Hackaday Links: October 4, 2020

October 4, 2020 by Dan Maloney 9 Comments

In case you hadn’t noticed, it was a bad week for system admins. Pennsylvania-based United Health Services, a company that owns and operates hospitals across the US and UK, was hit by a ransomware attack early in the week. The attack, which appears to be the Ryuk ransomware, shut down systems used by hospitals and health care providers to schedule patient visits, report lab results, and do the important job of charting. It’s not clear how much the ransomers want, but given that UHS is a Fortune 500 company, it’s likely a tidy sum.

And as if an entire hospital corporation’s IT infrastructure being taken down isn’t bad enough, how about the multi-state 911 outage that occurred around the same time? Most news reports seemed to blame the outage on an Office 365 outage happening at the same time, but Krebs on Security dug a little deeper and traced the issue back to two companies that provide 911 call routing services. Each of the companies is blaming the other, so nobody is talking about the root cause of the issue. There’s no indication that it was malware or ransomware, though, and the outage was mercifully brief. But it just goes to show how vulnerable our systems have become.

Our final “really bad day at work” story comes from Japan, where a single piece of failed hardware shut down a $6-trillion stock market. The Tokyo Stock Exchange, third-largest bourse in the world, had to be completely shut down early in the trading day Thursday when a shared disk array failed. The device was supposed to automatically failover to a backup unit, but apparently the handoff process failed. This led to cascading failures and blank terminals on the desks of thousands of traders. Exchange officials made the call to shut everything down for the day and bring everything back up carefully. We imagine there are some systems people sweating it out this weekend to figure out what went wrong and how to keep it from happening again.

With our systems apparently becoming increasingly brittle, it might be a good time to take a look at what goes into space-rated operating systems. Ars Technica has a fascinating overview of the real-time OSes used for space probes, where failure is not an option and a few milliseconds error can destroy billions of dollars of hardware. The article focuses on the RTOS VxWorks and goes into detail on the mysterious rebooting error that affected the Mars Pathfinder mission in 1997. Space travel isn’t the same as running a hospital or stock exchange, of course, but there are probably lessons to be learned here.

As if 2020 hasn’t dealt enough previews of various apocalyptic scenarios, here’s what surely must be a sign that the end is nigh: AI-generated PowerPoint slides. For anyone who has ever had to sit through an endless slide deck and wondered who the hell came up with such drivel, the answer may soon be: no one. DeckRobot, a startup company, is building an AI-powered extension to Microsoft Office to automate the production of “company compliant and visually appealing” slide decks. The extension will apparently be trained using “thousands and thousands of real PowerPoint slides”. So, great — AI no longer has to have the keys to the nukes to do us in. It’ll just bore us all to death.

And finally, if you need a bit of a palate-cleanser after all that, please do check out robotic curling. Yes, the sport that everyone loves to make fun of is actually way more complicated than it seems, and getting a robot to launch the stones on the icy playing field is a really complex and interesting problem. The robot — dubbed “Curly”, of course — looks like a souped-up Roomba. After sizing up the playing field with a camera on an extendable boom, it pushes the stone while giving it a gentle spin to ease it into exactly the right spot. Sadly, the wickedly energetic work of the sweepers and their trajectory-altering brooms has not yet been automated, but it’s still pretty cool to watch. But fair warning: you might soon find yourself with a curling habit to support.

Paying It Forward

October 3, 2020 by Elliot Williams 21 Comments

It’s all those little things. A month ago, I was working on the axes for a foam-cutting machine. (Project stalled, will pick back up soon!) A week ago, somewhere else on the Internet, people were working on sliders that would ride directly on aluminum rails, a problem I was personally experiencing, and recommended using drawer-glide tape — a strip of PTFE or UHMW PE with adhesive backing on one side. Slippery plastic tape solves the metal-on-metal problem. It’s brilliant, it’s cheap, and it’s just a quick trip to the hardware store.

