So first off, remember the Unc0ver vulnerability/jailbreak from last week? In the 13.5.1 iOS release, the underlying flaw was fixed, closing the jailbreak. If you intend to jailbreak your iOS device, make sure not to install this update. That said, the normal warning applies: Be very careful about running out-of-date software.
Apple Sign In
An exploit in Apple’s web authentication protocol was fixed in the past week . Sign In With Apple is similar to OAuth, and allows using an Apple account to sign in to other sites and services. Under the hood, a JSON Web Token (JWT) gets generated and passed around, in order to confirm the user’s identity. In theory, this scheme even allows authentication without disclosing the user’s email address.
[Thoquz] wrote to us about an interesting GitHub project by [Valmantas Palikša] involving the porting of the Black Magic firmware to ESP8266. For those who are unaware, Black Magic Probe is firmware along with a range of official and third-party boards that targets the debugging of Cortex-M and Cortex-A MCUs and SoCs.
With this blackmagic-espidf project, one can use any ESP8266 board that has at least 2 MB of Flash program storage, though 1 MB should be possible if OTA updated are disabled. After flashing the firmware to the ESP8266 board, the GDB server can be reached on TCP port 2022 and UDP 2023, with a serial port available via TCP/23, UDP2323, or via the physical TX0/RX0 pins on the ESP8266.
The target board to be debugged is hooked up by default to GPIO0 (SWDIO) and GPIO2 (SWCLK) for Serial Wire Debugging, though JTAG is also said to be supported. If set up properly, next one should be able to pop into a fresh remote GDB session:
With the launch of the SpaceX Demo-2 mission, the United States has achieved something it hasn’t done in nearly a decade: put a human into low Earth orbit with a domestic booster and vehicle. It was a lapse in capability that stretched on far longer than anyone inside or outside of NASA could have imagined. Through a series of delays and program cancellations, the same agency that put boot prints on the Moon and built the iconic Space Shuttle had been forced to rely on Russia to carry its astronauts into space since 2011.
But America’s slow return to human spaceflight can’t be blamed on the CST-100, or even Boeing, for that matter. Since the retirement of the Space Shuttle, NASA has been hindered by politics and indecisiveness. With a constantly evolving mandate from the White House, the agency’s human spaceflight program has struggled to make significant progress towards any one goal.
So after a false start due to bad weather, the first crewed launch of a SpaceX Crew Dragon capsule with two astronauts on board has gone ahead. After playing catch-up with the ISS for around 27 hours they’re now safely aboard. At times it seems that space launches have become everyday occurrences, but they are still heroes who have risked their lives in the furtherment of mankind’s exploration of space. Their achievement, and that of all the scientists, engineers, and other staff who stand behind them, is immense.
I watched the drama unfold via the live video feed. Having heaved a huge sigh of relief once they were safely in orbit, the feed cut to the studio, and then moved on to interview the NASA administrator Jim Bridenstine. He was naturally elated at a successful launch, and enthused about the agency’s achievement. You can watch the full interview embedded below, but what caught my attention was his parting sentence:
And if this can inspire a young child to become the next Elon Musk, or the next Jeff Bezos, or the next Sir Richard Branson, then that’s what this is all about
I was slightly shocked and saddened to hear this from the NASA administrator, because to my mind the careers of Musk, Bezos, or Branson should not be the ones first brought to mind by a space launch. This isn’t a comment on those three in themselves; although they have many critics it is undeniable that they have each through their respective space companies brought much to the world of space flight. Instead it’s a comment on what a NASA administrator should be trying to inspire in kids.
Ask yourself how many billionaire masters-of-the-universe it takes for a successful space race compared to the number of scientists, engineers, mathematicians, technicians, physicists, et al. From the anecdote of the NASA administrator it takes about three, but if he is to make good on his goal of returning to the Moon in 2024 and then eventually taking humanity to Mars it will take a generation packed full of those other roles. To understand that we’ll have to take a trip back to the Apollo era, and how that generation of kids were inspired by the spacecraft on their screens.
Inspiration from probably the coolest room in the world at the time, the Apollo mission control in Houston. NASA on The Commons / No restrictions
Fifty years ago, we were very much on the brink of becoming a spacefaring planet. American astronauts were taking their first steps on the Moon, and Soviet cosmonauts were occupying real space stations that would soon be capable of housing them for months at a time. Planetary probes were returning colour TV pictures from other worlds, and it was certain that in the immediate aftermath of the Apollo programme we’d be sending astronauts and probably cosmonauts too further afield. A Mars base in the 1980s perhaps, and following our fictional Star Trek heroes further afield thereafter.
We now know it didn’t quite work out that way, but a whole generation of tech-inclined kids grew up wanting nothing more than to be involved in space flight. The vast majority of us never made it, but with that inspiration we took our soldering irons and 8-bit home computers and ran with them. Those NASA folks were the coolest of role-models, and no doubt their Soviet equivalents were too for kids on the other side of the Iron Curtain.
With the best will in the world, the chances of any kid becoming the next Jeff Bezos is about as high as that of their becoming the next Neil Armstrong. Compared to the number of kids in the world, the number of billionaires and the number of astronauts both pale into statistical insignificance. But the chances of a kid becoming an engineer or a scientist is much higher, and in those careers their chances of having some of their work be involved with the space effort becomes not entirely unlikely.
