News

3651 Articles

Foreshadow: The Sky Is Falling Again For Intel Chips

August 14, 2018 by 46 Comments

It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.

The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate private regions of memory. These private regions of memory, or enclaves, were designed for VMs and DRM.

How Foreshadow Works

The Foreshadow attack utilizes speculative execution, a feature of modern CPUs most recently in the news thanks to the Meltdown and Spectre vulnerabilities. The Foreshadow attack reads the contents of memory protected by SGX, allowing an attacker to copy and read back private keys and other personal information. There is a second Foreshadow attack, called Foreshadow-NG, that is capable of reading anything inside a CPU’s L1 cache (effectively anything in memory with a little bit of work), and might also be used to read information stored in other virtual machines running on a third-party cloud. In the worst case scenario, running your own code on an AWS or Azure box could expose data that isn’t yours on the same AWS or Azure box. Additionally, countermeasures to Meltdown and Spectre attacks might be insufficient to protect from Foreshadown-NG

The researchers behind the Foreshadow attacks have talked with Intel, and the manufacturer has confirmed Foreshadow affects all SGX-enabled Skylake and Kaby Lake Core processors. Atom processors with SGX support remain unaffected. For the Foreshadow-NG attack, many more processors are affected, including second through eighth generation Core processors, and most Xeons. This is a significant percentage of all Intel CPUs currently deployed. Intel has released a security advisory detailing all the affected CPUs.

MIT Makes Washable LED Fabric

August 13, 2018 by 16 Comments

Let’s face it, one of the challenges of wearable electronics is that people are filthy. Anything you wear is going to get dirty. If it touches you, it is going to get sweat and oil and who knows what else? And on the other side it’s going to get spills and dirt and all sorts of things we don’t want to think about on it. For regular clothes, that’s not a problem, you just pop them in the washer, but you can’t say the same for wearable electronics. Now researchers at MIT have embedded diodes like LEDs and photodetectors, into a soft fabric that is washable.

Traditionally, fibers start as a larger preform that is drawn into the fiber while heated. The researchers added tiny diodes and very tiny copper wires to the preform. As the preform is drawn, the fiber’s polymer keeps the solid materials connected and in the center. The polymer protects the electronics from water and the team was able to successfully launder fabric made with these fibers ten times.

Continue reading “MIT Makes Washable LED Fabric”

Tariff Expansion Set To Hit 3D-Printing Right In The Filament

August 12, 2018 by 139 Comments

Mere weeks after tariffs were put into place raising the cost of many Chinese-sourced electronics components by 25%, a second round of tariffs is scheduled to begin that will deal yet another blow to hackers. And this time it hits right at the heart of our community: 3D-printing.

A quick scan down the final tariff list posted by the Office of the US Trade Representative doesn’t reveal an obvious cause for concern. In among the hundreds of specific items listed one will not spot “Filaments for additive manufacturing” or anything else that suggests that 3D-printing supplies are being targeted. But hidden in the second list of tariff items, wedged into what looks like a polymer chemist’s shopping list, are a few entries for “Monofilaments with cross-section dimension over 1 mm.” Uh-oh!

Continue reading “Tariff Expansion Set To Hit 3D-Printing Right In The Filament”

Homebrew Pancreas Gets 30 Minutes Of Fame

August 9, 2018 by 25 Comments

It is pretty unusual to be reading Bloomberg Businessweek and see an article with the main picture featuring a purple PCB (the picture above, in fact). But that’s just what we saw this morning. The story is about an open source modification to an insulin pump known as the RileyLink. This takes advantage of older Medtronic brand insulin pumps and allows you to control the BLE device from a smartphone remotely and use more sophisticated software to control blood sugar levels.

Of course, the FDA isn’t involved. If they were, the electronics would cost $7,000 instead of $250 — although, in fairness, that $250 doesn’t cover the cost of the used pump. Why it has to be a used pump is a rather interesting story. The only reason the RileyLink is possible is due to a security flaw and an active hacker community.

Continue reading “Homebrew Pancreas Gets 30 Minutes Of Fame”

Help Save Some Of Australia’s Computer History From The Bulldozers

August 4, 2018 by 18 Comments

When multiple tipsters write in to tell us about a story, we can tell it’s an important one. This morning we’ve received word that the holding warehouse of the Australian Computer Museum Society in the Sydney suburb of Villawood is to be imminently demolished, and they urgently need to save the artifacts contained within it. They need Aussies with spare storage capacity of decent size to help them keep and store the collection, and they only have a few days during which to do so.

The ever-effusive Dave from EEVblog has posted a video in which he takes a tour, and like us he’s continually exclaiming over the items he finds. An EAI analog computer, a full set of DEC PDP-11 technical documentation, a huge Intel development system, Tektronix printers, huge DEC racks, memory cards for VAXen, piles and piles of boxes of documentation, and much, much more.

