News

3631 Articles

Better Solvents Could Lead To Cleaner, Greener Perovskite Solar Cells

May 30, 2021 by 18 Comments

Regardless of appearances, almost all scientific progress comes at a price. That which is hailed as a breakthrough technology that will save the planet or improve the lots of those living upon it almost always comes at a cost, which sometimes greatly outweighs the purported benefits of the advancement.

Luckily, though, solving these kinds of problems is what scientists and engineers live for, and in the case of the potentially breakthrough technology behind perovskite solar cells (PSCs), that diligence has resulted in a cleaner and safer way to manufacture them. We’ve covered the technology of perovskites in the past, but briefly, as related to photovoltaic cells, they’re synthetic crystals of organometallic cations bonded to a halide anion, so something like methylammonium lead tribromide. These materials have a large direct bandgap, which means a thin layer of the stuff can absorb as much solar energy as a much thicker layer of monocrystalline silicon — hence the intense interest in perovskites for cheap, easily manufactured solar cells.

The problem with scaling up PSC manufacturing has been the need for volatile and dangerous solvents to dissolve the perovskites. One such solvent, dimethylformamide (DMF), commonly used in pharmaceutical manufacturing and often a component of paint strippers, is easily absorbed through the skin and toxic to the liver in relatively low concentrations. Another common solvent, γ-butyrolactone (GBL), is a precursor to γ-hydroxybutyric acid (GHB), a common recreational club-drug known as “liquid ecstasy”.

In a recent paper, [Carys Wrosley] and colleagues at Swansea University showed that γ-valerolactone (GVL), a far less toxic and volatile solvent, could be effectively substituted for DMF and GBL in perovskite manufacturing processes. One of the most promising features of perovskites for solar cells is that the solution can be easily applied to transparent conductive substrates; the use of GVL as a solvent resulted in solar cells that were comparably efficient to cells made with the more dangerous solvents.

Continue reading “Better Solvents Could Lead To Cleaner, Greener Perovskite Solar Cells”

Neural Networks Emulate Any Guitar Pedal For $120

May 30, 2021 by 62 Comments

It’s a well-established fact that a guitarist’s acumen can be accurately gauged by the size of their pedal board- the more stompboxes, the better the player. Why have one box that can do everything when you can have many that do just a few things?

Jokes aside, the idea of replacing an entire pedal collection with a single box is nothing new. Your standard, old-school stompbox is an analog affair, using a combination of filters and amplifiers to achieve a certain sound. Some modern multi-effects processors use software models of older pedals to replicate their sound. These digital pedals have been around since the 90s, but none have been quite like the NeuralPi project. Just released by [GuitarML], the NeuralPi takes about $120 of hardware (including — you guessed it — a Raspberry Pi) and transforms it into the perfect pedal.

The key here, of course, is neural networks. The LSTM at the core of NeuralPi can be trained on any pedal you’ve got laying around to accurately reproduce its sound, and it can even do so with incredibly low latency thanks to Elk Audio OS (which even powers Matt Bellamy’s synth guitar, as used in Muse‘s Simulation Theory World Tour). The result of a trained model is a VST3 plugin, a popular format for describing audio effects.

This isn’t the first time we’ve seen some seriously cool stuff from [GuitarML], and it also hearkens back a bit to some sweet pedal simulation in LTSpice we saw last year. We can’t wait to see this project continue to develop — over time, it would be awesome to see a slick UI, or maybe somebody will design a cool enclosure with some knobs and an honest-to-god pedal for user input!

Thanks to [Mish] for the tip!

Continue reading “Neural Networks Emulate Any Guitar Pedal For $120”

This Week In Security: M1RACLES, The Full Half-Double, And Patch Gaps

May 28, 2021 by 10 Comments

We occasionally make fun of new security vulnerabilities that have a catchy name and shiny website. We’re breaking new ground here, though, in covering a shiny website that makes fun of itself. So first off, this is a real vulnerability in Apple’s brand-new M1 chip. It’s got CVE-2021-30747, and in some very limited cases, it could be used for something malicious. The full name is M1ssing Register Access Controls Leak EL0 State, or M1RACLES. To translate that trying-too-hard-to-be-clever name to English, a CPU register is left open to read/write access from unprivileged userspace. It happens to be a two-bit register that doesn’t have a documented purpose, so it’s perfect for smuggling data between processes.

