Hack On Self: Sense Of Time

August 6, 2024 by Arya Voronova 49 Comments

Every now and then, a commercial product aims to help you in your life journey, in a novel way, making your life better through its presence. Over the years, I’ve been disappointed by such products far more often than I have been reassured, seeing each one of them rendered unimaginative and purposeless sometimes even despite the creator’s best intentions. The pressures of a commercial market will choke you out without remorse, metal fingers firmly placed on your neck, tightening with every move that doesn’t promise profit, and letting money cloud your project’s vision. I believe that real answers can only come from within hacker communities, and as we explore, you might come to see it the same way.

This is the tip of the iceberg of a decade-long project that I hope to demonstrate in a year or two. I’d like to start talking about that project now, since it’s pretty extensive; the overall goal is about using computers to help with human condition, on a personal level. There’s a lot of talk about computers integrating into our lives – even more if you dare consult old sci-fi, much of my inspiration.

Tackling a gigantic problem often means cutting it down into smaller chunks, though, so here’s a small sub-problem I’ve been working on, for years now, on and off: Can you use computers to modify your sense of time?

Continue reading “Hack On Self: Sense Of Time” →

Radio Apocalypse: HFGCS, The Backup Plan For Doomsday

August 5, 2024 by Dan Maloney 16 Comments

To the extent that you have an opinion on something like high-frequency (HF) radio, you probably associate it with amateur radio operators, hunched over their gear late at night as they try to make contact with a random stranger across the globe to talk about the fact that they’re both doing the same thing at the same time. In a world where you can reach out to almost anyone else in an instant using flashy apps on the Internet, HF radio’s reputation as somewhat old and fuddy is well-earned.

Like the general population, modern militaries have largely switched to digital networks and satellite links, using them to coordinate and command their strategic forces on a global level. But while military nets are designed to be resilient to attack, there’s only so much damage they can absorb before becoming degraded to the point of uselessness. A backup plan makes good military sense, and the properties of radio waves between 3 MHz and 30 MHz, especially the ability to bounce off the ionosphere, make HF radio a perfect fit.

The United States Strategic Forces Command, essentially the people who “push the button” that starts a Very Bad Day™, built their backup plan around the unique properties of HF radio. Its current incarnation is called the High-Frequency Global Communications System, or HFGCS. As the hams like to say, “When all else fails, there’s radio,” and HFGCS takes advantage of that to make sure the end of the world can be conducted in an orderly fashion.

Continue reading “Radio Apocalypse: HFGCS, The Backup Plan For Doomsday” →

The Ultimate Seed Vault Backup? How About The Moon

August 4, 2024 by Donald Papp 44 Comments

A safe haven to preserve samples of biodiversity from climate change, habitat loss, natural disaster, and other threats is recognized as a worthwhile endeavor. Everyone knows good backup practice involves a copy of critical elements at a remote location, leading some to ask: why not the moon?

Not even the Svalbard global seed vault is out of the reach of climate change’s effects.

A biological sample repository already exists in the form of the Svalbard global seed vault, located in a mountain on a remote island in the Arctic circle. Even so, not even Svalbard is out of the reach of our changing Earth. In 2017, soaring temperatures in the Arctic melted permafrost in a way no one imagined would be possible, and water infiltrated the facility. Fortunately the flooding was handled by personnel and no damage was done to the vault’s contents, but it was a wake-up call.

An off-site backup that requires no staffing could provide some much-needed redundancy. Deep craters near the moon’s polar regions offer stable and ultra-cold locations that are never exposed to sunlight, and could offer staffing-free repositories if done right. The lunar biorepository proposal has the details, and is thought-provoking, at least.

The moon’s lack of an atmosphere is inconvenient for life, but otherwise pretty attractive for some applications. A backup seed vault is one, and putting a giant telescope in a lunar crater is another.

How About Privacy and Hackability?

August 3, 2024 by Elliot Williams 32 Comments

Many smart electric meters in the US use the 900 MHz band to broadcast their usage out to meter readers as they walk the neighborhood. [Jeff Sandberg] used an RTL-SDR dongle and some software to integrate this data into his own home automation system, which lets him keep track of his home’s power usage.

Half of the comment section was appalled that the meters broadcast this data in the clear, and these readers thought this data should be encrypted even if the reach is limited to the home-owner’s front yard. But that would have stopped [Jeff] from accessing his own data as well, and that would be a shame. So there’s clearly a tradeoff in play here.

We see this tradeoff in a lot of hardware devices as well – we want to be able to run our firmware on them, but we don’t want criminals to do the same. We want the smart device to work with the cloud service, but to also work with our own home automation system if we have one. And we want to be able to listen in to our smart meters, but don’t necessarily want others to do so.

The solution here is as easy as it is implausible that it will get implemented. If the smart meters transmitted encrypted, each with their own individual password, then everyone would win. The meter reader would have a database of passwords linked to meter serial numbers or addresses, and the home owner could just read it off of a sticker, optimally placed on each unit. Privacy and usability would be preserved.

