News

3649 Articles

Meltdown Code Proves Concept

January 11, 2018 by 46 Comments

If you’ve read about Meltdown, you might have thought, “how likely is that to actually happen?” You can more easily judge for yourself by looking at the code available on GitHub. The Linux software is just proof of concept, but it both shows what could happen and — in a way — illustrates some of the difficulties in making this work. There are also two videos in the repository that show spying on password input and dumping physical memory.

The interesting thing is that there are a lot of things that will stop the demos from working. For example a slow CPU, a CPU without out-of-order execution, or an imprecise high-resolution timer. This is apparently especially problematic in virtual machines.

Continue reading “Meltdown Code Proves Concept”

Mbed Labs Chock Full Of Arm Goodies

January 10, 2018 by 26 Comments

One of the things we like about ARM processors is that there are a variety of options for library support. You can write your own code at the bare metal, of course, but you can also use many different abstraction libraries to make things easier. At the other end of the spectrum, there is Mbed, similar to the sort of libraries that Arduino supplies. Easy to use, although not always the best possible performance. Mbed now has an Mbed Labs site with a lot of extra goodies that go with the Mbed ecosystem, and it has quite a few interesting things.

You’ve always been able to write Mbed code in your browser — some people love that and some hate it and use locally-hosted tools like Platform.io. However, with the Mbed Lab, you can build and most importantly simulate your code in the browser (something we covered last year). There’s also a Javascript interpreter that runs on your chip, a small implementation of TensorFlow for deep learning, and a few other projects on the page.

Continue reading “Mbed Labs Chock Full Of Arm Goodies”

WiFi Alliance Announces Upcoming Fixes To WPA2

January 10, 2018 by 27 Comments

Last October, before Intel’s Management Engine was completely broken and the Spectre and Meltdown exploits drove Intel’s security profile further into the ground, we had a problem with wireless networking. WPA2 was cracked with KRACK, the Key Reinstallation Attack. The sky isn’t falling quite yet, but the fact remains that the best WiFi security currently available isn’t very secure at all.

This week, at the Consumer Electronics Show in Las Vegas, the WiFi Alliance announced they would introduce security enhancements in 2018. While it’s not said in the press release if this is a reaction to KRACK, the smart money says yes, this is indeed a reaction to KRACK.

Four new capabilities are outlined in the upcoming release of WPA3 this year. One feature will be protection for users who do not choose complex passwords. A second feature will simplify the process of configuring security on devices that have no display, ostensibly like that little button on your router that you’ve never pressed. The third feature will ‘strengthen user privacy in open networks’, while the fourth, the one we really care about, will add a 192-bit security suite which will, ‘further protect WiFi networks with higher security requirements’.

While most devices currently in service should have a patch for KRACK by now, there will always be thousands of unpatched devices, because, really, who is in charge of the router at your local coffee shop? We’re not sure about the timing of the WiFi Alliance’s announcement of upcoming security improvements: coming during CES when the entirety of the tech press is gawking at manned quadcopters and an endless variety of voice assistants. But we have to say better late than never.

Intel Rolls Out 49 Qubits

January 9, 2018 by 51 Comments

With a backdrop of security and stock trading news swirling, Intel’s [Brian Krzanich] opened the 2018 Consumer Electronics Show with a keynote where he looked to future innovations. One of the bombshells: Tangle Lake; Intel’s 49-qubit superconducting quantum test chip. You can catch all of [Krzanch’s] keynote in replay and there is a detailed press release covering the details.

This puts Intel on the playing field with IBM who claims a 50-qubit device and Google, who planned to complete a 49-qubit device. Their previous device only handled 17 qubits. The term qubit refers to “quantum bits” and the number of qubits is significant because experts think at around 49 or 50 qubits, quantum computers won’t be practical to simulate with conventional computers. At least until someone comes up with better algorithms. Keep in mind that — in theory — a quantum computer with 49 qubits can process about 500 trillion states at one time. To put that in some apple and orange perspective, your brain has fewer than 100 billion neurons.

Of course, the number of qubits isn’t the entire story. Error rates can make a larger number of qubits perform like fewer. Quantum computing is more statistical than conventional programming, so it is hard to draw parallels.

