Hackaday Links: November 8, 2020

November 8, 2020 by Dan Maloney 6 Comments

Saturday, November 7, 2020 – NOT PASADENA. Remoticon, the virtual version of the annual Hackaday Superconference forced upon us by 2020, the year that keeps on giving, is in full swing. As I write this, Kipp Bradford is giving one of the two keynote addresses, and last night was the Bring a Hack virtual session, which I was unable to attend but seems to have been very popular, at least from the response to it. In about an hour, I’m going to participate in the SMD Soldering Challenge on the Hackaday writing crew team, and later on, I’ll be emceeing a couple of workshops. And I’ll be doing all of it while sitting in my workshop/office here in North Idaho.

Would I rather be in Pasadena? Yeah, probably — last year, Supercon was a great experience, and it would have been fun to get together again and see everyone. But here we are, and I think we’ve all got to tip our hacker hats to the Remoticon organizers, for figuring out how to translate the in-person conference experience to the virtual space as well as they have.

The impact of going to a museum and standing in the presence of a piece of art or a historic artifact is hard to overstate. I once went to an exhibit of artifacts from Pompeii, and was absolutely floored to gaze upon a 2,000-year-old loaf of bread that was preserved by the volcanic eruption of 79 AD. But not everyone can get to see such treasures, which is why Scan the World was started. The project aims to collect 3D scans of all kinds of art and artifacts so that people can potentially print them for study. Their collection is huge and seems to concentrate on classic sculptures — Michelangelo’s David is there, as are the Venus de Milo, the Pieta, and Rodin’s Thinker. But there are examples from architecture, anatomy, and history. The collection seems worth browsing through and worth contributing to if you’re so inclined.

For all the turmoil COVID-19 has caused, it has opened up some interesting educational opportunities that probably wouldn’t ever have been available in the Before Time. One such opportunity is an undergraduate-level course in radio communications being offered on the SDRPlay YouTube channel. The content was created in partnership with the Sapienza University of Rome. It’s not entirely clear who this course is open to, but the course was originally designed for third-year undergrads, and the SDRPlay Educators Program is open to anyone in academia, so we’d imagine you’d need some kind of academic affiliation to qualify. The best bet might be to check out the intro video on the SDRPlay Educator channel and plan to attend the webinar scheduled for November 19 at 1300 UTC. You could also plan to drop into the Learning SDR and DSP Hack Chat on Wednesday at noon Pacific, too — that’s open to everyone, just like every Hack Chat is.

And finally, as if bald men didn’t suffer enough disrespect already, now artificial intelligence is having a go at them. At a recent soccer match in Scotland, an AI-powered automatic camera system consistently interpreted an official’s glabrous pate as the soccer ball. The system is supposed to keep the camera trained on the action by recognizing the ball as it’s being moved around the field. Sadly, the linesman in this game drew the attention of the system quite frequently, causing viewers to miss some of the real action. Not that what officials do during sporting events isn’t important, of course, but it’s generally not what viewers want to see. The company, an outfit called Pixellot, knows about the problem and is working on a solution. Here’s hoping the same problem doesn’t crop up on American football.

Fail Of The Week: Roboracer Meets Wall

November 8, 2020 by Roger Cheng 52 Comments

There comes a moment when our project sees the light of day, publicly presented to people who are curious to see the results of all our hard work, only for it to fail in a spectacularly embarrassing way. This is the dreaded “Demo Curse” and it recently befell the SIT Acronis Autonomous team. Their Roborace car gained social media infamy as it was seen launching off the starting line and immediately into a wall. A team member explained what happened.

A few explanations had started circulating, but only in the vague terms of a “steering lock” without much technical detail until this emerged. Steering lock? You mean like The Club? Well, sort of. While there was no steering wheel immobilization steel bar on the car, a software equivalent did take hold within the car’s systems. During initialization, while a human driver was at the controls, one of the modules sent out NaN (Not a Number) instead of a valid numeric value. This was never seen in testing, and it wreaked havoc at the worst possible time.

