Google is pulling the plug on their social network, Google+. Users still have the better part of a year to say their goodbyes, but if the fledgling social network was a ghost town before, news of its imminent shutdown isn’t likely to liven the place up. A quick check of the site as of this writing reveals many users are already posting their farewell messages, and while there’s some rallying behind petitions to keep the lights on, the majority realize that once Google has fallen out of love with a project there’s little chance of a reprieve.
To say that this is a surprise would be disingenuous. We’d wager a lot of you already thought it was gone, honestly. It’s no secret that Google’s attempt at a “Facebook Killer” was anything but, and while there was a group of dedicated users to be sure, it never attained anywhere near the success of its competition.
According to a blog post from Google, the network’s anemic user base isn’t the only reason they’ve decided to wind down the service. A previously undisclosed security vulnerability also hastened its demise, a revelation which will particularly sting those who joined for the privacy-first design Google touted. While this fairly transparent postmortem allows us to answer what ended Google’s grand experiment in social networking, there’s still one questions left unanswered. Where are the soon to be orphaned Google+ users supposed to go?
Microsoft is bringing ROS to Window 10. ROS stands for Robot Operating System, a software framework and large collection of libraries for developing robots which we recently wrote an introductory article about, It’s long been primarily supported under Linux and Mac OS X, and even then, best under Ubuntu. My own efforts to get it working under the Raspbian distribution on the Raspberry Pi led me to instead download a Pi Ubuntu image. So having it running with the support of Microsoft on Windows will add some welcome variety.
To announce it to the world, they had a small booth at the recent ROSCon 2018 in Madrid. There they showed a Robotis TurtleBot 3 robot running the Melodic Morenia release of ROS under Windows 10 IoT Enterprise on an Intel Coffee Lake NUC and with a ROS node incorporating hardware-accelerated Windows Machine Learning.
Why are they doing this? It may be to help promote their own machine learning products to roboticists and manufacturing. From their recent blog entry they say:
We’re looking forward to bringing the intelligent edge to robotics by bringing advanced features like hardware-accelerated Windows Machine Learning, computer vision, Azure Cognitive Services, Azure IoT cloud services, and other Microsoft technologies to home, education, commercial, and industrial robots.
Initially, they’ll support ROS1, the version most people will have used, but also have plans for ROS2. Developers will use Microsoft’s Visual Studio toolset. Thus far it’s an experimental release but you can give it a try by starting with the details here.
Nearly a decade ago my friend [Dru] gave me an unforgettable tour late at night of Stokes Croft, the inner suburb of Bristol known at the time for its counterculture and artistic scene. It’s a place dominated by building-sized graffiti and murals, and it has a particular association with the Bristolian street artist [Banksy]. If you’ve not seen a Banksy in the wild, the place to do it is by Bristol Saturday night street lighting to the sound of passing revelers and traffic on the A38.
[Banksy] is famous aside from his anonymity, for his pranks upon the art world. The (real) elephant in the room or the Dismalland theme park are his stock in trade, and you may have seen another prank of his in the news in the last day. One of his paintings, the 2006 Girl With A Balloon sold at auction for over a million quid, and as the gavel fell a hidden shredder in the picture frame sprang into life and partially shredded the canvas. The report suggests that a number of [Banksy]’s associates were present at the event, and that one of them was detained with a device that might have been a remote control trigger for the shredder. The quote from Sotheby’s Europe head of Contemporary Art, [Alex Branczik] says it all: “We got Banksy’d”.
The interior of the Banksy shredder frame, taken from a frame of the video.
[Banksy]’s cool and all that, but where’s the hack? The artist briefly put up a video with a few details, but aside from showing us a row of craft knife blades and a tantalizing but fleeting glimpse of a few equipment enclosures, it’s short on technical details. We can see what appears to be at least one motor, and those white boxes may be batteries, but that’s it.
This hasn’t stopped some fevered speculation as to how the feat was achieved. A home-made shredder would require a significant amount of readily available power, and since this one has seemingly lain undetected within the frame since 2006, that power source needs to have possessed both exceptional energy density and retention. We can’t imagine many consumer grade batteries in 2018 being able to retain a charge for twelve years, so how on earth did he do it? Our best guess is that a primary battery was involved, as anyone who has found a neglected Duracell in a box of electronics from their youth will tell you it’s not unknown for decent quality alkaline cells to live well beyond their shelf lives, and other chemistries are specifically designed with that property in mind. Even so, for the cells to power a receiver circuit in standby for so long would certainly tax their capabilities, so it has also been suggested that a concealed switch could have been flipped by a [Banksy] accomplice during the viewing phase to activate the system. There are still so many unanswered questions that it’s certainly piqued our technical curiosity. Sadly we don’t know [Banksy] to ask him how he did it, but we welcome speculation both informed and otherwise in the comments.
Our own [Joe Kim]’s tribute to the work in question.Meanwhile the piece itself lies half shredded and protruding from the base of the frame. On the face of it that’s ruined the painting as an artwork, but of course this is a Banksy. Normal rules seem not to apply, so the notoriety it has received will no doubt mean that its shredded remains are an artwork in themselves, and possibly even one worth more.
