News

3609 Articles

The Special Fridges Behind The COVID-19 Vaccine, Why It’s Surprisingly Difficult To Be That Cool

November 17, 2020 by 162 Comments

One of the big stories last week was the announcement of results from clinical trials that suggest a new COVID-19 vaccine developed through the joint effort of the American and German companies Pfizer and BioNTech is strongly effective in providing immunity from the virus. In the midst of what is for many countries the second spike of the global pandemic this news has been received with elation as well as becoming the subject of much political manoeuvring.

While we currently have two vaccine candidates with very positive testing results, one of the most interesting things for us is the need to keep doses of the Pfizer/BioNTech vaccine extremely cold until they are administered. Let’s dig into details of the refrigeration problem at hand.

Continue reading “The Special Fridges Behind The COVID-19 Vaccine, Why It’s Surprisingly Difficult To Be That Cool”

Youtube-dl Makes Their Case, Returns To GitHub

November 16, 2020 by 47 Comments

Last month, the GitHub repository for the popular program youtube-dl was taken down in response to a DMCA takedown notice filed by the Recording Industry Association of America (RIAA). The crux of the RIAA complaint was that the tool could be used to download local copies of music streamed from various platforms, a claim they said was supported by the fact that several copyrighted music files were listed as unit tests in the repository.

While many believed this to be an egregious misrepresentation of what the powerful Python program was really used for, the RIAA’s argument was not completely without merit. As such, GitHub was forced to comply with the DMCA takedown until the situation could be clarified. Today we’re happy to report that has happened, and the youtube-dl repository has officially been reinstated.

Represented by the Electronic Frontier Foundation, the current maintainers of youtube-dl made their case to GitHub’s DMCA agent in a letter this afternoon which explained how the tool worked and directly addressed the issue of copyrighted videos being used as test cases in the source code. They maintain that their program does not circumvent any DRM, and that the exchange between the client and server is the same as it would be if the user had viewed the resource with a web browser. Further, they believe that downloading a few seconds worth of copyrighted material for the purpose of testing the software’s functionality is covered under fair use. Even still, they’ve decided to remove all references to the songs in question to avoid any hint at impropriety.

Having worked closely with the youtube-dl developers during this period, GitHub released their own statement to coincide with the EFF letter. They explained that the nature of the RIAA’s original complaint forced their hand, but that they never believed taking down the repository was the right decision. Specifically, they point out the myriad of legitimate reasons that users might want to maintain local copies of streamed media. While GitHub says they are glad that this situation was resolved quickly, they’ll be making several changes to their internal review process to help prevent further frivolous takedowns. Specifically the company says they will work with technical and legal experts to review the source code in question before escalating any further, and that if there’s any ambiguity as to the validity of the claim, they’ll side with the developers.

The Internet was quick to defend youtube-dl after the takedown, and we’re happy to see that GitHub made good on their promises to work with the developers to quickly get the repository back online. While the nature of open source code meant that the community was never in any real danger of losing this important tool, it’s in everyone’s best interest that development of the project can continue in the open.

Vectron Adds Basic And Christmas Tree Control

November 16, 2020 by 9 Comments

Not content to leave things alone, [Nick Bild] has updated his nearly practical breadboard 6502 Vectron project once again by adding Tiny Basic and home tree automation. Instead of using an LCD module like last time, or his custom-built VGA output using 7400-series logic, [Nick] chose to go modern this time and implemented a VGA output using a TinyFPGA BX.

Tiny Basic was one of the first versions of Basic released after Bill Gates famous open letter to hobbyists in 1976. While Altair Basic was selling for $150, Tom Pittman wrote Tiny Basic for the 6800 and sold it for only $5 (don’t worry, Tom has since made it free to use). We got a kick out of browsing the Tiny Basic manual and learning that our serial number can be found on the paper tape leader, and that a Teletype will generally receive one more character, at least, after getting the X-OFF control signal.

In the video, you can see [Nick] running a short Basic program and operating his Christmas tree lights from the Vectron, although it’s only on-off control. He suggests that a PCB version is in the works, but he’s having trouble deciding when to quit adding features.  That’s a conundrum we know all too well.

Continue reading “Vectron Adds Basic And Christmas Tree Control”

Wireless Earphones And Getting Them Back After They Fall On Tram Tracks

November 13, 2020 by 34 Comments

Over the past years, the trend has become to ditch anything with wires. This has led to many people dropping wired earphones and headphones for wireless (Bluetooth) versions. Yet along with the freedom from having the wires snagged on something and having earphones painfully torn out of your ears comes the very real risk of having them drop out of your ears to land potentially very inconvenient.

