News

3607 Articles

Meta Cancels Augmented Reality Headset After Apple Vision Pro Falls Flat

August 24, 2024 by 50 Comments

The history of consumer technology is littered with things that came and went. For whatever reason, consumers never really adopted the tech, and it eventually dies. Some of those concepts seem to persistently hang on, however, such as augmented reality (AR). Most recently, Apple launched its Vision Pro ‘mixed reality’ headset at an absolutely astounding price to a largely negative response and disappointing sale numbers. This impending market flop seems to now have made Meta (née Facebook) reconsider bringing a similar AR device to market.

To most, this news will come as little of a surprise, considering that Microsoft’s AR product (HoloLens) explicitly seeks out (government) niches with substantial budgets, and Google’s smart glasses have crashed and burned despite multiple market attempts. In a consumer market where virtual reality products are already desperately trying not to become another 3D display debacle, it would seem clear that amidst a lot of this sci-fi adjacent ‘cool technology,’ there are a lot of executives and marketing critters who seem to forego the basic question: ‘why would anyone use this?’

Continue reading “Meta Cancels Augmented Reality Headset After Apple Vision Pro Falls Flat”

This Week In Security: Crash Your IPhone, Hack Your Site, And Bluetooth Woes

August 23, 2024 by 6 Comments

There have been some hilarious issues on mobile devices over the years. The HTC Dream had a hidden shell that was discovered when a phone rebooted after sending a text containing just the word “reboot”. iOS has gotten in on the fun from time to time, and this time it’s ""::. Type the double quotes, a colon, and any other character, and Apple’s Springboard service crashes.

Another hacker dug in a bit, and realized that Springboard is trying to jump execution to a null pointer, leading to a crash. It’s very odd that user input breaks the query parser badly enough to jump to null like that. There are a couple interesting questions that we have to ask. Given that the crash trigger is quite flexible, "anything goes":x, is it possible to manipulate that function pointer to be something other than null? And perhaps more importantly, why is the code crashing, instead of an invalid address error as one would expect from a Pointer Authentication Code (PAC) violation? Regardless, the bug seems to be fixed in the latest iOS 18 builds.

Continue reading “This Week In Security: Crash Your IPhone, Hack Your Site, And Bluetooth Woes”

Farewell Magnetic Stripe

August 21, 2024 by 115 Comments

For decades, the magnetic stripe has been ubiquitous on everything from credit cards to tickets to ID badges. But the BBC reports — unsurprisingly — that the mag stripe’s days are numbered. Between smartphones, QR codes, and RFID, there’s just less demand for the venerable technology.

IBM invented the stripe back in the early 1960s. The engineer responsible, [Forrest Parry], was also involved in developing the UPC code. While working on a secure ID for the CIA, his wife suggested using an iron to melt a strip of magnetic tape onto the card. The rest is history.

Continue reading “Farewell Magnetic Stripe”

Cost-Optimized Raspberry Pi 5 Released With 2 GB RAM And D0 Stepping

August 19, 2024 by 42 Comments

When the Raspberry Pi 5 SBC was released last year, it came in 4 and 8 GB RAM variants, which currently retail from around $80 USD and €90 for the 8 GB variant to $60 and €65 for the 4 GB variant. Now Raspberry Pi has announced the launch of a third Raspberry Pi 5 variant: a 2 GB version which also features a new stepping of the BCM2712 SoC. This would sell for about $50 USD and feature the D0 stepping that purportedly strips out a lot of the ‘dark silicon’ that is not used on the SBC.

These unused die features are likely due to the Broadcom SoCs used on Raspberry Pi SBCs being effectively recycled set-top box SoCs and similar. This means that some features that make sense in a set-top box or such do not make sense for a general-purpose SBC, but still take up die space and increase the manufacturing defect rate. The D0 stepping thus would seem to be based around an optimized die, with as only possible negative being a higher power density due to a (probably) smaller die, making active cooling even more important.

