Hackaday Links: July 4, 2021

As rescue and recovery efforts in the horrific collapse in Florida this week are still ongoing, we noted with interest some of the technologies used on the site. Chief among them was the contribution of the Israeli Defense Forces (IDF), whose secret block 9900 was revealed a 3D imaging system to help locate victims trapped in the rubble. The photos are very similar to the 3D “extrusions” that appear in Google Maps when you zoom in on the satellite and change the angle, but are apparently made up of very recent aerial or satellite photos that show damage to the building. The idea is to map where parts of the building – and unfortunately the occupants of the building – ended up in the pile of rubble, allowing responders to focus on the areas where victims are most likely to be located. The technology, developed to precisely target military targets, has apparently already found several cavities in the wreckage that were not obvious to rescue teams. Here we hope that the system pays off and that we will learn a little about how it works.

Radio enthusiasts, pay attention: your hobby can simply deceive you from the authorities if you are not careful. This seems to be the case for a Stanislav Stetsenko, a resident of Crimea, who was arrested on suspicion of treason this week. Video of the arrest was published showing the equipment Stetsenko allegedly used to track Russian military aircraft on behalf of Ukraine: several SDR keys, a very dusty laptop with an Airspy SDR #, a portable ICOM IC-R6 communication receiver and various maps and diagrams. In short, it looks almost like what I can see on my own desk right now. We know little about the politics around this, but give a pause to consider how non-technical people view those with technical hobbies.

If you can choose a superpower that you suddenly have, you will really need to think carefully. Of course, it would be convenient to shoot cobwebs or burst into flames, but the whole idea of ​​some kind of shooting from your wrists seems rough and what a nuisance you should keep buying new clothes after each burn. Maybe just teaching yourself a new sense, such as echolocation, would be a better place to start. And as it turns out, not only is it possible for people to echolocate, but it’s actually not that hard to learn. The researchers used a group of blind and sighted people for the test between the ages of 21 and 79 and subjected them to a 10-week training program to learn click-based echolocation. After receiving the basics of clicks and listening to the return in an anechoic chamber, participants went through a series of tasks, such as discrimination in size and orientation of objects and virtual navigation. The newly cut sonar was also released in the real world to test their skills. Three months after the study, the blind participants mostly kept their new skills and most of them still use it and report that it has improved their quality of life.

As with everything else he does, Elon Musk has drawn a lot of criticism for his Starlink satellite internet service. The growing constellation of satellites worries astronomers, terrestrial ISPs worry that the service will kill their business model, and the beta version of the Starlink dish turned out to be flakey in the summer heat. But because of the cost of equipment, Musk has taken the most trouble, which seems unfair the tears we have seen clearly show that the phase antenna in the Starlink antenna sells for less than it costs to build. Still, Musk assures the world Starlink home terminals will drop in the $ 250 to $ 300 range soon and that the system could have 500,000 users in one year. There were several other interesting insights, such as where Musk sees Starlink in terms of 5G and how he positions Starlink to provide transmission services to cellular companies.

This is embarrassing. Last week, we mentioned that some unfortunate users of an outdated but still popular NAS device found that their data had disappeared, apparently due to abuses of access to the device via the Internet and forcing a factory reset. Since this seems like something that should require entering a password, someone looked at the PHP script for the factory reset feature and found that the developer had commented on the lines themselves that would perform the authentication:

    function get($urlPath, $queryParams=null, $ouputFormat="xml"){
//        if(!authenticateAsOwner($queryParams))
//        {
//            header("HTTP/1.0 401 Unauthorized");
//            return;
//        }

It’s not clear when the PHP script was updated, but support for MyBook Live was discontinued in 2015, so this may be a really old change. And yet that was all the hacker had to go in and cause chaos; interestingly, the latest attack may have been a reaction to a three-year exploit that turned many of these devices into botnets. Could this be the case of a hacker against a hacker?