The Dark Side Of Package Repositories: Ownership Drama And Malware

At their core, package repositories sound like a dream: with a simple command one gains access to countless pieces of software, libraries and more to make using an operating system or developing software a snap. Yet the rather obvious flip side to this is that someone has to maintain all of these packages, and those who make use of the repository have to put their faith in that whatever their package manager fetches from the repository is what they intended to obtain.

How ownership of a package in such a repository is managed depends on the specific software repository, with the especially well-known JavaScript repository NPM having suffered regular PR disasters on account of it playing things loose and fast with package ownership. Quite recently an auto-transfer of ownership feature of NPM was quietly taken out back and erased after Andrew Sampson had a run-in with it painfully backfiring.

In short, who can tell when a package is truly ‘abandoned’, guarantee that a package is free from malware, and how does one begin to provide insurance against a package being pulled and half the internet collapsing along with it?

Continue reading “The Dark Side Of Package Repositories: Ownership Drama And Malware”

British Big Rigs Are About To Go Green

An increasing fact of life over the coming years will be the decarbonisation of our transport networks, for which a variety of competing solutions are being touted. Railways, trucks, cars, and planes will all be affected by this move away from fossil fuels, and while sectors such as passenger cars are making great strides towards electric drive, there remain some technical hurdles elsewhere such as with heavy road freight. To help inform the future of road transport policy in the UK then, the British government are financing a series of trials for transportation modes that don’t use internal combustion. These will include a battery-electric fleet for the National Health Service and a hydrogen-powered fleet in Scotland, as well as a trial of the same overhead-wire system previously given an outing in Germany, that will result in the electrification of a 12.4 mile section of the M180 motorway in Lincolnshire.

We’ve written about the overhead electrification project in Germany in the past and subjected it to a back-of-envelope calculation that suggested the total costs for a country such as the UK might be surprisingly affordable. The M180 is something of a backwater in the UK motorway network though, so it will be interesting to see how they approach the problem of finding real-world loads for their tests that ply such a short and isolated route. We’d expect the final picture to include all three technologies in some form, which can only be a good thing if it increases the available electric and hydrogen infrastructure. We’ll follow this story, though sadly we may not be able to blag a cab ride on the M180 in one of the trucks.

Black Starts: How The Grid Gets Restarted

Gripped as we are at the time of this writing by a historic heatwave, it’s hard for those of us in the western United States to picture a time when cold and ice reigned across the land. But really, it was only about four months back that another bit of freakish weather was visited across most of the country, including places ill-equipped to deal with the consequences. The now-fabled “February Freeze” left millions, mostly in Texas, scrabbling about in the dark and cold as a series of cascading engineering failures took apart their electrical grid, piece by piece, county by county.

The event has been much discussed and dissected, as an event with such far-reaching impact should be. Like much discussion these days, precious little of it is either informed or civil, and that’s not good news for those seeking to understand what happened and how to prevent it from happening again, or at least to mitigate the effects somewhat. Part of that is understandable, given the life-disrupting and often life-threatening situations the disaster forced people to suddenly face. It’s also difficult for people to discuss an event so widespread in its scope and impact — there’s just too much for anyone to wrap their head around.

To make the present discussion a little easier, we’ll be focusing on one aspect of the February grid crash that’s often bandied about but rarely explained: that the Texas grid was mere minutes away from collapsing completely, and that it would have taken weeks or months to restore had it been able to slip away. Is that really possible? Can the power grid just “go away” completely and suddenly? The answer, sadly, is yes, but thankfully a lot of thought has been put into not only preventing it from happening but also how to restart everything if it does happen, by performing what’s known as a “Black Start.”

Continue reading “Black Starts: How The Grid Gets Restarted”

SCADA Security Hack Chat

Join us on Wednesday, July 14 at noon Pacific for the SCADA Security Hack Chat with Éireann Leverett!

As a society, we’ve learned a lot of hard lessons over the last year and a half or so. But one of the strongest lessons we’ve faced is the true fragility of our infrastructure. The crumbling buildings and bridges and their tragic consequences are one thing, but along with attacks on the food and energy supply chains, it’s clear that our systems are at the most vulnerable as their complexity increases.

And boy are we good at making complex systems. In the United States alone, millions of miles of cables and pipelines stitch the country together from one coast to the other, much of it installed in remote and rugged places. Such far-flung systems require monitoring and control, which is the job of supervisory control and data acquisition, or SCADA, systems. These networks have grown along with the infrastructure, often in a somewhat ad hoc manner, and given their nature they can be tempting targets for threat actors.

