News

3619 Articles

Who’s Going On Your Fifty?

November 3, 2018 by 102 Comments

You can tell a lot about a country, its history and its politics, by taking a look at its banknotes. Who features on them, or in the case of studiously engineered international compromises such as the Euro, who doesn’t feature on them. Residents of the UK  have over the years been treated to a succession of historical worthies on their cash, and when a new revision of a banknote is announced you can be certain that the choice of famous person to adorn it will be front page news. Today we have a new banknote on the way, and this time the selection is squarely in Hackaday’s sphere of interest because the public is being urged to nominate a scientist for the honour. The note in question is the £50, the one that nobody uses and plenty of shops won’t even accept, but still, it’s an important choice that will replace the incumbents on the present version, steam engine pioneers Matthew Boulton and James Watt.

So, given a blank £50, who would you put on it? Candidates must be British, not fictional, and also no longer alive. Names in the frame include Ada, Countess Lovelace, Stephen Hawking, and Alan Turing, though with such a wide field to choose from there are sure to be many more front-runners. You might, for example, wish to consider Rosalind Franklin, but you can forget Isaac Newton, Charles Darwin, or Michael Faraday as they have all already featured on British banknotes.

Hackaday does not take sides in such endeavors, but it’s still an opportunity to back your most inspiring figure. As your scribe, it’s a tough one between Lovelace and Turing, though Turing probably wins by a short head. Who would you like to see on the next £50 note? The bank has produced a short promotional video which we’ve placed below the break.

Continue reading “Who’s Going On Your Fifty?”

FT8: Saving Ham Radio Or Killing It?

November 2, 2018 by 179 Comments

It is popular to blame new technology for killing things. The Internet killed newspapers. Video killed the radio star. Is FT8, a new digital technology, poised to kill off ham radio? The community seems evenly divided. In an online poll, 52% of people responding says FT8 is damaging ham radio.  But ham operator [K5SDR] has an excellent blog post about how he thinks FT8 is going to save ham radio instead.

If you already have an opinion, you have probably already raced down to the comments to share your thoughts. I’ll be honest, I think what we are seeing is a transformation of ham radio and like most transformations, it is probably both killing parts of ham radio and saving others. But if you are still here, let’s talk a little bit about what’s going on in ham radio right now and how it relates to the FT8 question. Oddly enough, our story starts with the strange lack of sunspots that we’ve been experiencing lately. Continue reading “FT8: Saving Ham Radio Or Killing It?”

Apple Kernel Code Vulnerability Affected All Devices

November 1, 2018 by 81 Comments

Another day, another vulnerability. Discovered by [Kevin Backhouse], CVE-2018-4407 is a particularly serious problem because it is present all throughout Apple’s product line, from the Macbook to the Apple Watch. The flaw is in the XNU kernel shared by all of these products.

This is a buffer overflow issue in the error handling for network packets. The kernel is expecting a fixed length of those packets but doesn’t check to prevent writing past the end of the buffer. The fact Apple’s XNU kernel powers all their products is remarkable, but issues like this are a reminder of the potential downside to that approach. Thanks to responsible disclosure, a patch was pushed out in September.

Anatomy of a Buffer Overflow

Buffer overflows aren’t new, but a reminder on what exactly is going on might be in order. In low level languages like C, the software designer is responsible for managing computer memory manually. They allocate memory, tagging a certain number of bytes for a given use. A buffer overflow is when the program writes more bytes into the memory location than are allocated, writing past the intended limit into parts of memory that are likely being used for a different purpose. In short, this overflow is written into memory that can contain other data or even executable code.

With a buffer overflow vulnerability, an attacker can write whatever code they wish to that out-of-bounds memory space, then manipulate the program to jump into that newly written code. This is referred to as arbitrary code execution. [Computerphile] has a great walk-through on buffer overflows and how they lead to code execution.

