Latest Article

Avengers: Endgame review — Marvel's ultimate love letter to fans tops Infinity War – CNET April 25, 2019

Spoiler free: The Russos’ wholly satisfying superhero epic, a sequel to every MCU movie ever, doesn’t waste a second. Avengers: Endgame review — Marvel's ultimate love letter to fans tops Infinity War – CNET Source: CNet

Loading images...

Queen guitarist Brian May writes song for historic NASA flyby – CNET

Don’t stop him now! The rock star, who also happens to be an astrophysicist, will be on hand at NASA headquarters as his song marks the space milestone. Queen guitarist Brian May writes song for historic NASA flyby – CNET
Source: CNet

Source: Netflix to hire Activision Blizzard's Spencer Neumann as its new CFO starting in early 2019; Activision said it intended to fire Neumann in a filing (Kenneth Li/Reuters)


Kenneth Li / Reuters:

Source: Netflix to hire Activision Blizzard’s Spencer Neumann as its new CFO starting in early 2019; Activision said it intended to fire Neumann in a filing  —  (Reuters) – Netflix Inc is expected to announce in the next few days that it has poached media finance veteran Spencer Neumann …

Source: Netflix to hire Activision Blizzard's Spencer Neumann as its new CFO starting in early 2019; Activision said it intended to fire Neumann in a filing (Kenneth Li/Reuters)
Source: Tech Meme

Aquaman director James Wan: Stop harassing people who hate the movie – CNET

“Be respectful,” the Aquaman director tells crabby fans. Aquaman director James Wan: Stop harassing people who hate the movie – CNET
Source: CNet

Hacking a 20 Year Old Subaru

While cars are slowing becoming completely computer-controlled, road vehicles have been relying on computers since the 1970’s. The first automotive use of computers was in engine control units (ECUs) which came along as fuel injection systems started to replace carburetors.

[P1kachu]’s 1997 Subaru Impreza STi, like most cars of this vintage, uses an ECU and provides a diagnostic connector for external communications. [P1kachu]’s Subaru hacking project includes building a diagnostic interface device, dumping the ECU’s firmware, and reverse engineering the binary to understand and disable the speed limiter. If this looks familiar, it’s because we just covered the infotainment hacks in this car on Saturday. But he added information about the communications protocols is definitely worth another look.

This era of Subaru uses a non-standard diagnostics protocol called SSM1, which is essentially a 5 volt TTL serial line running at 1953 bits per second. The custom interface consists of a Teensy and a 3.3V to 5V level shifter. Once connected, commands can be sent directly to the ECU. Fortunately, the protocol has been quite well documented in the past. By issuing the “Read data from ECU address” command repeatedly, the full firmware can be dumped.

[P1kachu] goes on to locate the various engine tuning maps and discover the inner workings of the speed limiter. With cars getting more computerized, it’s nice to see folks are still able to tune their rides, even if it means using Teensys instead of wrenches.

Hacking a 20 Year Old Subaru
Source: HackADay

All photos uploaded to Twinning, Popsugar's tool to match a user's photo with a celebrity's, were accessible from a public AWS storage bucket that is now locked (Zack Whittaker/TechCrunch)


Zack Whittaker / TechCrunch:

All photos uploaded to Twinning, Popsugar’s tool to match a user’s photo with a celebrity’s, were accessible from a public AWS storage bucket that is now locked  —  I thought the worst thing about Popsugar’s Twinning tool was that it matched me with James Corden.

All photos uploaded to Twinning, Popsugar's tool to match a user's photo with a celebrity's, were accessible from a public AWS storage bucket that is now locked (Zack Whittaker/TechCrunch)
Source: Tech Meme

Tech trends for 2019: foldable phones, 5G, cashierless retail, privacy legislation, autonomous delivery wagons, IoT edge computing, and more (Wall Street Journal)


Wall Street Journal:

Tech trends for 2019: foldable phones, 5G, cashierless retail, privacy legislation, autonomous delivery wagons, IoT edge computing, and more  —  From delivery wagons and foldable phones to privacy crackdowns and corporate health tracking, the coming year will make good on some of the tech industry’s biggest promises

Tech trends for 2019: foldable phones, 5G, cashierless retail, privacy legislation, autonomous delivery wagons, IoT edge computing, and more (Wall Street Journal)
Source: Tech Meme

NASA New Horizons zooms toward Ultima Thule as historic flyby nears – CNET

The spacecraft is hurtling toward the mysterious space rock, the most distant world ever explored. Watch NASA’s live stream here. NASA New Horizons zooms toward Ultima Thule as historic flyby nears – CNET
Source: CNet

Here’s why calendars look the way they do


What is the first image you visualize in your head when you think about a calendar? Probably a table with numbers arranged in seven columns and five rows (or six row depending on day one) to display the full month ahead. We use it every day, whether on your phone or on your wall. Same design no matter the medium, the same format has moved from posters to digital apps without any alteration. We are surrounded by objects that have history, sometimes that span centuries, and we completely ignore it. Anytime I encounter design patterns that are so well embedded…

