News

3606 Articles

Fun While It Lasted, Falcon 9 Telemetry Now Encrypted

April 7, 2021 by 56 Comments

A few weeks back we brought word that Reddit users [derekcz] and [Xerbot] had managed to receive the 2232.5 MHz telemetry downlink from a Falcon 9 upper stage and pull out some interesting plain-text strings. With further software fiddling, the vehicle’s video streams were decoded, resulting in some absolutely breathtaking shots of the rocket and its payload from low Earth orbit.

Unfortunately, it looks like those heady days are now over, as [derekcz] reports the downlink from the latest Falcon 9 mission was nothing but intelligible noise. Since the hardware and software haven’t changed on his side, the only logical conclusion is that SpaceX wasn’t too happy about radio amateurs listening in on their rocket and decided to employ some form of encryption.

Since this data has apparently been broadcast out in the clear for nearly a decade before anyone on the ground noticed, it’s easy to see this as an overreaction. After all, what’s the harm in a few geeks with hacked together antennas getting a peek at a stack of Starlink satellites? [derekcz] even mused that allowing hobbyists to capture these space views might earn the company some positive buzz, something Elon Musk never seems to get enough of.

Some of the images [derekcz] was able to capture from the Falcon 9

On the other hand, we know that SpaceX is actively pursuing more lucrative national security launch contracts for both the Falcon 9 and Falcon Heavy. For these sensitive government payloads, the normal on-screen telemetry data and space views are omitted from the company’s official live streams. It seems likely the Pentagon would be very interested in finding out how civilians were able to obtain this information, and a guarantee from SpaceX that the link would be encrypted for all future flights could have helped smooth things over.

At the end of the post [derekcz] echos a sentiment we’ve been hearing from other amateur radio operators  recently, which is that pretty soon space may be off-limits for us civilians. As older weather satellites begin to fail and get replaced with newer and inevitably more complex models, the days of picking up satellite images with an RTL-SDR and a few lines of Python are likely numbered.

Ford And HP Teamed Up To Drive Down Plastic Waste

April 3, 2021 by 25 Comments

This mass manufacturer movement towards electric cars is one thing, but what about sustainability on the plastic part production line? Ford and HP have teamed up to turn used 3D printed parts and powders into pellets that will be fodder for injection-molded parts — specifically the fuel-line clips for Super Duty F250 trucks.

Two of the sustainably-made fuel clips.

According to Ford’s press release, their goal is to reach 100% sustainable materials in all their vehicles, not just the diesel-drinking Super Duty. Their research team found ten other Fords whose existing fuel-line clips could instead be made sustainably, and the company plans to implement the recycled plastic clips on all future models.

There are all sorts of positives at play here: the recycled clips cost 10% less to make and end up weighing 7% less than traditionally-made clips, all the while managing to be more chemical and moisture resistant.

And so much plastic will be kept out of landfills, especially once this idea takes off and more manufacturers get involved with HP or form other partnerships. One of the sources of Ford’s plastic is Smile Direct Club, which has 60 printers cranking out over 40,000 dental aligners every day.

There’s more than one way to combine 3D printing and sustainability. Did someone say fungal sound absorbers?

[Images via Ford]

Python Will Soon Support Switch Statements

April 2, 2021 by 113 Comments

Rejoice! Gone are the long chains of ifelse statements, because switch statements will soon be here — sort of. What the Python gods are actually giving us are match statements. match statements are awfully similar to switch statements, but have a few really cool and unique features, which I’ll attempt to illustrate below.

Continue reading “Python Will Soon Support Switch Statements”

This Week In Security: Ubiquity Update, PHP Backdoor, And Netmask

April 2, 2021 by 11 Comments

Back in January, we covered the news that Ubiquiti had a breach of undisclosed severity. One reader pointed out the compromise of a handful of devices as potentially related. With no similar reports out there, I didn’t think too much of it at the time. Now, however, a whistleblower from Ubiquiti has given Krebs the juicy details.

