Slashdot Mirror

And the first attacks are there as well...

I knew I had seen an led-based point-to-point networking system described somewhere, and after a few minutes on hackaday, here it is, straight from 2005. Best part is, the linked to Ronja project is open, free speech-wise (and free beer for the major league scrounger).

if the other IP board is really a home buildable kit, you might add that to your page just because of the printed circuit board stuff. As in this link:
http://hackaday.com/2008/07/28/how-to-etch-a-single-sided-pcb/

I know it's some work to make a good HowTo page but it helps others when all of the info can be found from the one page. I've got some parts I need to order from Digikey and will see about adding parts to try building your kit along with seeing of my PIC programmer can do the programming. In-circuit is preferred.

I'm guessing your page is getting a few more hits today?

LoB

I don't think that is it. From the article:

When a baby too small for the regular dialysis machine (similar to the one pictured above)

http://www.hackaday.com/2008/08/05/diy-kidney-machine-saves-girl/

Also, it doesn't look nearly ramshackle enough! ;-)

http://www.hackaday.com/2008/08/05/diy-kidney-machine-saves-girl/

...yesterday. http://www.hackaday.com/2008/08/05/diy-kidney-machine-saves-girl/

Remember that to stop someone doing something, non-essential: not eating or breathing, you just need to make it hard enough to be not worth their while. An example of this is the Chinese firewall, people know the government are watching, so they don't bother looking at anything that isn't authorised.

Except Chinese are able to get around the Great Firewall of China. Chinese do find ways.

Falcon

Here's what I'm saying: Anyone with the power to ruin your life just by their word against yours should not be trusted.

Doesn't mean they're all bad people, but just like most police approach every traffic stop being aware of the fact someone could be waiting in the driver's seat with intent to harm them, every citizen should approach every encounter with the police knowing there are bad cops out there and they may be at risk.

This won't change until officers start getting prosecuted for swearing false statements, and the "good" ones stop covering for the "bad" ones.

If you've got the time, I highly recommend watching these two videos before you ever consider trusting a police officer:

http://www.hackaday.com/2008/06/16/dont-talk-to-the-police/

And who can blame them? I mean, /. posting stories from the Local6, where headlines are about as misleading as "Boy Eating Bear." I read about this last week, maybe two weeks ago, on Hack-A-Day I believe, hell maybe even here on /. (possible dupe-age), either way, why the Local6?

As pointed out by numerous posters, the FAQ clearly states that this is not a spray, but rather a procedure of sorts. Engadget has a slightly better writeup of the technology here. From Engadget:
"...the process involves applying the coating to your precious toys inside a vacuum, after which they're basically impervious to all liquids -- in one test, a coated device spent over 450 hours powered on and functional underwater"

The also had this same story back on the 19th...

And, finally, does FBI understand it?

To the issues of 2600 at the book store in the mall, to the anarchist's cookbook and to the old text file archives of yore this information has been around for as long as we've wanted to learn it. Sure the FBI (or some other organization) might puff up with hubris but I doubt it and in fact I think it's high time we start seeing more things like this. And I think this place is a good start...

http://www.hackaday.com/2008/01/01/24c3-mifare-crypto1-rfid-completely-broken/

I have the perfect solution for you...

However, we've recently seen that RAM holds state well enough to preserve crypto keys thru a power cycle.

Reading from DRAM is destructive - if you don't try to read then your data might be safe for a while, but if you can't refresh it after a read then the data will be trashed.

I'm not entirely convinced by the article's assertion that the hard disk will still be writing data after the DRAM refresh stops (remember - it doesn't matter that you are still DMAing data to the hard drive if the drive is never going to write it), but I wouldn't want to test it on my data.

One of the first things that will happen, is that the memory DIMMs will no longer be refreshed properly (DRAM needs to be refreshed constantly otherwise it will loose it's data) and very rapidly, the memory will contain only garbage. The hard drives and DMA controller however, will run a bit longer; so if data is being written to disk, the DMA controller will keep reading data from memory, but it has no idea that this data is corrupted.

