This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
With Editor in Chief Mike Szczys off this week, Managing Editor Elliot Williams is joined by Staff Writer Dan Maloney to look over the hacks from the last week. If you’ve ever wondered how the Beatles sound on a floppy disk, wonder no more. Do you fear the coming robopocalypse? This noisy wall-climbing robot will put those fears to rest. We’ll take a look at an undersea lab worthy of the Cousteau name, and finally we’ll look inside a digital pregnancy test and wonder at its unusual power switch.
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Raccoon is the next flashy security flaw with a name, cute logo, and a website (and a PDF). Raccoon is a flaw in TLS version prior to 1.3, and seems to be a clever bit of work, albeit one with limited real-world application. The central problem is that these older versions of TLS, when using Diffie Hellman (DH), drop leading all-zero bytes in the resulting pre-master key. As that key is part of the input for calculating the master session key, a shortened pre-master key results in a slightly faster calculation of the master key. If an attacker can make fine-grained timing measurements, he can determine when the pre-master key is trimmed.
Let’s review Diffie Hellman, briefly. The client and server agree on two numeric values, a base g and modulus p, and each party generates a secret key, a and b. Each party calculates a public key by raising the shared base to their own private key, mod the shared modulus: A = g^a mod p. These public keys are exchanged, and each party raises the received key to their own secret key: A^b. Exponents have a non-obvious quirk, the power rule. A value raised to a power raised to a power is the same as the value raised to the power of the exponents multiplied together. g^a^b is equal to g^(a*b). By going through this mathematical dance, the server and client have arrived at a shared value that only they know, while preserving the secrecy of their private keys. Continue reading “Security This Week: Racoons In My TLS, Bypassing Frontends, And Obscurity”→
It’s a common enough Hollywood trope that we’ve all probably seen it: the general, chest bespangled with medals and ribbons, gazes at a big screen swarming with the phosphor traces of incoming ICBMs, defeatedly picks up the phone and somberly intones, “Get me the president.” We’re left on the edge of our seats as we ponder what it must be like to have to deliver the bad news to the boss, knowing full well that his response will literally light the world on fire.
Scenes like that work because we suspect that real-life versions of it probably played out dozens of times during the Cold War, and likely once or twice since its official conclusion. Such scenes also play into our suspicion that military and political leaders have at their disposal technologies that are vastly superior to what’s available to consumers, chief among them being special communications networks that provide capabilities we could only have dreamed of back then.
As it turns out, the US military did indeed have different and better telephone capabilities during the Cold War than those enjoyed by their civilian counterparts. But as we shall see, the increased capabilities of the network that came to be known as AUTOVON didn’t come so much from better technology, but more from duplicating the existing public switched-telephone network and using good engineering principles, a lot of concrete, and a dash of paranoia to protect it.
Just going by the numbers, it’s a pretty safe bet that most Hackaday readers own an Android device. Even if Google’s mobile operating system isn’t running on your primary smartphone, there’s a good chance it’s on your tablet, e-reader, smart TV, car radio, or maybe even your fridge. Android is everywhere, and while the development of this Linux-based OS has been rocky at times, the general consensus is that it seems to have been moving in the right direction over the last few years. Assuming your devices actually get the latest and greatest update, anyway.
So it’s not much of a surprise that Android 11, which was officially released yesterday, isn’t a huge update. There’s no fundamental changes in the core OS, because frankly, there’s really not a whole lot that really needs changing. Android has become mature enough that from here on out we’re likely to just see bug fixes and little quality of life improvements. Eventually Google will upset the apple cart (no pun intended) with a completely new mobile OS, but we’re not there yet.
Of course, that’s not to say there aren’t some interesting changes in Android 11. Or more specifically, changes that may actually be of interest to the average Hackaday reader. Let’s take a look at a handful of changes and tweaks worth noting for the more technical crowd.
Michelle is deeply involved in designing the virtual CTF challenge for this month’s GNU Radio Conference. Her experience includes dreaming up both in-person and virtual “Capture the Flag” style challenges that span both hardware and software. It’s fun to compete and a powerful way to learn, but how do you choose the hardware and dial-in the scope and difficulty for each part of the challenge? Join us for the chat as Michelle walks through how she builds great challenges.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
That was a close shave! On Tuesday, asteroid 2011 ES4 passed really close to the earth. JPL’s close approach data pegs its nominal distance from earth at about 0.00081083276352288 au! Yeah, we had to look it up too: that’s around 75,000 miles (120,000 kilometers), just ten times the diameter of the earth and only about one-third the distance from the earth the moon. It got within about 52,000 miles of the moon itself. Bookworms who made it all the way through Seveneves are surely sweating right now.
There’s a low current arms race when it comes to lighting up LEDs. The latest salvo in the field comes from [Christoph Tack] who boasts a current of 1.36 µA at 3 V for a green LED that is roughly 10x brighter than a phosphorescent watch dial. Of course, the TritiLED is the design being chased, which claims to run 17.6-20.2 years on a single CR2032 coin cell.
