There was certainly no shortage of unique computers on display at the 2021 Vintage Computer Festival East; that’s sort of the point. But even with the InfoAge Science and History Museum packed to the rafters with weird and wonderful computing devices stretching back to the very beginning of the digital age, Alastair Hewitt’s Novasaur was still something of an oddity.
In fact, unless you knew what it was ahead of time, you might not even recognize it as a computer. Certainly not a contemporary one, anyway. There’s nothing inside its Polycase ZN-40 enclosure that looks like a modern CPU, a bank of RAM, or a storage device. Those experienced with vintage machines would likely recognize the tight rows of Advanced Schottky TTL chips as the makings of some sort of computer that predates the 8-bit microprocessor, but its single 200 mm x 125 mm (8 in x 5 in) board seems far too small when compared to the 1970s machines that would have utilized such technology. So what is it?
Inspired by projects such as the Gigatron, Alastair describes the Novasaur as a “full-featured personal computer” built using pre-1980 components. In his design, 22 individual ICs stand in for the computer’s CPU, and another 12 are responsible for a graphics subsystem that can push text and bitmapped images out over VGA at up to 416 x 240. It has 512 K RAM, 256 K ROM, and is able to emulate the Intel 8080 fast enough to run CP/M and even play some early 80s PC games.
Often, when we think of long-endurance flights, our first thoughts jump to military operations. Big planes with highly-trained crew will fly for long periods, using air-to-air refuelling to stay aloft for extended periods.
However, many of the longest duration flights have been undertaken as entirely civilian operations. The longest of all happened to be undertaken by that most humble of aircraft, the Cessna 172. From December 1958 to February 1959, Bob Timm and John Cook set out to make history. The duo remained aloft for a full 64 days, 22 hours and 19 minutes,setting a record that stands to this day.
A Test of Endurance
One might expect that such an effort was undertaken to push the envelope or to strike new ground in the world of aerospace engineering. However, the real truth is that Bob Timm was a slot machine mechanic and former bomber pilot who worked at the Hacienda casino in Las Vegas. Proprietor Doc Bailey was always on the hunt for promotional ideas, and Timm pitched his boss that a record attempt in a plane bearing the casino’s branding would be a good way to go. Bailey agreed, and committed $100,000 to the effort.
Modifications to prepare the aircraft for the stunt took the best part of a year. The pint-sized Cessna was fitted with a 95-gallon belly tank, paired with a electric pump that could transfer fuel to the main wing tanks as needed. Special plumbing was also added that would allow the engine oil and filters to be changed while the engine was still running.
Are you writing your code for humans or computers? I wasn’t there, but my guess is that at the dawn of computing, people thought that they were writing for the machines. After all, they were writing in machine language, and whatever bits they flipped into the electronic brain stayed in the electronic brain, unless punched out on paper tape. And the commands made the machine do things, not other people. Code was written strictly for computers.
Modern programming practice, on the other hand, is aimed firmly at people. Variable and function names are chosen to be long and to describe what they contain or do. “Readability” of code is a prized attribute. Indeed, sometimes the fact that it does the right thing at all almost seems to be an afterthought. (I kid!)
Somewhere along this path, there was an important evolutionary step, like the first fish using its flippers to walk on land. Comments were integrated into programming languages, formalizing the notes that coders of old surely wrote by hand in the margins of the paper first-drafts before keying it in. So I went looking for the missing link: the first computer language, and ideally the first program, with comments. I came up empty handed.
Or rather full handed. Every computer language that I could find had comments from the beginning. FORTRAN had comments, marked by a “C” as the first character in a line. APL had comments, marked by the bizarro rune ⍝. Even the custom language written for the Apollo 11 guidance computers had comments — the now-commonplace “#”. I couldn’t find an early programming language without comments.
My guess is that the first language with a comment must have been an assembly language, because I don’t know of any machines with a native comment instruction. (How cool and frivolous would that be?)
Assemblers simply translate mnemonic names to their machine instruction counterparts, but this gives them the important freedom to ignore anything starting with, traditionally, a semicolon. Even though you’re just transferring the contents of register X to the memory location pointed to in register Y, you can write that you’re “storing the height above ground (meters)” in the comments.
The crucial evolutionary step, though, is saving the comments along with the code. Simply ignoring everything that comes after the semicolon and throwing it away doesn’t count. Does anyone know? What was the first code to include comments as part of the code itself, and not simply as marginalia?
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.
Want this type of article to hit your inbox every Friday morning? You should sign up!
For a happy weekend away in early September, I joined a few of my continental friends for the NewLine event organised by Hackerspace Gent in Belgium. You may have seen some of the resulting write-ups here, and for me the trip is as memorable for the relaxing weekend break it gave me in a mediaeval city as it is for the content of the talks and demonstrations. We took full advantage of the warm weather to have some meals out on café terraces, and it was on the way to one of them that my interest was captured by something unexpected. There at the end of the street was a cannon, not the normal-size cannon you’ll see tastefully arranged around historical military sites the world over, but a truly massive weapon. I had stumbled upon Dulle Griet, one of very few surviving super-sized 15th century siege cannons. It even had a familiar feel to it, being a sister to the very similar Mons Meg at Edinburgh Castle in Scotland.
The government of Argentina has a national ID card system, and as a result maintains a database containing data on every citizen in the country. What could possibly go wrong? Predictably, an attacker has managed to gain access to the database, and is offering the entire dataset for sale. The Argentinian government has claimed that this wasn’t a mass breach, and only a handful of credentials were accessed. This seems to be incorrect, as the seller was able to provide the details of an arbitrary citizen to the journalists investigating the story.
