Hackaday Prize Entry: A Raspberry Pi Project

There’s no piece of technology that has been more useful, more influential on the next generation of sysadmins and engineers, and more polarizing than the Raspberry Pi. For $35 (or just $5), you get a complete single board computer, capable of running Linux, and powerful enough to do useful work. For the 2016 Hackaday Prize, [Arsenijs] has created the perfect Raspberry Pi project. It’s everything you expect a Pi-powered project to be, and more.

While the Raspberry Pi, and the community surrounding the Raspberry Pi, get a lot of flak for the relatively simple approach to most projects which are effectively just casemods, critics of these projects forget the historical context of tiny personal computers. Back in the early ‘aughts, when Mini ITX motherboards were just being released, websites popped up that would feature Mini ITX casemods and nothing else. While computers stuffed into an NES, an old radio, or the AMD logo are rather banal projects today, I assure you they were just as pedestrian 15 years ago as well. Still, the creators of these Mini ITX case mods became the hardware hackers of today. It all started with simple builds, a Dremel, and some Bondo.

[Arsenijs] takes his Raspberry Pi project a bit further than a simple casemod, drawing influence from a Raspberry Pi smartphone, a Raspberry Pi security system, a Portable Raspberry Pi, and a Raspberry Pi wrist computer. These are all excellent projects in their own right, but [Arsenijs] is putting his own special twist on the project: he’s using a Raspberry Pi, and a few Raspberry Pi accessories.

While this project is first and foremost a Raspberry Pi project, [Arsenijs] isn’t limiting himself to the platform with the Broadcom chip. The team behind this Raspberry Pi project was busy porting the project to Odroid when the Banana Pi came out. This changed everything, a refactor was required, and then the Orange Pi was announced. Keeping up with technology is hard, and is a big factor in why this Raspberry Pi project hasn’t delivered yet. You can say a lot of things about the Raspberry Pi foundation, but at least their boards make a good attempt at forward compatibility.

Already [Arsenijs]’ Raspberry Pi project is one of the more popular projects on Hackaday.io, and is in the running for being one of the most popular projects in this year’s Hackaday Prize. Whether that popularity will translate into a minor win for this year’s Hackaday Prize remains to be seen, but it seems for [Arsenijs] that doesn’t matter; he’s already on the bleeding edge of Raspberry Pi projects.

The HackadayPrize2016 is Sponsored by:

Books You Should Read: The Car Hacker’s Handbook

I just had my car in for an inspection and an oil change. The garage I take my car to is generally okay, they’re more honest than a stealership, but they don’t cross all their t’s and dot all their lowercase j’s. A few days after I picked up my car, low and behold, I noticed the garage didn’t do a complete oil change. The oil life indicator wasn’t reset, which means every time I turn my car on, I’ll have to press a button to clear an ominous glowing warning on my dash.

For my car, resetting the oil life indicator is a simple fix – I just need to push the button on the dash until the oil life indicator starts to blink, release, then hold it again for ten seconds. I’m at least partially competent when it comes to tech and embedded systems, but even for me, resetting the oil life sensor in my car is a bit obtuse. For the majority of the population, I can easily see this being a reason to take a car back to the shop; the mechanic either didn’t know how to do it, or didn’t know how to use Google.

The two most technically complex things I own are my car and my computer, and there is much more information available on how to fix or modify any part of my computer. If I had a desire to modify my car so I could read the value of the tire pressure monitors, instead of only being notified when one of them is too low, there’s nowhere for me to turn.

2015 was the year of car hacks, ranging from hacking ECUs to pass California emissions control standards, Google and Tesla’s self-driving cars, to hacking infotainment systems to drive reporters off the road. The lessons learned from these hacks are a hodge-podge of forum threads, conference talks, and articles scattered around the web. While you’ll never find a single volume filled with how to exploit the computers in every make and model of automobile, there is space for a reference guide on how to go about this sort of car hacking.

I was given the opportunity to review The Car Hacker’s Handbook by Craig Smith (259p, No Starch Press). Is it a guide on how to plug a dongle into my car and clear the oil life monitor the hard way? No, but you wouldn’t want that anyway. Instead, it’s a much more informative tome on penetration testing and reverse engineering, using cars as the backdrop, not the focus.

Continue reading “Books You Should Read: The Car Hacker’s Handbook”

Hackaday Prize Entry: Reverse GPS

Every time you watch a SpaceX livestream to see a roaring success or fireball on a barge (pick your poison), you probably see a few cubesats go up. Everytime you watch a Soyuz launch that is inexplicably on liveleak.com before anywhere else, you’re seeing a few cubesats go up. There are now hundreds of these 10 cm satellites in orbit, and SatNogs, the winner of the Hackaday Prize a two years ago, gives all these cubesats a global network of ground stations.