In Japan this has led to a big issue for railway companies, where throngs of commuters will often accidentally drop possessions onto the tracks. Staff members will then use a mechanical claw (‘magic hand’) to fetch them without having to risk their life by jumping down. With small items such as wireless earphones, this is however not so easy. With 947 cases of dropped earphones in the period of July-September in just the Tokyo area, this has led to desperate staff members coming up with new methods of easily retrieving the small gadgets.

Solutions range from putting something sticky like tape at the end of a stick, to modifying vacuum cleaners. Most recently Tokyo railway company JR East has collaborated with Panasonic to develop a vacuum cleaner-like device that is especially designed to easily retrieve such small items from the tracks, according to the Japan Times article.

The embedded video (also found after the break) from a Japanese broadcaster describes the issue in detail, along with tips on how to properly wear earphones so that they’re far less likely to fall out when you’re waiting on the tram or walking down the street. While it’s possible to fetch your dropped wireless earphones from the tracks, having someone step on it right after it falls out of your ear on the street is less easy to recover from.

Continue reading “Wireless Earphones And Getting Them Back After They Fall On Tram Tracks”

This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming

November 13, 2020 by 9 Comments

Git’s Large File System is a reasonable solution to a bit of a niche problem. How do you handle large binary files that need to go into a git repository? It might be pictures or video that is part of a project’s documentation, or even a demonstration dataset. Git-lfs’s solution is to replace the binary files with a text-based pointer to where the real file is hosted. That’s not important to understanding this vulnerability, though. The problem is that git-lfs will call the main git binary as part of its operation, and when it does so, the full path is not used. On a Unix system, that’s not a problem. The $PATH variable is used to determine where to look for binaries. When git is run, /usr/bin/git is automagically run. On a Windows system, however, executing a binary name without a path will first look in the current directory, and if a matching executable file is not found, only then will the standard locations be checked.

You may already see the problem. If a repository contains a git.exe, git.bat, or another git.* file that Windows thinks is executable, git-lfs will execute that file instead of the intended git binary. This means simply checking out a malicious repository gets you immediate code execution. A standard install of git for Windows, prior to 2.29.2.2, contains the vulnerable plugin by default, so go check that you’re updated!

Then remember that there’s one more wrinkle to this vulnerability. How closely do you check the contents of a git download before you run the next git command? Even with a patched git-lfs version, if you clone a malicious repository, then run any other git command, you still run the local git.* file. The real solution is pushing the local directory higher up the path chain. Continue reading “This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming”

After Eight-Month Break, Deep Space Network Reconnects With Voyager 2

November 12, 2020 by 48 Comments

When the news broke recently that communications had finally been re-established with Voyager 2, I felt a momentary surge of panic. I’ve literally been following the Voyager missions since the twin space probes launched back in 1977, and I’ve been dreading the inevitable day when the last little bit of plutonium in their radioisotope thermal generators decays to the point that they’re no longer able to talk to us, and they go silent in the abyss of interstellar space. According to these headlines, Voyager 2 had stopped communicating for eight months — could this be a quick nap before the final sleep?

Thankfully, no. It turns out that the recent blackout to our most distant outpost of human engineering was completely expected, and completely Earth-side. Upgrades and maintenance were performed on the Deep Space Network antennas that are needed to talk to Voyager. But that left me with a question: What about the rest of the DSN? Could they have not picked up the slack and kept us in touch with Voyager as it sails through interstellar space? The answer to that is an interesting combination of RF engineering and orbital dynamics.

Continue reading “After Eight-Month Break, Deep Space Network Reconnects With Voyager 2”

Quick And Dirty Trebuchet Flings Mashed Potato

November 12, 2020 by 9 Comments

Thanksgiving is just round the corner and [mrak_ripple] was worried about serving food under social distancing conditions. Rather than bother with standard best practice, he chose to take a more exciting route – flinging side dishes with miniature siege weaponry. (Video, embedded below.)

The mashed potato trebuchet is a build in the modern style, relying on 8020 aluminium extrusion to allow for quick and easy assembly. It also takes advantage of what appears to be a heavy duty laser cutter, which creates strong steel brackets to hold everything together. The launcher cup to hold the mash is a 3D printed part, created in resin and held on the end of the arm with duct tape, since appropriate bolts didn’t fall to hand.

In the end, repeatability was a struggle, and we suspect the trebuchet won’t actually do food service on the holiday itself. However, it could certainly make for a fun game after dinner, seeing who can get the most mash onto a willing target. We’d love to see a mash cannon too, so if you’ve built one, drop us a line. Of course, if you’re into weirder, high performance designs, the flywheel trebuchet may be more your speed. Video after the break.

Continue reading “Quick And Dirty Trebuchet Flings Mashed Potato”