Hackaday Links: August 2, 2020

August 2, 2020 by Dan Maloney 14 Comments

If you somehow manage to mentally separate yourself from the human tragedy of the COVID-19 pandemic, it really has provided a fascinating glimpse into how our planet operates, and how much impact seven billion people have on it. Latest among these revelations is that the shutdowns had a salubrious effect in at least one unexpected area: solar power. Researchers found that after the Indian government instituted mandatory lockdowns in March, output from solar power installations in Delhi increased by more than eight percent. The cause: the much-diminished smog, which let more sunlight reach solar panels. We’ve seen similar shutdown-related Earth-impact stories, from decreased anthropogenic seismicity to actually being able to see Los Angeles, and find them all delightfully revealing.

Remember Google Glass? It’s hard to forget, what with all the hype leading up to launch and the bitter disappointment of realizing that actually wearing the device wouldn’t go over well in, say, a locker room. That said, the idea of smart glasses had promise, and several startups tried to make a go of combining functionality with less out-there styling that wouldn’t instantly be seen as probable cause for being a creep. One such outfit was North, who made the more-or-less regular looking (if a bit hipsterish) Focals smart glasses. But alas, North was bought out by Google back in June, and as with so many things Google acquires, Focals smart glasses are being turned off. Anyone who bought the $600 specs will reportedly get their money back, but the features of the smart glasses will no longer function. Except, you know, you’ll still be able to look through them.

It looks like someone has finally come up with a pretty good use case for the adorably terrifying robot mini-dogs from Boston Dynamics. Ford Motors has put two of the yellow robots to work in their sprawling Van Dyke Transmission Plant in Michigan. Dubbed Fluffy and Spot (aww), the dogs wander around the plant with a suite of cameras and sensors, digitally mapping the space to prepare for possible future modifications and expansions. The robots can cover a lot of ground during the two hours that their batteries last, and are even said to be able to hitch a ride on the backs of other robots when they’re tuckered out. Scanning projects like these can keep highly trained — and expensive — engineers busy for weeks, so the investment in robots makes sense. And we’re sure there’s totally no way that Ford is using the disarmingly cute robo-pets to keep track of its employees.

We all know that the Linux kernel has some interesting cruft in it, but did you know that it can actually alert you to the fact that your printer is aflame? We didn’t either until Editor-in-Chief Mike Szczys shared this reddit post that details the kernel function lp_check_status and how it assumes the worst if it detects the printer is online but also in “check mode.” The Wikipedia entry on the “lp0 on fire” error message has some interesting history that details how it’s not as implausible as it might seem for a printer, especially one in the early 1970s, to burst into flames under the right conditions. A toner fuser bar running amok on a modern laser printer is one thing, but imagine a printer with a fusing oven running out of control.

And finally, because 2020 is apparently the gift that can’t stop giving, at least in the weirdness department, the US Department of Defense let it slip that the office charged with investigating unidentified aerial phenomena is not quite as disbanded as they once said it was. Reported to have been defunded in 2017, the Advanced Aerospace Threat Identification Program actually appears to live on, as the Unidentified Aerial Phenomena Task Force, operating out of the Office of Naval Intelligence. Their purpose is ostensibly to study things like the Navy videos of high-speed craft out-maneuvering fighter jets, but there are whispers from former members of the task force that “objects of undetermined origin have crashed on earth with materials retrieved for study.” All this could just be a strategic misdirection, of course, but given everything else that has happened this year, we’re prepared to believe just about anything.

