Hardware Hacking

ARM Processor On a Breadboard (hackaday.com) 4

An anonymous reader writes: A normal Arduino is easy to use and cheap, but it is a reasonably slow 8-bit processor with limited memory. Why do people use them? They are simple to use and set up. Hackaday shows how to take a cheap ($6) 32-bit CPU in a breadboard-friendly package, plug in a small number of parts (resistors, LEDs, and a cable), and use an online Arduino-like IDE to program it. The chip is way more powerful than an 8-bit Arduino and the code is comparable in complexity to an Arduino sketch that does the same thing. It's an easy way to get into embedded without having to suffer through 8-bit processors. And the new Arduinos also use 32-bit ARM, so that's an option too.

Disclosed Netgear Flaws Under Attack (threatpost.com) 9

msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the research teams that it addressed the problem adequately. The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300- The flaw allows an attacker, without knowing the router password, to access the administration interface.

Amazon: a Single Disaster Made Us Rethink Our Cloud Supply Chain (datacenterfrontier.com) 14

1sockchuck writes: At this week's AWS re:Invent conference, Amazon Web Services introduced new features and looked ahead to a future in which enterprise computing shifts to the cloud. But AWS also looked back at how a disaster reshaped its supply chain. In 2011, an unusually heavy monsoon season led to massive flooding in Thailand, which at the time manufactured nearly half of the world's supply of hard disk drives (HDDs). Prices soared and shortages developed, and Amazon's usual vendors were unable to deliver the volume the company sought to support its fast-growing cloud computing platform. "When a single flood hits half the manufacturing supply, and you don't have a direct relationship with suppliers, it turns out to be hard to get what you need," said AWS executive Jerry Hunter. So AWS executives jumped on a plane, flew to Thailand, and began building direct relationships that would support their shift to company-built hardware.

Microsoft's Mission To Reignite the PC Sector (nytimes.com) 90

HughPickens.com writes: Sales of personal computers have been declining for so long — 14 consecutive quarters — that it's hard remember a time when PCs ruled the tech world. Now Nick Wingfield writes in the NY Times that Microsoft is leading the way on a mission to re-ignite the PC market by taking the once-unthinkable step of competing with its hardware partners. This week, Microsoft dived even further into the business with a laptop device, the Surface Book. The stated reason that Microsoft got into the PC hardware business three years ago, with the original Surface, was not to put PC companies out of business — but to better illustrate the capabilities of its software, providing devices that would inspire PC makers to be more innovative.

One of the most remarkable things about Microsoft's growing presence in the hardware business is that it has not led to open revolt among its partners. Initially, many of them were not happy about Microsoft's moves, complaining in private. "It's positioned as a laptop, very squarely against the MacBook Pro as an example. But that could also be extended to a Dell XPS 13, or an HP x360," says Patrick Moorhead. One reason there hasn't been more pushback from OEMs is that Microsoft's Surface business is still relatively small. Another is that the money Microsoft has poured into marketing Surface has raised the broader profile of Windows PCs. While Microsoft obviously risks alienating its partners, it's doing so with a much bigger fight in mind. "Right now Microsoft really believes that it has to have a combined hardware, software, and services play to go up against the likes of Apple," says Moorhead. "That's why it's doing this. That's why it's taking such an aggressive stance now, moving to laptops."

Operating Systems

NetBSD 7.0 Released (netbsd.org) 35

An anonymous reader writes: After three years of development and over a year in release engineering, NetBSD 7.0 has been released. Its improvements include added support for many new ARM boards including the Raspberry Pi 2, major improvements to its multiprocessor-compatible firewall NPF, kernel scripting in Lua, kernel mode-setting for Intel and Radeon graphics chips, and a daemon called blacklistd(8) which integrates with numerous network daemons and shields them from flood attempts.

Poll Biggest factor for personal data protection: 57

Looks like someone has already voted from this IP. If you would like to vote please login and try again.

Percentage of others that also voted for:


Linus: '2016 Will Be the Year of the ARM Laptop' (softpedia.com) 92

jones_supa writes: Linus Torvalds took the stage at LinuxCon Europe in Dublin, Ireland, and talked about a number of things, including security and the future for Linux on ARM hardware. There is nothing that will blow your mind, but there are a couple of interesting statements nonetheless. Chromebooks are slowly taking over the world, and a large number of those Chromebooks are powered by ARM processors. "I'm happy to see that ARM is making progress. One of these days, I will actually have a machine with ARM. They said it would be this year, but maybe it'll be next year. 2016 will be the year of the ARM laptop," said Linus excitedly. He also explained that one of the problems now is actually finding people to maintain Linux. It's not a glorious job, and it usually entails answering emails seven days a week. Finding someone with the proper set of skills and the time to do this job is difficult.

Reserchers Say Fukushima Child Cancer Rates 20-50x Higher Than Expected (ap.org) 83

New submitter JackSpratts writes: According to the Associated Press, "A new study says children living near the Fukushima nuclear meltdowns have been diagnosed with thyroid cancer at a rate 20 to 50 times that of children elsewhere, a difference the authors contend undermines the government's position that more cases have been discovered in the area only because of stringent monitoring.

