The CPSC Says Plug To Socket, Not Plug To Plug, Please

September 17, 2022 by Jenny List 102 Comments

When the power goes out, it goes without saying that all the lights and sockets in a house stop working. Savvy rural homeowners stock up with candles, batteries, LED lights, and inverters. More foolhardy folks simply hook up their home electrical system to a generator using a mains lead with a plug on one end between the generator and a wall socket. This should be so obviously dangerous as to be unnecessary, but it’s become widespread enough that the US Consumer Product Safety Commission has issued a warning about the practice. In particular, they’re concerned that there’s not even a need to wire up a lead, as they’re readily available on Amazon.

The dangers they cite include electrocution, fire hazard from circumventing the house electrical protection measures, and even carbon monoxide poisoning because the leads are so short that the generator has to be next to the socket. Hackaday readers won’t need telling about these hazards, even if in a very few and very special cases we’ve seen people from our community doing it. Perhaps there’s a flaw in the way we wire our homes, and we should provide a means to decouple our low-power circuits when there’s a power cut.

It’s likely that over the coming decades the growth of in-home battery storage units following the likes of the Tesla Powerwall will make our homes more resilient to power cuts, and anyone tempted to use a plug-to-plug lead will instead not notice as their house switches to stored or solar power. Meanwhile, some of us have our own ways of dealing with power outages.

Plug image: Evan-Amos, Public domain.

This Week In Security: 11,000 Gas Stations, TrustZone Hacks Kernel, And Unexpected Fuzzing Finds

September 16, 2022 by Jonathan Bennett 6 Comments

Automated Tank Gauges (ATGs) are nifty bits of tech, sitting unseen in just about every gas station. They keep track of fuel levels, temperature, and other bits of information, and sometimes get tied into the automated systems at the station. The problem, is that a bunch of these devices are listening to port 10001 on the Internet, and some of them appear to be misconfigured. How many? Let’s start with the easier question, how many IPs have port 10001 open? Masscan is one of the best tools for this, and [RoseSecurity] found over 85,000 listening devices. An open port is just the start. How many of those respond to connections with the string In-Tank Inventory Reports? Shodan reports 11,113 IPs as of August of this year. [RoseSecurity] wrote a simple Python script that checked each of those listening IPs came up with a matching number of devices. The scary bit is that this check was done by sending a Get In-Tank Inventory Report command, and checking for a good response. It seems like that’s 11K systems, connected to the internet, with no authentication. What could possibly go wrong? Continue reading “This Week In Security: 11,000 Gas Stations, TrustZone Hacks Kernel, And Unexpected Fuzzing Finds” →

Let Slip The Chips Of War

September 13, 2022 by Dave Rowntree 71 Comments

We’re going to go out on a limb and predict that future history books will note that the decision to invade a sovereign nation straight after a worldwide pandemic wasn’t exactly the best timing. Turns out the global electronics shortage the pandemic helped to catalyze isn’t just affecting those of us with peaceful intentions, as the Russian war machine is having a few supply issues with the parts needed to build modern weapons and their associated control equipment.

As you might expect, many of these parts are electronic in nature, and in some cases they come from the same suppliers folks like us use daily. This article from POLITICO includes an embedded spreadsheet, broken down by urgency, complete with part numbers, manufacturers, and even the price Moscow expects to pay!

Chips from US-based firms such as Texas Instruments are particularly hard for the Kremlin to source.

So what parts are we talking about anyway? The cheapest chip on the top priority list is the Marvell ‘Alaska’ 88E1322 which is a dual Gigabit Ethernet PHY costing a mere $7.10 USD according to Moscow. The most expensive is the 10M04DCF256I7G, which is an Altera (now Intel) Max-10 series FPGA, at $1,101 USD (or 66,815 Rubles, for those keeping score).

But it’s not just chips that are troubling them, mil-spec D-sub connectors by Airborn are unobtainable, as are all classes of basic passive parts, resistors, diodes, discrete transistors. Capacitors are especially problematic (aren’t they always). A whole slew of Analog Devices chips, as well as many from Maxim, Micrel and others. Even tiny logic chips from Nexperia.