Hackaday Links: July 26, 2020

July 26, 2020 by Dan Maloney 12 Comments

An Australian teen is in hot water after he allegedly exposed sensitive medical information concerning COVID-19 patients being treated in a local hospital. While the authorities in Western Australia were quick to paint the unidentified teen as a malicious, balaclava-wearing hacker spending his idle days cracking into secure systems, a narrative local media were all too willing to parrot, reading down past the breathless headlines reveals the truth: the teen set up an SDR to receive unencrypted POCSAG pager data from a hospital, and built a web page to display it all in real-time. We’ve covered the use of unsecured pager networks in the medical profession before; this is a well-known problem that should not exactly take any infosec pros by surprise. Apparently authorities just hoped that nobody would spend $20 on an SDR and an afternoon putting it all together rather than address the real problem, and when found out they shifted the blame onto the kid.

Speaking of RF hacking, even though the 2020 HOPE Conference is going virtual, they’ll still be holding the RF Hacking Village. It’s not clear from the schedule how exactly that will happen; perhaps like this year’s GNU Radio Conference CTF Challenge, they’ll be distributing audio files for participants to decode. If someone attends HOPE, which starts this weekend, we’d love to hear a report on how the RF Village — and the Lockpicking Village and all the other attractions — are organized. Here’s hoping it’s as cool as DEFCON Safe Mode’s cassette tape mystery.

It looks like the Raspberry Pi family is about to get a big performance boost, with Eben Upton’s announcement that the upcoming Pi Compute Module 4 will hopefully support NVMe storage. The non-volatile memory express spec will allow speedy access to storage and make the many hacks Pi users use to increase access speed unnecessary. While the Compute Modules are targeted at embedded system designers, Upton also hinted that NVMe support might make it into the mainstream Pi line with a future Pi 4A.

Campfires on the sun? It sounds strange, but that’s what solar scientists are calling the bright spots revealed on our star’s surface by the newly commissioned ESA/NASA Solar Orbiter satellite. The orbiter recently returned its first images of the sun, which are extreme closeups of the roiling surface. They didn’t expect the first images, which are normally used to calibrate instruments and make sure everything is working, to reveal something new, but the (relatively) tiny bright spots are thought to be smaller versions of the larger solar flares we observe from Earth. There are some fascinating images coming back from the orbiter, and they’re well worth checking out.

And finally, although it’s an old article and has nothing to do with hacking, we stumbled upon Tim Urban’s look at the mathematics of human relations and found it fascinating enough to share. The gist is that everyone on the planet is related, and most of us are a lot more inbred than we would like to think, thanks to the exponential growth of everyone’s tree of ancestors. For example, you have 128 great-great-great-great-great-grandparents, who were probably alive in the early 1800s. That pool doubles in size with every generation you go back, until we eventually — sometime in the 1600s — have a pool of ancestors that exceeds the population of the planet at the time. This means that somewhere along the way, someone in your family tree was hanging out with someone else from a very nearby branch of the same tree. That union, likely between first or second cousins, produced the line that led to you. This is called pedigree collapse and it results in the pool of ancestors being greatly trimmed thanks to sharing grandparents. So the next time someone tells you they’re descended from 16th-century royalty, you can just tell them, “Oh yeah? Me too!” Probably.

Hackaday Links: July 19, 2020

July 19, 2020 by Dan Maloney 19 Comments

Care to flex your ethical hacker muscles? The Defense Advanced Research Projects Agency, better known as DARPA, is running its first-ever bug-bounty program. The event is called “Finding Exploits to Thwart Tampering”, or FETT — get it? Bounty hunter? Fett? — and is designed to stress-test security hardware developed through DARPA’s System Security Integration Through Hardware and Firmware, or SSITH. Tortured backronyms and pop culture references aside, FETT will start this month and go through September. This is not an open challenge per se; rather, the Red Team will be coordinated by crowdsourced security research company Synack, who has called for security researchers to sign on.

The Linux kernel development team has decided to join the trend away from insensitive terminology like “master/slave” and “blacklist/whitelist” in coding style. A July 4 proposal by kernel maintainer Dan Williams goes into some detail on the logic of making the change, and it’s quite convincing stuff. It’s hard to argue with the fact that code reviewers can easily be distracted by coding style changes, so replacing terms that have become lightning rods only makes sense. Linus himself has signed off on the changes for all future code; the current terminology will only be allowed for purposes of maintaining older code.