Banksy owners worldwide are no doubt now paying a huge amount more attention to the artist’s frames than previously, but Hackaday readers need not worry. Our London Unconference logo and stickers featured a [Joe Kim] homage to the Banksy in question, which we can guarantee does not incorporate an artist’s shredder.
When you think about the materials for your next large dancing robot build, soda bottles might not be the first thing that springs to mind. But they could work, according to TrussFab, a project from a group of students at the Hasso Plattner Instituit. Their system uses empty coke bottles and 3D printed connectors to build large structures, modeled in software that checks their load balance and safety. The team has modeled and built designs up to 5 meters high. Now, the project has taken a step further by adding linear actuators and hinges to the mix so you can create things that move, including a 4-meter high animatronic robot.
This morning Bloomberg is reporting a bombshell for hardware security. Companies like Amazon and Apple have found a malicious chip on their server motherboards. These are not counterfeit chips. They are not part of the motherboard design. These were added by the factory at the time of manufacture. The chip was placed among other signal conditioning components and is incredibly hard to spot as the nature of these motherboards includes hundreds of minuscule components.
Though Amazon and Apple have denied it, according to Bloomberg, a private security contractor in Canada found the hidden chip on server motherboards. Elemental Technologies, acquired by Amazon in 2015 for its video and graphics processing hardware, subcontracted Supermicro (Super Micro Computer, Inc.) to manufacture their server motherboards in China. It is unknown how many of the company’s products have this type of malicious hardware in them, equipment from Elemental Technologies has been supplied to the likes of government contractors as well as major banks and even reportedly used in the CIA’s drone operations.
How the Hack Works
The attacks work with the small chip being implanted onto the motherboard disguised as signal couplers. It is unclear how the chip gains access to the peripherals such as memory (as reported by Bloomberg) but it is possible it has something to do with accessing the bus. The chip controls some data lines on the motherboard that likely provide an attack vector for the baseboard management controller (BMC).
Hackaday spoke with Joe FitzPatrick (a well known hardware security guru who was quoted in the Bloomberg article). He finds this reported attack as a very believable approach to compromising servers. His take on the BMC is that it’s usually an ARM processor running an ancient version of Linux that has control over the major parts of the server. Any known vulnerability in the BMC would be an attack surface for the custom chip.
Data centers house thousands of individual servers that see no physical interaction from humans once installed. The BMC lets administrators control the servers remotely to reboot malfunctioning equipment among other administrative tasks. If this malicious chip can take control of the BMC, then it can provide remote access to whomever installed the chip. Reported investigations have revealed the hack in action with brief check-in communications from these chips though it’s difficult to say if they had already served their purpose or were being saved for a future date.
What Now?
Adding hardware to a design is fundamentally different than software-based hacking: it leaves physical evidence behind. Bloomberg reports on US government efforts to investigate the supply chain attached to these parts. It is worth noting though that the article doesn’t include any named sources while pointing the finger at China’s People’s Liberation Army.
The solution is not a simple one if servers with this malicious chip were already out in the field. Even if you know a motherboard has the additional component, finding it is not easy. Bloomberg also has unconfirmed reports that the next-generation of this attack places the malicious component between layers of the circuit board. If true, an x-ray would be required to spot the additional part.
A true solution for high-security applications will require specialized means of making sure that the resulting product is not altered in any way. This hack takes things to a whole new level and calls into question how we validate hardware that runs our networks.
Update: We changed the penultimate paragraph to include the word if: “…simple one if servers with…” as it has not been independently verified that servers were actually out in the field and companies have denied Bloomberg’s reporting that they were.
[Note: Image is a generic photo and not the actual hardware]
For all those who have complained about Rubik’s Cube solving robots in the past by dismissing purpose-built rigs that hold the cube in a non-anthropomorphic manner: checkmate.
The video below shows not only that a robot can solve the classic puzzle with mechanical hands, but it can also do it with just one of them – and that with only three fingers. The [Yamakawa] lab at the University of Tokyo built the high-speed manipulator to explore the kinds of fine motions that humans perform without even thinking about them. Their hand, guided by a 500-fps machine vision system, uses two opposing fingers to grip the lower part of the cube while using the other finger to flick the top face of the cube counterclockwise. The entire cube can also be rotated on the vertical axis, or flipped 90° at a time. Piecing these moves together lets the hand solve the cube with impressive speed; extra points for the little, “How’s that, human?” flick at the end.
If you are a lover of all-things remote-conteolled, it’s likely that you know a thing or two about controllers. You’ll have one or two of the things, both the familiar two-joystick type and the pistol-grip variety. But had you ever considered that there m ight be another means to do it? [Andrei] over at ELECTRONOOBS has posted a guide to a tilt-controlled RC car. It is a good example of how simple parts can be linked together to make something novel and entertaining, and a great starter project for an aspiring hacker.
An Arduino Nano reads from an accelerometer over an I2C bus, and sends commands over a wireless link, courtesy of a pair of HC-12 wireless modules. Another Nano mounted to the car decodes the commands, and uses a pair of H-bridges, which we’ve covered in detail, to control the motors.
The tutorial is well done, and includes details on the hardware and all the code you need to get rolling. Check out the build and demo video after the break.
![Our own [Joe Kim]'s tribute to the work in question.](https://hackaday.com/wp-content/uploads/2017/07/london.jpg)
