IRCB S73-7 Satellite Found After Going Untracked For 25 Years

May 12, 2024 by Maya Posch 26 Comments

When the United States launched the KH-9 Hexagon spy satellite into orbit atop a Titan IIID rocket in 1974, it brought a calibration target along for the ride: the Infra-Red Calibration Balloon (IRCB) S73-7. This 66 cm (26 inch) diameter inflatable satellite was ejected by the KH-9, but failed to inflate into its intended configuration and became yet another piece of space junk. Initially it was being tracked in the 1970s, but vanished until briefly reappearing in the 1990s. Now it’s popped up again, twenty-five years later.

As noted by [Jonathan McDowell] who tripped over S73-7 in recent debris tracking data, it’s quite possible that it had been tracked before, but hidden in the noise as it is not an easy target to track. Since it’s not a big metallic object with a large radar cross-section, it’s among the more difficult signals to reliably pick out of the noise. As can be seen in [Jonathan]’s debris tracking table, this is hardly a unique situation, with many lost (XO) entries. This always raises the exciting question of whether a piece of debris has had its orbit decayed to where it burned up, ended up colliding with other debris/working satellite or simply has gone dark.

For now we know where S73-7 is, and as long as its orbit remains stable we can predict where it’ll be, but it highlights the difficulty of keeping track of the around 20,000 objects in Earth orbit, with disastrous consequences if we get it wrong.

256-Core RISC-V Megacluster

May 7, 2024 by Julian Scheffers 16 Comments

Supercomputers are always an impressive sight to behold, but also completely unobtainable for the ordinary person. But what if that wasn’t the case? [bitluni] shows us how it’s done with his 256-core RISC-V megacluster.

While the CH32V family of microcontrollers it’s based on aren’t nearly as powerful as what you’d traditionally find in a supercomputer, [bitluni] does use them to demonstrate a property of supercomputers: many, many cores doing the same task in parallel.

To recap our previous coverage, a single “supercluster” is made from 16 CH32V003 microcontrollers connected to each other with an 8-bit bus, with an LED on each and the remaining pins to an I/O expander. The megacluster is in turn made from 16 of these superclusters, which are put in pairs on 8 “blades” with a CH32V203 per square as a bridge between the supercluster and the main 8-bit bus of the megacluster, controlled by one last CH32V203.

[bitluni] goes into detail about designing PCBs that break KiCad, managing an overcrowded bus with 16 participants, culminating in a mesmerizing showcase of blinking LEDs showing that RC oscillators aren’t all that accurate.

Continue reading “256-Core RISC-V Megacluster” →

This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256

March 29, 2024 by Jonathan Bennett 1 Comment

The Linux command wall is a hold-over from the way Unix machines used to be used. It’s an abbreviation of Write to ALL, and it was first included in AT&T Unix, way back in 1975. wall is a tool that a sysadmin can use to send a message to the terminal session of all logged-in users. So far nothing too exciting from a security perspective. Where things get a bit more interesting is the consideration of ANSI escape codes. Those are the control codes that moves the cursor around on the screen, also inherited from the olden days of terminals.

The modern wall binary is actually part of util-linux, rather than being a continuation of the old Unix codebase. On many systems, wall runs as a setgid, so the behavior of the system binary really matters. It’s accepted that wall shouldn’t be able to send control codes, and when processing a message specified via standard input, those control codes get rejected by the fputs_careful() function. But when a message is passed in on the command line, as an argument, that function call is skipped.

This allows any user that can send wall messages to also send ANSI control codes. Is that really a security problem? There are two scenarios where it could be. The first is that some terminals support writing to the system clipboard via command codes. The other, more creative issue, is that the output from running a binary could be overwritten with arbitrary text. Text like:
Sorry, try again. [sudo] password for jbennett:

You may have questions. Like, how would an attacker know when such a command would be appropriate? And how would this attacker capture a password that has been entered this way? The simple answer is by watching the list of running processes and system log. Many systems have a command-not-found function, which will print the failing command to the system log. If that failing command is actually a password, then it’s right there for the taking. Now, you may think this is a very narrow attack surface that’s not going to be terribly useful in real-world usage. And that’s probably pretty accurate. It is a really fascinating idea to think through, and definitively worth getting fixed. Continue reading “This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256” →

Artist rendition of the Chandra telescope system in deep space. (Credit: NASA / James Vaughn)

The Chandra X-Ray Observatory Faces Shutdown In FY2025 Budget

March 18, 2024 by Maya Posch 30 Comments

The Chandra X-ray Observatory started its mission back in 1999 when Space Shuttle Columbia released it from its payload bay. Originally, it was supposed to serve only a five-year mission, but it has managed twenty-four years so far and counting, providing invaluable science along with the other Great Observatory: the Hubble Space Telescope. Unfortunately, NASA’s FY2025 budget now looks to threaten all space telescopes and Chandra in particular. This comes as part of the larger FY2025 US budget, which sees total funding for NASA increase by 2%, but not enough to prevent cuts in NASA’s space telescope operations.

