An Unexpected Upset In EV Charging Standards

June 21, 2023 by Navarre Bartz 52 Comments

Last November, Tesla open-sourced parts of its charging infrastructure, not-so-humbly unveiling it as the North American Charging Standard (NACS). It’s finally taking off with a number of manufacturers signing on.

Companies launching “standards” based on their previously proprietary technology in opposition to an established alternative usually leads to standards proliferation. However, with recent announcements from Ford, GM, and Rivian that they would begin supporting NACS in their vehicles, it seems a new dominant standard is supplanting CCS (and the all-but-dead CHAdeMO) in North America.

As Tesla already has the most extensive charging network on the continent and has begun opening it up for other EVs, it makes sense that other marques would want to support NACS, if nothing else to satiate customer demand for a dead-simple charging experience. Dongles are annoying enough for plugging in an external monitor. Having to mess with one while handling high-power electrical connections is less than ideal, to say the least.

If you want to add NACS to your own EV project, the standard is here. We’ve discussed some of the different standards before as well as work toward wirelessly charging EVs (besides the inductive charger on the EV1). It certainly seems like the time to get in on the ground floor of an EV charging empire with an army of Charglas.

Intel To Ship Quantum Chip

June 17, 2023 by Al Williams 29 Comments

In a world of 32-bit and 64-bit processors, it might surprise you to learn that Intel is releasing a 12-bit chip. Oh, wait, we mean 12-qubit. That makes more sense. Code named Tunnel Falls, the chip uses tiny silicon spin quantum bits, which Intel says are more advantageous than other schemes for encoding qubits. There’s a video about the device below.

It is a “research chip” and will be available to universities that might not be able to produce their own hardware. You probably aren’t going to find them listed on your favorite online reseller. Besides, the chip isn’t going to be usable on a breadboard. It is still going to take a lot of support to get it running.

Intel claims the silicon qubit technology is a million times smaller than other qubit types. The size is on the order of a device transistor — 50 nanometers square — simplifying things and allowing denser devices. In silicon spin qubits, information resides in the up or down spin of a single electron.

Of course, even Intel isn’t suggesting that 12 qubits are enough for a game-changing quantum computer, but you do have to start somewhere. This chip may enable more researchers to test the technology and will undoubtedly help Intel accelerate its research to the next step.

There is a lot of talk that silicon is the way to go for scalable quantum computing. It makes you wonder if there’s anything silicon can’t do? You can access today’s limited quantum computers in the proverbial cloud.

Continue reading “Intel To Ship Quantum Chip” →

This Week In Security: ACME.sh, Leaking LEDs, And Android Apps

June 16, 2023 by Jonathan Bennett 3 Comments

Let’s Encrypt has made an enormous difference to the landscape of the web. The protocol used for authenticating and receiving certificates, ACME, has spawned quite a few clients of various flavors. Some are written in Rust, some in Python or Go, and a few in straight Bash shell script. One of those last ones, acme.sh, was doing something odd when talking to a particular “Certificate Authority”, HiCA. This pseudo-CA only supports acme.sh, and now we know why. The folks behind HiCA found an RCE exploit in acme.sh, and decided to use that exploit to do certificate issuance with more “flexability”. Oof.

The nuts and bolts here is that HiCA was working as a CA-in-the-Middle, wrapping other CA’s authentication services. Those services don’t support ACME authentication at all, and HiCA used the acme.sh vulnerability to put the authentication token in the place SSL.com expected to find it. So, just a good community member offering a service that ACME doesn’t quite support, right?

Well, maybe not so innocent. The way it appears this works, is that the end user sends a certificate request to HiCA. HiCA takes that information, and initiates a certificate request off to SSL.com. SSL.com sends back a challenge, and HiCA embeds that challenge in the RCE and sends it to the end user. The end user’s machine triggers the RCE, which pushes the challenge token to the well-known location, and bypasses the ACME protection against exactly this sort of CA-in-the-middle situation.

The last piece of the authentication process is that the signing server reaches out over HTTP to the domain being signed, and looks for the token to be there. Once found, it sends the signed certificates to HiCA, who then forward them on to the end user. And that’s the problem. HiCA has access to the key of every SSL cert they handled. This doesn’t allow encryption, but these keys could be used to impersonate or even launch MitM attacks against those domains. There’s no evidence that HiCA was actually capturing or using those keys, but this company was abusing an RCE to put itself in the position to have that ability.

The takeaway is twofold. First, as an end user, only use reputable CAs. And second, ACME clients need to be hardened against potentially malicious CAs. The fact that HiCA only supported the one ACME client was what led to this discovery, and should have been a warning flag to anyone using the service. Continue reading “This Week In Security: ACME.sh, Leaking LEDs, And Android Apps” →

The FPGA board in question which was programmed to run the algorithm. (Source: iranintl)

Iran’s Military Quantum Claim: It’s Only 99.4% Ridiculous

June 15, 2023 by Maya Posch 19 Comments

When Iran recently announced a quantum processing algorithm (Google translation) that would help its military to detect water surface disturbances, the instant response from Western media was one of ridicule, based on the displayed hardware. The hardware in question was the Digilent ZedBoard Zynq-7000 hybrid SoC/FPGA development board, which can be yours for less than $600.

