The Dark Side Of Package Repositories: Ownership Drama And Malware

At their core, package repositories sound like a dream: with a simple command one gains access to countless pieces of software, libraries and more to make using an operating system or developing software a snap. Yet the rather obvious flip side to this is that someone has to maintain all of these packages, and those who make use of the repository have to put their faith in that whatever their package manager fetches from the repository is what they intended to obtain.

How ownership of a package in such a repository is managed depends on the specific software repository, with the especially well-known JavaScript repository NPM having suffered regular PR disasters on account of it playing things loose and fast with package ownership. Quite recently an auto-transfer of ownership feature of NPM was quietly taken out back and erased after Andrew Sampson had a run-in with it painfully backfiring.

In short, who can tell when a package is truly ‘abandoned’, guarantee that a package is free from malware, and how does one begin to provide insurance against a package being pulled and half the internet collapsing along with it?

Continue reading “The Dark Side Of Package Repositories: Ownership Drama And Malware”

New Engines Could Propel The B-52 Beyond Its 100th Birthday

First taking to the skies in April 1952, and introduced into the US Air Force in 1955, the B-52 Stratofortress has since become a mainstay of American air power. Originally developed as a nuclear bomber to carry out the critical deterrence role, changing realities saw it delivering solely conventional munitions in actual operations.

Of 744 B-52s originally built, 76 remain in service with the Air Force and Air Force Reserve. This fleet is set to go on flying beyond the type’s 100th birthday, into 2050 and beyond. To reach that milestone, a new engine package will be key to keeping these birds in the air.

Continue reading “New Engines Could Propel The B-52 Beyond Its 100th Birthday”

Hackaday Links Column Banner

Hackaday Links: September 5, 2021

Good news from Jezero crater as the Mars rover Perseverance manages to accomplish for the first time what it was sent to do: collect and cache core samples from rocks. Space buffs will no doubt recall that Perseverance’s first attempt at core sampling didn’t go as planned — the rock that planetary scientists selected ended up being too soft, and the percussive coring bit just turned the core sample into powder. The latest attempt went exactly as planned: the cylindrical coring bit made a perfect cut, the core slipped into the sample tube nested inside the coring bit, and the core broke off cleanly inside the sample tube when it was cammed off-axis. Operators were able to provide visible proof that the core sample was retained this time using the Mastcam-Z instrument, which clearly shows the core in the sample tube. What’s neat is that they then performed a “percuss to ingest” maneuver, where the coring bit and sample tube are vibrated briefly, so that the core sample and any dust grains left around the sealing rim slide down into the sample tube. The next step is to transfer the sample tube to the belly of the rover where it’ll be hermetically sealed after some basic analysis.

Did any Android users perhaps oversleep this week? If you did, you’re not alone — lots of users of the Google Clock app reported that their preset alarms didn’t go off. Whether it was an actual issue caused by an update or some kind of glitch is unclear, but it clearly didn’t affect everyone; my phone mercilessly reminded me when 6:00 AM came around every day last week. But it apparently tripped up some users, to the point where one reported losing his job because of being late for work. Not to be judgmental, but it seems to me that if your job is so sensitive to you being late, it might make sense to have a backup alarm clock of some sort. We all seem to be a little too trusting that our phones are going to “just work,” and when they don’t, we’re surprised and appalled.

There seem to be two kinds of people in the world — those who hate roller coasters, and those who love them. I’m firmly in the latter camp, and will gladly give any coaster, no matter how extreme, a try. There have been a few that I later regretted, of course, but by and large, the feeling of being right on the edge of bodily harm is pretty cool. Crossing over the edge, though, is far less enjoyable, as the owners of an extreme coaster in Japan are learning. The Dodon-pa coaster at the Fuji-Q Highland amusement park is capable of hitting 112 miles (180 km) per hour and has racked up a sizable collection of injuries over the last ten months, including cervical and thoracic spine fractures. The ride is currently closed for a safety overhaul; one has to wonder what they’re doing to assess what the problem areas of the ride are. Perhaps they’re sending crash test dummies on endless rides to gather data, a sight we’d like to see.

And finally, you may have thought that phone phreaking was a thing of the past; in a lot of ways, you’d be right. But there’s still a lot to be learned about how POTS networks were put together, and this phone switch identification guide should be a big help to any phone geeks out there. Be ready to roll old school here — nothing but a plain text file that describes how to probe the switch that a phone is connected just by listening to things like dial tones and ring sounds. What’s nice is that it describes why the switches sound the way they do, so you get a lot of juicy technical insights into how switches work.

Image of detonation engine firing

Japanese Rocket Engine Explodes: Continuously And On Purpose

Liquid-fuelled rocket engine design has largely followed a simple template since the development of the German V-2 rocket in the middle of World War 2. Propellant and oxidizer are mixed in a combustion chamber, creating a mixture of hot gases at high pressure that very much wish to leave out the back of the rocket, generating thrust.