This story continues at The Next Web

Here’s why calendars look the way they do
Source: The Next Web

In Screening for Suicide Risk, Facebook Takes On Tricky Public Health Role

Some doctors warn that Facebook is becoming an arbiter of users’ mental distress without proving that its efforts are accurate, effective or safe. In Screening for Suicide Risk, Facebook Takes On Tricky Public Health Role
Source: NY Times Tech

35C3: Safe And Secure Drivers In High-Level Languages

Writing device drivers is always a good start for a journey into the Linux kernel code. Of course, the kernel is a highly complex piece of software, and if you mess up your code properly, you might take down the entire system with you. User-space drivers on the other hand might not look as good on your CV, but they can help to work around some of the dangers and complexity of the kernel space. Plus, you don’t necessarily have to limit yourself to C to write them, especially if you are concerned about the usual C pitfalls and the security issues they can lead to.

With that in mind, [Paul Emmerich] is researching the concept of Linux user-space drivers for Intel’s 10Gbit network cards using other high-level languages, and recruits his students to write their final theses about the implementation details of as many languages as possible.

At last year’s 34c3, [Paul] already demonstrated the basics of writing such a user-space network driver for Linux, which serves now as reference implementation for his students. We won’t see Bash or JavaScript here, but we will see a brief summary of what it generally means to develop user-space drivers in C#, Swift, OCaml, or Haskell, along a more detailed insight from [Sebastian Voit] and [Simon Ellmann] about Go and Rust. A collection of each language’s implementation can be found on GitHub.

Since some of these languages bring their own memory handling and perform unpredictable garbage collection, performance and latency are two big topics to cover here. But then, the general concept is language-independent, so even if nothing in the world could ever make you give up on C, you might at least take away some new ideas for driver development.

35C3: Safe And Secure Drivers In High-Level Languages
Source: HackADay

Screenshots suggest Google is testing group calling and a low light mode in its Duo video chat app for Android (Scott Scrivens/Android Police)


Scott Scrivens / Android Police:

Screenshots suggest Google is testing group calling and a low light mode in its Duo video chat app for Android  —  Group calling and a low light mode in Google Duo have been rumored for some time, but we now have our first glimpse of the features in action.

Screenshots suggest Google is testing group calling and a low light mode in its Duo video chat app for Android (Scott Scrivens/Android Police)
Source: Tech Meme

With Drone Deliveries on the Horizon, Europe Moves to Set Ground Rules

A former military airfield in Belgium will be used to test technology and help regulators set rules for delivery by unmanned flying devices. With Drone Deliveries on the Horizon, Europe Moves to Set Ground Rules
Source: NY Times Tech

Parents are often shocked by inappropriate videos on TikTok, a major hit with teens that Sensor Tower says was the most downloaded app on iOS in H1 2018 (Agence France-Presse)


Agence France-Presse:

Parents are often shocked by inappropriate videos on TikTok, a major hit with teens that Sensor Tower says was the most downloaded app on iOS in H1 2018  —  TikTok’s video-sharing app was the most downloaded on Apple’s App Store in the first half of 2018, beating out Facebook, Instgram and Snapchat

Parents are often shocked by inappropriate videos on TikTok, a major hit with teens that Sensor Tower says was the most downloaded app on iOS in H1 2018 (Agence France-Presse)
Source: Tech Meme

Firm Led by Google Veterans Uses A.I. to ‘Nudge’ Workers Toward Happiness

Humu, a Silicon Valley start-up, applies data-driven lessons in human resources to the goal of improving employee satisfaction. Firm Led by Google Veterans Uses A.I. to ‘Nudge’ Workers Toward Happiness
Source: NY Times Tech

FCC may be forced to suspend most operations this week – CNET

Partial federal government shutdown to blame. FCC may be forced to suspend most operations this week – CNET
Source: CNet

Best streaming movies of 2018: The lazy moviegoer's guide – CNET

Those trailers looked so enticing, but if you never made it out to the cineplex, here’s your home list. Best streaming movies of 2018: The lazy moviegoer's guide – CNET
Source: CNet

The NYPD planned to use drones during Times Square New Year’s Eve celebration. Then it started raining.

This year — for the first time in the New York Police Department’s history — officials will have a camera-equipped, remote-controlled quadcopter on hand to watch over the thousands in Times Square. The NYPD planned to use drones during Times Square New Year’s Eve celebration. Then it started raining.
Source: Washington Post Tech

Since Waymo started testing driverless vans in Chandler, AZ in 2017, nearly two dozen attacks have been made on them including slashed tires and thrown rocks (Simon Romero/New York Times)


Simon Romero / New York Times:

Since Waymo started testing driverless vans in Chandler, AZ in 2017, nearly two dozen attacks have been made on them including slashed tires and thrown rocks  —  CHANDLER, Ariz. — The assailant slipped out of a park around noon one day in October, zeroing in on his target …

Since Waymo started testing driverless vans in Chandler, AZ in 2017, nearly two dozen attacks have been made on them including slashed tires and thrown rocks (Simon Romero/New York Times)
Source: Tech Meme

35C3: A Deep Dive into DOS Viruses and Pranks

Oh, the hijinks that the early days of the PC revolution allowed. Back in the days when a 20MB hard drive was a big deal and MS-DOS 3.1 ruled over every plain beige PC-clone cobbled together by enthusiasts like myself, it was great fun to “set up” someone else’s machine to do something unexpected. This generally amounted to finding an unattended PC — the rooms of the residence hall where I lived in my undergrad days were a target-rich environment in this regard — and throwing something annoying in the AUTOEXEC.BAT file. Hilarity ensued when the mark next booted the machine and was greeted with something like an inverted display or a faked hard drive formatting. Control-G was good to me too.

