Multispectral Imaging Shows Erased Evidence Of Ancient Star Catalogue

September 18, 2023 by Donald Papp 43 Comments

Ancient Greek astronomer Hipparchus worked to accurately catalog and record the coordinates of celestial objects. But while Hipparchus’ Star Catalogue is known to have existed, the document itself is lost to history. Even so, new evidence has come to light thanks to patient work and multispectral imaging.

Hipparchus’ Star Catalogue is the earliest known attempt to record the positions of celestial bodies (predating Claudius Ptolemy’s work in the second century, which scholars believe was probably substantially based on Hipparchus) but direct evidence of the document is slim. Continue reading “Multispectral Imaging Shows Erased Evidence Of Ancient Star Catalogue” →

Helping Robots Learn By Letting Them Fail

September 17, 2023 by Richard Baguley 12 Comments

The [MIT Technology Review] has just released its annual list of the top innovators under the age of 35, and there are some interesting people on this list of the annoyingly accomplished at a young age. Like [Lerrel Pinto], an associate professor of computer science at NY University. His work focuses on teaching robots how to do things in the home by failing.

Continue reading “Helping Robots Learn By Letting Them Fail” →

Two white Chevy Bolt hatchbacks sit side-by-side, immobilized in the street, their roofs festooned with sensors and an orange cone on their hoods like a snowman's nose pointed toward the sky.

Coning Cars For Fun And Non-Profit

September 15, 2023 by Navarre Bartz 61 Comments

Self-driving cars are being heralded as the wave of the future, but there have been many hiccups along the way. The newest is activists showing how autonomous vehicles are easy to hack with a simple traffic cone.

As we’ve discussed before, self-driving cars aren’t actually that great at driving, and there are a number of conditions that can cause them to fail safe and stop in the middle of the road. Activist group Safe Street Rebel is exploiting this vulnerability by “coning” Waymo and Cruise vehicles in San Francisco. By placing a traffic cone on the vehicle’s hood in the way of the sensors and cameras used to navigate the streets, the vehicles are rendered inoperable. Continue reading “Coning Cars For Fun And Non-Profit” →

This Week In Security: Blastpass, MGM Heist, And Killer Themes

September 15, 2023 by Jonathan Bennett 7 Comments

There’s yet another 0-day exploit chain discovered as part of NSO Group’s Pegasus malware suite. This one is known as BLASTPASS, and it’s a nasty one. There’s no user interaction required, just receiving an iMessage containing a malicious PassKit attachment.

We have two CVEs issued so far. CVE-2023-41064 is a classic buffer overflow in ImageIO, the Apple framework for universal file format read and write. Then CVE-2023-41061 is a problem in the iOS Wallet implementation. Release 16.6.1 of the mobile OS addresses these issues, and updates have rolled out for macOS 11, 12, and 13.

It’s worth noting that Apple’s Lockdown mode does seem to block this particular exploit chain. Citizen Lab suggests that high-risk users of Apple hardware enable Lockdown Mode for that extra measure of security. Continue reading “This Week In Security: Blastpass, MGM Heist, And Killer Themes” →

How Three Letters Brought Down UK Air Traffic Control

September 13, 2023 by Jenny List 51 Comments

The UK bank holiday weekend at the end of August is a national holiday in which it sometimes seems the entire country ups sticks and makes for somewhere with a beach. This year though, many of them couldn’t, because the country’s NATS air traffic system went down and stranded many to grumble in the heat of a crowded terminal. At the time it was blamed on faulty flight data, but news now emerges that the data which brought down an entire country’s air traffic control may have not been faulty at all.

Armed with the official incident report and publicly available flight data, Internet sleuths theorize that the trouble was due to one particular flight: French Bee flight 731 from Los Angeles to Paris. The flight itself was unremarkable, but the data which sent the NATS computers into a tailspin came from two of its waypoints — Devil’s Lake Wisconsin and Deauville Normandy — having the same DVL identifier. Given the vast distance between the two points, the system believed it was looking at a faulty route, and refused to process it. A backup system automatically stepped in to try and reconcile the data, but it made the same determination as the primary software, so the whole system apparently ground to a halt.

