This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
You may have seen the Ruideng range of programmable power supply modules from China: small and relatively inexpensive switch-mode buck converters, with microprocessor control and a front panel featuring a large colour OLED screen. Given 30 volts or so they can supply any lower voltage with the extra bonus of current limiting. They’ve been so successful over the several years they’ve been available that they’ve even spawned their own Chinese clones, and countless hacker projects, for instance on the DPS300X and DPS500X models.
Late last year a new module came from Ruideng, the Riden-branded RD6006 combines the basic idea of the previous modules with an extremely flexible front panel with full keypad and rotary encoder, creating something like the front panel to a decent bench power supply but without the accompanying power supply. I ordered one, waited for it to clear customs, took it to my bench, and reviewed it. Continue reading “Review: The Riden RD6006W DC Power Supply Module”→
Just a few weeks ago in the Links article, we ran a story about Tanner Electronics, the Dallas-area surplus store that was a mainstay of the hacker and maker scene in the area. At the time, Tanner’s owners were actively looking for a new, downsized space to move into, and they were optimistic that they’d be able to find something. But it appears not to be, as we got word this week from James Tanner that the store would be shutting its doors after 40 years in business. We’re sad to see anyone who’s supported the hardware hacking scene be unable to make a go of it, especially after four decades of service. But as we pointed out in “The Death of Surplus”, the center of gravity of electronics manufacturing has shifted dramatically in that time, and that’s changed the surplus market forever. We wish the Tanner’s the best of luck, and ask those in the area to stop by and perhaps help them sell off some of their inventory before they close the doors on May 31.
Feel like getting your inner Gollum on video but don’t know where to begin? Open source motion capture might be the place to start, and Chordata will soon be here to help. We saw Chordata as an entry in the 2018 Hackaday Prize; they’ve come a long way since then and are just about to open up their Kickstarter. Check out the video for an overview of what Chordata can do.
Another big name in the open-source movement has been forced out of the organization he co-founded. Eric S. Raymond, author of The Cathedral and the Bazaar and co-founder and former president of the Open Source Initiative has been removed from mailing lists and banned from communicating with the group. Raymond, known simply as ESR, reports that this was in response to “being too rhetorically forceful” in his dissent from proposed changes to OSD, the core documents that OSI uses to determine if software is truly open source. Nobody seems to be saying much about the behavior that started the fracas.
COVID-19, the respiratory disease caused by the newly emerged SARS-CoV-2 virus, has been spreading across the globe, causing panic and claiming lives. It’s not without its second-order effects either, of course, as everything from global supply chains to conferences and meetings have been disrupted. And now, coronavirus can be blamed for delaying the ESA/Russian joint ExoMars mission. The mission is to include a Russian-built surface platform for meteorological and biochemical surveys, plus the ESA’s Rosalind Franklin rover. Program scientists are no longer able to travel and meet with their counterparts to sort out issues, severely crimping productivity and forcing the delay. Social distancing and working from home can only take you so far, especially when you’re trying to get to Mars. We wonder if NASA’s Perseverance will suffer a similar fate.
Speaking of social distancing, if you’ve already decided to lock the doors and hunker down to wait out COVID-19, you’ll need something to keep you from going stir crazy. One suggestion: learn a new skill, like PCB design. TeachMePCB is offering a free rigid PCB design course starting March 28. If you’re a newbie, or even if you’ve had some ad hoc design experience, this could be a great way to productively while away some time. And if that doesn’t work for you, check out Bartosz Ciechanowski’s Gears page. It’s an interactive lesson on why gears look like they do, and the math behind power transmission. Ever wonder why gear teeth have an involute shape? Bartosz will fix you up.
Stay safe out there, everyone. And wash those hands!
We think of the mobile phone — well, what we would call a cell phone — as something fairly modern. Many of us can still remember when using a ham radio phone patch from your parked car would have people staring and murmuring. But it turns out in the late 1940s, Bell Telephone offered Mobile Telephone Service (MTS). It was expensive and didn’t work as well as what we have now, but it did let you make or receive calls from your automobile. After the break, you can see a promotional film about MTS.
The service rolled out in St. Louis in the middle of 1946. The 80-pound radios went in the trunk with a remote handset wired to the dashboard. At first, there were only 3 channels but later Bell added 29 more to keep up with demand. An operator connected incoming and outbound calls and if three other people were using their mobile phones, you were out of luck.
Hackaday editor Elliot Williams and contributor Jonathan Bennett discuss the past week of Hackaday. Freeman Dyson, who wanted to send us to space on the back of nuclear explosions, passed away. Only slightly less dangerous, we looked at self-balancing vehicles, 3D printed press brakes, and making rubies in the home lab. All the usual suspects make cameo appearances: robots, FPGAs, and open-source software.
Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Ready for more speculative execution news? Hope so, because both Intel and AMD are in the news this week.
