Hackaday Links Column Banner

Hackaday Links: December 5, 2021

Sad news from Germany, with the recent passing of a legend in the crypto community: Mr. Goxx, the crypto-trading hamster. The rodent rose to fame in the crypto community for his trades, which were generated at random during his daily exercise routines — his exercise wheel being used like a roulette wheel to choose a currency, and a pair of tunnels determined whether the transaction would be a buy or sell. His trading career was short, having only started this past June, but he was up 20% over that time — that’s nothing to sneeze at. Our condolences to Mr. Goxx’s owners, and to the community which sprung up around the animal’s antics.

It might seem a little early to start planning which conferences you’d like to hit in 2022, but some require a little more lead time than others. One that you might not have heard of is DINACON, the Digital Naturalism Conference, which explores the intersection of technology and the natural world. The con is set for the entire month of July 2022 and will be held in Sri Lanka. It has a different structure than most cons, in that participants attend for a week or so on a rotating basis, much like a biology field station summer session. It sounds like a lot of fun, and the setting couldn’t be more idyllic.

If you haven’t already killed your holiday gift budget buying NFTs, here’s something you might want to consider: the Arduino Uno Mini Limited Edition. What makes it a Limited Edition, you ask? Practically, it’s the small footprint compared to the original Uno and the castellated edges, but there are a bunch of other extras. Each elegant black PCB with gold silk screening is individually numbered and comes in presentation-quality packaging. But the pièce de résistance, or perhaps we should say the cavallo di battaglia, is that each one comes with a hand-signed letter from the Arduino founders. They honestly look pretty sharp, and at $45, it’s really not a bad collector’s piece.

And finally, the YouTube algorithm giveth again, when this infrastructure gem popped up in our feed. You wouldn’t think there’d be much of interest to see in a water main repair, but you’d be wrong, especially when that main is 50′ (15 m) below the surface, and the repair location is 600′ (183 m) from the access hatch. Oh yeah, and the pipe is only 42″ (1 m) in diameter, and runs underneath a river. There’s just so much nope in this one, especially since the diver has to swim into a special turning elbow just to get pointed in the right direction; how he turns around to swim out is not worth thinking about. Fascinating tidbits include being able to see the gravel used to protect the pipe in the riverbed through the crack in the pipe, and learning that big water mains are not completely filled, at least judging by the small air space visible at the top of the pipe. Those with claustrophobia are probably best advised to avoid this one, but it’s still amazing to see how stuff like this is done.

Continue reading “Hackaday Links: December 5, 2021”

Hackaday Links Column Banner

Hackaday Links: October 31, 2021

Global supply chain issues are beginning to hit closer to home for the hacker community, as Raspberry Pi has announced their first-ever price increase on their flagship Pi 4. The move essentially undoes the price drop on the 2GB version of the Pi 4 that was announced in February, and sets the price back up from $35 to $45. Also rolled back is the discontinuation of the 1GB version, which will now be available at the $35 price point. The announcements come from Eben Upton himself, who insists the price increase is only temporary. We applaud his optimism, but take it with a grain of salt since he also said that 2021 production across the board will stay at the seven million-unit level, which is what they produced in 2020. That seems to speak to deeper issues within the supply chain, but more immediately, it’s likely that the supply of Pi products will be pinched enough that you’ll end up paying above sticker price just to get the boards you need. Hope everyone is stocked up.

On the topic of supply chain issues and their threat to Christmas gift-giving, here’s one product we hope is stranded in a container off Long Beach or better still, bobbing along in the Strait of Juan De Fuca: a toddler’s toy telephone that actually makes and receives calls. Anyone born in the last 60 years probably had one of the Fisher-Price Chatter telephone, a toy that in its original form looked like a desk telephone on wheels that was dragged behind the child, popping along and providing endless hours of clicky amusement as kids twisted the dial and lifted the receiver. Come to think of it, the Chatter telephone may be as close to a dial phone as anyone born since 1990 may have come. Anyway, some genius stuck a Bluetooth module into the classic phone to let it hook up to an app on an actual phone, allowing kids (or more likely their nostalgia-soaked parents) to make and receive calls. It’s actually priced at a reasonable $60, so there might be some hacking potential here.

