The first round of the 2023 Hackaday Prize closes next Tuesday, March April 25th. If you’ve got an educational project – whether that’s a robot technique you just need to share, or an instructional radio build – you’ve got this weekend left to get your project into shape, whip up a Hackaday.io page in support, and enter. The top 10 projects get a $500 prize award, and a chance to win the big prizes in the final round. You want to get your project in now.
But there is still room for your project! And with the deadline closing in, your best bet at the $500 prize money relies on you burning a bit of the midnight oil this weekend, but Hackaday glory awaits those who do.
The Vintage Computer Festival East took place last weekend at the InfoAge Science and History Museum in New Jersey, and by any metric you care to use, it was a phenomenal success. Everyone you spoke with, from the the exhibitors and attendees, to the veteran volunteers who put this incredible show together, all said the same thing: they’d never seen a turnout like this before.
Of course, such success is not without cost. The exhibit rooms were so packed that moving through them was a challenge, the line to get food or browse the consignment area occasionally stretched outside the building, and at one point the event’s electronic payment system buckled under the pressure.
Some things are worth the wait.
Yet even the folks who waited the better part of an hour to rummage through boxes of dusty treasures, only to find themselves left standing with armfuls of heavy gear they couldn’t pay for until the technical issues were resolved couldn’t really complain. I should know, I was one of them. It would be like going to a concert and getting upset that the music was too loud — the event was advertised as a festival, and that’s exactly what it was.
No matter where you went, you’d find throngs of excited people who were eager to chat about the golden age of computing. So even if you were stuck in a long line, or had to step outside of the exhibit area to get some fresh air, you were always in excellent company. Seeing such a large and diverse number of people come out for what’s ultimately a niche event was exceptionally gratifying. At the end of the day, if the price we have to pay for this kind of community response is a few long lines and tight squeezes, it’s well worth it.
Each time I cover an event like this for Hackaday, I do so with the caveat that there’s really no substitute for being there in person. No matter how many articles you read and YouTube recaps you watch, you’ll never be able to see all the things you would have had you been able to walk the show floor yourself. It’s a bit like exploring the Moon or Mars: remotely controlled robots are capable of capturing terabytes of data and beaming it back to Earth, but even still, there’s the potential to learn so much more by putting boots on the ground.
The same is true of VCF East 2023 — what I bring you here is just the tip of the iceberg in terms of what was on display at this year’s event. On the other hand, you have the advantage of being able to peruse these images without having to stand in line. Is it worth the trade? Only you can be the judge of that. But for my money, I’ll gladly get back in line when VCF East 2024 rolls around.
Linux users have a lot of software to be proud of. However, there is the occasional Windows program that does something you’d really like to do and it just won’t run. This is especially true of low-level system programs. If you want to poke around your CPU and memory, for example, there are tons of programs for that under Windows. There are a few for Linux, but they aren’t always as complete or handy. Recently, I had half the memory in my main desktop fail and I wanted to poke around in the system. In particular, I wanted to read the information encoded in the memory chips configuration EEPROM. Should be easy, right? You’d think.
Not Really Easy
One nice tool a lot of Windows users have is CPU-Z. Of course, it doesn’t run on Linux, but there is a really nice imitator called CPU-X. You can probably install it from your repositories. However, the GitHub page is a nice stop if for no other reason than to enjoy the user name [TheTumultuousUnicornOfDarkness]. The program has a gtk or an ncurses interface. You don’t need to run it as root, but if you press the “start daemon” button and authenticate, you can see some extra information, including a tab for memory.
It’s been clear for a long time that the world has to move away from fossil energy sources. Decades ago, this seemed impractical, when renewable energy was hugely expensive, and we were yet to see much impact on the ground from climate change. Meanwhile, prices for solar and wind installations have come down immensely, which helps a lot.
Despite the rigorous process controls for factories, anyone who has worked on hardware can tell you that parts may look identical but are not the same. Everything from silicon defects to microscopic variations in materials can cause profoundly head-scratching effects. Perhaps one particular unit heats up faster or locks up when executing a specific sequence of instructions and we throw our hands up, saying it’s just a fact of life. But what if instead of rejecting differences that fall outside a narrow range, we could exploit those tiny differences?