Do note that this is an undocumented register. If it turns out that it actually does something important, this vulnerability could get more serious in a hurry. Until then, thinking of it as a two-bit vulnerability seems accurate. For now, however, the most we have to worry about is that two processes can use this to pass information back and forth. This isn’t like Spectre or Rowhammer where one process is reading or writing to an unrelated process, but both of them have to be in on the game.

The discoverer, [Hector Martin], points out one example where this could actually be abused: to bypass permissions on iOS devices. It’s a clever scenario. Third party keyboards have always been just a little worrying, because they run code that can see everything you type, passwords included. The long-standing advice has been to never use such a keyboard, if it asks for network access permissions. Apple has made this advice into a platform rule — no iOS keyboards get network access. What if a device had a second malicious app installed, that did have Internet access permissions? With a covert data channel, the keyboard could shuffle keystrokes off to its sister app, and get your secrets off the device.

So how much should you care about CVE-2021-30747? Probably not much. The shiny site is really a social experiment to see how many of us would write up the vulnerability without being in on the joke. Why go to the hassle? Apparently it was all an excuse to make this video, featuring the appropriate Bad Apple!! music video.

Half-Double’ing Down on Rowhammer

A few days ago, Google announced the details of Half-Double, and the glass is definitely Half-Double full with all the silly puns that come to mind. The concept is simple: If Rowhammer works because individual rows of ram are so physically close together, does further miniaturization enable attacks against bits two rows away? The answer is a qualified yes.

Quick refresher, Rowhammer is an attack first demonstrated against DDR3 back in 2014, where rapid access to one row of memory can cause bit-flip errors in the neighboring row. Since then, there have been efforts by chip manufacturers to harden against Rowhammer, including detection techniques. At the same time, researchers have kept advancing the art through techniques like Double-Sided Rowhammer, randomizing the order of reads, and attempts to synchronize the attack with the ram’s refresh intervals. Half-Double is yet another way to overcome the protections built into modern ram chips.

We start by specifying a particular ram row as the victim (V). The row right beside it will be the near aggressor row (N), and the next row over we call the far aggressor row (F). A normal Rowhammer attack would simply alternate between reading from the near aggressor and a far-off decoy, rapidly toggling the row select line, which degrades the physical charge in neighboring bits. The Half-Double attack instead alternates between the far aggressor and a decoy row for 1000 cycles, and then reads from the near aggressor once. This process is repeated until the victim row has a bit flip, which often happens within a few dozen iterations. Because the hammering isn’t right beside the victim row, the built-in detection applies mitigations to the wrong row, allowing the attack to succeed in spite of the mitigations.

More Vulnerable Windows Servers

We talked about CVE-2021-31166 two weeks ago, a wormable flaw in Windows’ http.sys driver. [Jim DeVries] started wondering something as soon as he heard about the CVE. Was Windows Remote Management, running on port 5985, also vulnerable? Nobody seemed to know, so he took matters into hiis own hands, and confirmed that yes, WinRM is also vulnerable to this flaw. From what I can tell, this is installed and enabled by default on every modern Windows server.

And far from his optimistic assertion that surely no-one would expose that to the Internet… It’s estimated that there over 2 million IPs doing just that.

More Ransomware

On the ransomware front, there is an interesting story out of The Republic of Ireland. The health system there was hit by Conti ransomware, and the price for decryption set at the equivalent of $20 million. It came as a surprise, then, when a decryptor was freely published. There seems to be an ongoing theme in ransomware, that the larger groups are trying to manage how much attention they draw. On the other hand, this ransomware attack includes a threat to release private information, and the Conti group is still trying to extort money to prevent it. It’s an odd situation, to be sure.

Inside Baseball for Security News

I found a series of stories and tweets rather interesting, starting with the May Android updates at the beginning of the month. [Liam Tung] at ZDNet does a good job laying out the basics. First, when Google announced the May Android updates, they pointed out four vulnerabilities as possibly being actively exploited. Dan Goodin over at Ars Technica took umbrage with the imprecise language, calling the announcement “vague to the point of being meaningless”.

Shane Huntley jumped into the fray on Twitter, and hinted at the backstory behind the vague warning. There are two possibilities that really make sense here. The first is that exploits have been found for sale somewhere, like a hacker forum. It’s not always obvious if an exploit has indeed been sold to someone using it. The other possibility given is that when Google was notified about the active exploit, there was a requirement that certain details not be shared publicly. So next time you see a big organization like Google hedge their language in an obvious and seemingly unhelpful way, it’s possible that there’s some interesting situation driving that language. Time will tell.

