Transportation

Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars (bleepingcomputer.com) 60

An anonymous reader writes: Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes -- called rolling codes or hopping code -- should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars...

The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."

His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.
Mozilla

Donate Your Noise To Xiph/Mozilla's Deep-Learning Noise Suppression Project (xiph.org) 119

Mozilla-backed researchers are working on a real-time noise suppression algorithm using a neural network -- and they want your noise! Long-time Slashdot reader jmv writes: The Mozilla Research RRNoise project combines classic signal processing with deep learning, but it's small and fast. No expensive GPUs required -- it runs easily on a Raspberry Pi. The result is easier to tune and sounds better than traditional noise suppression systems (been there!). And you can help!
From the site: Click on this link to let us record one minute of noise from where you are... We're interested in noise from any environment where you might communicate using voice. That can be your office, your car, on the street, or anywhere you might use your phone or computer.
They claim it already sounds better than traditional noise suppression systems, and even though the code isn't optmized yet, "it already runs about 60x faster than real-time on an x86 CPU."
Google

Google Assistant Coming Soon To More Speakers, Appliances and Other Devices (techcrunch.com) 50

Google announced today several new third-party speakers that will support the Assistant. Their blog post is a follow-up to a post in May where they announced the general availability of the Google Assistant SDK, which lets anyone download and run the Google Assistant on the gadget of their choice. TechCrunch reports: That's likely to be good for both the voice-powered assistant market, as well as for Google's ability to use its service to collect useful data which it can then use to work on its advertising and marketing products. The more places Assistant appears, the more likely it is that people will engage with the voice companion, and that's not territory Google wants to cede to someone like Amazon. Some of the devices getting Google Assistant coming to IFA include the Anker Zolo Mojo, a small cylinder speaker that's sort of like a third-party Google Home, which will go on sale in late October. Two other smart speakers powered by Assistant, including the Panasonic GA10 and the TicHome Mini, are also on their way. Google is also now making it possible to use Assistant to check on the state of your laundry or dishes, using an integration with LG's line of home appliances, which also includes voice commands for LG's Roomba competitor.
NASA

NASA is Sending Bacteria Into the Sky on Balloons During the Eclipse (cnbc.com) 54

An anonymous reader shares a report: As the Moon blocks the Sun's light completely next week in a total solar eclipse, more than 50 high-altitude balloons in over 20 locations across the US will soar up to 100,000 feet in the sky. On board will be Raspberry Pi cameras, weather sensors, and modems to stream live eclipse footage. They'll also have metal tags coated with very hardy bacteria, because NASA wants to know whether they will survive on Mars. Every time we send a rover to the Red Planet, our own microorganisms latch on to them and hitch a ride across space. What happens to these bacteria once they're on Mars? Do they mutate? Do they die? Or can they continue living undisturbed, colonizing worlds other than our own? To answer these questions we need to run experiments here on Earth, and the eclipse on August 21st provides the perfect opportunity. The balloons are being sent up by teams of high school and college students from across the US as part of the Eclipse Ballooning Project, led by Angela Des Jardins of Montana State University. When Jim Greene, the director of planetary science at NASA, first heard that over 50 balloons were being flown to the stratosphere to live stream the eclipse, he couldn't believe his ears. "I said, oh my god, that's like being on Mars!" Greene tells The Verge. NASA couldn't pass on the opportunity.
Microsoft

Microsoft Won't Patch 20-Yr-Old SMBv1 Vulnerability (You Should Just Turn the Service Off) (onmsft.com) 131