Some stories just leap off the screen when you’re scanning headlines, and a story with the term “narco-antennas” practically begs further investigation. It turns out that the drug cartels in Mexico (and probably elsewhere, but the story focused on Mexico) are quite sophisticated in terms of communications technology. Eschewing cell phones for some of their communication needs for obvious reasons, they still apparently leverage the cell system by installing their own transceivers at cell sites. This can lead to some tense moments for the engineers who maintain legitimate gear at these sites; the story above recounts one hapless tech who powered down a site to make some repairs only to be confronted by armed men upset about the loss of their radios. It’s a fascinating look at the underworld and their technology, and we can’t help but feel for the men and women who have to face down these criminals just to do their jobs.

Way back in January — remember January? — we kicked off the 2020 Hack Chat series with a fellow named Alberto Caballero, principal investigator of the Habitable Exoplanet Hunting Project. At the time, I was blown away by the fact that the tiny changes in intensity caused by planets transiting across their star’s face were detectable on Earth with instruments an amateur astronomer could easily afford. And now, the project’s crowdsourced planet hunters have hit pay dirt, with the discovery of a Saturn-sized exoplanet in orbit within the habitable zone around star GJ 3470, also known as Gliese 3470, a red dwarf about 30 parsecs away in the constellation Cancer. Their paper is still in preprint and hasn’t been peer-reviewed yet, but it’s exciting to see this kind of citizen science being done, and we’d like to congratulate the team on their achievement and wish them continued luck in their search for “Earth 2.0”

And finally, if you can’t stand the idea that future archaeologists may someday pore over your code in an attempt to understand the digital lives of their long-dead forebears, then you might want to skip this story about how GitHub shipped 21 terabytes of open-source code to cold storage. The destination for the data, contained on reels of archive film and shipped on two pallets, is the world’s long-term memory: the Artic World Archive on the island of Svalbard. Perhaps better known for the Svalbard Seed Vault, where the genetic diversity of the world’s plants is stored, the Artic Code Vault is in a nearby abandoned coal mine and set deep within the permafrost. The rationale for making the effort to preserve code makes for some interesting reading, but we can’t help but feel that like the graffitists of Pompeii, if we’d known someone would be reading this stuff in a thousand years, we might have edited out a few things.

Hackaday Links: July 12, 2020

July 12, 2020 by Dan Maloney 30 Comments

Based in the US as Hackaday is, it’s easy to overload the news with stories from home. That’s particularly true with dark tales of the expanding surveillance state, which seem to just get worse here on a daily basis. So we’re not exactly sure how we feel to share not one but two international stories of a dystopian bent; one the one hand, pleased that it’s not us for a change, but on the other, sad to see the trend toward less freedom and more monitoring spreading.

The first story comes from Mexico, where apparently everything our community does will soon be illegal. We couch that statement because the analysis is based on Google translations of reports from Mexico, possibly masking the linguistic nuances that undergird legislative prose. So we did some digging and it indeed appears that the Mexican Senate approved a package of reforms to existing federal copyright laws that will make it illegal to do things like installing a non-OEM operating system on a PC, or to use non-branded ink cartridges in a printer. Reverse engineering ROMs will be right out too, making any meaningful security research illegal. There appear to be exceptions to the law, but those are mostly to the benefit of the Mexican government for “national security purposes.” It’ll be a sad day indeed for Mexican hackers if this law is passed.

The other story comes from Germany, where a proposed law would grant sweeping surveillance powers to 19 state intelligence bodies. The law would require ISPs to install hardware in their data centers that would allow law enforcement to receive data and potentially modify it before sending it on to where it was supposed to go. So German Internet users can look forward to state-sponsored man-in-the-middle attacks and trojan injections if this thing passes.