I understand what the NASA administrator was trying to say, but can’t shake the feeling that if those are the people he rolls out to inspire kids watching a space launch, he’s missed an opportunity. Those are the names we all recognize, but shouldn’t we also elevate the people making the scientific breakthroughs so their names are equally recognized? Like Margaret Hamilton, Gene Kranz, and Sergei Korolev and many others before them, we should be making names like Tom Mueller and Margarita Marinova prominent examples of where a career in the sciences can take you. But to be honest, the real problem is we just don’t hear much about all the people doing this fascinating engineering and that’s a sad state of affairs.
Looks like it’s time for Hackaday to pursue a biography series based on the many great minds who are the ones delivering on the promise and vision of today’s (and tomorrow’s) space race. Get us started by talking about your favorite behind the scenes science folks in the comments below.
Researchers at the NCCGroup have been working on a 5-part explanation of a Windows kernel vulnerability, targeting the Kernel Transaction Manager (KTM). The vulnerability, CVE-2018-8611, is a local privilege escalation bug. There doesn’t seem to be a way to exploit this remotely, but it is an interesting bug, and NCCGroup’s work on it is outstanding.
They start with a bit of background on what the KTM is, and why one might want to use it. Next is a handy guide to reverse engineering Microsoft patches. From there, they describe the race condition and how to actually exploit it. They cover a wide swath in the series, so go check it out.
Left4Dead 2
Just a reminder that bugs show up where you least expect them, [Hunter Stanton] shares his story of finding a code execution bug in the popular Valve game, Left4Dead 2. Since the game’s code isn’t available to look at, he decided to go the route of fuzzing. The specific approach he took was to fuzz the navigation mesh data, part of the data contained in each game map. Letting the Basic Fuzzing Framework (BFF) run for three days turned up a few possible crashes, and the most promising turned out to have code execution potential. [Hunter] submitted the find through Valve’s HackerOne bug bounty program, and landed a cool $10k bounty for his trouble.
Originally released on June 23rd of last year, the Pi 4 came with three different options for 1, 2, or 4 GB of memory. But just a few days later, Hackaday reported on an Easter egg in the user guide that referenced an 8 GB option.
So why didn’t this version get released in 2019? That’s the crazy thing about this story. In the announcement [Eben] mentions that the Pi’s design is capable of addressing up to 16 GB of LPDDR4 SDRAM (we say bring it, but that’s a discussion for a different day). It took a year to get here because there wasn’t a source available for this 8 gig version until Micron began manufacturing the chip earlier this year.
Also addressed in this announcement is a looming changeover that was bound to happen eventually: the move from 32-bit to 64-bit operating systems on the Pi. While a 32-bit image can access all of this larger memory across multiple process, it can’t devote more than 3 GB to a single Linux process because of address space limitations. Simply put, you need more bits to access the higher addresses. Moving to a 64-bit system accomplishes that, something you can do by running unofficial builds on the Pi, but the official build didn’t support it until today’s announcement of a 64-bit beta image.
This is inevitable, not purely because of this memory limitation, but because we’ve seen examples where the juggernaut of Linux development has its own eye on a 64-bit future. Official images for Raspberry Pi have always been 32-bits, and remain so for now, but the wind is beginning to blow for this and future hardware offerings that are bumping up against limitations. Along with the news of this impending architecture switch over, the official operating system has also gotten a name change: Raspbian will henceforth be known as Raspberry Pi OS.
When [Jenny List] first reported on the 8 GB rumors last June, she speculated that today’s announcement would happen on February 29th of this year. Why the leap day? It happened to be the 8th birthday of Raspberry Pi and synced up nicely with an 8 GB surprise. Today’s announcement drops the morsel of trivia that the foundation was indeed planning on that date, but missed it by three months due to supply chain disruption associated with the coronavirus pandemic that prevented them from sourcing all the parts necessary for the new power supply design included in this revision.
We’d love to hear your thoughts on this move. Do you need 8 GB on your Pi, and does the 3 GB limitation of a 32-bit kernel matter to you? Let us know in the comments below.
If we could run back 2020 to its beginning and get a do-over, chances are pretty good that we’d do a lot of things differently. There’s a ton of blame to go around on COVID-19, but it’s safe to say that one of the biggest failures of this whole episode has been the lack of cheap, quick, accurate testing for SARS-CoV-2, the virus behind the current pandemic. It’s not for lack of information; after all, Chinese scientists published the sequence of the viral genome very early in the pandemic, and researchers the world over did the same for all the information they gleaned from the virus as it rampaged around the planet.
But leveraging that information into usable diagnostics has been anything but a smooth process. Initially, the only method of detecting the virus was with reverse transcriptase-polymerase chain reaction (RT-PCR) tests, a fussy process that requires trained technicians and a well-equipped lab, takes days to weeks to return results, and can only tell if the patient has a current infection. Antibody testing has the potential for a quick and easy, no-lab-required test, but can only be used to see if a patient has had an infection at some time in the past.
What’s needed as the COVID-19 crisis continues is a test with the specificity and sensitivity of PCR combined with the rapidity and simplicity of an antibody test. That’s where a new assay, based on the latest in molecular biology methods and dubbed “STOPCovid” comes in, and it could play a major role in diagnostics now and in the future.
