Finally, An Extension To Copyright Law We Can Get Behind

Normally when a government extends a piece of copyright law we expect it to be in the favour of commercial interests with deep pockets and little care for their consumers. But in Denmark they do things differently it seems, which is why they are giving Danes the copyright over their own features such as their faces or voices. Why? To combat deepfakes, meaning that if you deepfake a Dane, they can come after you for big bucks, or indeed kronor. It’s a major win, in privacy terms.

You might of course ask, whether it’s now risky to photograph a Dane. We are not of course lawyers here but like any journalists we have to possess a knowledge of how copyright works, and we are guessing that the idea in play here is that of passing off. If you take a photograph of a Volkswagen you will have captured the VW logo on its front, but the car company will not sue you because you are not passing off something that’s not a Volkswagen as the real thing. So it will be with Danes; if you take a picture of their now-copyrighted face in a crowd you are not passing it off as anything but a real picture of them, so we think you should be safe.

We welcome this move, and wish other countries would follow suit.


Pope Francis, Midjourney, Public domain, (Which is a copyright story all of its own!)

This Week In Security: MegaOWNed, Store Danger, And FileFix

Earlier this year, I was required to move my server to a different datacenter. The tech that helped handle the logistics suggested I assign one of my public IPs to the server’s Baseboard Management Controller (BMC) port, so I could access the controls there if something went sideways. I passed on the offer, and not only because IPv4 addresses are a scarce commodity these days. No, I’ve never trusted a server’s built-in BMC. For reasons like this MegaOWN of MegaRAC, courtesy of a CVSS 10.0 CVE, under active exploitation in the wild.

This vulnerability was discovered by Eclypsium back in March and it’s a pretty simple authentication bypass, exploited by setting an X-Server-Addr header to the device IP address and adding an extra colon symbol to that string. Send this along inside an HTTP request, and it’s automatically allowed without authentication. This was assigned CVE-2024-54085, and for servers with the BMC accessible from the Internet, it scores that scorching 10.0 CVSS.

We’re talking about this now, because CISA has added this CVE to the official list of vulnerabilities known to be exploited in the wild. And it’s hardly surprising, as this is a near-trivial vulnerability to exploit, and it’s not particularly challenging to find web interfaces for the MegaRAC devices using tools like Shodan and others.

There’s a particularly ugly scenario that’s likely to play out here: Embedded malware. This vulnerability could be chained with others, and the OS running on the BMC itself could be permanently modified. It would be very difficult to disinfect and then verify the integrity of one of these embedded systems, short of physically removing and replacing the flash chip. And malware running from this very advantageous position very nearly have the keys to the kingdom, particularly if the architecture connects the BMC controller over the PCIe bus, which includes Direct Memory Access.

This brings us to the really bad news. These devices are everywhere. The list of hardware that ships with the MegaRAC Redfish UI includes select units from “AMD, Ampere Computing, ASRock, ARM, Fujitsu, Gigabyte, Huawei, Nvidia, Supermicro, and Qualcomm”. Some of these vendors have released patches. But at this point, any of the vulnerable devices on the Internet, still unpatched, should probably be considered compromised. Continue reading “This Week In Security: MegaOWNed, Store Danger, And FileFix”

Linear Solar Chargers For Lithium Capacitors

For as versatile and inexpensive as switch-mode power supplies are at all kinds of different tasks, they’re not always the ideal choice for every DC-DC circuit. Although they can do almost any job in this arena, they tend to have high parts counts, higher complexity, and higher cost than some alternatives. [Jasper] set out to test some alternative linear chargers called low dropout regulators (LDOs) for small-scale charging of lithium ion capacitors against those more traditional switch-mode options.

The application here is specifically very small solar cells in outdoor applications, which are charging lithium ion capacitors instead of batteries. These capacitors have a number of benefits over batteries including a higher number of discharge-recharge cycles and a greater tolerance of temperature extremes, so they can be better off in outdoor installations like these. [Jasper]’s findings with using these generally hold that it’s a better value to install a slightly larger solar cell and use the LDO regulator rather than using a smaller cell and a more expensive switch-mode regulator. The key, though, is to size the LDO so that the voltage of the input is very close to the voltage of the output, which will minimize losses.

With unlimited time or money, good design can become less of an issue. In this case, however, saving a few percentage points in efficiency may not be worth the added cost and complexity of a slightly more efficient circuit, especially if the application will be scaled up for mass production. If switched mode really is required for some specific application, though, be sure to design one that’s not terribly noisy.

Static Electricity Remembers

As humans we often think we have a pretty good handle on the basics of the way the world works, from an intuition about gravity good enough to let us walk around, play baseball, and land spacecraft on the moon, or an understanding of electricity good enough to build everything from indoor lighting to supercomputers. But zeroing in on any one phenomenon often shows a world full of mystery and surprise in an area we might think we would have fully understood by now. One such area is static electricity, and the way that it forms within certain materials shows that it can impart a kind of memory to them.

