This Week In Security: Your Car’s Extended Warranty, Seizing The Fediverse, And Arm MTE

August 4, 2023 by Jonathan Bennett 15 Comments

If you’ve answered as many spam calls as I have, you probably hear the warranty scam robocall in your sleep: “We’ve been trying to reach you about your car’s extended warranty.” That particular robocalling operation is about to run out of quarters, as the FCC has announced a nearly $300 million fine levied against that particular operation. The scammers had a list of 500 million phone numbers, and made over five billion calls in three months. Multiple laws were violated, including some really scummy behavior like spoofing employer caller ID, to try to convince people to pick up the call.

Now, that record-setting fine probably isn’t ever going to get paid. The group of companies on the hook for the amount don’t really exist in a meaningful way. The individuals behind the scams are Roy Cox and Aaron Jones, who have already been fined significant amounts and been banned from making telemarketing calls. Neither of those measures put an end to the problem, but going after Avid Telecom, the company that was providing telephone service, did finally put the scheme down.

Mastodon Data Scooped

There are some gotchas to Mastodon. Direct Messages aren’t end-to-end encrypted, your posts are publicly viewable, and if your server operator gets raided by law enforcement, your data gets caught up in the seizure.

The background here is the administrator of the server in question had an unrelated legal issue, and was raided by FBI agents while working on an issue with the Mastodon instance. As a result, when agents seized electronics as evidence, a database backup of the instance was grabbed too. While Mastodon posts are obviously public by design, there is some non-public data to be lost. IP addresses aren’t exactly out of reach of law enforcement, it’s still a bit of personal information that many of us like to avoid publishing. Then there’s hashed passwords. While it’s better than plaintext passwords, having your password hash out there just waiting to be brute-forced is a bit disheartening. But the one that really hurts is that Mastodon doesn’t have end-to-end encryption for private messages. Continue reading “This Week In Security: Your Car’s Extended Warranty, Seizing The Fediverse, And Arm MTE” →

Location of the Duvanny Yar outcrop on the Kolyma River, northeastern Siberia. (Credit: Anastasia Shatilovich et al., 2023)

Nematodes From The Siberian Permafrost Woke Up After A 46,000 Year Long Nap

July 31, 2023 by Maya Posch 25 Comments

The general consensus among us mammals is that if we get very cold, we die. Within the world of nematodes, however, they’d like to differ on that viewpoint. This is demonstrated succinctly after researchers coaxed a batch of these worms back into action after they had been frozen in Siberian permafrost for an estimated 46,000 years. The mechanism underlying this phenomenon is called cryptobiosis, which is essentially a metabolic state that certain lifeforms can enter when environmental conditions become unsuitable.

In the case of nematodes, they hold a number of records, with a group of them having survived the STS-107 Space Shuttle Columbia in 2003 when it broke up during reentry, making it the first known lifeform to have achieved such a feat. During arctic experiments it was found that these roundworms can withstand intracellular freezing even while active depending on its diet. Continue reading “Nematodes From The Siberian Permafrost Woke Up After A 46,000 Year Long Nap” →

The British Government Is Coming For Your Privacy

July 30, 2023 by Jenny List 77 Comments

The list of bad legislation relating to the topic of encryption and privacy is long and inglorious. Usually, these legislative stinkers only affect those unfortunate enough to live in the country that passed them. Still, one upcoming law from the British government should have us all concerned. The Online Safety Bill started as the usual think-of-the-children stuff, but as the EFF notes, some of its proposed powers have the potential to undermine encryption worldwide.

At issue is the proposal that services with strong encryption incorporate government-sanctioned backdoors to give the spooks free rein to snoop on communications. We imagine that this will be of significant interest to some of the world’s less savoury regimes, a club we can’t honestly say the current UK government doesn’t seem hell-bent on joining. The Bill has had a tumultuous passage through the Lords, the UK upper house, but PM Rishi Sunak’s administration has proved unbending.

If there’s a silver lining to this legislative train wreck, it’s that many of the global tech companies are likely to pull their products from the UK market rather than comply. We understand that UK lawmakers are partial to encrypted online messaging platforms. Thus, there will be poetic justice in their voting once more for a disastrous bill with the unintended consequence of taking away something they rely on.

Header image: DaniKauf, CC BY-SA 3.0.

Voyager Command Glitch Causes Unplanned Pause In Communications

July 29, 2023 by Dan Maloney 31 Comments

Important safety tip: When you’re sending commands to the second-most-distant space probe ever launched, make really, really sure that what you send isn’t going to cause any problems.

According to NASA, that’s just what happened to Voyager 2 last week, when uplinked commands unexpectedly shifted the 46-year-old spacecraft’s orientation by just a couple of degrees. Of course, at a distance of nearly 20 billion kilometers, even fractions of a degree can make a huge difference, especially since the spacecraft’s high-gain antenna (HGA) is set up for very narrow beamwidths; 2.3° on the S-band channel, and a razor-thin 0.5° on the X-band side. That means that communications between the spacecraft and the Canberra Deep Space Communication Complex — the only station capable of talking to Voyager 2 now that it has dipped so far below the plane of the ecliptic — are on pause until the spacecraft is reoriented.