So, if you are an Aussie within reach of Sydney who happens to have a currently-unused warehouse, barn, or industrial unit that could house some of this stuff, get in touch with them quickly. Some of it may well be junk, but within that treasure trove undoubtedly lies a lot of things that need to be saved. We’d be down there ourselves, but are sadly on the other side of the world.

Continue reading “Help Save Some Of Australia’s Computer History From The Bulldozers”

Crowdfunding: !Sinclair !ZX Vega To Lose The Sinclair Name

August 2, 2018 by 5 Comments

It’s not a good time to be a backer of the crowdfunded Sinclair ZX Vega retro console. After raising a record sum on Indiegogo, a long series of broken promises and missed dates, and a final loss of patience from the crowdfunding site, it has emerged that the owner of the Sinclair and ZX brands is to withdraw the right to use them from the console.

The Vega itself should have been a reasonable proposition, a slick handheld running the FUSE Spectrum emulator rather than Z80 hardware, and from Retro Computers Limited, a company that boasted a 25% ownership from Sinclair Research and thus Sir Clive himself. The sorry tale of its mishandling will probably in time provide enough information for a fascinating book or documentary in itself, but one thing that has come to light in the BBC’s reporting is the fate of those Sinclair brands. They famously passed to Amstrad in the 1980s, a move that gave us the Spectrum +2 and +3 with decent keyboards and built-in tape and disk drives, but long after the last Spectrum had rolled off the production line they passed with Amstrad’s set-top-box business to the satellite broadcaster Sky, who are now responsible for pulling the plug.

This is a general news story as much as a hardware story as there is little by way of a hack to be found beyond the realisation that you could almost certainly roll your own with a Raspberry Pi, a copy of FUSE, and a 3D-printed case. But it’s a fitting follow-up to our previous reporting, and unless something unexpected happens in the Retro Computers boardroom it’s probably the last we’ll hear of the product. In an unexpected twist though they are reported to have shipped a few Vegas to backers in recent days, and we’ll leave the final word to the BBC’s quote from [David Whitchurch-Bennett], one of those recipients.

“The buttons are absolutely awful, You have to press so hard and they intermittently stop working unless you apply so much pressure.”

From where we’re sitting, remembering the dubious quality of some of the keyboards on original Spectrum products, we think that it might have more in common with the original than anyone is willing to admit.

Are Patent Claims Coming For Your WS2812?

July 31, 2018 by 115 Comments

There are some components which are used within our sphere so often as to become ubiquitous, referred to by their part number without the need for a hasty dig through a data sheet to remind oneself just what we are talking about. You can rattle a few of them off, the 555, the 741, the ESP8266, and so on.

In the world of LEDs, the part that most immediately springs to mind is the Worldsemi WS2812 addressable LED. This part consists of three LEDs in red, green, and blue, all in the same package with a serial interface allowing a chain of individually addressable multicolour lights to be created. We’ve seen them in all sorts of places, and if you don’t recognise the part number then perhaps you will by one of the names they’re sold under: Neopixel.

Yesterday we received an email from our piratical friends at Pimoroni, the British supplier of all forms of electronic goodies. Among their range they have a reasonable number of products containing WS2812s, and it was these products that had formed the subject of an unexpected cease-and-desist letter. APA Electronic are the manufacturer of the APA102 addressable LED (which you may know as the Dotstar), and their cease-and-desist asking for the products to be withdrawn from sale rests on their holding a patent for an addressable multicolour LED. We’d be very interested to hear whether any other suppliers of WS2812-based parts have received similar communications.

US patent number 8094102B2 is indeed a patent for a “Single full-color LED with driving mechanism”, which does look a lot like a WS2812. But as always, such things are not as cut-and-dried as they might first appear. The LED in the patent for example relies upon a clock line for its operation, while the Worldsemi part doesn’t. I am not a lawyer so I’d hesitate to call this a baseless and speculative move, but I suspect that there will be plenty over which the two semiconductor companies can duke it out in the courtroom.

It’s fair to say that a large part of the ethos of our movement shares something with that of the world of open-source, so news of legal manoeuvres such as this are never likely to go down well. We’re small fry in this context and our commercial influence on APA102 or WS2812 sales will be minimal, but inevitably APA’s standing in our eyes will be diminished. Companies such as Pimoroni are not the target but a piece of collateral damage in a battle between manufacturers.

Whether the patent has been violated or not can only be decided by the courts. It is not uncommon for patent holders to go after companies selling the “infringing” products in hopes that rather than risk a costly court battle, they simply adhere to the demands, in this case buying parts from APA and not from Worldsemi.

So, if you rely on addressable LEDs, watch out! There may be trouble ahead.

Header image: Tristan Robitaille [CC BY-SA 4.0].