This Week In Security: Chat Control, Vulnerability Extortion, And Emoji Malware

June 21, 2024 by Jonathan Bennett 13 Comments

Way back in 2020, I actually read the proposed US legislation known as EARN IT, and with some controversy, concluded that much of the criticism of that bill was inaccurate. Well what’s old is new again, except this time it’s the European Union that’s wrestling with how to police online Child Sexual Abuse Material (CSAM). And from what I can tell of reading the actual legislation (pdf), this time it really is that bad.

The legislation lays out two primary goals, both of them problematic. The first is detection, or what some are calling “upload moderation”. The technical details are completely omitted here, simply stating that services “… take reasonable measures to mitigate the risk of their services being misused for such abuse …” The implication here is that providers would do some sort of automated scanning to detect illicit text or visuals, but exactly what constitutes “reasonable measures” is left unspecified.

The second goal is the detection order. It’s worth pointing out that interpersonal communication services are explicitly mentioned as required to implement these goals. From the bill:

Providers of hosting services and providers of interpersonal communications services that have received a detection order shall execute it by installing and operating technologies approved by the Commission to detect the dissemination of known or new child sexual abuse material or the solicitation of children…

This bill is careful not to prohibit end-to-end encryption, nor require that such encryption be backdoored. Instead, it requires that the apps themselves be backdoored, to spy on users before encryption happens. No wonder Meredith Whittaker has promised to pull the Signal app out of the EU if it becomes law. As this scanning is done prior to encryption, it’s technically not breaking end-to-end encryption.

You may wonder why that’s such a big deal. Why is it a non-negotiable for the Signal app to not look for CSAM in messages prior to encryption? For starters, it’s a violation of user trust and an intentional weakening of the security of the Signal system. But maybe most importantly, it puts a mechanism in place that will undoubtedly prove too tempting for future governments. If Signal can be forced into looking for CSAM in the EU, why not anti-government speech in China?

Continue reading “This Week In Security: Chat Control, Vulnerability Extortion, And Emoji Malware” →

Ask Hackaday: How Do You Make Front Panels?

June 20, 2024 by Al Williams 49 Comments

We’ll admit it. The closer a project is to completion, the less enthusiasm we have for it. Once the main design is clearly going to work on a breadboard, we’re ready to move on to the next one. We don’t mind the PCB layout, especially with modern tools. However, once the board is done, you have to do the case. Paradoxically, this was easier in the old days because you just picked some stock box, drilled some holes, and while it looked terrible, it was relatively easy.

Today, the bar is much higher. You’ll probably 3D print or laser cut an enclosure. If it looks no better than what you did in the 1970s, you won’t win many admirers. We routinely cover projects that could easily pass for commercial products. So how do you do it?

The Parts

The enclosure may even be the easy part. There are plenty of scripts and generators that will make you a nice box that meets your specifications. You can probably even get the holes made as you build. Back in the day, it was a challenge to cut odd-shaped holes for things like serial port connectors. Now, no problem. The printer or laser will just make a hole with any shape you like. You may even want to try a new angle on 3D printing.

Mounting the PCB isn’t that hard, either. With 3D printing, you can create standoffs, but even if you laser cut, you can easily use conventional standoffs. In a pinch, we’ve used long bolts with nuts.

The real problem, it seems to us, is the front panel. Only Star Trek can get away with front panels containing a bunch of knobs and dials with no markings. And although we call them “front” panels, sometimes you need markings on the back or even the sides, too. Continue reading “Ask Hackaday: How Do You Make Front Panels?” →

FLOSS Weekly Episode 788: Matrix, It’s Git, For Communications

June 19, 2024 by Jonathan Bennett 6 Comments

This week Jonathan Bennett and Simon Phipps chat with Matthew Hodgson and Josh Simmons about Matrix, the open source decentralized communications platform. How is Matrix a Git for Communications? Are the new EU and UK laws going to be a problem? And how is the Matrix project connected with the Element company?