A module whose job was to ensure numbers stay within expected bounds said “not a number, not my problem!” That NaN value propagated through to the vehicle’s CAN data bus, which didn’t define the handling of NaN so it was arbitrarily translated into a very large number causing further problems. This cascade of events resulted in a steering control system locked to full right before the algorithm was given permission to start driving. It desperately tried to steer the car back on course, without effect, for the few short seconds until it met the wall.

While embarrassing and not the kind of publicity the Schaffhausen Institute of Technology or their sponsor Acronis was hoping for, the team dug through logs to understand what happened and taught their car to handle NaN properly. Driving a backup car, round two went very well and the team took second place. So they had a happy ending after all. Congratulations! We’re very happy this problem was found and fixed on a closed track and not on public roads.

[via Engadget]

Hackaday Podcast 092: Orbital Data By Mail, Human Flight On Styrofoam Wings, And Seven Shades Of E-Ink

November 6, 2020 by Mike Szczys 4 Comments

Hackaday editors Elliot Williams and Mike Szczys catch the best hacks you may have missed. This week we look at the new Raspberry Pi 400, use computer vision to get ready for geeky Christmas, and decypher a negative-space calendar. We get an answer to the question of what happens if you scale up a styrofoam airplane to human-size. Facebook is locking down VR headset, will hackers break them free? And take an excellent stroll down memory lane to find out what it was like to be a space-obsessed ham at the dawn of personal computers.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~60 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 092: Orbital Data By Mail, Human Flight On Styrofoam Wings, And Seven Shades Of E-Ink” →

This Week In Security: In The Wild, Through Your NAT, And Brave

November 6, 2020 by Jonathan Bennett 12 Comments

Most of the stories from this week are vulnerabilities dropped before fixes are available, many of them actively being exploited. Strap yourselves in!

Windows Kernel Crypto

The first is CVE-2020-17087, an issue in the Windows Kernel Cryptography Driver. The vulnerable system calls are accessible from unprivileged user-space, and potentially even from inside sandboxed environments. The resulting buffer overflow can result in arbitrary code executing in the kernel context, meaning this is a quick jump to root-level control over a victim system.

What exactly is the code flaw here that’s being attacked? It’s in a bit of buffer allocation logic, inside a binary-to-hex conversion routine. The function accepts an unsigned short length argument. That value is used to calculate the output buffer size, by multiplying it by six, and using an unsigned short to hold that value. See the problem? A sufficiently large value will roll over, and the output buffer size will be too small. It’s a value overflow that leads to a buffer overflow.

Because the problem is being actively exploited, the report has been made public just seven days after discovery. The flaw is still unpatched in Windows 10, as of the time of writing. It also seems to be present as far back as Windows 7, which will likely not receive a fix, being out of support. [Editor’s snarky note: Thanks, closed-source software.] Continue reading “This Week In Security: In The Wild, Through Your NAT, And Brave” →

Linux Fu: Monitor Disks

November 5, 2020 by Al Williams 7 Comments

If you want a quick view of a Linux system’s process load, you can use top or — slightly nicer — htop. But what if you want a quick snapshot of how the disk system is doing? There are a few tools you can use, some of which are not nearly as common as top.

First, iotop

Most similar to top is iotop. This program shows you the total and current disk read and write numbers for the file system and also shows you who is eating up the most disk I/O. This screen looks busy:

Continue reading “Linux Fu: Monitor Disks” →

Bespoke Storage Technologies: The Alphabet Soup Found In Modern Hard Drives And Beyond

November 4, 2020 by Bob Baddeley 70 Comments

It seems like just yesterday (maybe for some of you it was) we were installing Windows 3.1 off floppy drives onto a 256 MB hard drive, but hard drives have since gotten a lot bigger and a lot more complicated, and there are a lot more options than spinning platters.

The explosion of storage options is the result of addressing a variety of niches of use. The typical torrenter downloads a file, which is written once but read many times. For some people a drive is used as a backup that’s stored elsewhere and left unpowered. For others it is a server frequently reading and writing data like logs or swap files. In all cases it’s physics that sets the limits of what storage media can do; if you choose wisely for your use case you’ll get the bet performance.

