FOSDEM 2023: An Open-Source Conference, Literally

March 1, 2023 by Arya Voronova 6 Comments

Every year, on the first weekend of February, a certain Brussels university campus livens up. There, you will find enthusiasts of open-source software and hardware alike, arriving from different corners of the world to meet up, talk, and listen. The reason they all meet there is the conference called FOSDEM, a long-standing open-source software conference which has been happening in Belgium since 2000. I’d like to tell you about FOSDEM because, when it comes to conferences, FOSDEM is one of a kind.

FOSDEM is organized in alignment with open-source principles, which is to say, it reminds me of an open-source project itself. The conference is volunteer-driven, with a core of staff responsible for crucial tasks – yet, everyone can and is encouraged to contribute. Just like a large open-source effort, it’s supported by university and company contributions, but there’s no admission fees for participants – for a conference, this means you don’t have to buy a ticket to attend. Last but definitely not least, what makes FOSDEM shine is the community that it creates.

FOSDEM’s focus is open software – yet, for hackers of the hardware world, you will find a strong hardware component to participate in, since a great number of FOSDEM visitors are either interested in hardware, or even develop hardware-related things day-to-day. It’s not just that our hardware can’t live without software, and vice-versa – here, you will meet plenty of pure software, a decent amount of pure hardware, and a lot of places where the two worlds are hard to distinguish. All in all, FOSDEM is no doubt part of hacker culture in Europe, and today, I will tell you about my experience of FOSDEM 2023. Continue reading “FOSDEM 2023: An Open-Source Conference, Literally” →

Tiny11 Makes Windows 11 Small

February 21, 2023 by Al Williams 81 Comments

If you often spin up a virtual machine just to run Windows, you might be sad that you have to allocate so much space for it. The Tiny11 project provides a Windows 11 installer that strips and compresses a bare minimum system do under 8GB of space. We aren’t sure what the licensing aspects of it all mean, but there are a few things you need to know. You can see a video about the project below.

The installer requires you to activate Windows, so that’s probably a good thing from a legal standpoint. Besides being compressed, the installer, based on Window 11 Pro 22H2, removes sponsored applications and Teams. It does, however, have the component installer and the Microsoft store, so you can add back things you want that aren’t in the default install.

Continue reading “Tiny11 Makes Windows 11 Small” →

SUPERCON 2022: Kuba Tyszko Cracks Encrypted Software

February 21, 2023 by Dave Rowntree 5 Comments

[Kuba Tyszko] like many of us, has been hacking things from a young age. An early attempt at hacking around with grandpa’s tractor might have been swiftly quashed by his father, but likely this was not the last such incident. With a more recent interest in cracking encrypted applications, [Kuba] gives us some insights into some of the tools at your disposal for reading out the encrypted secrets of applications that have something worth hiding. (Slides here, PDF.)

There may be all sorts of reasons for such applications to have an encrypted portion, and that’s not really the focus. One such application that [Kuba] describes was a pre-trained machine-learning model written in the R scripting language. If you’re not familiar with R, it is commonly used for ‘data science’ type tasks and has a big fan base. It’s worth checking out. Anyway, the application binary took two command line arguments, one was the encrypted blob of the model, and the second was the path to the test data set for model verification.

The first thing [Kuba] suggests is to disable network access, just in case the application wants to ‘dial home.’ We don’t want that. The application was intended for Linux, so the first port of call was to see what libraries it was linked against using the ldd command. This indicated that it was linked against OpenSSL, so that was a likely candidate for encryption support. Next up, running objdump gave some clues as to the various components of the binary. It was determined that it was doing something with 256-bit AES encryption. Now after applying a little experience (or educated guesswork, if you prefer), the likely scenario is that the binary yanks the private key from somewhere within itself reads the encrypted blob file, and passes this over to libssl. Then the plaintext R script is passed off to the R runtime, the model executes against the test data, and results are collated.

[Kuba]’s first attack method was to grab the OpenSSL source code and drop in some strategic printf() function calls into the target functions. Next, using the LD_PRELOAD ‘trick’ the standard system OpenSSL library was substituted with the ‘fake’ version with the trojan printfs. The result of this was the decryption function gleefully sending the plaintext R script direct to the terminal. No need to even locate the private key!

Continue reading “SUPERCON 2022: Kuba Tyszko Cracks Encrypted Software” →

Image from the paper with items a-d. a) Schematic of the EC navigation system integrated with a smart contact lens consisting of GPS receiver module, Arduino UNO as a processor, and PB display. b) Photograph of contact lens placed on the 3D printed replica eyeball. c) Camera setup of the navigation system on the dashboard of a car. d) Driving schemes updating the direction signal: (1–4) images show the four cases of operational principles used in the navigation system. Based on 0.2 V applied to the common pin, 0 V (off-state) and 0.7 V (on-state) are applied alternately in 5 WEs, and operating voltages with relative voltages of −0.2 V and 0.5 V are obtained (From the figure reads left to right: the name of 6 pins used in the system, their on–off status, the applied voltage, and relative voltage). Scale bar is 2 mm.

