Hackaday Links Column Banner

Hackaday Links: November 6, 2022

Remember the chip shortage? We sure do, mainly because as far as we can tell, it’s still going on, at least judging by the fact that you can’t get a Raspberry Pi for love or money. But that must just be noise, because according to a report in the Straits Times, the chip shortage is not only over, it’s reversed course enough that there’s now a glut of semiconductors out there. The article claims that the root cause of this is slowing demand for products like smartphones, an industry that’s seeing wave after wave of orders to semiconductor manufacturers like TSMC canceled. Chips for PCs are apparently in abundance now too, as the spasm of panic buying machine for remote working during the pandemic winds down. Automakers are still feeling the pinch, though, so much so that Toyota is now shipping only one smart key with new cars, instead of the usual two. So there seems to be some way to go before balance is restored to the market, but whatever — just call us when Amazon no longer has to offer financing on an 8 GB Pi.

Continue reading “Hackaday Links: November 6, 2022”

This Week In Security: OpenSSL Fizzle, Java XML, And Nothing As It Seems

The security world held our collective breaths early this week for the big OpenSSL vulnerability announcement. Turns out it’s two separate issues, both related to punycode handling, and they’ve been downgraded to high severity instead of critical. Punycode, by the way, is the system for using non-ASCII Unicode characters in domain names. The first vulnerability, CVE-2022-3602, is a buffer overflow that writes four arbitrary bytes to the stack. Notably, the vulnerable code is only run after a certificate’s chain is verified. A malicious certificate would need to be either properly signed by a Certificate Authority, or manually trusted without a valid signature.

A couple sources have worked out the details of this vulnerability. It’s an off-by-one error in a loop, where the buffer length is checked earlier in the loop than the length variable is incremented. Because of the logic slip, the loop can potentially run one too many times. That loop processes the Unicode characters, encoded at the end of the punycode string, and injects them in the proper place, sliding the rest of the string over a byte in memory as a result. If the total output length is 513 characters, that’s a single character overflow. A Unicode character takes up four bytes, so there’s your four-byte overflow. Continue reading “This Week In Security: OpenSSL Fizzle, Java XML, And Nothing As It Seems”

M.2 For Hackers – Connectors

In the first M.2 article, I’ve described real-world types and usecases of M.2 devices, so that you don’t get confused when dealing with various cards and ports available out there. I’ve also designed quite a few M.2 cards and card-accepting adapters myself. And today, I’d like to tell you everything you need to know in order to build M.2 tech on your own.

There’s two sides to building with M.2 – adding M.2 sockets onto your PCBs, and building the PCBs that are M.2 cards. I’ll cover both of these, starting with the former, and knowing how to deal with M.2 sockets might be the only thing you ever need. Apart from what I’ll be describing, there’s some decent guides you can learn bits and pieces from, like the Sparkfun MicroMod design guide, most of which is MicroMod-specific but includes quite a few M.2 tips and tricks too.

First, Let’s Talk About The Y-Key

What could you do with a M.2 socket on your PCB? For a start, many tasty hobbyist-friendly SoMs and CPUs now have a PCIe interface accessible, and if you’re building a development board or a simple breakout, an M.2 socket will let you connect an NVMe SSD for all your high-speed low-power storage needs – many Raspberry Pi Compute Module mainboards have M.2 M-key sockets specifically for that, and there’s NVMe support in the RPi firmware to boot. Plus, you can always plug a full-sized PCIe adapter or an extender into such a socket and connect a PCIe network card or other much-needed device – even perhaps, an external GPU! However, as much as PCIe-equipped SoMs are tasty, they’re far from the only reason to use M.2 sockets.

Continue reading “M.2 For Hackers – Connectors”

MoCA Networking Is A Niche Solution For Coax Lovers

When it comes to networking these days, the vast majority of our devices are connected wirelessly. Beyond that, we’re all familiar with the Cat 5 and Cat 6 cables that form the high-capacity Ethernet networks in our homes, schools, and offices.

It’s only if you go back to the very dawn of Ethernet that coaxial cables are relevant… right? Wrong! MoCA networking is all about coaxial cables, designed to hook up devices over cable TV infrastructure!

Continue reading “MoCA Networking Is A Niche Solution For Coax Lovers”

A Raspberry Pi 3 with a black Raspberry Pi Camera PCB on top of it, looking at the camera taking this picture. There's a Jolly Wrencher in the background.

