All your Nintendo Alarmo are belong to mew~ (Credit: GaryOderNichts, Blogspot)
Most of us will probably have seen Nintendo’s latest gadget pop up recently. Rather than a Switch 2 announcement, we got greeted with a Nintendo-branded alarm clock. Featuring a 2.8″ color LCD and a range of sensors, it can detect and respond to a user, and even work as an alarm clock for the low, low price of €99. All of which takes the form of Nintendo-themed characters alongside some mini-games. Naturally this has led people like [Gary] to buy one to see just how hackable these alarm clocks are.

As can be expected from a ‘smart’ alarm clock it has 2.4 GHz WiFi connectivity for firmware and content download, as well as a 24 GHz millimeter wave presence sensor. Before [Gary] even had received his Alarmo, others had already torn into their unit, uncovering the main MCU (STM32H730ZBI6) alongside a 4 GB eMMC IC, as well as the MCU’s SWD pads on the PCB. This gave [Gary] a quick start with reverse-engineering, though of course the MCU was protected (readout protection, or RDP) against firmware dumps, but the main firmware could be dumped from the eMMC without issues.

After this [Gary] had a heap of fun decrypting the firmware, which seems to always get loaded into the external octal SPI RAM before execution, as per the boot sequence (see featured image). This boot sequence offers a few possibilities for inserting one’s own (properly signed) contents. As it turns out via the USB route arbitrary firmware binaries can be loaded, which provided a backdoor to defeat RDP. Unfortunately the MCU is further locked down with Secure Access Mode, which prevents dumping the firmware again.

So far firmware updates for the Alarmo have not nailed shut the USB backdoor, making further reverse-engineering quite easy for the time being. If you too wish to hack your Alarmo and maybe add some feline charm, you can check [Gary]’s GitHub project.

hackaday.com/2024/10/30/tearin…

This week, Jonathan Bennett and Dan Lynch chat with Josh Bressers, VP of Security at Anchore, and host of the Open Source Security and Hacker History podcasts. We talk security, SBOMs, and how Josh almost became a Sun fan instead of a Linux geek.

– https://opensourcesecurity.io/feed/
– hackerhistory.com/feed/
– infosec.exchange/@joshbressers
– anchore.com/feed/

youtube.com/embed/0rbqMv3c0pY?…

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

hackaday.com/2024/10/30/floss-…

The name BeOS is one which tends to evoke either sighs of nostalgia or blank stares, mostly determined by one’s knowledge of the 1990s operating system scene. Originally released in 1995 by Be Inc., it was featured primarily on the company’s PowerPC-based BeBox computers, as well as being pitched to potential customers including Apple, who was looking for a replacement for MacOS. By then running on both PowerPC and x86-based systems, BeOS remained one of those niche operating systems which even the free Personal Edition (PE) of BeOS Release 5 from 1998 could not change.

As one of the many who downloaded BeOS R5 PE and installed it on a Windows system to have a poke at it, I found it to be a visually charming and quite functional OS, but saw no urgent need to use it instead of Windows 98 SE or 2000. This would appear to have been the general response from the public, as no BeOS revival ensued. Yet even as BeOS floundered and Be Inc. got bought up, sold off and dissected for its parts, a group of fans who wanted to see BeOS live on decided to make their own version. First called OpenBeOS and now Haiku, it’s a fascinating look at a multimedia-centric desktop OS that feels both very 1990s, but also very modern.

With the recent release of the R1 Beta 5 much has been improved, which raises the interesting question of how close Haiku is to becoming a serious desktop OS contender.

Writing A Haiku

Although some parts of BeOS (e.g. Tracker and Deskbar UI components) were open sourced with BeOS R5, for the most part the code of the Haiku project has been written from scratch. What helped a lot here was that even beyond the modular hybrid kernel the entire architecture of BeOS focused on modularity, allowing these developers in the early 2000s to gradually create new components to replace the proprietary ones in BeOS while testing them for regressions and bugs.

Even so, it took until September 2009 for the first Alpha release to be published, following eight years of intensive work. The first Beta came nine years later, at the end of September 2018, by which time support for x86_64 systems had also been added. This created an interesting inflection point, as only the 32-bit x86 version is fully binary compatible with BeOS R5, while the 64-bit version merely has compatible APIs. Unless you intend to run proprietary BeOS software this is probably not much of a concern, of course.

Currently, the Haiku project describes the OS as an ‘easy to use and lean open source operating system’, rather than limiting itself to being merely a way to run 1990s BeOS applications. The implications of this are covered in the general FAQ on the Haiku website along with a whole range of other common questions. The tl;dr is that while Haiku grew out of BeOS, its focus is mostly on maintaining BeOS’s unified vision for the desktop OS experience, which is why merely putting another skin around the Linux kernel would not have worked.

This drive to keep Haiku as a spiritual successor to BeOS can be seen in this and many other aspects, from its general appearance, to the name. Within BeOS the use of haiku (Japanese short-form poetry) was quite common, in particular in its NetPositive web browser error messages, such as:

Sites you are seeking
From your path they are fleeing
Their winter has come.

