News

3617 Articles

Purdue’s Powerful Paint Could Cancel Climate Change

November 5, 2020 by 76 Comments

What if a building could stay cool simply because of its paint job? We’re not talking about putting flames on the sides. Purdue engineers have come up with a formulation of white paint that reflects the heat from sunlight and keeps surfaces cooler than their surroundings. Depending on the location, a building with this paint on the roof may not need air conditioning.

Radiative cooling paint is not a completely new animal, but the formulation developed at Purdue is quite impressive compared to commercially-available paints that only reflect 80-90% of sunlight.

Purdue’s paint reflects 95.5% of sunlight. It can keep surfaces up to 18°F cooler than their surroundings, even in direct sunlight. Where does the heat go? The paint radiates infrared heat, so it escapes the atmosphere and goes into deep space.

How does it do this? With abundantly available calcium carbonate fillers — the chalky stuff that antacids are made of. The paint absorbs next to no UV rays because of the wide band gaps in the atomic structure of calcium carbonate. Take a brief tour of this amazing paint after the break.

We wonder how many rooftops and roadways we’d have to paint with this stuff to have a chance at reversing climate change. It’s not terribly expensive to make, so the problem shifts to widespread education and adoption. What do you think?

Continue reading “Purdue’s Powerful Paint Could Cancel Climate Change”

Building Walks With Robot Legs

November 4, 2020 by 11 Comments

The Shanghai Evolution Shift company has just pulled off one of the most impressive robotic projects we’ve ever seen – making a building walk using 198 robotic legs. We’ve all seen structural relocation documentaries where large buildings are moved to new locations. This involves jacking up the building and installing a supporting platform on wheels, then carefully towing the building to its new site.

But the T shape of the five story, 7600 ton Lagena elementary school was problematic, and the route to the new site involved taking a curved path and rotating the building. This ruled out the more traditional methods of relocation. Robot legs came to the rescue. It took 18 days for the building to walk 62 meters and rotate 21 degrees to its new home. This project is part of a trend to preserve historic architecture rather than bulldoze everything to make space for modern buildings.

After watching the video below, we think you’ll agree that this is a unique application of robotics and an amazing engineering feat. Disclaimer – don’t try this at home. Thanks to [Chuckz] for sending us this tip.

Continue reading “Building Walks With Robot Legs”

Emmanuelle Charpentier And Jennifer Doudna Sharpened Mother Nature’s Genetic Scissors And Won The Nobel For It

November 3, 2020 by 8 Comments

It sounds like science fiction — and until 2012, the ability to cheaply and easily edit strings of DNA was exactly that. But as it turns out, CRISPR/Cas9 gene editing is a completely natural function in which bacteria catalogs its interactions with viruses by taking a snippet of the virus’ genetic material and filing it away for later.

Now, two women have won the 2020 Nobel Prize in Chemistry “for developing a method for genome editing”. Emmanuelle Charpentier and Jennifer Doudna leveraged CRISPR into a pair of genetic scissors and showed how sharp they are by proving that they can edit any string of DNA this way. Since Emmanuelle and Jennifer published their 2012 paper on CRISPR/Cas9, researchers have used these genetic scissors to create drought-resistant plants and look for new gene-based cancer therapies. Researchers are also hoping to use CRISPR/Cas9 to cure inherited diseases like Huntington’s and sickle cell anemia.

The discovery started with Emmanuelle Charpentier’s investigation of the Streptococcus pyogenes bacterium. She was trying to understand how its genes are regulated and was hoping to make an antibiotic. Once she teamed up with Jennifer Doudna, they found a scientific breakthrough instead.

Dr. Emmanuelle Charpentier via Wikimedia Commons

Emmanuelle Charpentier Fights Flesh-Eating Bacteria

Emmanuelle Charpentier was born December 11th, 1968 in Juvisy-sur-Orge, France. She studied biochemistry, microbiology, and genetics at the Pierre and Marie Curie University, which is now known as Sorbonne University. Then she received a research doctorate from Institut Pasteur and worked as a university teaching assistant and research scientist. Dr. Charpentier is currently a director at the Max Planck Institute for Infection Biology in Berlin, and in 2018, she founded an independent research unit.

Upon completion of her doctorate, Dr. Charpentier spent a few years working in the States before winding up at the University of Vienna where she started a research group. Her focus was still on the bacteria Streptococcus pyogenes, which causes millions of people to suffer through infections like tonsillitis and impetigo each year. It also causes sepsis, which officially makes it a flesh-eating bacterium.

