News

3612 Articles

2023 Hackaday Supercon Tickets On Sale Now!

August 14, 2023 by 12 Comments

The 2023 Hackaday Superconference isn’t taking place until November, but the time to get your tickets is right now.

Hackaday’s Supercon is far and away the coolest hardware-focused hacker con of the year, and if you’re Hackaday, you absolutely want to be there. Honestly, just the crowd that Supercon brings together is reason enough to attend, but then you throw in the talks, the badge-hacking, the food, and the miscellaneous shenanigans … it’s an event you really don’t want to miss.

We’ll be announcing the speaker and workshop lineups in the upcoming weeks, but as always, we’re opening up a number of True Believer tickets for those of you who know you’ll be coming no matter what. Head on over to Eventbrite now and secure yours before they’re all gone. These usually sell out within the first few hours of being announced, so if you’re reading this right now, don’t hesitate.

Supercon is a small and friendly event, and it will be a long weekend that you’ll be looking back on fondly for the rest of the year. Whether you’ve been every time or whether you have always wanted to see what the hype is about, we can’t wait to see you all there. Come join us!

Blinded With Science

August 12, 2023 by 62 Comments

So the room-temperature superconductor was a super disappointment, but even though the claims didn’t stand up in the end, the even better news is that real science was done. A paper making extraordinary claims came out, the procedure to make LK-99 was followed in multiple labs around the world, and then it was tested. It didn’t turn out to conduct particularly well at all. After a couple weeks of global superconductor frenzy, everything is back to normal again.

What the heck happened? First of all, the paper itself made extravagant claims about a holy-grail kind of material. There was a very tantalizing image of a black pellet floating in mid air, which certainly seems like magic, even though it’s probably only run-of-the-mill ferromagnetism in the end. But it made for a great photo-op in a news-starved August, and the then-still-Twitterverse took to it by storm. And then the news outlets piled on the hype fest.

If you’re feeling duped by the whole turn of events, you’re not alone. But the warning signs were there from the beginning, if you took the time to look. For me, it was the closing line of the paper: “We believe that our new development will be a brand-new historical event that opens a new era for humankind.”

That’s not the kind of healthy skepticism and cautious conclusion that real science runs best on. Reading the paper, I had almost no understanding of the underlying materials science, but I knew enough about human nature to suspect that the authors had rushed the paper out the door without sufficient scrutiny.

How can we keep from being fooled again? Carl Sagan’s maxim that “extraordinary claims require extraordinary evidence” is a good start. To that, I would add that science moves slowly, and that extraordinary evidence can only accumulate over time. So when you see hype science, simply wait to draw any conclusions. If it is the dawn of a new era, you’ll have a lot of time to figure out what room-temperature superconductivity means to you in the rosy future. And if it’s just a flash in the pan, you won’t have gotten your hopes up.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

This Week In Security: It’s Con Season

August 11, 2023 by 8 Comments

It must be Blackhat/DEFCON season. Up first in the storm of named vulnerabilities, we have Downfall. The PDF has the juicy details here. It’s quite similar to the Zenbleed issue from last week, in that it abuses speculative execution to leak data via a hidden register. Unlike Zenbleed, this isn’t direct access, but using cache timing analysis to extract individual bytes using a FLUSH+RELOAD approach.

The key to the vulnerability is the gather instruction, which pulls data from multiple locations in memory, often used to run a followup instruction on multiple bytes of data at once. The gather instruction is complex, takes multiple clock cycles to execute, and uses several tricks to execute faster, including managing buffers to avoid multiple reads. In certain cases, that instruction can be interrupted before it completes, leaving the data in the cache. And this data can be speculatively accessed and the values leaked through timing analysis.

This flaw affects 6th generation Intel Core processors through 11th. Mitigations are already rolling out via a microcode update, but do carry a performance hit for gather instructions. Continue reading “This Week In Security: It’s Con Season”

Pedal Car Vs Ministry Of Transport

August 9, 2023 by 49 Comments

[Tim] from the “Way Out West” Youtube channels has started a fun project — building a wooden pedal-car heavily inspired by “Bugsy Malone”. The kids-sized gangsters in that movie got around in kid-sized pedal cars. Apparently kid-sized [Tim] just loved the idea, but just didn’t have the skills or tools to try to build one. But the time has come, and he has spent years putting together a workshop, tools, and skills.

The goal is a 4-wheeled vehicle that can actually be enclosed, to keep the driver out of the rain. It would be petal powered, with an optional electric assist. It should be made of simple materials, like plywood and epoxy. The design would be freely shared, and the overall cost hopefully kept low. Come back after the link to find the rest of the story, including the monkey wrench thrown into the works.
Continue reading “Pedal Car Vs Ministry Of Transport”

Voyager 2: Communication Reestablished With One Big Shout

August 4, 2023 by 35 Comments

You could practically hear the collective “PHEW!” as NASA announced that they had reestablished full two-way communications with Voyager 2 on Friday afternoon! Details are few at this point — hopefully we’ll get more information on how this was pulled off, since we suspect there was some interesting wizardry involved. If you haven’t been following along, here’s a quick recap of the situation.

