Just What Have We Become?

The world of open source software is one that often sees disputes between developers, some of which spawn lifelong schisms between devotees of different forks, and others mere storms in a teacup that are settled over a few beers. There are a couple of stories of late though that seem to show the worst in the online world, and which all of us should take a moment to think about.

Many of you may have heard two weeks ago of the passing of [near], the software developer and game translator whose bsnes emulator for the Super Nintendo was the go-to platform for retro Nintendo enthusiasts intent on the pursuit of the closest possible match to the original without possessing real Nintendo hardware. The details of their passing are particularly distressing, in that they committed suicide after numerous attacks over several years from users of Kiwi Farms, a website notorious for the worst kinds of trolling.

Hot on the heels of that distressing story comes news that [Cookie Engineer] is stepping down as maintainer of the project that’s now called Tenacity, a fork of the popular but now-controversial Audacity audio editor. They are doing so after being targeted by users of 4chan, the most well-known of online trolling websites, following an ill-advised Simpsons joke in a naming poll for the software. [Cookie Engineer] alleges that the harassers knocked on doors and windows where they live and a real-world knife attack followed.

Nobody deserves to be hounded to death, to suffer the sort of sustained harassment that [near] encountered, or to be confronted with knife-wielding strangers merely because they have stuck their head above the parapet as an open-source developer. There are no excuses to be made, no justifications for this.

All of us who read Hackaday are likely to be regular users of open-source software, many of us will have used bsnes and may yet use Tenacity, but we probably rarely stop for a moment to think of the real people behind them. Countless hours from innumerable highly-skilled people are what makes the open-source world tick, and aside from the immeasurable sadness of suicide or the horror of a knife attack there can only be harm done to open source software as a whole if to be a prominent developer or maintainer is to expose yourself to this.

The Internet will always have raucous communities at its margins and that’s something which still contributes to its unique culture, but when it jumps off the webpage and into damaging real people then perhaps it has become a monster. As a community we can do so much better, and we shouldn’t be prepared to accept anybody who thinks otherwise among our ranks.

We’d like to remind our readers that help exists for those who have reached the point of considering suicide, and that should you suffer from mental health problems you are not alone in this. Everybody, take care of yourselves, and keep an eye out for each other.

John McAfee’s Wild Ride Is Over

John McAfee, the founder of McAfee Associates and pioneer in the antivirus field, was found dead today, June 23, 2021, of an apparent suicide in a Barcelona prison cell.

Born in 1945, the term “colorful” doesn’t begin to describe the life of McAfee. His entree into the nascent computer industry began with a degree in mathematics, followed by choice assignments at places like Xerox PARC, NASA, Univac, Booz Allen Hamilton, and Lockheed. He built up an impressive resume of programming skills until serendipity struck, in the form of one of the earliest computer viruses: the Brain virus. First found in the mid-1980s, Brain infected the boot sector of floppy disks and was originally intended as a somewhat heavy-handed form of copy protection by its authors. The virus rubbed McAfee the wrong way, and he threw himself into writing software to protect PCs from such infections. These were the roots of McAfee Associates, which opened its doors in 1987.

Continue reading “John McAfee’s Wild Ride Is Over”

Revealing Capcom’s Custom Silicon Security

Ask any security professional and they’ll tell you, when an attacker has hardware access it’s game over. You would think this easily applies to arcade games too — the very nature of placing the hardware in the wild means you’ve let all your secrets out. Capcom is the exception to this scenario. They developed their arcade boards to die with their secrets through a “suicide” system. All these decades later we’re beginning to get a clear look at the custom silicon that went into Capcom’s coin-op security.

Alas, this is a “part 1” article and like petulant children, we want all of our presents right now! But have patience, [Eduardo Cruz] over at ArcadeHacker is the storyteller you want to listen to on this topic. He is part of the team that figured out how to “de-suicide” the CP2 protections on old arcade games. We learned of that process last September when the guide was put out. [Eduardo] is now going through all the amazing things they learned while figuring out that process.

These machines — which had numerous titles like Super Street Fighter II and Marvel vs. Capcom — used battery-backed ram to store an encryption key. If someone tampered with the system the key would be lost and the code stored within undecipherable thanks to “two four-round Feistel ciphers with a 64-bit key”. The other scenario is that battery’s shelf life simply expires and the code is also lost. This was the real motivation behind the desuicide project.

An overview of the hardware shows that Capcom employed at least 11 types of custom silicon. As the board revisions became more eloquent, the number of chips dropped, but they continued to employ the trick of supplying each with battery power, hiding the actual location of the encryption key, and even the 68000 processor core itself. There is a 6-pin header that also suicides the boards; this has been a head-scratcher for those doing the reverse engineering. We assume it’s for an optional case-switch, a digital way to ensure you void the warranty for looking under the hood.

Thanks for walking us through this hardware [Eduardo], we can’t wait for the next installment in the series!

How-to: Make A Mains Crossover Cable

Update: This How-To was written for April Fools’ Day. It is not advised  you attempt to make or even use this cable. The comments have made it very clear how dangerous to you and others using this cable can be. The image above is not of a full male-to-male cable, only the ground is connected, and the generator is not running.

We all know Ethernet has the crossover cable, cars have jumper cables, and RS232 has the null modem. Well, it is about time our wall sockets get their own crossover cable. This crossover cable is great for running power to a circuit disconnected from power. Maybe you are out of fuses, the breaker is broken or you just don’t want to go check the fuse box when there is a murderer about. This cable makes a great gift for even the most loathsome of acquaintances. Continue reading “How-to: Make A Mains Crossover Cable”

Lori Drew Not Guilty Of Felony Computer Hacking

Today, a Los Angeles jury acquitted [Lori Drew] of three felony computer hacking charges. She was convicted of three misdemeanor counts for accessing a computer without authorization. The 49-year-old Missouri resident posed as a teenage boy on MySpace and harassed her daughter’s estranged friend [Megan Meier], who then committed suicide. The case came to our attention in May because of it’s unorthodox use of the federal Computer Fraud and Abuse Act. Prosecutors charged that by violating MySpace’s Terms of Service, [Drew] had gained unlawful access to their computers for the purpose of harming others, an equivalent to computer hacking. While an interesting approach to cyberbullying, it would set a very dangerous precedent for anyone that had violated a TOS before (all of us). The case broke when [Drew]’s employee [Ashley Grills] testified that no one involved had read the TOS, that the hoax was all her idea, and that she sent the final message to [Meier].