Proving once again that Hanna and Barbera were indeed future-tech prophets, flying cars are now a thing. Sky Drive Inc. made a four-minute test flight of a single passenger octo-rotor aircraft. Like a motorcycle of the sky (and those are a thing too) this thing is single-passenger and the cockpit is open air. The CNN article mentions that “The company hopes to make the flying car a part of normal life and not just a commodity”. Yeah, we’re sure they do, but in an age when electric cars are demonized for ranges in the low hundreds of miles, this is about as practical for widespread use as self-balancing electric unicycles.
Google and Apple built a COVID-19 contact tracing framework into their mobile platforms but stopped short of building the apps to actually do the work, anticipating that governments would want to control how the apps worked. So was the case with the European tracing app as Elliot Williams recently covered in this excellent overview. However, the United States has been slower to the game. Looks like the tech giants have become tired of waiting and have now made it possible for the framework itself to work as a contact tracing mechanism. To enable it, local governments need to upload a configuration file that sets parameters and URLs that redirect to informational pages from local health departments, and users must opt-in on their phone. All other tracing apps will continue to function, this is meant to add an option for places that have not yet adopted/developed their own app.
And finally, it’s time to take back responsibility for your poor spelling. Auto-correct has been giving us sardines instead of teaching how to fish for them ourselves. That ends now. The Autocorrect Remover is an extension for Google Docs that still tells you the word is wrong, but hides the correct spelling, gamifying it by having you guess the right spelling and rewarding you with points when you get it right.
“Keep it simple” sounds like such good advice, but what exactly is the “it”; what parts of a project should you try to keep simple? You can’t always make everything simple, can you? Are all kinds of “simplicity” equally valuable, or are there aspects of a design where simplicity has multiplier effects on the rest of the project?
I ran into two seemingly different, but surprisingly similar, design problems in the last couple weeks, and I realized that focusing on keeping one aspect of the project simple had a multiplier effect on the rest — simplifying the right part of the problem made everything drastically easier.
The first example was a scratch-built airplane design. I’d made a few planes over the summer, focusing on plans on the Interwebs that emphasize simplicity of the actual build. Consequently, the planes were a bit heavy, maybe not entirely aerodynamic, and probably underpowered. And this is because the effort you expend building the plane doesn’t fundamentally have anything to do with flight. Keeping the build simple doesn’t necessarily get you a good plane.
Weight, on the other hand, is central. Wings produce lift, whether measured in grams or ounces, and anything heavier just isn’t gonna fly. But reducing weight has a multiplier effect. Less weight means smaller and lighter motors and batteries. Structures don’t need to be as stiff if they’re not subject to heavier bending forces. And, important to the noob pilot, planes with less weight per wing area fly slower, giving me (ahem, the noob pilot) more reaction time when something goes sideways. Trying to simplify the design by trimming weight has knock-on effects all around.
My latest fully-DIY design threw out anything that brought weight along with it, including some parts I thought were necessary for stiffness or crash resistance. But with the significantly lowered weight, these problems evaporated without needing me to solve them — in a way, the complexity of design was creating the problems that the complexity of design was supposed to solve. Ditching it meant that I had a slow plane, with simple-to-build wings, that’s capable of carrying a lightweight FPV camera. Done and done! Simply.
Nope. Too complex.
At the same time, I’m building a four-axis CNC foam cutter. I’ve built many 3D printers, and played around with other folks’ DIY CNC machines, so I had a few design ideas in my head starting out. My first iteration of an XY axis for the machine runs on metal angle stock with a whopping eight skate bearings per axis. It’s strong and rigid, and clumsy and overkill, in a bad way for this machine.
3D printers want to move a relatively light tool head around a small volume, but relatively quickly. CNC mills need to be extremely rigid and shoulder heavy side loads, subject to some speed constraints. A foam cutter has none of these needs. The hot wire melts the foam by radiation, so there are no loads on the machine because it doesn’t even contact the workpiece. And because it cuts by melting, it has to go slow. These are the places in the design where simplification will bear the most fruit.
I write this in retrospect, or at least from the perspective of a second prototype. I wanted the first design to hold the cutting filament taut, hence the rigid frame. But separating the tension from the motion, by using a lightweight external bow to keep the filament tight, meant that the machine could be dead simple. I could use smaller plastic sliders instead of complex bearings, on thin rods instead of bulky rails. In a day after having this realization, I got twice as far as I had on the previous machine design in a week, and it takes up a lot less space in my basement.
So take your KISS to the next level. Brainstorm a while about the binding constraints on your design, and what relaxing any of them can do. Do any particular simplifications enable further simplifications? Those are the ones that you want to start with. Keep it simple, smartly. And because it’s not always easy to find these multiplier effects, tell your friends!
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.
Want this type of article to hit your inbox every Friday morning? You should sign up!