The first story is Load Value Injection, a different approach to reading arbitrary memory. Rather than try to read protected memory, LVI turns that on its head by injecting data into a target’s data. The processor speculatively executes based on that bad data, eventually discovers the fault, and unwinds the execution. As per other similar attacks, the execution still changes the under-the-hood state of the processor in ways that an attacker can detect.
What’s the actual attack vector where LVI could be a problem? Imagine a scenario where a single server hosts multiple virtual machines, and uses Intel’s Secure Guard eXentensions enclave to keep the VMs secure. The low-level nature of the attack means that not even SGX is safe.
The upside here is that the attack is quite difficult to pull off, and isn’t considered much of a threat to home users. On the other hand, the performance penalty of the suggested fixes can be pretty severe. It’s still early in the lifetime of this particular vulnerability, so keep an eye out for further updates.
AMD’s Takeaway Bug
AMD also found itself on the receiving end of a speculative execution attack (PDF original paper here). Collide+Probe and Load+Reload are the two specific attacks discovered by an international team of academics. The attacks are based around the reverse-engineering of a hash function used to speed up cache access. While this doesn’t leak protected data quite like Spectre and Meltdown, it still reveals internal data from the CPU. Time will tell where exactly this technique will lead in the future.
To really understand what’s going on here, we have to start with the concept of a hash table. This idea is a useful code paradigm that shows up all over the place. Python dictionaries? Hash tables under the hood.
Imagine you have a set of a thousand values, and need to check whether a specific value is part of that set. Iterating over that entire set of values is a computationally expensive proposition. The alternative is to build a hash table. Create an array of a fixed length, let’s say 256. The trick is to use a hash function to sort the values into this array, using the first eight bits of the hash output to determine which array location each value is stored in.
When you need to check whether a value is present in your set, simply run that value through the hash function, and then check the array cell that corresponds to the hash output. You may be ahead of me on the math — yes, that works out to about four different values per array cell. These hash collisions are entirely normal for a hash table. The lookup function simply checks all the values held in the appropriate cell. It’s still far faster than searching the whole table.
AMD processors use a hash table function to check whether memory requests are present in L1 cache. The Takeaway researchers figured out that hash function, and can use hash collisions to leak information. When the hash values collide, the L1 cache has two separate chunks of memory that need to occupy the same cache line. It handles this by simply discarding the older data when loading the colliding memory. An attacker can abuse this by measuring the latency of memory lookups.checking
If an attacker knows the memory location of the target data, he can allocate memory in a different location that will be stored in the same cache line. Then by repeatedly loading his allocated memory, he knows whether the target location has been accessed since his last check. What real world attack does that enable? One of the interesting ones is mapping out the memory layout of ASLR/KASLR memory. It was also suggested that Takeaway could be combined with the Spectre attack.
There are two interesting wrinkles to this story. First, some have pointed out the presence of a thank-you to Intel in the paper’s acknowledgements. “Additional funding was provided by generous gifts from Intel.” This makes it sound like Intel has been funding security research into AMD processors, though it’s not clear what exactly this refers to.
Lastly, AMD’s response has been underwhelming. At the time of writing, their official statement is that “AMD believes these are not new speculation-based attacks.” Now that the paper has been publicly released, that statement will quickly be proven to be either accurate or misinformed.
Closed Source Privacy?
The Google play store and iOS app store is full of apps that offer privacy, whether it be a VPN, adblocker, or some other amazing sounding application. The vast majority of those apps, however, are closed source, meaning that you have little more than trust in the app publisher to ensure that your privacy is really being helped. In the case of Sensor Tower, it seems that faith is woefully misplaced.
A typical shell game is played, with paper companies appearing to provide apps like Luna VPN and Adblock Focus. While technically providing the services they claim to provide, the real aim of both apps is to send data back to Sensor Tower. When it’s possible, open source is the way to go, but even an open source app can’t protect you against a malicious VPN provider.
Does the word “#backdoor” seem frightening? That’s because it’s often used incorrectly – sometimes to deliberately create fear. Watch to learn the truth about backdoors and other types of network access. #cybersecuritypic.twitter.com/NEUXbZbcqw
[Robert Graham] thought the whole story was fishy, and decided to write about it. He makes two important points. First, the Wall Street Journal article cites anonymous US officials. In his opinion, this is a huge red flag, and means that the information is either entirely false, or an intentional spin, and is being fed to journalists in order to shape the news. His second point is that Huawei’s redefinition of government-mandated backdoors as “front doors” takes the line of the FBI, and the Chinese Communist Party, that governments should be able to listen in on your communications at their discretion.
Graham shares a story from a few years back, when his company was working on Huawei brand mobile telephony equipment in a given country. While they were working, there was an unspecified international incident, and Graham watched the logs as a Huawei service tech remoted into the cell tower nearest the site of the incident. After the information was gathered, the logs were scrubbed, and the tech logged out as if nothing had happened.