We’ve covered what quantum computing might mean for the future. If you want to experiment on a quantum computer yourself, IBM will let you play on a simulator and on real hardware. If nothing else, you might find the beginner’s guide informative.

Image credit: [Walden Kirsch]/Intel Corporation

Speculative Execution Was A Troublemaker For Xbox 360

January 8, 2018 by 28 Comments

Part of why people can’t stop talking about Meltdown/Spectre is the fact that all the individual pieces have been sitting in plain sight for a long time. When everyone saw how it all came together last week, many people (and not even necessarily security focused people) smacked themselves on the forehead: “Why didn’t I see that earlier?” Speculative execution has caused headaches going way back. [Bruce Dawson] tells one such story he experienced back in 2005. (Warning: ads on page may autoplay video.)

It’s centered around Xbox 360’s custom PowerPC processor. Among the customization on this chip was the addition of an instruction designed to improve memory performance. This instruction was a hack that violated some memory consistency guarantees held by the basic design, so they knew up front it had to be used very carefully. Even worse: debugging problems in this area were a pain. When memory consistency goes wrong, the code visible in the debugger might not be the actual code that crashed.

Since we’re talking about the dark side of speculative execution, you can already guess how the story ends: no matter how carefully it was used, the special instruction continued to cause problems when speculatively executed outside the constrained conditions. Extensive testing proved that instructions that were not being executed were causing crashes. That feels more like superstition than engineering. As far as he can recall, it ended up being more trouble than it was worth and was never used in any shipped Xbox 360 titles.

[Main image source: AnandTech article on Xbox 360 hardware]

Retro Rear-Projection Numeric Display Gets A Teardown

January 7, 2018 by 24 Comments

We recently featured an entertaining project here, a digital clock with a variety of different retro display technologies forming its numerals. Among those was an extremely unusual device, a rear-projection display with an array of bulbs each able to shine through a different letter or numeral slide. There was such interest in this device that its owner [Suedbunker] subjected one to a teardown for all to see.

The displays came from an organ which he suggests may have been manufactured around 1900. We suspect that may be a rather early estimate due to its use of a printed circuit board, but it is no less a fascinating device for it. A rectangular enclosure secured by twist-tabs opens to reveal a matrix of small filament bulbs on a PCB and supported by a stack of resin boards, in front of which was placed a slide with a letter or number for each one. Before that lies a sheet of glass, and then a molded plastic lens assembly which provides an individual lens for each of the 12 bulbs. When a bulb is illuminated with these in place, the letter or number is projected on the screen at the front of the unit.

It has the advantage of simplicity, no need for a high voltage, and high-quality characters and flexibility in displaying alternatives through different slides, though at the expense of quite a bulky package. The bulbs are quite energy-sapping, so for his clock he replaced them with LEDs. We like it as one of the more practical retro numeric displays, but its size means we probably won’t see a comeback.

You can see our write-up of the clock using the projection display here.

The PlyPad: CNC Machine Yourself A Tiny House

January 6, 2018 by 58 Comments

The Maslow CNC project is a CNC mill for sheet woodwork that is designed to be as inexpensive as possible and to be assembled by the end user. They’ve dropped us a line to tell us about a recent project they’ve undertaken as part of a collaboration to produce the PlyPad, a tiny house for Kenton Women’s Village, a project to tackle homelessness among women in part of the City of Portland.

Their write-up is a fascinating look at the issues surrounding the design and construction of a small dwelling using CNC rather than traditional methods. As an example their original design featured an attractive sawtooth roofline with multiple clerestory windows, but sadly a satisfactory solution could not be found to the problem of keeping it waterproof and they were forced to adopt a more conventional look.

The walls of the building are a ply-foam bonded sandwich, and the house is constructed in 4 foot sections to match the width of a sheet of ply. There are several section designs with built-in furniture, for example containing a bed, or storage space.

This house was designed to be part of a community with central washing and sanitary facilities, so it does not incorporate the bathroom you might expect. However it is not impossible to imagine how sections could be designed containing these, and could be added to a full suite of construction choices. We are reminded of its similarity to the WikiHouse project.

We covered the Maslow project back in 2016, it is especially pleasing to see that it has been something of a success.