Does Your Programmer Know How Fast You Were Going?

April 13, 2022 by Al Williams 83 Comments

News reports were everywhere that an autonomous taxi operated by a company called Cruise was driving through San Francisco with no headlights. The local constabulary tried to stop the vehicle and were a bit thrown that there was no driver. Then the car moved beyond an intersection and pulled over, further bemusing the officers.

The company says the headlights were due to human error and that the car had stopped at a light and then moved to a safe stop by design. This leads to the question of how people including police officers will interact with robot vehicles.

Continue reading “Does Your Programmer Know How Fast You Were Going?” →

Warm Up Your Extruders, RepRap Festivals Are Back

April 12, 2022 by Tom Nardi 5 Comments

Like pretty much every other large gathering, the Midwest and East Coast RepRap Festivals had to be put on hold during the height of the COVID-19 pandemic. But now that the United States is cautiously returning to something that looks a lot like normal, both Festivals have now confirmed they will be back to full-scale live events for 2022.

After experimenting with a virtual event and a scaled-down show in 2021, the Midwest RepRap Festival (MRRF) will be returning to the Elkhart County 4H Fairgrounds in Goshen, Indiana from June 24th to the 26th. No tickets will be required for attendees or exhibitors, everyone is welcome to just show up and have a good time. There will however be sponsorship opportunities for anyone who wants to support this long-running event.

Summer already booked up? In that case, the East Coast RepRap Festival (ERRF) will be taking place from October 8th to the 9th at the APG Federal Credit Union Arena in Bel Air, Maryland. Tickets cost $10 for both exhibitors and attendees, though anyone under 17 gets in for free. Even though ERRF only confirmed their 2022 plans recently, it looks like there are only a few sponsor spots still left open.

Hackaday has attended both events in the past, and we’ve always come back blown away by the incredible variety of printers, projects, and products on display. It seems like there wouldn’t be that many different ways to show off melted plastic, but trust us, these folks always manage to surprise you. Given the amount of time that’s passed since either event was able to operate at normal capacity, we predict these 2022 Festivals are going to be smash hits that you won’t want to miss if you’re even remotely interested in 3D printing.

Trenton Computer Festival Makes YouTube Debut

April 11, 2022 by Tom Nardi 9 Comments

While it doesn’t have the recognition of DEF CON or even HOPE, the Trenton Computer Festival (TCF) holds the record for the longest continually running computer convention, dating all the way back to 1976. TCF has offered vendor spaces, a swap meet, workshops, and keynote talks for almost as long as the personal computer has existed. But until now, all that knowledge was only available to those in the Northeast US that were willing to follow the itinerant event as its bounced between venues over the decades.

Or at least, that used to be the case. Like many events, TCF was forced to go virtual during the COVID-19 pandemic, which meant for the first time all the talks were actually recorded. Over the weekend, the organizers announced that all of the talks and demonstrations from 2020 and 2021 had been uploaded to a new YouTube channel, opening them up to a global audience.

Two years might not sound like much, especially given the fact that there’s still 40+ years unaccounted for. But thanks to the incredible amount of content that is squeezed into each year’s event, the TCF YouTube channel is currently playing host to more than 80 presentations that run the gamut from live musical performances to deep-dives on the Apollo Guidance Computer and quantum computing. Whatever you’re interests happen to be, there’s a good chance you’ll find a presentation or two that talks about it in this impressive collection.

When we made our last visit to this legendary convention, our only real complaint was the fact that none of the presentations were being recorded. With over 40 talks crammed into a six hour event, attendees couldn’t hope but to see more than a fraction of what was on the schedule. The nature of going virtual obviously made it much easier to preserve all this incredible content for later viewing, but it’s unclear if the organizers will be able to maintain that momentum in 2023 when it’s expected TCF will once again be in-person.

Night Vision: Now In Color

April 9, 2022 by Al Williams 36 Comments

We’ve all gotten used to seeing movies depict people using night vision gear where everything appears as a shade of green. In reality the infrared image is monochrome, but since the human eye is very sensitive to green, the false-color is used to help the wearer distinguish the faintest glow possible. Now researchers from the University of California, Irvine have adapted night vision with artificial intelligence to produce correctly colored images in the dark. However, there is a catch, as the method might not be as general-purpose as you’d like.

Under normal illumination, white light has many colors mixed together. When light strikes something, it absorbs some colors and reflects others. So a pure red object reflects red and absorbs other colors. While some systems work by amplifying small amounts of light, those don’t work in total darkness. For that you need night vision gear that illuminates the scene with infrared light. Scientists reasoned that different objects might also absorb different kinds of infrared light. Training a system on what colors correspond to what absorption characteristics allows the computer to reconstruct the color of an image.

