Hackaday Links Column Banner

Hackaday Links: August 25, 2024

August 25, 2024 by 8 Comments

The Sun has been remarkably active lately, so much so that it might have set a new sunspot record. According to the sun watchers at the Space Weather Prediction Center, on August 8, the Solar Dynamics Observatory snapped a picture that was positively bedazzled with sunspots. Counting methods vary, but one count put the sunspot number at a whopping 337 that day. That would be the largest number since 2001, during the peak of Solar Cycle 23. The sunspot number is highly correlated with solar storms and coronal mass ejections; more spots mean more magnetic activity and more chance for something to go very, very wrong. We’ve been pretty lucky so far with Solar Cycle 25; despite being much more active than the relatively lazy Cycle 24 and much stronger than predicted, most of this cycle’s outbursts have been directed away from Earth or only dealt us a glancing blow. Seeing all those spots, though, makes us think it’s only a matter of time before we get hit with something that does more than make pretty lights.

Continue reading “Hackaday Links: August 25, 2024”

Giving The Original Xbox 256 MB Of Memory

July 10, 2024 by 20 Comments

The original Xbox forever changed the console world, because it was basically just PC components laced together in a slightly different architecture. It featured a Pentium 733 MHz CPU with just 64MB of RAM. [Prehistoricman] has been hard at work, figuring out how to up that to 256MB instead.

This isn’t [Prehistoricman’s] first rodeo. Previously, he managed to up the Xbox’s RAM to 128 MB. To figure out how to go further, he had to figure out the addressing scheme. A datasheet for the Xbox’s original memory chip was a help in this regard, as was the envytools project and an Xbox source code leak.

A BIOS hack was needed to move the auto-precharge pin to free up more address pins for the higher memory space. Furthermore, the only available memory chips that were suitable used BGA packages, so a small PCB with castellated edges was needed to adapt the chip to the Xbox’s motherboard, which expects a TQFP package.

Ultimately, getting this hack to work involved a lot of bare-metal hacking. It also won’t help the performance of commercial games at all, as they were all designed within the limitations of the original console. Still, it’s impressive to see this now-ancient platform hacked to do more. It’s also hilarious to compare it with a contemporary PC, which could simply accept 256 MB of RAM by using additional memory slots. Video after the break.

Continue reading “Giving The Original Xbox 256 MB Of Memory”

PostmarketOS Now Boots On Over 250 Devices

June 17, 2024 by 42 Comments

Every year, as consumers gobble up the latest Android devices, more old, but perfectly serviceable, units end up collecting dust in drawers. Or worse, they end up getting tossed in the trash. One of the most promising tools we have to help keep these older devices useful is postmarketOS, a full-fledged Linux distribution that provides a flexible and up-to-date software environment on devices that might otherwise be stuck with some old and unsupported version of Google’s mobile operating system.

As of the latest update on the postmarketOS blog, the team has announced an exciting milestone: over 250 devices can now boot the stable release of the OS.

Now to be clear, not all devices will be fully functional. In fact, the blog post clarifies that some of them only barely boot. But it’s progress, and now that these semi-supported devices aren’t hidden behind a development version of the OS, it means more folks will be able to put them to use.

For example, if you want to turn your old smartphone into a low-energy headless webserver, it doesn’t really matter if its display, touchscreen, or speakers are supported. You just need it to boot into Linux and fire up an SSH server so you can get in and start working.

But support for new devices is just one of the additions in this new v24.06 release. The blog post also points out several notable software upgrades, including the move to the 6.x branch of KDE Plasma Mobile. This brings with it a long list of improvements and changes, including a rewritten homescreen with enhanced customization options. If you prefer a more minimal GUI, don’t worry. This new release also updates Sxmo, which provides a menu-driven interface for both touch screens and hardware controls.

Among the newly supported devices is a generic x86_64 image that should work on a wide array of PCs. While obviously there’s no shortage of Linux distros you could run on your old computer, being able to install postmarketOS on it is definitely helpful for development purposes. There’s also a new Tegra ARMv7 target which brings a number of new devices into the fold, such as the Google Nexus 7, and Microsoft Surface RT.

Looking to run postmarketOS on your own hardware? The best way to start is to check the Devices page and see how many of those old gadgets you’ve got collecting dust in a drawer are compatible.

IRCB S73-7 Satellite Found After Going Untracked For 25 Years

May 12, 2024 by 26 Comments

When the United States launched the KH-9 Hexagon spy satellite into orbit atop a Titan IIID rocket in 1974, it brought a calibration target along for the ride: the Infra-Red Calibration Balloon (IRCB) S73-7. This 66 cm (26 inch) diameter inflatable satellite was ejected by the KH-9, but failed to inflate into its intended configuration and became yet another piece of space junk. Initially it was being tracked in the 1970s, but vanished until briefly reappearing in the 1990s. Now it’s popped up again, twenty-five years later.