The jargon in this realm is daunting: superparamagnetic limit, LMR, PMR, CMR, SMR, HAMR, MAMR, EAMR, XAMR, and QLC to name the most common. Let’s take a look at how we got here, and how the past and present of persistent storage have expanded what the word hard drive actually means and what is found under the hood.

Continue reading “Bespoke Storage Technologies: The Alphabet Soup Found In Modern Hard Drives And Beyond” →

Hackaday Links: November 1, 2020

November 1, 2020 by Dan Maloney 12 Comments

We normally chuckle at high-profile auctions where people compete to pay as much as possible for items they clearly don’t need. It’s easy to laugh when the items on the block are things like paint-spattered canvases, but every once in a while some genuine bit of history that really piques our interest goes on sale. Such is the case with what is claimed to be an original Steve Wozniak-built Blue Box, going on sale November 5. The prospectus has an excellent summary of the history of the “Two Steves” and their early business venture making and selling these devices to Berkeley students eager to make free long distance phone calls. The item on sale is a very early rev, most likely assembled by Woz himself. The current owner claims to have bought it from Woz himself in the summer of 1972 while on a roadtrip from Sunnyvale to Los Angeles. Estimated to go for $4,000 to $6,000, we really hope this ends up in a museum somewhere — while we’ve seen attempts to recreate Woz’s Blue Box on Hackaday.io, letting a museum study an original would be a great glimpse into our shared technological history.

Not in the market for old tech? No problem — Digilent wants to get rid of 3,000 PCBs, and quickly. They posted the unusual offer on reddit a couple of days ago; it seems they have a huge stock of populated boards for a product that didn’t quite take the market by storm. Their intention is likely not to flood the market with scopes cobbled together from these boards, but rather to make them available to someone doing some kind of art installation or for educational purposes. It’s a nice gesture, and a decent attempt to keep these out of the e-waste stream, so check it out if you have a need.

Speaking of PCBs, SparkFun has just launched an interesting new service: SparkFun À La Carte. The idea is to make it really easy to design and build prototype boards. Instead of using traditional EDA software, users select different blocks from a menu. Select your processor, add components like displays and sensors, and figure out how you want to power it, and SparkFun will do the rest, delivering a fully assembled board in a few weeks. It certainly stands to suck the fun out of the design process while also hoovering up your pocketbook: “A $949 design fee will be applied to all initial orders of a design”. You can get your hands on the design files, but that comes with an extra fee: “they can be purchased separately for $150 by filling out this form”. But for someone who just needs to hammer out a quick design and get on with the next job, this could be a valuable tool.

Another day, another IoT ghost: Reciva Radio is shutting down its internet radio service. A large banner at the top of the page warns that the “website will be withdrawn” on January 31, 2021, but functionality on the site already appears limited. Users of the service are also reporting that their Reciva-compatible radios are refusing to stream content, apparently because they can’t download anything from the service’s back end. This probably doesn’t have a huge impact — I’d never heard of Reciva before — but it makes me look at the Squeezebox radio we’ve got in the kitchen and wonder how long for the world that thing is. It’s not all bad news, though — owners of the bricked radios will now have a great opportunity to hack them back into usefulness.

By the time this article is published, Halloween will be history and the hordes of cosplaying candy-grubbers who served as welcome if ironic respite from this non-stop horror show of a year will be gone. Luckily, though, if it should come to pass that the dead rise from their graves — it’s still 2020, after all — we’ll know exactly how to defeat them with this zombie invasion calculator. You may remember that last year Dominik Czernia did something similar, albeit with vampires. Switching things up from the hemophagic to the cerebrophagic this year, his calculator lets you model different parameters, like undead conversion percentage, zombie demographics, and attack speed. You’ve also got tools for modeling the response of the living to the outbreak, to see how best to fight back. Spoiler alert: everyone will need to bring Tallahassee-level badassery if we’re going to get through this.