News

3660 Articles

Microsoft Wants You (To Help With Assistive Tech)

September 30, 2022 by 12 Comments

In college I had an exceptional piano teacher that was entirely blind. One day he noticed I had brought in my new-ish laptop, and his unexpected request — “can I look at your laptop?” — temporarily flabbergasted me. Naturally there wasn’t much he could do with it, so he gave it a once over with his fingers to understand the keyboard layout, and that was that. I still think about this experience from time to time, and the most obvious lesson is that my paradigm for using a computer didn’t map well to his abilities and disability.

The folks at Microsoft are thinking about this problem, too, and they’re doing a lot of work to make technology work for more users, like the excellent Xbox Adaptive Controller pictured above. Now, if you have some experience helping folks overcome the challenges of disability, or have a killer idea for an assistive technology solution, Microsoft is looking for projects to fund. Did you rig up a Raspberry Pi and webcam to automatically read text aloud? Maybe you pulled that old Kinect out, and are working on sign-language reader using 3D data points.

Make a pitch of your project or solid idea by the November 4th deadline, and just maybe you can get some help to make it a reality. Just make sure you come back and tell us about it! After all, some of the coolest hacks we’ve ever covered have been adaptive tech projects.

Thanks to [MauroPichiliani] for sending in this tip.

This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR

September 30, 2022 by 13 Comments

According to researchers at GTSC, there’s an unpatched 0-day being used in-the-wild to exploit fully patched Microsoft Exchange servers. When they found one compromised server, they made the report to Microsoft through ZDI, but upon finding multiple Exchange servers compromised, they’re sounding the alarm for everyone. It looks like it’s an attack similar to ProxyShell, in that it uses the auto-discover endpoint as a starting point. They suspect it’s a Chinese group that’s using the exploit, based on some of the indicators found in the webshell that gets installed.

There is a temporary mitigation, adding a URL-based request block on the string .*autodiscover\.json.*\@.*Powershell.. The exact details are available in the post. If you’re running Exchange with IIS, this should probably get added to your system right now. Next, use either the automated tool, or run the PowerShell one-liner to detect compromise: Get-ChildItem -Recurse -Path -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200. This one has the potential to be another really nasty problem, and may be wormable. As of the time of writing, this is an outstanding, unpatched problem in Microsoft Exchange. Come back and finish the rest of this article after you’ve safed up your systems.

Continue reading “This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR”

Japan Wants To Decarbonize With The Help Of Ammonia

September 27, 2022 by 59 Comments

With climate change concerns front of mind, the world is desperate to get to net-zero carbon output as soon as possible. While direct electrification is becoming popular for regular passenger cars, it’s not yet practical for more energy-intensive applications like aircraft or intercontinental shipping. Thus, the hunt has been on for cleaner replacements for conventional fossil fuels.

Hydrogen is the most commonly cited, desirable for the fact that it burns very cleanly. Its only main combustion product is water, though its combustion can generate some nitrogen oxides when burned with air. However, hydrogen is yet to catch on en-masse, due largely to issues around transport, storage, and production.

This could all change, however, with the help of one garden-variety chemical: ammonia. Ammonia is now coming to the fore as an alternative solution. It’s often been cited as a potential way to store and transport hydrogen in an alternative chemical form, since its formula consists of one nitrogen atom and three hydrogen atoms.However, more recently, ammonia is being considered as a fuel in its own right.

Let’s take a look at how this common cleaning product could be part of a new energy revolution.

Continue reading “Japan Wants To Decarbonize With The Help Of Ammonia”

Watch NASA Crash A Probe Into An Asteroid Tonight

September 26, 2022 by 27 Comments

Got any plans for tonight? No? Well then you’re in luck, because NASA is just a few hours from intentionally smashing a probe into the minor planet Dimorphos as part of Double Asteroid Redirection Test (DART) — marking the first time humanity has ever intentionally tried to knock a space rock off-course. If it works, we’re one step closer to having a viable planetary defense system in case we ever detect an asteroid on a collision course with Earth. If it doesn’t work. . . well, we’ve still got time to come up with another plan.

To be clear, the 170 meter (560 feet) wide Dimorphos DOES NOT pose any threat to us, nor will it after NASA smacks it around with an ion-propelled spacecraft. This is simply a test to see if a small spacecraft impacting an asteroid head-on can slow it down enough to appreciably change its orbital trajectory. We won’t know for a week or so if the impact did the trick, but it should still be fascinating to watch the crash happen live.