So it was with a sense of great nostalgia that I watched [Ben Cartwright-Cox]’s recent 35C3 talk on the anatomy and physiology of viruses from the DOS days. Fair warning to the seasoned reader that a sense of temporal distortion is inevitable while watching someone who was born almost a decade after the last meaningful release of MS-DOS discuss its inner workings with such ease. After a great overview of the DOS API elements that were key to getting anything done back then, malware or regular programs alike, he dives into his efforts to mine an archive of old DOS viruses, the payloads of most of which were harmless pranks. He built some tools to find viruses that triggered based on the system date, and used an x86 emulator he designed to test every day between 1980 and 2005. He found about 10,000 malware samples and explored their payloads, everything from well-wishes for the New Year to a bizarre foreshadowing of the Navy Seal Copypasta meme.

We found [Ben]’s talk a real treat, and it’s good to see someone from the current generation take such a deep dive into the ways many of us cut our teeth in the computing world.

35C3: A Deep Dive into DOS Viruses and Pranks
Source: HackADay

Teen scientist checks for alien lasers around famously weird star – CNET

A high school junior dug deep into the data on a mysteriously dimming star to search for evidence of a highly advanced civilization. Teen scientist checks for alien lasers around famously weird star – CNET
Source: CNet

What we still don’t know about the cyberattack on Tribune newspapers

Tribune did not say whether the hackers may have ties to a foreign government, how they infiltrated the company’s network, or what their motives may be. What we still don’t know about the cyberattack on Tribune newspapers
Source: Washington Post Tech

Chinese online brokerage Futu Securities files for a US IPO, seeking to raise up to $300M, and says it had $92M in revenue for year ending September 2018 (NASDAQ.com)


NASDAQ.com:

Chinese online brokerage Futu Securities files for a US IPO, seeking to raise up to $300M, and says it had $92M in revenue for year ending September 2018  —  Futu Holdings, the largest China-based online broker age, filed on Friday with the SEC to raise up to $300 million in an initial public offering.

Chinese online brokerage Futu Securities files for a US IPO, seeking to raise up to 0M, and says it had M in revenue for year ending September 2018 (NASDAQ.com)
Source: Tech Meme

The Art of Vacuum Tube Fabrication

Vacuum tubes fueled a technological revolution. They made the amplification of signals a reality for transatlantic telephone cables (and transcontinental ones too), they performed logic for early computers, and they delivered that warm fuzzy sound for high fidelity audio. But they were labor intensive to produce, and fragile, so semiconductors came along and replaced tubes in almost every application. But of course tubes are still with us and some tube applications are still critical — you’ll find them used in high-power RF and there are even satellites that depend on klystrons. So there are still experts in tube fabrication around, and Charles Alexanian is one of them. His newly-published talk at the 2018 Hackaday Supercon (found below) is a whirlwind tour of what goes into building a vacuum tube.

The process of building your own vacuum tube isn’t hard, but it’s not a walk in the park. The difficulty comes in the sheer number of processes, and the tricks of the trade found at every step. Charles’ methaphor is that if you build one tube at a time each step is like learning to ride a bicycle again, but if you build many you get into the swing of it and things go a lot better. His talk is a brief overview of everything, but if you want to drill down he also wrote an excellent article that goes further in depth.

In the working components of each tube are the precision parts: the grid (or grids). For the tube to function well these must be accurately produced which can be done with photolithography, but Charles usually uses a winding process involving a lathe. After winding, the grid is stretched to straighten the nickel wire, then cut to length. Other components such as the plate are stamped using an arbor press and simple forms he fabricates for the purpose.


Tube being tested for leaks

Two glass components are used, the dome itself, and feedthrough stems that have a wire for each lead passing through a glass disc. The components are spot welded to the inside portion of the feedthrough stem, then the glass is fused together, again using a lathe. It heads over to a pumping station to evacuate the air from the tube, and is finally tested for leaks using a handheld Tesla coil (see, we knew those weren’t just toys).

Charles proposed his Supercon appearance as a chance to fabricate tubes on-site. We loved the idea, but the amount of gear needed is somewhat prohibitive (annealing ovens, vacuum cabinets, torches for sealing, and the need for 220v, plus space for it all). That’s too bad since we were really hoping to see the Jolly Wrencher in Nixie-tube form — incidentally, Charles says Nixes are simple to make compared to amplifiers and switches. He also mentions that the majority of your time is spent “washing” parts to remove impurities. Fair enough, that part sounds boring, but we hope to endure it at some point in the future because vacuum tube fabrication demos feel very much like a Hackaday event!

