Updating To Windows 10 For Fun And Profit: Make Those OEM Keys Go Further

Microsoft seems to have an every-other-version curse. We’re not sure how much of this is confirmation bias, but consider the track record of releases. Windows 95 was game-changing, Windows 98 famously crashed during live demo. Windows 2000 was amazing, Windows ME has been nicknamed the “Mistake Edition”. XP was the workhorse of the world for years and years, and Vista was… well, it was Vista. Windows 7 is the current reigning champion of desktop installs, and Windows 8 was the version that put a touchscreen interface on desktops. The “curse” is probably an example of finding patterns just because we’re looking for them, but the stats do show a large crowd clinging to Windows 7.

Windows 10 made a name for itself by automatically installing itself on Windows 7 and Windows 8 computers, much to the annoyance of many unexpecting “victims” of that free upgrade. Several years have gone by, Windows 10 has gotten better, and support for Windows 7 ends in January. If you’re tied to the Windows ecosystem, it’s time to upgrade to Windows 10. It’s too bad you missed out on the free upgrade to Windows 10, right?

About that… It’s probably an unintended side effect, but all valid Windows 7 and Windows 8 keys are also valid Windows 10 keys. Activation is potentially another issue, but we’ll get to that later.

Continue reading “Updating To Windows 10 For Fun And Profit: Make Those OEM Keys Go Further”

The Story Of A Secret Underground Parisian Society

Deep in the heart of Paris, a series of underground tunnels snakes across the city. They cross into unkept public spaces from centuries ago that have since vanished from collective memory – abandoned basements, catacombs, and subways hundreds of miles apart.

Only a few groups still traverse these subterranean streets. One that came into public view a few years ago, Les UX (Urban eXperiment), has since claimed several refurbished developments, including restoring the long neglected Pantheon clock and building an underground cinema, complete with a bar and restaurant.

While the streets of Paris are tame during the day, at night is when Les UX really comes alive. A typical night might involve hiding in the shadows away from potential authorities roaming the streets, descending into the tunnels through a grate in the road, and carrying materials to an agreed upon drop off location. Other nights might involve wedging and climbing over pipes and ladders, following the routes into the basements of buildings left unguarded.
Continue reading “The Story Of A Secret Underground Parisian Society”

Can You Store Renewable Energy In A Big Pile Of Gravel?

As the world grapples with transitioning away from fossil fuels, engineers are hard at work to integrate new types of generation into the power grid. There’s plenty of challenges, particularly around the intermittent nature of many renewable energy sources. Energy storage projects are key to keeping the lights on round the clock, even when the wind isn’t blowing and the sun isn’t shining.

Conventional grid-level energy storage has long made use of pumped hydro installations where water is pumped uphill to a storage reservoir where it can later be used to run a generator. More recently, batteries are being used to do the job. When you consider the cost of these installations and their storage capacities, there is a gap between batteries and pumped hydro. A recently published whitepaper proposes Mountain Gravity Energy Storage — gravity-based energy storage using sand or gravel in mountainous areas — is the technology that can bridge the gap.

Continue reading “Can You Store Renewable Energy In A Big Pile Of Gravel?”

How To Get Into Cars – Choosing Your First Project Car

The automobile is a wonderous invention, perhaps one of the most transformative of the 20th century. They’re machines that often inspire an all-consuming passion, capturing the heart with sights, sounds, and smells. However, for those who grew up isolated from car culture, it can be difficult to know how to approach cars as a hobby. If this sounds like you, fear not – this article is a crash course into getting your feet wet in the world of horsepower.

So You Like Cars, Eh?

Project cars let you do things that you’d never dare attempt in a daily.

The first step to becoming a true gearhead is identifying your specific passion. Car culture is a broad church, and what excites one enthusiast can be boring or even repulsive to another. Oftentimes, the interest can be spawned by a fond memory of a family member’s special ride, or a trip to a motor race during childhood.

