News

3640 Articles

Raspberry Pi Files Paperwork With The London Stock Exchange

May 17, 2024 by 27 Comments

If you’re a regular visitor to the Raspberry Pi website and you have a sharp eye, you may have noticed during the last few days a new link has appeared in their footer. Labelled “Investor relations“, it holds links to the documents filed with the London Stock Exchange of their intention to float. In other words, it’s confirmation of their upcoming share offering.

It has been interesting to watch the growth of Raspberry Pi over the last twelve years, from cottage industry producing a thousand boards in China, to dominating the SBC market and launching their own successful silicon. Without either a crystal ball or a window into Eben Upton’s mind, we’re as unreliable as anyone else when it comes to divining their future path. But since we’re guessing that it will involve ever more complex silicon with a raspberry logo, it’s obvious that the float will give them the investment springboard they need.

For those of us who have been around for a long time this isn’t the first company in our corner of the technology world we’ve seen burn brightly. It’s not even the first from Cambridge. Appointing ourselves as pundits though, we’d say that Raspberry Pi’s path to this point has been surprisingly understated, based upon the strength of its products rather than hype, and while Eben is undoubtedly a well-known figure, not based upon a cult of personality. There is already a significant ecosystem around Raspberry Pi, we’d like to think that this move will only strengthen it. We may not be looking at the British Microsoft, but we don’t think we’re looking at another Sinclair either.

This Week In Security: The Time Kernel.org Was Backdoored And Other Stories

May 17, 2024 by 1 Comment

Researchers at Eset have published a huge report on the Ebury malware/botnet (pdf), and one of the high profile targets of this campaign was part of the kernel.org infrastructure. So on one hand, this isn’t new news, as the initial infection happened back in 2011, and was reported then. On the other hand, according to the new Eset report, four kernel.org servers were infected, with two of them possibly compromised for as long as two years. That compromise apparently included credential stealing or password cracking.

The Ebury attackers seem to gain initial access through credential stuffing — a huge list of previously captured credentials are tried one at a time. However, once the malware has a foothold in the network, a combination of automated and manual steps are taken to move laterally. The most obvious is to grab any private SSH keys from that system, and try using them to access other machines on the local network. Ebury also replaces a system library that gets called as a part of sshd, libkeyutils.so. This puts it in a position to quietly capture credentials.

For a targeted attack against a more important target, the people behind Ebury seem to go hands-on-keyboard, using techniques like Man-in-the-Middle attacks against SSH logins on the local network using ARP spoofing. In this case, someone was doing something nasty.

And that doesn’t even start to cover the actual payload. That’s nasty too, hooking into Apache to sniff for usernames and passwords in HTTP/S traffic, redirecting links to malicious sites, and more. And of course, the boring things you might expect, like sending spam, mining for Bitcoin, etc. Ebury isn’t exactly easy to notice, either, since it includes a rootkit module that hooks into system functions to hide itself. Thankfully there are a couple of ways to get a clean shell to look for the malware, like using systemd-run or launching a local shell on the system console.

And the multi-million dollar question: Who was behind this? Sadly we don’t know. A single arrest was made in 2014, and recovered files implicated another Russian citizen, but the latest work indicates this was yet another stolen identity. The rest of the actors behind Ebury have gone to great lengths to remain behind the curtain.

Continue reading “This Week In Security: The Time Kernel.org Was Backdoored And Other Stories”

Hackaday Supercon 2024 Call For Participation: We Want You!

May 15, 2024 by 9 Comments

We’re tremendously excited to be able to announce that the Hackaday Supercon is on for 2024, and will be taking place November 1st through the 3rd in sunny Pasadena, California. As always, Supercon is all about you, the Hackaday community. So put on your thinking caps because we’d like to hear your proposals for talks and workshops! The Call for Speakers and Call for Workshops forms are online now, and you’ve got until July 9th to get yourself signed up.

Supercon is a fantastic event to geek out with your fellow hackers, and to share the inevitable ups and downs that accompany any serious project. Like last year, we’ll be featuring both longer and shorter talks, and hope to get a great mix of both first-time presenters and Hackaday luminaries.

Honestly, just the crowd that Supercon brings together is reason enough to attend, but then you throw in the talks, the badge-hacking, the food, and the miscellaneous shenanigans … it’s an event you really don’t want to miss. And as always, presenters get in for free, get their moment in the sun, and get warm vibes from the Hackaday audience. Get yourself signed up now!

The Alien Energy Crisis Solved

May 14, 2024 by 48 Comments

Since the dawn of the industrial revolution, humans have been searching for more energy. Especially lately, there has been a huge interest in wind, solar, geothermal, and other ways to capture and harness power. However, we have a huge power plant just eight light minutes away: our sun. Oh sure, we toy with solar power, but the amount of sunlight hitting the Earth or even Earth orbit is a tiny fraction of Sol’s total output. But what if you could capture nearly all of the sun’s output? Scientists think that maybe — just maybe — they’ve detected 60 new extraterrestrial civilizations doing just that. At least, that’s what it could be.

[Freeman Dyson] popularized the idea of a Dyson sphere, an artificial sphere surrounding a sun to capture the maximum amount of energy, back in 1960. However, the idea is older and usually credited to [Olaf Stapledon]’s 1937 novel Star Maker. While most people think the sphere would be solid, [Dyson] himself thought it would be a swarm of disjointed collectors owing to the difficulty in creating a solid shell of the required size.

Both SETI and Fermilab have searched for what is thought to be telltale infrared radiation that scientists think would emanate from a star surrounded by spheres or swarms. Several have been located, but there is no conclusive evidence.

