Procrastineering And Simulated Annealing

November 18, 2023 by Elliot Williams 1 Comment

The software for the Supercon badge went down to the wire this year, with user-facing features being coded up as late as Thursday morning. This left “plenty of time” to flash the badges on Thursday afternoon, but they were admittedly still warm as the first attendees filed in on Friday morning. While I’ve always noted that the last minute is the best minute, this was a little close, and frankly there was an uncaught bug that we would have noticed if we had a few more hours to just play with it before showtime.

But we were by no means slacking. On the contrary, a few of us were putting in nights and full weekend days for six or eight weeks beforehand. The problem was hard, and the path to a solution was never clear, and changed depending on the immovability of the roadblocks hit along the way. This is, honestly, a pretty normal hacker development pattern.

What was interesting to me was how similar the process was to simulated annealing. This is an optimization method where you explore more of the solution space in the beginning, when the metaphorical “temperature” is hot. Later, as you’re getting closer to a good solution, you want to refine in smaller and smaller steps – it cools down. This rate of “cooling” is a tremendously important parameter in practice.

And this is exactly the way the badge development felt. We were searching in a very big solution space in the beginning, and many aspects of the firmware infrastructure were in flux. As it got closer and closer to a working solution, more and more of the code settled down, and the changes got smaller. In retrospect, this happened naturally, and you can’t always control or plan for the eureka moments, but I wonder if it’s worth thinking of a project this way. Instead of milestones, temperatures? Instead of a deadline, a freeze date.

Hackaday Podcast 244: Fake Chips, Drinking Radium, And Spotting Slippery Neutrinos

November 17, 2023 by Kristina Panos 2 Comments

This week, Editor-in-Chief Elliot Williams and Kristina Panos met up to discuss the best hacks of the previous week, at least in our opinions.

After chasing the angry bird away from Kristina’s office, we go to the news and learn that we’re in the middle of a solar conjunction Essentially, the Sun has come between Earth and Mars, making communication impossible for about another week. Did you know that this happens every two years?

Then it’s time for a new What’s That Sound, and although Kristina had an interesting albeit somewhat prompted guess, she was, of course, wrong.

And then it’s on to the hacks, beginning with a really cool digital pen that packs all the sensors. We learned about the world’s largest musical instrument, and compared it to the Zadar Sea Organ in Croatia, which if you’ll recall was once a What’s That Sound.

From there we take a look at fake buck converters, radioactive water as a health fad, and a garage door company that has decided to take their ball and go home. Finally we talk about how slippery neutrinos are, and discuss Tom’s time at JawnCon.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Continue reading “Hackaday Podcast 244: Fake Chips, Drinking Radium, And Spotting Slippery Neutrinos” →

This Week In Security: SSH, FTP, And Reptar

November 17, 2023 by Jonathan Bennett 3 Comments

It’s time to strap on our propeller beanies, because we’re going to talk crypto. The short version is that some SSH handshakes can expose enough information for a third party to obtain the host’s private signing key. That key is the one that confirms you are connecting to the SSH server you think you are, and if the key validation fails, you get a big warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

The math that makes this warning work is public-private key cryptography. The problem we’re talking about today only shows up in RSA authentication. Specifically those that use the Chinese Remainder Theorem (CRT) to quickly calculate the modulos needed to generate the cryptographic signature. If something goes wrong during that calculation, you end up with a signature that is mathematically related to the secret key in a different way than intended. The important point is that knowing this extra value *significantly* weakens the security of the secret key.

This attack has been known for quite some time, but the research has been aimed at causing the calculation fault through power vaults or even memory attacks like Rowhammer. There has also been progress on using a lattice attack against captured handshakes, to make the attack practical with less known information. The real novel element of this week’s approach (pdf) is that it has been tested against SSH.

The paper’s authors performed weekly scans of the entire IPv4 public network space, capturing the handshake from any listening SSH server, and also had 5 years of historic data to draw from. And the results are mixed. There is a Cisco SSH server string that is extremely common in the dataset, and only once did one of these machines send a miscalculated handshake. Possibly a random ram bit flip to blame. And on the other hand, the string “SSH-2.0-Zyxel SSH server” had so many bad signatures, it suggests a device that *always* sends a miscalculated signature. Continue reading “This Week In Security: SSH, FTP, And Reptar” →

Tech In Plain Sight: What Does A Yellow Light Mean?

November 16, 2023 by Al Williams 58 Comments

The traffic light is a ubiquitous feature of modern life and is quite old — dating back to 1868 London, although that device was a modified railroad semaphore operated by a policeman, but it was the same idea. The initial test of the signal proved disastrous.

