Hackaday Links: March 3, 2024

March 3, 2024 by Dan Maloney 26 Comments

Who’d have thought that $30 doorbell cameras would end up being security liabilities? That’s the somewhat obvious conclusion reached by Consumer Reports after looking at some entry-level doorbell cameras available through the usual outfits and finding glaring security gaps which are totally not intentional in any way.

All these cameras appear to be the same basic hardware inside different enclosures, most supporting the same mobile app. Our favorite “exploit” for these cameras is the ability to put them into a pairing mode with the app, sometimes by pressing a public-facing button. Slightly more technically challenging would be accessing images from the app using the camera’s serial number, or finding file names being passed in plain text while sniffing network traffic. And that’s just the problems CR identified; who knows what else lurks under the covers? Some retailers have stopped offering these things, others have yet to, so buyer beware.

Speaking of our techno-dystopian surveillance state, if you’ve had it with the frustrations and expense of printers, has Hewlett-Packard got a deal for you. They want you to never own a printer again, preferring that you rent it from them instead. Their “All-In Plan” launched this week, which for $6.99 a month will set up up with an HP Envy inkjet printer, ink deliveries, and 24/7 tech support. It doesn’t appear that paper is included in the deal, so you’re on your own for that, but fear not — you won’t go through much since the entry-level plan only allows 20 prints per month. Plans scale up to 700 prints per month from an OfficeJet Pro for the low, low price of $36. The kicker, of course, is that ~~your~~ their printer has to be connected to the Internet, and HP can pretty much brick the thing anytime they want to. The terms of service also explicitly state that they’ll be sending your information to advertising partners, so that’ll be fun. This scheme hearkens back to the old pre-breakup days of AT&T, where you rented your phone from the phone company. That model made a lot more sense when the phone (probably) wasn’t listening in on everything you do. This just seems like asking for trouble.

“Enhance, enhance…” Credit: NASA/JPL-Caltech/LANL/CNES/IRAP/Simeon Schmauß

It’s been a while since Ingenuity‘s final rough landing on Mars permanently grounded the overachieving helicopter, long enough that it’s time for the post-mortem analyses to begin. The first photographic evidence we had was a shadowgram from one of the helicopter’s navigational cameras, showing damage to at least one of the rotor tips, presumably from contact with the ground. Then we were treated to a long-distance shot from Ingenuity‘s rover buddy Perseverance, which trained its MASTCAM instruments on the crash zone and gave us a wide view of its lonely resting place.

Now, geovisual design student [Simeon Schmauβ] has taken long shots made with the rover’s SuperCam instrument and processed them into amazingly detailed closeups, which show just how extensive the damage really is. One rotor blade sheared clean off on contact, flying 15 meters before gouging a hole in the regolith. Another blade looks to be about half gone, while the remaining two blades show the damaged tips we’ve already seen. That the helicopter is still on its feet given the obvious violence of the crash is amazing, as well as an incredible piece of luck, since it means the craft’s solar panel is pointing in roughly the right direction to keep it powered up.

Continue reading “Hackaday Links: March 3, 2024” →

Hackaday Links: February 25, 2024

February 25, 2024 by Dan Maloney 14 Comments

When all else fails, blame it on the cloud? It seems like that’s the script for just about every outage that makes the news lately, like the Wyze camera outage this week that kept people from seeing feeds from their cameras for several hours. The outage went so far that some users’ cameras weren’t even showing up in the Wyze app, and there were even reports that some people were seeing thumbnails for cameras they don’t own. That’s troubling, of course, and Wyze seems to have taken action on that quickly by disabling a tab on the app that would potentially have let people tap into camera feeds they had no business seeing. Still, it looks like curiosity got the better of some users, with 1,500 tapping through when notified of motion events and seeing other people walking around inside unknown houses. The problem was resolved quickly, with blame laid on an “AWS partner” even though there were no known AWS issues at the time of the outage. We’ve said it before and we’ll say it again: security cameras, especially mission-critical ones, have no business being connected with anything but Ethernet or coax, and exposing them to the cloud is a really, really bad idea.