As noted by [Jonathan McDowell] who tripped over S73-7 in recent debris tracking data, it’s quite possible that it had been tracked before, but hidden in the noise as it is not an easy target to track. Since it’s not a big metallic object with a large radar cross-section, it’s among the more difficult signals to reliably pick out of the noise. As can be seen in [Jonathan]’s debris tracking table, this is hardly a unique situation, with many lost (XO) entries. This always raises the exciting question of whether a piece of debris has had its orbit decayed to where it burned up, ended up colliding with other debris/working satellite or simply has gone dark.

For now we know where S73-7 is, and as long as its orbit remains stable we can predict where it’ll be, but it highlights the difficulty of keeping track of the around 20,000 objects in Earth orbit, with disastrous consequences if we get it wrong.

256-Core RISC-V Megacluster

May 7, 2024 by 16 Comments

Supercomputers are always an impressive sight to behold, but also completely unobtainable for the ordinary person. But what if that wasn’t the case? [bitluni] shows us how it’s done with his 256-core RISC-V megacluster.

While the CH32V family of microcontrollers it’s based on aren’t nearly as powerful as what you’d traditionally find in a supercomputer, [bitluni] does use them to demonstrate a property of supercomputers: many, many cores doing the same task in parallel.

To recap our previous coverage, a single “supercluster” is made from 16 CH32V003 microcontrollers connected to each other with an 8-bit bus, with an LED on each and the remaining pins to an I/O expander. The megacluster is in turn made from 16 of these superclusters, which are put in pairs on 8 “blades” with a CH32V203 per square as a bridge between the supercluster and the main 8-bit bus of the megacluster, controlled by one last CH32V203.

[bitluni] goes into detail about designing PCBs that break KiCad, managing an overcrowded bus with 16 participants, culminating in a mesmerizing showcase of blinking LEDs showing that RC oscillators aren’t all that accurate.

Continue reading “256-Core RISC-V Megacluster”

This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256

March 29, 2024 by 1 Comment

The Linux command wall is a hold-over from the way Unix machines used to be used. It’s an abbreviation of Write to ALL, and it was first included in AT&T Unix, way back in 1975. wall is a tool that a sysadmin can use to send a message to the terminal session of all logged-in users. So far nothing too exciting from a security perspective. Where things get a bit more interesting is the consideration of ANSI escape codes. Those are the control codes that moves the cursor around on the screen, also inherited from the olden days of terminals.

The modern wall binary is actually part of util-linux, rather than being a continuation of the old Unix codebase. On many systems, wall runs as a setgid, so the behavior of the system binary really matters. It’s accepted that wall shouldn’t be able to send control codes, and when processing a message specified via standard input, those control codes get rejected by the fputs_careful() function. But when a message is passed in on the command line, as an argument, that function call is skipped.

This allows any user that can send wall messages to also send ANSI control codes. Is that really a security problem? There are two scenarios where it could be. The first is that some terminals support writing to the system clipboard via command codes. The other, more creative issue, is that the output from running a binary could be overwritten with arbitrary text. Text like:
Sorry, try again.
[sudo] password for jbennett:

You may have questions. Like, how would an attacker know when such a command would be appropriate? And how would this attacker capture a password that has been entered this way? The simple answer is by watching the list of running processes and system log. Many systems have a command-not-found function, which will print the failing command to the system log. If that failing command is actually a password, then it’s right there for the taking. Now, you may think this is a very narrow attack surface that’s not going to be terribly useful in real-world usage. And that’s probably pretty accurate. It is a really fascinating idea to think through, and definitively worth getting fixed. Continue reading “This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256”

Artist rendition of the Chandra telescope system in deep space. (Credit: NASA / James Vaughn)

The Chandra X-Ray Observatory Faces Shutdown In FY2025 Budget

March 18, 2024 by 30 Comments

The Chandra X-ray Observatory started its mission back in 1999 when Space Shuttle Columbia released it from its payload bay. Originally, it was supposed to serve only a five-year mission, but it has managed twenty-four years so far and counting, providing invaluable science along with the other Great Observatory: the Hubble Space Telescope. Unfortunately, NASA’s FY2025 budget now looks to threaten all space telescopes and Chandra in particular. This comes as part of the larger FY2025 US budget, which sees total funding for NASA increase by 2%, but not enough to prevent cuts in NASA’s space telescope operations.

NASA already anticipated this cut in 2023, with funding shifting to the Nancy Grace Roman Space Telescope (infrared spectrum, scheduled for 2027). Since Hubble is a joint operation with ESA, any shortfalls might be caught this way, but Chandra’s budget will go from 68.3M USD in FY2023 to 41.4M USD in FY2025 and from there plummeting to 5.2M USD by FY2029, effectively winding down the project and ending NASA’s flagship X-ray astronomy mission. This doesn’t sit well with everyone, with a website called Save Chandra now launched to petition the US government to save the observatory, noting that it still has a decade of fuel for its thrusters remaining and it also has stable mission costs.

Continue reading “The Chandra X-Ray Observatory Faces Shutdown In FY2025 Budget”