The video demonstrates a number of common ways of generating static electricity that most of us have experimented with in the past, whether on purpose or accidentally, from rubbing a balloon on one’s head and sticking it to the wall or accidentally shocking ourselves on a polyester blanket. It turns out that certain materials like these tend to charge themselves positively or negatively depending on what material they were rubbed against, but some researchers wondered what would happen if an object were rubbed against itself. It turns out that in this situation, small imperfections in the materials cause them to eventually self-order into a kind of hierarchy, and repeated charging of these otherwise identical objects only deepen this hierarchy over time essentially imparting a static electricity memory to them.

The effect of materials to gain or lose electrons in this way is known as the triboelectric effect, and there is an ordering of materials known as the triboelectric series that describes which materials are more likely to gain or lose electrons when brought into contact with other materials. The ability of some materials, like quartz in this experiment, to develop this memory is certainly an interesting consequence of an otherwise well-understood phenomenon, much like generating power for free from static electricity that’s always present within the atmosphere might surprise some as well.

Continue reading “Static Electricity Remembers”

Mining And Refining: Drilling And Blasting

It’s an inconvenient fact that most of Earth’s largesse of useful minerals is locked up in, under, and around a lot of rock. Our little world condensed out of the remnants of stars whose death throes cooked up almost every element in the periodic table, and in the intervening billions of years, those elements have sorted themselves out into deposits that range from the easily accessed, lying-about-on-the-ground types to those buried deep in the crust, or worse yet, those that are distributed so sparsely within a mineral matrix that it takes harvesting megatonnes of material to find just a few kilos of the stuff.

Whatever the substance of our desires, and no matter how it is associated with the rocks and minerals below our feet, almost every mining and refining effort starts with wresting vast quantities of rock from the Earth’s crust. And the easiest, cheapest, and fastest way to do that most often involves blasting. In a very real way, explosives make the world work, for without them, the minerals we need to do almost anything would be prohibitively expensive to produce, if it were possible at all. And understanding the chemistry, physics, and engineering behind blasting operations is key to understanding almost everything about Mining and Refining.

Continue reading “Mining And Refining: Drilling And Blasting”

A piano is pictured with two hands playing different notes, G outlined in orange and C outlined in blue.

AI Piano Teacher To Criticize Your Every Move

Learning new instruments is never a simple task on your own; nothing can beat the instant feedback of a teacher. In our new age of AI, why not have an AI companion complain when you’re off note? This is exactly what [Ada López] put together with their AI-Powered Piano Trainer.

The basics of the piano rely on rather simple boolean actions, either you press a key or not. Obviously, this sets up the piano for many fun projects, such as creative doorbells or helpful AI models. [Ada López] started their AI model with a custom dataset with images of playing specific notes on the piano. These images then get fed into Roboflow and trained using the YOLOv8 model.

Using the piano training has the model run on a laptop and only has a Raspberry Pi for video, and gives instant feedback to the pianist due to the demands of the model. Placing the Pi and an LCD screen for feedback into a simple enclosure allows the easy viewing of how good an AI model thinks you play piano. [Ada López] demos their device by playing Twinkle Twinkle Little Star but there is no reason why other songs couldn’t be added!

While there are simpler piano trainers out there relying on audio cues, this project presents a great opportunity for a fun project for anyone else wanting to take up the baton. If you want to get a little more from having to do less in the physical space, then this invisible piano is perfect for you!

EU Ecodesign For Smartphones Including Right To Repair Now In Effect

Starting June 20th, any cordless phone, smartphone, or feature phone, as well as tablets (7 – 17.4″ screens) have to meet Ecodesign requirements. In addition there is now mandatory registration with the European Product Registry for Energy Labelling (EPREL). The only exception are phones and tablets with a flexible (rollable) main display, and tablets that do not use a mobile OS, i.e. not Android, iPadOS, etc. These requirements include resistance to drops, scratches and water, as well as batteries that last at least 800 cycles.

What is perhaps most exciting are the requirements that operating system updates must be made available for at least five years from when the product is last on the market, along with spare parts being made available within 5-10 working days for seven years after the product stops being sold. The only big niggle here is that this access only applies to ‘professional repairers’, but at least this should provide independent repair shops with full access to parts and any software tools required.

On the ENERGY label that is generated with the registration, customers can see the rating for each category, including energy efficiency, battery endurance, repairability and IP (water/dust ingress) rating, making comparing devices much easier than before. All of this comes before smartphones and many other devices sold in the EU will have to feature easily removable batteries by 2027, something which may make manufacturers unhappy, but should be a boon to us consumers and tinkerers.