Hackaday Podcast 028: Brain Skepticism Turned Up To 11, Web Browsing In ’69, Verilog For 7400 Logic, 3D Printing In Particle Board

July 26, 2019 by Mike Szczys No comments

Hackaday Editors Mike Szczys and Elliot Williams cover the most interesting hacks over the past week. So much talk of putting computers in touch with our brains has us skeptical on both tech and timeline. We celebrated the 40th Anniversary of the Walkman, but the headphones are the real star. Plus, Verilog isn’t just for FPGAs, you can synthesize 7400 circuits too! Elliot is enamored of an additive/subtractive printing process that uses particle board, and we discuss a couple of takes on hybrid-powered drones.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 028: Brain Skepticism Turned Up To 11, Web Browsing In ’69, Verilog For 7400 Logic, 3D Printing In Particle Board” →

This Week In Security: Selfblow, Encryption Backdoors, Killer Apps, And The VLC Apocalypse That Wasn’t

July 26, 2019 by Jonathan Bennett 18 Comments

Selfblow (Don’t google that at work, by the way) is a clever exploit by [Balázs Triszka] that affects every Nvidia Tegra device using the nvtboot bootloader — just about all of them except the Nintendo Switch. It’s CVE 2019-5680, and rated at an 8.2 according to Nvidia, but that high CVE rating isn’t entirely reflective of the reality of the situation. Taking advantage of the vulnerability means writing to the boot device, which requires root access, as well as a kernel flag set to expose the boot partitions to userspace. This vulnerability was discovered as part of an effort by [Balázs] and other LineageOS developers to build an open source bootloader for Nvidia Tegra devices.

The Tegra boot process is a bit different, having several stages and a dedicated Boot and Power Management CPU (BPMP). A zero-stage ROM loads nvtboot to memory and starts it executing on the BPMP. One of the tasks of nvtboot is to verify the signature of the next bootloader step, nvtboot-cpu. The file size and memory location are embedded in the nvtboot-cpu header. There are two problems here that together make this vulnerability possible. The first is that the bootloader binary is loaded to its final memory location before the signature verification is performed. The code is written to validate the bootloader signature before starting it executing on the primary CPU, so all is well, right? Continue reading “This Week In Security: Selfblow, Encryption Backdoors, Killer Apps, And The VLC Apocalypse That Wasn’t” →

CampZone 2019 Badge Is Begging To Become A Huge Billboard

July 25, 2019 by Jenny List 16 Comments

What has 256 full-colour LEDs, everyone’s favorite Lithium battery form factor, wireless connectivity, and hangs around your neck? It’s the CampZone 2019 badge that turns all attendees into a really fun billboard — but can the attendees hack themselves into one massive display?

One of Europe’s larger events for the gaming community, CampZone is hosted in Netherlands and runs from July 26th to August 5th. It’s a typical large summer camp, and caters for those who intersect gaming and hacking with HackZone, a decent sized hacker camp within a camp. I’ve been fortunate enough to get my hands on a CampZone 2019 badge, dubbed the I-Pane, let’s take a look at what they managed to pack into this electronic conference badge.

Continue reading “CampZone 2019 Badge Is Begging To Become A Huge Billboard” →

One Week Left For Supercon Talk And Workshop Submissions

July 25, 2019 by Elliot Williams No comments

The Hackaday Superconference is the highest density of the coolest hackers anywhere. Other events may be bigger, but we’ll be so bold to say that none are better. If you love Hackaday, and we know you do, you should really come join us in November in Pasadena, CA.

Far and away the best way to participate in a conference is to participate in the conference. This is your chance to give a presentation or a workshop and share your hard-earned knowledge, your crazy hacks, or entertaining tales of hardware heroism with a crowd that gets it. And you get free admission if we pick your talk for the big show.

One of my favorite tales from Supercon was meeting Jennifer Wang at her (and my!) first Supercon. She was a longtime Hackaday reader, and was honestly a little bit awed to meeting all of the great people there in person. By the next Supercon, she was giving a presentation about her IMU-based machine learning Harry Potter wand and inspiring the rest of us with her love of the cool things you can do with sensors and code. It’s one of the most honest and informative talks on machine learning I’ve seen!