The Patch Gap

The term has been around since at least 2005, but it seems like we’re hearing more and more about patch gap problems. The exact definition varies, depending on who is using the term, and what product they are selling. A good working definition is the time between a vulnerability being public knowledge and an update being available to fix the vulnerability.

There are more common reasons for patch gaps, like vulnerabilities getting dropped online without any coordinated disclosure. Another, more interesting cause is when an upstream problem gets fixed and publicly announced, and it takes time to get the fix pulled in. The example in question this week is Safari, and a fix in upstream WebKit. The bug in the new AudioWorklets feature is a type confusion that provides an easy way to do audio processing in a background thread. When initializing a new worker thread, the programmer can use their own constructor to build the thread object. The function that kicks off execution doesn’t actually check that it’s been given a proper object type, and the object gets cast to the right type. Code is executed as if it was correct, usually leading to a crash.

The bug was fixed upstream shortly after a Safari update was shipped. It’s thought that Apple ran with the understanding that this couldn’t be used for an actual RCE, and therefore hadn’t issued a security update to fix it. The problem there is that it is exploitable, and a PoC exploit has been available for a week. As is often the case, this vulnerability would need to be combined with at least one more exploit to overcome the security hardening and sandboxing built into modern browsers.

There’s one more quirk that makes this bug extra dangerous, though. On iOS devices, when you download a different browser, you’re essentially running Safari with a different skin pasted on top. As far as I know, there is no way to mitigate against this bug on an iOS device. Maybe be extra careful about what websites you visit for a few days, until this get fixed.

Via Ars Technica

Ptychography Shows Atoms At Amazing Resolution

May 25, 2021 by 34 Comments

Cornell University enhanced electron microscopy using a technique known as ptychography in 2018. At the time, it allowed an electron microscope to resolve things three times smaller than previously possible. But that wasn’t enough. The team has now doubled that resolution by improving on their previous work.

The team says that the images are so precise that the only blurring is due to the thermal motion of the atoms themselves. This could mean that you won’t see a further improvement in resolution in the future.

Continue reading “Ptychography Shows Atoms At Amazing Resolution”

Ask Hackaday: How Is The Chip Shortage Affecting You?

May 24, 2021 by 133 Comments

Some friends of mine are designing a new board around the STM32F103 microcontroller, the commodity ARM chip that you’ll find in numerous projects and on plenty of development boards. When the time came to order the parts for the prototype, they were surprised to find that the usual stockholders don’t have any of these chips in stock, and more surprisingly, even the Chinese pin-compatible clones couldn’t be found. The astute among you may by now have guessed that the culprit behind such a commodity part’s curious lack of availability lies in the global semiconductor shortage.

A perfect storm of political unintended consequences, climate-related crises throttling Taiwanese chip foundries and shutting down those in the USA, and faulty pandemic recovery planning, has left the chipmakers unable to keep up with the demand from industries on the rebound from their COVID-induced slump. Particularly mentioned in this context is the automotive industry, which has seen plants closing for lack of chips and even models ditching digital dashboards for their analogue predecessors.

Chips on order everywhere on the Mouser website.
Chips on order everywhere on the Mouser website.

The fall-out from all this drama in the world’s car factories has filtered down through all levels that depend upon semiconductors; as the carmakers bag every scrap of chip fab capacity that they can, so in turn have other chip customers scrambled to keep their own supply lines in place. A quick scan for microcontrollers through distributors like Mouser or Digi-Key finds pages and pages of lines on back-order or out of stock, with those lines still available being largely either for niche applications, unusual package options, or from extremely outdated product lines. The chances of scoring your chosen chip seem remote and most designers would probably baulk at trying to redesign around an ancient 8-bit part from the 1990s, so what’s to be done?

Such things typically involve commercially sensitive information so we understand not all readers will be able to respond, but we’d like to ask the question: how has the semiconductor shortage affected you? We’ve heard tales of unusual choices being made to ship a product with any microcontroller that works, of hugely overpowered chips replacing commodity devices, and even of specialist systems-on-chip being drafted in to fill the gap. In a few years maybe we’ll feature a teardown whose author wonders why a Bluetooth SoC is present without using the radio functions and with a 50R resistor replacing the antenna, and we’ll recognise it as a desperate measure from an engineer caught up in 2021’s chip shortage.