There is one significant problem with a global network of satellite tracking ground stations: you need to know the orbit of all these cubesats. This, as with all Low Earth Orbit deployments that do not have thrusters and rarely have attitude control, is a problem. These cubesats are tumbling through the rarefied atmosphere, leading to orbits that are unpredictable over several months.

[hornig] is working on a solution to the problem of tracking hundreds of cubesats that is, simply, reverse GPS. Instead of using multiple satellites to determine a position on Earth, this system is using multiple receiving stations on Earth’s surface to determine the orbit of a satellite.

The hardware for [hornig]’s Distributed Ground Station Network is as simple as you would expect. It’s just an RTL-SDR TV tuner USB dongle, a few antennas, a GPS receiver, and a Raspberry Pi connected to the Internet. This device needs to be simple; unlike SatNogs, where single base station in the middle of nowhere can still receive data from cubesats, this system needs multiple receivers all within the view of a satellite.

The modern system of GPS satellites is one of the greatest technological achievements of all time. Not only did the US need to put highly accurate clocks in orbit, the designers of the system needed to take into account relativistic effects. Doing GPS in reverse – determining the orbit of satellites on the ground – is likewise a very impressive project, and something that is certainly a contender for this year’s Hackaday Prize.

The HackadayPrize2016 is Sponsored by:

Fallout 4 Gets Logic Gates, Is Functionally Complete

Fallout logic. This is literally called Fallout logic. This is far more confusing than it should be.
Fallout logic. This is literally called Fallout logic. This is far more confusing than it should be.

Fallout 4, the latest tale of post-apocalyptic tale of wasteland wanderers, got its latest DLC yesterday. This add-on, Contraptions Workshop, adds new objects and parts to Fallout 4‘s settlement-building workshop mechanic. This add-on brings more building pieces, elevators, and most importantly logic gates to Commonwealth settlements.

The Fallout logic gates are used in conjunction with electric generators, lights, and automated sentries used to build settlements. Although a simple NAND would do, there are several types of logic gates including AND, OR, XOR, NOT, NAND, NOR, and XNOR.

The in-game explanation for these gates is very, very weird. AND, OR, and XOR “transmit power or not depending on the combination of power to their inputs”. NOT, NAND, NOR, and XNOR are apparently different, “only transmitting power if their inputs are connected directly to the output of other logic gates”. The reason for this arbitrary distinction between different sets of gates is currently unknown except to a few programmers and project leaders at Bethesda. It should be noted {AND, OR, XOR} is not functionally complete.

With implementations of logic gates in video games comes some very interesting if useless applications. Already Fallout 4 has light boxes, allowing for huge animated billboardsFallout speakers, the wasteland’s equivalent of Minecraft’s note block, can be used to play simple melodies. You can do anything with a NAND, so we would expect automated, sequenced versions of animated billboards and monophonic synthesizers to appear in short order.

Functional completeness can add a lot to a game. Since Minecraft added redstone logic to the game, we’ve seen some very, very impressive block-based builds. The Minecraft CPU generally regarded as being the first, most complete CPU took about three months to design and build. This build didn’t use later additions to the redstone toolbox like repeaters, pistons, and the now-cheaty command blocks.

FAA Finalizes Rules For Drones, UAS, and Model Aircraft

The FAA and DOT have finalized their rules for small Unmanned Aircraft Systems (UAS, or drones), and clarified rules for model aircraft. This is the end of a long process the FAA undertook last year that has included a registry system for model aircraft, and input from members of UAS and model aircraft industry including the Academy of Model Aeronautics and 3D Robotics.

Model Aircraft

Since the FAA began drafting the rules for unmanned aircraft systems, it has been necessary to point out the distinction between a UAS and a model aircraft. Thanks to the amazing advances in battery, brushless motor, and flight controller technology over the past decade, the line between a drone and a model aircraft has been fuzzed, and onboard video systems and FPV flying have only blurred the distinction.

The distinction between a UAS and model aircraft  is an important one. Thanks to the FAA Reauthorization Act of 2012, the FAA, “may not promulgate any rule or regulation regarding a model aircraft” under certain conditions. These conditions include aircraft flown strictly for hobby or recreational use, operated in accordance with a community-based set of safety guidelines (read: the safety guidelines set by the Academy of Model Aeronautics), weighs less than 55 pounds, gives way to manned aircraft, and notifies the operator of an airport when flown within five miles of a control tower.

Despite laws enacted by congress, the FAA saw it necessary to create rules and regulations for model aircraft weighing less than 55 pounds, and operated in accordance with a community-based set of safety guidelines. The FAA’s drone registration system doesn’t make sense, and there is at least one pending court case objecting to these rules.