As we previously reported, a wayward command that was sent to Voyager 2, currently almost 19 light-hours distant from Earth, reoriented the spacecraft by a mere two degrees. It doesn’t sound like much, but the very narrow beamwidth on Voyager‘s high-gain antenna and the vast distance put it out of touch with the Canberra Deep Space Network station, currently the only ground station with line-of-sight to the spacecraft. While this was certainly a problem, NASA controllers seemed to take it in stride thanks to a contingency program which would automatically force the spacecraft to realign itself to point at Earth using its Canopus star tracker. The only catch was, that system wasn’t set to engage until October.

With this latest development, it appears that mission controllers weren’t willing to wait that long. Instead, based on what was universally referred to in the non-tech media as a “heartbeat” from Voyager on August 1– it appears that what they were really talking about was the use of multiple antennas at the Canberra site to pick up a weak carrier signal from the probe — they decided to send an “interstellar shout” and attempt to reorient the antenna. The 70-m DSS-43 dish blasted out the message early in the morning of August 2, and 37 hours later, science and engineering data started streaming into the antenna again, indicating that Voyager 2 was pointing back at Earth and operating fine.

Hats off to everyone involved in making this fix and getting humanity’s most remote outpost back online. If you want to follow the heroics in nearly real-time, or just like watching what goes on at the intersection of Big Engineering and Big Science, make sure you check out the Canberra DSN Twitter feed.

This Week In Security: Your Car’s Extended Warranty, Seizing The Fediverse, And Arm MTE

August 4, 2023 by 15 Comments

If you’ve answered as many spam calls as I have, you probably hear the warranty scam robocall in your sleep: “We’ve been trying to reach you about your car’s extended warranty.” That particular robocalling operation is about to run out of quarters, as the FCC has announced a nearly $300 million fine levied against that particular operation. The scammers had a list of 500 million phone numbers, and made over five billion calls in three months. Multiple laws were violated, including some really scummy behavior like spoofing employer caller ID, to try to convince people to pick up the call.

Now, that record-setting fine probably isn’t ever going to get paid. The group of companies on the hook for the amount don’t really exist in a meaningful way. The individuals behind the scams are Roy Cox and Aaron Jones, who have already been fined significant amounts and been banned from making telemarketing calls. Neither of those measures put an end to the problem, but going after Avid Telecom, the company that was providing telephone service, did finally put the scheme down.

Mastodon Data Scooped

There are some gotchas to Mastodon. Direct Messages aren’t end-to-end encrypted, your posts are publicly viewable, and if your server operator gets raided by law enforcement, your data gets caught up in the seizure.

The background here is the administrator of the server in question had an unrelated legal issue, and was raided by FBI agents while working on an issue with the Mastodon instance. As a result, when agents seized electronics as evidence, a database backup of the instance was grabbed too. While Mastodon posts are obviously public by design, there is some non-public data to be lost. IP addresses aren’t exactly out of reach of law enforcement, it’s still a bit of personal information that many of us like to avoid publishing. Then there’s hashed passwords. While it’s better than plaintext passwords, having your password hash out there just waiting to be brute-forced is a bit disheartening. But the one that really hurts is that Mastodon doesn’t have end-to-end encryption for private messages. Continue reading “This Week In Security: Your Car’s Extended Warranty, Seizing The Fediverse, And Arm MTE”

Location of the Duvanny Yar outcrop on the Kolyma River, northeastern Siberia. (Credit: Anastasia Shatilovich et al., 2023)

Nematodes From The Siberian Permafrost Woke Up After A 46,000 Year Long Nap

July 31, 2023 by 25 Comments

The general consensus among us mammals is that if we get very cold, we die. Within the world of nematodes, however, they’d like to differ on that viewpoint. This is demonstrated succinctly after researchers coaxed a batch of these worms back into action after they had been frozen in Siberian permafrost for an estimated 46,000 years. The mechanism underlying this phenomenon is called cryptobiosis, which is essentially a metabolic state that certain lifeforms can enter when environmental conditions become unsuitable.

In the case of nematodes, they hold a number of records, with a group of them having survived the STS-107 Space Shuttle Columbia in 2003 when it broke up during reentry, making it the first known lifeform to have achieved such a feat. During arctic experiments it was found that these roundworms can withstand intracellular freezing even while active depending on its diet. Continue reading “Nematodes From The Siberian Permafrost Woke Up After A 46,000 Year Long Nap”