Retro Rebuild Recreates SGI Workstation Demos On The Go

When [Lawrence] showed us the Alice4 after Maker Faire Bay Area last weekend it wasn’t apparent how special the system was. The case is clean and white, adorned only with a big red button below a 7″ screen with a power switch around the back. When the switch is flicked the system boots to display a familiar animation and drops you at a menu. Poking around from here elicits a variety of self-contained graphics demos, some interactive. So this is a Raspberry Pi in a box playing videos, right? Not even close.

Often retro computing focuses on personal computer systems. When they were new the 8-bit graphics or intricate 2D sprites were state of the art, but now their appeal tends towards learning opportunities and the thrill of nostalgia. This may still be true of Alice4, the system [Brad, Lawrence, Mike, and Chris] put together to run Silicon Graphics (SGI) demos from the mid 1980’s but it’s not the whole story. [Lawrence] and [Brad] had both worked at SGI during its heyday and had fond memories of the graphics demos that shipped with those mammoth workstation. So they built Alice4 from the FPGA up to run those very same demos in real-time.

Thanks to Moore’s law, today’s embedded systems put yesterday’s powerhouses within reach. [Lawrence] and [Brad] found the old demo code in a ratty FTP server, and tailor-made Alice4’s software and hardware to run them natively. [Brad] wrote a libgl which implements the subset of the IrisGL API needed to support their selected set of demos. The libgl emits sets of triangles to the SDRAM where [Lawrence’s] HDL running on the onboard FPGA fetches them to interpolate color and depth and draw the result on-screen. Together they allow the $99 Altera Cyclone V development board at Alice4’s heart to run these state of the art demos in the palm of your hand.

Alice4 is open source and extensively documented. Peruse the archeology of reverse engineering the graphics API or the discussion of FIFO design in the FPGA. If those don’t sate your appetite check out a video of Alice4 in action after the break.

Continue reading “Retro Rebuild Recreates SGI Workstation Demos On The Go”

Dual SDR Receives Two Bands at Once

There was a time when experimenting with software defined radio (SDR) was exotic. But thanks to cheap USB-based hardware, this technology is now accessible to anyone. While it is fun to play with the little $20 USB sticks, you’ll eventually want to move up to something better and there are a lot of great options. One of these is SDRPlay, and they recently released a new piece of hardware — RSPduo — that incorporates dual tuners.

We’ve talked about using the SDRPlay before as an upgrade from the cheap dongles. The new device can tune either a single 10 MHz band over the range of 1 kHz to 2 GHz, or you can select two 2 MHz bands. This opens up a lot of applications where you need to pick up signals in different areas of the spectrum (e.g., monitoring both sides of a cross-band repeater).

Continue reading “Dual SDR Receives Two Bands at Once”

Explaining Efail and Why It Isn’t the End of Email Privacy

Last week the PGPocalipse was all over the news… Except that, well, it wasn’t an apocalypse.

A team of researchers published a paper(PDF) where they describe how to decrypt a PGP encrypted email via a targeted attack. The research itself is pretty well documented and, from a security researcher perspective, it’s a good paper to read, especially the cryptography parts.

But we here at Hackaday were skeptical about media claims that Efail had broken PGP. Some media reports went as far as recommending everyone turn off PGP encryption on all email clients., but they weren’t able to back this recommendation up with firm reasoning. In fact, Efail isn’t an immediate threat for the vast majority of people simply because an attacker must already have access to an encrypted email to use the exploit. Advising everyone to disable encryption all together just makes no sense.

Aside from the massive false alarm, Efail is a very interesting exploit to wrap your head around. Join me after the break as I walk through how it works, and what you can do to avoid it.

Continue reading “Explaining Efail and Why It Isn’t the End of Email Privacy”

Video of the Arduino FPGA Board Demo at Maker Faire

This week, Arduino announced a lot of new hardware including an exceptionally interesting FPGA development board aimed at anyone wanting to dip their toes into the seas of VHDL and developing with programmable logic. We think it’s the most interesting bit of hardware Arduino has released since their original dev board, and everyone is wondering what the hardware actually is, and what it can do.

