News

3640 Articles

This Week In Security: Chat Control, Vulnerability Extortion, And Emoji Malware

June 21, 2024 by 13 Comments

Way back in 2020, I actually read the proposed US legislation known as EARN IT, and with some controversy, concluded that much of the criticism of that bill was inaccurate. Well what’s old is new again, except this time it’s the European Union that’s wrestling with how to police online Child Sexual Abuse Material (CSAM). And from what I can tell of reading the actual legislation (pdf), this time it really is that bad.

The legislation lays out two primary goals, both of them problematic. The first is detection, or what some are calling “upload moderation”. The technical details are completely omitted here, simply stating that services “… take reasonable measures to mitigate the risk of their services being misused for such abuse …” The implication here is that providers would do some sort of automated scanning to detect illicit text or visuals, but exactly what constitutes “reasonable measures” is left unspecified.

The second goal is the detection order. It’s worth pointing out that interpersonal communication services are explicitly mentioned as required to implement these goals. From the bill:

Providers of hosting services and providers of interpersonal communications services that have received a detection order shall execute it by installing and operating technologies approved by the Commission to detect the dissemination of known or new child sexual abuse material or the solicitation of children…

This bill is careful not to prohibit end-to-end encryption, nor require that such encryption be backdoored. Instead, it requires that the apps themselves be backdoored, to spy on users before encryption happens. No wonder Meredith Whittaker has promised to pull the Signal app out of the EU if it becomes law. As this scanning is done prior to encryption, it’s technically not breaking end-to-end encryption.

You may wonder why that’s such a big deal. Why is it a non-negotiable for the Signal app to not look for CSAM in messages prior to encryption? For starters, it’s a violation of user trust and an intentional weakening of the security of the Signal system. But maybe most importantly, it puts a mechanism in place that will undoubtedly prove too tempting for future governments. If Signal can be forced into looking for CSAM in the EU, why not anti-government speech in China?

Continue reading “This Week In Security: Chat Control, Vulnerability Extortion, And Emoji Malware”

Bent Shaft Isn’t A Bad Thing For This Pericyclic Gearbox

June 19, 2024 by 14 Comments

With few exceptions, power transmission is a field where wobbling is a bad thing. We generally want everything running straight and true, with gears and wheels perfectly perpendicular to their shafts, with everything moving smoothly and evenly. That’s not always the case, though, as this pericyclic gearbox demonstrates.

Although most of the components in [Retsetman] model gearboxes seem familiar enough — it’s mostly just a collection of bevel gears, like you’d see inside a differential — it’s their arrangement that makes everything work. More specifically, it’s the shaft upon which the bevel gears ride, which has a section that is tilted relative to the axis of the shaft. It’s just a couple of degrees, but that small bit of inclination, called nutation, makes the ring gear riding on it wobble as the shaft rotates, allowing it to mesh with one or more ring gears that are perpendicular to the shaft. This engages a few teeth at a time, transferring torque from one gear to another. It’s easier to visualize than it is to explain, so check out the video below.

Gearboxes like these have a lot of interesting properties, with the main one being gear ratio. [Retsetman] achieved a 400:1 ratio with just 3D printed parts, which of course impose their own limitations. But he was still able to apply some pretty serious torque. The arrangement is not without its drawbacks, of course, with the wobbling bits naturally causing unwelcome vibrations. That can be mitigated to some degree using multiple rotatins elements that offset each other, but that only seems to reduce vibration, not eliminate it.

[Retsetman] is no stranger to interesting gearboxes, of course, with his toothless magnetic gearboxes coming to mind. And this isn’t the only time we’ve seen gearboxes go all wobbly, either.

Continue reading “Bent Shaft Isn’t A Bad Thing For This Pericyclic Gearbox”

PCB Design Review: Switching Regulator Edition

June 18, 2024 by 18 Comments

This article was prompted by a friend of mine asking for help on a board with an ESP32 heart. The board outputs 2.1 V instead of 3.3 V, and it doesn’t seem like incorrectly calculated feedback resistors are to blame – let’s take a look at the layout. Then, let’s also take a look at a recently sent in design review entry, based on an IC that looks perfect for all your portable Raspberry Pi needs!

What Could Have Gone Wrong?

Here’s the board in all its two-layer glory. This is the kind of board you can use to drive 5 V or 12 V Neopixel strips with a firmware like WLED – exactly the kind of gadget you’ll want to use for LED strip experiments! 3.3 V power is provided by a Texas Instruments TPS54308 IC, and it’s the one misfiring, so let’s take a look.

Continue reading “PCB Design Review: Switching Regulator Edition”

TDK Claims Solid State Battery With 100X Energy Density

June 18, 2024 by 50 Comments

Regulations surrounding disposable batteries have accelerated a quiet race to replace coin cells, which on the whole are not readily rechargeable. TDK produces solid-state batteries and has announced a new material that claims an energy density of about 100 times that of their conventional batteries.

Energy density measures how much energy a system contains relative to its volume. The new battery has 1000 Wh/L. For comparison, old nickel-cadmium cells had about 150 Wh/L. A typical lithium-ion battery usually turns in about 200 – 250 Wh/L.

