Hackaday Links: June 3, 2018

All the Radio Shacks are dead. adioS, or something. But wait, what’s this? There are new Radio Shacks opening. Here’s one in Idaho, and here’s another in Claremore, Oklahoma. This isn’t like the ‘Blockbuster Video in Nome, Alaska’ that clings on by virtue of being so remote; Claremore isn’t that far from Tulsa, and the one in Idaho is in a town with a population of 50,000. Are these corporate stores, or are they the (cool) independent Radio Shacks? Are there component drawers? Anyone want to take a field trip and report?

A few years ago, [cnxsoft] bought a Sonoff WiFi switch to control a well pump. Despite this being a way to control the flow of massive amounts of water with an Internet of Things thing, we’re still rocking it antediluvian style, and for the most part this WiFi-connected relay worked well. Until it didn’t. For the past few days, the switch wouldn’t connect to the network, so [cnxsoft] cracked it open to figure out why. There was one burnt component, and more than one electrocuted insect. Apparently, an ant bridged two pins, was shortly electrocuted, and toasted a resistor. It’s a bug, a real bug, in an Internet of Things thing.

eInk is coming to license plates? Apparently. Since an eInk license plate already includes some electronics, it wouldn’t be much to add some tracking hardware for a surveillance state.

Hold up, it’s a press release about crypto hardware. No, not that crypto, the other crypto. Asus has announced a new motherboard that is capable of supporting twenty graphics cards. This isn’t a six-foot-wide motherboard; it’s designed especially for coin mining, and for that, the graphics cards really only need a PCIe x1 connection. The real trick here is not using PCIe headers, and instead piping everything over vertical-mount USB ports. Yes, this is a slight cabling nightmare. So, you still think the early 80s with fluorinert waterfalls and Blinkenlights that played Game of Life was the pinnacle of style in computer hardware? No, this is it right here.

Here’s a book you should readIgnition!: An Informal History of Liquid Rocket Propellants by John Drury Clark is a fantastic book about how modern liquid rocket fuel came to be. Want to know why 60s cartoons and spy movies always referenced a ‘secret rocket fuel formula’ when kerosene and liquid oxygen work just fine? This is that. Back when we covered it, the book, used, on Amazon, cost $500. It’s now in print again and priced reasonably. It’s on the Inc. 9 Powerful Books Elon Musk Recommends list, so you know it’s good. Thanks, [Ben] for sending this one in on the tip line.

Distorted Text Says A Lot

Getting bounced to a website by scanning a QR code is no longer an exciting feat of technology, but what if you scanned the ingredient list on your granola bar and it went to the company’s page for that specific flavor, sans the matrix code?

Bright minds at the Columbia University in the City of New York have “perturbed” ordinary font characters so the average human eye won’t pick up the changes. Even ordinary OCR won’t miss a beat when it looks at a passage with a hidden message. After all, these “perturbed” glyphs are like a perfectly legible character viewed through a drop of water. When a camera is looking for these secret messages, those minor tweaks speak volumes.

The system is diabolically simple. Each character can be distorted according to an algorithm and a second variable. Changing that second variable is like twisting a distorted lens, or a water drop but the afterimage can be decoded and the variable extracted. This kind of encoding can survive a trip to the printer, unlike a purely digital hidden message.

Hidden messages like these are not limited to passing notes, metadata can be attached to any text and extracted when necessary. Literature could include notes without taking up page space so teachers could include helpful notes and a cell phone could be like an x-ray machine to see what the teacher wants to show. For example, you could define what “crypto” actually means.

Continue reading “Distorted Text Says A Lot”

What Does ‘Crypto’ Actually Mean?

This article is about crypto. It’s in the title, and the first sentence, yet the topic still remains hidden.

At Hackaday, we are deeply concerned with language. Part of this is the fact that we are a purely text-based publication, yes, but a better reason is right there in the masthead. This is Hackaday, and for more than a decade, we have countered to the notion that ‘hackers’ are only bad actors. We have railed against co-opted language for our entire existence, and our more successful stories are entirely about the use and abuse of language.

Part of this is due to the nature of the Internet. Pedantry is an acceptable substitute for wisdom, it seems, and choosing the right word isn’t just a matter of semantics — it’s a compiler error. The wrong word shuts down all discussion. Use the phrase, ‘fused deposition modeling’ when describing a filament-based 3D printer, and some will inevitably reach for their pitchforks and torches; the correct phrase is, ‘fused filament fabrication’, the term preferred by the RepRap community because it is legally unencumbered by patents. That’s actually a neat tidbit, but the phrase describing a technology is covered by a trademark, and not by a patent.

The technical side of the Internet, or at least the subpopulation concerned about backdoors, 0-days, and commitments to hodl, is now at a semantic crossroads. ‘Crypto’ is starting to mean ‘cryptocurrency’. The netsec and technology-minded populations of the Internet are now deeply concerned over language. Cryptocurrency enthusiasts have usurped the word ‘crypto’, and the folks that were hacking around with DES thirty years ago aren’t happy. A DH key exchange has nothing to do with virtual cats bought with Etherium, and there’s no way anyone losing money to ICO scams could come up with an encryption protocol as elegant as ROT-13.