It’s important to note that there was nothing wrong with the flight plan entered in by the French Bee pilots, and that early stories blaming faulty data were themselves at fault. However we are guessing that air traffic software developers worldwide are currently scrambling to check their code for this particular bug. We’re fortunate indeed that safety wasn’t compromised and only inconvenience was the major outcome.

Air traffic control doesn’t feature here too often, but we’ve previously looked at a much earlier system.

Header image: John Evans, CC BY-SA 2.0.

Logic Analyzers: Capabilities And Limitations

September 12, 2023 by Arya Voronova 12 Comments

Last time, we’ve used a logic analyzer to investigate the ID_SD and ID_SC pins on a Raspberry Pi, which turned out to be regular I2C, and then we hacked hotplug into the Raspberry Pi camera code with an external MCU. Such an exercise makes logic analyzers look easy, and that’s because they are! If you have a logic analyzer, you’ll find that a whole bunch of hacks become available to you.

In this article, let’s figure out places where you can use a logic analyzer, and places where you can’t. We’ll start with the first limitation of logic analyzers – capture speed. For instance, here’s a cool thing you can buy on Aliexpress – a wristband from TTGO that looks like a usual fitness tracker, but has an ESP32 in it, together with an IMU, an RTC, and an IPS screen! The seller also has an FFC-connectable devboard for programming this wristband over UART, plus vibromotor and heartrate sensor expansion modules.

You can run C, MicroPython, Rust, JavaScript, or whatever else – just remember to bring your own power saving, because the battery is super small. I intended to run MicroPython on it, however, and have stumbled upon a problem – the ST7735-controller display just wouldn’t work with the st7735.py library I found; my image would be misaligned and inverted.

The specifications didn’t provide much other than “ST7735, 80×160”. Recap – the original code uses an Arduino (C++) ST7735 library and works well, and we have a MicroPython ST7735 library that doesn’t. In addition to that, I was having trouble getting a generic Arduino ST7735 library to work, too. Usually, such a problem is caused by the initialization commands being slightly different, and the reason for that is simple – ST7735 is just the name of the controller IC used on the LCD panel.

Each display in existence has specifics that go beyond the controller – the pixels of the panel could be wired up to the controller in a bunch of different ways, with varying offsets and connection types, and the panel might need different LCD charge pump requirements – say, depending on the panel’s properties, you might need to write 0x10 into a certain register of the ST7735, or you will need 0x40. Get one or more of these registers wrong, and you’ll end up with a misaligned image on your display at best, or no output at worst. Continue reading “Logic Analyzers: Capabilities And Limitations” →

An array of 2D barcodes stored on a ceramic medium. Each 2D barcode is 25 micrometers wide.

Cerabyte: One Terabyte Per Square Centimeter

September 8, 2023 by Julian Scheffers 45 Comments

Most of us will at one point have run out of storage and either had to buy a larger driver or delete some of those precious files. This problem can happen to data centers, too, with the ever-increasing amount of data stored on servers across the world. [Cerabyte] aims to fix this, with their ceramic-based media promising 1 TB/cm² of areal density.

To put into perspective just how much better this density is, we can compare it against SSDs and hard drives. At the time of writing, the densest SSD (NAND flash storage) is claimed to be 0.1825 TB/cm² and the densest hard drive is claimed to be 0.1705 TB/cm², which means 5.48 times and 5.87 times more dense respectively. The density improvement doesn’t end there — both an SSD and a single HDD platter might be a couple millimeters tall, while a [Cerabyte] layer claims to be merely 50 atoms tall.

[Cerabyte] aims to create 10 PB (10,000 TB) and later 1 EB (1,000,000 TB) racks with their technology, a feat difficult to achieve with mere hard drives. The ceramic-based media is written to using lasers and read from with a microscope, though throughput is limited to a “mere” 1 GB/s, which means filling that one rack could take as long as 110 days. Despite the relatively slow access times, we think this new storage technology is impressive, assuming [Cerabyte] succeeds.

Do you need so much storage that even [Cerabyte] can’t satisfy your needs? Simply use YouTube as infinite storage!