News

3658 Articles

Germany’s Solar Expansion And The Negative Effects Of Electricity Overproduction

May 25, 2024 by 184 Comments

Amidst the push for more low-carbon energy, we see the demolishing of one of the pillars of electric grids: that of a careful balancing between supply and demand. This is not just a short-term affair. It also affects the construction of new power plants, investments in transmission capacity, and so on. The problem with having too much capacity is that it effectively destroys the electricity market, as suppliers need to make a profit to sustain and build generators and invest in transmission capacity. This is now the problem that Germany finds itself struggling with due to an overcapacity of variable renewable power sources (VRE) like solar and wind.

With a glut of overcapacity during windy and sunny days, this leads to prices going to zero or even negative. While this may sound positive (pun intended), it means that producers are not being paid. Worse, it means that when, for example, France buys German wind power for negative Euros via the European Electricity Exchange (EEX), it means that Germany actually pays France, instead of vice versa. The highly variable output of wind and solar also means a big increase in curtailment and redispatch measures to keep the grid stable, all of which costs money and drives up operating costs.

Continue reading “Germany’s Solar Expansion And The Negative Effects Of Electricity Overproduction”

This Week In Security: Drama At The C-Level, Escape Injection, And Audits

May 24, 2024 by 6 Comments

There was something of a mystery this week, with the c.root-servers.net root DNS server falling out of sync with it’s 12 siblings. That’s odd in itself, as these are the 13 servers that keep DNS working for the whole Internet. And yes, that’s a bit of a simplification, it’s not a single server for any of the 13 entities — the C “server” is actually 12 different machines. The intent is for all those hundreds of servers around the world to serve the same DNS information, but over several days this week, the “C” servers just stopped pulling updates.

The most amusing/worrying part of this story is how long it took for the problem to be discovered and addressed. One researcher cracked a ha-ha-only-serious sort of joke, that he had reported the problem to Cogent, the owners of the “C” servers, but they didn’t “seem to understand that they manage a root server”. The problem first started on Saturday, and wasn’t noticed til Tuesday, when the servers were behind by three days. Updates started trickling late Tuesday or early Wednesday, and by the end of Wednesday, the servers were back in sync.

Cogent gave a statement that an “unrelated routing policy change” both affected the zone updates, and the system that should have alerted them to the problem. It seems there might room for an independent organization, monitoring some of this critical Internet Infrastructure.

Continue reading “This Week In Security: Drama At The C-Level, Escape Injection, And Audits”

Winamp Source Code Will Be Opened Up, Company Says

May 17, 2024 by 58 Comments

Recently the company currently in charge of the Winamp media player – formerly Radionomy, now Llama Group – announced that it will be making the source code of the player ‘available to developers’. Although the peanut gallery immediately seemed to have jumped to the conclusion that this meant that the source would be made available to all on the announced 24 September 2024 date, reading between the lines of the press release gives a different impression.

First there is the sign-up form for ‘FreeLlama’ where interested developers can sign up, with a strong suggestion that only vetted developers will be able to look at the code, which may or may not be accompanied by any non-disclosure agreements. It would seem appropriate to be skeptical considering Winamp’s rocky history since AOL divested of it in 2013 with version 5.666 and its new owner Radionomy not doing much development on the software except for adding NFT and crypto/blockchain features in 2022. The subsequent Winamp online service doubled down on this.

Naturally it would be great to see Winamp become a flourishing OSS project for the two dozen of us who still use Winamp on a daily base, but the proof will be in the non-NFT pudding, as the saying goes.

Improved 3D Scanning Rig Adds Full-Sized Camera Support

May 17, 2024 by 3 Comments

There are plenty of reasons to pick up or build a 3D scanner. Modeling for animation or special effects, reverse engineering or designing various devices or products, and working with fabrics and clothing are all well within the wide range of uses for these tools. [Vojislav] built one a few years ago which used an array of cameras to capture 3D information but the Pi camera modules used in this build limited the capabilities of the scanner in some ways. [Vojislav]’s latest 3D scanner takes a completely different approach by using a single high-quality camera instead.

The new 3D scanner is built to carry a full-size DSLR camera, its lens, and a light. Much more similarly to how a 3D printer works, the platform moves the camera around the object in programmable steps for the desired 3D scan. The object being scanned sits on a rotating plate as well, allowing for the entire object to be scanned without needing to move the camera through a full 180° in two axes. The scanner can also be used for scanning more 2D objects while capturing information about texture, such as various textiles.

For anyone looking to reproduce something like this, [Vojislav] has made all of the plans for this build available on the project’s GitHub page including some sample gcode to demonstrate the intended use for the scanner. On the other hand, if you’re short the often large amount of funding required to get a DSLR camera, his older 3D scanner is still worth taking a look at as well.