Smart Contact Lenses Tell You Where To Go

February 15, 2023 by Navarre Bartz 26 Comments

Augmented Reality (AR) promises to relieve us from from the boredom of mundane reality and can also help you navigate unfamiliar environments. Current AR tech leaves something to be desired, but researchers at the Korea Electrotechnology Research Institute have brought AR contact lenses closer to actual reality.

The researchers micro-printed FeFe(CN)₆ ink onto the contact substrate and thermally reduced it at 120˚C for nine seconds to form Prussian Blue, an electrochromic pigment. By confining the material with the meniscus of the ink, resolution was better than previous techniques to display data on contact lenses. While the ability to reversibly change from clear to blue faded after 200 cycles, the researchers were targeting a disposable type of smart contact lens, so degradation of the display wasn’t considered a deal breaker.

Since voltages applied were constant, it seems this isn’t a true bi-stable display like e-ink where power is only required to change states. The on condition of a section required 0.5 V while off was -0.2 V. The researchers printed a contact with straight, left, and right arrows as well as STOP and GO commands. Connected to a GPS-equipped Arduino Uno, they used it to navigate between ten different checkpoints as a demonstration. Only a 3D printed eyeball was brave enough (or had IRB approval) to wear the contact lens, so watching the state change through a macro lens attached to a smartphone camera had to do.

With more AR devices on the way, maybe it’s time to start embedding household objects with invisible QR codes or cleaning your workshop to get ready for your AR workbench.

Parametric Press Unravels The JPEG Format

February 14, 2023 by Dave Rowntree 5 Comments

This is the first we’ve heard of Parametric Press — a digital magazine with some deep dives into a variety of subjects (such as particle physics, “big data” and such) that have interactive elements or simulations of various types embedded within each story.

The first one that sprung up in our news feed is a piece by [Omar Shehata] on the humble JPEG image format. In it, he explains the how and why of the JPEG encoding process, allowing the reader to play with the various concepts along the way, in real time, within the browser.

RGB colour-space subsampling doesn’t affect each component to the same degree due to the human eye cone cell response. Also, the chroma components are much less affected than the luminance.

For those not familiar with the format, the first step (which is actually optional) to JPEG encoding is to transform the image from the RGB color space, into a YCbCr (luminance, chrominance) color space. Since the human eye is far more sensitive to luminance (brightness) differences than it is to Cb (chroma relative blueness) and Cr (chroma relative redness) differences, these latter two components can be subsampled by only storing a single value for each, in every 2×2 pixel matrix. JPEG allows other matrix sizes, but 2×2 is the most common.

This sets the scene for the clever bit, that comes next and allows more of that harder-to-perceive chroma information to be discarded. It’s fun to play with the chroma sub-sampling slider and see how the different colours are not equally affected, due to the relative sensitivities of the human eye cone cells.

Next, the three YCbCr components are treated independently to a discrete cosine transform and quantization. This transforms each 8×8 pixel block into 64 discrete spatial frequencies. The JPEG compression level (which you can change) affects how many of the upper-frequency components get discarded, and thus how much of the fine spatial detail gets discarded. This is the main source of JPEG image quality loss. Finally, the compressed blocks are delta encoded, where each subsequent block is coded as the difference from the previous one. Like chroma subsampling, this doesn’t offer any compression on its own but allows the subsequent run-length encoding to be more effective, giving more (lossless) compression. Finally, the whole lot is then Huffman compressed with a unique table stored in the JPEG header. So want to play with JPEGs some more? here’s the GitHub source.

If all of this theoretical stuff is a bit useless to you, perhaps you just want to decode some JPEGs, then here is a speedy library for just that.

GhostSCAD: Marrying OpenSCAD And Golang

February 12, 2023 by Dave Rowntree 18 Comments

It’s been at least a couple of months since we’ve seen a different 3D modeling language project, so here’s [Lukasz Janyst] with GhostSCAD: a take on creating OpenSCAD models, using the Go language as the front end, bringing all the delights this modern modular language has to offer (and a few of its own idiosyncrasies.) As [Lukasz] says in the blog, from a programmer’s viewpoint, openSCAD has a number of failings that make it not necessarily hard, just kinda annoying to work with, due to the way the geometry tree works. The OpenSCAD way of working ends up with the programmer requiring knowledge of the internal workings of sub-modules, in order to work at the top level (assembly) which is not an ideal situation from a code reuse perspective.

A programmer would describe this problem as “abstraction leakage” and it doesn’t make modular, reusable coding easy to do without a lot of extra work. [Lukasz] says regarding the example GhostSCAD project, that some parts were modeled in a way that knowledge was needed of some mounting points of sub-modules, but those sub-modules had no way to expose this information to the outside world. GhostSCAD enables the programmer to define parts that expose specific parameters to the world that can be queried, for example, to produce a joining part, or an exploded assembly diagram. These properties can be interpreted without the querying module having any knowledge of the internal structure of the thing it’s working with. GhostSCAD provides a Java3D-like API for defining the geometry tree, which may be familiar to some.