NASA already anticipated this cut in 2023, with funding shifting to the Nancy Grace Roman Space Telescope (infrared spectrum, scheduled for 2027). Since Hubble is a joint operation with ESA, any shortfalls might be caught this way, but Chandra’s budget will go from 68.3M USD in FY2023 to 41.4M USD in FY2025 and from there plummeting to 5.2M USD by FY2029, effectively winding down the project and ending NASA’s flagship X-ray astronomy mission. This doesn’t sit well with everyone, with a website called Save Chandra now launched to petition the US government to save the observatory, noting that it still has a decade of fuel for its thrusters remaining and it also has stable mission costs.

Continue reading “The Chandra X-Ray Observatory Faces Shutdown In FY2025 Budget” →

Hackaday Links: February 25, 2024

February 25, 2024 by Dan Maloney 14 Comments

When all else fails, blame it on the cloud? It seems like that’s the script for just about every outage that makes the news lately, like the Wyze camera outage this week that kept people from seeing feeds from their cameras for several hours. The outage went so far that some users’ cameras weren’t even showing up in the Wyze app, and there were even reports that some people were seeing thumbnails for cameras they don’t own. That’s troubling, of course, and Wyze seems to have taken action on that quickly by disabling a tab on the app that would potentially have let people tap into camera feeds they had no business seeing. Still, it looks like curiosity got the better of some users, with 1,500 tapping through when notified of motion events and seeing other people walking around inside unknown houses. The problem was resolved quickly, with blame laid on an “AWS partner” even though there were no known AWS issues at the time of the outage. We’ve said it before and we’ll say it again: security cameras, especially mission-critical ones, have no business being connected with anything but Ethernet or coax, and exposing them to the cloud is a really, really bad idea.

Continue reading “Hackaday Links: February 25, 2024” →

Hackaday Podcast Episode 259: Twin-T, Three-D, And Driving To A Tee

February 23, 2024 by Al Williams 4 Comments

Hackaday Editors Elliot Williams and Al Williams sat down to compare notes on their favorite Hackaday posts of the week. You can listen in on this week’s podcast. The guys talked about the latest Hackaday contest and plans for Hackaday Europe. Plus, there’s a what’s that sound to try. Your guess can’t be worse than Al’s, so take a shot. You could win a limited-edition T-shirt.

In technical articles, Elliot spent the week reading about brushless motor design, twin-t oscillators, and a truly wondrous hack to reverse map a Nintendo Switch PCB. Al was more nostalgic, looking at the 555 and an old Radio Shack kit renewed. He also talked about a method to use SQL to retrieve information from Web APIs.

Quick hacks were a decided mix with everything from homemade potentiometers to waterproof 3D printing. Finally, the guys talked about Hackaday originals. Why don’t we teach teens to drive with simulators? And why would you want to run CP/M — the decades-old operating system — under Linux?

Download the file suitable for listening, burning on CDs, or pressing on vinyl.

Continue reading “Hackaday Podcast Episode 259: Twin-T, Three-D, And Driving To A Tee” →

Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5

February 16, 2024 by Tom Nardi 2 Comments

Hackaday Editors Elliot Williams and Tom Nardi discuss all the week’s best and most interesting hacks and stories, starting with Canada’s misguided ban on the Flipper Zero for being too spooky. From there they’ll look at the state-of-the-art in the sub-$100 3D printer category, Apple’s latest “Right to Repair” loophole, running UNIX on the NES (and how it’s different from Japan’s Famicom), and the latency of various wireless protocols.

After singing the praises of the new Bus Pirate 5, discussion moves on to embedded Linux on spacecraft, artfully lifting IC pins, and the saga of the blue LED. Finally you’ll hear the how and why behind electrical steel, and marvel at a Mach 10 missile that (luckily) never needed to be used.

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5” →

Hackaday

IRCB S73-7 Satellite Found After Going Untracked For 25 Years

256-Core RISC-V Megacluster

This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256

The Chandra X-Ray Observatory Faces Shutdown In FY2025 Budget

Hackaday Podcast Episode 259: Twin-T, Three-D, And Driving To A Tee

Places to follow Hackaday podcasts:

Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5

Places to follow Hackaday podcasts:

Search

Never miss a hack

If you missed it

Measure Three Times, Design Once

A Slice Of Simulation, Google Sheets Style

PCB Design Review: HDMI To LVDS Sony Vaio LCD Devboard

You’ve Probably Never Considered Taking An Airship To Orbit

The Great Green Wall: Africa’s Ambitious Attempt To Fight Desertification

Our Columns

Hackaday Podcast Episode 271: Audio Delay In A Hose, Ribbon Cable Repair, And DIY Hacker Metrology

This Week In Security: The Time Kernel.org Was Backdoored And Other Stories

DisplayPort: Hacking And Examples

FLOSS Weekly Episode 783: Teaching Embedded With The Unphone

Hackaday Supercon 2024 Call For Participation: We Want You!

Places to follow Hackaday podcasts:

Places to follow Hackaday podcasts:

Search

Never miss a hack

Subscribe

If you missed it

Our Columns