Continue reading “Emmanuelle Charpentier And Jennifer Doudna Sharpened Mother Nature’s Genetic Scissors And Won The Nobel For It”

New Raspberry Pi 400 Is A Computer In A Keyboard For $70

November 2, 2020 by 248 Comments

The newest Raspberry Pi 400 almost-all-in-one computer is very, very slick. Fitting in the size of a small portable keyboard, it’s got a Pi 4 processor of the 20% speedier 1.8 GHz variety, 4 GB of RAM, wireless, Ethernet, dual HDMI outputs, and even a 40-pin Raspberry Standard IDE-cable style header on the back. For $70 retail, it’s basically a steal, if it’s the kind of thing you’re looking for because it has $55 dollars worth of Raspberry Pi 4 inside.

In some sense, it’s getting dangerously close to fulfilling the Raspberry Pi Dream. (And it’s got one more trick up it’s sleeve in the form of a huge chunk of aluminum heat-sinked to the CPU that makes us think “overclocking”.)

We remember the founding dream of the Raspberry Pi as if it were just about a decade ago: to build a computer cheap enough that it would be within everyone’s reach, so that every school kid could have one, bringing us into a world of global computer literacy. That’s a damn big goal, and while they succeeded on the first count early on, putting together a $35 single-board computer, the gigantic second part of that master plan is still a work in progress. As ubiquitous as the Raspberry Pi is in our circles, it’s still got a ways to go with the general population.

By Gareth Halfacree  CC BY-SA 2.0

The Raspberry Pi Model B wasn’t, and isn’t, exactly something that you’d show to my father-in-law without him asking incredulously “That’s a computer?!”. It was a green PCB, and you had to rig up your own beefy 5 V power supply, figure out some kind of enclosure, scrounge up a keyboard and mouse, add in a monitor, and only then did you have a computer. We’ve asked the question a couple of times, can the newest Raspberry Pi 4B be used as a daily-driver desktop, and answered that in the affirmative, certainly in terms of it having adequate performance.

But powerful doesn’t necessarily mean accessible. If you want to build your own cyberdeck, put together an arcade box, screw a computer into the underside of your workbench, or stack together Pi Hats and mount the whole thing on your autonomous vehicle testbed, the Raspberry Pi is just the ticket. But that’s the computer for the Hackaday crowd, not the computer for everybody. It’s just a little bit too involved.

The Raspberry Pi 400, in contrast, is a sleek piece of design. Sure, you still need a power supply, monitor, and mouse, but it’s a lot more of a stand-alone computer than the Pi Model B. It’s made of high-quality plastic, with a decent keyboard. It’s small, it’s light, and frankly, it’s sexy. It’s the kind of thing that would pass the father-in-law test, and we’d suggest that might go a long way toward actually realizing the dream of cheaply available universal (open source) computing. In some sense, it’s the least Hackaday Raspberry Pi. But that’s not saying that you might not want one to slip into your toolbag.

Continue reading “New Raspberry Pi 400 Is A Computer In A Keyboard For $70”

Ubuntu (Finally) Officially Lands On The Raspberry Pi. But Will Anyone Notice?

October 31, 2020 by 51 Comments

The Raspberry Pi has been with us for over eight years now, and during that time it has seen a myriad operating system ports. It seems that almost anything can be run on the little computer, but generally the offerings have seen minority uptake in the face of the officially supported Raspbian, or as it’s now called, Raspberry Pi OS.

Maybe that could change, with the arrival of an Ubuntu release for the platform. For those of you pointing out that this is nothing new, what makes the new version 20.10 release special is that it’s the first official full Ubuntu release, rather than an unofficial port.

So Raspberry Pi 4 owners can now install the same full-fat Ubuntu they have on their PCs, and with the same official Ubuntu support. What does this really do for them that Raspberry Pi OS doesn’t? Underneath they share Debian underpinnings, and they both benefit from a huge quantity of online resources should the user find themselves in trouble. Their repositories both contain almost every reasonable piece of software that could be imagined, so the average Pi user might be forgiven for a little confusion.

We don’t expect this news to take the Pi desktop world by storm then. Ubuntu is a powerful distribution, but it’s fair to say that it is not the least bloated among distributions, and that some of its quirks such as Snap applications leave many users underwhelmed. By contrast Raspberry Pi OS is relatively lightweight, and crucially it’s optimised for the Pi. Its entire support base online is specific to the Pi hardware, so the seeker of solutions need not worry about encountering some quirk in an explanation that pertains only to PC platforms.