The “third party cloud provider” the original disclosure referred to was Amazon Web Services (AWS). According to the whistleblower, just about everything was accessible, including the keys to log in to any Ubiquiti device on the internet, so long as it was cloud enabled. The attackers installed a couple of backdoors in Ubiquiti’s infrastructure, and sent a 50 bitcoin blackmail threat. To their credit, Ubiquiti ignored the blackmail and cleaned up the mess.

To the claim that there was no evidence attackers had accessed user accounts, it seems that the database in question simply has no logging enabled. There was no evidence, because nothing was watching. So far, I’ve only seen the one report of device compromise that was potentially a result of the attack. If you had a Ubiquiti device go rogue around December 2020 – January 2021, be sure to let us know. Continue reading “This Week In Security: Ubiquity Update, PHP Backdoor, And Netmask”

JIT Vs. AM: Is Additive Manufacturing The Cure To Fragile Supply Chains?

April 1, 2021 by 46 Comments

As fascinating and frustrating as it was to watch the recent Suez canal debacle, we did so knowing that the fallout from it and the analysis of its impact would be far more interesting. Which is why this piece on the potential of additive manufacturing to mitigate supply chain risks caught our eye.

We have to admit that a first glance at the article, by [Davide Sher], tripped our nonsense detector pretty hard. After all, the piece appeared in 3D Printing Media Network, a trade publication that has a vested interest in boosting the additive manufacturing (AM) industry. We were also pretty convinced going in that, while 3D-printing is innovative and powerful, even using industrial printers it wouldn’t be able to scale up enough for print parts in the volumes needed for modern consumer products. How long would it take for even a factory full of 3D-printers to fill a container with parts that can be injection molded in their millions in China?

But as we read on, a lot of what [Davide] says makes sense. A container full of parts that doesn’t arrive exactly when they’re needed may as well never have been made, while parts that are either made on the factory floor using AM methods, or produced locally using a contract AM provider, could be worth their weight in gold. And he aptly points out the differences between this vision of on-demand manufacturing and today’s default of just-in-time manufacturing, which is extremely dependent on supply lines that we now know can be extremely fragile.

So, color us convinced, or at least persuaded. It will certainly be a while before all the economic fallout of the Suez blockage settles, and it’ll probably longer before we actually see changes meant to address the problems it revealed. But we would be surprised if this isn’t seen as an opportunity to retool some processes that have become so optimized that a gust of wind could take them down.

Raspberry Pi Zero Beams Back Video From 100,000 Feet

March 26, 2021 by 13 Comments

The Project Horus team routinely launches high-altitude balloons in Australia. However, despite their desire for it, they haven’t beamed back live video. Until now. Horus 55 beamed video back to the ground from over 100,000 feet using a Raspberry Pi and some software-defined radio gear. Be sure and check out their video, below.

You might think this is easy, but there are many technical hurdles. First, the transmitter needs some power, but the thin atmosphere creates problems with cooling. In addition a really good receiving station is required, and the project wanted to stream that video to the Internet, which they were able to do.

The balloon carried a Raspberry Pi Zero W to capture and compress video. A LimeSDR Mini provided the DVB-S transmission on 70cm along with a power amplifier to get to about 800mW. Power dissipation in the payload was about 6 watts and required a special heat sink system to operate. The payload was powered by eight lithium AA primary cells, which perform well at low temperatures.

Continue reading “Raspberry Pi Zero Beams Back Video From 100,000 Feet”

This Week In Security: XcodeSpy, Insecure SMS, And Partial Redactions

March 26, 2021 by 25 Comments

There seems to be a new trend in malware, targeting developers and their development and build processes. The appeal is obvious: rather than working to build and market a malicious application, an attacker just needs to infect a development machine. The hapless infected developers can now do the hard work to spread the malicious payload.

The newest example is XcodeSpy, discovered by a researcher who chose to remain anonymous. It works by using the Xcode IDE’s Run Script function to, well, run a script that completely backdoors your computer. The instance was found in a repackaged open source project, TabBarInteraction, but they’re just innocent victims. It was simple enough for someone to insert a script in the build process, and distribute the new, doped package. It’s probably not the only one out there, so watch out for Run Scripts with obfuscated payloads.

Continue reading “This Week In Security: XcodeSpy, Insecure SMS, And Partial Redactions”