Seems absurd, and the claim about any realistic military use absolutely is. But buried deep, deep down, there may be a tiny kernel of truth: because quantum computers are inherently parallel, FPGAs can make a good fit for small-scale quantum simulations.

Does this mean that the Iranian Navy would be better off simulating quantum circuits on an FPGA board than on a GPU or even a used laptop? Probably not. Will this hardware serve the proposed military application in the forseeable future? Absolutely not! Was this a misleading and ridiculous photo op? Yup. 100%.

But is emulating qubits in FPGA fabric a real thing? Turns out it is! Let’s have a look.

Continue reading “Iran’s Military Quantum Claim: It’s Only 99.4% Ridiculous” →

Raspberry Pi Pico W Now Supports Bluetooth

June 15, 2023 by Tom Nardi 11 Comments

What’s the best kind of upgrade a piece of consumer technology can get? A free one that doesn’t require you to do anything other than accept a new version of the software it’s running.

That’s precisely what every current (and future) owner of the Raspberry Pi Pico W just got with the addition of Bluetooth support to SDK 1.5.1. This is possible because the CYW43439 radio chipset used on the wireless version of the Pi Pico has always had Bluetooth capabilities, they just weren’t officially accessible from the C or MicroPython environments until now. In a corresponding blog post, [Eben Upton] explains that part of the delay was due to difficulties in getting both WiFi and Bluetooth connections to work simultaneously over the three-pin SPI bus that links the two chips on the board.

One thing that struck us as particularly interesting here is the use of BlueKitchen’s BTStack to provide support for both Bluetooth Classic and Low Energy profiles. This library is released under a modified version of the BSD 3-Clause license that otherwise specifically forbids commercial usage. That would be a problem for anyone who wanted to sell a gadget built around the Pico W, so Raspberry Pi Ltd negotiated — and presumably paid for — a special dispensation so commercial use is in the clear.

We should note that technically Bluetooth support was available in a beta state previously, albeit without this new license agreement made with BlueKitchen. Though anyone with a keen eye knew Bluetooth support was coming well before that, our own [Elliot Williams] called it when he first set eyes on the Pi Pico W back in 2022.

Diagram of the Sun. (Credit: Kelvinsong)

Parker Solar Probe’s Confirmation Of Interchange Reconnection Being The Source Of Fast Solar Wind

June 14, 2023 by Maya Posch 4 Comments

Although experimental verification is at the heart of the scientific method, there is quite a difficulty range when it comes to setting up such an experiment. Testing what underlies the formation of the fast solar winds that are ejected from coronal holes in the Sun’s corona is one of these tricky experimental setups. Yet it would seem that we now have our answer, with a newly published paper in Nature by S. D. Bale and colleagues detailing what we learned courtesy of the Parker Solar Probe (PSP), which has been on its way to the Sun since it was launched in August of 2018 from Earth.

Artist rendition of the Parker Solar Probe. (Credit: NASA)

The Sun’s solar wind is the name for a stream of charged particles which are ejected from the Sun’s corona, with generally two types being distinguished: slow and fast solar winds. The former type appears to originate from the Sun’s equatorial belt and gently saunters away from the Sun at a mere 300 – 500 km/s with a balmy temperature of 100 MK.

The fast solar wind originates from coronal holes, which are temporary regions of cooler, less dense plasma within the corona. These coronal holes are notable for being regions where the Sun’s magnetic field extends into interplanetary space as an open field, along which the charged particles of the corona can escape the Sun’s gravitational field.

These properties of coronal holes allow the resulting stream to travel at speeds around 750 km/s and a blistering 800 MK. What was unclear up till this point was exactly what powers the acceleration of the plasma. It was postulated that the source could be wave heating, as well as interchange reconnection, but with the PSP now close enough to perform the relevant measurements, the evidence points to the latter.

Essentially, interchange reconnection is the reestablishing of a coronal hole’s field lines after interaction with convection cells on the Sun’s photosphere. These convection cells draw the magnetic field into a kind of funnel after which the field lines reestablish themselves, which results in the ejection of hotter plasma than with the slow solar wind. Courtesy of the PSP’s measurements, measured fast solar winds could be matched with coronal holes, along with the magnetic fields. This gives us the clearest picture yet of how this phenomenon works, and how we might be able to predict it.

(Heading image: Diagram of the Sun. (Credit: Kelvinsong) )

Google Home Scripting

June 14, 2023 by Al Williams 14 Comments

It is always controversial to have home assistants like the ones from Google or Amazon. There are privacy concerns, of course. Plus they maddeningly don’t always do what you intend for them to do. However, if you do have one, you’ve probably thought about something you wanted to do that would require programming. Sure, you can usually do a simple list, but really writing code wasn’t on the menu. But now, Google Home will allow you to write code. Well, at least script using a YAML file.

The script language is available in the web app and if you opt in on the mobile app as well. There’s a variety of ways you can trigger scripts and many examples you can start with.

Continue reading “Google Home Scripting” →