OK, time for a palate cleanser: take an hour to watch a time-lapse of the last decade of activity of our star. NASA put the film together from data sent back by the Solar Dynamics Observatory, a satellite that has been keeping an eye on the Sun from geosynchronous orbit since 2010. Each frame of the film is one hour of solar activity, which may sound like it would be boring to watch, but it’s actually quite interesting and very relaxing. There are exciting moments, too, like enormous solar eruptions and the beautiful but somehow terrifying lunar transits. More terrifying still is a massive coronal mass ejection (CME) captured in June 2011. A more subtle but fascinating phenomenon is the gradual decrease in the number of sunspots over the decade as the Sun goes through its normal eleven-year cycle.

You’ll recall that as a public service to our more gear-headed readers that we recently covered the recall of automotive jack stands sold at Harbor Freight, purveyor of discount tools in the USA. Parts for the jack stands in question had been cast with a degraded mold, making the pawls liable to kick out under load and drop the vehicle, with potentially catastrophic results for anyone working beneath. To their credit, Harbor Freight responded immediately and replaced tons of stands with a new version. But now, Harbor Freight is forced to recall the replacement stands as well, due to a welding error. It’s an embarrassment, to be sure, but to make it as right as possible, Harbor Freight is now accepting any of their brand jack stands for refund or store credit.

And finally, if you thought that the experience of buying a new car couldn’t be any more miserable, wait till you have to pay to use the windshield wipers. Exaggeration? Perhaps only slightly, now that BMW “is planning to move some features of its new cars to a subscription model.” Plans like that are common enough as cars get increasingly complex infotainment systems, or with vehicles like Teslas which can be upgraded remotely. But BMW is actually planning on making options such as heated seats and adaptive cruise control available only by subscription — try it out for a month and if you like it, pay to keep them on for a year. It would aggravate us to no end knowing that the hardware supporting these features had already been installed and were just being held ransom by software. Sounds like a perfect job for a hacker — just not one in Mexico.

Hackaday Links: July 5, 2020

July 5, 2020 by Dan Maloney 8 Comments

Remember all the hubbub over Betelgeuse back in February? For that matter, do you even remember February? If you do, you might recall that the red giant in Orion was steadily dimming, which some took as a portent of an impending supernova. That obviously didn’t happen, but we now seem to have an explanation for the periodic dimming: an enormous dark spot on the star. “Enormous” doesn’t begin to describe this thing, which covers 70% of the face of a star that would extend past Jupiter if it replaced the sun. The dimming was originally thought to be dust being blown off the star as it goes through its death throes, but no evidence could be found for that, while direct observations in the terahertz range showed what amounted to a reduction in surface temperature caused by the enormous star spot. We just think it’s incredibly cool that Betelgeuse is so big that we can actually observe it as a disk rather than a pinpoint of light. At least for now.

If you think you’ve seen some challenging user interfaces, wait till you get a load of the cockpit of an F-15C Eagle. As part of a new series on human interfaces, Ars Technica invited Col. Andrea Themely (USAF-ret.) to give a tour of the fighter she has over 1,100 hours on. Bearing in mind that the Eagle entered service in 1976 and has been continually updated with the latest avionics — compare the video with the steam gauges of the cockpit of an F-15A — its cockpit is still a pretty busy place. As much as possible has been done to reduce pilot load, with controls being grouped by function and the use of color-coding — don’t touch the yellow and black stuff! — and the use of tactile feedback. It’s a fascinating deep dive into a workplace that few of us ever get to see, and we’re looking forward to the rest of the series.

Sad news from Seattle, where the Living Computers: Museum + Labs is closing up shop. The announcement only says they’re closing “for now”, so there’s at least some hope that the museum will be back once the COVID-19 downturn has run its course. We hope they do bounce back; it really was a great museum with a lot of amazing hardware on display. The Vintage Computer Festival PNW was held there in its inaugural year, an event we covered and had high hopes for in the future. We hope for the best for these educational and cultural institutions, but we can’t help but fear a little for their future.