You’ve got your story to share too, right? You’ve also got one week to put a proposal for a talk together. You can do this!

See you at Supercon!

The Great Moon Hoax — No Not That One!

July 23, 2019 by Al Williams 65 Comments

Humans first walked on the moon 50 years ago, yet there are some people who don’t think it happened. This story is not about them. It turns out there was another great conspiracy theory involving a well-known astronomer, unicorns, and humanoids with bat wings. This one came 134 years before the words “We chose to go to the moon” were uttered.

The 1835 affair — known as the Great Moon Hoax — took the form of six articles published in The Sun, a newspaper in New York City. Think of it like “War of the Worlds” but in newspaper form — reported as if true but completely made up. Although well-known astronomer John Herschel was named in the story, he wasn’t actually involved in the hoax. Richard Adams Locke was the reporter who invented the story. His main goal seemed to be to sell newspapers, but he also may have been poking fun at some of the more outlandish scientific claims of the day.

Continue reading “The Great Moon Hoax — No Not That One!” →

The South American Power Outage That Plunged 48 Million Into Blackout

July 22, 2019 by Bryan Cockfield 44 Comments

A massive power outage in South America last month left most of Argentina, Uruguay, and Paraguay in the dark and may also have impacted small portions of Chile and Brazil. It’s estimated that 48 million people were affected and as of this writing there has still been no official explanation of how a blackout of this magnitude occurred.

While blackouts of some form or another are virtually guaranteed on any power grid, whether it’s from weather events, accidental damage to power lines and equipment, lightning, or equipment malfunctioning, every grid will eventually see small outages from time to time. The scope of this one, however, was much larger than it should have been, but isn’t completely out of the realm of possibility for systems that are this complex.

Initial reports on June 17th cite vague, nondescript possible causes but seem to focus on transmission lines connecting population centers with the hydroelectric power plant at Yacyretá Dam on the border of Argentina and Paraguay, as well as some ongoing issues with the power grid itself. Problems with the transmission line system caused this power generation facility to become separated from the rest of the grid, which seems to have cascaded to a massive power failure. One positive note was that the power was restored in less than a day, suggesting at least that the cause of the blackout was not physical damage to the grid. (Presumably major physical damage would take longer to repair.) Officials also downplayed the possibility of cyber attack, which is in line with the short length of time that the blackout lasted as well, although not completely out of the realm of possibility.

This incident is exceptionally interesting from a technical point-of-view as well. Once we rule out physical damage and cyber attack, what remains is a complete failure of the grid’s largely automatic protective system. This automation can be a force for good, where grid outages can be restored quickly in most cases, but it can also be a weakness when the automation is poorly understood, implemented, or maintained. A closer look at some protective devices and strategies is warranted, and will give us greater insight into this problem and grid issues in general. Join me after the break for a look at some of the grid equipment that is involved in this system.

Continue reading “The South American Power Outage That Plunged 48 Million Into Blackout” →

Crowd Supply Hack Chat With Josh Lifton

July 22, 2019 by Dan Maloney 2 Comments

Join us on Wednesday, July 24th at noon Pacific for the Crowd Supply Hack Chat with Josh Lifton!

When you’re ready to take your Next Big Idea from a project to a product, you face problems that don’t normally present themselves to the hobbyist. Building one of something is quite different from building many of them, and soon you’re dealing with issues with parts suppliers, PCB fabrication, assembly, packaging, shipping, marketing, and support.

It takes a lot to get your idea to market, and a guiding hand would be most welcome to the budding hardware tycoon. That’s the logic behind Crowd Supply, the Portland-based crowdfunding and mentoring company. Josh Lifton is its CEO, and he’ll drop by the Hack Chat to answer all your questions about how crowdfunding works, what Crowd Supply offers to help creators, and what the fundamentals of a successful project are.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday July 24 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.