Buzzword Bingo Bitcoin Burial Burrowing Blueprint Balked At By Bureaucracy

August 4, 2022 by Jenny List 46 Comments

Many of you will at some time have heard the unfortunate tale of [James Howells], a Welsh IT worker who threw away a hard drive containing 8,000 Bitcoin back in 2013. Over the years he’s hatched various schemes to persuade his local council to let him dig up the landfill where it’s reputed to be buried, and every time he’s been rebuffed. Despite the fall in the price of cryptocurrencies he’s back with another. With the added spice of AI and robot dogs alongside the cryptocurrency angle, it reads like a buzzword bingo card and adds a whole new meaning to “Bitcoin mining”. Seemingly despite generous offers the local council are still not keen on letting him dig for the drive.

We can’t help feeling sorry for the guy — after all, in the early days of cryptocurrency the coins were a worthless curiosity so it’s not impossible there are readers with similar stories. But we’re curious how well the drive will have survived its 9-year interment even if the AI robot arm and robot dog security would ensure its recovery. With that much cash at stake the best in the data recovery business will no doubt be unleashed on whatever remains they might recover, but in the unfriendly environment of a festering landfill we’d be curious as to whether chemical action might have corroded the platters to the point at which nothing might remain. Wales has a high rainfall unlike the American southwest, so we doubt it would survive as well as an Atari cartridge.

Meanwhile, tell us your cryptocurrency might-have-beens in the comments.

Landfill Site sign by Geographer, CC BY-SA 2.0.

NVIDIA Unleashes The First Jetson AGX Orin Module

August 3, 2022 by Tom Nardi 15 Comments

Back in March, NVIDIA introduced Jetson Orin, the next-generation of their ARM single-board computers intended for edge computing applications. The new platform promised to deliver “server-class AI performance” on a board small enough to install in a robot or IoT device, with even the lowest tier of Orin modules offering roughly double the performance of the previous Jetson Xavier modules. Unfortunately, there was a bit of a catch — at the time, Orin was only available in development kit form.

But today, NVIDIA has announced the immediate availability of the Jetson AGX Orin 32GB production module for $999 USD. This is essentially the mid-range offering of the Orin line, which makes releasing it first a logical enough choice. Users who need the top-end performance of the 64GB variant will have to wait until November, but there’s still no hard release date for the smaller NX Orin SO-DIMM modules.

That’s a bit of a letdown for folks like us, since the two SO-DIMM modules are probably the most appealing for hackers and makers. At $399 and $599, their pricing makes them far more palatable for the individual experimenter, while their smaller size and more familiar interface should make them easier to implement into DIY builds. While the Jetson Nano is still an unbeatable bargain for those looking to dip their toes into the CUDA waters, we could certainly see folks investing in the far more powerful NX Orin boards for more complex projects.

While the AGX Orin modules might be a bit steep for the average tinkerer, their availability is still something to be excited about. Thanks to the common JetPack SDK framework shared by the Jetson family of boards, applications developed for these higher-end modules will largely remain compatible across the whole product line. Sure, the cheaper and older Jetson boards will run them slower, but as far as machine learning and AI applications go, they’ll still run circles around something like the Raspberry Pi.

This Week In Security: Symbiote, Smart Locks, And CosmicStrand

July 29, 2022 by Jonathan Bennett 23 Comments

Symbiote is a particularly nasty Linux rootkit, and we have the interesting case of two separate analysis releasing this week. Up first is [CyberMasterV] taking apart a very early sample of the malware. The primary purpose of Symbiote seems to be capturing SSH logins, and this version does so by hooking the Pluggable Authentication Modules (PAM) system to capture users logging in to the machine it resides on. It also watches for SSH and SCP binaries, and sniffs the terminal used by those binaries, thereby capturing outgoing credentials.

All this data gets packaged up as DNS queries and shuffled off to the Command and Control server. “Easy”, I hear you say, “just block DNS traffic to everywhere except a trusted DNS provider.” It’s more clever than that. The data is in the form of valid DNS subdomains. In full, it’s a DNS request to PacketNumber.MachineID.Data.px32.nss.atendimento-estilo[.]com, all appropriately encoded to be valid. Every request will be for a unique host name, so every request gets forwarded to the C&C controller, which does double duty as the authoritative DNS resolver for that domain. You might get some mileage out of blocking (or at least logging) very long DNS queries.

Symbiote also replaces the typical files and devices you would look at to find a potential problem. For instance, /proc/net/tcp is where the kernel reports open TCP connections. On an infected machine, a copy of this file is maintained by the malware, conveniently leaving out the connections resulting from the infections. Symbiote has a hook in fopen, so whenever a process tries to read this location, the read is redirected to the cooked version, neatly hiding the rootkit. This stealth feature is apparently also used to hide other malware from the same attackers that may be on the same machine.
Continue reading “This Week In Security: Symbiote, Smart Locks, And CosmicStrand” →

Google Quantum, Virtually

July 28, 2022 by Al Williams 18 Comments

Want to try a big quantum computer but don’t have the cash? Google wants to up your simulation game with their “Quantum Virtual Machine” that you can use for free.