So tell us your tales from the coalface in the comments below. Are you that desperate engineer scouring the distributors’ stock lists for any microcontroller you can find, or has your chosen device remained in production? Whatever your experience we’d like to know what the real state of the semiconductor market is, so over to you!

IRC Will Never Die

May 22, 2021 by 51 Comments

The big kerfuffle in the open source world this week surrounds the biggest IRC server operator, Freenode. Wherever the dust settles, myriad important open source projects use Freenode’s IRC servers for their main channel of user feedback, and a number of vibrant communities call or called Freenode home. What you would call a 3D printer, and most of the software that drives it, for instance, was brainstormed up in Freenode’s #reprap. If you want help with a Linux distribution, you’ll be set straight within a few minutes in the relevant channel, because the people who wrote, packaged, or maintain it are probably on Freenode waiting to chat.

But suppose Freenode burns to the ground tomorrow, as some are suggesting. So what? My take is that is doesn’t matter. Freenode doesn’t own IRC, setting up an IRC server is essentially trivial, and what’s really important is the online community — they can just pick up and move somewhere else with very little hassle.

This is not to say that we don’t all benefit from the diligence that Freenode’s volunteer administrators and operators have donated to the cause over the years. IRC servers don’t run themselves, and Freenode’s admins fought and won an epic battle with spammers a couple years back. Keeping IRC running at scale is a different thing than setting up something for your friends, and so the Freenode folks definitely deserve our thanks.

But look, IRC is an old protocol and it’s a simple protocol. It’s so simple, in fact, that writing an IRC bot is just a few dozen lines in Python, using no external libraries. All you need to do is send plain text over a socket. You can do this — it makes a great networking hello world.

IRC is fun for hackers, but if you want a user-friendly GUI client, you ridiculously many to choose from. There are even no-install web clients if you just want to dip your toes in. Heck, you could install your own server in an hour or so.

So saying that the demise of Freenode is the end of IRC is a lot like saying that the end of Hotmail was the end of e-mail. In the grand scheme of things, almost nobody actually uses IRC — Freenode has 78,000 users while Slack has 10 million — and IRC users are very savvy, if not full-on geeky. These are the sort of people who can probably find the server field in a menu and change it from irc.freenode.net to irc.whatever.org.

In addition to our traditional #hackaday channel on irc.freenode.net, there’s also a channel set up on irc.libera.chat as well. There isn’t much action in either — IRC tends to be a slow conversation, so don’t freak out if someone responds to you an hour later — but if you want to swing by, we’re there. IRC will never die!

2021 Hackaday Prize Begins!

If you missed our announcement, this year’s Hackaday Prize is on! We’ve all had a rough year and a half, and it’s lead a lot of us to think seriously about our world. How would you want to change it going forward? Fifty entrants will rethink, refresh, and rebuild their way into $500, and the Grand Prize is $25,000. Get hacking!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

This Week In Security: Watering Hole Attackception, Ransomware Trick, And More Pipeline News

May 21, 2021 by 11 Comments

In what may be a first for watering hole attacks, we’ve now seen an attack that targeted watering holes, or at least water utilities. The way this was discovered is a bit bizarre — it was found by Dragos during an investigation into the February incident at Oldsmar, Florida. A Florida contractor that specializes in water treatment runs a WordPress site that hosted a data-gathering script. The very day that the Oldsmar facility was breached, someone from that location visited the compromised website.

You probably immediately think, as the investigators did, that the visit to the website must be related to the compromise of the Oldsmar treatment plant. The timing is too suspect for it to be a coincidence, right? That’s the thing, the compromised site was only gathering browser fingerprints, seemingly later used to disguise a botnet. The attack itself was likely carried out over Teamviewer. I will note that the primary sources on this story have named Teamviewer, but call it unconfirmed. Assuming that the breach did indeed occur over that platform, then it’s very unlikely that the website visit was a factor, which is what Dragos concluded. On the other hand, it’s easy enough to imagine a scenario where the recorded IP address from the visit led to a port scan and the discovery of a VNC or remote desktop port left open. Continue reading “This Week In Security: Watering Hole Attackception, Ransomware Trick, And More Pipeline News”