Of course, part of this is by design. Tightened sanctions prevent Russia from purchasing many of these parts directly, which is intended to make continued aggression as economically unpleasant as possible. But as the POLITICO article points out, it’s difficult to prevent some intermediaries from ‘helping out’ without the West knowing. After all, once a part hits the general market, it is next to impossible to guarantee where it will eventually get soldered down.

Thanks to [Kim Tae] for the tip!

Blue Origin Loses Rocket, Gains Abort System Test

September 12, 2022 by Tom Nardi 15 Comments

Even if you’re just making a brief hop over the Kármán line to gain a few minutes of weightlessness, getting to space is hard. Just in case any of their engineers were getting complacent, Blue Origin just got a big reminder of that fact this afternoon with the destruction of their New Shepard 3 (NS3) rocket during a suborbital research flight.

But while the rocket itself was lost, the New Shepard’s automated abort systems were able to push the capsule H. G. Wells away from the fireball, saving the dozens of scientific experiments which had been loaded onto the un-crewed vehicle. While there’s been no public word yet on the condition of these experiments, it’s reasonable to assume that at least some portion of them can be re-flown in the future — a fact that will likely come as a great relief to the researchers who designed them. It will be interesting to see who picks up the tab for the do-over flight; while launch insurance is a must-have for billion dollar satellites, it seems unlikely these small suborbital experiments would have been covered under a similar policy.

A spurt of flame can be seen in the otherwise invisible exhaust moments before engine failure.

We’re also still in the dark about what caused the in-flight breakup of NS3, other than the fact that the engine was clearly sputtering in the seconds before it blew apart. This could be a sign that the engine’s nominal fuel-to-oxidizer ratio was faltering, or perhaps even indicative of foreign debris becoming dislodged and burning in the combustion chamber. But really, without official word from Blue Origin, it’s impossible to say what happened.

This is especially true when you consider that we’re talking about a vehicle that’s pushing the envelope to begin with. Remember, the New Shepard is a reusable booster, and NS3 is specifically a veteran of eight flights — with all but one of them taking the booster above the 100 kilometer altitude, which is generally accepted to be the boundary of space.

For those worried that celebrities and assorted millionaires will no longer have access to space, fear not. Blue Origin’s crewed flights have flown exclusively on the newer NS4 and its associated capsule First Step. This does however mean that Blue Origin no longer has a spare booster on which to fly commercial payloads, potentially putting into jeopardy any semblance of scientific value the program may have had.

Continue reading “Blue Origin Loses Rocket, Gains Abort System Test” →

Renewable Hydrogen Sucked From Thinish Air

September 11, 2022 by Dave Rowntree 26 Comments

Stored hydrogen is often touted as the ultimate green energy solution, provided the hydrogen is produced from genuinely green power sources. But there are technical problems to be overcome before your average house will be heated with pumped or tank-stored hydrogen. One problem is that the locations that have lots of scope for renewable energy, don’t always have access to plenty of pure water, and for electrolysis you do need both. A team from Melbourne University have come up with a interesting way to produce hydrogen by electrolysis directly from the air.

Redder areas have more water risk and renewable potential

By utilising a novel electrolysis cell with a hygroscopic electrolyte, the so-called direct air electrolysis (DAE) can operate with humidity as low as 4% relative, so perfectly fine even in the most arid areas, after all there may not be clouds but the air still holds a bit of water. This is particularly relevant to regions of the world, such as deserts, where there is simultaneously a high degree of water risk, and plenty of solar potential. Direct electrolysis of saline extracted at coastal areas is one option, but dealing with the liberated chlorine is a big problem.

