News

3609 Articles

The Alien Energy Crisis Solved

May 14, 2024 by 48 Comments

Since the dawn of the industrial revolution, humans have been searching for more energy. Especially lately, there has been a huge interest in wind, solar, geothermal, and other ways to capture and harness power. However, we have a huge power plant just eight light minutes away: our sun. Oh sure, we toy with solar power, but the amount of sunlight hitting the Earth or even Earth orbit is a tiny fraction of Sol’s total output. But what if you could capture nearly all of the sun’s output? Scientists think that maybe — just maybe — they’ve detected 60 new extraterrestrial civilizations doing just that. At least, that’s what it could be.

[Freeman Dyson] popularized the idea of a Dyson sphere, an artificial sphere surrounding a sun to capture the maximum amount of energy, back in 1960. However, the idea is older and usually credited to [Olaf Stapledon]’s 1937 novel Star Maker. While most people think the sphere would be solid, [Dyson] himself thought it would be a swarm of disjointed collectors owing to the difficulty in creating a solid shell of the required size.

Both SETI and Fermilab have searched for what is thought to be telltale infrared radiation that scientists think would emanate from a star surrounded by spheres or swarms. Several have been located, but there is no conclusive evidence.

The new 60 were identified by analyzing data from the Gaia satellite. Again, the evidence is not conclusive, but small and dim stars that are very bright in infrared can’t be explained by conventional explanations. One way to explain at least some of the stars would be if about 16% of the star was obscured by something like a swarm of Dyson sphere collectors.

There are, of course, more jejune explanations possible. For example, the star might happen to be in front of some more distant IR source. Still, it is tantalizing to think there may be more than 60 high-tech civilizations out there either waiting to meet us or, perhaps, waiting to eat us, depending on how paranoid you are.

New Quadcopter Speed World Record Set At Nearly 500 Km/h

May 13, 2024 by 20 Comments

Making a quadcopter go fast would seem to be quite simple: just strap on powerful motors, aim the quadcopter roughly at where you want it to go fast, and let ‘er rip. Because of aerodynamics and other pesky physical laws there are a few complications to this, of course, but this didn’t deter [Luke Bell] and his father [Mike Bell] from nailing the Guinness World Record for remote-controlled quadcopters on April 21, 2024. During the official run, a top speed of 480.23 km/h was recorded, making it considerably faster than the first version they made, which hit a measly 400 km/h.

For this second iteration of the ‘got to go fast’ quadcopter, the design was scaled up, with more powerful motors and associated electronics added. Naturally, when you’re pushing brushless motors and their ESCs to their limits, stuff can get a bit hot due to the immense currents flowing through the system. This resulted in a number of battery, wire and other fires. Fortunately, the worrying aspect of in-flight stability got addressed pretty well courtesy of a professional drone trainer, and ultimately the world record attempt went off without a hitch.

An endurance test was also attempted, which reached 7.5 km at 180 km/h, and with the clear canopy in from of the camera removed, visual performance was pretty stunning, while still easily reaching 400 km/h. This might make it the perfect high-speed chase camera system.

Thanks to [Craig] for the tip.

Continue reading “New Quadcopter Speed World Record Set At Nearly 500 Km/h”

Autochrome For The 2020s

May 12, 2024 by 2 Comments

For all intents and purposes, photography here in 2024 is digital. Of course chemical photography still exists, and there are a bunch of us who love it for what it is, but even as we hang up our latest strip of negatives to dry we have to admit that it’s no longer mainstream. Among those enthusiasts who work with conventional black-and-white or dye-coupler colour film are a special breed whose chemistry takes them into more obscure pathways.

Wet-collodion plates for example, or in the case of [Jon Hilty], the Lumière autochrome process. This is a colour photography process from the early years of the twentieth century, employing a layer of red, green, and blue grains above a photosensitive emulsion. Its preparation is notoriously difficult, and he’s lightened the load somewhat with the clever use of CNC machinery to automate some of it.

Pressing the plates via CNC

His web site has the full details of how he prepares and exposes the plates, so perhaps it’s best here to recap how it works. Red, green, and blue dyed potato starch grains are laid uniformly on a glass plate, then dried and pressed to form a random array of tiny RGB filters. The photographic emulsion is laid on top of that, and once it is ready the exposure is made from the glass side do the light passes through the filters.

If the emulsion is then developed using a reversal process as for example a slide would be, the result is a black and white image bearing colour information in that random array, which when viewed has red, green, and blue light from those starch filters passing through it. To the viewer’s eye, this then appears as a colour image.