Just a few days ago, we covered another awesome linear-motion mechanical build in the form of a DIY camera rig that uses a very similar linear motion system to the one I had built as well: a printed trolley that slides on skate bearings over two rails of square-profile extruded aluminum. He had a very nice system of anchoring the spacers that hold the two rails apart, one of the sticking points in my build. I thought I’d glue things together, but his internal triangle nut holders are a much better solution because epoxy doesn’t like to stick to anodized aluminum. (And Alexandre, if you’re reading, that UHMW PE tape is just what you need to prevent bearing wear on your aluminum axes.)

Between these events, I got a message thanking me for an article that I wrote four years ago on debugging SPI busses. Apparently, it helped a small company to debug a problem and get their product out the door. Hooray!

So in one week, I got help from two different random strangers on a project that neither of them knew I was working on, and I somehow saved a startup. What kind of crazy marvelous world is this? It’s become so normal to share our ideas and experience, at least in our little corner of the Internet, that I sometimes fail to be amazed. But it’s entirely amazing. I know we’ve said it before, but we are living in the golden era of sharing ideas.

Thanks to all of you out there, and Read More Hackaday!

Retrotechtacular: The $5,000 40 Pound HP Classroom Computer

October 2, 2020 by Al Williams 21 Comments

See if you can talk your local school district into buying a computer that costs about $5,000 and weighs 40 pounds. That was HP’s proposition to schools back in 1968 so really it is more like $35,000 today. The calculator had a CRT display for the RPN stack that you could mirror on a big screen. You could also get a printer or plotter add-on. Pretty hot stuff for the ’60s.

The 1970 videos promoting the HP 9100, posted by the [Computer History Archive Project], shows something we’d think of as a clunky calculator, although by the standards of the day it was a pretty good one with trig functions and a crude programming capability.

Continue reading “Retrotechtacular: The $5,000 40 Pound HP Classroom Computer” →

How To Get Into Cars: Hypermiling Mods

October 2, 2020 by Lewin Day 58 Comments

While we’re currently in an era of comparatively low gas prices, the last few decades have seen much volatility in the oil market. This can hit the hip pocket hard, particularly for those driving thirstier vehicles. Thankfully, modifications can help squeeze a few extra miles out of each gallon of dinosaur juice if you know what you’re doing.

The art of striving for the best fuel economy is known as hypermiling, and involves a broad spectrum of tricks and techniques to get the most out of a drop of fuel. Let’s dive in to how you can build a more efficient cruiser for getting around town.

Step 1: Know Thine Enemy

The MPGuino is a great solution for monitoring fuel consumption in older cars without a trip computer.

If you want to improve your fuel economy, the first step is to measure it. Without accurate measurement, it’s impossible to quantify any gains made or optimise for the best performance. For those with modern cars, it’s likely that there’s already a trip computer built into the dash. Using this to track your fuel economy is the easiest solution. Instantaneous modes are useful to help improve driving habits, while average modes are great for determining the car’s economy over time.

However, many older vehicles don’t have such features installed as stock. Thankfully, there’s a few ways to work around this. For those driving post-1996 vehicles outfitted with an OBD-II port, tools like Kiwi or Scangauge can often track fuel economy. Failing this, most fuel injected cars can be fitted with a device like the MPGuino that monitors fuel injection to calculate consumption. Fundamentally, all of these tools involve tracking the amount of fuel used per distance travelled. Factory tools and OBD-II gauges do it by using the car’s standard hardware, while the MPGuino splices in to speedometer signals and injector triggers to do the same thing with an Arduino. If you do decide to install a custom device, make sure you calibrate it properly, else your figures won’t bear much resemblance to what’s going on in reality.

