News

3615 Articles

FlowIO Takes Top Honors In The 2021 Hackaday Prize

November 20, 2021 by 8 Comments

FlowIO Platform, a modular pneumatics controller for soft robotics and smart material projects, took home Grand Prize honors at the 2021 Hackaday Prize. Aside from the prestige of coming out on top of hundreds of projects and bragging rights for winning the biggest hardware design challenge on Earth, the prize carries an award of $25,000 and a Supplyframe DesignLab residency to continue project development. Four other top winners were also announced at the Hackaday Remoticon virtual conference on Saturday evening.

In a year full of challenges, this year’s Hackaday Prize laid down yet another gauntlet: to “Rethink, Refresh, and Rebuild.” We asked everyone to take a good hard look at the systems and processes that make the world work — or in some cases, not work — and reimagine them from a fresh perspective. Are there better ways to do things? What would you come up with if you started from a blank piece of paper? How can you support and engage the next generation of engineers, and inspire them to take up the torch? And what would you come up with if you just let your imagination run wild?

And boy, did you deliver! With almost 500 entries, this year’s judges had quite a task in front of them. Each of the five challenges — Refresh Displays, Rethink Work-From-Home Life, Reimagine Supportive Tech, Redefine Robots, and Reactivate Wildcard — had ten finalists, which formed the pool of entries for the overall prize. And here’s what they came up with.

Continue reading “FlowIO Takes Top Honors In The 2021 Hackaday Prize”

This Week In Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, And The Blacksmith

November 19, 2021 by 21 Comments

Intel has announced CVE-2021-0146, a vulnerability in certain processors based on the Atom architecture, and the Trusted Platform Module (TPM) is at the center of the problem. The goal of the system around the TPM is to maintain system integrity even in the case of physical access by an attacker, so the hard drive is encrypted using a key stored in a secure chip on the motherboard. The TPM chip holds this encryption key and provides it during the boot process. When combined with secure boot, this is a surprisingly effective way to prevent tampering or data access even in the case of physical access. It’s effective, at least, when nothing goes wrong.

Earlier this year, we covered a story where the encryption key could be sniffed directly from the motherboard, by tapping the traces connecting the TPM to the CPU. It was pointed out that TPM 2.0 can encrypt the disk encryption key on the traces, making this attack impossible.

The entire Trusted Compute Model is based on the premise that the CPU itself is trustworthy. This brings us back to Intel’s announcement that a debug mode could be enabled via physical access. In this debug mode, the CPU master key can be extracted, leading to complete compromise. The drive encryption key can be recovered, and unsigned firmware can be loaded to the Management Engine. This means data in the TPM enclave and the TPM-stored encryption key can be compromised. Updated firmware is rolling out through motherboard vendors to address the problem. Continue reading “This Week In Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, And The Blacksmith”

Russian Anti-Satellite Weapon Test Draws Widespread Condemnation

November 17, 2021 by 44 Comments

On the morning of November 15, a Russian missile destroyed a satellite in orbit above Earth.  The successful test of the anti-satellite weapon has infuriated many in the space industry, put astronauts and cosmonauts alike at risk, and caught the attention of virtually every public and private space organisation on the planet.

It’s yet another chapter in the controversial history of military anti-satellite operations, and one with important implications for future space missions. Let’s examine what happened, and explore the greater context of the operation.

Continue reading “Russian Anti-Satellite Weapon Test Draws Widespread Condemnation”

This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack

November 12, 2021 by 33 Comments

Maybe we really were better off with ASCII. Back in my day, we had space for 256 characters, didn’t even use 128 of them, and we took what we got. Unicode opened up computers to the languages of the world, but also opened an invisible backdoor. This is a similar technique to last week’s Trojan Source story. While Trojan Source used right-to-left encoding to manipulate benign-looking code, this hack from Certitude uses Unicode characters that appear to be whitespace, but are recognized as valid variable names.

const { timeout,ㅤ} = req.query;
Is actually:
const { timeout,\u3164} = req.query;

The extra comma might give you a clue that something is up, but unless you’re very familiar with a language, you might dismiss it as a syntax quirk and move on. Using the same trick again allows the hidden malicious code to be included on a list of commands to run, making a hard-to-spot backdoor.