However, we've recently seen that RAM holds state well enough to preserve crypto keys thru a power cycle. This has very scary implications: the RAM knows what's happening, and behaves differently (loses data immediately on power-off or remembers it for several seconds) in order to cause the most difficulty for the owner of the machine.

Not only are computer components intelligent and self-aware, they're also out to get us!

1. The first post, ZOMG!, has some excellent points.
2. It's open source. Hackers and crackers alike are prepared to face any challenge, from sifting through sets of instructions to exposing and photogrpahing the inner workings of silicon. Almost anything employed as security can be reverse engineered, and while steps can certainly be taken to tighten security in open-source software, having the source available for study certainly would help anyone hoping to find flaws. I'm not trying to suggest that OSS is naturally easier to get into (case and point: Windows), but I thought it was kind of obvious that it lacks the "protection" of security through obfuscation, which is really just hoping that your secrets stay secret - but it helps.

i think there might be something along the lines of what your talking about. let me know... http://www.hackaday.com/2008/07/07/wii-nunchuck-used-for-mocap-on-3d-studio-max/

-RG.

The summery looks awfully similar to things CMU has already done - see hack a day

*BASH Cures Cancer
--Great tips & ideas for anyone who regularly scripts in BASH. If you use the shell, give it a look.

And then the usual stuff:
*BBC News
*Various Economist Feeds;
*Hack-A-Day;
*The Register;
*Tranny Farm;
*xkcd, webcomic;
*Penny Arcade, webcomic;
*Ctrl-Alt-Del, webcomic;

I can't be bothered with Dilbert, since it's gone Flash.

My list of feeds:
Slashdot main : http://rss.slashdot.org/Slashdot/slashdot
Obvious Reasons

Linux.com : http://www.linux.com/feature/?theme=rss
Useful tips for using Linux on a daily basis and for my sysadmin job

Lifehacker : http://lifehacker.com/excerpts.xml
Tips for life in general

Hack a Day : http://www.hackaday.com/rss.xml
Stuff I wish I had the motivation to do

Google Open Source Blog : http://google-opensource.blogspot.com/feeds/posts/default?alt=rss
Keeping current with The Goog's OSS efforts

Google Summer of Code Blog : http://feeds.feedburner.com/GoogleSummerOfCodePodcasts
Seeing the State of the Program

The Art of Manliness : http://feeds.feedburner.com/TheArtOfManliness
Do you really have to ask?

http://www.hackaday.com/2008/06/19/wii-menu-3-3-already-circumvented/ [hackaday.com]

I highly recommend getting an Arduino board, either an USB or Bluetooth one. They're easily programmable, have 14 digital and 6 analog pins and are quite cheap.
A more advanced board would be this one which is available from Sparkfun (who happen to have all sorts of electronic parts). Comes with an LCD, included SD card reader, 3 axis accelerometer. Wonder if TinyOS runs on it, anyone?
There are lots of cool things that can be done with these boards, google for "arduino projects".
Some nice sites for the electronic geek:
Hackaday
Electronics Lab

Cheers!

I used to use about a gallon of water per tank of petrol to get 40mpg out of my '82 Volvo 340

The V8 was already smooth and quiet, and had torque enough, but I got significantly better mileage, something like a 30%~40% increase.

Now, if moderators did some research first...

The article makes a plausible argument, but fails to give any real world examples.

The classic is the free razor. Give away the razor for free. The blades are not cheap.
The new one is free cell phones. Get your free cell phone. The air time is not cheap.

Extended further is provide very inexpensive inkjet printers. There is no bargan on official ink.