We can’t help being fascinated by the autochrome process, and while we know we’ll never do it ourselves it’s great to see someone else working with it and producing 21st century plates that look a hundred years old.

While this may be the first time we’ve featured such a deep dive into autochrome, it’s certainly not the first time we’ve looked at alternative photographic chemistries.

Software Bug Results In Insulin Pump Injuries, Spurs Recall

May 11, 2024 by 24 Comments

Managing Type 1 diabetes is a high-stakes balancing act — too much or too little insulin is a bad thing, resulting in blood glucose levels that deviate from a narrow range with potentially dire consequences on either side. Many diabetics choose to use an insulin pump to make managing all this easier, but as a recent recall of insulin pump software by the US Food and Drug Administration shows, technology isn’t foolproof.

Thankfully, the recall is very narrow in scope. It’s targeted at users of the Tandem t:slim X2 insulin pump, and specifically the companion application running on iOS devices. The mobile app is intended to run on the user’s phone to monitor and control the pump. The pump itself is a small, rechargeable device that users often keep on their belt or tucked into a pocket that delivers a slow, steady infusion of insulin during the day, plus larger bolus doses to compensate for meals.

The t:slim X2 insulin pump.

But version 2.7 of the t:connect mobile app can crash unexpectedly, and on iOS devices, that can lead to the OS continually relaunching it. Each time it does this, the app tries to reconnect with the pump via Bluetooth, which eventually runs down the battery in the pump. Once the battery is dead, no more insulin can be delivered, potentially leading to a condition called hyperglycemia (“hyper” meaning an excess, “gly” referring to sugar, and “emia” meaning presence in blood — excess sugar in the blood.)

Untreated hyperglycemia can progress to a much more serious state called diabetic ketoacidosis, which can lead to coma and death. Thankfully, nobody has suffered that fate from this bug, but the FDA has received over 200 reports of injuries, hence the recall. Tandem sent out a notice to all affected customers back in March to update their apps, but it’s still possible that some users didn’t get the message.

Apart from the human cost of this bug, there’s a lesson here about software design and unintended consequences. While it intuitively seems like a great idea to automatically relaunch a crashed app, especially one with a critical life-safety function, in hindsight, the better course might have been to just go into a safe mode and alert the user with an alarm. That’s a lesson we’ve learned by exploring space, and it seems to apply here as well.

Images: AdobeStock, Tandem Diabetes

This Week In Security: TunnelVision, Scarecrows, And Poutine

May 10, 2024 by 9 Comments

There’s a clever “new” attack against VPNs, called TunnelVision, done by researchers at Leviathan Security. To explain why we put “new” in quotation marks, I’ll just share my note-to-self on this one written before reading the write-up: “Doesn’t using a more specific DHCP route do this already?” And indeed, that’s the secret here: in routing, the more specific route wins. I could not have told you that DHCP option 121 is used to set extra static routes, so that part was new to me. So let’s break this down a bit, for those that haven’t spent the last 20 years thinking about DHCP, networking, and VPNs.

So up first, a route is a collection of values that instruct your computer how to reach a given IP address, and the set of routes on a computer is the routing table. On one of my machines, the (slightly simplified) routing table looks like:

# ip route
default via 10.0.1.1 dev eth0
10.0.1.0/24 dev eth0

The first line there is the default route, where “default” is a short-hand for 0.0.0.0/0. That indicate a network using the Classless Inter-Domain Routing (CIDR) notation. When the Internet was first developed, it was segmented into networks using network classes A, B, and C. The problem there was that the world was limited to just over 2.1 million networks on the Internet, which has since proven to be not nearly enough. CIDR came along, eliminated the classes, and gave us subnets instead.

In CIDR notation, the value after the slash is commonly called the netmask, and indicates the number of bits that are dedicated to the network identifier, and how many bits are dedicated to the address on the network. Put more simply, the bigger the number after the slash, the fewer usable IP addresses on the network. In the context of a route, the IP address here is going to refer to a network identifier, and the whole CIDR string identifies that network and its size.

Back to my routing table, the two routes are a bit different. The first one uses the “via” term to indicate we use a gateway to reach the indicated network. That doesn’t make any sense on its own, as the 10.0.1.1 address is on the 0.0.0.0/0 network. The second route saves the day, indicating that the 10.0.1.0/24 network is directly reachable out the eth0 device. This works because the more specific route — the one with the bigger netmask value, takes precedence.