Continue reading “Improved 3D Scanning Rig Adds Full-Sized Camera Support”

Raspberry Pi Files Paperwork With The London Stock Exchange

May 17, 2024 by 27 Comments

If you’re a regular visitor to the Raspberry Pi website and you have a sharp eye, you may have noticed during the last few days a new link has appeared in their footer. Labelled “Investor relations“, it holds links to the documents filed with the London Stock Exchange of their intention to float. In other words, it’s confirmation of their upcoming share offering.

It has been interesting to watch the growth of Raspberry Pi over the last twelve years, from cottage industry producing a thousand boards in China, to dominating the SBC market and launching their own successful silicon. Without either a crystal ball or a window into Eben Upton’s mind, we’re as unreliable as anyone else when it comes to divining their future path. But since we’re guessing that it will involve ever more complex silicon with a raspberry logo, it’s obvious that the float will give them the investment springboard they need.

For those of us who have been around for a long time this isn’t the first company in our corner of the technology world we’ve seen burn brightly. It’s not even the first from Cambridge. Appointing ourselves as pundits though, we’d say that Raspberry Pi’s path to this point has been surprisingly understated, based upon the strength of its products rather than hype, and while Eben is undoubtedly a well-known figure, not based upon a cult of personality. There is already a significant ecosystem around Raspberry Pi, we’d like to think that this move will only strengthen it. We may not be looking at the British Microsoft, but we don’t think we’re looking at another Sinclair either.

This Week In Security: The Time Kernel.org Was Backdoored And Other Stories

May 17, 2024 by 1 Comment

Researchers at Eset have published a huge report on the Ebury malware/botnet (pdf), and one of the high profile targets of this campaign was part of the kernel.org infrastructure. So on one hand, this isn’t new news, as the initial infection happened back in 2011, and was reported then. On the other hand, according to the new Eset report, four kernel.org servers were infected, with two of them possibly compromised for as long as two years. That compromise apparently included credential stealing or password cracking.

The Ebury attackers seem to gain initial access through credential stuffing — a huge list of previously captured credentials are tried one at a time. However, once the malware has a foothold in the network, a combination of automated and manual steps are taken to move laterally. The most obvious is to grab any private SSH keys from that system, and try using them to access other machines on the local network. Ebury also replaces a system library that gets called as a part of sshd, libkeyutils.so. This puts it in a position to quietly capture credentials.

For a targeted attack against a more important target, the people behind Ebury seem to go hands-on-keyboard, using techniques like Man-in-the-Middle attacks against SSH logins on the local network using ARP spoofing. In this case, someone was doing something nasty.

And that doesn’t even start to cover the actual payload. That’s nasty too, hooking into Apache to sniff for usernames and passwords in HTTP/S traffic, redirecting links to malicious sites, and more. And of course, the boring things you might expect, like sending spam, mining for Bitcoin, etc. Ebury isn’t exactly easy to notice, either, since it includes a rootkit module that hooks into system functions to hide itself. Thankfully there are a couple of ways to get a clean shell to look for the malware, like using systemd-run or launching a local shell on the system console.

And the multi-million dollar question: Who was behind this? Sadly we don’t know. A single arrest was made in 2014, and recovered files implicated another Russian citizen, but the latest work indicates this was yet another stolen identity. The rest of the actors behind Ebury have gone to great lengths to remain behind the curtain.

Continue reading “This Week In Security: The Time Kernel.org Was Backdoored And Other Stories”

Hackaday Supercon 2024 Call For Participation: We Want You!

May 15, 2024 by 9 Comments

We’re tremendously excited to be able to announce that the Hackaday Supercon is on for 2024, and will be taking place November 1st through the 3rd in sunny Pasadena, California. As always, Supercon is all about you, the Hackaday community. So put on your thinking caps because we’d like to hear your proposals for talks and workshops! The Call for Speakers and Call for Workshops forms are online now, and you’ve got until July 9th to get yourself signed up.

Supercon is a fantastic event to geek out with your fellow hackers, and to share the inevitable ups and downs that accompany any serious project. Like last year, we’ll be featuring both longer and shorter talks, and hope to get a great mix of both first-time presenters and Hackaday luminaries.

Honestly, just the crowd that Supercon brings together is reason enough to attend, but then you throw in the talks, the badge-hacking, the food, and the miscellaneous shenanigans … it’s an event you really don’t want to miss. And as always, presenters get in for free, get their moment in the sun, and get warm vibes from the Hackaday audience. Get yourself signed up now!