However, the Japan Aerospace Exploration Agency (JAXA) has recently completed a successful test of a different type of rocket, known as a rotating detonation engine. The engine relies on an entirely different method of combustion, with the aim to produce more thrust from less fuel. We’ll dive into how it works, and how the Japanese test bodes for the future of this technology.

Deflagration vs. Detonation

Humans love combusting fuels in order to do useful work. Thus far in our history, whether we look at steam engines, gasoline engines, or even rocket engines, all these technologies have had one thing in common: they all rely on fuel that burns in a deflagration. It’s the easily controlled manner of slow combustion that we’re all familiar with since we started sitting around campfires. Continue reading “Japanese Rocket Engine Explodes: Continuously And On Purpose”

Pulling the Google logo off of a smartphone

Pining For A De-Googled Smartphone

Last summer in the first swings of the global pandemic, sitting at home finally able to tackle some of my electronics projects now that I wasn’t wasting three hours a day commuting to a cubicle farm, I found myself ordering a new smartphone. Not the latest Samsung or Apple offering with their boring, predictable UIs, though. This was the Linux-only PinePhone, which lacks the standard Android interface plastered over an otherwise deeply hidden Linux kernel.

As a bit of a digital privacy nut, the lack of Google software on this phone seemed intriguing as well, and although there were plenty of warnings that this was a phone still in its development stages it seemed like I might be able to overcome any obstacles and actually use the device for daily use. What followed, though, was a challenging year of poking, prodding, and tinkering before it got to the point where it can finally replace an average Android smartphone and its Google-based spyware with something that suits my privacy-centered requirements, even if I do admittedly have to sacrifice some functionality.

Continue reading “Pining For A De-Googled Smartphone”

So How Does A Rocket Fly Sideways, Anyway?

It’s often said that getting into orbit is less about going up, and more about going sideways very fast. So in that sense, the recent launch conducted by aerospace startup Astra could be seen as the vehicle simply getting the order of operations wrong. Instead of going up and then burning towards the horizon, it made an exceptionally unusual sideways flight before finally moving skyward.

As you might expect, the booster didn’t make it to orbit. But not for lack of trying. In fact, that the 11.6 meter (38 feet) vehicle was able to navigate through its unprecedented lateral maneuver and largely correct its flight-path is a testament to the engineering prowess of the team at the Alameda, California based company. It’s worth noting that it was the ground controller’s decision to cut the rocket’s engines once it had flown high and far enough away to not endanger anyone on the ground that ultimately ended the flight; the booster itself was still fighting to reach space until the very last moment.

Astra’s rocket on the launch pad.

There’s a certain irony to the fact that this flight, the third Astra has attempted since their founding in 2016, was the first to be live streamed to YouTube. Had the company not pulled back their usual veil of secrecy, we likely wouldn’t have such glorious high-resolution footage of what will forever be remembered as one of the most bizarre rocket mishaps in history. The surreal image of the rocket smoothly sliding out of frame as if it was trying to avoid the camera’s gaze has already become a meme online, arguably reaching a larger and more diverse audience than would have resulted from a successful launch. As they say, there’s no such thing as bad press.

Naturally, the viral clip has spurred some questions. You don’t have to be a space expert to know that the pointy end of the rocket is usually supposed to go up, but considering how smooth the maneuver looks, some have even wondered if it wasn’t somehow intentional. With so much attention on this unusual event, it seems like the perfect time to take a close look at how Astra’s latest rocket launch went, quite literally, sideways.

Continue reading “So How Does A Rocket Fly Sideways, Anyway?”

Reporting From BornHack 2021: Hacker Camps Making It Through The Pandemic

In a normal summer we would be spoiled for choice here in Europe when it came to our community’s events, with one big camp and a host of smaller ones near and far. Only the most hardcore of travelers manage to make it to all of them, but it’s usually possible to take in at least one or two over the season. But of course, this isn’t a normal summer. Many of us may now be vaccinated against COVID-19, but we remain in the grip of a global pandemic. The massive Dutch MCH camp was postponed until 2022, and most of the smaller camps have fallen by the wayside due to uncertainty. But one hacker camp carried on.

BornHack in Denmark was the world’s only in-person summer hacker event of 2020, and on its return last week made it the only such event in Europe for 2021. Having secured a ticket earlier in the year when they went on sale, I navigated the tricky world of cross-border European travel in a pandemic to make my way to the Hylkedam scout camp on the Danish isle of Fyn for a week in the company of hackers from all over Northern Europe. BornHack had achieved the impossible again, and it was time to enjoy a much-needed week at a hacker camp.

Continue reading “Reporting From BornHack 2021: Hacker Camps Making It Through The Pandemic”