This Week In Security: Twilio, PongoTV, And BootHole

Twilio, the cloud provider for all things telecom, had an embarrassing security fail a couple weeks ago. The problem was the Amazon S3 bucket that Twilio was using to host part of their public facing content. The bucket was configured for public read-write access. Anyone could use the Amazon S3 API to make changes to the files stored there.

The files in question were protected behind Cloudflare’s CDN, but there’s a catch to Cloudflare’s service. If you know the details of the service behind Cloudflare, it can often be interacted with directly. In many cases, knowing the IP address of the server being protected is enough to totally bypass Cloudflare altogether. In this case, the service behind the CDN is Amazon’s S3. Any changes made to the files there are picked up by the CDN.

Someone discovered the insecure bucket, and modified a Javascript file that is distributed as part of the Twilio JS SDK. That modification was initially described as “non-malicious”, but in the official incident report, Twilio states that the injected code is part of an ongoing magecart campaign carried out against misconfigured S3 buckets.
Continue reading “This Week In Security: Twilio, PongoTV, And BootHole”

Patent Law And The Legality Of Making Something Similar

When [Erich Styger] recently got featured on Hackaday with his meta-clock project, he probably was not expecting to get featured again so soon, this time regarding a copyright claim on the ‘meta-clock’ design. This particular case ended with [Erich] removing the original blog article and associated PCB design files, leaving just the summaries, such as the original Hackaday article on the project.

Obviously, this raises the question of whether any of this is correct; if one sees a clock design, or other mechanisms that appeals and tries to replicate its looks and functioning in some fashion, is this automatically a breach of copyright? In the case of [Erich]’s project, one could argue that at first glance both devices look remarkably similar. One might also argue that this is rather unavoidable, considering the uncomplicated design of the original. Continue reading “Patent Law And The Legality Of Making Something Similar”

No-Melt Nuclear ‘Power Balls’ Might Win A Few Hearts And Minds

A nuclear power plant is large and complex, and one of the biggest reasons is safety. Splitting radioactive atoms is inherently dangerous, but the energy unleashed by the chain reaction that ensues is the entire point. It’s a delicate balance to stay in the sweet spot, and it requires constant attention to the core temperature, or else the reactor could go into meltdown.

Today, nuclear fission is largely produced with fuel rods, which are skinny zirconium tubes packed with uranium pellets. The fission rate is kept in check with control rods, which are made of various elements like boron and cadmium that can absorb a lot of excess neutrons. Control rods calm the furious fission boil down to a sensible simmer, and can be recycled until they either wear out mechanically or become saturated with neutrons.

Nuclear power plants tend to have large footprints because of all the safety measures that are designed to prevent meltdowns. If there was a fuel that could withstand enough heat to make meltdowns physically impossible, then there would be no need for reactors to be buffered by millions of dollars in containment equipment. Stripped of these redundant, space-hogging safety measures, the nuclear process could be shrunk down quite a bit. Continue reading “No-Melt Nuclear ‘Power Balls’ Might Win A Few Hearts And Minds”

Geocaching On Mars: How Perseverance Will Seal Martian Samples With A Return To Earth In Mind

With the roughly 20-day wide launch window for the Mars 2020 mission rapidly approaching, the hype train for the next big mission to the Red Planet is really building up steam. And with good reason — the Mars 2020 mission has been in the works for a better part of a decade, and as we reported earlier this year, the rover it’s delivering to the Martian surface, since dubbed Perseverance, will be among the most complex such devices ever fielded.

“Percy” — come on, that nickname’s a natural — is a mobile laboratory, capable of exploring the Martian surface in search of evidence that life ever found a way there, and to do the groundwork needed if we’re ever to go there ourselves. The nuclear-powered rover bristles with scientific instruments, and assuming it survives the “Seven Minutes of Terror” as well as its fraternal twin Curiosity did in 2012, we should start seeing some amazing results come back.

No prior mission to Mars has been better equipped to answer the essential question: “Are we alone?” But no matter how capable Perseverance is, there’s a limit to how much science can be packed into something that costs millions of dollars a kilogram to get to Mars. And so NASA decided to equip Perseverance with the ability to not only collect geological samples, but to package them up and deposit them on the surface of the planet to await a future mission that will pick them up for a return trip to Earth for further study. It’s bold and forward-thinking, and it’s unlike anything that’s ever been tried before. In a lot of ways, Perseverance’s sample handling system is the rover’s raison d’ĂȘtre, and it’s the subject of this deep dive.

Continue reading “Geocaching On Mars: How Perseverance Will Seal Martian Samples With A Return To Earth In Mind”

Ultracapacitors Might Have Bad Fruity Smell

You might think the smell of an electrolytic capacitor boiling out is bad, but if scientists from the University of Sydney have their way, that might be nothing. They’ve devised an ultracapacitor — that uses biomass from the stinky durian fruit along with jackfruit. We assume the capacitors don’t stink in normal use, but we wouldn’t want to overload one and let the smoke out.

One of the things we found interesting about this is that the process seemed like something you might be able to reproduce in a garage. Sure, there were a few exotic steps like using a vacuum oven and a furnace with nitrogen, and you’d need some ability to handle chemicals like vinylidene fluoride. However, the hacker community has found ways to create lots of things with common tools, and we would imagine creating aerogels from some fruit ought not be out of reach.

Continue reading “Ultracapacitors Might Have Bad Fruity Smell”

Porsche’s Printed Pistons Are Powerful And Precise

The 700-horsepower Porsche 911 GT2 RS is already pretty darn fast — over three times faster than the average regular-person car on the road today. For the sports car enthusiast, there’s likely no ceiling on the need for speed and performance. And so, Porsche was able to wrangle another thirty horsepower out of their limited-run supercar by printing a set of ultra-lightweight pistons.

Pistons being lasered into existence. Image via The Drive

These pistons are printed from high-purity aluminium alloy powder that was developed by German auto parts manufacturer Mahle. Porsche is having these produced by Mahle in partnership with industrial machine maker Trumpf using the laser metal fusion (LMF) process. It’s a lot like selective laser sintering (SLS), but with metal powder instead of plastic.

The machine dusts the print bed with a layer of powder, and then a laser melts the powder according to the CAD file, hardening it into shape. This process repeats one layer at a time, and supports are zapped together wherever necessary. When the print job is finished, the pistons are machined into their shiny final form and thoroughly tested, just like their cast metal cousins have been for decades. Continue reading “Porsche’s Printed Pistons Are Powerful And Precise”

FCC Fines Hobby King Almost $3 Million For Illegal Drone Transmitters

We take wireless devices for granted these days, and it is easy to forget that the use of the airwaves is subject to government control — the FCC in the United States. HobbyKing got a sharp reminder when the FCC levied a nearly $3 million fine for the company selling uncertified drone transmitters.

It was hardly a surprise, though. The FCC has been cracking down on these noncompliant transmitters for a while now and had issued a notice of apparent liability to the company back in 2018 and the investigation goes back to 2016. The problems included radios being sold that were on unauthorized frequencies, radios with higher than legal output power, and selling radios that were not type accepted.

Continue reading “FCC Fines Hobby King Almost $3 Million For Illegal Drone Transmitters”