An anonymous reader shares a news post: Following the recent WannaCry and Petya ransomware attacks, Microsoft recommended all Windows 10 users to remove the unused but vulnerable SMBv1 file sharing protocol from their PCs. This is because both variants of the ransomware actually used the same SMBv1 exploit to replicate through network systems, even though it seems that Petya mostly affected Windows PCs in Ukraine. Anyway, if you haven't turned off the protocol on the PC already, you really should: Not only because new WannaCry/Petya variants could once again use the same vulnerability again to encrypt your files, but because another 20-year-old flaw has just been unveiled during the recent DEF CON hacker conference. The SMB security flaw called "SMBLoris" was discovered by security researchers at RiskSense, who explained that it can lead to DoS attacks affecting every version of the SMB protocol and all versions of Windows since Windows 2000. More importantly, a Raspberry Pi and just 20 lines of Python code are enough to put a Windows server to its knees.
Open Source

FreeBSD 11.1 Released (freebsd.org) 219

Billly Gates writes: Linux is not the only free open-source operating system. FreeBSD, which is based off of the historical BSD Unix in which TCP/IP was developed on from the University of California at Berkeley, has been updated. It does not include systemd nor PulseAudio and is popular in many web server installations and networking devices. FreeBSD 11.1 is out with improvements in UEFI and Amazon cloud support in addition to updated userland programs. EFI improvements including a new utility efivar(8) to manage UEFI variables, EFI boot from TFTP or NFS, as well as Microsoft Hyper-V UEFI and Secure Boot for generation 2 virtual machines for both Windows Server and Windows 10 Professional hosts. FreeBSD 11.1 also has extended support Amazon Cloud features. A new networking stack for Amazon has been added with the ena(4) driver, which adds support for Amazon EC2 platform. This also adds support for using Amazon EC2 NFS shares and support for the Amazon Elastic Filesystem for NFS. For application updates, FreeBSD 11.1 Clang, LLVM, LLD, LLDB, and libc++ to version 4.0.0. ZFS has been updated too with a new zfsbootcfg with minor performance improvements. Downloads are here which include Sparc, PowerPC, and even custom SD card images for Raspberry Pi, Beagle-bone and other devices.
Operating Systems

48-Year-Old Multics Operating System Resurrected (multicians.org) 94

"The seminal operating system Multics has been reborn," writes Slashdot reader doon386: The last native Multics system was shut down in 2000. After more than a dozen years in hibernation a simulator for the Honeywell DPS-8/M CPU was finally realized and, consequently, Multics found new life... Along with the simulator an accompanying new release of Multics -- MR12.6 -- has been created and made available. MR12.6 contains many bug and Y2K fixes and allows Multics to run in a post-Y2K, internet-enabled world.
Besides supporting dates in the 21st century, it offers mail and send_message functionality, and can even simulate tape and disk I/O. (And yes, someone has already installed Multics on a Raspberry Pi.) Version 1.0 of the simulator was released Saturday, and Multicians.org is offering a complete QuickStart installation package with software, compilers, install scripts, and several initial projects (including SysDaemon, SysAdmin, and Daemon). Plus there's also useful Wiki documents about how to get started, noting that Multics emulation runs on Linux, macOS, Windows, and Raspian systems.

The original submission points out that "This revival of Multics allows hobbyists, researchers and students the chance to experience first hand the system that inspired UNIX."
Hardware

Raspberry Pi's Smaller, Cheaper Rival: NanoPi Neo Plus2 Weighs in at $25 (zdnet.com) 121

FriendlyARM, the maker of compact NanoPi developer boards, has released the NanoPi Neo Plus2 for $25. From a report: This board is an update to the recently released NanoPi Neo 2, a $15 cookie-sized developer board measuring 40mm x 40mm (1.6in) with a 64-bit Allwinner H5 processor, 512MB RAM, and one USB port. The NanoPi Neo Plus2 is slightly larger at 52mm x 40mm (2in x 1.6in) and has two USB ports. It has the same H5 quad-core A53 ARM Cortex processor, but comes with 1GB RAM and 8GB eMMC storage. The NeoPlus2's storage in addition to Gigabit Ethernet puts it ahead of the Raspberry Pi 3 on paper, and at $25 undercuts the better-known board by $10.
Open Source

Linux Kernel 4.12 Officially Released (softpedia.com) 55

prisoninmate quotes Softpedia: After seven weeks of announcing release candidate versions, Linus Torvalds today informs the Linux community through a mailing list announcement about the general availability of the Linux 4.12 kernel series. Development on the Linux 4.12 kernel kicked off in mid-May with the first release candidate, and now, seven weeks later we can finally get our hands on the final release... A lot of great improvements, new hardware support, and new security features were added during all this time, which makes it one of the biggest releases, after Linux 4.9...