So What Does It Do?

Inevitably, when someone is confronted with Yet Another Open Source OS (YAOSO), the first question that comes to mind is what it does that another OS does not. After all, there are so many hobby OSes out there, all too often merely written to promote one’s pet language like Zig, Dart, NodeJS, Rust, D or another collection of letters that may or may not be infuriating to search for on the Internet. All of these OSes will tend to have a GUI, a file & internet browser, maybe someone has ported Tux Racer and some other bits of Linux userland, but with less functionality than the average Linux distribution these OS projects mostly spend a lot of time coming to terms with being less relevant than BeOS R5 and OS/2 Warp still are in the 2020s.

Here Haiku of course is a far cry from a hobby OS. Its kernel is inspired by the NewOS kernel, written by a former Be Inc. employee, it uses C++ and even GCC 2.x in places for that BeOS compatibility, but for new code you will be using a current C++ toolchain. You find the same GUI-centric user interface as BeOS had, though in the Terminal application you quickly find that it’s as familiar as any Linux or BSD shell, a pattern which persists in its POSIX compatibility. Meanwhile the overall user experience feels familiar to both old-school BeOS users and the average Windows user.

Although this is decidedly a personal matter, Haiku for me is a breath of fresh air compared to Yet Another Linux Distro (YALD) in the user interface consistency and the sheer snappiness. Booting Haiku takes seconds before you’re on the desktop, and the whole experience is that of a nimble single-user desktop system, rather like something such as Windows 98, except even faster and less crash-y. As for what it does when you’re on the desktop, it of course has the usual assortment of web browsers, office applications, multimedia players and editors, but as said earlier all of that is rather beside the point when the real question is whether you can use it as a daily driver.

This was also the point of a recent video by the Action Retro channel on YouTube, in which Haiku as a daily driver OS is attempted and found to be working quite well, even with video hardware acceleration in the Beta 4 release not implemented yet. My own experiences this year with Beta 4 and 5 mostly confirm this take, albeit mostly from the experience of a software developer doing some serious application porting.

Basically, how badly does Haiku break when you try to use it as a serious OS and port FFmpeg and Qt5-based applications to it?

No YALD, Just Haiku

While I am not sure how enthusiastic I am about swapping the Windows-style taskbar (incidentally replicated by most Linux GUIs) for the BeOS-style Deskbar, or the BeOS window decorations, you do get used to these differences. To get started with porting software you ideally use the pkgman package manager, which is reminiscent of FreeBSD’s pkg (and ports, incidentally). As I found out earlier this year when I ported my FFmpeg-based NymphCast project to Haiku, the OS is a lot closer to FreeBSD than Linux in many respects, including its file stat handling. This means no hacky lstat64() as on 64-bit dirty Linux platforms.

The whole string of dependencies required by the NymphCast project were all present and easily installed with pkgman, with the next challenge being that Haiku does not follow the Linux or BSD filesystem conventions. This is not unexpected, as it’s a desktop OS with absolutely no need to pretend that it dates back to an era when PDP-8s roamed the Earth. Instead it’s a multimedia-focused OS from the 1990s, with a filesystem that has a lot of added meta-data features, and a layout for installed applications and development files that mostly non-confusing.

The only real showstoppers that I came across during the porting of NymphCast was a lack of IPv6 support in Haiku, and stability issues in Beta 4, but switching to Beta 5 (nightly) and improving IPv6 handling in my code fixed this. Running through the compilation and installation procedure again on Beta 5 recently, I encountered no stability issues, just an issue (#6400) in the SDL2 package for Haiku that makes SDL2-based applications still somewhat of a no-go until the responsible hack gets fixed, at least from how I understand the issue.
Qt5-based NymphCast Player running on Haiku Beta 5.
For fun, I also tried building the Qt5-based NymphCast Player client in Haiku R1 Beta 5, which succeeded with absolutely zero issues. This application ran fine, connected to NymphCast server and media server instances running elsewhere on the network just fine, allowing me to control them as I would have on any other OS. How perfectly boring.

Is It Boring Enough?

In the question of whether an OS can be a daily driver I feel that there’s a lot being implied. When I consider my own OS preferences, having used MS-DOS, Win3.x, Win9x, Win2k, etc., as well as desktop Linux since SuSE Linux 6.3 in ’99, the BSDs, OS X and MacOS (post-OS X), I feel strongly that a good daily driver OS is one that is so utterly boring and Just Works that you spend as little time as possible thinking about the OS, while maximizing the time you are productive, have fun playing games, being online, and so on.

Windows has become more and more boring in this regard until Windows 7, when it began to tailspin with Windows 8 and is with Windows 11 less functional than Windows 3.11, or Windows 9x during the delightful winmodem days. Similarly OS X/MacOS decided to lock down the OS with its rootless ‘feature’, among other unpopular decisions with power users and developers. Combined with the many bugs in MacOS (e.g. in its printer spool that existed since at least 10.4), I was happy to move to Windows 10, which is only infuriating due to the horrid Flat Design Language and completely unnecessary Settings app.