The new 60 were identified by analyzing data from the Gaia satellite. Again, the evidence is not conclusive, but small and dim stars that are very bright in infrared can’t be explained by conventional explanations. One way to explain at least some of the stars would be if about 16% of the star was obscured by something like a swarm of Dyson sphere collectors.

There are, of course, more jejune explanations possible. For example, the star might happen to be in front of some more distant IR source. Still, it is tantalizing to think there may be more than 60 high-tech civilizations out there either waiting to meet us or, perhaps, waiting to eat us, depending on how paranoid you are.

New Quadcopter Speed World Record Set At Nearly 500 Km/h

May 13, 2024 by 20 Comments

Making a quadcopter go fast would seem to be quite simple: just strap on powerful motors, aim the quadcopter roughly at where you want it to go fast, and let ‘er rip. Because of aerodynamics and other pesky physical laws there are a few complications to this, of course, but this didn’t deter [Luke Bell] and his father [Mike Bell] from nailing the Guinness World Record for remote-controlled quadcopters on April 21, 2024. During the official run, a top speed of 480.23 km/h was recorded, making it considerably faster than the first version they made, which hit a measly 400 km/h.

For this second iteration of the ‘got to go fast’ quadcopter, the design was scaled up, with more powerful motors and associated electronics added. Naturally, when you’re pushing brushless motors and their ESCs to their limits, stuff can get a bit hot due to the immense currents flowing through the system. This resulted in a number of battery, wire and other fires. Fortunately, the worrying aspect of in-flight stability got addressed pretty well courtesy of a professional drone trainer, and ultimately the world record attempt went off without a hitch.

An endurance test was also attempted, which reached 7.5 km at 180 km/h, and with the clear canopy in from of the camera removed, visual performance was pretty stunning, while still easily reaching 400 km/h. This might make it the perfect high-speed chase camera system.

Thanks to [Craig] for the tip.

Continue reading “New Quadcopter Speed World Record Set At Nearly 500 Km/h”

Autochrome For The 2020s

May 12, 2024 by 2 Comments

For all intents and purposes, photography here in 2024 is digital. Of course chemical photography still exists, and there are a bunch of us who love it for what it is, but even as we hang up our latest strip of negatives to dry we have to admit that it’s no longer mainstream. Among those enthusiasts who work with conventional black-and-white or dye-coupler colour film are a special breed whose chemistry takes them into more obscure pathways.

Wet-collodion plates for example, or in the case of [Jon Hilty], the Lumière autochrome process. This is a colour photography process from the early years of the twentieth century, employing a layer of red, green, and blue grains above a photosensitive emulsion. Its preparation is notoriously difficult, and he’s lightened the load somewhat with the clever use of CNC machinery to automate some of it.

Pressing the plates via CNC

His web site has the full details of how he prepares and exposes the plates, so perhaps it’s best here to recap how it works. Red, green, and blue dyed potato starch grains are laid uniformly on a glass plate, then dried and pressed to form a random array of tiny RGB filters. The photographic emulsion is laid on top of that, and once it is ready the exposure is made from the glass side do the light passes through the filters.

If the emulsion is then developed using a reversal process as for example a slide would be, the result is a black and white image bearing colour information in that random array, which when viewed has red, green, and blue light from those starch filters passing through it. To the viewer’s eye, this then appears as a colour image.

We can’t help being fascinated by the autochrome process, and while we know we’ll never do it ourselves it’s great to see someone else working with it and producing 21st century plates that look a hundred years old.

While this may be the first time we’ve featured such a deep dive into autochrome, it’s certainly not the first time we’ve looked at alternative photographic chemistries.

Software Bug Results In Insulin Pump Injuries, Spurs Recall

May 11, 2024 by 24 Comments

Managing Type 1 diabetes is a high-stakes balancing act — too much or too little insulin is a bad thing, resulting in blood glucose levels that deviate from a narrow range with potentially dire consequences on either side. Many diabetics choose to use an insulin pump to make managing all this easier, but as a recent recall of insulin pump software by the US Food and Drug Administration shows, technology isn’t foolproof.

Thankfully, the recall is very narrow in scope. It’s targeted at users of the Tandem t:slim X2 insulin pump, and specifically the companion application running on iOS devices. The mobile app is intended to run on the user’s phone to monitor and control the pump. The pump itself is a small, rechargeable device that users often keep on their belt or tucked into a pocket that delivers a slow, steady infusion of insulin during the day, plus larger bolus doses to compensate for meals.

The t:slim X2 insulin pump.

But version 2.7 of the t:connect mobile app can crash unexpectedly, and on iOS devices, that can lead to the OS continually relaunching it. Each time it does this, the app tries to reconnect with the pump via Bluetooth, which eventually runs down the battery in the pump. Once the battery is dead, no more insulin can be delivered, potentially leading to a condition called hyperglycemia (“hyper” meaning an excess, “gly” referring to sugar, and “emia” meaning presence in blood — excess sugar in the blood.)

Untreated hyperglycemia can progress to a much more serious state called diabetic ketoacidosis, which can lead to coma and death. Thankfully, nobody has suffered that fate from this bug, but the FDA has received over 200 reports of injuries, hence the recall. Tandem sent out a notice to all affected customers back in March to update their apps, but it’s still possible that some users didn’t get the message.

Apart from the human cost of this bug, there’s a lesson here about software design and unintended consequences. While it intuitively seems like a great idea to automatically relaunch a crashed app, especially one with a critical life-safety function, in hindsight, the better course might have been to just go into a safe mode and alert the user with an alarm. That’s a lesson we’ve learned by exploring space, and it seems to apply here as well.

Images: AdobeStock, Tandem Diabetes