The Art of Vacuum Tube Fabrication
Source: HackADay

Intercontinental Exchange subsidiary Bakkt raises $182.5M to build its cryptocurrency exchange; sources: regulatory hurdles delay its plans for bitcoin futures (Frank Chaparro/The Block)


Frank Chaparro / The Block:

Intercontinental Exchange subsidiary Bakkt raises $182.5M to build its cryptocurrency exchange; sources: regulatory hurdles delay its plans for bitcoin futures  —  Bakkt, the cryptocurrency venture by Intercontinental Exchange, has scored $182.5 million to build out its platform aimed …

Intercontinental Exchange subsidiary Bakkt raises 2.5M to build its cryptocurrency exchange; sources: regulatory hurdles delay its plans for bitcoin futures (Frank Chaparro/The Block)
Source: Tech Meme

5G Is Coming Next Year. Here’s What You Need to Know.

The transition to new fifth-generation cellular networks, known as 5G, will affect how you use smartphones and many other devices. Let’s talk about the essentials. 5G Is Coming Next Year. Here’s What You Need to Know.
Source: NY Times Tech

NASA New Horizons to photograph Ultima Thule in historic New Year's flyby – CNET

As 2019 nears, the New Horizons spacecraft is zooming toward mysterious space rock Ultima Thule on a historic flyby. NASA New Horizons to photograph Ultima Thule in historic New Year's flyby – CNET
Source: CNet

China-owned spacecraft maker CASIC launches first of 156 satellites intended to provide internet service by 2022 to rural China and then to developing countries (Echo Huang/Quartz)


Echo Huang / Quartz:

China-owned spacecraft maker CASIC launches first of 156 satellites intended to provide internet service by 2022 to rural China and then to developing countries  —  Over the weekend, China launched a satellite into low-earth orbit, the first step of a plan to provide global satellite internet …

China-owned spacecraft maker CASIC launches first of 156 satellites intended to provide internet service by 2022 to rural China and then to developing countries (Echo Huang/Quartz)
Source: Tech Meme

Scarlett Johansson on fake AI-generated sex videos: ‘Nothing can stop someone from cutting and pasting my image’

Johansson, one of the world’s highest-paid actresses, spoke to The Washington Post in an exclusive interview: “The Internet is just another place where sex sells and vulnerable people are preyed upon.” Scarlett Johansson on fake AI-generated sex videos: ‘Nothing can stop someone from cutting and pasting my image’
Source: Washington Post Tech

Why Do You Love a L.O.L. Surprise?

The hottest toy of the year was a glittering, baby-pink plastic suitcase that we buy without knowing what’s inside. Why Do You Love a L.O.L. Surprise?
Source: NY Times Tech

Ryan Reynolds shares a behind-the-scenes peek at Detective Pikachu – CNET

Get a closer look at the main character in the upcoming live-action Pokemon movie. Ryan Reynolds shares a behind-the-scenes peek at Detective Pikachu – CNET
Source: CNet

How deepfakes, AI-generated videos that graft a person's face onto another's body, have been weaponized to harass and humiliate their subjects, mostly women (Drew Harwell/Washington Post)


Drew Harwell / Washington Post:

How deepfakes, AI-generated videos that graft a person’s face onto another’s body, have been weaponized to harass and humiliate their subjects, mostly women  —  “Deepfake” creators are making disturbingly realistic, computer-generated videos with photos taken from the Web, and ordinary women are suffering the damage.

How deepfakes, AI-generated videos that graft a person's face onto another's body, have been weaponized to harass and humiliate their subjects, mostly women (Drew Harwell/Washington Post)
Source: Tech Meme

Cybersecurity and Insurance

Insurance is a funny business. Life insurance, for example, is essentially betting someone you will die before your time. With the recent focus on companies getting hacked, it isn’t surprising that cybersecurity insurance is now big business. Get hacked and get paid. Maybe.

The reason I say maybe is because of the recent court battle between Zurich and Mondelez. Never heard of them? Zurich is a big insurance company and Mondelez owns brands like Nabisco, Oreo, and Trident chewing gum, among others.

It all started with the NotPetya ransomware attack in June of 2017. Mondelez is claiming it lost over $100 million dollars because of the incident. But no problem! They have insurance. If they can get the claim paid by Zurich, that is. Let’s dig in and try to see how this will all shake out.

That’s a Lot of Money

By anyone’s standards, $100 million is a pretty big wad of cash. Apparently, Mondelez uses Windows-based software for shipping and order fulfillment. By adding up property damage (lost hard drives, perhaps), supply and distribution disruption, customer order loss they came up with the $100 million figure.

You might argue if that number is really accurate. Hard drives could be reformatted, but then again that takes time so in the age of $80 hard drives, does that really make sense? If a supermarket got Oreos a week late, was that really more than an inconvenience? Were there penalties in their contracts with the customers or are they assuming that a huge number of store-brand cookies were sold when the Oreos ran out? We don’t know.

However, even if you deflated the estimate by an order of magnitude, you are still talking about a $10 million dollar loss. Not small change. Having lived through some major cyberattacks, I can tell you just the time spent in meetings between IT, executives, and lawyers can add up pretty quickly.

Loophole

As you can probably guess, Zurich isn’t wanting to pay the claim. Insurance companies have a reputation for being happier to take your payments than they are paying your claim, and things like this are why. On the other hand, insurance companies have a fiduciary responsibility to their other customers and their shareholders to not pay out any more than they have to, and we get that too. So other than the “We didn’t know you’d ask for $100 million dollars!” defense, how can Zurich not pay if they agreed to underwrite Mondelez against cyberattacks?

Many insurance policies have a clause in them that excludes things like acts of God and acts of war. Well, the technical term is “force majeure” but it covers things like earthquakes and other natural disasters. The theory is if a tornado comes and destroys 100s of cars it would be a burden on the insurance company to replace them all, so they’d have to charge you more. Since you don’t think that’s likely, you’ll take the force majeure exclusion and save a bit.

If you have a homeowner’s policy, you probably don’t want a force majeure exclusion. However, in the United States, you have to get an exclusion for flooding — the flood insurance is available through the government. In some areas prone to things like hurricanes, that will also be excluded and you’ll have to get a separate policy (usually issued by the local government) to cover that.

The act of war is a bit trickier. The logic is the same. If an army marches through your town and burns everything to the ground — or a nuke does the job remotely — the company would be on the hook for so much that they would have to raise premiums quite a bit. In the United States, though, the chances of that seem so slim that no one usually minds. If a nuke hits your house, you probably aren’t going to care anymore anyway.

State Sponsored

As usual, though, trying to apply old ideas to new technology causes problems. If a guy runs a truck into your house, that’s usually very clear it wasn’t an act of war. Of course, if that guy was a member of the Ejército Nacional de la República Bolivariana de Venezuela (that is, the Venezuelan army) and he’s just visiting his brother in your town, the insurance company could try to claim it was covered under the act of war exclusion, although we would bet you could win that easily in court, so they probably wouldn’t.

According to media reports, the exact language in the insurance policy covers “hostile or warlike action in time of peace or war” and includes any agent of any government (including a de facto government) or military force. So while the Captain on vacation driving his truck into your house is probably going to pay out, if the National Guard accidentally sends an RPG into your camper, you’ll have to take that up with them.

The problem is, in a world where the battlefield is the Internet, how does this apply. There is a lot of evidence that NotPetya was state-sponsored by Russia and targeted Ukraine. The fact that it spread globally may even have been a mistake. Russia, of course, denies this.

Lesson Learned

Not being a lawyer or an insurance expert, this whole thing made me think. If you are buying cybersecurity insurance, maybe you don’t want an act of war exclusion. That’s going to drive up costs, but nearly any widespread cyberattack from another country could be argued as an act of war. Especially since in so many cases, these acts are perpetrated by persons unknown. Did the Russians create NotPetya? Did they deploy it? Did they hire some hacker group to do it for them? Does that matter? What if a hacker did it and then says they were paid by some government? How would you ever prove one way or the other?

Or do you take the money you’d pay for insurance and pour it into better defenses? That would make sense except for one thing. In the modern world, the weakest part of your defense is usually people. People fall for phishing schemes. People write down passwords on sticky notes. People send their passwords in plain e-mails and use 1234 as PIN numbers. All the technical measures in the world won’t solve stupid. So while you can minimize problems, you can’t get to zero cyber incidents any more than you can get to zero car accidents as long as you let people drive cars.

Still, it makes you wonder why you would accept an act of war exclusion in a policy like this. Regardless of the actual cause of NotPetya, it is certainly easy to imagine a government launching a cyberattack. In fact, given the level of sophistication it takes to launch a major attack, it is almost more likely to be state-sponsored.

New Frontiers

While this is a hack in the sense that many people use the word, it isn’t one in our lexicon. However, Hackaday readers tend to be sources of technical information for their families, friends, and communities. We’ve seen how technology has impacted laws and customs over the years ranging from intellectual property to expectations of privacy.

One test I like to apply is what would happen if you took the tech aspect out of it. After all, there is no new cybercrime. Just old fashioned crime on the Internet. People have impersonated other people, run confidence games, and held things for ransom for centuries. It is just faster and easier on the Internet.

I’m not sure what the final answer is, at least not with the Internet the way it is today. However, I am willing to bet that whatever happens, some of our kind of hackers will be involved in the solution.

Cybersecurity and Insurance
Source: HackADay

For $40, there won’t be a Cisco networking question that you can’t answer


You can be the person who knows all the ins and outs of using Cisco systems to drive your business with the training in the Ultimate Cisco Certification Super Bundle. You can get the whole thing now for $40 with promo code: NEWYEAR2019.

For , there won’t be a Cisco networking question that you can’t answer
Source: The Next Web

Beijing plans to adopt facial recognition-enabled smart locks in its public housing projects involving 120K tenants in 2019 to crack down on illegal subletting (Meng Jing/South China Morning Post)


Meng Jing / South China Morning Post:

Beijing plans to adopt facial recognition-enabled smart locks in its public housing projects involving 120K tenants in 2019 to crack down on illegal subletting  —  – The smart lock is one of the latest hi-tech tools authorities are using to keep an eye on its citizens

Beijing plans to adopt facial recognition-enabled smart locks in its public housing projects involving 120K tenants in 2019 to crack down on illegal subletting (Meng Jing/South China Morning Post)
Source: Tech Meme

Here’s why telephones and calculators use different numeric keypads


Picture the keypad of a telephone and calculator side by side. Can you see the subtle difference between the two without resorting to your smartphone? Don’t worry if you can’t recall the design. Most of us are so used to accepting the common interfaces that we tend to overlook the calculator’s inverted key sequence. A calculator has the 7–8–9 buttons at the top whereas a phone uses the 1–2–3 format. Subtle, but puzzling since they serve the same functional goal — input numbers. There’s no logical reason for the inversion if a user operates the interface in the same way.…

This story continues at The Next Web

Here’s why telephones and calculators use different numeric keypads
Source: The Next Web

Before the Concorde, there was 'the Concordski' – CNET

The Russian-built Tupolev Tu-144 beat the Concorde into the air by two months. But the supersonic plane would enjoy a far less successful career. Before the Concorde, there was 'the Concordski' – CNET
Source: CNet

Cars we're most looking forward to driving in 2019 – Roadshow

The next 12 months has Roadshow editors eager for a pickup truck, a crossover and a lot of sports cars. Cars we're most looking forward to driving in 2019 – Roadshow
Source: CNet

Ion Powered Airplane: Not Coming to an Airport Near You

Not that we don’t love Star Trek, but the writers could never decide if ion propulsion was super high tech (Spock’s Brain) or something they used every day (The Menagerie). Regardless, ion propulsion is real and we have it today on more than one spacecraft. However, MIT recently demonstrated an ion-powered airplane. How exciting! An airplane with no moving parts that runs on electricity. Air travel will change forever, right? According to [Real Engineering], ion-propelled (full-sized) aircraft run into problems with the laws of physics. You can see the video explaining that, below.

To understand why, you need to know two things: how ion drive works and how the engines differ when using them in an atmosphere. Let’s start with a space-based ion engine, a topic we’ve covered before. Atoms are turned into ions which are accelerated electrically. So the ion engine is just using electricity to create thrust exhaust instead of burning rocket fuel.

The downside is that the thrust is very tiny. The upside is that, in space, that tiny thrust adds up so that in a few days or weeks you can be moving very fast. With no moving parts, keeping an ion engine running constantly is no real problem. Keeping a massive rocket burning fuel for months is problematic.

So the MIT flyer uses the same technology, right? Sort of. Spacecraft carry around their own ion fuel in the form of xenon (although some older engines used mercury). Xenon is good because it is relatively heavy which provides more thrust and is easy to store.

So what if you clamped an ion engine to an airplane? Well, you’ll need to put the xenon fuel tanks on it, too, which is going to make the plane heavier. You also have two problems. You need a certain minimum amount of speed to get your wings to create lift. In addition, your tiny thrust won’t add up like it does in space because of things like wind resistance. If a spacecraft’s engine stops it just stops accelerating but keeps going at its current speed and heading. If an aircraft loses power, that’s not the case.

Obviously, the MIT engineers had to create a very light airframe that could generate a lot of lift at low speeds. The resulting plane had a 5 meter wingspan and weighed less than 3 kilos. But what about fuel? A spacecraft carries their own, but an aircraft can consume nitrogen which is everywhere in the atmosphere. Sure, it doesn’t have the mass of xenon, but not having to carry your fuel is a big plus.

So why won’t you be boarding that midnight ion plane for Georgia anytime soon? Scale. The video does a good job of explaining the trades, but in the simple view a heavy plane is going to take more power and you get in a vicious spiral where more weight needs more power, but more power adds more weight.

You can see MIT’s video about their solid-state airplane (we like that name) after the first video, below. Sure, it is possible future advancements will make ion-powered aircraft more practical. But it probably won’t be in the next year or three. However, there are other ways to run an aircraft off of air, and you never know when some breakthrough will make something practical. After all, in 1950 who could imagine computers that cost a few hundred dollars and fit in your pocket?

Ion Powered Airplane: Not Coming to an Airport Near You
Source: HackADay

Der Spiegel: Volkswagen is planning to write off over $300M it invested in Gett, as the Israeli startup struggles to compete with Uber, Lyft, Didi, and others (Globes Online)


Globes Online:

Der Spiegel: Volkswagen is planning to write off over $300M it invested in Gett, as the Israeli startup struggles to compete with Uber, Lyft, Didi, and others  —  “Der Spiegel” reported that Volkswagen would write off its over $300 million investment in the Israeli taxi hailing company.

Der Spiegel: Volkswagen is planning to write off over 0M it invested in Gett, as the Israeli startup struggles to compete with Uber, Lyft, Didi, and others (Globes Online)
Source: Tech Meme

Take a Mini Lathe for a Spin

[This Old Tony] is no stranger to quality tools, but he started on a mini lathe. Nostalgia does not stop him from broadcasting his usual brand of snark (actually, it is doubtful that anything short of YouTube going offline will stop that). He rates the lathe’s ability to machine different materials and lets you decide if this is an investment, or a money pit.

Lathe parts range from a chintzy start/stop button assembly that looks like it would be at home on a Power Wheels restoration project to a convenient cam locking mechanism on the tail stock which is an improvement on the lathe with which our narrator learned. We see the speed tested and promptly disproved as marketing hoopla unless you allow for a 40% margin of error. It uses a 500 watt DC motor, so don’t try correcting for mains power frequency differences. The verdict on the lead screw and thread dial is that you get what you pay for and this is demonstrated by painstakingly cutting threads into aluminum. Finally, we see torture tests on cold rolled steel.

Maybe someone from the mini lathe community will stop by with their two-cents. If you appreciate this introduction to lathes, consider [This Old Tony]’s guide to CNC machines or injection molding. But for us, [Quinn Dunki’s] series of machine tools has been a real treat this year.

 

Take a Mini Lathe for a Spin
Source: HackADay

End of year crypto roundup: How did Cardano perform in 2018?


Cardano is an open-source blockchain and smart contracts platform, supported by the namesake cryptocurrency Cardano (ADA). The project is a direct competitor to Ethereum, and the two organizations also share a co-founder between them — Charles Hokinson. Hokinson claims that Cardano has cracked the problem of scalability with blockchains through its ‘Ouroboros‘ proof of stake (PoS) algorithm. While many in the industry — including Hokinson’s former colleagues Ethereum’s Vitalik Buterin and EOS’s Daniel Larimer — are not amused by this claim, Cardano has managed to rise the ranks of cryptocurrencies rather quickly, to be one among the ten largest by…

This story continues at The Next Web

End of year crypto roundup: How did Cardano perform in 2018?
Source: The Next Web

In an year of breaches, data leaks, and reports of starvation deaths due to faulty implementation, India's Aadhaar had its constitutional status upheld in 2018 (Aria Thaker/Quartz)


Aria Thaker / Quartz:

In an year of breaches, data leaks, and reports of starvation deaths due to faulty implementation, India’s Aadhaar had its constitutional status upheld in 2018  —  After almost a decade since its launch, India’s controversial biometric identity programme, Aadhaar, finally got a measure …

In an year of breaches, data leaks, and reports of starvation deaths due to faulty implementation, India's Aadhaar had its constitutional status upheld in 2018 (Aria Thaker/Quartz)
Source: Tech Meme

Finding Bugs in Bluetooth

[Jiska Classen] and [Dennis Mantz] created a tool called Internal Blue that aims to be a Swiss-army knife for playing around with Bluetooth at a lower level. The ground for their tool is based in three functions that are common to all Broadcom Bluetooth chipsets: one that lets you read arbitrary memory, on that lets you run it, and one that lets you write it. Well, that was easy. The rest of their work was analyzing this code, and learning how to replace the firmware with their own version. That took them a few months of hard reversing work.

In the end, Internal Blue lets them execute commands at one layer deeper — the LMP layer — easily allowing monitoring and injection. In a series of live (and successful!) demos they probe around on a Nexus 6P from a modified Nexus 5 on their desk. This is where they started digging around in the Bluetooth stack of other devices with Broadcom chipsets, and that’s where they started finding bugs.

As is often the case, [Jiska] was just poking around and found an external code handler that didn’t do bounds checking. And that meant that she could run other functions in the firmware simply by passing the address. Since they’re essentially calling functions at any location in memory, finding which functions to call with which arguments is a process of trial and error, but the ramifications of this include at least a Bluetooth module crash and reset, but can also pull such tricks as putting the Bluetooth module into “Device Under Test” mode, which should only be accessible from the device itself. All of this is before pairing with the device — just walking by is sufficient to invoke functions through the buggy handler.

All the details of this exploit aren’t yet available, because Broadcom hasn’t fixed the firmware for probably millions of devices in the wild. And one of the reasons that they haven’t fixed it is that patching the bug will disclose where the flaw lies in all of the unpatched phones, and not all vendors can be counted on to push out updates at the same time. While they focused on the Nexus 5 cellphone, which is fairly old now, it’s applicable to any device with a similar Broadcom Bluetooth chipset.

Aside from the zero-day bug here, the big story is their Bluetooth analysis framework which will surely help other researchers learn more about Bluetooth, finding more glitches and hopefully helping make Bluetooth more openly scrutinized and more secure. Now anyone with a Raspberry Pi 3/3+ or a Nexus 5, is able to turn it into a low-level Bluetooth investigation tool.

You might know [Jiska] from her previous FitBit hack. If not, be sure to check it out.

Finding Bugs in Bluetooth
Source: HackADay

Inside Uber's serious incident team for US where ~130 investigators deal with reports of crashes, physical altercations, sexual misconduct, theft, and stalking (Shannon Bond/Financial Times)


Shannon Bond / Financial Times:

Inside Uber’s serious incident team for US where ~130 investigators deal with reports of crashes, physical altercations, sexual misconduct, theft, and stalking  —  There is space for scores of people in a section of Uber’s office in downtown Phoenix but on a recent weekday morning only a handful …

Inside Uber's serious incident team for US where ~130 investigators deal with reports of crashes, physical altercations, sexual misconduct, theft, and stalking (Shannon Bond/Financial Times)
Source: Tech Meme

RFID Doing More than ID

RFID is a workhorse in industrial, commercial, and consumer markets. Passive tags, like work badges and key fobs, need a base station but not the tags. Sensors are a big market and putting sensors in places that are hard to reach, hostile, or mobile is a costly proposition. That price could drop, and the sensors could be more approachable with help from MIT’s Auto-ID Lab who are experimenting with sensor feedback to RFID devices.

Let’s pretend you want to measure the temperature inside a vat of pressurized acid. You’d rather not drill a hole in it to insert a thermometer, but a temperature sensor sealed in Pyrex that wirelessly transmits the data and never runs out of power is a permanent and cheap solution. The researchers have their sights set on glucose sensing and that news come shortly after Alphabet gave up their RFID quest to measure glucose through contact lenses. Shown the top of this article is a prototype for a Battery Assisted Passive (BAP) RFID sensor that uses commodity glucose testing strips, sending data when the electrochemical reaction occurs. It uses six of these cells in parallel to achieve a high enough peak current to trigger the transmission. But the paper (10.1109/RFID.2018.8376201 behind paywall) mentions a few strategies to improve upon this. However, it does prove the concept that the current spike from the test strips determines the time the tag is active and that can be correlated to the blood glucose detected.

How many of our own projects would instantly upgrade with the addition of a few sensors that were previously unobtainable on a hacker budget? Would beer be brewed more effectively with more monitoring? How many wearables would be feasible with battery-free attachments? The sky is the figurative limit.

Thank you, [QES] for the tip [via TechXplore]

RFID Doing More than ID
Source: HackADay

Big players in autonomous driving like Uber, Tesla, and Waymo had a disappointing 2018, but several startups with a "minimum viable product" made good progress (Timothy B. Lee/Ars Technica)


Timothy B. Lee / Ars Technica:

Big players in autonomous driving like Uber, Tesla, and Waymo had a disappointing 2018, but several startups with a “minimum viable product” made good progress  —  Big companies struggled but small ones moved forward.  —  As 2018 dawned, expectations for self-driving vehicles were sky-high:

Big players in autonomous driving like Uber, Tesla, and Waymo had a disappointing 2018, but several startups with a "minimum viable product" made good progress (Timothy B. Lee/Ars Technica)
Source: Tech Meme

3 New Year’s resolutions that might help thaw the ‘crypto winter’


As 2018 draws to a close, many members of the crypto community will be happy that they made it through to the end of another volatile year. Many can still be heard repeating their mantra of “I believe in the tech” to anyone that will care to listen. The battle scars of 2018 will ensure that this year will be remembered for all the wrong reasons by crypto enthusiasts. For example, there was the infamous $520 million crypto hack, and more recently another Japan-based crypto exchange was hacked, losing some $60 million worth of cryptocurrency. However, Bitcoin prices falling by…

This story continues at The Next Web

3 New Year’s resolutions that might help thaw the ‘crypto winter’
Source: The Next Web

How Amazon is opening tiny stores, adding local language descriptors, and accepting cash payments to target the 800M people living outside India's big cities (Eric Bellman/Wall Street Journal)


Eric Bellman / Wall Street Journal:

How Amazon is opening tiny stores, adding local language descriptors, and accepting cash payments to target the 800M people living outside India’s big cities  —  The retailer is targeting hundreds of millions of new online shoppers in India’s countryside by adding Hindi and videos …

How Amazon is opening tiny stores, adding local language descriptors, and accepting cash payments to target the 800M people living outside India's big cities (Eric Bellman/Wall Street Journal)
Source: Tech Meme

In a formerly undisclosed memo from March, a top FTC enforcement official said Facebook wasn't at fault for Cambridge Analytica's abuses; FTC says probe ongoing (New York Times)


New York Times:

In a formerly undisclosed memo from March, a top FTC enforcement official said Facebook wasn’t at fault for Cambridge Analytica’s abuses; FTC says probe ongoing  —  Last spring, soon after Facebook acknowledged that the data of tens of millions of its users had improperly been obtained …

In a formerly undisclosed memo from March, a top FTC enforcement official said Facebook wasn't at fault for Cambridge Analytica's abuses; FTC says probe ongoing (New York Times)
Source: Tech Meme

AI image processing for computer vision, facial recognition, image generation, and other applications saw marked improvements in 2018 (Andrew Tarantola/Engadget)


Andrew Tarantola / Engadget:

AI image processing for computer vision, facial recognition, image generation, and other applications saw marked improvements in 2018  —  Computer scientists have spent more than two decades teaching, training and developing machines to see the world around them.

AI image processing for computer vision, facial recognition, image generation, and other applications saw marked improvements in 2018 (Andrew Tarantola/Engadget)
Source: Tech Meme