A screenshot of the release page, showing the headline and a crop of the release notes

MicroPython 1.23 Brings Custom USB Devices, OpenAMP, Much More

June 2, 2024 by Arya Voronova 25 Comments

MicroPython is a wonderful Python interpreter that runs on many higher-end microcontrollers, from ESP8266 to STM32 to the RP2040. MicroPython lets you build devices quickly, and its latest release, 1.23, brings a number of improvements you should be aware of.

The first one is custom USB device support, and it’s a big one. Do you want to build HID devices, or play with MIDI, or do multiple serial streams with help of PIO? Now MicroPython lets you easily create USB devices on a variety of levels, from friendly wrappers for creating HID or MIDI devices, to low-level hooks to let you define your own USB descriptors, with user-friendly libraries to help all the way through. Currently, SAMD and RP2040 ports are supported in this part of code, but you can expect more in the future.

There’s more – support for OpenAMP, an inter-core communication protocol, has received a ton of improvements for systems where MicroPython reigns supreme on some of the CPU cores but also communicates with different systems on other cores. A number of improvements have made their way through the codebase, highlighting things we didn’t know MicroPython could do – for instance, did you know that there’s a WebAssembly port in the interpreter, letting you run MicroPython in your browser?

Well, it’s got a significant overhaul in this release, so there’s no better time to check it out than now! Library structure has been refactored to improve CPython compatibility, the RP2040 port receives a 10% performance boost thanks to core improvements, and touches upon areas like PIO and SPI interfaces.

We applaud all contributors involved on this release. MicroPython is now a decade old as of May 3rd, and it keeps trucking on, having firmly earned its place in the hacker ecosystem. If you’ve been playing with MicroPython, remember that there are multiple IDEs, graphics libraries, and you can bring your C code with you!

This Week In Security: Operation Endgame, Appliance Carnage, And Router Genocide

May 31, 2024 by Jonathan Bennett 3 Comments

This week saw an impressive pair of takedowns pulled off by law enforcement agencies around the world. The first was the 911 S5 botnet, Which the FBI is calling “likely the world’s largest botnet ever”. Spreading via fake free VPN services, 911 was actually a massive proxy service for crooks. Most lately, this service was operating under the name “Cloud Router”. As of this week, the service is down, the web domain has been seized, and the alleged mastermind, YunHe Wang, is in custody.

The other takedown is interesting in its own right. Operation Endgame seems to be psychological warfare as well as actual arrests and seizures. The website features animated shorts, a big red countdown clock, and a promise that more is coming. The actual target was the ring that manage malware droppers — sort of middlemen between initial shellcode, and doing something useful with a compromised machine. This initial volley includes four arrests, 100+ servers disrupted, and 2,000+ domains seized.

The arrests happened in Armenia and Ukraine. The messaging around this really seems to be aimed at the rest of the gang that’s out of reach of law enforcement for now. Those criminals may still be anonymous, or operating in places like Russia and China. The unmistakable message is that this operation is coming for the rest of them sooner or later. Continue reading “This Week In Security: Operation Endgame, Appliance Carnage, And Router Genocide” →

ICQ Will Shut Down On June 26 This Year

May 26, 2024 by Maya Posch 29 Comments

In many ways, ICQ has always been a bit of a curiosity. It was one of the first major instant messenger clients of the 1990s. It saw broad uptake alongside the likes of AOL Instant Messenger and MSN Messenger. Yet, it outlasted both of them despite not being attached to an industrial juggernaut like AOL or Microsoft. After 27 years, however, it seems that the last petal will drop, with the shutdown of ICQ announced on the ICQ website for June 26, 2024.

Originally launched by an Israeli company, Mirabilis, in June of 1996, it took the Internet by storm, leading to AOL buying Mirabilis in June of 1998. Under the wing of AOL, ICQ kept growing its user base until it was sold to Digital Sky Technologies (now VK, which operates Mail.ru) in 2010. Around this time, the likes of Facebook and Google, with their own messaging solutions, came onto the scene, leaving ICQ to flounder. Ultimately, ICQ found a new home in the Russian market as a mobile messaging system until its imminent shutdown. Users are urged to move to the VK Messenger instead.

The demise of ICQ obviously led to a blast of nostalgia on sites like Hacker News, even though it has lost relevance in the West for many years. We’re sad to see this chapter end and will mourn the demise of our UINs (RIP, 61007952) along with our fellow compatriots in the usual IRC channels.

This is what happens when you depend on the grid. Going off the grid doesn’t have to look homemade, either.

