cables, of course, which are always in short supply.

Luckily, though, patch cables and the modules they connect can be virtualized, and in his 2020 Remoticon workshop, Jonathan Foote showed us all the ways VCV Rack can emulate modular synthesizers right on your computer’s desktop. The workshop focused on VCV Rack, where Eurorack-style synthesizer modules are graphically presented in a configurable rack and patched together just like physical synth modules would be.

Continue reading “Remoticon Video: Intro To Modern Synthesis Using VCV Rack” →

Cecilia Payne-Gaposchkin Saw Through The Stars

December 15, 2020 by Kristina Panos 6 Comments

We as humans are limited in the ways we can look at things ourselves, and rely on on the different perspectives and insights of others to help make sense of things. All it takes is one person to look at a data set and find something completely different that changes our fundamental perception of the universe.

Cecilia Payne-Gaposchkin discovered that stars are primarily made of hydrogen and helium, at a time when astronomers thought that the Sun and the Earth had no significant elemental differences. She proposed that hydrogen wasn’t only more common, but that it was a million times more common.

This outlandish conclusion was roundly dismissed at the time, and she aquiesced to tone down some of the conclusions in her thesis, until her findings were widely confirmed a few years later. Truly groundbreaking, the discovery of the prevalence of hydrogen in stars paved the way for our current understanding of their role as the furnaces for the heavier elements that we know and love, and indeed are composed of.

Meteorites, Comets, and Bee Orchids

Cecilia Helena Payne was born May 10th, 1900 in Wendover, Buckinghamshire, England. She was one of three children born to Emma and Edward, a lawyer, historian, and musician. Her father died with she was four years old, leaving her mother to raise the family alone. Continue reading “Cecilia Payne-Gaposchkin Saw Through The Stars” →

China’s Moon Mission Was About More Than Rocks

December 14, 2020 by Tom Nardi 67 Comments

If everything goes according to plan, China will soon become the third country behind the United States and the Soviet Union to successfully return a sample of lunar material. Their Chang’e 5 mission, which was designed to collect 2 kilograms (4.4 pounds) of soil and rock from the Moon’s surface, has so far gone off without a hitch. Assuming the returning spacecraft successfully renters the Earth’s atmosphere and lands safely on December 16th, China will officially be inducted into a very exclusive club of Moon explorers.

Of course, spaceflight is exceedingly difficult and atmospheric reentry is particularly challenging. Anything could happen in the next few days, so it would be premature to celebrate the Chang’e 5 mission as a complete success. But even if ground controllers lose contact with the vehicle on its return to Earth, or it burns up in the atmosphere, China will come away from this mission with a wealth of valuable experience that will guide its lunar program for years to come.

In fact, one could argue that was always the real goal of the mission. While there’s plenty of scientific knowledge and not an inconsequential amount of national pride to be gained from bringing a few pounds of Moon rocks back to Earth, it’s no secret that China has greater aspirations when it comes to our nearest celestial neighbor. Starting with the launch of the Chang’e 1 in 2007, the Chinese Lunar Exploration Program has progressed through several operational phases, each more technically challenging than the last. Chang’e 5 represents the third phase of the plan, with only the establishment of robotic research station to go before the country says they’ll proceed with a crewed landing in the 2030s.

Which helps explain why, even for a sample return from the Moon, Chang’e 5 is such an extremely complex mission. A close look at the hardware and techniques involved shows a mission profile considerably more difficult than was strictly necessary. The logical conclusion is that China intentionally took the long way around so they could use it as a dry run for the more challenging missions that still lay ahead.

Continue reading “China’s Moon Mission Was About More Than Rocks” →

Hackaday Links: December 13, 2020

December 13, 2020 by Dan Maloney 16 Comments

Our Sun is getting a bit frisky these days, and has rewarded us with perhaps the best screensaver image ever taken. The incredibly detailed photo of a sunspot was actually taken back in January by the Daniel K. Inouye Solar Telescope, a 4-meter instrument with adaptive optics that can image the sun from the near-infrared to visible wavelengths and resolve surface details down to 20 km. The photo, with a distinct “Eye of Sauron” look, shows the massive convection cells surrounding the dark sunspot; an accompanying animation shows the movement of plasmas along the tortured lines of magnetic flux that cause the sunspot to form. It’s fascinating to watch, and even more interesting to mull over the technology that went into capturing it.

With the dustup surrounding the youtube-dl DCMA takedown by GitHub fresh on the open-source community’s minds, GitHub Universe 2020 had an interesting discussion about maintaining open-source software projects that’s worth watching. They focused on the challenges that youtube-dl maintainers face in keeping the tool working, and the impact their effort has on the people and groups that rely on them. To underscore that point, they featured a researcher with Human Rights Watch who depends on youtube-dl in her work, and made it quite clear that keeping up with all the API changes that constantly break open source tools like youtube-dl make the role of the maintainers that much more critical.

Speaking of GitHub, here’s a frightening and fascinating new tool: Depix, the password de-pixelizer. Developer Sipke Mellema noticed that his company often used pixelization to obscure passwords in documentation, and wondered if he could undo the process. He wrote up an article describing the pixelization process using a linear box filter and his method for attacking it, which involves generating a De Bruijn sequence in the same font, text size, and colors as the original document and feeding a screenshot of that and the pixellated password into the tool. We suspect it’ll only work for a subset of obfuscated passwords, but it’s still pretty clever.

‘Tis the season for Advent calendars, and the folks at QEMU have posted theirs. Open each of 24 doors on the calendar and you’re rewarded with a downloadable QEMU disk image that implements something fun. Minesweeper, a ray tracer that fits into a boot loader, and of course Conway’s Game of Life. The GW-BASIC image on Day 3 caught our eye — brings back some memories.

For anyone who has ever watched a Pixar film and wondered how all that animation actually works, here’s a great lesson in making art with math. The video is by Inigo Quilez and goes through the basics of rendering images using raymarching SDFs, or signed distance functions. In the beginning, it seemed like it was going to be a little bit like drawing an owl, but his descriptions of the math involved and how each element of the animation is just another formula is fascinating. What’s more, there’s a real-time rendering tool where you can inspect the code and edit it. Alas, my changes only made things worse, but it was still fun and instructive to play with. Check out the video after the break!

Continue reading “Hackaday Links: December 13, 2020” →