So you suffer a partial amputation of your left hand, leaving you with only your thumb and your palm. That raises an interesting conundrum: you haven’t lost enough to replace the hand with a prosthetic one, but you still don’t have any fingers. That appears to be what happened to Ian Davis, and so he built his own partial prosthetic to replace his fingers. There’s not much backstory on his YouTube channel, but from what we can gather he has gone through several designs, most of which are myomechanical rather than myoelectric. Through a series of complex linkages, he’s able to control not only the opening and closing of the fingers, but also to splay them apart. It’s all in the wrist, as it were — his input gestures all come from flexing and extending his hand relative to his forearm, where the prosthesis is anchored. This results in a pretty powerful grip — much stronger than a myoelectric hand in a head-to-head test. And the coolness factor of his work is just off the scale. We’re looking forward to more from Ian, and hopefully enough background information for a full story on what he has accomplished.

Hackaday Links: June 28, 2020

June 28, 2020 by Dan Maloney 8 Comments

You can imagine how stressful life is for high-power CEOs of billion-dollar companies in these trying times; one is tempted to shed a tear for them as they jet around the world and plan their next big move. But now someone has gone and upset the applecart by coming up with a way to track executive private jets as they travel across North America. This may sound trivial, but then you realize that hedge fund managers pay big money for the exact same data in order to get an idea of who is meeting with whom and possibly get an idea of upcoming mergers and acquisitions. It’s also not easy, as the elites go to great lengths to guard their privacy. Luckily, the OpenSky Network lists all ADS-B traffic its web of ground stations receives, unlike other flight monitoring sites which weed out “sensitive” traffic. Python programs scrape the OpenSky API and cross-reference plane registrations with the FAA database to see which company jets are doing what. There are plenty of trips to Aspen and Jackson Hole to filter out, but with everyone and his little brother fancying themselves a day trader lately, it’s another tool in the toolbox.

We got a nice note from Michelle Thompson this week thanking us for mentioning the GNU Radio Conference in last week’s Links article, and in particular for mentioning the virtual CTF challenge that they’re planning. It turns out that Michelle is deeply involved in designing the virtual CTF challenge, after having worked on the IRL challenges at previous conferences. She shared a few details of how the conference team made the decision to go forward with the virtual challenge, inspired in part by the success of the Hack-A-Sat qualifying rounds, which were also held remotely. It sounds like the GNU Radio CTF challenge will be pretty amazing, with IQ files being distributed to participants in lieu of actually setting up receivers. We wish Michelle and the other challenge coordinators the best of luck with the virtual con, and we really hope a Hackaday reader wins.

Amateur radio is often derided as a hobby, earning the epithet “Discord for Boomers” according to my son. There’s more than a grain of truth to that, but there are actually plenty of examples where a ham radio operator has been able to make a big difference in an emergency. Case in point is this story from the Western Massachusetts ARRL. Alden Jones (KC1JWR) was hiking along a section of the Appalachian Trail in southern Vermont last week when he suddenly got light-headed and collapsed. A passing hiker who happened to be an emergency medical technician rendered aid and attempt to contact 911 on his cell phone, but coverage was spotty and the dispatcher couldn’t hear him. So Alden, by this point feeling a little better, pulled out his handy talkie and made an emergency call to the local repeater. Luckily the Western Massachusetts Traffic Net was just about to start, so they went into emergency mode and coordinated the response. One of the hams even went to the rescue staging area and rigged up a quick antenna to improve the signal so that rescuers could finally get a helicopter to give Alden a ride to the hospital. He’s fine now, and hats off to everyone who pitched in on the eight-hour rescue effort.

And finally, there are obviously a lot of details to be worked out before anyone is going to set foot on the Moon again. We’ve got Top People™ working on all the big questions, of course, but apparently NASA needs a little help figuring out how and where the next men and first women on the Moon are going to do their business. The Lunar Loo Challenge seeks innovative designs for toilets that can be used in both microgravity and on the lunar surface. There is $35,000 in prize money for entrants in the Technical division; NASA is also accepting entries in a Junior division, which could prove to be highly entertaining.