Prominent features of the Linux 4.12 kernel include initial support for AMD Radeon RX Vega graphics cards, intial Nvidia GeForce GTX 1000 "Pascal" accelerated support, implementation of Budget Fair Queueing (BFQ) and storage-I/O schedulers, more MD RAID enhancements, support for Raspberry Pi's Broadcom BCM2835 thermal driver, a lot of F2FS optimizations, as well as ioctl for the GETFSMAP space mapping ioctl for both XFS and EXT4 filesystems.

Linus said in announcing the release that "I think only 4.9 ends up having had more commits," also noting that 4.9 was a Long Term Support kernel, whereas "4.12 is just plain big."

"There's also nothing particularly odd going on in the tree - it's all just normal development, just more of it than usual."
Programming

Raspberry Pi Wins UK's Top Engineering Award (bbc.com) 54

An anonymous reader shares a BBC report: The team behind the device was awarded the Royal Academy of Engineering's MacRobert Prize at a ceremony in London last night. The tiny computer launched in 2012. Its designers hoped to introduce children to coding and had modest ambitions. They beat two other finalists, cyber-security company Darktrace and radiotherapy pioneers Vision RT, to win the prize. Previous winners of the innovation award, which has been run since 1969, include the creators of the CT (computerised tomography) scanner; the designers of the Severn Bridge; and the team at Microsoft in Cambridge that developed the Kinect motion sensor.
Hardware

Survey Says: Raspberry Pi Still Rules, But X86 SBCs Have Made Gains (linuxgizmos.com) 82

DeviceGuru writes: Results from LinuxGizmos.com's annual hacker-friendly single board computer survey are in, and not surprisingly, the Raspberry Pi 3 is the most desired maker SBC by a 4-to-1 margin. In other trends: x86 SBCs and Linux/Arduino hybrids have trended upwards. The site's popular hacker SBC survey polled 1,705 survey respondents and asked for their first, second, and third favorite SBCs from a curated list of 98 community oriented, Linux- and Android-capable boards. Spreadsheets comparing all 98 SBCs' specs and listing their survey vote tallies are available in freely downloadable Google Docs.
Other interesting findings:
  • "A Raspberry Pi SBC has won in all four of our annual surveys, but never by such a high margin."
  • The second-highest ranked board -- behind the Raspberry Pi 3 -- was the Raspberry Pi Zero W.
  • "The Raspberry Pi's success came despite the fact that it offers some of the weakest open source hardware support in terms of open specifications. This, however, matches up with our survey responses about buying criteria, which ranks open source software support and community over open hardware support."
  • "Despite the accelerating Raspberry Pi juggernaut, there's still plenty of experimentation going on with new board models, and to a lesser extent, new board projects."

Network

Ask Slashdot: Best Way To Isolate a Network And Allow Data Transfer? 237

Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?
Programming

Community Ports 'Visual Studio Code' To Chromebooks, Raspberry Pi (infoworld.com) 79

An anonymous reader quotes InfoWorld: A community build project led by developer Jay Rodgers is making Visual Studio Code, Microsoft's lightweight source code editor, available for Chromebooks, Raspberry Pi boards, and other devices based on 32-bit or 64-bit ARM processors. Supporting Linux and Chrome OS as well as the DEB (Debian) and RPM package formats, the automated builds of Visual Studio Code are intended for less-common platforms that might not otherwise receive them. Obvious beneficiaries will be IoT developers focused on ARM devices -- and the Raspberry Pi in particular -- who will find it helpful to have the editor directly on the device they're programming against... Rodgers said the lure of Visual Studio Code for him was its user-friendly interface, making it approachable for new users.
Security