The new prototype is very simple in construction, with a sponge of melamine or a sintered glass foam soaked in a compatible electrolyte. Potassium Hydroxide (alkaline) was tried as was Potassium Acetate (base) and Sulphuric Acid, but the latter degraded the host material in a short time. Who would have imagined? Anyway, with electrolysis cell design, a key problem is ensuring the separate gasses stay separate, and in this case, are also separate from the air. This was neatly ensured by arranging the electrolyte sponge fully covered both electrodes, so as the hygroscopic material extracted water from the air, the micro-channels in the structure filled up with liquid, with it touching both ends of the cell, forming the circuit and allowing the electrolysis to proceed.

Hydrogen, being very light, would rise upward through holes in the cathode, to be collected and stored. Oxygen simply passed back into the air, after passing though the liquid reservoir at the base. Super simple, and from reading the paper, quite effective too.

You can kind of imagine a future built around this now, where you’re driving your hydrogen fuel cell powered dune buggy around the Sahara one weekend, and you stop at a solar-powered hydrogen fuel station for a top up and a pasty. Ok, possibly not that last bit.

The promised hydrogen economy may be inching closer. We covered using aluminium nanoparticles to rip hydrogen out of water. But once you have the gas, you need to store and handle it. Toyota might have a plan for that. Then perhaps handling gas directly at all isn’t a great idea, and maybe the future is paste?

Thanks to [MmmDee] for the tip!

London Bridge Has Fallen — By Radio

September 10, 2022 by Jenny List 25 Comments

One of the global news stories this week has been the passing of the British monarch, Queen Elizabeth II. Since she had recently celebrated 70 years on the throne, the changing of a monarch is not something that the majority of those alive in 2022 will have seen. But it’s well known that there are a whole suite of “London Bridge has fallen” protocols in place for that eventuality which the various arms of the British government would have put in motion immediately upon news from Balmoral Castle. When it became obvious that the Queen’s health was declining, [Hackerfantastic] took to the airwaves to spot any radio signature of these plans. [Update 2022-09-11] See the comments below and a fresh Tweet to clarify, it appears these were not the signals they were at first suspected to be.

What he found in a waterfall view of the 4 MHz military band was an unusual transmission, a set of strong QPSK packets that started around 13:40pm on the 8th of September, and continued on for 12 hours before disappearing. The interesting thing about these transmissions is not that they were a special system for announcing the death of a monarch, but that they present a rare chance to see one of the country’s Cold War era military alert systems in action.

It’s likely that overseas embassies and naval ships would have been the intended recipients and the contents would have been official orders to enact those protocols, though we’d be curious to know whether 2022-era Internet and broadcast media had tipped them off beforehand that something was about to happen. It serves as a reminder: next time world news stories happen in your part of the world, look at the airwaves!

Bootstrapping The Old Fashioned Way

September 9, 2022 by Jonathan Bennett 62 Comments

The PDP-11, the Altair 8800, and the IMSAI 8080 were some of the heroes of the computer revolution, and they have something in common — front panel switches, and a lot of them. You probably have a fuzzy idea about those switches, maybe from reading Levy’s Hackers, where the painful process of toggling in programs is briefly described. But how exactly does it work? Well thanks to [Dave Plummer] of Dave’s Garage, now we have a handy tutorial. The exact computer in question is a reproduction of the IMSAI 8080, the computer made famous by a young Matthew Broderick in Wargames. [Dave] managed to score the reproduction and a viewer saved him the time of assembly.

The example program is a Larson Scanner, AKA making an strip of lights push a pulse of light across the strip. [Dave] starts with the Assembly code, a scant 11 lines, and runs it through an assembler available online. That gives us machine code, but there’s no hex keypad for input, so we need those in 8-bit binary bytes. To actually program the machine, you set the address switches to your start-of-program location, and the data switches to your first byte. The “deposit” switch sets that byte, while the “deposit next” switch increments the address and then stores the value. It means you don’t have to key in an address for each instruction, just the data. Get to the end of the program, confirm the address is set to the start, and flick run. Hope you toggled everything in correctly. If so, you’re rewarded with a friendly scanner so reminiscent of 80s TV shows. Stick around after the break to see the demonstration!
Continue reading “Bootstrapping The Old Fashioned Way” →