Hackaday Podcast 244: Fake Chips, Drinking Radium, And Spotting Slippery Neutrinos

November 17, 2023 by Kristina Panos 2 Comments

This week, Editor-in-Chief Elliot Williams and Kristina Panos met up to discuss the best hacks of the previous week, at least in our opinions.

After chasing the angry bird away from Kristina’s office, we go to the news and learn that we’re in the middle of a solar conjunction Essentially, the Sun has come between Earth and Mars, making communication impossible for about another week. Did you know that this happens every two years?

Then it’s time for a new What’s That Sound, and although Kristina had an interesting albeit somewhat prompted guess, she was, of course, wrong.

And then it’s on to the hacks, beginning with a really cool digital pen that packs all the sensors. We learned about the world’s largest musical instrument, and compared it to the Zadar Sea Organ in Croatia, which if you’ll recall was once a What’s That Sound.

From there we take a look at fake buck converters, radioactive water as a health fad, and a garage door company that has decided to take their ball and go home. Finally we talk about how slippery neutrinos are, and discuss Tom’s time at JawnCon.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Continue reading “Hackaday Podcast 244: Fake Chips, Drinking Radium, And Spotting Slippery Neutrinos” →

This Week In Security: SSH, FTP, And Reptar

November 17, 2023 by Jonathan Bennett 3 Comments

It’s time to strap on our propeller beanies, because we’re going to talk crypto. The short version is that some SSH handshakes can expose enough information for a third party to obtain the host’s private signing key. That key is the one that confirms you are connecting to the SSH server you think you are, and if the key validation fails, you get a big warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

The math that makes this warning work is public-private key cryptography. The problem we’re talking about today only shows up in RSA authentication. Specifically those that use the Chinese Remainder Theorem (CRT) to quickly calculate the modulos needed to generate the cryptographic signature. If something goes wrong during that calculation, you end up with a signature that is mathematically related to the secret key in a different way than intended. The important point is that knowing this extra value *significantly* weakens the security of the secret key.

This attack has been known for quite some time, but the research has been aimed at causing the calculation fault through power vaults or even memory attacks like Rowhammer. There has also been progress on using a lattice attack against captured handshakes, to make the attack practical with less known information. The real novel element of this week’s approach (pdf) is that it has been tested against SSH.

The paper’s authors performed weekly scans of the entire IPv4 public network space, capturing the handshake from any listening SSH server, and also had 5 years of historic data to draw from. And the results are mixed. There is a Cisco SSH server string that is extremely common in the dataset, and only once did one of these machines send a miscalculated handshake. Possibly a random ram bit flip to blame. And on the other hand, the string “SSH-2.0-Zyxel SSH server” had so many bad signatures, it suggests a device that *always* sends a miscalculated signature. Continue reading “This Week In Security: SSH, FTP, And Reptar” →

Tech In Plain Sight: What Does A Yellow Light Mean?

November 16, 2023 by Al Williams 58 Comments

The traffic light is a ubiquitous feature of modern life and is quite old — dating back to 1868 London, although that device was a modified railroad semaphore operated by a policeman, but it was the same idea. The initial test of the signal proved disastrous.

The semaphore had gas lamps to illuminate the signs in the dark. A gas leak caused one of the lamps to explode, badly burning the operator and ending the nascent invention for a while. In 1910, American inventor Ernest Sirrine worked out an automatically controlled traffic signal. Two years later, Lester Wire, a police officer, developed a different version powered by overhead trolley wires to light the signal. A 1917 patent by William Ghiglieri also had two lights — red and green. But where was the yellow light?

Continue reading “Tech In Plain Sight: What Does A Yellow Light Mean?” →

A Brief History Of Weather Control

November 15, 2023 by Al Williams 8 Comments

It used to be a common expression to say that something would happen when “people walked on the moon.” That is, something that was never going to happen. Of course, by 1960, it was clear that someone was going to walk on the moon eventually. There were many other things everyone “knew” would happen in the future. Some of them came true, but many of them didn’t. Some, like video phones and robot factory workers, came true in a way, but not as people imagined. For example, people were confident that computers would easily translate between human languages, something we still have trouble doing entirely reliably. Another standard prediction is that people would control the weather.

Controlling the weather, in some ways, seems even less likely than walking on the moon. After all, we know where the moon is and where it will be. We still don’t understand precisely what causes the weather to behave the way it does. We have models and plenty of scientific theories. But you still can’t know exactly what’s going to happen, where, or when.

History

If you farm or live in a hut, weather is especially important. You want rain but not too much rain. Without scientific knowledge, many cultures had rain-making superstitions like a rain dance or other rituals meant to encourage rain. Some think that loud noises like cannon fire prevent hail. Charlatans would promise rain in exchange for donations.

However, science would eventually surface, and in the 1800’s James Espy — the first U.S. meteorologist — theorized that convection was what really caused rain. He had bold plans to set massive fires to encourage rain but could not convince Congress to go along.