Hackaday Links: June 21, 2020

June 21, 2020 by Dan Maloney 19 Comments

When Lego introduced its Mindstorms line in 1998, in a lot of ways it was like a gateway drug into the world of STEM, even though that term wouldn’t be invented for another couple of years. Children and the obsolete children who begat them drooled over the possibility of combining the Lego building system with motors, sensors, and a real computer that was far and away beyond anything that was available at the time. Mindstorms became hugely influential in the early maker scene and was slowly but steadily updated over the decades, culminating with the recently released Mindstorms Robot Inventor kit. In the thirteen years since the last release, a lot has changed in the market, and we Hackaday scribes had a discussion this week about the continued relevancy of Mindstorms in a time when cheap servos, microcontrollers, and a bewildering array of sensors can be had for pennies. We wonder what the readers think: is a kit that burns a $360 hole in your pocket still worth it? Sound off below.

Are you looking for a way to productively fill some spare time? Plenty of people are these days, and Hackaday has quite a deal for them: Hackaday U! This series of online courses will get you up to speed on a wide range of topics, starting tomorrow with Matthew Alt’s course on reverse engineering with Ghidra. Classes meet online once a week for four weeks, with virtual office hours to help you master the topic. Beside reverse engineering, you can learn about KiCad and FreeCad, quantum computing, real-time processing of audio and sensor data, and later in the year, basic circuit theory. We’ve got other courses lined up to fill out the year, but don’t wait — sign up now! Oh, and the best part? It’s on a pay-as-you-wish basis, with all proceeds going to charity. Get smarter, help others while doing it — what’s not to love about that?

Speaking of virtual learning, the GNU Radio Conference will be moving online for its 10th anniversary year. And while it’s good news that this and other cons have been able to retool and continue their mission of educating and growing this community, it’s still a bummer that there won’t be a chance to network and participate in all the fun events such cons offer. Or perhaps there will — it seems like the Wireless Capture the Flag (CTF) event is still going to happen. Billed as “an immersive plot-driven … competition featuring the GNU Radio framework and many other open-source tools, satellite communications, cryptography, and surreal global landscapes,” it certainly sounds like fun. We’d love to find out exactly how this CTF competition will work.

Everyone needs a way to unwind, and sometimes the best way to do that is to throw yourself into a project of such intricacy and delicate work that you’re forced into an almost meditative state by it. We’ve seen beautiful examples of that with the wonderful circuit sculptures of Mohit Bhoite and Jiří Praus, but here’s something that almost defies belief: a painstakingly detailed diorama of a vintage IBM data center. Created by the aptly named [minatua], each piece of this sculpture is a work of art in its own right and represents the “big iron” of the 1400 series of computers from the early 1960s. The level of detail is phenomenal — the green and white striped fanfold paper coming out of the 1403 line printer has tiny characters printed on it, and on the 729 tape drives, the reels spin and the lights flash. It’s incredible, all the more so because there don’t appear to be any 3D-printed parts — everything is scratch built from raw materials. Check it out.

As you can imagine, the Hackaday tip line attracts a fair number of ideas of the scientifically marginal variety. Although we’re not too fond of spammers, we try to be kind to everyone who bothers to send us a tip, but with a skeptical eye when terms like “free energy” come across. Still, we found this video touting to Nikola Tesla’s free energy secrets worth passing on. It’s just how we roll.

And finally, aside from being the first full day of summer, today is Father’s Day. We just want to say Happy Father’s Day to all the dads out there, both those that inspired and guided us as we were growing up, and those who are currently passing the torch to the next generation. It’s not easy to do sometimes, but tackling a project with a kid is immensely important work, and hats off to all the dads who make the time for it.