Make Your Pi Moonlight As A Security Camera

A decade ago, I was learning Linux through building projects for my own needs. One of the projects was a DIY CCTV system based on a Linux box – specifically, a user-friendly all-in-one package for someone willing to pay for it. I stumbled upon Zoneminder, and those in the know, already can tell what happened – I’ll put it this way, I spent days trying to make it work, and my Linux skills at the time were not nearly enough. Cool software like Motion was available back then, but I wasn’t up to the task of rolling an entire system around it. That said, it wouldn’t be impossible, now, would it?

Five years later, I joined a hackerspace, and eventually found out that its CCTV cameras, while being quite visually prominent, stopped functioning a long time ago. At that point, I was in a position to do something about it, and I built an entire CCTV network around a software package called MotionEye. There’s a lot of value in having working CCTV cameras at a hackerspace – not only does a functioning system solve the “who made the mess that nobody admits to” problem, over the years it also helped us with things like locating safety interlock keys to a lasercutter that were removed during a reorganization, with their temporary location promptly forgotten.

Being able to use MotionEye to quickly create security cameras became quite handy very soon – when I needed it, I could make a simple camera to monitor my bicycle, verify that my neighbours didn’t forget to feed my pets as promised while I was away, and in a certain situation, I could even ensure mine and others’ physical safety with its help. How do you build a useful always-recording camera network in your house, hackerspace or other property? Here’s a simple and powerful software package I’d like to show you today, and it’s called MotionEye.

Continue reading “Make Your Pi Moonlight As A Security Camera”

Bye Bye Linux On The 486. Will We Miss You?

A footnote in the week’s technology news came from Linus Torvalds, as he floated the idea of abandoning support for the Intel 80486 architecture in a Linux kernel mailing list post. That an old and little-used architecture might be abandoned should come as no surprise, it’s a decade since the same fate was meted out to Linux’s first platform, the 80386. The 486 line may be long-dead on the desktop, but since they are not entirely gone from the embedded space and remain a favourite among the retrocomputer crowd it’s worth taking a minute to examine what consequences if any there might be from this move.

Is A 486 Even Still A Thing?

Block diagram of the ZFx86 SoC
An entire 486 PC in a chip that only uses 1W, that would have been amazing in 1994!

The Intel 80486 was released in 1989, and was substantially an improved version of their previous 80386 line of 32-bit microprocessors with an on-chip cache, more efficient pipelining, and a built-in mathematical co-processor. It had a 32-bit address space, though in practice the RAM and motherboard constraints of the 1990s meant that a typical 486 system would have RAM in megabyte quantities. There were a range of versions in clock speeds from 16 MHz to 100 MHz over its lifetime, and a low-end “SX” range with the co-processor disabled. It would have been the object of desire as a processor on which to run WIndows 3.1 and it remained a competent platform for Windows 95, but by the end of the ’90s its days on the desktop were over. Intel continued the line as an embedded processor range into the 2000s, finally pulling the plug in 2007. The 486 story was by no means over though, as a range of competitors had produced their own take on the 486 throughout its active lifetime. The non-Intel 486 chips have outlived the originals, and even today in 2022 there is more than one company making 486-compatible devices. RDC produce a range of RISC SoCs that run 486 code, and according to the ZF Micro Solutions website they still boast of an SoC that is a descendant of the Cyrix 486 range. There is some confusion online as to whether DM&P’s Vortex86 line are also 486 derivatives, however we understand them to be descendants of Rise Technology’s Pentium clone. Continue reading “Bye Bye Linux On The 486. Will We Miss You?”

Linux Fu: Easy VMs

It wasn’t long ago that we looked at easily creating Docker containers from the command line so you could just easily spin up a virtual environment for development. Wouldn’t it be nice if you could do the same for virtual machines? You can. Using Multipass from Canonical, the makers of Ubuntu, you can easily spin up virtual machines under Linux, Mac, or Windows. Granted, most of the virtual machines in question are variations of Ubuntu, but there are some additional images available, and you can create your own.

Once you have it installed, starting up a new Ubuntu instance is trivial. If you have a set configuration, you can even set up predefined setups using a YAML file.

Continue reading “Linux Fu: Easy VMs”