Did this tech also work for the Chinese government? The NSA? The world will never know, but the fact is that a government-mandated “front door” is still a back door from the users’ perspective: they are potentially being snooped on without their knowledge or consent. The capability for abuse is built-in, whether it’s mandated by law or done in secret. “Front doors” are back doors. Huawei’s gear may not be dirtier than anyone else’s in this respect, but that’s different from saying it’s clean.
Abusing Regex to Fool Google
[xdavidhu] was poking at Google’s Gmail API, and found a widget that caught him by surprise. A button embedded on the page automatically generated an API key. Diving into the Javascript running on that page, as well as an iframe that gets loaded, he arrived at an ugly regex string that was key to keeping the entire process secure. He gives us a tip, www.debuggex.com, a regex visualizer, which he uses to find a bug in Google’s JS code. The essence of the bug is that part of the URL location is interpreted as being the domain name. “www.example.com\.corp.google.com” is considered to be a valid URL, pointing at example.com, but Google’s JS code sees the whole string as a domain, and thinks it must be a Google domain.
For his work, [xdavidhu] was awarded $6,000 because this bit of ugly regex is actually used in quite a few places throughout Google’s infrastructure.
SMBv3 Wormable Flaw
Microsoft’s SMBv3 implementation in Windows 10 and Server 2019 has a vulnerability in how it handles on-the-fly compression, CVE-2020-0796. A malicious packet using compression is enough to trigger a buffer overflow and remote code execution. It’s important to note that this vulnerability doesn’t required an authenticated user. Any unpatched, Internet-accessible server can be compromised. The flaw exists in both server and client code, so an unpatched Windows 10 client can be compromised by connecting to a malicious server.
There seems to have been a planned coordinated announcement of this bug, corresponding with Microsoft’s normal Patch Tuesday, as both Fortinet and Cisco briefly had pages discussing it on their sites. Apparently the patch was planned for that day, and was pulled from the release at the last moment. Two days later, on Thursday the 12th, a fix was pushed via Windows update. If you have Windows 10 machines or a Server 2019 install you’re responsible for, go make sure it has this update, as proof-of-concept code is already being developed.
The art of the electronic conference badge has evolved over the last decade or more, such that for an individual example to be of note it now has to include some exceptional features. Perhaps a function that might previously have been considered impossible in a badge, or maybe an unusually beautiful design, an entertaining and compelling functionality, or it simply pushes the capabilities of an otherwise limited device in an unusually ingenious way. The badge from the recent Hacker Hotel 2020 comes from the same badge team that created the software platform derived from the SHA 2017 badge, and it ticks many of these boxes by combining a genuine work of art with a set of delightfully intricate puzzles at enough levels to interest all participants in the event.
In addition to driving home the need for Steadicam or Optical Image Stabilization, this eighty-year-old video illustrates some elegant solutions the automotive industry developed in their suspension systems. Specifically, this Chevrolet video from 1938 is aimed at an audience that values science and therefore the reel boils down the problem at hand using models that will remind you of physics class.
Model of a wheel with a leaf spring records the effect of a bump on a piece of paper above
The problem is uneven ground — the “waves in the Earth’s surface” — be it the terrain in an open field, a dirt road, or even a paved parkway. Any vehicle traveling those surfaces will face the challenge of not only cushioning for rough terrain, but accounting for the way a suspension system itself reacts to avoid oscillation and other negative effects. In the video this is boiled down to a 2-dimensional waveform drawn by a model which begins with a single tire and evolves to include a four wheeled vehicle with different suspension systems in the front and the rear.
Perhaps the most illuminating part of the video is the explanation of how the car’s front suspension actually works. The wheels need to be able to steer the vehicle, while the suspension must also allow the tire to remain perpendicular to the roadway. This is shown in the image at the top of this article. Each wheel has a swing arm that allows for steering and for vertical movement of the wheel. A coil spring is used in place of the leaf springs shown in the initial model.
You probably know what’s coming next. The springs are capable of storing and releasing energy, and left to their own devices, they’ll dissipate the energy of a bump by oscillating. This is exactly what we don’t want. The solution is to add shock absorbers which limit how the springs perform. The waveforms drawn by the model encountering bumps are now tightly constrained to the baseline of flat ground.
This is the type of advertising we can wholeheartedly get behind. Product engineers of the world, please try to convince your marketing colleagues to show us the insides, tell us why the choices were made, and share the testing that helps users understand both how the thing works and why it was built that way. The last eighty years have brought myriad layers of complexity to most of the products that surround us, but human nature hasn’t changed; people are still quite curious to see the scientific principles in action all around us.
Make sure you don’t bomb out of the video before the very end. A true bit of showmanship, the desktop model of a car is recreated in a full-sized Chevy, complete with “sky-writing smoke” to draw the line. I don’t think it’s a true analog, but it’s certainly the kind of kitsch I always look for in a great Retrotechtacular subject.
