The Sunspots Are Coming (Again)

December 1, 2023 by Jenny List 5 Comments

There are a bunch of ways to estimate the age of a radio amateur, by the letters in their callsign, by their preferred choice of homebrewing technology, or sometimes by their operating style. One that perhaps doesn’t immediately come to mind is to count how many solar cycles they remember, and since the current cycle 25 is my fourth I guess I’ve seen a few. Cycle 25 is so far shaping up to be quite an active one especially of late, which popular media are describing as bombarding us with flares from a “sunspot archipelago” and the more measured tones of spaceweather.com giving us warning of X-class flares heading in our direction, today!

Jean-Claude Roy, VP, Hydro Quebec — We wouldn’t be this guy for anything. From CBC’s coverage of the 1989 power outage.

As the technology for solar observation has increased in sophistication and the Internet has allowed anyone to follow the events above us as they unfold, the awareness of solar phenomena has shifted away from the relatively small numbers of astronomers and radio amateurs who would once have been eagerly awaiting a solar cycle to a wider audience. Ever since a particularly severe event in March 1989 during cycle 22 caused disruptions including the blackout of a significant part of Canada it’s been a periodic topic of mild doom in slow news moments. But what lies behind the reports of solar activity? Perhaps it’s time to take a look.

The solar cycle refers to the 11-year period of solar activity from a maximum of observed sunspots through a minimum to a new maximum. The sunspots are the visible evidence of the solar magnetic field changing its polarity, and appear as darker areas where there is a greater strength of magnetic flux in the sun’s photosphere. We refer to solar cycles by number with solar cycle 1 occurring in 1755 because that year represents the earliest cycle which can be found in modern astronomical observation data, but previous cycles have been deduced over millennia through dendrochronology, sediment analysis, isotope observations, and other methods. Continue reading “The Sunspots Are Coming (Again)” →

Hackaday Podcast Episode 246: Bypassing Fingerprint Readers Is Easy, Killing Memory Chips Is Hard, Cell Phones Vs Sperm

December 1, 2023 by Dan Maloney No comments

It’s the week after Thanksgiving (for some of us) and if you’re sick of leftovers, you’re in luck as Elliot and Dan get together to discuss the freshest and best inter-holiday hacks. We’ll cue up the “Mission: Impossible” theme for a self-destructing flash drive with a surprising sense of self-preservation, listen in on ET only to find out it’s just a meteor, and look for interesting things to do with an old 3D printer. We’ll do a poking around a little in the basement at Tektronix, see how easy it is to spoof biometric security, and get into a love-hate relationship with both binary G-code and bowling balls with strings attached. What do you do with a box full of 18650s? Easy — make a huge PCB to balance them the slow way. Is your cell phone causing a population crisis? Is art real or AI? And what the heck is a cannibal CME? Tune in as we dive into all this and more.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 246: Bypassing Fingerprint Readers Is Easy, Killing Memory Chips Is Hard, Cell Phones Vs Sperm” →

This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints

December 1, 2023 by Jonathan Bennett 18 Comments

We’re back! And while the column took a week off for Thanksgiving, the security world didn’t. The most pressing news is an issue in Owncloud, that is already under active exploitation.

The problem is a library that can be convinced to call phpinfo() and include the results in the page response. That function reveals a lot of information about the system Owncloud is running on, including environment variables. In something like a Docker deployment, those environment variables may contain system secrets like admin username and password among others.

Now, there is a bit of a wrinkle here. There is a public exploit, and according to research done by Greynoise Labs, that exploit does not actually work against default installs. This seems to describe the active exploitation attempts, but the researcher that originally found the issue has stated that there is a non-public exploit that does work on default installs. Stay tuned for this other shoe to drop, and update your Owncloud installs if you have them. Continue reading “This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints” →

End Of An Era: Popular Science Shutters Magazine

November 30, 2023 by Tom Nardi 69 Comments

Just three years after the iconic magazine abandoned its print version and went all-digital, Popular Science is now halting its subscription service entirely. The brand itself will live on — their site will still run tech stories and news articles, and they have two podcasts that will keep getting new episodes — but no more quarterly releases. While you can’t complain too much about a 151 year run, it’s still sad to see what was once such an influential publication slowly become just another cog in the content mill.

