
Run Linux on hard disk firmware (2013) - vasili111
https://spritesmods.com/?art=hddhack&page=1
======
DanBC
Here's an older thread with some interesting comments:
[https://news.ycombinator.com/item?id=6148347](https://news.ycombinator.com/item?id=6148347)

~~~
dang
As well as one from last year:
[https://news.ycombinator.com/item?id=12219599](https://news.ycombinator.com/item?id=12219599).

------
jewbacca
> jellybean part

...

> In the electronics industry, a "jelly bean" component is one which is widely
> available, used generically in many applications, and has no very unusual
> characteristics—as though it might be grabbed out of a jar in handfuls when
> needed, like jelly beans. For example, the μA741 might be considered a jelly
> bean op amp.

[Wikipedia]

~~~
mrob
The μA741 is still manufactured and it historically was a jellybean part, but
I'm not sure it counts as one today. The performance is low and it's not
something anybody is likely to use in new designs. I think the LM358 is a
better example of a jellybean part. It's cheap and widely available and still
commonly used, mostly because unlike the μA741 it works with a single-ended 5V
supply (the μA741 needs both +5V and -5V).

------
Paul_S
Before I moved my career to embedded software I was always incredulous when I
read articles claiming such and such device has 100s of chips in it. Now I
know this to be true I am still amazed at how many "moving parts" each little
device has (or to put it more intelligibly, how many semi-autonomous
subsystems each computer system consists of) - it's a miracle we routinely
manage to make them work. The pinnacle of processor cramming must the modern
smartphone which just beggars belief. I'm more surprised there's only one
microcontroller on that board.

~~~
agumonkey
It's a bit "scary" because this is a non optimized "controller" from 2013.
With today's processes and market evolution, anything could be a multicore arm
processor in disguise. You can never be sure about anything anymore since it
can be virtual information generated by some logic/source.

~~~
carapace
(My nightmare is when nanotech gets good enough that you can't trust the
written word on paper...)

~~~
yongjik
That happens with emails. The future is here!

There was one time I booked a flight. A few days before departure, that
particular flight had an accident (Asiana 214 at SFO): I need to check if my
flight will still depart as scheduled, so I dig my mailbox and the reservation
confirmation email I received months ago(!) now says "Your flight is
canceled." Apparently emails can be retroactively rewritten, WTF.

~~~
Tharre
Emails can't be rewritten by anyone except your mail provider, which is
unlikely to ever happen.

What most likely really happened is that the mail included remote content
which got reloaded - and thus changed.

~~~
i336_
_Webmail_ provider*

Sorry for being pedantic, but if you sync your mail to your own device (or
collect all of it onto your own mail server), you eliminate this risk.

------
israrkhan
Such tools have existed for long time. NSA tools catalog had a tool[1] that
took control of HDD firmware and provided Application persistence across re-
formatting. Date mentioned on the brochure[1] is June 2008. Of course most of
your PC peripherals have their own processor, if sufficient documentation is
available, PC peripherals can be easily weaponised. They can even have a
wireless implant that allows HDD to communicate with outside world, and
trigger exploit (send data, or trigger code execution), remotely.

[https://leaksource.files.wordpress.com/2013/12/nsa-ant-
irate...](https://leaksource.files.wordpress.com/2013/12/nsa-ant-
iratemonk.jpg)

~~~
TL_DR
We lost the battle already: [https://www.crowdsupply.com/raptor-computing-
systems/talos-s...](https://www.crowdsupply.com/raptor-computing-
systems/talos-secure-workstation)

------
pronoiac
Ah, the site looks overwhelmed. Mirror:
[http://web.archive.org/web/20161207215251/https://spritesmod...](http://web.archive.org/web/20161207215251/https://spritesmods.com/?art=hddhack&page=1)

~~~
latently
Probably being hosted by its hard drive.

------
feelix
Things like this are why I will never trust any computer with privacy.

There are processors and memory systems everywhere. There are so many entry
points for snoop attacks which can be completely invisible unless you know
exactly what to look for.

If your freakin' hard drive can be running linux or a web server then how can
you ever trust anything?

------
TimWolla
(2013) I suspect from the comments on that site. I've seen it before.

------
josteink
This one is old, but still extremely fascinating.

I wish I had the same persistence and willingness to dig as this guy obviously
does when facing a challenge.

We need more people like this :)

------
libeclipse
This needs a (2013) tag.

~~~
dang
Thanks—added.

------
eriknstr
Marked dupe, why?