Linux Malware Infects Raspberry Pi Devices And Makes Them Mine Cryptocurrency (hothardware.com) 84

An anonymous reader quotes Hot Hardware: If you're a Raspberry Pi user who's never changed the default password of the "pi" user, then heed this warning: change it. A brand new piece of malware has hit the web, called "Linux.MulDrop.14", and it preys on those who haven't secured their devices properly... After scanning for RPis with an open (and default) SSH port, the "pi" user is logged into (if the password is left default), and the password is subsequently changed. After that, the malware installs ZMap and sshpass software, and then it configures itself. The ultimate goal of Linux.MulDrop.14 is to make digital money for someone else, namely the author of the malware, using your Raspberry Pi.
Media

OpenELEC 8.0.4 Kodi-Focused Linux Distro Now Available (openelec.tv) 43

BrianFagioli writes: Unfortunately, Kodi is not its own operating system, meaning it has to be run on top of an OS. Sure, you could use Windows 10, but that is overkill if you only want to run Kodi. Instead, a lightweight Linux distribution that only serves to run the media center is preferable. One of the most popular such distros is OpenELEC. It can run on traditional PC hardware, but also Raspberry Pi, and, my favorite — WeTek boxes. Today, version 8.0.4 achieves stable release. It is a fairly ho-hum update, focusing mostly on fixes and stability.

The team shares the following changes in the release.

- fix crash in WeTek DVB driver on WeTek Play (1st gen).
- enable Kernel NEON mode for RPi2 builds.
- enable some more SOC sound drivers for RPi/RPi2 builds.
- enable Regulator support on all builds.
- enable Extcon support on all builds.
- fix loading for some I2C sound modules on RPI/RPi2 builds.
- fix loading splash screen on systems with Nvidia GPUs.
- fix speed problems on Nvidia ION systems.
- fix problems loading dvbhdhomerun addons.
- fix using user created sleep scripts.
- build PNG support with SSE support for x86_64 builds.
- update to linux-4.9.30, mesa-17.0.7, alsa-lib-1.1.4.1, alsa-utils-1.1.4, kodi-17,3, mariadb-10.1.23, samba-4.6.4.

Google

Google Releases DIY Open Source Raspberry Pi Voice Kit Hardware (betanews.com) 31

BrianFagioli writes: Google has decided to take artificial intelligence to the maker community with a new initiative called AIY. This initiative will introduce open source AI projects to the public that makers can leverage in a simple way. Today, Google announces the first-ever AIY project. Called "Voice Kit," it is designed to work with a Raspberry Pi 3 Model B to create a voice-based virtual assistant. Billy Rutledge, Director of AIY Projects for Google, explains, "The first open source reference project is the Voice Kit: instructions to build a Voice User Interface (VUI) that can use cloud services (like the new Google Assistant SDK or Cloud Speech API) or run completely on-device. This project extends the functionality of the most popular single board computer used for digital making -- the Raspberry Pi. The included Voice Hardware Accessory on Top (HAT) contains hardware for audio capture and playback: easy-to-use connectors for the dual mic daughter board and speaker, GPIO pins to connect low-voltage components like micro-servos and sensors, and an optional barrel connector for dedicated power supply. It was designed and tested with the Raspberry Pi 3 Model B."
Privacy

'World's Most Secure' Email Service Is Easily Hackable (vice.com) 77

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the "world's most secure email service." The startup goes on to suggest that "everything else is insecure." So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx's claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) -- hence the brand name -- servers, which the company claims to be inherently "vulnerable." Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx's "code is riddled with bad examples of how to do things." The worst issue, Helme explained, is that the Nomx's web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. "I could read emails, send emails, and delete emails. I could even create my own email address," Helme told Motherboard in an online chat. A report on BBC adds: Nomx said the threat posed by the attack detailed by Mr Helme was "non-existent for our users." Following weeks of correspondence with Mr Helme and the BBC Click Team, he said the firm no longer shipped versions that used the Raspberry Pi. Instead, he said, future devices would be built around different chips that would also be able to encrypt messages as they travelled. "The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail - they've already been proven that they are under attack millions of times daily," he said. "Why we invented Nomx was for the security of keeping your data off those large cloud providers. To date, no Nomx accounts have been compromised."
NES (Games)

