This Week In Security: Nvidia, Ransomware Retirement, And A TOCTOU Bug In Docker

June 7, 2019 by Jonathan Bennett 2 Comments

Nvidia’s GeForce Experience (GFE) is the companion application for the Nvidia drivers, keeping said drivers up to date, as well as adding features around live streaming and media capture. The application runs as two parts, a GUI, and a system service, using an HTTP API to communicate. [David Yesland] from Rhino Security Labs decided to look into this API, searching for interesting, undocumented behavior, and shared the results on Sunday the 2nd.

The first interesting finding was that the service was written in Javascript and run using Node.js. Javascript is a scripting language, not a compiled language — the source code of the service was open for studying. This led to the revelation that API requests would be accepted from any origin, so long as the request included the proper security token. The application includes an update mechanism, which allows an authorized API call to execute an arbitrary system command. So long as the authentication token isn’t leaked to an attacker, this still isn’t a problem, right? Continue reading “This Week In Security: Nvidia, Ransomware Retirement, And A TOCTOU Bug In Docker” →

The Atomic Pi: Is It Worth It?

June 6, 2019 by Brian Benchoff 140 Comments

Several months ago, a strange Kickstarter project from ‘Team IoT’ appeared that seemed too good to be true. The Atomic Pi was billed as a high-power alternative to the Raspberry Pi, and the specs are amazing. For thirty five American buckaroos, you get a single board computer with an Intel processor. You get 16 Gigs of eMMC Flash, more than enough for a basic Linux system and even a cut-down version of Windows 10. You have WiFi, you have Bluetooth, you have a real time clock, something so many of the other single board computers forget. The best part? It’s only thirty five dollars.

Naturally, people lost their minds. There are many challengers to the Raspberry Pi, but nothing so far can beat the Pi on both price and performance. Could the Atomic Pi be the single board computer that finally brings the folks from Cambridge to their knees? Is this the computer that will revolutionize STEM education, get on a postage stamp, and sell tens of millions of units?

No. The answer is no. While I’m not allowed to call the Atomic Pi “literal garbage” because our editors insist on the technicality that it’s “surplus” because they were purchased before they hit the trash cans, there will be no community built around this thirty five dollar single board computer. This is a piece of electronic flotsam that will go down in history right next to the Ouya console. There will be no new Atomic Pis made, and I highly doubt there will ever be any software updates. Come throw your money away on silicon, fiberglass and metal detritus! Or maybe you have a use for this thing. Meet the Atomic Pi!

Continue reading “The Atomic Pi: Is It Worth It?” →

Circuit VR: Resistance Measurement With Four Wires

June 5, 2019 by Al Williams 13 Comments

If you want to measure resistance and you know Ohm’s law, it seems like you have an easy answer, right? Feed a known current through the thing you want to measure and read the voltage required. A little math, and that’s it. Or is it? If you are measuring reasonably large resistance and you don’t mind small inaccuracies, sure. But for tiny measurements or highly accurate measurements, you’d be better off using the four-wire method. What’s more is, understanding why you want to use the four-wire method is a great example of using an understanding of electronics to find solutions to problems.
Continue reading “Circuit VR: Resistance Measurement With Four Wires” →

Hunting Replicants With The 2019 LayerOne Badge

June 4, 2019 by Roger Cheng 9 Comments

Blade Runner showed us a dystopian megatropolis vision of Los Angeles in the far-off future. What was a distant dream for the 1982 theater-goes (2019) is now our everyday. We know Los Angeles is not perpetually overcast, flying cars are not cruising those skies, and replicants are not hiding among the population. Or… are they?

The LayerOne conference takes place in greater Los Angeles and this year it adopted a Blade Runner theme in honor of that landmark film. My favorite part of the theme was the conference badge modeled after a Voight-Kampff machine. These were used in the film to distinguish replicants from humans, and that’s exactly what this badge does too. In the movies, replicants are tested by asking questions and monitoring their eyes for a reaction — this badge has an optional eye-recognition camera to deliver this effect. Let’s take a look!

Continue reading “Hunting Replicants With The 2019 LayerOne Badge” →

Disrupting Cell Biology Hack Chat With Incuvers

June 3, 2019 by Dan Maloney No comments

Join us on Wednesday 5 June 2019 at noon Pacific for the Disrupting Cell Biology Hack Chat with Incuvers!

A lot of today’s most successful tech companies have creation myths that include a garage in some suburban neighborhood where all the magic happened. Whether there was literally a garage is not the point; the fact that modest beginnings can lead to big things is. For medical instrument concern Incuvers, the garage was actually a biology lab at the University of Ottawa, and what became the company’s first product started as a simple incubator project consisting of a Styrofoam cooler, a space blanket, and a Soda Stream CO2 cylinder controlled by an Arduino.