Although 1998 was supposed to be the Year of the Linux Desktop, the fact remains that Linux as a desktop OS is not boring, but a constant exercise in troubleshooting the window manager, desktop environment, audio subsystem, a kernel module that vanished after a kernel upgrade, an uncooperative driver, hunting down a non-existent driver for a new WiFi dongle and so on. This is why I use Linux on an almost daily basis, but run a Windows desktop system.

When it pertains to Haiku, I feel that there’s some real potential for it to become as boring as Windows 2000, or even Windows XP or 7. I will be using Haiku more the coming months and likely years as it matures towards Release 1, along with ReactOS and similar open source OSes that strive to provide the user with the most boring and pleasantly unremarkable desktop experience possible.

hackaday.com/2024/10/30/haiku-…

We see a fair few glitcher projects, especially the simpler voltage glitchers. Still, quite often due to their relative simplicity, they’re little more than a microcontroller board and a few components hanging off some wires. PicoGlitcher by Hackaday.IO user [Matthias Kesenheimer] is a simple voltage glitcher which aims to make the hardware setup a little more robust without getting caught up in the complexities of other techniques. Based on the Raspberry Pico (obviously!), the board has sufficient niceties to simplify glitching attacks in various situations, providing controllable host power if required.

A pair of 74LVC8T245 (according to the provided BoM) level shifters allow connecting to targets at voltages from 1.8 V to 5 V if powered by PicoGlitcher or anything in spec for the ‘245 if target power is being used. In addition to the expected RESET and TRIGGER signals, spare GPIOs are brought out to a header for whatever purpose is needed to control a particular attack. If a programmed reset doesn’t get the job done, the target power is provided via a TPS2041 load switch to enable cold starts. The final part of the interface is an analog input provided by an SMA connector.

The glitching signal is also brought out to an SMA connector via a pair of transistors; an IRLML2502 NMOS performs ‘low power’ glitching by momentarily connecting the glitch output to ground. This ‘crowbarring’ causes a rapid dip in supply voltage and upsets the target, hopefully in a helpful way. An IRF7807 ‘NMOS device provides a higher power option, which can handle pulse loads of up to 66A. Which transistor you select in the Findus glitching toolchain depends on the type of load connected, particularly the amount of decoupling capacitance that needs to be discharged. For boards with heavier decoupling, use the beefy IRF7807 and accept the glitch won’t be as sharp as you’d like. For other hardware, the faster, smaller device is sufficient.

The software to drive PicoGlitcher and the hardware design files for KiCAD are provided on the project GitHub page. There also appears to be an Eagle project in there. You can’t have too much hardware documentation! For the software, check out the documentation for a quick overview of how it all works and some nice examples against some targets known to be susceptible to this type of attack.

For a cheap way to glitch an STM8, you can just use a pile of wires. But for something a bit more complicated, such as a Starlink user terminal, you need something a bit more robust. Finally, voltage glitching doesn’t always work, so the next tool you can reach for is a picoEMP.

youtube.com/embed/HGCZwSZWE1I?…

hackaday.com/2024/10/30/use-pi…

Qual è il bilancio dopo 10 mesi di governo Tusk, a un anno dalla vittoria nelle elezioni parlamentari? Ho scritto un'analisi per ResetDoc, partendo dalla svolta securitaria in materia di immigrazione.

What's the balance after 10 months of Tusk's government, one year after the victory in the parliamentary elections? I wrote an analysis for ResetDoc.

resetdoc.org/story/polands-imm…

Poland’s Immigration Law: Tusk’s Struggle to Hold the Center

“Regain control, ensure security.” This is the slogan of a draft law promoted by Polish Prime Minister Donald Tusk and adopted by his government to outline the country’s migration strategy from 2025 to 2030.

^{Reset DOC}

Frontiere Sonore Radio Show Ep. 4: Simone inizia una sezione di presentazione di piccole etichette italiane, in questa puntata presentiamo Stanze Fredde Records di Torino

iyezine.com/frontiere-sonore-r…

#radio

Frontiere Sonore Radio Show Ep. 4

Frontiere Sonore Radio Show Ep. 4 - Frontiere Sonore Radio Show Ep. 4: Simone inizia una sezione di presentazione di piccole etichette italiane, in questa puntata presentiamo Stanze Fredde Records di Torino -

^{Simone Benerecetti (In Your Eyes ezine)}

The Animal Kingdom, In un futuro prossimo alcuni umani iniziano a mutare trasformandosi gradualmente in animali.

iyezine.com/the-animal-kingdom

The Animal Kingdom

The Animal Kingdom - The Animal Kingdom, In un futuro prossimo alcuni umani iniziano a mutare trasformandosi gradualmente in animali. - The Animal Kingdom

^{Roberto Pardini (In Your Eyes ezine)}

La legge Calderoli spezzetta l'Italia e peggiora i iservizi "per tutti". Quello che migliora, se si vuol dire così, è il potere dei Presidenti di Regione e la "vicinanza" fra grossi imprenditori locali ed il sistema di potere.
Altro proprio non mi sovviene.

#autonomiadifferenziata