Half a century later, Robert St. George Dyrenforth tested the effect of explosions on rainfall. There is no evidence that his cannon and fireworks did anything. He did, however, claim credit for any rain that happened to occur nearby. There have been many reports that explosions cause rain — rain often falls after a heated battle, apparently. The government in Thailand tried to induce rain using dry ice flakes dropped into clouds with, reportedly, some success. Abu Dhabi, Russia, and China’s governments claim to have working weather control today.

Continue reading “A Brief History Of Weather Control” →

Vectorscope KiCad Redrawing Project

November 13, 2023 by Chris Lott 23 Comments

When I saw this year’s Supercon Vectorscope badge, I decided that I had to build one for myself. Since I couldn’t attend in-person, I immediately got the PCBs and parts on order. Noting that the GitHub repository only had the KiCad PCB file and not the associated schematics and project file, I assumed this was because everyone was in a rush during the days leading up to Supercon weekend. I later learned, however, that there really wasn’t a KiCad project — the original design was done in Circuit Maker and the PCB was converted into KiCad. I thought, “how hard can this be?” and decided to try my hand at completing the KiCad project.

Fortunately I didn’t have to start from scratch. The PCB schematics were provided, although only as image files. They are nicely laid out and fortunately don’t suffer the scourge of many schematics these days — “visual net lists” that are neither good schematics nor useful net lists. To the contrary, these schematics, while having a slightly unorthodox top to bottom flow, are an example of good schematic design. Continue reading “Vectorscope KiCad Redrawing Project” →

Hackaday Links: November 12, 2023

November 12, 2023 by Dan Maloney 11 Comments

Somebody must really have it in for Cruise, because the bad press just keeps piling up for the robo-taxi company. We’ve highlighted many of the company’s woes in this space, from unscheduled rendezvous with various vehicles to random acts of vandalism and stupid AI pranks. The hits kept coming as California regulators pulled the plug on testing, which finally convinced parent company General Motors to put a halt to the whole Cruise testing program nationwide. You’d think that would be enough, but no — now we learn that Cruise cars had a problem recognizing children, to the point that there was concern that one of their autonomous cars could clobber a kid under the right conditions. The fact that they apparently knew this and kept sending cars out for IRL testing is a pretty bad look, to say the least. Sadly but predictably, Cruise has announced layoffs, starting with the employees who supported the now-mothballed robo-taxi fleet, including those who had the unenviable job of cleaning the cars after, err, being enjoyed by customers. It seems a bit wrongheaded to sack people who had no hand in engineering the cars, but then again, there seems to be a lot of wrongheadedness to go around.

Continue reading “Hackaday Links: November 12, 2023” →

Supercon And Soylent Green

November 11, 2023 by Elliot Williams 10 Comments

The 2023 Hackaday Supercon is all done and dusted, and we’re still catching up on our sleep. I couldn’t ask everyone, but a great time was had by everyone I talked to. It’s honestly a very special crowd that shows up in Pasadena every November, and it’s really the attendees who make it what it is. We just provide the platform to watch you shine. Thank you all!

It all started out on Friday with an open day of chilling out and badge experimentation. Well, chill for those of you who didn’t have a bug in their badge code, anyway. But thanks to some very keen observation and fantastic bug reports by attendees, Al and I figured out what we’d done and pushed a fix out to all 300 of the badges that were given out on the first day. And thanks to the remaining 200 folks who walked in the next day, who fixed their own badges at Tom’s Flashing Station.

From then on, it was one great talk after another, punctuated by badge hacks and all the other crazy stuff that people brought along with them to show off. For me, one of the highlights was on Sunday morning, as the Lightning Talks gave people who were there a chance to get up and talk about whatever for seven minutes. And subjects ranged from a mad explosive propane balloon party, to Scotty Allen’s experience with a bad concussion and how he recovered, to a deep dive into the world of LED strands and soft sculptures from our go-to guru of blinkiness, Debra [Geek Mom] Ansell.

Supercon first-timer Katie [Smalls] Connell gave a phenomenal talk about her wearable LED art things, Spritelights. These are far from simple art pieces, being a combination of medical adhesive, home-mixed Galinstan – a metal alloy that stays flexible at human body temperature, and soon even flexible printed batteries. That this whole project hit us without warning from out of the audience just made it more impressive.

And these were just the folks who stepped up on stage. The true story of Supercon also belongs to all the smaller conversations and personal demos taking place in the alley or by the coffee stand. Who knows how many great ideas were hatched, or at least seeds planted?

So as always, thank you all for coming and bringing your passions along with. Just like Soylent Green, Supercon is made of people, and it wouldn’t be half as yummy without you. See you all next year. And if you’re thinking of joining us, get your tickets early and/or submit a talk proposal when the time comes around. You won’t meet a more warm and welcoming bunch of nerds anywhere.