But language changes. Now, cryptographers are dealing with the same problem hackers had in the 90s, and this time there’s nothing as cool as rollerblading into the Gibson to fall back on. Does ‘crypto’ mean ‘cryptography’, or does ‘crypto’ mean cryptocurrency? If frequency of usage determines the correct definition, a quick perusal of the press releases in my email quickly reveals a winner. It’s cryptocurrency by a mile. However, cryptography has been around much, much longer than cryptocurrency. What’s the right definition of ‘crypto’? Does it mean cryptography, or does it mean cryptocurrency?

Continue reading “What Does ‘Crypto’ Actually Mean?”

What is Entropy and How Do I Get More of It?

Let’s start off with one of my favorite quotes from John von Neumann: “Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.”

What von Neumann is getting at is that the “pseudo” in pseudorandom number generator (PRNG) is really a synonym for “not at all”. Granted, if you come in the middle of a good PRNG sequence, guessing the next number is nearly impossible. But if you know, or can guess, the seed that started the PRNG off, you know all past and future values nearly instantly; it’s a purely deterministic mathematical function. This shouldn’t be taken as a rant against PRNGs, but merely as a reminder that when you use one, the un-guessability of the numbers that it spits out is only as un-guessable as the seed. And while “un-guessability” isn’t a well-defined mathematical concept, or even a real word, entropy is.

That’s why entropy matters to you. Almost anything that your computer wants to keep secret will require the generation of a secret random number at some point, and any series of “random” numbers that a computer generates will have only as much entropy, and thus un-guessability, as the seed used. So how does a computer, a deterministic machine, harvest entropy for that seed in the first place? And how can you make sure you’ve got enough? And did you know that your Raspberry Pi can be turned into a heavy-duty source of entropy? Read on!

Continue reading “What is Entropy and How Do I Get More of It?”

Sneakers: a Love-Fest

“A TURNIP CURES ELVIS” begins the opening credits, an intriguing beginning to a smart and still timely film that was released around 25 years ago. If you’ve never seen the movie, I’m about to spoil the hell out of it.

Sneakers features the title characters, hackers who work the 1992 gig economy as freelance penetration testers. They work for Martin Bishop, a hippie hacker Obi Wan who works San Francisco’s gray market, doing good deeds and helping banks improve their security.

While there is a fair amount of cheese in Sneakers, a lot of the problems the characters face — physical security and cryptography come to mind — remain the problems of today. Securing our digital business? Check. Surveillance? Check? Gray operators? Absolutely. At the same time, the movie does a good job of exploring different categories of hacker. The various characters seem to offer glimpses of people I see all the time at the hackerspace. Bigger than life, certainly, but they are in a Hollywood movie, after all.

Finally, the movie is just smart. Those opening credits offer a preview: the anagrams that begin the movie (“A TURNIP KILLS ELVIS” translates to Universal Pictures) are not just some art director’s conceit for the opening credits. The anagrams end up being important later on in the film, where there is a key clue hidden but if you think about it, shuffling letters on your Scrabble tray could be taken as a metaphor for hacker thinking — taking the same information as everyone else but looking at it in a different way.

Continue reading “Sneakers: a Love-Fest”

The Enigma Enigma: How The Enigma Machine Worked

To many, the Enigma machine is an enigma. But it’s really quite simple. The following is a step-by-step explanation of how it works, from the basics to the full machine.

Possibly the greatest dedicated cipher machine in human history the Enigma machine is a typewriter-sized machine, with keyboard included, that the Germans used to encrypt and decrypt messages during World War II. It’s also one of the machines that the Polish Cipher Bureau and those at Britain’s Bletchley Park figured out how to decipher, or break. Most recently the story of how it was broken was the topic of the movie The Imitation Game.

Let’s start with the basics.

Continue reading “The Enigma Enigma: How The Enigma Machine Worked”

Number Twitters

Grab a shortwave radio, go up on your roof at night, turn on the radio, and if the ionosphere is just right, you’ll be able to tune into some very, very strange radio stations. Some of these stations are just a voice — usually a woman’s voice — simply counting. Some are Morse code. All of them are completely unintelligible unless you have a secret code book. These are number stations, or radio stations nobody knows much about, but everyone agrees they’re used to pass messages from intelligence agencies to spies in the field.

A few years ago, we took a look at number stations, their history, and the efforts of people who document and record these mysterious messages used for unknown purposes. These number stations exist for a particular reason: if you’re a spy, you would much rather get caught with an ordinary radio instead of a fancy encryption machine. Passing code through intermediaries or dead drops presents a liability. The solution to both these problems lies in broadcasting messages in code, allowing anyone to receive them. Only the spy who holds a code book — or in the case of the Cuban Five, software designed to decrypt messages from number stations — can decipher the code.

Number stations are a hack, of sorts, of the entire concept of broadcasting. For all but a few, these number stations broadcast complete gibberish. Only to the person holding the code book or the decryption software do these number stations mean anything. However, since the first number stations went on the air over one hundred years ago, broadcasting has changed dramatically. We now have the Internet, and although most web services cannot be considered a one-to-many distribution as how broadcasting is defined, Twitter can. Are there number stations on Twitter? There sure are. Are they used by spies or agents of governments around the world? That’s a little harder to say.

Continue reading “Number Twitters”