Continue reading “FLOSS Weekly Episode 788: Matrix, It’s Git, For Communications” →

Linux Fu: Kernel Modules Have Privileges

June 19, 2024 by Al Williams 13 Comments

I did something recently I haven’t done in a long time: I recompiled the Linux kernel. There was a time when this was a common occurrence. You might want a feature that the default kernel didn’t support, or you might have an odd piece of hardware. But these days, in almost all the cases where you need something like this, you’ll use loadable kernel modules (LKM) instead. These are modules that the kernel can load and unload at run time, which means you can add that new device or strange file system without having to rebuild or even restart the kernel.

Normally, when you write programs for Linux, they don’t have any special permissions. You typically can’t do direct port I/O, for example, or arbitrarily access memory. The kernel, however, including modules, has no such restriction. That can make debugging modules tricky because you can easily bring the system to its knees. If possible, you might think about developing on a virtual machine until you have what you want. That way, an errant module just brings down your virtual machine. Continue reading “Linux Fu: Kernel Modules Have Privileges” →

PCB Design Review: Switching Regulator Edition

June 18, 2024 by Arya Voronova 18 Comments

This article was prompted by a friend of mine asking for help on a board with an ESP32 heart. The board outputs 2.1 V instead of 3.3 V, and it doesn’t seem like incorrectly calculated feedback resistors are to blame – let’s take a look at the layout. Then, let’s also take a look at a recently sent in design review entry, based on an IC that looks perfect for all your portable Raspberry Pi needs!

What Could Have Gone Wrong?

Here’s the board in all its two-layer glory. This is the kind of board you can use to drive 5 V or 12 V Neopixel strips with a firmware like WLED – exactly the kind of gadget you’ll want to use for LED strip experiments! 3.3 V power is provided by a Texas Instruments TPS54308 IC, and it’s the one misfiring, so let’s take a look.

Continue reading “PCB Design Review: Switching Regulator Edition” →

Hackaday Links: June 16, 2024

June 16, 2024 by Dan Maloney 16 Comments

Attention, slackers — if you do remote work for a financial institution, using a mouse jiggler might not be the best career move. That’s what a dozen people learned this week as they became former employees of Wells Fargo after allegedly being caught “simulating keyboard activity” while working remotely. Having now spent more than twice as many years working either hybrid or fully remote, we get it; sometimes, you’ve just got to step away from the keyboard for a bit. But we’ve never once felt the need to create the “impression of active work” during those absences. Perhaps that’s because we’ve never worked in a regulated environment like financial services.

For our part, we’re curious as to how the bank detected the use of a jiggler. The linked article mentions that regulators recently tightened rules that require employers to treat an employee’s home as a “non-branch location” subject to periodic inspection. More than enough reason to quit, in our opinion, but perhaps they sent someone snooping? More likely, the activity simulators were discovered by technical means. The article contains a helpful tip to avoid powering a jiggler from the computer’s USB, which implies detecting the device over the port. Our guess is that Wells tracks mouse and keyboard activity and compares it against a machine-learning model to look for signs of slacking.

Continue reading “Hackaday Links: June 16, 2024” →

Giant Brains, Or Machines That Think

June 15, 2024 by Elliot Williams 8 Comments

Last week, I stumbled on a marvelous book: “Giant Brains; or, Machines That Think” by Edmund Callis Berkeley. What’s really fun about it is the way it sounds like it could be written just this year – waxing speculatively about the future when machines do our thinking for us. Except it was written in 1949, and the “thinking machines” are early proto-computers that use relays (relays!) for their logic elements. But you need to understand that back then, they could calculate ten times faster than any person, and they would work tirelessly day and night, as long as their motors keep turning and their contacts don’t get corroded.

But once you get past the futuristic speculation, there’s actually a lot of detail about how the then-cutting-edge machines worked. Circuit diagrams of logic units from both the relay computers and the brand-new vacuum tube machines are on display, as are drawings of the tricky bits of purely mechanical computers. There is even a diagram of the mercury delay line, and an explanation of how circulating audio pulses through the medium could be used as a form of memory.

All in all, it’s a wonderful glimpse at the earliest of computers, with enough detail that you could probably build something along those lines with a little moxie and a few thousands of relays. This grounded reality, coupled with the fantastic visions of where computers would be going, make a marvelous accompaniment to a lot of the breathless hype around AI these days. Recommended reading!