The FAA’s final rules for UAS, drones, and model airplanes change nothing from the regulations made over the past year. If your drone weighs more than 250 grams, you must register it. For model aircraft, and unmanned aircraft systems conducting ‘hobbyist operations’, nothing has changed.

Unmanned Aerial Systems

The finalized rule introduced today concerns only unmanned aircraft systems weighing less than 55 pounds conducting non-hobbyist operations. The person flying the drone must be at least 16 years old and hold a remote pilot certificate with a small UAS rating. This remote pilot certificate may be obtained by passing an aeronautical knowledge test, or by holding a non-student Part 61 pilot certificate (the kind you would get if you’d like to fly a Cessna on the weekends)

What this means

Under the new regulations, nothing for model aircraft has changed. The guys flying foam board planes will still have to deal with a registration system of questionable legality.

For professional drone pilots – those taking aerial pictures, farmers, or pilots contracting their services out to real estate agents – the situation has vastly improved. A pilot’s license is no longer needed for these operations, and these aircraft may be operated in class G airspace without restriction. Drone use for commercial purposes is now possible without a pilot’s license. This is huge for many industries.

These rules do not cover autonomous flight. This is, by far, the greatest shortcoming of the new regulations. The most interesting applications of drones and unmanned aircraft is autonomous flight. With autonomous drones, farmers could monitor their fields. Amazon could deliver beer to your backyard. There are no regulations regarding autonomous flight from the FAA, and any business plans that hinge on pilot-less aircraft will be unrealized in the near term.

DJI Phantoms are now ‘drones’

This is a quick aside, but I must point out the FAA press release was written by someone with one of two possible attributes. Either the author of this press release paid zero attention to detail, or the FAA has a desire to call all unmanned aircraft systems ‘drones’.

The use of the word ‘drone’ in the model aircraft community has been contentious, with quadcopter enthusiasts making a plain distinction between a DJI Phantom and a Predator drone. Drones, some say, have the negative connotation of firing hellfire missiles into wedding parties and killing American citizens in foreign lands without due process, violating the 5th amendment. Others have classified ‘drones’ as having autonomous capability.

This linguistic puzzle has now been solved by the FAA. In several places in this press release, the FAA equates ‘unmanned aircraft systems’ with drones, and even invents the phrase, ‘unmanned aircraft drone’. Language is not defined by commenters on fringe tech blogs, it is defined by common parlance. Now the definition of ‘drone’ is settled: it is an unmanned, non-autonomous, remote-controlled flying machine not flown for hobby or recreational use.

[Clinton] Builds A Better Handgun

A few months ago, we caught wind of someone doing something remarkable. [Clinton Westwood] built a pistol from plans he found on the Internet. You can find plans to build anything on the web, from houses to four-stroke engines to perpetual motion machines. Most of the time these plans are incomplete and many of these devices have never been built at all. [Clinton]’s pistol was one of these never-built designs. After months of work, he’s ready to call this project done, and managed to build an awesome rig to rifle the barrel.

Before [Clinton] set out to build this gun from scratch, the only other example these plans could build a gun-shaped object were a few terrible pictures of what appears to be a gun that was thrown into a garbage disposal, then into a creek, then forgotten for several years. There is a distinct lack of workmanship in this one exemplar, but [Clinton]’s attempt at replication is far more professional.

Although this gun is designed to be built using simple tools, there is one aspect of amateur gunsmithing that requires some specialized equipment. The barrel must be rifled if you want any accuracy at all, and for this [Clinton] has come up with a very simple jig made out of a broken bicycle and some threaded rod.

If homebrew gunsmithery is your thing, but you’re looking for something with a little more punch than a .25 ACP, you can beat plowshares into an AK-47. All hail the shovel AK, defender of the motherland and digger of holes.

Network Security Theatre

Summer is nearly here, and with that comes the preparations for the largest gathering of security researchers on the planet. In early August, researchers, geeks, nerds, and other extremely cool people will descend upon the high desert of Las Vegas, Nevada to discuss the vulnerabilities of software, the exploits of hardware, and the questionable activities of government entities. This is Black Hat and DEF CON, when taken together it’s the largest security conference on the planet.

These conferences serve a very important purpose. Unlike academia, security professionals don’t make a name for themselves by publishing in journals. The pecking order of the security world is determined at these talks. The best talks, and the best media coverage command higher consultancy fees. It’s an economy, and of course there will always be people ready to game the system.

Like academia, these talks are peer-reviewed. Press releases given before the talks are not, and between the knowledge of security researchers and the tech press is network security theatre. In this network security theatre, you don’t really need an interesting exploit, technique, or device, you just need to convince the right people you have one.

Continue reading “Network Security Theatre”