This Week In Security: Recall, BadRAM, And OpenWRT

December 13, 2024 by Jonathan Bennett 6 Comments

Microsoft’s Recall feature is back. You may remember our coverage of the new AI feature back in June, but for the uninitiated, it was a creepy security trainwreck. The idea is that Windows will take screenshots of whatever is on the screen every few seconds, and use AI to index the screenshots for easier searching. The only real security win at the time was that Microsoft managed to do all the processing on the local machine, instead of uploading them to the cloud. All the images and index data was available unencrypted on the hard drive, and there weren’t any protections for sensitive data.

Things are admittedly better now, but not perfect. The recall screenshots and database is no longer trivially opened by any user on the machine, and Windows prompts the user to set up and authenticate with Windows Hello before using Recall. [Avram] from Tom’s Hardware did some interesting testing on the sensitive information filter, and found that it worked… sometimes.

So, with the public preview of Recall, is it still creepy? Yes. Is it still a security trainwreck? It appears that the security issues are much improved. Time will tell if a researcher discovers a way to decrypt the Recall data outside of the Recall app.

Patch Tuesday

Since we’re talking about Microsoft, this week was Patch Tuesday, and we had seventy-one separate vulnerabilities fixed, with one of those being a zero-day that was used in real-world attacks. CVE-2024-49138 doesn’t seem to have a lot of information published yet. We know it’s a Heap-based Buffer Overflow in the Common Log File driver, and allows an escalation of privilege to SYSTEM on Windows machines. Continue reading “This Week In Security: Recall, BadRAM, And OpenWRT” →

Retrotechtacular: 1980s Restoration Of San Francisco’s Cable Car System

December 11, 2024 by Maya Posch 43 Comments

The cable car system of San Francisco is the last manually operated cable car system in the world, with three of the original twenty-three lines still operating today. With these systems being installed between 1873 and 1890, they were due major maintenance and upgrades by the time the 1980s and with it their 100th year of operation rolled around. This rebuilding and upgrading process was recorded in a documentary by a local SF television station, which makes for some fascinating viewing.

San Francisco cable car making its way through traffic. Early 20th century.

While the cars themselves were fairly straight-forward to restore, and the original grips that’d latch onto the cable didn’t need any changes. But there were upgrades to the lubrication used (originally pine tar), and the powerhouse (the ‘barn’) was completely gutted and rebuilt.

As opposed to a funicular system where the cars are permanently attached to the cable, a cable car system features a constantly moving cable that the cars can grip onto at will, with most of the wear and tear on the grip dies. Despite researchers at San Francisco State University (SFSU) investigating alternatives, the original metal grip dies were left in place, despite their 4-day replacement schedule.

Ultimately, the rails and related guides were all ripped out and replaced with new ones, with the rails thermite-welded in place, and the cars largely rebuilt from scratch. Although new technologies were used where available, the goal was to keep the look as close as possible to what it looked at the dawn of the 20th century. While more expensive than demolishing and scrapping the original buildings and rolling stock, this helped to keep the look that has made it a historical symbol when the upgraded system rolled back into action on June 21, 1984.

Decades later, this rebuilt cable car system is still running as smoothly as ever, thanks to these efforts. Although SF’s cable car system is reportedly mostly used by tourists, the technology has seen somewhat of a resurgence. Amidst a number of funicular systems, a true new cable car system can be found in the form of e.g. the MiniMetro system which fills the automated people mover niche.

Continue reading “Retrotechtacular: 1980s Restoration Of San Francisco’s Cable Car System” →

FLOSS Weekly Episode 813: Turn Off The Internet

December 11, 2024 by Jonathan Bennett No comments

This week, Jonathan Bennett, Simon Phipps, and Aaron Newcomb chat about retrocomputing, Open Source AI, and … politics? How did that combination of topics come about? Watch to find out!

Continue reading “FLOSS Weekly Episode 813: Turn Off The Internet” →

It’s Remotely Ham Radio

December 11, 2024 by Al Williams 32 Comments

Have you ever considered running your ham radio remotely? It has been feasible for years but not always easy. Recently, I realized that most of the pieces you need to get on the air remotely are commonplace, so I decided to take the plunge. I won’t give step-by-step instructions because your radio, computer setup, and goals are probably different from mine. But I will give you a general outline of what you can do.