This weekend at Maker Faire Bay Area, Arduino was out giving demos for all their wares, and yes, the Arduino MKR Vidor 4000 was on hand, being shown off in a working demo. We have a release date and a price. It’ll be out next month (June 2018) for about $60 USD.

But what about the hardware, and what can it do? From the original press releases, we couldn’t even tell how many LUTs this FPGA had. There were a lot of questions about the Mini PCIe connectors, and we didn’t know how this FPGA would be useful for high-performance computation like decoding video streams. Now we have the answers.

The FPGA on board the Arduino Vidor is an Altera Cyclone 10CL016. This chip has 16k logic elements, and 504 kB memory block. This is on the low end of Altera’s FPGA lineup, but it’s still no slouch. In the demo video below, it’s shown decoding video and identifying QR codes in real time. That’s pretty good for what is effectively a My First FPGA™ board.

Also on board the Vidor is a SAMD21 Cortex-M0+ microcontroller and a uBlox module housing an ESP-32 WiFi and Bluetooth module. This is a really great set of chips, and if you’re looking to get into FPGA development, this might just be the board for you. We haven’t yet seen the graphic editor that will be used to work with IP for the FPGA (for those who don’t care to write their own VHDL or Verilog), but we’re looking forward to the unveiling of that new software.

Arduino Just Introduced an FPGA Board, Announces Debugging and Better Software

Today ahead of the Bay Area Maker Faire, Arduino has announced a bevy of new boards that bring modern features and modern chips to the Arduino ecosystem.

Most ambitious of these new offerings is a board that combines a fast ARM microcontroller, WiFi, Bluetooth, and an FPGA. All this is wrapped in a package that provides Mini HDMI out and pins for a PCIe-Express slot. They’re calling it the Arduino MKR Vidor 4000.

Bringing an FPGA to the Arduino ecosystem is on the list of the most interesting advances in DIY electronics in recent memory, and there’s a lot to unpack here. FPGA development boards aren’t new. You can find crates of them hidden in the storage closet of any University’s electronics lab. If you want to buy an FPGA dev board, the Terasic DE10 is a good starter bundle, the iCEstick has an Open Source toolchain, and this one has pink soldermask. With the release of the MKR Vidor, the goal for Arduino isn’t just to release a board with an FPGA; the goal is to release a tool that allows anyone to use an FPGA.

The key to democratizing FPGA development is Arduino’s work with the Arduino Create ecosystem. Arduino Create is the company’s online IDE that gives everyone the ability to share projects and upload code with Over-the-Air updates. The MKR Vidor will launch with integration to the Arduino Create ecosystem that includes a visual editor to work with the pre-compiled IP for the FPGA. That’s not to say you can’t just plug your own VHDL into this board and get it working; that’s still possible. But Arduino would like to create a system where anyone can move blocks of IP around with a tool that’s easy for beginners.

A Facelift for the Uno WiFi

First up is the brand new Arduino Uno WiFi. While there have been other boards bearing the name ‘Arduino Uno WiFi’ over the years, a lot has changed in the world of tiny radio modules and 8-bit microcontrollers over the past few years. The new Arduino Uno WiFi is powered by a new 8-bit AVR, the ATMega4809. The ATMega4809 is a new part announced just a few months ago, and is just about what you would expect from the next-generation 8-bit Arduino; it runs at 20MHz, has 48 kB of Flash, 6 kB of SRAM, and it comes in a 48-pin package. The ATMega4809 is taking a few lattices of silicon out of Microchip’s playbook and adds Custom Configurable Logic. The CCL in the new ATMega is a peripheral that is kinda, sorta like a CPLD on chip. If you’ve ever had something that could be more easily done with logic gates than software, the CCL is the tool for the job.

But a new 8-bit microcontroller doesn’t make a WiFi-enabled Arduino. The wireless power behind the new Arduino comes from a custom ESP-32 based module from u-blox. There’s also a tiny crypto chip (Microchip’s ATECC508A) so the Uno WiFi will work with AWS. The Arduino Uno WiFi will be available this June.

