Story 2015-04-30

Crack any Master Lock combination lock in eight tries or less

by
in security on (#853A)
There's a vulnerability in Master Lock branded combination padlocks that allows anyone to learn the combination in eight or fewer tries, a process that requires less than two minutes and a minimal amount of skill to carry out.

The exploit involves lifting up a locked shackle with one hand while turning the combination dial. Before the dial reaches 11, there will be three points where the dial will resist being turned anymore. The three positions are then input to a web page that streamlines the exploit. The page responds with the first digit of the combination and two possible digits for the last digit. By testing which of the possible last digits has more "give," an attacker can quickly figure out which one is correct. By eliminating the false digit from the Web form, the page will automatically populate the eight possible numbers for the second digit of the combination.

It's by no means the only way to break the security of a popular padlock. It comes a few years after Master Lock engineers developed new padlocks that resisted a popular form of attacks using shims made from soft drink cans.

NASA spacecraft to impact planet Mercury on Thursday

by
in space on (#83Z4)
story imageLaunched in 2004, NASA's Mercury-orbiting spacecraft, Messenger, is going out with a bang this week, adding a hefty crater to the little planet closest to the sun. The first spacecraft to circle Mercury, Messenger is expected to slip out of orbit and slam into Mercury on Thursday following a successful four-year tour of the rocky planet. The spacecraft will be traveling 8,750 mph (14,081 kph) when it hits, fast enough to carve out a crater 52 feet (16 meters) wide. The spacecraft itself stretches 10 feet (3 meters) solar wingtip to wingtip. Only one other spacecraft, NASA's Mariner 10, has ever visited Mercury, and that was back in the 1970s. Mariner 10 flew past, but did not orbit the innermost planet.

Messenger has run out of fuel, but ground controllers managed in recent weeks to eke out some extra life, raising Messenger's orbit by dipping into helium gas reserves not originally intended for use as fuel. But now that's all gone and Messenger is at the mercy of gravity. "I guess the end is coming," the Messenger team said via Twitter earlier this week. "After 10 years, spacecraft will end life as just another crater on Mercury's surface." Messenger is expected to crash into the side of Mercury facing away from Earth, so there will be no cameras or observatories to witness the impact. Scientists expect to gather information from Messenger until 10 to 15 minutes before its fatal plunge. The expected crash site is about two-thirds of the way up the planet, near the north pole.

The Enlightenment Desktop has been forked

by
in linux on (#83XT)
story imageNever saw this one coming: Enlightenment has been forked. The new product is called Moksha (Sanscrit: "emancipation, freedom") and is based not on the newest version of Enlightenment, E19, but rather an older version, E17. Behind Moksha is Jeff Hoogland and the folks at Bodhi Linux, who got frustrated with the turn that Enlightenment development has taken, and believe Moksha will be the path that takes the useful, stable release of E17 and makes it into something better. From Hoogland's blog:
Bodhi has always been a project based around the Enlightenment desktop.
The Enlightenment desktop however has changed a lot over the last few years. It went from being the "Duke Nukem Forever" of open source software without an official release in over a decade to having three new "major" versions released in the course of the last three years.

The problem with these major releases is that instead of continuing to perfect the end user facing components E17 started over the course of a decade, they were essentially internal tear downs. While optimizations are a good thing to be had, optimizations that break existing features users enjoy and use are bad. These tear downs were rushed to meet release deadlines and did not have the same quality and stability the E17 desktop had come to know.

The E18 desktop was so bad Bodhi skipped it entirely (although you can still find old packages in the 2.4.0 testing branch). When E19 released in the fall of 2014 it did make things better, but that was not difficult considering the mess E18 was.

E19 was usable enough that I gave it an honest try. I spent hours working with the upstream developers and filing bug reports. The biggest issue was that none of the Enlightenment developers were using E19 as their daily desktop. As soon as it was released they jumped on to their next rewrite - E20.
After my umpteeth bug report was met with "Works with E from Git" I was ready to call it quits. In fact for several months I did essentially quit. I was so frustrated I stepped away from the project I had devoted countless hours to over four years.
Submitter note: As an Enlightenment fan, this is interesting, but worrying. Enlightenment is a big code base, and a lot of work to take on. Hope they can make it work - E17 is a fantastic desktop!