Finding ways to secure such systems is very much on Éireann Leverett’s mind. As a Senior Risk Researcher at the University of Cambridge, he knows about the threats to our infrastructure and works to find ways to mitigate them. His book Solving Cyber Risk lays out a framework for protecting IT infrastructure in general. For this Hack Chat, Éireann will be addressing the special needs of SCADA systems, and how best to protect these networks. Drop by with your questions about infrastructure automation, mitigating cyber risks, and what it takes to protect the endless web of pipes and wires we all need to survive.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 14 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Gassing Up: Understanding The Liquid Fuel Distribution Network

When someone talks about “The Grid,” as in “dropping off the grid” or “the grid is down,” we tend to think in terms of the electromagnetic aspects of the infrastructure of modern life. The mind’s eye sees The Grid as the network of wires that moves electricity from power plants to homes and businesses, or the wires, optical cables, and wireless links that form the web of data lines that have stitched the world together informatically.

The Grid isn’t just about power and data, though. A huge portion of the infrastructure of the developed world is devoted to the simple but vital task of moving liquid fuels from one place to another as efficiently and safely as possible. This fuel distribution network, comprised of pipelines, railways, and tankers trucks, is very much part of The Grid, even if it goes largely unseen and unnoticed. At least until something major happens to shift attention to it, like the recent Colonial Pipeline cyberattack.

Continue reading “Gassing Up: Understanding The Liquid Fuel Distribution Network”

Solar And Wind Could Help Support Ethiopia’s Grand Dam Project

Ethiopia is in the midst of a major nation-building project, constructing the Grand Ethiopian Renaissance Dam (GERD). Upon completion, GERD will become the largest hydropower plant in Africa, providing much needed electricity for the country’s growing population.

The project dams the Blue Nile, a river which later flows into neighbouring Sudan, where it merges with the White Nile and then flows on to Egypt. Like all rivers that flow across political boundaries, concerns have been raised about the equitable management of the water resources to the benefit of those upstream and down. Too much water dammed upstream in GERD could have negative effects on Egyptian agriculture reliant on river flows, for example. Efforts are ongoing to find a peaceful solution that suits all parties. Recently, suggestions have been made to supplement the dam’s power output with solar and wind to minimise disruption to the river’s users.

Continue reading “Solar And Wind Could Help Support Ethiopia’s Grand Dam Project”

Hackaday Links Column Banner

Hackaday Links: March 28, 2021

If you thought the global shortage of computer chips couldn’t get any worse, apparently you weren’t counting on 2021 looking back at 2020 and saying, “Hold my beer.” As if an impacted world waterway and fab fires weren’t enough to squeeze supply chains, now we learn that water restrictions could potentially impact chip production in Taiwan. The subtropical island usually counts on three or four typhoons a year to replenish its reservoirs, but 2020 saw no major typhoons in the region. This has plunged Taiwan into its worst drought since the mid-1960s, with water-use restrictions being enacted. These include a 15% reduction of supply to industrial users as well as shutting off the water entirely to non-industrial users for up to two days a week. So far, the restrictions haven’t directly impacted chip and display manufacturers, mostly because their fabs are located outside the drought zone. But for an industry where a single fab can use millions of gallons of water a day, it’s clearly time to start considering what happens if the drought worsens.

Speaking of the confluence of climate and technology, everyone problem remembers the disastrous Texas cold snap from last month, especially those who had to endure the wrath of the unusually brutal conditions in person. One such victim of the storm is Grady, everyone’s favorite YouTube civil engineer, who recently released a very good post-mortem on the engineering causes for the massive blackouts experienced after the cold snap. In the immediate aftermath of the event, we found it difficult to get anything approaching in-depth coverage on its engineering aspects — our coverage excepted, naturally — as so much of what we found was laden with political baggage. Grady does a commendable job of sticking to the facts as he goes over the engineering roots of the disaster and unpacks all the complexity of the infrastructure failures we witnessed. We really enjoyed his insights, and we wish him and all our friends in Texas the best of luck as they recover.

If you’re into the demoscene, chances are pretty good that you already know about the upcoming Revision 2021, the year’s big demoscene party. Like last year’s Revision, this will be a virtual gathering, but it seems like we’re all getting pretty used to that by now. The event is next weekend, so if you’ve got a cool demo, head over and register. Virtual or not, the bar was set pretty high last year, so there should be some interesting demos that come out of this year’s party.

Many of us suffer from the “good enough, move on” mode of project management, leaving our benches littered with breadboarded circuits that got far enough along to bore the hell out of us make a minimally useful contribution to the overall build. That’s why we love it when we get the chance to follow up on a build that has broken from that mode and progressed past the point where it originally caught our attention. A great example is Frank Olsen’s all-wood ribbon microphone. Of course, with magnets and an aluminum foil ribbon element needed, it wasn’t 100% wood, but it still was an interesting build when we first spied it, if a bit incomplete looking. Frank has fixed that in grand style by continuing the wood-construction theme that completes this all-wood replica of the iconic RCA Model 44 microphone. It looks fabulous and sounds fantastic; we can’t help but wonder how many times Frank glued his fingers together with all that CA adhesive, though.

Continue reading “Hackaday Links: March 28, 2021”