But this isn’t the only announcement from the Arduino org today. They’ve been hard at work on some killer features for a while now, and now they’re finally ready for release. What’s the big news? Debuggers. Real debuggers for the Arduino that are easy to use. There are also new boards aimed at Arduino’s IoT strategy.

Continue reading “Arduino Just Introduced an FPGA Board, Announces Debugging and Better Software”

PGP Vulnerability Pre-announced by Security Researcher

From the gaping maw of the infosec Twitterverse comes horrifying news. PGP is broken. How? We don’t know. When will there be any information on this vulnerability? Tomorrow. It’s the most important infosec story of the week, and it’s only Monday. Of course, this vulnerability already has a name. Everyone else is calling it eFail, but I’m calling it Fear, Uncertainty, and Doubt.

Update: eFail site and paper now available. This was released ahead of Tuesday’s planned announcement when the news broke ahead of a press embargo.

Update 2: The report mentions two attacks. The Direct Exfiltration attack wraps the body of a PGP-encrypted email around an image tag. If a mail client automatically decrypts this email, the result will be a request to a URL containing the plaintext of the encrypted email. The second attack only works one-third of the time. Mitigation strategies are to not decrypt email in a client, disable HTML rendering, and in time, update the OpenPGP and S/MIME standards. This is not the end of PGP, it’s a vulnerability warranting attention from those with a very specific use case.

Update 3: Hackaday has published an in-depth explanation of how eFail works which details the scope of the vulnerability.

[Sebastian Schinzel] announced on Twitter today he will be announcing a critical vulnerability in PGP/GPG and S/MIME email encryption. This vulnerability may reveal the plaintext of encrypted emails. There are currently no fixes — but there’s no proof of concept, or any actual publication of this exploit either. The only thing that’s certain: somebody on Twitter said encrypted email is broken.

The EFF has chimed in on this exploit and advises everyone to immediately disable and uninstall tools that automatically decrypt PGP-encrypted email. It also looks like the EFF came up with a great little logo for eFail as well so kudos on that.

While there are no details whatsoever concerning eFail aside from a recommendation to not use PGP, a few members of the community have seen a pre-press of the eFail paper. [Werner Koch] of GnuPG says eFail is simply using HTML as a back channel. If this is true, PGP is still safe; you just shouldn’t use HTML emails. If you really need to read HTML emails, use a proper MIME parser and disallow access to external links. It should be noted that HTML in email is already an attack vector and has been for decades. You don’t need to bring PGP into this.

Should you worry about a vulnerability in PGP and email encryption? Literally no one knows. European security researchers are working on a publication release right now, but other experts in the field who have seen the paper think it’s not a big deal. There is no consensus from experts in the field, and there is no paper available right now. That last point will change in a few hours, but for now eFail just stands for Fear, Uncertainty, and Doubt.

Flash Memory: Caveat Emptor

We all love new tech. Some of us love getting the bleeding edge, barely-on-the-market devices and some enjoy getting tech thirty years after the fact to revel in nostalgia. The similarity is that we assume we know what we’re buying and only the latter category expects used parts. But, what if the prior category is getting used parts in a new case? The University of Alabama in Huntsville has a tool for protecting us from unscrupulous manufacturers installing old flash memory.

Flash memory usually lasts longer than the devices where it is installed, so there is a market for used chips which are still “good enough” to pass for new. Of course, this is highly unethical. You would not expect to find a used transmission in your brand new car so why should your brand new tablet contain someone’s discarded memory?

The principles of flash memory are well explained by comparing them to an ordinary transistor, of which we are happy to educate you. Wear-and-tear on flash memory starts right away and the erase time gets longer and longer. By measuring how long it takes to erase, it is possible to accurately determine the age of chip in question.

Pushing the limits of flash memory’s life-span can tell a lot about how to avoid operation disruption or you can build a flash drive from parts you know are used.