News

3606 Articles

Arm Researchers Announce The PlasticArm

July 23, 2021 by 19 Comments

If the Cortex family of embedded microprocessors aren’t flexible enough for your designs, an article published this week (click here for the PDF version) in the journal Nature might be of interest. We’re not talking flexibility in terms of features, but real, physical flexibility of the microprocessor itself. A research team from Arm Ltd. has developed the PlasticArm, which is a 32-bit processor derived from the Cortex-M0+ family.

They accomplished this by constructing a CPU from metal-oxide thin-film transistors (TFT) on a polyimide substrate, the resultant chip being called a natively flexible microprocessor. While much of the hype focuses on the flexibility aspect, we think the real innovation here is the low cost. The processes used to deposit transistors onto silicon wafers is much more expensive than those on this flexible substrate.

Don’t get too excited just yet, because there were some compromises made along the way. Modern microprocessor silicon dies are measured in the tens of microns, but the PlasticArm total die size is a comparatively whopping 9 mm square. The researchers were appropriately focused on the core CPU, and the auxiliary building blocks such as ROM and RAM seem almost an afterthought. With only 456 bytes of program store and 128 bytes of RAM, only the tiniest of applications are suited to this chip. Other compromises were made, such as no internal registers — they are mapped to the external RAM — and the CPU runs a lot slower than we’re used to, topping out at 29 kHz (note: k not M).

There are certainly some challenges with this new technology, and we won’t be designing with these chips any time soon. But it has the potential to offer benefits in certain niche applications where low-cost and/or flexibility is more important than processor speed and performance.

 

New Privacy Policy Gets Audacity Back On Track

July 23, 2021 by 29 Comments

Regular readers will likely be aware of the considerable debate over changes being made to the free and open source audio editor Audacity by the project’s new owners, Muse Group. The company says their goal is to modernize the 20 year old GPLv2 program and bring it to a larger audience, but many in the community have questioned whether the new managers really understand the free software ethos. An already precarious situation has only been made worse by a series of PR blunders Muse Group has made over the last several months.

But for a change, it seems things might be moving in the right direction. In a recent post to Audacity’s GitHub repository, Muse Group unveiled the revised version of their much maligned Privacy Policy. The announcement also came with an admission that many of the key elements from the draft version of the Privacy Policy were poorly worded and confusing. It seems much of the problem can be attributed to an over-analysis of the situation; with the company inserting provocative boilerplate protections (such as a clause saying users must be over the age of 13) that simply weren’t necessary.

Ultimately, the new Privacy Policy bears little resemblance to the earlier draft. Which objectively, is a good thing. But it’s still difficult to understand why Muse Group publicly posted such a poorly constructed version of the document in the first place. Project lead Martin Keary, better known online as Tantacrul, says the team had to consult with various legal teams before they could release the revised policy. That sounds reasonable enough, but why where these same teams not consulted before releasing such a spectacularly ill-conceived draft?

The new Privacy Policy makes it clear that Audacity won’t be collecting any user data, and what little personally identifiable information Muse Group gets from the application when it automatically checks for an update (namely, the client’s IP address) isn’t being stored. It’s further explained in the GitHub post that the automatic update feature only applies to official binary builds of Audacity, meaning it will be disabled for Linux users who install it through their distribution’s package repository. The clause about working with unnamed law enforcement agencies has been deleted, as has the particularly troubling age requirement.

Credit where credit is due. Muse Group promised to revise their plans for adding telemetry to Audacity, and judging by the new Privacy Policy, it seems they’ve done an admirable job of addressing all of the issues brought up by the community. Those worried their FOSS audio editor of choice would start spying on them can rest easy. Unfortunately the issue of Audacity’s inflammatory Contributor License Agreement (CLA) has yet to be resolved, meaning recently christened forks of the audio editor dedicated to preserving its GPLv2 lineage are unlikely to stand down anytime soon.

This Week In Security: NSO, Print Spooler, And A Mysterious Decryptor

July 23, 2021 by 22 Comments

The NSO Group has been in the news again recently, with multiple stories reporting on their Pegasus spyware product. The research and reporting spearheaded by Amnesty International is collectively known as “The Pegasus project”. This project made waves on the 18th, when multiple news outlets reported on a list of 50,000 phone numbers that are reported as “potential surveillance targets.” There are plenty of interesting people to be found on this list, like 14 heads of state and many journalists.

There are plenty of questions, too. Like what exactly is this list, and where did it come from? Amnesty international has pointed out that it is not a list of people actively being targeted. They’ve reported that of the devices associated with an entry on the list that they have been able to check, roughly 50% have shown signs of Pegasus spyware. The Guardian was part of the initial coordinated release, and has some impressive non-details to add:

The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.

Amazon’s AWS was named as part of the C&C structure of Pegasus, and in response, they have pulled the plug on accounts linked to NSO. For their part, NSO denies the validity of the list altogether. Continue reading “This Week In Security: NSO, Print Spooler, And A Mysterious Decryptor”

The Gatwick Drone: Little By Little, The Story Continues To Unravel

July 20, 2021 by 96 Comments

If you remember the crazy events in the winter of 2018 as two airports were closed over reports of drone sightings, you might be interested to hear that there’s still a trickle of information about those happenings making it into the public domain as Freedom of Information responses.