The semaphore had gas lamps to illuminate the signs in the dark. A gas leak caused one of the lamps to explode, badly burning the operator and ending the nascent invention for a while. In 1910, American inventor Ernest Sirrine worked out an automatically controlled traffic signal. Two years later, Lester Wire, a police officer, developed a different version powered by overhead trolley wires to light the signal. A 1917 patent by William Ghiglieri also had two lights — red and green. But where was the yellow light?

Continue reading “Tech In Plain Sight: What Does A Yellow Light Mean?” →

A Brief History Of Weather Control

November 15, 2023 by Al Williams 8 Comments

It used to be a common expression to say that something would happen when “people walked on the moon.” That is, something that was never going to happen. Of course, by 1960, it was clear that someone was going to walk on the moon eventually. There were many other things everyone “knew” would happen in the future. Some of them came true, but many of them didn’t. Some, like video phones and robot factory workers, came true in a way, but not as people imagined. For example, people were confident that computers would easily translate between human languages, something we still have trouble doing entirely reliably. Another standard prediction is that people would control the weather.

Controlling the weather, in some ways, seems even less likely than walking on the moon. After all, we know where the moon is and where it will be. We still don’t understand precisely what causes the weather to behave the way it does. We have models and plenty of scientific theories. But you still can’t know exactly what’s going to happen, where, or when.

History

If you farm or live in a hut, weather is especially important. You want rain but not too much rain. Without scientific knowledge, many cultures had rain-making superstitions like a rain dance or other rituals meant to encourage rain. Some think that loud noises like cannon fire prevent hail. Charlatans would promise rain in exchange for donations.

However, science would eventually surface, and in the 1800’s James Espy — the first U.S. meteorologist — theorized that convection was what really caused rain. He had bold plans to set massive fires to encourage rain but could not convince Congress to go along.

Half a century later, Robert St. George Dyrenforth tested the effect of explosions on rainfall. There is no evidence that his cannon and fireworks did anything. He did, however, claim credit for any rain that happened to occur nearby. There have been many reports that explosions cause rain — rain often falls after a heated battle, apparently. The government in Thailand tried to induce rain using dry ice flakes dropped into clouds with, reportedly, some success. Abu Dhabi, Russia, and China’s governments claim to have working weather control today.

Continue reading “A Brief History Of Weather Control” →

Vectorscope KiCad Redrawing Project

November 13, 2023 by Chris Lott 23 Comments

When I saw this year’s Supercon Vectorscope badge, I decided that I had to build one for myself. Since I couldn’t attend in-person, I immediately got the PCBs and parts on order. Noting that the GitHub repository only had the KiCad PCB file and not the associated schematics and project file, I assumed this was because everyone was in a rush during the days leading up to Supercon weekend. I later learned, however, that there really wasn’t a KiCad project — the original design was done in Circuit Maker and the PCB was converted into KiCad. I thought, “how hard can this be?” and decided to try my hand at completing the KiCad project.

Fortunately I didn’t have to start from scratch. The PCB schematics were provided, although only as image files. They are nicely laid out and fortunately don’t suffer the scourge of many schematics these days — “visual net lists” that are neither good schematics nor useful net lists. To the contrary, these schematics, while having a slightly unorthodox top to bottom flow, are an example of good schematic design. Continue reading “Vectorscope KiCad Redrawing Project” →

Hackaday Links: November 12, 2023

November 12, 2023 by Dan Maloney 11 Comments

Somebody must really have it in for Cruise, because the bad press just keeps piling up for the robo-taxi company. We’ve highlighted many of the company’s woes in this space, from unscheduled rendezvous with various vehicles to random acts of vandalism and stupid AI pranks. The hits kept coming as California regulators pulled the plug on testing, which finally convinced parent company General Motors to put a halt to the whole Cruise testing program nationwide. You’d think that would be enough, but no — now we learn that Cruise cars had a problem recognizing children, to the point that there was concern that one of their autonomous cars could clobber a kid under the right conditions. The fact that they apparently knew this and kept sending cars out for IRL testing is a pretty bad look, to say the least. Sadly but predictably, Cruise has announced layoffs, starting with the employees who supported the now-mothballed robo-taxi fleet, including those who had the unenviable job of cleaning the cars after, err, being enjoyed by customers. It seems a bit wrongheaded to sack people who had no hand in engineering the cars, but then again, there seems to be a lot of wrongheadedness to go around.

Continue reading “Hackaday Links: November 12, 2023” →