It’s fair to say though, that this release is almost certainly not targeted at the casual desktop user. We’d expect that instead it will be in the Ubuntu portfolio for commercial and enterprise users, and in particular for the new Raspberry Pi 4 Compute Module in which it will no doubt form the underpinnings of many products without their owners ever realising it.

[via OMG Ubuntu]

Clara Rockmore. Photo by Renato Toppo, © The Nadia Reisenberg / Clara Rockmore Foundation

The Theremin Is 100 Years Old; Celebrating The Spookiest Of Instruments

October 30, 2020 by 16 Comments

It wouldn’t be October without Halloween, and it wouldn’t be Halloween without some spooky music. There’s no instrument spookier than a Theremin, which also happens to be one of the world’s first electronic instruments.

Leon Theremin plays his namesake instrument. Image via Linda Hall Library

You’ve no doubt heard the eerie, otherworldly tones of the Theremin in various 1950s sci-fi films, or heard the instrument’s one-of-a-kind cousin, the Electro-Theremin in “Good Vibrations” by the Beach Boys. The Theremin turns 100 years old this month, so we thought we’d take a look at this strange instrument.

One hundred years ago, a young Russian physicist named Lev Sergeyevich Termen, better known as Leon Theremin, was trying to invent a device to measure the density of various gases. In addition to the standard analog needle readout, he wanted another way to indicate the density, so he devised an oscillator whistle that would change pitch based on the density.

He discovered by accident that having his hand in the field of the antenna changed the pitch of the whistle, too. Then he did what any of us would do — played around until he made a melody, then called everyone else in the lab over to check it out.

Theremin soon showed his device to Lenin, who loved it so much that he sent Lev on a world tour to show it off. While in New York, he played it for Rachmaninoff and Toscanini. In fact you can see a video recording of Leon playing the instrument, a performance that’s more hauntingly beautiful than spooky. In 1928, he patented the Theremin in the United States and worked with RCA to produce them.

Continue reading “The Theremin Is 100 Years Old; Celebrating The Spookiest Of Instruments”

This Week In Security: Discord, Chromium, And WordPress Forced Updates

October 30, 2020 by 42 Comments

[Masato Kinugawa] found a series of bugs that, when strung together, allowed remote code execution in the Discord desktop app. Discord’s desktop application is an Electron powered app, meaning it’s a web page rendered on a bundled light-weight browser. Building your desktop apps on JavaScript certainly makes life easier for developers, but it also means that you inherit all the problems from running a browser and JS. There’s a joke in there about finally achieving full-stack JavaScript.

The big security problem with Electron is that a simple Cross Site Scripting (XSS) bug is suddenly running in the context of the desktop, instead of the browser. Yes, there is a sandboxing option, but that has to be manually enabled.

And that brings us to the first bug. Neither the sandbox nor the contextIsolation options were set, and so both defaulted to false. What does this setting allow an attacker to do? Because the front-end and back-end JavaScript runs in the same context, it’s possible for an XSS attack to override JS functions. If those functions are then called by the back-end, they have full access to Node.js functions, including exec(), at which point the escape is complete.

Now that we know how to escape Electron’s web browser, what can we use for an XSS attack? The answer is automatic iframe embeds. For an example, just take a look at the exploit demo below. On the back-end, all I have to do is paste in the YouTube link, and the WordPress editor does its magic, automatically embedding the video in an iframe. Discord does the same thing for a handful of different services, one being Sketchfab.

This brings us to vulnerability #2. Sketchfab embeds have an XSS vulnerability. A specially crafted sketchfab file can run some JS whenever a user interacts with the embedded player, which can be shoehorned into discord. We’re almost there, but there is still a problem remaining. This code is running in the context of an iframe, not the primary thread, so we still can’t override functions for a full escape. To actually get a full RCE, we need to trigger a navigation to a malicious URL in the primary pageview, and not just the iframe. There’s already code to prevent an iframe from redirecting the top page, so this RCE is a bust, right?

Enter bug #3. If the top page and the iframe are on different domains, the code preventing navigation never fires. In this case, JavaScript running in an iframe can redirect the top page to a malicious site, which can then override core JS functions, leading to a full escape to RCE.

It’s a very clever chaining of vulnerabilities, from the Discord app, to an XSS in Sketchfab, to a bug within Electron itself. While this particular example required interacting with the embedded iframe, it’s quite possible that another vulnerable service has an XSS bug that doesn’t require interaction. In any case, if you use Discord on the desktop, make sure the app is up to date. And then, enjoy the demo of the attack, embedded below.

Continue reading “This Week In Security: Discord, Chromium, And WordPress Forced Updates”