This is where physically unclonable functions (PUF) come in. A PUF is a bit of hardware that returns a value given an input, but each bit of hardware has different results despite being the same design. This often relies on silicon microstructure imperfections. Even physically uncapping the device and inspecting it, it would be incredibly difficult to reproduce the same imperfections exactly. PUFs should be like the ideal version of a fingerprint: unique and unforgeable.
Because they depend on manufacturing artifacts, there is a certain unpredictability, and deciding just what features to look at is crucial. The PUF needs to be deterministic and produce the same value for a given specific input. This means that temperature, age, power supply fluctuations, and radiation all cause variations and need to be hardened against. Several techniques such as voting, error correction, or fuzzy extraction are used but each comes with trade-offs regarding power and space requirements. Many of the fluctuations such as aging and temperature are linear or well-understood and can be easily compensated for.
Broadly speaking, there are two types of PUFs: weak and strong. Weak offers only a few responses and are focused on key generation. The key is then fed into more traditional cryptography, which means it needs to produce exactly the same output every time. Strong PUFs have exponential Challenge-Response Pairs and are used for authenticating. While strong PUFs still have some error-correcting they might be queried fifty times and it has to pass at least 95% of the queries to be considered authenticated, allowing for some error. Continue reading “PUF Away For Hardware Fingerprinting”→
The dystopian future you’ve been expecting is here now, at least if you live in New York City, which unveiled a trio of technology solutions to the city’s crime woes this week. Surprisingly, the least terrifying one is “DigiDog,” which seems to be more or less an off-the-shelf Spot robot from Boston Dynamics. DigiDog’s job is to de-escalate hostage negotiation situations, and unarmed though it may be, we suspect that the mission will fail spectacularly if either the hostage or hostage-taker has seen Black Mirror. Also likely to terrify the public is the totally-not-a-Dalek-looking K5 Autonomous Security Robot, which is apparently already wandering around Times Square using AI and other buzzwords to snitch on people. And finally, there’s StarChase, which is based on an AR-15 lower receiver and shoots GPS trackers that stick to cars so they can be tracked remotely. We’re not sure about that last one either; besides the fact that it looks like a grenade launcher, the GPS tracker isn’t exactly covert. Plus it’s only attached with adhesive, so it seems easy enough to pop it off the target vehicle and throw it in a sewer, or even attach it to another car.
Arthur C. Clarke said that “Any sufficiently advanced technology is indistinguishable from magic”. He was a sci-fi writer, though, and not a security guy. Maybe it should read “Any sufficiently advanced tech has security flaws”. Because this is the story of breaking into a car through its headlight.
In a marvelous writeup, half-story, half CAN-bus masterclass, [Ken Tindell] details how car thieves pried off the front headlight of a friend’s Toyota, and managed to steal it just by saying the right things into the network. Since the headlight is on the same network as the door locks, pulling out the bulb and sending the “open the door” message repeatedly, along with a lot of other commands to essentially jam some other security features, can pull it off.
Half of you are asking what this has to do with Arthur C. Clarke, and the other half are probably asking what a lightbulb is doing on a car’s data network. In principle, it’s a great idea to have all of the electronics in a car be smart electronics, reporting their status back to the central computer. It’s how we know when our lights are out, or what our tire pressure is, from the driver’s seat. But adding features adds attack surfaces. What seems like magic to the driver looks like a gold mine to the attacker, or to car thieves.
With automotive CAN, security was kind of a second thought, and I don’t mean this uncharitably. The first goal was making sure that the system worked across all auto manufacturers and parts suppliers, and that’s tricky enough. Security would have to come second. And more modern cars have their CAN networks encrypted now, adding layers of magic on top of magic.
But I’m nearly certain that, when deciding to replace the simple current-sensing test of whether a bulb was burnt out, the engineers probably didn’t have the full cost of moving the bulb onto the CAN bus in mind. They certainly had dreams of simplifying the wiring harness, and of bringing the lowly headlight into the modern age, but I’d bet they had no idea that folks were going to use the headlight port to open the doors. Sufficiently advanced tech.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.
Want this type of article to hit your inbox every Friday morning? You should sign up!
