Hands-On: Wireless Login With The New Mooltipass Mini BLE Secure Password Keeper

July 23, 2020 by Maya Posch 34 Comments

Remembering passwords is one of those things which one just cannot seem to escape. At the very least, we all need to remember a single password: namely the one for unlocking a password manager. These password managers come in a wide variety of forms and shapes, from software programs to little devices which one carries with them. The Mooltipass Mini BLE falls into the latter category: it is small enough to comfortably fit in a hand or pocket, yet capable of remembering all of your passwords.

Heading into its crowdfunding campaign, the Mooltipass Mini BLE is an evolution of the Mooltipass Mini device, which acts as a USB keyboard by default, entering log-in credentials for you. With the required browser extension installed, this process can also be automated when browsing to a known website. Any new credentials can also be saved automatically this way.

Where the Mooltipass Mini BLE differs from the original is in that it also adds a Bluetooth (BLE) mode, enabling it to be used easily with any BLE-capable device, including laptops and smartphones, without having to dig around for a USB cable and/or OTG adapter.

I have already been using the original Mooltipass Mini for a while, and the Mooltipass team was kind enough to send me a prototype Mooltipass Mini BLE for evaluation and comparison. Let’s take a look.

Continue reading “Hands-On: Wireless Login With The New Mooltipass Mini BLE Secure Password Keeper” →

Linux Fu: Keep In Sync

July 23, 2020 by Al Williams 28 Comments

Once upon a time, computers were very expensive and you were lucky to have shared access to one computer. While that might seem to be a problem, it did have one big advantage: all of your files were on that computer.

Today, we all probably have at least a desktop and one laptop. Your phone is probably a pretty good computer by most standards. You might have multiple computers and a smattering of tablets. So what do you do to keep your files accessible everywhere? Why not run your own peer-to-peer synchronization service? Your files are always under your control and encrypted in motion. There’s no central point of failure. You can do it with one very slick piece of Open Source software called syncthing. It runs on Windows, Linux, Mac, BSD, and Solaris. There are also Android clients. We haven’t tested it, but one caveat is that the unofficial iOS support sounds a little spotty.

The joke about the cloud — that it’s just other people’s servers — is on point here. Some people don’t like their files sitting on a third-party server. Even if your files are encrypted or you don’t care, you still have the problem of what happens if you can’t reach the server — may be on an airplane with no WiFi — or the server goes down. Sure, Google and Microsoft don’t go dark very often, but they can and do. Even if you build your own cloud, it runs on your servers. Syncthing is serverless: it simply makes sure that all files are up-to-date on all your end devices. Continue reading “Linux Fu: Keep In Sync” →

Beyond Printf(): Better Logging Practices For Faster Debugging

July 21, 2020 by Maya Posch 27 Comments

All of us who do some programming know that logging is a time-tested way to output messages about the internal state of our code. With varying degrees of adjustable granularity, these messages allow us to keep track of not only the state of the application, but also its overall health. When things do end up going FUBAR, these log messages are usually the first thing we look at as a software equivalent of a Flight Data Recorder in an airplane.

Spending some time and care in not only designing the logging system, but also in deciding what should be logged and at what level, can make our future self appreciate life a lot more. We’re all familiar with the practice of ‘printf-debugging’, where logging is added as part of the usual post-crash autopsy as one tries to figure out what exactly went wrong. It’s one way of doing it, and eventually it works, but we can do much better.

People are lazy, and you’re only going to stick to good logging practices if they are at least as easy if not easier than sprinkling printf() statement throughout the code. Yet at the same time we want to be able to handle things like log levels and newlines without too much extra typing. The most successful logging libraries are built with this

Continue reading “Beyond Printf(): Better Logging Practices For Faster Debugging” →

There’s An Engineer In Germany I’d Like A Word With; Tale Of A Crumbling Volkswagen Lock

July 20, 2020 by Jenny List 149 Comments

In common with quite a few in the hardware hacking community, I have a fondness for older vehicles. My “modern” ride is an older vehicle by today’s standards, a Volkswagen Polo 6N made in the late 1990s. It’s by my estimation a Good Car, having transported me reliably back and forth across the UK and Europe for several years.

Last week though, it let me down. Outside the church in a neighbouring village the driver’s door lock failed, leaving me with my igniton key stuck in the door, and a mildly embarrassing phone call to my dad to bring the Torx driver required to remove the assembly and release it. I am evidently not 1337 enough, I don’t carry a full set of Torx bits with me everywhere I go. The passenger side lock has never worked properly while I’ve had the car, and this is evidently my cue to sort it all out.

Continue reading “There’s An Engineer In Germany I’d Like A Word With; Tale Of A Crumbling Volkswagen Lock” →

Ubuntu Update Hack Chat

July 20, 2020 by Dan Maloney 18 Comments

Join us on Wednesday, July 22 at noon Pacific for the Ubuntu Update Hack Chat with Rhys Davies and Alan Pope!