From that humble prototype sprang more refined designs that eventually became marketable products, setting the fledgling company on a course to make a huge impact on the field of cell biology with innovative incubators, including one that can image cell growth in real time. What it takes to go from prototype to product has been a common theme in this year’s Hack Chats, and Noah, Sebastian, and David from Incuvers will drop by Wednesday to talk about that and more.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday June 5 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Repairdown: Disklavier DKC500RW Control Unit

June 3, 2019 by Tom Nardi 61 Comments

If you’ve been kind enough to accompany me on these regular hardware explorations, you’ve likely recognized a trend with regards to the gadgets that go under the knife. Generally speaking, the devices I take apart for your viewing pleasure come to us from the clearance rack of a big box retailer, the thrift store, or the always generous “AS-IS” section on eBay. There’s something of a cost-benefit analysis performed each time I pick up a piece of gear for dissection, and it probably won’t surprise you to find that the least expensive doggy in the window is usually the one that secures its fifteen minutes of Internet fame.

But this month I present to you, Good Reader, something a bit different. This time I’m not taking something apart just for the simple joy of seeing PCB laid bare. I’ve been given the task of repairing an expensive piece of antiquated oddball equipment because, quite frankly, nobody else wanted to do it. If we happen to find ourselves learning about its inner workings in the process, that’s just the cost of doing business with a Hackaday writer.

The situation as explained to me is that in the late 1990’s, my brother’s employer purchased a Yamaha Mark II XG “Baby Grand” piano for somewhere in the neighborhood of $20,000. This particular model was selected for its ability to play MIDI files from 3.5 inch floppy disks, complete with the rather ghostly effect of the keys moving by themselves. The idea was that you could set this piano up in your lobby with a floppy full of Barry Manilow’s greatest hits, and your establishment would instantly be dripping with automated class.

Unfortunately, about a month or so back, the piano’s Disklavier DKC500RW control unit stopped reading disks. The piano itself still worked, but now required a human to do the playing. Calls were made, but as you might expect, most repair centers politely declined around the time they heard the word “floppy” and anyone who stayed on the line quoted a price that simply wasn’t economical.

Before they resorted to hiring a pianist, perhaps a rare example of a human taking a robot’s job, my brother asked if he could remove the control unit and see if I could make any sense of it. So with that, let’s dig into this vintage piece of musical equipment and see what a five figure price tag got you at the turn of the millennium.

Continue reading “Repairdown: Disklavier DKC500RW Control Unit” →

Hackaday Links: June 2, 2019

June 2, 2019 by Brian Benchoff 17 Comments

The works of Shakespeare, Goethe, and Cervantes combined do not equal the genius of Rick And Morty. Actually, the word ‘genius’ is thrown around a bit too much these days. Rick and Morty has surpassed genius. This cartoon is sublime. It is beyond any art that could be created. Now, you might not have a high enough IQ to follow this, but Rick and Morty is, objectively, the best art that can be produced. It just draws upon so much; Rick’s drunken stammering is a cleverly hidden allusion to Dostoevsky’s Netochka Nezvanova, absolutely brilliantly providing the back-story to Rick’s character while never actually revealing anything. Now, you’re probably not smart enough to understand this, but Teenage Engineering is releasing a Rick and Morty Pocket Operator. Only the top percentages of IQs are going to understand this, but this is game-changing. Nothing like this has ever been done before.

The Microsoft IntelliMouse Explorer 3.0 is the high water mark of computer peripheral design. Originally released in 2003, the IntelliMouse Explorer 3.0 was an instant classic. The design is nearly two decades old, but it hasn’t aged a day. That said, mouse sensors have gotten better in the years since, and I believe the original tooling has long worn out. Production of the original IntelliMouse Explorer 3.0 stopped a long time ago. Microsoft tried to revive the IntelliMouse a few years ago using a ‘BlueTrack’ sensor that was ridiculed by the gaming community. Now Microsoft is reviving the IntelliMouse with a good sensor. The Pro IntelliMouse is on sale now for $60 USD.

It has come to my attention that wooden RFID cards exist. This shouldn’t come as a surprise to anyone because wood veneer exists, thin coils of wire exist, and glue exists. That said, if you’re looking for an RFID card you can throw in the laser cutter for engraving, or you just want that special, home-made touch, you can get a wooden RFID card.

Lego has just released an Apollo Lunar Lander set, number 10266. It’s 1087 pieces and costs $99. This is a full-scale (or minifig-scale, whatever) Apollo LEM, with an ascent module detachable from the descent module. Two minifigs fit comfortably inside. Previously, the only full-scale (or, again, minifig-scale) Apollo LEM set was 10029, a Lego Discovery kit from 2003 (original retail price $39.99). Set 10029 saw a limited release and has since become a collectible: the current value for a new kit is $336. The annualized ROI of Lego set 10029-1 is 13.69%, making this new Apollo LEM set a very attractive investment vehicle. I’m going to say this one more time: Lego sets, and especially minifigs, are one of the best long-term investments you can make.

A Weinermobile is for sale on Craigslist. Actually, it’s not, because this was just a prank posted by someone’s friends. Oh, I wish I had an Oscar Mayer Weinermobile.

Rumors are swirling that Apple will release a new Mac Pro at WWDC this week. Say what you will about Apple, but people who do audio and video really, really like Apple, and they need machines with fast processors and good graphics cards. Apple, unfortunately, doesn’t build that anymore. The last good expandable mac was the cheese grater tower, retired in 2013 for the trash can pro. Will Apple manage to build a machine that can hold a video card? We’ll find out this week.