I’m fortunate enough to have a sizeable freestanding shop in my backyard. When I had it built, I thought it was huge. Now, not so much. The little space is crammed with test equipment, soldering gear, laser cutters, drill presses, and 3D printers. I’ve been a ham for decades, but I didn’t have room for the radios, nor did I have an antenna up. But a few months ago, I made space, set some radios up, strung out a piece of wire, and got back on the air. I had so much fun I decided it was time to buy a new radio. But I didn’t want to have to go out to the shop (or the lab, as I like to call it) just to relax with some radio time.

Continue reading “It’s Remotely Ham Radio” →

2025 Hackaday Europe CFP: We Want You!

December 10, 2024 by Elliot Williams 9 Comments

Hackaday’s Supercon is still warm in our hearts, and the snow is just now starting to fall, but we’re already looking forward to Spring. Or at least to Hackaday Europe, which will be taking place March 15th and 16th in Berlin, Germany.

Tickets aren’t on sale yet, but we know a way that you can get in for free.

Call for Participation

What makes Hackaday Europe special? Well, it’s you! We’re excited to announce that we’re opening up our call for talks right now, and we can’t wait to hear what you have to say. Speakers of course get in free, but the real reason that you want to present is whom you’re presenting to.

The Hackaday audience is interested, inquisitive, and friendly. If you have a tale of hardware, firmware, or software derring-do that would only really go over with a Hackaday crowd, this is your chance. We have slots open for shorter 20-minute talks as well as longer 40-minute ones, so whether you’ve got a quick hack or you want to take a deep dive, we’ve got you covered. We especially love to hear from new voices, so if you’ve never given a talk about your projects before, we’d really encourage you to apply!

Here is last year’s lineup, if you’re wondering what goes on, and if your talk would fit in.

Continue reading “2025 Hackaday Europe CFP: We Want You!” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Funny Keyboard

December 9, 2024 by Kristina Panos 19 Comments

What’s the most important keyboard macro you know? Honestly, it’s probably Ctrl-S. But do you use that one often enough? Chances are, you do not. What you need is a giant, dedicated Save keyboard that looks like a floppy disk.

A physical Save button that looks like a floppy disk and sends Ctrl-S over USB-C. — Image by [Makestreme] via Hackaday.IO

[Makestreme] recently started creating YouTube videos, but wasn’t pressing Save often enough. Couple that with editing software that crashes, and the result is hours of lost work.

Just like you’d expect, pressing the floppy icon triggers Ctrl-S when connected over USB-C. Internally, it’s a Seeeduino Xiao, a push button, and some wires.

The floppy disk itself is made of foam board, and everything is encased in a picture frame. If you want to make one for yourself, [Makestreme] has some great instructions over on IO.

Continue reading “Keebin’ With Kristina: The One With The Funny Keyboard” →

Hackaday Links: December 8, 2024

December 8, 2024 by Dan Maloney 14 Comments

For some reason, we never tire of stories highlighting critical infrastructure that’s running outdated software, and all the better if it’s running on outdated hardware. So when we learned that part of the San Francisco transit system still runs on 5-1/4″ floppies, we sat up and took notice. The article is a bit stingy with the technical details, but the gist is that the Automatic Train Control System was installed in the Market Street subway station in 1998 and uses three floppy drives to load DOS and the associated custom software. If memory serves, MS-DOS as a standalone OS was pretty much done by about 1995 — Windows 95, right? — so the system was either obsolete before it was even installed, or the 1998 instance was an upgrade of an earlier system. Either way, the San Francisco Municipal Transportation Agency (SFMTA) says that the 1998 system due to be replaced originally had a 25-year lifespan, so they’re more or less on schedule. Replacement won’t be cheap, though; Hitachi Rail, the same outfit that builds systems that control things like the bullet train in Japan, is doing the job for the low, low price of $212 million.

Continue reading “Hackaday Links: December 8, 2024” →