Of course, as long as your car has a working odometer and a fuel tank that doesn’t leak, there’s always the pen-and-paper method. Simply reset the trip odometer to zero after filling the tank to the brim. Then, when refilling the tank, fill all the way to the top, and divide the miles driven by the gallons of fuel added back to the tank. This isn’t the most accurate method, as the nature of gas station pumps and automotive fuel tanks mean that tanks aren’t always accurately filled to the brim, due to air pockets and devices used to prevent overfilling. Despite this, it’s a handy way of getting some ballpark figures of your car’s performance over time.

Continue reading “How To Get Into Cars: Hypermiling Mods” →

Hackaday Podcast 087: Sound-Shattering Gliders, Pressing Dashcam Buttons, And Ratcheting Up Time

October 2, 2020 by Mike Szczys No comments

Hackaday editors Mike Szczys and Elliot Williams dish up a hot slice of the week’s hardware hacks. We feature a lot of clocks on Hackaday, but few can compare to the mechanical engineering elegance of the band-saw-blade-based ratcheting clock we swoon over on this week’s show. We’ve found a superb use of a six-pin microcontroller, peek in on tire (or is that tyre) wear particles, and hear the sounds of 500 mph RC gliders. It turns out that 3D printers are the primordial ooze for both pumping water and positioning cameras. This episode comes to a close by getting stressed out over concrete.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 087: Sound-Shattering Gliders, Pressing Dashcam Buttons, And Ratcheting Up Time” →

This Week In Security: PunkBuster, NAT, NAS And MP3s

October 2, 2020 by Jonathan Bennett 4 Comments

Ah, the ever-present PDF, and our love-hate relationship with the format. We’ve lost count of how many vulnerabilities have been fixed in PDF software, but it’s been a bunch over the years. This week, we’re reminded that Adobe isn’t the only player in PDF-land, as Foxit released a round of updates, and there were a couple serious problems fixed. Among the vulnerabilities, a handful could lead to RCE, so if you use or support Foxit users, be sure to go get them updated.

PunkBuster

Remember PunkBuster? It’s one of the original anti-cheat solutions, from way back in 2000. The now-classic Return to Castle Wolfenstein was the first game to support PunkBuster to prevent cheating. It’s not the latest or greatest, but PunkBuster is still running on a bunch of game servers even today. [Daniel Prizmant] and [Mauricio Sandt] decided to do a deep dive project on PunkBuster, and happened to find an arbitrary file-write vulnerability, that could easily compromise a PB enabled server.

One of the functions of PunkBuster is a remote screenshot capture. If a server admin thinks a player is behaving strangely, a screenshot request is sent. I assume this targets so-called wallhack cheats — making textures transparent, so the player can see through walls. The problem is that the server logic that handles the incoming image has a loophole. If the filename ends in .png as expected, some traversal attack checks are done, and the png file is saved to the server. However, if the incoming file isn’t a png, no transversal detection is done, and the file is naively written to disk. This weakness, combined with the stateless nature of screenshot requests, means that any connected client can write any file to any location on the server at any time. To their credit, even Balance, the creators of PunkBuster, quickly acknowledged the issue, and have released an update to fix it.

Continue reading “This Week In Security: PunkBuster, NAT, NAS And MP3s” →

Even More Firmware In Your Firmware

October 1, 2020 by Kerry Scharfglass 13 Comments

There are many ways to update an embedded system in the field. Images can fly through the air one a time, travel by sneaker or hitch a ride on other passing data. OK, maybe that’s a stretch, but there are certainly a plethora of ways to get those sweet update bytes into a target system. How are those bytes assembled, and what are the tools that do the assembly? This is the problem I needed to solve.

Recall, my system wasn’t a particularly novel one (see the block diagram below). Just a few computers asking each other for an update over some serial busses. I had chosen to bundle the payload firmware images into the binary for the intermediate microcontroller which was to carry out the update process. The additional constraint was that the blending of the three firmware images (one carrier and two payload) needed to happen long after compile time, on a different system with a separate toolchain. There were ultimately two options that fit the bill.