Three Christmases ago the news media was gripped by a new menace, that of rogue drones terrorising aircraft. The UK’s Gatwick airport had been closed for several days following a spate of drone sightings, and authorities thundered about he dire punishments which would be visited upon the perpetrators when they were caught. A couple were arrested and later quietly released, and after a lot of fuss the story quietly disappeared.

Received Opinion had it that a drone had closed an airport, but drone enthusiasts, and Hackaday as a publication in their sphere, were asking awkward questions about why no tangible evidence of a drone ever having been present had appeared. Gradually the story unravelled with the police and aviation authorities quietly admitting that they had no evidence of a drone, and a dedicated band of drone enthusiasts has continues to pursue the truth about those few winter nights in 2018. The latest results chase up the possibility that the CAA might have received a description of the drone, and why when a fully functional drone detection system had been deployed and detected nothing they continued with the farce of closing the airport.

Perhaps the saddest thing about these and other revelations about the incident which have been teased from the authorities is that while they should fire up a scandal, it seems inevitable that they won’t. The police, the government, and the CAA have no desire to be reminded of their mishandling of the event, neither except for a rare bit of mild questioning do the media wish to be held to account for the execrable quality of their reporting. The couple who were wrongly arrested have not held back in their condemnation, but without the attention of any powerful vested interests it seems that some of the measures brought in as a response will never be questioned. All we can do is report any new developments in our little corner of the Internet, and of course keep you up to date with any fresh UK police drone paranoia.

Software Defined… CPU?

July 19, 2021 by 45 Comments

Everything is better when you can program it, right? We have software-defined radios, software-defined networks, and software-defined storage. Now a company called Ascenium wants to create a software-defined CPU. They’ve raised millions of dollars to bring the product to market.

The materials are a bit hazy, but it sounds as though the idea is to have CPU resources available and let the compiler manage and schedule those resources without using a full instruction set. A system called Aptos lets the compiler orchestrate those resources.

Continue reading “Software Defined… CPU?”

Samsung Shuttering Original SmartThings Hubs

July 19, 2021 by 83 Comments

Samsung is causing much angst among its SmartThings customers by shutting down support for its original SmartThings home automation hub as of the end of June. These are network-connected home automation routers providing Zigbee and Z-Wave connectivity to your sensors and actuators. It’s not entirely unreasonable for manufacturers to replace aging hardware with new models. But in this case the original hubs, otherwise fully functional and up to the task, have intentionally been bricked.

Users were offered a chance to upgrade to a newer version of the hub at a discount. But the hardware isn’t being made by Samsung anymore, after they redirected their SmartThings group to focus entirely on software. With this new dedication to software, you’d be forgiven for thinking the team implemented a seamless transition plan for its loyal user base — customers who supported and built up a thriving community since the young Colorado-based SmartThings company bootstrapped itself by a successful Kickstarter campaign in 2012. Instead, Samsung seems to leave many of those users in the lurch.

There is no upgrade path for switching to a new hub, meaning that the user has to manually reconnect each sensor in the house which often involves a cryptic sequence of button presses and flashing lights (the modern equivalent of setting the time on your VCR). Soon after you re-pair all your devices, you will discover that the level of software customization and tools that you’ve relied upon for home automation has, or is about to, disappear. They’ve replaced the original SmartThings app with a new in-house app, which by all accounts significantly dumbs down the features and isn’t being well-received by the community. Another very popular tool called Groovy IDE, which allowed users to add support for third-party devices and complex automation tasks, is about to be discontinued, as well.

Continue reading “Samsung Shuttering Original SmartThings Hubs”

Tales From The Global Chip Shortage: Smoothieboard

July 17, 2021 by 27 Comments

The semiconductor shortage sparked by the pandemic is showing no signs of slowing down. Although auto manufacturers were some of the first affected, the shortage has now spread and is impacting all sorts of projects, including the Smoothieboard open-source CNC controllers.

[Chris Cecil] walks through the production woes they’ve had over the last few months. It began this spring with a batch of the V1.1 boards. The prices of some of their chips started jumping, and then they were informed that the microcontroller that serves as the brains of the Smoothieboard was only available for five times the old price. In the end, they placed a smaller order, and V1.1 Smoothieboards will likely be scarce until the microcontroller’s price returns to normal.

Getting V2 of the boards into production has been even more difficult. Just weeks before the final prototype, it was discovered that the LPC4330 microcontroller the V2 was built around was also sold out worldwide. With the shortage in mind, a hole was left in the layout of the final version of V2 so that they could finish the design around whatever microcontroller they were able to get. In the end, they were able to lock down a supply of STM32H745 controllers, which are actually substantially more capable than the original device.

If you’re interested in the origins of the chip shortage, this article from January is a good place to start. This isn’t the first time parts shortages have wreaked havoc on the world of electronics—does anyone remember the global resistor shortage of ’18?