Knowing what kind of cars you like is key to your journey. You might fall in love with classic American muscle and drag racing, or always fancied yourself in the seat of a tweaked-out tuner car a la The Fast And The Furious. Movies, posters, magazines, and your local car shows are a great way to figure out what excites you about cars. Once you’ve got an idea of what you like, it’s time to start thinking about picking out your first project car. Continue reading “How To Get Into Cars – Choosing Your First Project Car”

Supercon: The Things You Brought, And A Few You Forgot

Part of the fun of Supercon is that there is so much available in one place. For the price of admission, you’re surrounded by expertise, power, and soldering irons. Digi-Key brought several large parts bins stuffed full of everything from passives to LEDs to chips for people use in hacking away on their badges. But one thing that makes the whole experience really special is the stuff people bring. We don’t just mean the projects you brought to show off, we mean the stuff you bring to enhance your Supercon experience, whether it be tools, bits and bobs, or other fun stuff to play with.

This year was my first Supercon, and you never forget your first. I had a great time, and was overwhelmed by how much awesomeness was going on in one place. I wish Supercon was a simulation I could run again and again so I could listen to every talk, attend every workshop, and spend time talking to everyone about the things they brought and the cool things they’re doing with their time and badges.

Continue reading “Supercon: The Things You Brought, And A Few You Forgot”

This Week In Security:Malicious Previews, VNC Vulnerabilities, Powerwall, And The 5th Amendment

Malware embedded in office documents has been a popular attack for years. Many of those attacks have been fixed, and essentially all the current attacks are unworkable when a document is opened in protected view. There are ways around this, like putting a notice at the top of a document, requesting that the user turn off protected view. [Curtis Brazzell] has been researching phishing, and how attacks can work around mitigations like protected view. He noticed that one of his booby-trapped documents phoned home before it was opened. How exactly? The preview pane.

The Windows Explorer interface has a built-in preview pane, and it helpfully supports Microsoft Office formats. The problem is that the preview isn’t generated using protected view, at least when previewing Word documents. Generating the preview is enough to trigger loading of remote content, and could feasibly be used to trigger other vulnerabilities. [Curtis] notified Microsoft about the issue, and the response was slightly disappointing. His discovery is officially considered a bug, but not a vulnerability.

VNC Vulnerabilities

Researchers at Kaspersky took a hard look at several VNC implementations, and uncovered a total of 37 CVEs so far. It seems that several VNC projects share a rather old code-base, and it contains a plethora of potential bugs. VNC should be treated similarly to RDP — don’t expose it to the internet, and don’t connect to unknown servers. The protocol wasn’t written with security in mind, and none of the implementations have been sufficiently security hardened.

Examples of flaws include: Checking that a message doesn’t overflow the buffer after having copied it into said buffer. Another code snippet reads a variable length message into a fixed length buffer without any length checks. That particular function was originally written at AT&T labs back in the late 90s, and has been copied into multiple projects since then.

There is a potential downside to open source that is highlighted here. Open source allows poorly written code to spread. This isn’t a knock against open source, but rather a warning to the reader. Just because code or a project uses an OSS license doesn’t mean it’s secure or high quality code. There are more vulnerabilities still in the process of being fixed, so watch out for the rest of this story. Continue reading “This Week In Security:Malicious Previews, VNC Vulnerabilities, Powerwall, And The 5th Amendment”

DSP Spreadsheet: Talking To Yourself Using IQ

We’ve done quite a bit with Google Sheets and signal processing: we’ve generated signals, created filters, and computed quadrature signals. We can pull all that together into an educational model for two SDRs talking to each other, but it’s going to require two parts: modulation and demodulation. Guess what? We can do that with a spreadsheet.

The first step is to generate a reference clock for the carrier. You’ll need a cosine wave (I) and sine wave (Q). Of course, you also need the time base. That’s columns A-C in the spreadsheet and works like other signal generation we’ve seen.

Continue reading “DSP Spreadsheet: Talking To Yourself Using IQ”