An example of the above gone wrong is the free :C bar code scanners.. that were re-purposed instead of being subscribed to the non-free content.
http://www.cexx.org/cuecat.htm
http://www.hackaday.com/2005/06/12/cuecat-hacking/
http://oilcan.org/cuecat/

The inexpensive I-Opener web device
http://www.ghettohardware.com/articles/iopener/
http://www.theregister.co.uk/2000/03/23/netpliance_hobbles_iopener_99_pc/

If you use the free then fee model, be sure the item up for fee is something people will buy.
I-tunes is free.. But it can be used to rip CD's. That's OK. The plan is to sell iPods and maybe a few tracks on the iTunes store.

A similar project was covered recently on Hack-a-day. Same idea... different hardware.

My thoughts exactly. This is the second 'prototype' of a HHG that I've read about in the past two weeks: http://www.hackaday.com/2008/05/13/pocket-hitchikers-guide-to-the-galaxy-wikipedia-style/

At the rate that we are evolving, we will see/discover the first babel fish in the next 100 years, and the first improbability driven space ship by the year 2400.

To clarify a few things. First of all this has been known for a few months. The earliest mention I saw was December 29, 2007: MiFare's CRYPTO1 algorithm mostly reverse-engineered. More information, including a slide show, is presented in this January 1, 2008 post: Mifare crypto1 RFID completely broken

Quick background: NXP (Philips) creates a line of smart cards called "Mifare" based on proprietary protocols, including the CRYPTO1 cipher (undocumented, proprietary). There are a lot of Mifare cards deployed, and there is a huge element of security through obscurity especially if you rely on proprietary protocols, such as CRYPTO1 algorithm.

This research, as linked above (and posted in this slashdot article... old news) shows that CRYPTO1 stream cipher is horribly broken, based on a terribly insufficient random number generator. Besides busting this example of security through obscurity, the target technology is actually deployed in a very wide range of uses. Meaning, this attack has many real world consequences.

Yep, its a bit out of date but still worth a look if you havent seen it. Free transport FTW! This link has an hour long lecture/display of the processes used: http://www.hackaday.com/2008/01/01/24c3-mifare-crypto1-rfid-completely-broken/

Passive RFID chips can do some computation themselves, and many can do crypto, but it's extremely limited. For instance, the ubiquitous Mifare chips used for opening doors and even payment systems use proprietary crypto - and it's very broken, anybody with very simple tools can listen in and copy the code.

http://www.hackaday.com/2008/01/19/add-everything-to-your-eeepc/

They already reconstructed a virus they pulled from remnants in our own DNA http://www.hackaday.com/2008/01/05/24c3-hacking-dna/ (long video it is detailed somewhere near the end)

Hack a Day had this story yesterday, http://www.hackaday.com/2008/01/16/bowling-industrial-robot-style/. Good to see it make slashdot, though. It's also interesting its on the "mana potion" energy drink site.

With this screen and this wiimote hack I'd never have to go into the big blue room again.

"Nothing was sacred to hackers in '07 -- not cars, not truckers..."

Somebody hacked a trucker? Holy hell...I hope never to see that one documented Hackaday.

Link to lecture torrent:
http://thepiratebay.org/tor/3953157/24c3-2273-en-toying_with_barcodes.mkv

Lifted from Hack-A-Day 12-30-2007:
http://www.hackaday.com/2007/12/30/24c3-toying-with-barcodes/

HackaDay ran an article on this a few days ago that went into some detail: http://www.hackaday.com/2007/12/02/wireless-keyboards-easily-cracked/ [QUote] e first covered breaking the commodity 27MHz radios used in wireless keyboards, mice, and presenters when [Luis Miras] gave a talk at Black Hat. Since then, the people at Dreamlab have managed to crack the encryption on Microsoft's Wireless Optical Desktop 1000 and 2000 products (and possibly more). Analyzing the protocol they found out that meta keys like shift and ALT are transmitted in cleartext. The "encryption" used on each regular keystroke involves XORing the key against a random one byte value determined during the initial sync with the receiver. So, if you sniff the handshake, you can decrypt the keystrokes. You really don't have to though; there are only 256 possible encryption keys. Using a dictionary file you can check all possible keys and determine the correct one after only receiving 20-50 keystrokes. Their demo video shows them sniffing keystrokes from three different keyboards at the same time. Someone could potentially build a wireless keylogger that picks up every keystrokes from every keyboard in an office. You can read more about the attack in the whitepaper(pdf). [/QUOTE] Link to Video (for lazy /.er's) - http://www.remote-exploit.org/max/automated.html Link to Whitepaper (for all the people who post RTFA) - http://www.dreamlab.net/download/articles/27_Mhz_keyboard_insecurities.pdf