Luckily, NASA considered this as a possibility and built safety routines into Voyager‘s program that will hopefully get it back on track. The program uses the onboard star tracker to get a fix on the bright star Canopus, and from there figures out which way the spacecraft needs to move to get pointed back at Earth. The contingency program runs automatically several times a year, just in case something like this happens.

That’s the good news; the bad news is that the program won’t run again until October 15. While that’s really not that far away, mission controllers will no doubt find it an agonizingly long time to be incommunicado. And while NASA is outwardly confident that communications will be restored, there’s no way to be sure until we actually get to October and see what happens. Fingers crossed.

A Deep Dive On Battery Life

July 28, 2023 by Bryan Cockfield 12 Comments

There are all kinds of old wives’ tales surrounding proper battery use floating around in the popular culture. Things like needing to fully discharge a battery every so often, unplugging devices when they’re fully charged, or keeping batteries in the fridge are all examples that have some kernel of truth to them but often are improperly applied. If you really want to know the truth about a specific battery, its behavior, and its features, it helps to dig in and actually take some measurements directly like [Tyler] has done with a vast array of embedded batteries in IoT devices.

[Tyler] is a firmware engineer by trade, so he is deeply familiar with this type of small battery. Battery performance can change dramatically under all kinds of scenarios, most important among them being temperature. But even the same type of battery can behave differently to others that are otherwise identical, which is why it’s important to have metrics for the batteries themselves and be able to measure them to identify behaviors and possible problems. [Tyler] has a system of best practices in place for monitoring battery performance, especially after things like firmware upgrades since small software changes can often have a decent impact on battery performance.

While working with huge fleets of devices, [Tyler] outlines plenty of methods for working with batteries, deploying them, and making sure they’re working well for customers. A lot of it is extremely useful for other engineers looking to develop large-scale products like this but it’s also good knowledge to have for those of us rolling out our own one-off projects that will operate under battery power. After all, not caring for one’s lithium batteries can have disastrous consequences.

This Month’s World’s Largest Wind Turbine Goes Operational

July 26, 2023 by Chris Lott 56 Comments

A new wind turbine installed in the Taiwan Strait went online last week, as part of the Fujian offshore wind farm project by the China Three Gorges Corporation (CTG). The system is the MySE 16-260, designed by the Ming Yang Wind Power Group, one of the leading manufacturers of wind turbines in the world. The numbers are staggering, the 16MW generator is projected to provide 66 GWh (gigawatt-hours) to the power grid annually. And this is a hefty installation, with a 260 m rotor diameter ( three each 123 m blades ) sitting atop a 152 m tower. The location is both a blessing and a curse, being an area of the Pacific that experiences Beaufort level 7 winds ( near gale, whole trees in motion ) for more than 200 days per year. Understandably, the tower and support structures are beefy, designed to survive sustained winds of 287 km/h.

This 16 MW installation surpasses the previous record holder, announced this January — the Vestas V236-15.0MW turbine with 115.5 m blades, located in Denmark’s Østerild Wind Turbine Test Center. But wait … Ming Yang also announced in January their new 18 MW turbine with 140 m long blades.

We imagine that there will eventually be a natural plateau, where the cost of the next humongous installation approaches or exceeds that of multiple smaller ones. Or will these multi-megawatt turbine systems just keep leapfrogging each other, year after year? Let us know your thoughts in the comments below.

Procrastinators Rejoice! 2023 Supercon Call For Participation Extended

July 25, 2023 by Elliot Williams 4 Comments

When we closed the official Call for Participation for both workshops and talks last week, a good handful of folks wrote to us and asked if they could slip their presentation application in after the deadline. Who are we to say “no” to potential presenters? We want to see all the ideas!

We’re officially extending the Call for Speakers and the Call for Workshops for another week. Get your outline in before Aug. 1st at 9:00 AM PDT, and it’ll be in the selection for Supercon. (And no, we’re not going to extend it twice!)

The Hackaday Superconference is really and truly our favorite event of the year. It’s small, but not too small. The ideas everyone brings with them, however, are big. It’s like the absolute best of Hackaday live and in person. If you’re looking for a place to give a technical talk, or just to regale us all with the trials and triumphs of hacking, you won’t find a more receptive audience anywhere. Plus, presenters get in free.

Behind the scenes, we’re still working on the badge, but we’ve got many of the details fully hammered down. Expect tickets to go on sale in the second week of August – early bird tickets sell out fast. Keep your eyes on Hackaday for the announcement post when it goes live.

We know that November seems a long way out, but we’re looking forward to seeing you all already. Hooray for Supercon!