Geek Builds His Own NES Classic With A Raspberry Pi (arstechnica.com) 132

"It turns out that the NES Classic Edition is just a little Linux-powered board inside a cute case," writes Andrew Cunningham at Ars Technica, "and it's totally possible to build your own tiny Linux-powered computer inside a cute case without spending much more than $60." An anonymous reader writes: Andrew used a $42 Raspberry Pi 3 Model B -- "it's relatively cheap and relatively powerful, and it can easily handle anything from the original PlayStation on down" -- plus an $8 case, and a microSD card. He also purchased a pair of gamepads -- there's several options -- and reports that "Putting our little box together is ridiculously easy, and you ought to have no problem with it even if you've never opened up a PC tower in your life."

"Making retro game consoles is a fairly common use case for the Pi, so there are a few different operating system choices out there," Andrew reports, and he ultimately chose the Linux-based RetroPie OS, which includes a number of emulators. Basically the process boils down to dropping a RetroPie boot image onto the SD card, putting it into the Pi, and then plugging it into your display and connecting your controllers -- plus configuring some menus. "The default quality of the emulation looks just as good as it does on the NES Classic Edition," and "the emulators for these older systems are all advanced enough that things should mostly run just like they did on the original hardware... I've been having a ton of fun with mine now that it's all set up, and its flexibility (plus the quality of those USB gamepads) has made it my favorite way to play old games, outpacing my Apple TV, the pretty but not-living-room-friendly OpenEmu, and the old hacked Wii I still have sitting around."

The hardest part may just be finding a PC with an SD card slot -- and of course, the resulting system gives you lots of flexibility. "By using the Raspberry Pi and freely available software, you can build something capable of doing a whole heck of a lot more than playing the same 30 NES games over and over again."
Hardware

FriendELEC Releases $40 NanoPi K2 Board That Competes With ODROID-C2, Raspberry Pi 3 (cnx-software.com) 80

DeathByLlama writes: The single board computer market, broken wide-open just a few years ago by the Raspberry Pi Foundation, continues to flourish today as FriendELEC releases their $40 NanoPi K2 board. This SBC packs a 1.5 GHz 64-bit quad core Amlogic S905 processor, and paired with 2GB of DDR3 RAM and the Mali-450MP GPU, it is able to stream 4K at 60 FPS. Add in gigabit ethernet, onboard Wi-Fi, Bluetooth, IR (and a remote!), eMMC compatibility, a familiar GPIO header, and a $40 price tag, and you end up with some stiff competition for other market leaders like Hardkernel's ODROID-C2 and Raspberry Pi's flagship Pi 3. The release is clearly in early phases with Ubuntu images and house-sold eMMC modules still on their way. It's amazing to see such strong competition in this market -- and with so many sub-$100, incredibly capable SBC options, which will choose?
Media

OpenELEC 8.0 Linux Distro Released For PC, Raspberry Pi, WeTek Hub (betanews.com) 50

BrianFagioli writes: Today, popular Linux distro OpenELEC reaches version 8.0 stable. This operating system leverages Kodi to provide a well-rounded media center experience. Not only are there images for PC, but for Raspberry Pi, and WeTek boxes too.

'OpenELEC 8.0 release contains a Kodi major version bump. If you are updating from OpenELEC 7.0 or earlier we strongly recommend you perform a full backup before performing a manual update. If you experience issues please perform a soft-reset to clear OpenELEC and Kodi settings,' says Stephan Raue, OpenELEC.

Slashdot Top Deals