The second trick is to use “confusable” characters like ǃ, U+01C3. It looks like a normal exclamation mark, so you wouldn’t bat an eye at if(environmentǃ=ENV_PROD){, but in this case, environmentǃ is a new variable. Anything in this development-only block of code is actually always enabled — imagine the chaos that could cause.

Neither of these are ground-breaking vulnerabilities, but they are definitely techniques to be wary of. The authors suggest that a project could mitigate these Unicode techniques by simply restricting their source code to containing only ASCII characters. It’s not a good solution, but it’s a solution. Continue reading “This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack”

South Korean KSLV-2 Nuri Rocket Almost Orbits

November 8, 2021 by 4 Comments

There was a bit of excitement recently at the Naro Space Center on Outer Naro Island, just off the southern coast of the Korea Peninsula. The domestically developed South Korean Nuri rocket departed on its inaugural flight from launch pad LB-2 at 5pm in the afternoon on Thursday, 21 Oct. The previous launch in the KSLV-2 program from this facility was in 2018, when a single-stage Test Launch Vehicle was successfully flown and proved out the basic vehicle and its KRE-075 engines.

This final version of the three-stage Nuri rocket, formally known as Korean Space Launch Vehicle-II (KSLV-2), is 47.2 m long and 3.5 m in diameter. The first stage is powered by a cluster of four KRE-075 sea-level engines having 3 MN of thrust. The second stage is a single KRE-075 vacuum engine with 788 kN thrust, and the final stage is a KRE-007 vacuum engine with 69 kN thrust (all these engines are fueled by Jet-A / LOX). In this maiden flight, the first two stages performed as expected, but something went wrong when the third stage shut off prematurely and failed to gain enough velocity to put the 1400 kg dummy satellite into orbit.

A committee formed to investigate the flight failure convened this week, and issued a statement after a preliminary review of the collected telemetry data. So far, all indications point to a drop in oxidizer tank pressure in the third stage. This could be the result of a leak in the tank itself or the associated plumbing. They will also investigate whether a sensor or other failure in the tank pressurization control system could be at fault. A second launch is currently scheduled for May of next year. Check out [Scott Manley]’s video below the break, where he discusses the launch itself and some history of South Korea’s space program.

Continue reading “South Korean KSLV-2 Nuri Rocket Almost Orbits”

Solar Cells, Half Off

November 6, 2021 by 34 Comments

A company named Leap Photovoltaic claims they have a technology to create solar panels without silicon wafers which would cut production costs in half. According to [FastCompany] the cells are still silicon-based, but do not require creating wafers as a separate step or — as is more common — acquiring them as a raw material.

The process is likened to 3D printing as silicon powder is deposited on a substrate. The design claims to use only a tenth of the silicon in a conventional cell and requires fewer resources to produce, too.

Continue reading “Solar Cells, Half Off”

Separating Ideas From Words

November 6, 2021 by 11 Comments

We covered Malamud’s General Index this week, and Mike and I were talking about it on the podcast as well. It’s the boldest attempt we’ve seen so far to open up scientific knowledge for everyone, and not just the wealthiest companies and institutions. The trick is how to do that without running afoul of copyright law, because the results of research are locked inside their literary manifestations — the journal articles.

The Index itself is composed of one-to-five-word snippets of 107,233,728 scientific articles. So if you’re looking for everything the world knows about “tincture of iodine”, you can find all the papers that mention it, and then important keywords from the corpus and metadata like the ISBN of the article. It’s like the searchable card catalog of, well, everything. And it’s freely downloadable if you’ve got a couple terabytes of storage to spare. That alone is incredible.

What I think is most remarkable is this makes good on figuring out how to separate scientific ideas from their prison — the words in which they’re written — which are subject to copyright. Indeed, if you look into US copyright law, it’s very explicit about not wanting to harm the free sharing of ideas.

“In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work.”

But this has always been paradoxical. How do you restrict dissemination of the papers without restricting dissemination of the embodied ideas or results? In the olden days, you could tell others about the results, but that just doesn’t scale. Until today, only the richest companies and institutions had access to this bird’s eye view of scientific research — similar datasets gleaned from Google’s book-scanning program have trained their AIs and seeded their search machines, but they only give you a useless and limited peek.

Of course, if you want to read the entirety of particular papers under copyright, you still have to pay for them. And that’s partly the point, because the General Index is not meant to destroy copyrights, but give you access to the underlying knowledge despite the real world constraints on implementing copyright law, and we think that stands to be revolutionary.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!