[Nop head] discovered that cheap multimeter leads costing only a few bucks can come with more than one may have bargained for. The first set had a large amount of useful-looking attachments, but the wires used for the leads were steel with a resistance of about one ohm each. With two leads in use, that means any resistance measurement gets two ohms added for free. More seriously, when measuring current, the wires can heat up rapidly. Voltage measurements would be affected the least, but the attachments and lead design expose a large amount of bare metal, which invites accidental shorts and can be a safety hazard with higher voltages.
Are all cheap multimeter leads similarly useless? Not necessarily. [nop head] also purchased the set pictured here. It has no attachments, but was a much better design and had a resistance of only 64 milliohms. Not great, but certainly serviceable and clearly a much better value than the other set.
It’s usually not possible to identify garbage before it’s purchased, but [nop head] reminds us that if you do end up with trash in hand, poor quality counterfeits can be good for a refund. That goes for electronic components, too.
Here’s something really wonderful. [Dave Akerman] wrote up the results of his attempt to use a high-altitude balloon to try to re-create a famous image of NASA’s Bruce McCandless floating freely in space with the Earth in the background. [Dave] did this in celebration of the 34th anniversary of the first untethered spacewalk, even going so far as to launch on the same day as the original event in 1984. He had excellent results, with plenty of video and images recorded by his payload.
Adhering to the actual day of the spacewalk wasn’t the only hurdle [Dave] jumped to make this happen. He tracked down an old and rare “Astronaut with MMU” (Mobile Maneuvering Unit) plastic model kit made by Revell USA and proceeded to build it and arrange for it to remain in view of the cameras. Raspberry Pi Zero Ws with cameras, LoRA hardware, action cameras, and a UBlox GPS unit all make an appearance in the balloon’s payload.
Sadly, [Bruce McCandless] passed away in late 2017, but this project is a wonderful reminder of that first untethered spacewalk. Details on the build and the payload, as well as the tracking system, are covered here on [Dave]’s blog. Videos of the launch and the inevitable balloon burst are embedded below, but more is available in the summary write-up.
The year so far has been filled with news of Spectre and Meltdown. These exploits take advantage of features like speculative execution, and memory access timing. What they have in common is the fact that all modern processors use cache to access memory faster. We’ve all heard of cache, but what exactly is it, and how does it allow our computers to run faster?
In the simplest terms, cache is a fast memory. Computers have two storage systems: primary storage (RAM) and secondary storage (Hard Disk, SSD). From the processor’s point of view, loading data or instructions from RAM is slow — the CPU has to wait and do nothing for 100 cycles or more while the data is loaded. Loading from disk is even slower; millions of cycles are wasted. Cache is a small amount of very fast memory which is used to hold commonly accessed data and instructions. This means the processor only has to wait for the cache to be loaded once. After that, the data is accessible with no waiting.
A common (though aging) analogy for cache uses books to represent data: If you needed a specific book to look up an important piece of information, you would first check the books on your desk (cache memory). If your book isn’t there, you’d then go to the books on your shelves (RAM). If that search turned up empty, you’d head over to the local library (Hard Drive) and check out the book. Once back home, you would keep the book on your desk for quick reference — not immediately return it to the library shelves. This is how cache reading works.
Address Space Layout Randomization or ASLR is an important defense mechanism that can mitigate known and, most importantly, unknown security flaws. ASLR makes it harder for a malicious program to compromise a system by, as the name implies, randomizing the process addresses when the main program is launched. This means that it is unlikely to reliably jump to a particular exploited function in memory or some piece of shellcode planted by an attacker.
ASLR have been broken before in some particular scenarios but this new attack highlights a more profound problem. Since it exploits the way that the memory management unit (MMU) of modern processors uses the cache hierarchy of the processor in order to improve the performance of page table walks, this means that the flaw is in the hardware itself, not the software that is running. There are some steps that the software vendors can take to try to mitigate this issue but a full and proper fix will mean replacing or upgrading hardware itself.
In their paper, researchers reached a dramatic conclusion: