There are times in one’s life when circumstances drive an intense interest in one specific topic, and we put our energy into devouring all the information we can on the subject. [The Current Source], aka [Derek], seems to be in such a situation these days, and his area of interest is radioactivity and its measurement. So with time to spare on his hands, he has worked up this video review of radioactivity and how Geiger counters work.
Why the interest in radioactivity? Bluntly put, because he is radioactive, at least for the next week. You see, [Derek] was recently diagnosed with thyroid cancer, and one of the post-thyroidectomy therapeutic options to scavenge up any stray thyroid cells is drinking a cocktail of iodine-131, a radioisotope that accumulates in thyroid cells and kills them. Trouble is, this leaves the patient dangerously radioactive, necessitating isolation for a week or more. To pass the time away from family and friends, [Derek] did a teardown on a commercial Geiger counter, the classic Ludlum Model 2 with a pancake probe. The internals of the meter are surprisingly simple, and each stage of the circuit is easily identified. He follows that up with a DIY Geiger counter kit build, which is also very simple — just a high-voltage section made from a 555 timer along with a microcontroller. He tests both instruments using himself as a source; we have to say it’s pretty alarming to hear how hot he still is. Check it out in the video below.
Given the circumstances, we’re amazed that [Derek] is not only keeping his cool but exhibiting a good sense of humor. We wish him well in his recovery, and if doing teardowns like this or projects like this freezer alarm or a no-IC bipolar power supply helps him cope, then we all win.
Google is reportedly working on a secret project to get Windows 10 running on Chromebooks. XDA Developers' Kieran Miyamoto reports on the latest developments surrounding "Campfire" -- the Chromebook equivalent of Apple's Boot Camp. From the report: Earlier this year, a mysterious project appeared on the Chromium Git. The Chrome OS developers had created a new firmware branch of the Google Pixelbook called eve-campfire and were working on a new "Alt OS mode" for this branch. We have since confirmed this Alt OS refers to Microsoft Windows 10 and found evidence that it wasn't just an internal project but intended for public release.
The developers have reworked the way in which they distribute updates to a rarely-used section of ROM on Chromebooks called RW_LEGACY. The RW_LEGACY section on a Chromebook's ROM traditionally gives users the ability to dual-boot into an alternative OS, but it is something of an afterthought during production and the section is rarely updated after a device leaves the factory. Now, with Campfire, Google will push signed updates to RW_LEGACY via the regular auto-update process, so firmware flashing won't be a concern for Joe Public. A recent commit for enabling Alt OS through crosh with a simple [alt_os enable] command indicates that it will be a fairly easy setup process from the user's end too. We may expect to see the first demo of "Campfire" at Google's upcoming Pixel 3 launch event in October. Also, the report notes that the Google Pixelbook won't be the only Chromebook with Campfire support, citing "mentions of multiple 'campfire variants.'"
Intel is rumored to be introducing its 9th generation processors in October. While Intel’s 10nm Cannon Lake chips have been delayed until 2019, this year’s refresh will be based on improvements to the existing 14nm process. Wccftech reports that Intel will introduce new Core i9, i7, and i5 chips on October 1st that will be branded as 9th generation processors.
The mainstream flagship processor, Intel’s Core i9-9900K, is expected to ship with 8 cores and 16 threads. Leaked documents show that this will be the first mainstream Core i9 desktop processor, and will include 16 MB of L3 cache and Intel’s UHD 620 graphics chip. Even Intel’s 9th gen Core i7 processor is expected to ship with 8 cores and 8 threads (up from the current 6 cores), with the Core i5 shipping with 6 cores and 6 threads.
Intel is reportedly launching its unlocked overclockable processors first, followed by more 9th generation processors early next year. If the October 1st launch is accurate, then we should expect to see these processors available in a variety of machines later this year. Of course, anyone building their own rig will want to see exactly how Intel’s latest processors compare to AMD’s Ryzen chips in gaming and other tasks before parts are picked. We should start to see answers to those questions later next month.
Mere weeks after tariffs were put into place raising the cost of many Chinese-sourced electronics components by 25%, a second round of tariffs is scheduled to begin that will deal yet another blow to hackers. And this time it hits right at the heart of our community: 3D-printing.
A quick scan down the final tariff list posted by the Office of the US Trade Representative doesn’t reveal an obvious cause for concern. In among the hundreds of specific items listed one will not spot “Filaments for additive manufacturing” or anything else that suggests that 3D-printing supplies are being targeted. But hidden in the second list of tariff items, wedged into what looks like a polymer chemist’s shopping list, are a few entries for “Monofilaments with cross-section dimension over 1 mm.” Uh-oh!
That would seem to specifically target the typical 1.75-mm filament that most FDM printers like to eat; however, the line items specifically list the proscribed items as being polymers of ethylene, acrylic, and vinyl chloride. Neither PLA nor ABS, the most popular filaments, fits into any of those categories. The next line item, though, appears to be the gotcha: “Monofilament nesoi [Not Elsewhere Specified or Indicated], of plastics, excluding ethylene, vinyl chloride and acrylic polymers.” This would seem to include plastic filaments of any dimension and made of any polymer other than those listed above, which represents a broad category of products that could include anything from fishing line to spools of weed-whacker line. And, apparently, PLA and ABS printer filament.
But wait; it gets worse. Not only are finished filaments apparently covered by the 25% duty, but the raw polymers going into their manufacture are also covered, with both ABS and PLA getting their own line items in other parts of the list. It’s especially telling that neither of these line items has any sort of modifiers; there’s no mention of form or viscosity or modifying chemistry like there are for most other polymers on the list. That seems very broad, and would seem to give Customs agents wide latitude on slapping the tariff on any shipment of raw ABS or PLA. That’s bad news for US-based filament manufacturers who source their PLA and ABS from China.
Has any of this bad news filtered through the market yet? It appears not; a non-exhaustive search of PLA filament price history on camelcamelcamel shows that the price of Chinese-made filament has been stable over the last few months, so the market has yet to factor in the tariff. With the tariff set to go into effect on August 23, we’d expect that to change soon, though.
As with any tariff, the impact on the consumer’s bottom line is hard to predict. Markets are flexible and tend to adapt to the challenges presented to them by switching suppliers and finding new ways to do business. In this case, many countries other than China make both PLA and ABS, so manufacturers can shift suppliers if it makes sense to do so. But global trade is a complex web of agreements and alliances that don’t often take the little guy into account. So you can bet that this tariff will have an impact on 3D-printer filament pricing. With duties starting in a little less than two weeks, we’ll know how much of an impact pretty soon.
Thanks to [Scott McGimpsey] for the heads up on this one.
"Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU," Tom's Hardware reports, citing a presentation by security researcher Christopher Domas at the Black Hat Briefings conference in Las Vegas.
The command -- ".byte 0x0f, 0x3f" in Linux -- "isn't supposed to exist, doesn't have a name, and gives you root right away," Domas said, adding that he calls it "God Mode." The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces ("userland") run in ring 3, furthest from the kernel and with the least privileges. To put it simply, Domas' God Mode takes you from the outermost to the innermost ring in four bytes. "We have direct ring 3 to ring 0 hardware privilege escalation," Domas said. "This has never been done.... It's a secret, co-located core buried alongside the x86 chip. It has unrestricted access to the x86."
The good news is that, as far as Domas knows, this backdoor exists only on VIA C3 Nehemiah chips made in 2003 and used in embedded systems and thin clients. The bad news is that it's entirely possible that such hidden backdoors exist on many other chipsets. "These black boxes that we're trusting are things that we have no way to look into," he said. "These backdoors probably exist elsewhere." Domas discovered the backdoor, which exists on VIA C3 Nehemiah chips made in 2003, by combing through filed patents.
"Some of the VIA C3 x86 processors have God Mode enabled by default," Domas adds. "You can reach it from userland. Antivirus software, ASLR and all the other security mitigations are useless."
Queercon is a conference within a conference. Taking place within DEF CON, Queercon is a social network of LGBT hackers that gathers each year to host events, talks, and a kickin’ pool party. Since 2012 they have also been building electronic badges as part of the fun and I can vouch that they’re contenders for most creative badge design every single year.
A total of 450 electronic badges were made this year, and the aesthetic is as close to a polished consumer product as I have ever seen in a badge, yet they also retain the charm and feel of unique electronics built for hardware geeks. With wireless communication that delivers a complex and clever game to the badges, the designers are encouraging interaction between people (not just between badges). I had the chance to do a teardown of one of these glorious badges, and also gathered quite a bit of info on the puzzles within during Friday’s badge talk in the QC suite.
Hardware That Is Gorgeous Assembled and Disassembled
Each badge is made up of three distinct layers. Shown here from right to left, the top layer is a PCB face place, the middle layer is acrylic, and the bottom layer is where all the magic happens.