As for whether 2 GB is enough for your purposes depends on your use case, but knocking $10 off the price of an RPi 5 could be worth it for some. Perhaps more interesting is that this same D0 stepping of the SoC is likely to make it to the other RAM variants as well. We’re awaiting benchmarks to see what the practical difference is between the current C1 and new D0 steppings.

Thanks to [Mark Stevens] for the tip.

Historical Microsoft And Apple Artifacts Among First Christie’s Auction Of Living Computers Museum

August 19, 2024 by 9 Comments

Recently the Christie’s auction house released the list of items that would be going up for sale as part of the first lot of Living Computer Museum items, under the banner “Gen One: Innovations from the Paul G. Allen Collection”. One auction covers many ‘firsts’ in the history of computing,  including a range of computers like an Apple 1, and a PDP-10, as well as early Microsoft memos and code printouts. The other auctions include such items like a Gemini Spacesuit as worn by [Ed White] and a signed 1939 letter from [Albert Einstein] to [US President Roosevelt] on the discovery by the Germans of a fissionable form of uranium from which a nuclear weapon could be constructed.

We previously reported on this auction when it was first announced in June of this year. At the time many were saddened at seeing the only computer history and its related educational facilities vanish, and there were worries among those who had donated items to the museum what would happen to these now that the museum’s inventory was being put up for sale. As these donations tend to be unconditional, the museum is free to do with the item as they see fit, but ‘being sold at auction’ to probably a private collector was likely not on their mind when filling in the donation form.

As the first auctions kick off in a few days we will just have to wait and see where the museum’s inventory ends up at, but it seems likely that many of these items which were publicly viewable will now be scattered across the globe in private collections.

Top image: A roughly 180° panorama of the “conditioned” room of the Living Computer Museum, Seattle, Washington, USA. Taken in 2014. (Credit: Joe Mabel)

This Week In Security: Three Billion SS Numbers, IPv6 RCE, And Ring -2

August 16, 2024 by 3 Comments

You may have heard about a very large data breach, exposing the Social Security numbers of three billion individuals. Now hang on. Social Security numbers are a particularly American data point, and last time we checked there were quite a few Americans shy of even a half of a billion’s worth. As [Troy Hunt] points out, there are several things about this story that seem just a bit odd.

First up, the claim is that this is data grabbed from National Public Data, and there’s even a vague notice on their website about it. NPD is a legitimate business, grabbing data on as many people as possible, and providing services like background checks and credit checks. It’s not impossible that this company has records on virtually every citizen of the US, UK, and Canada. And while that’s far less than 2.9 billion people, it could feasibly add up to 2.9 billion records as was originally claimed.

The story gets strange as we consider the bits of data that have been released publicly, like a pair of files shared with [Troy] that have names, birthdays, addresses, phone numbers, and social security numbers. Those had a total of 2.69 billion records, with an average of 3 records for each ID number. That math is still just a little weird, since the US has to date only generated 450 million SSNs and change.

So far all we have are partial datasets, and claims on the Internet. The story is that there’s a grand total of 4 TB of data once uncompressed. The rest of the details are unclear, and it’s likely to take some time for the rest of the story to come out. Continue reading “This Week In Security: Three Billion SS Numbers, IPv6 RCE, And Ring -2”

Australia’s Controlled Loads Are In Hot Water

August 15, 2024 by 125 Comments

Australian grids have long run a two-tiered pricing scheme for electricity. In many jurisdictions, regular electricity was charged at a certain rate. Meanwhile, you could get cheaper electricity for certain applications if your home was set up with a “controlled load.” Typically, this involved high energy equipment like pool heaters or hot water heaters.

This scheme has long allowed Australians to save money while keeping their water piping-hot at the same time. However, the electrical grid has changed significantly in the last decade. These controlled loads are starting to look increasingly out of step with what the grid and the consumer needs. What is to be done?

Continue reading “Australia’s Controlled Loads Are In Hot Water”