The only thing we found odd is that the training was on printed pictures of faces using a four-color ink process. So it seems like pointing the same camera in a dark room would give unpredictable results. That is, unless you had a huge database of absorption profiles. There’s a good chance, too, that there is overlap. For example, yellow paint from one company might look similar to blue paint from another company in IR, while the first company’s blue looks like something else. It is hard to imagine how you could compensate for things like that.

Still, it is an interesting idea and maybe it will lead to some other interesting night vision improvements. There could be a few niche applications, too, where you can train the system for the expected environment and the paper mentions a few of these.

Of course, if you have starlight, you can just use a very sensitive camera, but you still probably won’t get color. You can also build your own night vision gear without too much trouble.

This Week In Security: Vulnerable Boxes, Government Responses, And New Tools

April 8, 2022 by Jonathan Bennett 1 Comment

The Cyclops Blink botnet is thought to be the work of an Advanced Persistent Threat (APT) from Russia, and seems to be limited to Watchguard and Asus devices. The normal three and four letter agencies publicized their findings back in February, and urged everyone with potentially vulnerable devices to go through the steps to verify and disinfect them if needed. About a month later, in March, over half the botnet was still online and functioning, so law enforcement took a drastic step to disrupt the network. After reverse-engineering the malware itself, and getting a judge to sign off on the plan, the FBI remotely broke in to 13 of the Watchguard devices that were working as Command and Control nodes. They disinfected those nodes and closed the vulnerable ports, effectively knocking a very large chunk of the botnet offline.

The vulnerability in WatchGuard devices that facilitated the Botnet was CVE-2022-23176, a problem where an “exposed management access” allowed unprivileged users administrative access to the system. That vague description sounds like either a debugging interface that was accidentally included in production, or a flaw in the permission logic. Regardless, the problem was fixed in a May 2021 update, but not fully disclosed. Attackers apparently reversed engineered the fix, and used it to infect and form the botnet. The FBI informed WatchGuard in November 2021 that about 1% of their devices had been compromised. It took until February to publish remediation steps and get a CVE for the flaw.

This is definitely non-ideal behavior. More details and a CVE should have accompanied the fix back in May. As we’ve observed before, obscurity doesn’t actually prevent sophisticated actors from figuring out vulnerabilities, but it does make it harder for users and security professionals to do their jobs. Continue reading “This Week In Security: Vulnerable Boxes, Government Responses, And New Tools” →

AARP Swipes Right On Senior Social Network

April 1, 2022 by Kristina Panos 19 Comments

Can you believe that Facebook turns 18 this year? One of the troubled teenager’s biggest problems is that not only are the young people still leaving in droves, many of the remaining denizens are 50 or over and susceptible to the various predators and sources of misinformation that plague the site.

Well, AARP wants to change the landscape of social media for those who are approaching or already living out their twilight years. Basically, they want to lure them away from Facebook. The organization spent untold amounts of money creating Senior Planet Community, which is kind of like a baby version of reddit in that the site is broken into interest categories such as photography, gardening, pets, and fitness enthusiasts.

The site was developed by Older Adults Technology Service (OATS), who are an AARP affiliate. OATS were leading computer classes for seniors and moved online during the pandemic, and the idea grew from there.

The main difference is that Senior Planet Community is absolutely free (for now, at least), including a complete lack of advertisements. If Grandma’s gonna unwittingly spend hundreds on micro-transactions, it won’t be taking place here, and not just because there’s no mobile app or games just yet. As far as moderation, there’s a long list of house rules that involve courtesy and encourage the citing of sources. Posts can be reported should they violate the rules.

We’ll see how it goes. There are plenty of bad actors that could pretend to be age 50+, or don’t even have to lie about it. We also wonder how long they’ll be able to go without advertisers.

We’re all getting older, including Zuckerberg. Don’t believe it? Here’s video proof.

Main and thumbnail images via Unsplash.

This Week In Security: More State-Sponsored Activity, Spring4Shell

April 1, 2022 by Jonathan Bennett 4 Comments

[Editor’s note: There is a second, fake iteration of this column out today. This is obviously the real column.]

An alert from CISA, combined with an unsealed pair of indictments, sheds some new light on how Russian hackers pursue high-value targets. The key malware here is Triton, essentially a rootkit designed for the Tricon safety systems, widely deployed at refineries and other infrastructure facilities. One of the early deployments of this was to a Saudi oil plant in 2017. This deployment seems to have been botched, as it caused malfunctions and shut the plant down for about a week.

The new information is confirmation that the same operators, out of the “Central Scientific Research Institute of Chemistry and Mechanics”, attempted to target US facilities with the same campaign. The Wired coverage initially struck me as odd, as it detailed how these Russian attackers researched US refineries, looking for the most promising targets. How exactly did US intelligence agencies know about the research habits of agents in Russia? The details of the indictment has the answer: They were researching US refineries by downloading papers from the US Department of Energy. As the IP addresses of this Russian research group is known and tracked, it was easy enough for US agencies to make the connection.

Continue reading “This Week In Security: More State-Sponsored Activity, Spring4Shell” →