Also tangential to supply chains, we stumbled across a video guide to buying steel that might interest readers. Anyone who has seen the displays of steel and other metals at the usual big-box retailers might wonder what the fuss is, but buying steel that way or ordering online is a great way to bust a project’s budget. Fabricator and artist Doug Boyd insists that finding a local steel supplier is the best bang for your buck, and has a bunch of helpful tips for not sounding like a casual when you’re ordering. It’s all good advice, and would have helped us from looking foolish a time or two at the metal yard; just knowing that pipe is measured by inside diameter while tubing is measured by outside dimensions is worth the price of admission alone.

With all the money you save on steel and by not buying Raspberry Pis, perhaps you’ll have a couple of hundred thousand Euros lying around to bid on this authentic 1957 Sputnik I satellite. The full-scale model of Earth’s first artificial satellite — manhole covers excluded — was a non-flown test article, but externally faithful to the flown hardware that kicked off the first Space Race. The prospectus says that it has a transmitter and a “modern power supply”; it’s not clear if the transmitter was originally part of the test article or added later. The opening bid is €85,000 and is expected to climb considerably.

And finally, there’s something fascinating about “spy radios,” especially those from the Cold War era and before, when being caught with one in your possession was probably going to turn out to be a very bad day. One such radio is the Radio Orange “Acorn” receiver, which is in the collection of the Crypto Museum. The radio was used by the Dutch government to transmit news and information into the occupied Netherlands from their exile in London. Built to pass for a jewelry box, the case for the radio was made from an old cigar box and is a marvel of 1940s miniaturization. The radio used three acorn-style vacuum tubes and was powered by mains current; another version of the Radio Orange receiver was powered by a bike dynamo or even a water-powered turbine, which could be run from a tap or garden hose. The video below shows the water-powered version in action, but the racket it made must have been problematic for its users, especially given the stakes.

Continue reading “Hackaday Links: October 31, 2021”

Hackaday Links Column Banner

Hackaday Links: September 19, 2021

Things might be getting a bit dicey out in Jezero crater for Ingenuity. The little helicopter that could is starting to have trouble dealing with the thinning Martian atmosphere, and may start pressing against its margin of safety for continued operation. Ingenuity was designed for five flights that would all take place around the time its mothership Perseverance touched down on Mars back in February, at which time the mean atmospheric pressure was at a seasonal high. Over the last few months, the density of the Martian atmosphere has decreased a wee bit, but when you’re starting with a plan for a pressure that’s only 1.4% of Earth’s soupy atmosphere, every little bit counts. The solution to keeping Ingenuity flying is simple: run the rotors faster. NASA has run a test on that, spinning the rotors up to 2,800 RPM, and Ingenuity handled the extra stresses and power draw well. A 14th flight is planned to see how well the rotors bite into the rarefied air, but Ingenuity’s days as a scout for Perseverance could be numbered.

If you thought privacy concerns and government backdoors into encryption technology were 21st-century problems, think again. IEEE Spectrum has a story about “The Scandalous History of the Last Rotor Cipher Machine,” and it’s a great read — almost like a Tom Clancy novel. The story will appeal to crypto — not cryptocurrency — fans, especially those fascinated by Enigma machines, because it revolves around a Swiss rotor cipher machine called the HX-63, which was essentially a refinement of the original Enigma technology. With the equivalent of 2,000-bit encryption, it was considered unbreakable, and it was offered for sale to any and all — at least until the US National Security Agency sprung into action to persuade the inventor, Boris Hagelin, to shelve the HX-63 project in favor of electronic encryption. The NSA naturally helped Hagelin design this next generation of crypto machines, which of course all had backdoors built into them. While the cloak and dagger aspects of the story — including a possible assassination of Boris Hagelin’s son in 1970, when it became clear he wouldn’t “play ball” as his father had — are intriguing, the peek inside the HX-63, with its Swiss engineering, is the real treat.