We’ve embedded the two NASA streams below. The first one will start about a half an hour before impact and is going to show live navigational images of Dimorphos as the DART spacecraft zeros in on its target, and the second stream will cover the main event. Keep in mind this isn’t a Hollywood film we’re talking about — don’t expect any dramatic explosions when the clock hits zero. When the telemetry stops coming back, that means it was a bullseye.

Continue reading “Watch NASA Crash A Probe Into An Asteroid Tonight”

Animated LED Arrows Point The Way

September 24, 2022 by 11 Comments

Visitors at the Garden D’Lights in Bellevue, Washington had a problem. While touring the holiday lights show, they kept straying off the path. The event organizers tried some simple LED arrows, but they were just more points of light among a sea filled with them. This is when [Eric Gunnerson] was asked to help out. He’s apparently had some experience with LED animations, even cooking up a simple descriptor language for writing animations driven by an ESP32. To make the intended path obvious, he turned to a PVC board with 50 embedded WS2812 pixels –RGB controllable LEDs. The control box was a USB power adapter and an ESP8266, very carefully waterproofed and connected to the string of pixels. The backer board is painted black, to complete the hardware. Stick around after the inevitable break, to get a look at the final

The description of the build process is detailed and contains some great tips, but without a clever LED animation, it’s still of questionable utility. The pattern chosen is great, with the LEDs being blue most of the time, and a flame-like gradient chasing through the arrow every couple seconds. It’s obviously different from the lights of the show, and seems to be a real winner. [Eric] has published his code, with the sheepish caveat that he had to reinvent the wheel once again, and couldn’t reuse any of his previous LED animation work on this one. It’s a simple hack, but a great build log, and an effective solution to a subtle problem. And if addressable LEDs are your thing, check out our other hacks!

Continue reading “Animated LED Arrows Point The Way”

This Week In Security: Malwarebytes Goes Nuts, Uber

September 23, 2022 by 12 Comments

I got a rude awakening Wednesday morning this week. HaD writers don’t necessarily keep normal hours — don’t judge. A local client called, complaining that Google Maps was blocking on one of their computers, and the browser stated that it was a malicious site. Well that got my attention. Standard incident response: “Turn off the affected computers, I’m on my way.” Turns out, it was Malwarebytes that was complaining and blocking Google Maps, as well as multiple other Google domains. That particular machine happened to have a fresh install of the program, and was still in the trial period of Malwarebytes premium, which includes the malicious IP and domain blocking feature.

Oof, this could be bad. The first possibility that came to mind was a DNS hijack. The desktop’s DNS was set to the router, and the router’s DNS was set to the ISP’s. Maybe the ISP had their DNS servers compromised? Out came the cell phone, disconnected from the WiFi, for DNS lookups on some Google domains. Because Google operates at such a massive scale, they have multiple IPs serving each domain, but since the two different results were coming from the same subnet, the suspicious DNS server was likely OK. A whois on the blocked IP also confirmed that it was a Google-owned address. We were running out of explanations, and as a certain fictional detective was known for saying, “whatever remains, however improbable, must be the truth.” And, yes, Malwarebytes did indeed accidentally add Google to its bad list. The upside was that my customer wasn’t compromised. The downside? I had to answer a phone call before my first cup of coffee. Blegh.

Continue reading “This Week In Security: Malwarebytes Goes Nuts, Uber”

OpenAI Hears You Whisper

September 22, 2022 by 18 Comments

Should you wish to try high-quality voice recognition without buying something, good luck. Sure, you can borrow the speech recognition on your phone or coerce some virtual assistants on a Raspberry Pi to handle the processing for you, but those aren’t good for major work that you don’t want to be tied to some closed-source solution. OpenAI has introduced Whisper, which they claim is an open source neural net that “approaches human level robustness and accuracy on English speech recognition.” It appears to work on at least some other languages, too.

If you try the demonstrations, you’ll see that talking fast or with a lovely accent doesn’t seem to affect the results. The post mentions it was trained on 680,000 hours of supervised data. If you were to talk that much to an AI, it would take you 77 years without sleep!

Continue reading “OpenAI Hears You Whisper”