Patch Tuesday
Microsoft has released their monthly round of patches for October, and there are a couple doozies. CVE-2021-40486 is an RCE in Microsoft Word, and this flaw can trigger via the preview pane. CVE-2021-38672 and CVE-2021-40461 are both RCE vulnerabilities in Hyper-V. And finally, CVE-2021-40449 is a privilege upgrade actively being used in the wild, more on that in a moment. Oh, and you thought the Print Nightmare was over? CVE-2021-36970 is yet another print spooler vulnerability. The unfortunate thing about the list of Microsoft vulnerabilities is that there is hardly any information available about them.
On the other hand, Apple just patched CVE-2021-30883, a 0-day that’s being actively exploited in iOS. With the release of the fix, [Saar Amar] has put together a very nice explanation of the bug with PoC. It’s a simple integer overflow when allocating a buffer, leading to an arbitrary memory write. This one is particularly nasty, because it’s not gated behind any permissions, and can be triggered from within app sandboxes. It’s being used in the wild already, so go update your iOS devices now.
Kaspersky brings us a report on a CVE-2021-40449 being used in the wild. It’s part of an attack they’re calling MysterySnail, and seems to originate from IronHusky out of China. The vulnerability is a use-after-free, and is triggered by making a the ResetDC API call that calls its own callback. This layer of recursive execution results in an object being freed before the outer execution has finished with it.
Since the object can now be re-allocated and controlled by the attacker code, the malformed object allows the attacker to run their code in kernel space, achieving privilege escalation. This campaign then does some data gathering and installs a Remote Access Trojan. Several Indicators of Compromise are listed as part of the write-up.
Off to the Races
Google’s Project Zero is back with a clever Linux Kernel hack, an escalation of privilege triggered by a race condition in the pseudoterminal device. Usually abbreviated PTY, this kernel device can be connected to userspace applications on both ends, making for some interesting interactions. Each end has a struct that reflects the status of the connection. The problem is that TIOCSPGRP, used to set the process group that should be associated with the terminal, doesn’t properly lock the terminal’s internal state.
As a result, calling this function on both sides at the same time is a race condition, where the reference count can be corrupted. Once the reference count is untrustworthy, the whole object can be freed, with a dangling pointer left in the kernel. From there, it’s a typical use-after-free bug. The post has some useful thoughts about hardening a system against this style of attack, and the bug was fixed December 2020.
AI vs Pseudorandom Numbers
[Mostafa Hassan] of the NCC Group is doing some particularly fascinating research, using machine learning to test pseudorandom number generators. In the first installment, he managed to break the very simple xorshift128 algorithm. Part two tackles the Mersenne Twister, which also falls to the neural network. Do note that neither of these are considered cryptographic number generators, so it isn’t too surprising that a ML model can determine their internal state. What will be most interesting is the post to come, when he tackles other algorithms thought to be secure. Watch for that one in a future article.
L0phtcrack Becomes Open Source
In a surprise to me, the L0phtcrack tool has been released as open source. L0phtcrack is the password cracking/auditing tool created by [Mudge] and company at L0pht Heavy Industries, about a billion years ago. Ownership passed to @stake, which was purchased by Symantec in 2004. Due to export regulations, Symantec stopped selling the program, and it was reacquired by the original L0pht team.
In April 2020, Terahash announced that they had purchased rights to the program, and began selling and supporting it as a part of their offerings. Terahash primarily builds GPU based cracking hardware, and has been hit exceptionally hard by the chip shortage. As a result of Terahash entering bankruptcy protection, the L0phtcrack ownership has reverted back to L0pht, and version 7.2.0 has been released as Open Source.
I recently started using a 50-year-old vacuum-seal flask that belonged to my Grandpa so that I don’t have to leave the dungeon as often to procure more caffeine. Besides looking totally awesome on my side desk, this thing still works like new, at least as far as I can tell — it’s older than I am.
Of course this got me to wondering how exactly vacuum-seal flasks, better known in household circles as Thermoses work, and how they were invented. The vacuum-seal flask is surprisingly old technology. It was first invented by Scottish chemist Sir James Dewar and presented to the Royal Institute in 1892. Six years later, he would be the first person to liquefy hydrogen and is considered a founding father of cryogenics. Continue reading “The Incredible Tech Of The Vacuum-Seal Flask”→
If you or someone you know is diabetic, it is a good bet that a glucose meter is a regular fixture in your life. They are cheap and plentiful, but they are actually reasonably high tech — well, at least parts of them are.
The meters themselves don’t seem like much, but that’s misleading. A battery, a few parts, a display, and enough of a controller to do things like remember readings appears to cover it all. You wouldn’t be surprised, of course, that you can get the whole affair “on a chip.” But it turns out, the real magic is in the test strip and getting a good reading from a strip requires more metrology than you would think. A common meter requires a precise current measurement down to 10nA. The reading has to be adjusted for temperature, too. The device is surprisingly complex for something that looks like a near-disposable piece of consumer gear.
Of course, there are announcements all the time about new technology that won’t require a needle stick. So far, none of those have really caught on for one reason or another, but that, of course, could change. GlucoWatch G2, for example, was a watch that could read blood glucose, but — apparently — was unable to cope with perspiration.
For the purposes of this article, I’m only going to talk about the traditional meter: you insert a test strip, prick your finger, and let the test strip soak up a little bit of blood.