Germany’s Solar Expansion And The Negative Effects Of Electricity Overproduction

May 25, 2024 by Maya Posch 184 Comments

Amidst the push for more low-carbon energy, we see the demolishing of one of the pillars of electric grids: that of a careful balancing between supply and demand. This is not just a short-term affair. It also affects the construction of new power plants, investments in transmission capacity, and so on. The problem with having too much capacity is that it effectively destroys the electricity market, as suppliers need to make a profit to sustain and build generators and invest in transmission capacity. This is now the problem that Germany finds itself struggling with due to an overcapacity of variable renewable power sources (VRE) like solar and wind.

With a glut of overcapacity during windy and sunny days, this leads to prices going to zero or even negative. While this may sound positive (pun intended), it means that producers are not being paid. Worse, it means that when, for example, France buys German wind power for negative Euros via the European Electricity Exchange (EEX), it means that Germany actually pays France, instead of vice versa. The highly variable output of wind and solar also means a big increase in curtailment and redispatch measures to keep the grid stable, all of which costs money and drives up operating costs.

Continue reading “Germany’s Solar Expansion And The Negative Effects Of Electricity Overproduction” →

This Week In Security: Drama At The C-Level, Escape Injection, And Audits

May 24, 2024 by Jonathan Bennett 6 Comments

There was something of a mystery this week, with the c.root-servers.net root DNS server falling out of sync with it’s 12 siblings. That’s odd in itself, as these are the 13 servers that keep DNS working for the whole Internet. And yes, that’s a bit of a simplification, it’s not a single server for any of the 13 entities — the C “server” is actually 12 different machines. The intent is for all those hundreds of servers around the world to serve the same DNS information, but over several days this week, the “C” servers just stopped pulling updates.

The most amusing/worrying part of this story is how long it took for the problem to be discovered and addressed. One researcher cracked a ha-ha-only-serious sort of joke, that he had reported the problem to Cogent, the owners of the “C” servers, but they didn’t “seem to understand that they manage a root server”. The problem first started on Saturday, and wasn’t noticed til Tuesday, when the servers were behind by three days. Updates started trickling late Tuesday or early Wednesday, and by the end of Wednesday, the servers were back in sync.

Cogent gave a statement that an “unrelated routing policy change” both affected the zone updates, and the system that should have alerted them to the problem. It seems there might room for an independent organization, monitoring some of this critical Internet Infrastructure.

Continue reading “This Week In Security: Drama At The C-Level, Escape Injection, And Audits” →

Winamp Source Code Will Be Opened Up, Company Says

May 17, 2024 by Maya Posch 58 Comments

Recently the company currently in charge of the Winamp media player – formerly Radionomy, now Llama Group – announced that it will be making the source code of the player ‘available to developers’. Although the peanut gallery immediately seemed to have jumped to the conclusion that this meant that the source would be made available to all on the announced 24 September 2024 date, reading between the lines of the press release gives a different impression.

First there is the sign-up form for ‘FreeLlama’ where interested developers can sign up, with a strong suggestion that only vetted developers will be able to look at the code, which may or may not be accompanied by any non-disclosure agreements. It would seem appropriate to be skeptical considering Winamp’s rocky history since AOL divested of it in 2013 with version 5.666 and its new owner Radionomy not doing much development on the software except for adding NFT and crypto/blockchain features in 2022. The subsequent Winamp online service doubled down on this.

Naturally it would be great to see Winamp become a flourishing OSS project for the two dozen of us who still use Winamp on a daily base, but the proof will be in the non-NFT pudding, as the saying goes.

Improved 3D Scanning Rig Adds Full-Sized Camera Support

May 17, 2024 by Bryan Cockfield 3 Comments

There are plenty of reasons to pick up or build a 3D scanner. Modeling for animation or special effects, reverse engineering or designing various devices or products, and working with fabrics and clothing are all well within the wide range of uses for these tools. [Vojislav] built one a few years ago which used an array of cameras to capture 3D information but the Pi camera modules used in this build limited the capabilities of the scanner in some ways. [Vojislav]’s latest 3D scanner takes a completely different approach by using a single high-quality camera instead.

The new 3D scanner is built to carry a full-size DSLR camera, its lens, and a light. Much more similarly to how a 3D printer works, the platform moves the camera around the object in programmable steps for the desired 3D scan. The object being scanned sits on a rotating plate as well, allowing for the entire object to be scanned without needing to move the camera through a full 180° in two axes. The scanner can also be used for scanning more 2D objects while capturing information about texture, such as various textiles.

For anyone looking to reproduce something like this, [Vojislav] has made all of the plans for this build available on the project’s GitHub page including some sample gcode to demonstrate the intended use for the scanner. On the other hand, if you’re short the often large amount of funding required to get a DSLR camera, his older 3D scanner is still worth taking a look at as well.

Continue reading “Improved 3D Scanning Rig Adds Full-Sized Camera Support” →