Everyone has their favorite brands, covering everything from the clothes they wear to the cars they drive. We see brand loyalty informing all sorts of acquisition decisions, not only in regular consumer life but in technology, too. Brand decisions sort people into broad categories like Mac versus PC, or iPhone versus Android, and can result in spirited discussions of the relative merits of one choice over the others. It’s generally well-intentioned, even if it gets a bit personal sometimes.

Perhaps no choice is more personal in hacker circles than which Linux distribution to use. There are tons to choose from, each with their various features and particular pros and cons. Ubuntu has become a very popular choice for Linux aficionados, attracting more than a third of the market. Canonical is the company behind the Debian-based distro, providing editions that run on the desktop, on servers, and on a variety of IoT devices, as well as support and services for large-scale users.

To fill us in on what’s new in the world of Ubuntu, Canonical product manager Rhys Davies and developer advocate Alan Pope will stop by the Hack Chat this week. They’ll be ready to answer all your questions about the interesting stuff that’s going on with Ubuntu, including the recently announced Ubuntu Appliances, easy to install, low maintenance images for Raspberry Pis and PCs that are built for security and simplicity. We’ll also talk about snaps, desktops, and whatever else crops up.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 22 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Ubuntu Update Hack Chat” →

Hackaday Links: July 19, 2020

July 19, 2020 by Dan Maloney 19 Comments

Care to flex your ethical hacker muscles? The Defense Advanced Research Projects Agency, better known as DARPA, is running its first-ever bug-bounty program. The event is called “Finding Exploits to Thwart Tampering”, or FETT — get it? Bounty hunter? Fett? — and is designed to stress-test security hardware developed through DARPA’s System Security Integration Through Hardware and Firmware, or SSITH. Tortured backronyms and pop culture references aside, FETT will start this month and go through September. This is not an open challenge per se; rather, the Red Team will be coordinated by crowdsourced security research company Synack, who has called for security researchers to sign on.

The Linux kernel development team has decided to join the trend away from insensitive terminology like “master/slave” and “blacklist/whitelist” in coding style. A July 4 proposal by kernel maintainer Dan Williams goes into some detail on the logic of making the change, and it’s quite convincing stuff. It’s hard to argue with the fact that code reviewers can easily be distracted by coding style changes, so replacing terms that have become lightning rods only makes sense. Linus himself has signed off on the changes for all future code; the current terminology will only be allowed for purposes of maintaining older code.

Some stories just leap off the screen when you’re scanning headlines, and a story with the term “narco-antennas” practically begs further investigation. It turns out that the drug cartels in Mexico (and probably elsewhere, but the story focused on Mexico) are quite sophisticated in terms of communications technology. Eschewing cell phones for some of their communication needs for obvious reasons, they still apparently leverage the cell system by installing their own transceivers at cell sites. This can lead to some tense moments for the engineers who maintain legitimate gear at these sites; the story above recounts one hapless tech who powered down a site to make some repairs only to be confronted by armed men upset about the loss of their radios. It’s a fascinating look at the underworld and their technology, and we can’t help but feel for the men and women who have to face down these criminals just to do their jobs.

Way back in January — remember January? — we kicked off the 2020 Hack Chat series with a fellow named Alberto Caballero, principal investigator of the Habitable Exoplanet Hunting Project. At the time, I was blown away by the fact that the tiny changes in intensity caused by planets transiting across their star’s face were detectable on Earth with instruments an amateur astronomer could easily afford. And now, the project’s crowdsourced planet hunters have hit pay dirt, with the discovery of a Saturn-sized exoplanet in orbit within the habitable zone around star GJ 3470, also known as Gliese 3470, a red dwarf about 30 parsecs away in the constellation Cancer. Their paper is still in preprint and hasn’t been peer-reviewed yet, but it’s exciting to see this kind of citizen science being done, and we’d like to congratulate the team on their achievement and wish them continued luck in their search for “Earth 2.0”

And finally, if you can’t stand the idea that future archaeologists may someday pore over your code in an attempt to understand the digital lives of their long-dead forebears, then you might want to skip this story about how GitHub shipped 21 terabytes of open-source code to cold storage. The destination for the data, contained on reels of archive film and shipped on two pallets, is the world’s long-term memory: the Artic World Archive on the island of Svalbard. Perhaps better known for the Svalbard Seed Vault, where the genetic diversity of the world’s plants is stored, the Artic Code Vault is in a nearby abandoned coal mine and set deep within the permafrost. The rationale for making the effort to preserve code makes for some interesting reading, but we can’t help but feel that like the graffitists of Pompeii, if we’d known someone would be reading this stuff in a thousand years, we might have edited out a few things.