The faceplates themselves are Printed Circuit Boards but ironically have no circuitry in them. This is a tongue-in-cheek comment since I think this choice was brilliant. PCB fabrication has become so accessible, and its use as an artistic medium is so en vogue, that it is indeed the perfect choice. Joining the badge makers to deliver the top layer designs is [TwinkleTwinkie] who you probably know as a prolific add-on designer.
The center layer is a thick acrylic frame that is laser-cut. It is split into two pieces that key together and acts both as a stand-off between the top and bottom layers, as well as a diffuser. Multiple 90-degree RGB LEDs are positioned around the circumference of the board, shining through this acrylic. There are also 6 upward facing RGB LEDs that shine through the center strip of to the faceplate (either through holes or through the substrate) to indicate game progress.
The bottom layer of the badge is where all of the electronics are located. The most prominent feature are the two LCD character displays. These were dirt cheap since they’re old stock with an unknown manufacture date. An interesting anecdote from the badge talk is that these modules use leaded solder but the badge fab process was ROHS (lead-free). This presented an interesting problem as solder on the modules melts at a lower temperature than the paste used to attach them to the boards. This meant sometimes the pin connections on the displays themselves would be disturbed during reflow and led to hand rework on some badges.
Here you can get a good look at the two styles of LEDs as well as the HT16D35B LED driver chip. The button detail also shows how the extra-long momentary push switches are used to extend through holes on the top faceplate. The copper-colored circle is an add-on header extension board that interfaces with the underside of this layer.
The underside of the board remains visible when the badge is fully assembled. It has a pleasant matte-black solder mask with white silkscreen. Here you’ll find two MSP430 processors (MSP430FR2422, MSP430FR2972IPMR), one which handles the main hardware functionality (buttons, screens, visualizations, and game) with the other handling radio communications (the green board to the left is a HopeRF RFM75 module).
The badge is powered by two AA batteries; this saves a lot of weight compared to the four AA batteries of the official DEF CON 26 badge, but at the expense of a shorter battery life that will require replacement for many during the con.
Let’s Play a Wireless, Collaborative Game
The badge immerses all users into an interactive text adventure game. Based on the Expeditionary Force series by Craig Alanson, the storyline of the game is beyond the scope of review. Let’s just say the badge has an attitude that keeps you playing as you hope for more snarky retorts from the character called Skippy who inhabits the badge.
Each badge contains 1/16 of a larger file. By communicating with other badges, this file begins to assemble itself. Badges recognize each other’s presence automatically, but can only be paired if both badge owners choose that option from the menu. This encourages people to visit with one another as they establish who’s badge is who’s and work to unlock more of the puzzle.
At the Queercon suite, a scoreboard wirelessly queries nearby badges to show how far the collective process has progressed toward solving the group puzzle (correctly assembling that 16-part file I mentioned before). The big board also shows a list of badges by their number and stock name, along with the number of inter-badge links they have successfully performed.
With a block of characters, you can see some stand out yellow against the mostly white characters. This is not a cipher, but as the file is solved, images will become recognizable visually. I’m uncertain if the hex block is of use but thought I’d snap an image just in case.
A Clever Tool for Firmware Development
Anyone who’s looked into a badge with puzzles like this one knows that a very intense state machine is at work guarding all the doors and holding all the keys. I think it’s really interesting that a tool to manage all of this was built as part of the badge development process. Called the “Statemaker”, the tool is written in Python to take CSV input and spit out binaries that can be written to the badge.
The team used Google Sheets to track all of the choices, all of the interactions, and all of the strings that can possibly take place during the game. Statemaker uses the CSV export from that spreadsheet to perform several important operations. Most notably, it ensures that the data output is valid (avoiding string buffer overruns and other common gotchas before they are added to the firmware). But a side benefit is the ability to visualize the state machine. Shown here is the overview of the entire game, you can also see some closer detail here.
Another Hardware Masterpiece Joins the QC Ranks
The Queercon badge team’s ability to hit home runs is somewhat alarming. Taking a look at some of my favorite QC badges (2017 badge, 2016 badge, 2014 badge) from the last few years you can see that aesthetic, form, and function have all seen one brilliant leap after the next.
[Evan Mackay], [George Louthan], and [Jonathan Nelson] are the heavy lifters behind this badge (and I believe all of the others as well). But as with all great undertakings, their success also depends on a dedicated team who do whatever it takes to get these kinds of passion projects across the finish line. Bravo all.
"Queercon is a conference within a conference. Taking place within DEF CON, Queercon is a social network of LGBT hackers that gathers each year to host events, talks, and a kickin’ pool party. Since 2012 they have also been building electronic badges as part of the fun and I can vouch that they’re contenders for most creative badge design every single year." cool!