News

3667 Articles

NASA’s Curiosity Mars Rover Gets A Major Software Upgrade

May 2, 2023 by 21 Comments

Although the Curiosity rover has been well out of the reach of human hands since it touched down on Mars’ surface in 2012, this doesn’t mean that it isn’t getting constant upgrades. Via its communication link with Earth it receives regular firmware updates, with the most recent one being the largest one since 2016. In addition to code clean-up and small tweaks to message formats, this new change should make Curiosity both smarter and have its wheels last longer.

The former helps to avoid the long idle times between navigating, as unlike its younger sibling, Curiosity does not have the dedicated navigation computer for more autonomous driving. Although it won’t make the 11-year old rover as nimble as its sibling, it should shorten these pauses and allow for more navigating and science to be done. Finally, the change to reduce wear on the wheels is fairly simple, but should be rather effective: this affects the amount of steering that Curiosity needs to do while driving in an arc.

With these changes in place, Curiosity should be all ready to receive its newest sibling as it arrives in a few years along with even more Mars helicopters.

Getting Ready For Act 2 Of The Great American Eclipse

May 2, 2023 by 41 Comments

It seems like only yesterday that the “Great American Eclipse” swept from coast to coast, and for those who were lucky enough to watch it from along the path of totality, it was a true life experience. No natural phenomenon can compete with the beauty of a total solar eclipse, and if there’s one thing I heard more than anything else in those golden moments after the Sun returned from behind the Moon, it was, “When’s the next one?” Everyone wanted to do it again, and for good reason.

Back in 2017, that question was kind of rhetorical; everyone knew the next eclipse to cross the United States was a mere seven years off. For me personally, the passage of time has not dampened my enthusiasm for eclipses one bit, and I suspect the feeling is mutual among the many people who gazed in wonder and childlike glee at the celestial proceedings of 2017. But except for the very lucky who live within the path of totality, mounting an expedition that optimizes the viewing experience takes preparation. Now that we’re a little less than a year away for the next one, it’s time to get geared up and make plans for the 2024 eclipse.

Where and When?

The 2017 eclipse’s “Great American Eclipse” moniker was well earned, as the continental United States was the sole beneficiary of the view. This time around, the US isn’t the only country along the path; Mexico and Canada will also get in on the fun. In fact, Mexico may well be the best place to watch the eclipse from, but more on that later. Continue reading “Getting Ready For Act 2 Of The Great American Eclipse”

ESA’s Jupiter-bound Probe Hits Antenna Snag

May 1, 2023 by 27 Comments

While the few minutes it takes for a spacecraft’s booster rocket to claw its way out of Earth’s gravity well might be the most obviously hazardous period of the mission, an incredible number of things still need to go right before anyone on the ground can truly relax. Space is about as unforgiving an environment as you can imagine, and once your carefully designed vehicle is on its way out to the black, there’s not a whole lot you can do to help it along if things don’t go according to plan.

That’s precisely where the European Space Agency (ESA) currently finds themselves with their Jupiter Icy Moons Explorer (Juice) spacecraft. The April 14th launch from the Guiana Space Centre went off without a hitch, but when the probe’s 16 meter (52 foot) radar antenna was commanded to unfurl, something got jammed up. Judging by the images taken from onboard cameras, the antenna has only extended to roughly 1/3rd its total length.

An onboard view of the antenna.

The going theory is that one of the release pins has gotten stuck somewhere, preventing the antenna from moving any further. If that’s the case, it could mean jiggling the pin a few millimeters would get them back in the game. Unfortunately, there’s no gremlins with little hammers stowed away in the craft, so engineers on the ground will have to get a little more creative. Continue reading “ESA’s Jupiter-bound Probe Hits Antenna Snag”

Patent Spat Leaves DJI Owing Textron $279M

May 1, 2023 by 46 Comments

Patents are the murky waters where technical jargon and legalese meet, and in this vast grey area of interpretation, DJI now owes Textron $279M.

At issue in the case were two patents issued to Textron (#8,014,909 and #9,162,752) regarding aircraft control systems for relative positioning to other vehicles and automatic hovering. The jury found that Textron’s intellectual property (IP) had been infringed and that damages amounted to $279M. DJI asserts that Textron’s patents are not valid and will appeal the decision. Appeals in patent trials are handled by the Federal Circuit and can be kicked up to the US Supreme Court, so don’t expect a final decision in the case anytime soon.

We’re not lawyers, so we won’t comment on the merits of the case, but, while it was a jury trial, it was one of many cases decided in the court of Judge Alan Albright, who has been the focus of scrutiny despite efforts to assign fewer cases to his docket amid wider efforts to stymie venue shopping in patent cases. Despite these efforts, the Western District of Texas is such a popular venue for patent cases that Berkeley offers a CEU on going to trial in Waco.