That idea came up when this item was posted to Hack A Day The reason for the limited reception range is that receivers use pathetically small, internal antennas: Mine was about 1/32 wavelength. With a full wave antenna or directional antenna, you can easily pick them up from outside a building. After I added a lager (1/4 or 1/8 wave) antenna to my receiver, I could type with my keyboard outside the house.

Just use a lava lamp or a camera with the lens cap on.

Check this hack out: http://www.hackaday.com/2007/09/18/haptic-radar-electronic-whiskers/
Hardware hack that lets you sense your surroundings.

http://www.hackaday.com/category/laser-hacks/

Then follow links, so very many links...

The one pin dot matrix, ink refills are cheap too.

I won't list her website here (it's on the Hackaday site) - can someone cache it and then provide a link?

I would love to be able to do something like this. Add a wireless color camera, and you got yourself a cheap video surveillance UAV. However, this project is not yet complete and not a working model. Perhaps something like this would be better on http://hackaday.com/ rather than /.

I for one welcome our monkey-with-modpoint overlords. :/

Also, welcome to a week ago, slashdot.

http://www.hackaday.com/2007/01/07/oldschool-nes-r epair-how-to/
On how to repair blinking nes

I've always been a big fan of Sprite_tm's projects. http://hackaday.com/search/?q=sprite_tm

Aside from problems mentioned above concerning the fact that this 'hack' involves mostly hardware removal and replacement (come on, you don't know that there isn't just some monkey handing you bills when you put your card in an ATM, do you???</sarcasm>), do no other /. readers check Hack A Day's RSS feed?

The relevance of this article to security is kind of vague, and its at least 5 days old - whats going on /.? Mod me for flaimbait, but I saw this last week and didn't consider my bank account in jeopardy, not even when the repo depo was hauling large, colored L-shapes and squares out of my living room...

...demonstrating that devices are neither tamper-resistant nor tamper-evident, and that even students with a spare weekend can take control of them. The banks are claiming that tnhis can be reproduced only "in the laboratory"...

Tamper-evident??? I'm sure that students with a spare weekend might include kids who can open plastic casings and then repaint and re-model them so that exterior evidence of tamper is minimal or nil, and then what happens when you replace the hardware? Surely you wouldn't write software for it that says "Hey! Some kids with a spare weekend have opened this terminal, replaced the hardware and are draining your bank account right now!"

This is FUD, aside from the point about having to use your PIN at a public terminal. And if a shopkeeper doesn't want you to know that he's tampered with the hardware, he doesn't have to. A security camera at the right angle and focus could capture PIN pad sequences, and if you know your regulars like most convenience store workers (which is where I use PIN pads the most, and yes places like WAL-MART have many more customers but fraud from 10 people is plenty, no need to wring out 1000s of WALLY WORLD idots with PIN pad scams, especially when you're already screwing them and your employees), then you can know whose PIN you have so one day they come in and "Oh, sorry, our card scaner is broken - I'll have to input the # by hand" and there you go - have good memory for 16 digits?

You should do it again, but use this infrared webcam hack so you don't have to have all that damn light! :D

http://www.hackaday.com/2005/03/14/make-an-infrare d-webcam/

Here's the link. The guy who conceived it works at Microsoft Research. See his resume (WARNING! PDF!)
I think he even did it as part of his job, but for some reason I can't find where I've seen it...