One of the great things about the internet is how easy it is to quickly answer completely meaningless questions. For me, that usually involves looking up the lyrics of a song I just heard and finding out that, no, Robert Plant didn’t sing “Whoopie Cat” during Misty Mountain Hop. But it also let me answer a simple question the other day: what’s the largest single-piece metal object ever created? I figured it would have to be a casting of some sort, and likely something from the middle of the previous century. But as it turns out, the largest casting ever appears to have been manufactured in Sheffield, England in 2015. The company, Sheffield Forgemaster International, produced eleven castings for the offshore oil industry, each weighing in at over 320 tonnes. The scale of each piece is mind-boggling, and the technology that went into making them would be really interesting to learn about. And it goes without saying that my search was far from exhaustive; if you know of a single-piece metal part larger than 320 tonnes, I’ll be glad to stand corrected.

Have you heard about “teledriving” yet? On the face of it, a remote-controlled car where a qualified driver sits in an office somewhere watching video feeds from the car makes little sense. But as you dig into the details, the idea of remotely piloted cars starts to look like one of those “Why didn’t I think of that?” ideas. The company behind this is called Vay, and the idea is to remotely drive a ride-share vehicle to its next customer. Basically, when you hail a ride, a remote driver connects to an available car and drives it to your location. You get in and take over the controls to drive to your destination. When you arrive, another remote drive pilots the car to its next pickup. There are obvious problems to work out, but the idea is really the tacit admission that all things considered, humans are way better at driving than machines are, at least right now.

Hamster Trades Crypto Better Than You

The inner machinations of the mind of cryptocurrency markets are an enigma. Even traditional stock markets often seem to behave at random, to the point that several economists seriously suggest that various non-human animals might outperform one market or another just by random chance alone. The classic example is a monkey picking stocks at random, but in the modern world the hamster [Mr Goxx] actively trades crypto from inside his hamster cage.

[Mr Goxx]’s home comprises a normal apartment and a separate office where he can make his trades. The office contains an “intention wheel” where he can run in order to select a currency to trade, and two tunnels that [Mr Goxx] can use to declare his intention to buy or sell the currency he selected with the wheel. The wheel is connected to an Arduino Nano with an optical encoder, and the Nano also detects the hamster’s presence in the “buy” or “sell” tunnel and lights up status LEDs when he wants to execute a trade. The Nano also communicates with an intricate Java program which overlays information on the live video feed and also executes the trades in real life with real money.

Live updates are sent directly both on Twitter and Reddit, besides the live Twitch stream of [Mr Goxx] we linked above. The stream only shows his office and not his apartment, and he’s mostly active at night (Berlin time). But we can’t wait for his random walks to yield long-term results which can be analyzed for years to come. In the meantime we’ll see if others have been able to make any profits in crypto with any less-random methods.

NFTs Are The Hope For A New Tomorrow!

Here at Hackaday, we’re always working as hard as we can to bring you the latest and most exciting technologies, and like so many people we’ve become convinced that the possibilities offered by the rise of the Blockchain present unrivaled opportunities for humanity to reinvent itself unfettered by the stifling regulations of a dying system. This is why today we’ve decided to join in with the digital cognoscenti and celebrities embracing Non-Fungible Tokens, or NFTs, as a new promise of non-corporeal digital investment cryptoasset that’s taking the world by storm.

Crypto Non-Fungible Investment Gains!

Imagine for a minute, yourself owning a very expensive car. Skievl, CC BY-SA 4.0.
Imagine for a minute, yourself owning a very expensive car. Skievl, CC BY-SA 4.0.

An NFT is a digital token representing something in the real world, and coupled to a unique ID held in a secure entry in the Blockchain. It’s non-fungible, which means that it’s unique and not interchangeable in the manner of a traditional old-style cryptoasset such as Bitcoin. As it allows a real-world object to be tokenised in digital form it represents a way to own something that provides an irrefutable connection to it as as a digital cryptoasset.

It’s a complex system that’s maybe too difficult to explain fully in a single article, but think of an NFT as a way to invest in a cryptoasset in digital form with its uniqueness guaranteed by Blockchain security, without having the inconvenience of physically owning it. Instead your NFT is safely held on a server on the Internet, and can’t be physically stolen as it would from a bank vault because it has the Blockchain cryptosecurity baked in.