This Overflow Vulnerabilty Strikes Apple’s XNU Kernel

[Kevin] took the time to explain the issue he found in further depth. The vulnerability stems from the kernel code making an assumption about incoming packets. ICMP error messages are sent automatically in response to various network events. We’re probably most familiar with the “connection refused’ message, indicating a port closed by the firewall. These ICMP packets include the IP header of the packet that triggered the error. The XNU implementation of this process makes the assumption that the incoming packet will always have a header of the correct length, and copies that header into a buffer without first checking the length. A specially crafted packet can have a longer header, and this is the data that overflows the buffer.

Because of the role ICMP plays in communicating network status, a closed firewall isn’t enough to mitigate the attack. Even when sent to a closed port, the vulnerability can still trigger. Aside from updating to a patched OS release, the only mitigation is to run the macOS firewall in what it calls “stealth mode”. This mode doesn’t respond to pings, and more importantly, silently drops packets rather than sending ICMP error responses. This mitigation isn’t possible for watchOS and iOS devices.

The good news about the vulnerability is that a packet, malformed in this way, has little chance of being passed through a router at all. An attacker must be on the same physical network in order to send the malicious packet. The most likely attack vector, then, is the public WiFi at the local coffee shop.

Come back after the break for a demonstration of this attack in action.

Continue reading “Apple Kernel Code Vulnerability Affected All Devices”

Brain Cell Electronics Explains Wetware Computing Power

October 28, 2018 by 10 Comments

Neural networks use electronic analogs of the neurons in our brains. But it doesn’t seem likely that just making enough electronic neurons would create a human-brain-like thinking machine. Consider that animal brains are sometimes larger than ours — a sperm whale’s brain weighs 17 pounds — yet we don’t think they are as smart as humans or even dogs who have a much smaller brain. MIT researchers have discovered differences between human brain cells and animal ones that might help clear up some of that mystery. You can see a video about the work they’ve done below.

Neurons have long finger-like structures known as dendrites. These act like comparators, taking input from other neurons and firing if the inputs exceed a threshold. Like any kind of conductor, the longer the dendrite, the weaker the signal. Naively, this seems bad for humans. To understand why, consider a rat. A rat’s cortex has six layers, just like ours. However, whereas the rat’s brain is tiny and 30% cortex, our brains are much larger and 75% cortex. So a dendrite reaching from layer 5 to layer 1 has to be much longer than the analogous neuron in the rat’s brain.

These longer dendrites do lead to more loss in human brains and the MIT study confirmed this by using human brain cells — healthy ones removed to get access to diseased brain cells during surgery. The researchers think that this greater loss, however, is actually a benefit to humans because it helps isolate neurons from other neurons leading to increased computing capability of a single neuron. One of the researchers called this “electrical compartmentalization.” Dig into the conclusions found in the research paper.

We couldn’t help but wonder if this research would offer new insights into neural network computing. We already use numeric weights to simulate dendrite threshold action, so presumably learning algorithms are making weaker links if that helps. However, maybe something to take away from this is that less interaction between neurons and groups of neurons may be more helpful than more interaction.

Watching them probe neurons under the microscope reminded us of probing on an IC die. There’s a close tie between understanding the brain and building better machines so we try to keep an eye on the research going on in that area.

Continue reading “Brain Cell Electronics Explains Wetware Computing Power”

Travel To Mercury On Ion Power

October 27, 2018 by 69 Comments

Star Trek — as much as we love it — was guilty sometimes of a bit of hyperbole and more than its share of inconsistency. In some episodes, ion drives were advanced technology and in others they were obsolete. Make up your mind!

The ESA-JAXA BepiColombo probe is on its way to Mercury riding on four ion thrusters developed by a company called QinetiQ. But unlike the ion drive featured in the infamous “Spock’s Brain” episode, BepiColombo will take over seven years to get to Mercury. That’s because these ion drives are real.

The craft is actually two spacecraft in one with two different Mercury missions. The Mercury planetary orbiter will study the surface while the magnetosphere orbiter will study the little planet’s magnetic field. Check out a video about the mission, below. The second video shows [Neil Wallace] talking about how the ion propulsion — also known as solar electric engines — differ from traditional chemical thrusters.