On the face of it, it sounds like marketing-speak for just another quantum simulator. But if you read the post, it sounds like it attempts to model effects from a real Sycamore processor including qubit decay and dephasing along with gate and readout errors. This forms what Google calls “processor-like” output, meaning it is as imperfect as a real quantum computer.

If you need more qubits than Google is willing to support, there are ways to add more computing using external compute nodes. Even if you have access to a real machine of sufficient size, this is handy because you don’t have to wait in a queue for time on a machine. You can work out a lot of issues before going to the real computer.

This couldn’t help but remind us of the old days when you had to bring your cards to the central computer location and wait your turn only to find out you’d made a stupid spelling mistake that cost you an hour of wait time. In those days, we’d “desk check” a program carefully before submitting it. This system would allow a similar process where you test your basic logic flow on a virtual machine before suffering the wait time for a real computer to run it.

Of course, if you really need a quantum computer, the simulation is probably too slow to be practical. But at least this might help you work out the kinks on smaller problems before tackling the whole enchilada. What will you do with a quantum computer? Tell us in the comments.

Google, of course, likes its own language, Cirq. If you want a leg up on general concepts with a friendly simulator, try our series.

Move Over Silicon, A New Semiconductor Is In Town

July 27, 2022 by Al Williams 28 Comments

Silicon has had a long run as the king of semiconductors, and why not? It’s plentiful and works well. However, working well and working ideally are two different things. In particular, electrons flow better than holes through the material. Silicon also is a poor heat conductor as we’ve all noticed when working with high-speed or high-power electronics. Researchers at MIT, the University of Houston, and other institutions are proposing cubic boron arsenide to overcome these limitations.

According to researchers, this material is a superior semiconductor and, possibly, the best possible semiconductor. Unfortunately, the material isn’t nearly as common as silicon. Labs have created small amounts of the material and there is still a problem with fabricating uniform samples.

Early experiments show the material has very high mobility for electrons and holes along with thermal conductivity almost ten times greater than that of silicon. It also has a good bandgap, making it very attractive as a semiconductor material. In fact, only diamond and isotopically enriched cubic boron nitride have better thermal conductivity.

However, there are still unknowns about how to use the material in practical devices. Long-term stability tests are as lacking. So maybe it will wipe out silicon or maybe it won’t. Time will tell.

We are always on the lookout for the next big semiconductor material. However, we suspect this tech will be out of reach to the home semiconductor fab, at least for a little while.

Down The Intel Microcode Rabbit Hole

July 19, 2022 by Al Williams 13 Comments

The aptly-named [chip-red-pill] team is offering you a chance to go down the Intel rabbit hole. If you learned how to build CPUs back in the 1970s, you would learn that your instruction decoder would, for example, note a register to register move and then light up one register to write to a common bus and another register to read from the common bus. These days, it isn’t that simple. In addition to compiling to an underlying instruction set, processors rarely encode instructions in hardware anymore. Instead, each instruction has microcode that causes the right things to happen at the right time. But Intel encrypts their microcode. Of course, what can be encrypted can also be decrypted.

Using vulnerabilities, you can activate an undocumented debugging mode called red unlock. This allows a microcode dump and the decryption keys are inside. The team did a paper for OffensiveCon22 on this technique and you can see a video about it, below.

Continue reading “Down The Intel Microcode Rabbit Hole” →

Ortur Laser Will Go Open-Source

July 18, 2022 by Elliot Williams 74 Comments

Well, that was fast! Last week, we wrote about a video by [Norbert Heinz] where he called out the Ortur laser engravers for apparently using the GPL-licensed grbl firmware without providing the source code and their modifications to it, as required by the license. Because open source and grbl are dear to our hearts and CNC machines, we wrote again about Norbert’s efforts over the weekend, speculating that it might just be unfamiliarity with the open source license requirements on Ortur’s part.

Because of [Norbert]’s persistance and publicity around the issue, the support ticket finally reached the right person within Ortur, and within two or three days [Gil Araújo], Support Admin at Ortur, managed to convince the company that going fully open source was the right thing to do. What remains is the question of how to do it, operationally.

So [Gil] asked [Norbert] to ask Hackaday: what do you want from Ortur on this, and how should they proceed? Via e-mail, he asked in particular for best practices on setting up the repository and making the code actually useful to non-programmer types. He said that he looked around at the other laser engraver companies, and didn’t find any good examples of others doing the Right Thing™, so he asked [Norbert] to ask us. And now we’re asking you!

Have you got any good examples of companies using open-source firmware, modifying it, and making it available for their users? Is a simple Github repo with a README enough, or should he spend some time on making it user-friendly for the non-coders out there? Or start with the former and work toward the latter as a goal? I’m sure [Gil] will be reading the comments, so be constructive! You’ll be helping a laser engraver company take its first steps into actually engaging with the open source community.

We said it before, and we’ll say it again. Good job [Norbert] for taking Ortur to task here, but also by doing so in a way that leaves them the option of turning around and doing the right thing. This also highlights that companies aren’t monolithic beasts – sometimes it takes getting your cause heard by just the right person within a company to change the response from a “this is a business secret” to “how should we set up our Github?” And kudos for [Gil] and Ortur for listening to their users!