Non Fungible Blockchain Cryptoassets!

You don't own this. Yet.
You don’t own this. Yet.

NFTs have so far found a space in the creative markets, where they have provided a revolutionary opportunity for artists to expand their sales in the digital realm by selling NFTs of their work. A struggling artist can now access buyers all over the world, who can in turn now invest with confidence in creative talent to which they would never otherwise be exposed. It’s a win-win situation in which both cryptoinvestor and artist benefit from The Power of the Blockchain.

Hackaday is excited to offer a once-in-a-lifetime chance to acquire a Blockchain-cryptosecured NFT representing one of our own articles; our first ever NFT is the only officially sanctioned digital copy of a Hackaday article presenting a novel method of handling toilet paper shortages. The original article will continue to exist on Hackaday.com with all rights reserved, but we will not make any other NFTs of it. We may also decide to update the original article to let everyone know you are the lucky owner of the only digital copy of this piece of greatness. That’s right, this NFT will let you prove you own a screenshot!

Having today sold you on the incredible cryptoinvestment opportunity offered by NFTs, we’ll be back on another date with a more sober and in-depth technical examination of the technology behind them. Meanwhile should our brief foray into NFTs garner any interest (and we really hope it does not), we will donate proceeds to the excellent Girls Who Code, a truly solid investment with a tangible bright future.

Thanks [Micah Scott] for some NFT consultancy during the making of this piece.

This Week In Security: XCode Infections, Freepik, And Crypto Fails

There is a scenario that keep security gurus up at night: Malware that can detect software compilation and insert itself into the resulting binary. A new Mac malware, XCSSET (PDF), does just that, running whenever Xcode is used to build an application. Not only is there the danger of compiled apps being malicious, the malware also collects data from the developer’s machine. It seems that the malware spreads through infected Xcode projects.

WordPress Plugins

WordPress has a complicated security track record. The core project has had very few serious vulnerabilities over the years. On the other hand, WordPress sites are routinely compromised. How? Generally through vulnerable plugins. Case in point? Advanced Access Manager. It’s a third party WordPress plugin with an estimate 100,000 installations. The problem is that this plugin requires user levels, a deprecated and removed WordPress feature. The missing feature had some unexpected results, like allowing any user to request administrator privileges.

The issue has been fixed in 6.6.2 of the plugin, so if you happen to run the Advanced Access Manager plugin, make sure to get it updated. Beyond that, maybe it’s time to do an audit on your WordPress site. Uninstall unused plugins, and make sure the rest are up to date, along with the WordPress installation itself. Continue reading “This Week In Security: XCode Infections, Freepik, And Crypto Fails”

John McMaster Explains Crypto Ignition Phone Keys And How To Reproduce Them

When you’re a nation state, secure communications are key to protecting your sovereignty and keeping your best laid plans under wraps. For the USA, this requirement led to the development of a series of secure telephony networks over the years. John McMaster found himself interested in investigating the workings of the STU-III secure telephone, and set out to replicate the secure keys used with this system.

An encryption key in a very physical, real sense, the Crypto Igntion Key was used with the STU-III to secure phone calls across many US government operations. The key contains a 64KB EEPROM that holds the cryptographic data.

[John] had a particular affinity for the STU-III for its method of encrypting phone calls. A physical device known as a Crypto Ignition Key had to be inserted into the telephone, and turned with a satisfying clunk to enable encryption. This physical key contains digital encryption keys that, in combination with those in the telephone, are used to encrypt the call. The tactile interface gives very clear feedback to the user about securing the communication channel. Wishing to learn more, John began to research the system further and attempted to source some hardware to tinker with.

As John explains in his Hackaday Superconference talk embeded below, he was able to source a civilian-model STU-III handset but the keys proved difficult to find. As carriers of encryption keys, it’s likely that most were destroyed as per security protocol when reaching their expiry date. However, after laying his hands on a broken key, he was able to create a CAD model and produce a mechanically compatible prototype that would fit in the slot and turn correctly.

Continue reading “John McMaster Explains Crypto Ignition Phone Keys And How To Reproduce Them”