Continue reading “Travel To Mercury On Ion Power”

Competitive Surface Mount Soldering Comes To Supercon

October 26, 2018 by 26 Comments

Who will show the best soldering skills at the Hackaday Superconference next week? We have a little — in fact, a very little — challenge for you: solder surface mount components down to a tiny 0201 package. This is the SMD Soldering Challenge and successfully finishing the board at all shows off the best of hand soldering skills, but during the weekend we’ll also keep a running leader board.

Ballpoint pen for scale

For the event we’re using the SMD Challenge board by MakersBox which utilizes a SOIC8 ATtiny85 to drive LED/resistor pairs in 1206, 0805, 0603, 0402, and 0201 packages. There will be a 5 minute inspection time at the start of the heat to open the kit, get familiar with the board, and confirm that you have all of the components and tools you need. We suggest not sneezing while placing that 0201 part down on the board — there is a spare set of 0201 parts only in the kit so you might get one extra chance with the smallest parts if you need it, but replacements will not be provided for parts lost during the heat.

There will be eight heats of six people participating so make sure you get signed up as soon as you get to Supercon. You can only compete once and you must use our soldering iron and solder. We will also have magnifiers, tweezers, flux, and desoldering braid on hand. You can bring reasonable tools and other support materials; Supercon staff running the challenge are the arbiters of “reasonable” in this case.

Scoring is based on time, completion, functionality (of the circuits you attempted to complete), neatness, and solder joint quality. If the top score is a tie, the fastest time across all the heats will be the winner. The official rules are on the event page so take a moment to look them over.

Don’t think it is going to be easy. Here’s a quote from the SMD Challenge board project page:

Be warned that trying to hand solder a 0201 package, which is just slightly larger than a grain of sand, may be considered evidence of insanity and get you committed to bad places by your loved ones and/or arch nemesis

The real prize is the bragging rights of being the Hackaday soldering virtuoso. Do you have what it takes? Someone reading this right now will be. But the first step is to show up at the Hackaday Superconference. See you there and good luck!

DMCA Review: Big Win For Right To Repair, Zero For Right To Tinker

October 26, 2018 by 35 Comments

This year’s Digital Millennium Copyright Act (DMCA) triennial review (PDF, legalese) contained some great news. Particularly, breaking encryption in a product in order to repair it has been deemed legal, and a previous exemption for reverse engineering 3D printer firmware to use the filament of your choice has been broadened. The infosec community got some clarification on penetration testing, and video game librarians and archivists came away with a big win on server software for online games.

Moreover, the process to renew a previous exemption has been streamlined — one used to be required to reapply from scratch every three years and now an exemption will stand unless circumstances have changed significantly. These changes, along with recent rulings by the Supreme Court are signs that some of the worst excesses of the DMCA’s anti-circumvention clause are being walked back, twenty years after being enacted. We have to applaud these developments.

However, the new right to repair clause seems to be restricted to restoring the device in question to its original specifications; if you’d like to hack a new feature into something that you own, you’re still out of luck. And while this review was generally favorable of opening up technology to enable fair use, they didn’t approve Bunnie Huang’s petition to allow decryption of the encryption method used over HDMI cables, so building your own HDMI devices that display encrypted streams is still out. And the changes to the 3D printer filament exemption is a reminder of the patchwork nature of this whole affair: it still only applies to 3D printer filament and not other devices that attempt to enforce the use of proprietary feedstock. Wait, what?

Finally, the Library of Congress only has authority to decide which acts of reverse engineering constitute defeating anti-circumvention measures. This review does not address the tools and information necessary to do so. “Manufacture and provision of — or trafficking in — products and services designed for the purposes of circumvention…” are covered elsewhere in the code. So while you are now allowed decrypt your John Deere software to fix your tractor, it’s not yet clear that designing and selling an ECU-unlocking tool, or even e-mailing someone the decryption key, is legal.

Could we hope for more? Sure! But making laws in a country as large as the US is a balancing act among many different interests, and the Library of Congress’s ruling is laudably clear about how they reached their decisions. The ruling itself is worth a read if you want to dive in, but be prepared to be overwhelmed in apparent minutiae. Or save yourself a little time and read on — we’ve got the highlights from a hacker’s perspective.

Continue reading “DMCA Review: Big Win For Right To Repair, Zero For Right To Tinker”