Started as a monthly magazine all the way back in 1872, Popular Science offered a hopeful vision of what was over the horizon. It didn’t present a fanciful version of what the next 100 years would look like, but rather, tried to read the tea leaves of cutting edge technology to offer a glimpse of what the next decade or so might hold. Flip through a few issues from the 1950s and 60s, and you won’t see pulpy stories about humanity conquering the stars or building a time machine. Instead the editors got readers ready for a day when they’d drive cars with warbird-derived turbochargers, and enjoy more powerful tools once transistor technology allowed for widespread use of small brushless motors. It wasn’t just armchair engineering either, issues would often include articles written by the engineers and researchers that were on the front lines. Continue reading “End Of An Era: Popular Science Shutters Magazine” →

Falsified Photos: Fooling Adobe’s Cryptographically-Signed Metadata

November 30, 2023 by Adam Zeloof 34 Comments

Last week, we wrote about the Leica M11-P, the world’s first camera with Adobe’s Content Authenticity Initiative (CAI) credentials baked into every shot. Essentially, each file is signed with Leica’s encryption key such that any changes to the image, whether edits to the photo itself or the metadata, are tracked. The goal is to not only prove ownership, but that photos are real — not tampered with or AI-generated. At least, that’s the main selling point.

Although the CAI has been around since 2019, it’s adoption is far from widespread. Only a handful of programs support it, although this list includes Photoshop, and its unlikely anybody outside the professional photography space was aware of it until recently. This isn’t too surprising, as it really isn’t relevant to the casual shooter — when I take a shot to upload to Instagram, I’m rarely thinking about whether or not I’ll need cryptographic proof that the photo wasn’t edited — usually adding #nofilter to the description is enough. Where the CAI is supposed to shine, however, is in the world of photojournalism. The idea is that a photographer can capture an image that is signed at the time of creation and maintains a tamper-proof log of any edits made. When the final image is sold to a news publisher or viewed by a reader online, they are able to view that data.

At this point, there are two thoughts you might have (or, at least, there are two thoughts I had upon learning about the CAI)

Do I care that a photo is cryptographically signed?
This sounds easy to break.

Well, after some messing around with the CAI tools, I have some answers for you.

No, you don’t.
Yes, it is.

Continue reading “Falsified Photos: Fooling Adobe’s Cryptographically-Signed Metadata” →

Scope GUI Made Easier

November 29, 2023 by Al Williams 14 Comments

Last time, I assembled a Python object representing a Rigol oscilloscope. Manipulating the object communicates with the scope over the network. But my original goal was to build a little GUI window to sit next to the scope’s web interface. Had I stuck with C++ or even C, I would probably have just defaulted to Qt or maybe FLTK. I’ve used WxWidgets, too, and other than how many “extra” things you want, these are all easy enough to use. However, I had written the code in Python, so I had to make a choice.

Granted, many of these toolkits have Python bindings — PyQt, PySide, and wxPython come to mind. However, the defacto GUI framework for Python is Tkinter, a wrapper around Tk that is relatively simple to use. So, I elected to go with that. I did consider PySimpleGUI, which is, as the name implies, simple. It is attractive because it wraps tkinter, Qt, WxPython, or Remi (another toolkit), so you don’t have to pick one immediately. However, I decided to stay conservative and stuck with Tkinter. PySimpleGUI does have a very sophisticated GUI designer, though.

About Tkinter

The Tkinter toolkit lets you create widgets (like buttons, for example) and give them a parent, such as a window or a frame. There is a top-level window that you’ll probably start with. Once you create a widget, you make it appear in the parent widget using one of three layout methods:

Absolute or relative coordinates in the container
“Pack” to the top, bottom, left, or right of the container
Row and column coordinates, treating the container like a grid

The main window is available from the Tk() method:

import tkinter as tk
root=tk.Tk()
root.title('Example Program')
button=tk.Button(root, text="Goodbye!", command=root.destroy)
button.pack(side='left')
root.mainloop()

That’s about the simplest example. Make a button and close the program when you push it. The mainloop call handles the event loop common in GUI programs.

Continue reading “Scope GUI Made Easier” →

Ejector Seats: The Rocket Chairs That Save Lives

November 29, 2023 by Lewin Day 36 Comments

Once upon a time, escaping an aircraft was a tricky business. You had to unstrap yourself, fling open a heavy glass canopy, and try to wrench yourself out of a small opening without getting smacked by the tail or chopped up by the propeller. Many pilots failed this difficult task, to the tragic loss of their lives.

Eventually, the human cost was heavy enough and militaries grew strained at having to train new pilots to replace the experienced ones lost to accidents and enemy fire. The ejection seat was developed to make escaping a plane as simple as tucking yourself in and pulling a big red handle. Let’s dive in and learn how it came to be.

Continue reading “Ejector Seats: The Rocket Chairs That Save Lives” →