If you’re curious about more IP shenanigans, checkout the Honda mass takedown, the legality of making something similar, or why E3D patents some of their work.

The World’s First Agricultural Right To Repair Law

April 29, 2023 by 29 Comments

Long time readers will know that occasionally we mix up our usual subject matter with a dash of farm equipment. Usually the yellow and green variants that come from John Deere, as the agricultural manufacturer has become the poster child for all that is wrong in the fight for the right to repair. An old Deere is worth more than a nearly new one in many places, because for several years now their models have had all their parts locked down by DRM technologies such that only their own fitters can replace them. Now after a long legal fight involving many parties, the repair and parts company iFixit sound justifiably pleased as they announce the world’s first agricultural right to repair law being passed in the US state of Colorado. (Nitter)

This may sound like a small victory, and it will no doubt be followed by further rearguard actions from the industry as similar laws are tabled in other states. But in fact as we read it, with this law in place the game is de facto up for the tractor makers. Once they are required to release any access codes for the Coloradans those same codes will by extension be available to any other farmers, and though we’re guessing they won’t do this, they would be best advised to give up on the whole DRM idea and concentrate instead on making better tractors to fix their by-now-damaged brands.

It’s exciting news for everybody as it proves that right-to-repair legislation is possible, however since this applies only to agricultural machinery the battle is by no means over. Only when all machines and devices have the same protection can we truly be said to have achieved the right to repair.

We’ve reported on this story for a long time, here’s a previous piece of legislation tried in another state.

Thinking Inside The Box

April 29, 2023 by 144 Comments

Last week, I wrote about NASA’s technology demonstrator projects, and how they’ve been runaway successes – both the Mars rovers and the current copter came from such experimental beginnings. I argued that letting some spirit of experimentation into an organization like NASA is probably very fruitful from time to time.

And then a few days later, we saw SpaceX blow up a rocket and completely shred its launch platform in the process. Or maybe it was the other way around, because it looks like the concrete thrown up by the exhaust may have run into the engines, causing the damage that would lead to the vehicle spinning out of control. SpaceX was already working on an alternative launch pad using water-cooled steel, but it ran what it had. They’re calling the mission a success because of what they learned, but it’s clearly a qualified success. They’ll rebuild and try again.

In comparison, the other US-funded rocket run by Boeing, the SLS suffered years of delays, cost tremendous amounts of money, and has half the lift of SpaceX’s Super Heavy. But it made it to space. Science was done, many of the CubeSats onboard got launched, the unmanned capsule orbited the moon, and splashed down safely back on earth. They weren’t particularly taking any big risks, but they got the job done.

The lore around SpaceX is that they’re failing forward to success. And it’s certainly true that they’ve got their Falcon 9 platform down to a routine, at a lower cost per launch than was ever before possible, and that their pace has entirely shaken up the conservative space industry. They’ll probably get there with their Starship / Super Heavy too. SLS was an old-school rocket, and they had boring old flame diverters on their launch pad, which means that SLS will never take off from Mars. On the other hand, one of the two systems has put a payload around the Moon.

Maybe there’s something to be said for thinking inside the box from time to time as well?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

This Week In Security: Session Puzzling, Session Keys, And Speculation

April 28, 2023 by 7 Comments

Last week we briefly mentioned a vulnerability in the Papercut software, and more details and a proof of concept have been published. The vulnerability is one known as session puzzling. That’s essentially where a session variable is used for multiple purposes, or gets incorrectly set. In Papercut, it was possible to trigger the SetupCompleted class on a server that had already finished that initial setup process. And part of SetupCompleted validated the session of the current user. In a normal first-setup case, that might make sense, but as anyone could trigger that code, it allowed anonymous users to jump straight to admin.

The other half of the exploit leverages the “print script” feature, which lets admins write code that runs on printing. A simple java.lang.Runtime.getRuntime().exec('calc.exe'); does the trick to jump from web interface to remote code execution. The indicators of compromise are reasonable generic, including User "admin" logged into the administration interface. and Admin user "admin" modified the print script on printer "".. A Shodan search turns up around 1,700 Papercut servers accessible from the Internet, which prompts the painfully obvious observation that your internal print auditing solution’s web interface definitely should not be exposed online.

Apache Superset

Superset is a nifty data visualization tool for showing charts, graphs, and all sorts of pretty data sets on a dashboard. It also has some weirdness with using web sessions for user management. The session is stored on the user side in a cookie, signed with a secret key. This works great, unless the key used is particularly weak. And guess what, the default configuration of Superset uses a pre-populated secret key. thisismysecretkey is arguably a bad key to start with, but it turns out it’s also shared by more than 70% of the accessible Superset servers.

Continue reading “This Week In Security: Session Puzzling, Session Keys, And Speculation”