This issue isn’t just limited to electric meters. Indeed, think of all of the data that is being sent out from or about you, and what percentage of it is not encrypted and should be, but also about what data is sent out encrypted that you could use access to. The solution is to put you in control of the encryption, by selecting a password or having access to one that’s set for you. Because after all, if it’s your data, it should be your data: private and usable.

Taco Bell To Bring Voice AI Ordering To Hundreds Of US Drive-Throughs

August 2, 2024 by Maya Posch 41 Comments

Drive-throughs are a popular feature at fast-food places, where you can get some fast grub without even leaving your car. For the fast-food companies running them they are also a big focus of automation, with the ideal being a voice assistant that can take orders and pass them on to the (still human) staff. This probably in lieu of being able to make customers use the touch screens-equipped order kiosks that are common these days. Pushing for this drive-through automation change is now Taco Bell, or specifically the Yum Brands parent company.

This comes interestingly enough shortly after McDonalds deemed its own drive-through voice assistant to be a failure and removing it. Meanwhile multiple Taco Bell in the US in 13 states and five KFC restaurants in Australia are trialing the system, with results apparently encouraging enough to start expanding it. Company officials are cited as it having ‘improved order accuracy’, ‘decreased wait times’ and ‘increased profits’. Considering the McDonalds experience which was pretty much the exact opposite in all of these categories we will remain with bated breath. Feel free to share your Taco Bell or other Voice AI-enabled drive-through experiences in the comments. Maybe whoever Yum Brands contracted for their voice assistant did a surprisingly decent job, which would be a pleasant change.

Top image: Taco Bell – Vadnais Heights, MN (Credit: Gabriel Vanslette, Wikimedia)

This Week In Security: Echospoofing, Ransomware Records, And Github Attestations

August 2, 2024 by Jonathan Bennett 5 Comments

It’s a bit of bitter irony, when a security product gets used maliciously, to pull off the exact attack it was designed to prevent. Enter Proofpoint, and the EchoSpoofing attack. Proofpoint offers an email security product, filtering spam and malicious incoming emails, and also handling SPF, DKIM, and DMARC headers on outgoing email. How does an external service provide those email authentication headers?

One of the cardinal sins of running an email server is to allow open relaying. That’s when anyone can forward email though an SMTP server without authentication. What we have here is two nearly open relays, that wound up with spoofed emails getting authenticated just like the real thing. The first offender is Microsoft’s Office365, which seems to completely skip checking for email spoofing when using SMTP relaying from an allowed IP address. This means a valid Office365 account allows sending emails as any address. The other half relies on the way Proofpoint works normally, accepting SMTP traffic from certain IP addresses, and adding the authentication headers to those emails. There’s an option in Proofpoint to add the Microsoft Office 365 servers to that list, and apparently quite a few companies simply select that option.

The end result is that a clever spammer can send millions of completely legitimate looking emails every day, that look very convincing even to sophisticated users. At six months of activity, averaging three millions emails a day, this campaign managed just over half a billion malicious emails from multiple high-profile domains.

The good news here is that Proofpoint and Guardio discovered the scheme, and worked with Microsoft to develop the X-OriginatorOrg header that is now applied to every email sent from or through the Office365 servers. This header marks the account tenant the email belongs to, giving vendors like Proofpoint a simple way to determine email validity. Continue reading “This Week In Security: Echospoofing, Ransomware Records, And Github Attestations” →

A map of the US showing the potential changes to passenger rail service due to the Corridor ID Program

A New Era For US Passenger Rail?

July 31, 2024 by Navarre Bartz 115 Comments

Here in the United States, we’re lagging behind the rest of the world when it comes to shiny new passenger rail, despite being leaders in previous centuries. The Federal Railroad Administration (FRA) has just released a story map of how the US could close the gap (a little).

The Corridor Identification and Development (CID) Program is a way for FRA to provide both funding and technical assistance as corridor sponsors (mostly state Departments of Transportation) evaluate either new intercity service or expansion of existing services. While it isn’t a guarantee of anything, it is a step in the right direction to rebuilding passenger rail capacity in the US.

Some cities would be getting rail service back for the first time in decades, and perhaps even more exciting is that several of the routes being studied are for high speed rail “primarily or solely on new trackage.” As any railfan can tell you, vintage rails aren’t the best for trains going fast (sorry, Acela). With recent polling showing strong public support for the build out of high speed rail, it’s an exciting time for those who prefer to travel by rail.

We don’t think you’ll be able to ride a gyro monorail, nuclear-powered, or jet train on these proposed routes, but we do hope that Amtrak and FRA are looking to the state-of-the-art when it comes to those high speed alignments. While you’re eagerly awaiting new passenger service, might we recommend this field guide to what all those different freight cars going by are for here in North America?