There aren’t many technical details, but a few things caught our interest. For one, it uses an oxide-based solid electrolyte and lithium alloy anodes. However, what really caught our eye was that it is “intended for use in wearables… that come in direct contact with the human body.” We don’t know if that means the material is safe for your skin or if it depends on being next to your body to operate.

While the energy density is high, keep in mind that the batteries of this type are usually tiny, so the total actual power available is probably not very high. Tiny batteries are definitely a thing. We are always hearing about breakthroughs, but we always wonder if and when we’ll see actual products.

McDonald’s Terminates Its Drive-Through Ordering AI Assistant

June 18, 2024 by 72 Comments

McDonald’s recently announced that it will be scrapping the voice-assistant which it has installed at over 100 of its drive-throughs after a two-year trial run. In the email that was sent to franchises, McDonald’s did say that they are still looking at voice ordering solutions for automated order taking (AOT), but it appears that for now the test was a disappointment. Judging by the many viral videos of customers struggling to place an order through the AOT system, it’s not hard to see why.

This AOT attempt began when in 2019 McDonald’s acquired AI company Apprente to create its McD Tech Labs, only to sell it again to IBM who then got contracted to create the technology for McDonald’s fast-food joints. When launched in 2021, it was expected that McDonald’s drive-through ordering lanes would eventually all be serviced by AOT, with an experience akin to the Alexa and Siri voice assistants that everyone knows and loves (to yell at).

With the demise of this test at McDonald’s, it would seem that the biggest change is likely to be in the wider automation of preparing fast-food instead, with robots doing the burger flipping and freedom frying rather than a human. That said, would you prefer the McD voice assistant when going through a Drive-Thru® over a human voice?

Credit: Xinmei Liu

The US Surgeon General’s Case For A Warning Label On Social Media

June 17, 2024 by 68 Comments

The term ‘Social Media’ may give off a benign vibe, suggesting that it’s a friendly place where everyone is welcome to be themselves, yet reality has borne out that it is anything but. This is the reason why the US Surgeon General [Dr. Vivek H. Murthy] is pleading for a health warning label on social media platforms. Much like with warnings on tobacco products, it’s not expected that such a measure would make social media safe for children and adolescents, but would remind them and their parents about the risks of these platforms.

While this may sound dire for what is at its core about social interactions, there is a growing body of evidence to support the notion that social media can negatively impact mental health. A 2020 systematic review article in Cureus by [Fazida Karim] and colleagues found anxiety and depression to be the most notable negative psychological health outcomes. A 2023 editorial in BMC Psychology by [Ágnes Zsila] and [Marc Eric S. Reyes] concurs with this notion, while contrasting these cons of social media with the pros, such as giving individuals an online community where they feel that they belong.

Ultimately, it’s important to realize that social media isn’t the end-all, be-all of online social interactions. There are still many dedicated forums, IRC channels and newsgroups far away from the prying eyes and social pressure  of social media to act out a personality. Having more awareness of how social interactions affect oneself and/or one’s children is definitely essential, even if we’re unlikely to return to the ‘never give out your real name’ days of  the pre-2000s Internet.

PostmarketOS Now Boots On Over 250 Devices

June 17, 2024 by 43 Comments

Every year, as consumers gobble up the latest Android devices, more old, but perfectly serviceable, units end up collecting dust in drawers. Or worse, they end up getting tossed in the trash. One of the most promising tools we have to help keep these older devices useful is postmarketOS, a full-fledged Linux distribution that provides a flexible and up-to-date software environment on devices that might otherwise be stuck with some old and unsupported version of Google’s mobile operating system.

As of the latest update on the postmarketOS blog, the team has announced an exciting milestone: over 250 devices can now boot the stable release of the OS.

Now to be clear, not all devices will be fully functional. In fact, the blog post clarifies that some of them only barely boot. But it’s progress, and now that these semi-supported devices aren’t hidden behind a development version of the OS, it means more folks will be able to put them to use.

For example, if you want to turn your old smartphone into a low-energy headless webserver, it doesn’t really matter if its display, touchscreen, or speakers are supported. You just need it to boot into Linux and fire up an SSH server so you can get in and start working.

But support for new devices is just one of the additions in this new v24.06 release. The blog post also points out several notable software upgrades, including the move to the 6.x branch of KDE Plasma Mobile. This brings with it a long list of improvements and changes, including a rewritten homescreen with enhanced customization options. If you prefer a more minimal GUI, don’t worry. This new release also updates Sxmo, which provides a menu-driven interface for both touch screens and hardware controls.

Among the newly supported devices is a generic x86_64 image that should work on a wide array of PCs. While obviously there’s no shortage of Linux distros you could run on your old computer, being able to install postmarketOS on it is definitely helpful for development purposes. There’s also a new Tegra ARMv7 target which brings a number of new devices into the fold, such as the Google Nexus 7, and Microsoft Surface RT.

Looking to run postmarketOS on your own hardware? The best way to start is to check the Devices page and see how many of those old gadgets you’ve got collecting dust in a drawer are compatible.