Most of the 370,000 children in Fukushima prefecture (state) have been given ultrasound checkups since the March 2011 meltdowns at the tsunami-ravaged Fukushima Dai-ichi nuclear plant. The most recent statistics, released in August, show that thyroid cancer is suspected or confirmed in 137 of those children, a number that rose by 25 from a year earlier. Elsewhere, the disease occurs in only about one or two of every million children per year by some estimates."


Debian Dropping Linux Standard Base (lwn.net) 130

basscomm writes: For years (as seen on Slashdot) the Linux Standard Base has been developed as an attempt to reduce the differences between Linux distributions in an effort significant effort. However, Debian Linux has announced that they are dropping support for the Linux Standard Base due to a lack of interest.

From the article: "If [Raboud's] initial comments about lack of interest in LSB were not evidence enough, a full three months then went by with no one offering any support for maintaining the LSB-compliance packages and two terse votes in favor of dropping them. Consequently, on September 17, Raboud announced that he had gutted the src:lsb package (leaving just lsb-base and lsb-release as described) and uploaded it to the "unstable" archive. That minimalist set of tools will allow an interested user to start up the next Debian release and query whether or not it is LSB-compliant—and the answer will be 'no.'"


US Government Will Not Force Companies To Decode Encrypted Data... For Now (washingtonpost.com) 94

Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate. The EFF has also compiled a report showing where the major tech companies stand on encryption.

Chicago Mayor Calls For National Computer Coding Requirement In Schools (thehill.com) 169

theodp writes: On Thursday, Chicago Mayor Rahm Emanuel called on the federal government to make computer coding classes a requirement of high-school graduation (video). Back in December 2013, Emanuel — who previously served as President Obama's chief of staff — joined then-Chicago Public Schools CEO Barbara Byrd-Bennett to announce a comprehensive K-12 computer science program for CPS students, including a partnership with then-nascent Code.org. "[Y]ou need this skill Make it a high-school graduation requirement," Emanuel said. "They need to know this stuff. In the way that I can get by kind of being OK by it, they can't.

LogMeIn To Acquire LastPass For $125 Million (lastpass.com) 84

An anonymous reader writes: LogMeIn has agreed to acquire LastPass, the popular single-sign-on (SSO) and password management service. Under the terms of the transaction, LogMeIn will pay $110 million in cash upon close for all outstanding equity interests in LastPass, with up to an additional $15 million in cash payable in contingent payments which are expected to be paid to equity holders and key employees of LastPass upon the achievement of certain milestone and retention targets over the two-year period following the closing of the transaction.

First Successful Collision Attack On the SHA-1 Hashing Algorithm (google.com) 69

Artem Tashkinov writes: Researchers from Dutch and Singapore universities have successfully carried out an initial attack on the SHA-1 hashing algorithm by finding a collision at the SHA1 compression function. They describe their work in the paper "Freestart collision for full SHA-1". The work paves the way for full SHA-1 collision attacks, and the researchers estimate that such attacks will become reality at the end of 2015. They also created a dedicated web site humorously called The SHAppening.

Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.


Verizon Boosts Price of Grandfathered Unlimited Data Plans By $20 (theverge.com) 157

nicholasjay writes: In November, Verizon Wireless is going to start charging its customers with the grandfathered "unlimited data" plans an extra $20 for the data. This is obviously an attempt to get people off of the old unlimited data plans. Even though a Verizon spokesperson confirmed the change, I'm hoping they won't go through with this plan — but right now I'm weighing all my options.

Apple Approves, Then Removes In-App Ad Blocker (reuters.com) 75

Mickeycaskill writes: Apple has pulled a number of applications from the App Store, most notably the "Been Choice" ad blocker, because of concerns the methods they employ to rid adverts could compromise sensitive user data. iOS 9 allows for the installation of applications that block adverts in Safari, but other apps like Been Choice go one step further and let users remove adverts from applications – including Apple News. Been Choice routes traffic through a VPN to filter out adverts in some applications, but it this technique has attracted the attention of Apple, which is concerned user data could be exposed. Apple says it is working with developers to get their apps back up and Been is refining its application for resubmission. In any case, Been says users must opt-in for in-app ad blocking and that no data is stored on its servers.

Emissions Scandal Expands: Mercedes-Benz, Honda, Mazda, and Mitsubishi (theguardian.com) 345

An anonymous reader writes: Volkswagen has taken some serious heat for deliberately circumventing emissions tests with "defeat devices" in some of their vehicles. While no other cars have been found to use specific devices to fool tests in the same way, we're now learning that many manufacturers still mysteriously perform worse in the real world. Last week, the Guardian revealed that diesel cars from Nissan, Hyundai, Citroen, Fiat, Volvo, and Renault emitted significantly more pollution in realistic driving conditions than the tests supposedly allow. Now, we learn that vehicles from Mercedes-Benz, Honda, Mazda, and Mitsubishi emit substantially more than they should as well. For example: "Mercedes-Benz's diesel cars produced an average of 0.406g/km of NOx on the road, at least 2.2 times more than the official Euro 5 level and five times higher than the Euro 6 level. Honda's diesel cars emitted 0.484g/km of NOx on average, between 2.6 and six times the official levels." This provides clear evidence that the automotive industry is designing its cars to follow the letter of the law (passing tests), but not the spirit (actually reducing pollution).