The next piece to understand is DHCP, the Dynamic Host Configuration Protocol. That’s the way most machines get an IP address from the local network. DHCP not only assigns IP addresses, but it also sets additional information via numeric options. Option 1 is the subnet mask, option 6 advertises DNS servers, and option 3 sets the local router IP. That router is then generally used to construct the default route on the connecting machine — 0.0.0.0/0 via router_IP.

Remember the problem with the gateway IP address belonging to the default network? There’s a similar issue with VPNs. If you want all traffic to flow over the VPN device, tun0, how does the VPN traffic get routed across the Internet to the VPN server? And how does the VPN deal with the existence of the default route set by DHCP? By leaving those routes in place, and adding more specific routes. That’s usually 0.0.0.0/1 and 128.0.0.0/1, neatly slicing the entire Internet into two networks, and routing both through the VPN. These routes are more specific than the default route, but leave the router-provided routes in place to keep the VPN itself online.

And now enter TunnelVision. The key here is DHCP option 121, which sets additional CIDR notation routes. The very same trick a VPN uses to override the network’s default route can be used against it. Yep, DHCP can simply inform a client that networks 0.0.0.0/2, 64.0.0.0/2, 128.0.0.0/2, and 192.0.0.0/2 are routed through malicious_IP. You’d see it if you actually checked your routing table, but how often does anybody do that, when not working a problem?

There is a CVE assigned, CVE-2024-3661, but there’s an interesting question raised: Is this a vulnerability, and in which component? And what’s the right solution? To the first question, everything is basically working the way it is supposed to. The flaw is that some VPNs make the assumption that a /1 route is a bulletproof way to override the default route. The solution is a bit trickier. Continue reading “This Week In Security: TunnelVision, Scarecrows, And Poutine”

A pile of red Swiss Army knives, probably collected by TSA.

Introducing The Swiss Army… Tool?

May 9, 2024 by 152 Comments

You’ve probably used one for everything from opening packages to stripping wires in a pinch (because you know better than to use your teeth). We’re talking about the blade of the iconic Swiss Army knife. And while there are many different models out there, they all feature at least one knife among their utensils. Until now.

Citing pressure due to the increase in worldwide knife violence, the company announced that they’ll be releasing a new range of tools without blades. Carl Elsner, fourth-generation CEO of Swiss Army knife maker Victorinox, is also concerned about increasing regulations surrounding knives at sporting events and other activities. And he has a point: according to the UN’s Global Study on Homicide 2023 (PDF), 30% of European homicides were committed with some type of sharp object.

In an interview with The Guardian, Elsner spoke of creating more specialized tools, such as one for cyclists, who don’t necessarily need a blade. He also mentioned that Victorinox have a tool specifically for golfers, but we’d like to point out that it features, among other things, a knife.

It’s going to be a long time before people stop assuming that the skinny red thing in your pocket contains a knife, especially at the airport. What TSA agent is going to take the time to check out your tool? They’re going to chuck it in the bucket with the rest of them. Would you consider buying a blade-less multi-tool? Let us know in the comments.

Don’t have much need for a knife? Here’s a bench tool that has it all.

(Main and thumbnail photos via Unsplash)

Robotic Platform Turns Shop Vac Into Roomba

May 8, 2024 by 14 Comments

The robotic revolution is currently happening, although for the time being it seems as though most of the robots are still being generally helpful to humanity, whether that help is on an assembly line, help growing food, or help transporting us from place to place. They’ve even showed up in our homes, although it’s not quite the Jetsons-like future yet as they mostly help do cleaning tasks. There are companies that will sell things like robotic vacuum cleaners but [Clay Builds] wanted one of his own so he converted a shop vac instead.

The shop vac sits in a laser-cut plywood frame and rolls on an axle powered by windshield wiper motors. Power is provided from a questionable e-bike battery which drives the motors and control electronics. A beefy inverter is also added to power the four horsepower vacuum cleaner motor. The robot has the ability to sense collisions with walls and other obstacles, and changes its path in a semi-random way in order to provide the most amount of cleaning coverage for whatever floor it happens to be rolling on.

There are a few things keeping this build from replacing anyone’s Roomba, though. Due to the less-than-reputable battery, [Clay Builds] doesn’t want to leave the robot unattended and this turned out to be a good practice when he found another part of the build, a set of power resistors meant to limit current going to the vacuum, starting to smoke and melt some of the project enclosure. We can always think of more dangerous tools to attach a robotic platform to, though.

Continue reading “Robotic Platform Turns Shop Vac Into Roomba”