Continue reading “Hackaday Links: February 25, 2024” →

Hackaday Links: February 18, 2024

February 18, 2024 by Dan Maloney 17 Comments

So it turns out that walking around with $4,000 worth of hardware on your head isn’t quite the peak technology experience that some people thought it would be. We’re talking about the recently released Apple Vision Pro headset, which early adopters are lining up in droves to return. Complaints run the gamut from totally foreseeable episodes of motion sickness to neck pain from supporting the heavy headset. Any eyeglass wearer can certainly attest to even lightweight frames and lenses becoming a burden by the end of the day. We can’t imagine what it would be like to wear a headset like that all day. Ergonomic woes aside, some people are feeling buyer’s remorse thanks to a lack of apps that do anything to justify the hefty price tag. The evidence for a wave of returns is mostly gleaned from social media posts, so it has to be taken with a grain of salt. We wouldn’t expect Apple to be too forthcoming with official return figures, though, so the ultimate proof of uptake will probably be how often you spot one in the wild. Apart from a few cities and only for the next few weeks, we suspect sightings will be few and far between.

Continue reading “Hackaday Links: February 18, 2024” →

Hackaday Links: February 11, 2024

February 11, 2024 by Dan Maloney 4 Comments

Apple’s Vision Pro augmented reality goggles made a big splash in the news this week, and try as we might to resist the urge to dunk on them, early adopters spotted in the wild are making it way too easy. Granted, we’re not sure how many of these people are actually early adopters as opposed to paid influencers, but there was still quite a bit of silliness to be had, most of it on X/Twitter. We’d love to say that peak idiocy was achieved by those who showed themselves behind the wheels of their Teslas while wearing their goggles, with one aiming for an early adopter perfecta, but alas, most of these stories appear to be at least partially contrived. Some people were spotted doing their best to get themselves killed, others were content to just look foolish, especially since we’ve heard that the virtual keyboard is currently too slow for anything but hunt-and-peck typing, which Casey Niestat seemed to confirm with his field testing. After seeing all this, we’re still unsure why someone would strap $4,000 worth of peripheral-vision-restricting and easily fenced hardware to their heads, but hey — different strokes. And for those of you wondering why these things are so expensive, we’ve got you covered.

Continue reading “Hackaday Links: February 11, 2024” →

Hackaday Links: February 4, 2024

February 4, 2024 by Dan Maloney 20 Comments

Things may not have gone as planned last week for the flying cellphone on Mars, but just because Ingenuity‘s flying career is over doesn’t mean there’s no more work to do. NASA announced this week that it’s going to try a series of “wiggle” maneuvers on Ingenuity‘s rotors, in an attempt to get a better look at the damage to the blade tips and possibly get some clues as to what went wrong. The conjecture at the moment seems to be that a large area of relatively featureless terrain confused the navigation system, which uses down-facing cameras to track terrain features. If the navigation program couldn’t get a bead on exactly how far above the ground it was, it’s possible the copter came in too hard and caused the rotor tips to dig into the regolith. There seems to be some photographic suggestion of that, with what looks like divots in the ground about where you’d expect the rotor tips to dig in, and even scraps of material that look out of place and seem to be about the same color as the rotor blades. All this remains to be seen, of course, and we’re sure that NASA and JPL are poring over all available data to piece together what happened. As much as we hate to say goodbye to Ingenuity, we eagerly await the post-mortem.

Continue reading “Hackaday Links: February 4, 2024” →

Hackaday Links: January 28, 2024

January 28, 2024 by Dan Maloney 16 Comments

From the “No good deed goes unpunished” files, this week came news of a German programmer who probably wishes he had selected better clients. According to Heise Online (English translation), a freelance programmer — referred to only as “defendant” in the article — was retained by a company to look into a database problem in their system. His investigation revealed that the customer’s database was being filled with log messages from a third-party service called Modern Solution GmbH & Co. KG. over a MySQL connection to a remote server. Assuming this connection was dedicated for his client’s use, the programmer looked at the executable used to make the connection with a text editor, which revealed a password in plain text. Upon connecting to the remote database, he found that it not only contained data for all of Modern Solution’s customers, but also data for all the end users of their customers.

Realizing he’d unintentionally wandered into verboten territory, the programmer immediately backed out and contacted Modern Solutions. They quickly fixed the issue, and then just as quickly reported him to the police. Their “investigation” revealed that the programmer had “decompiled” the executable to obtain the password, in violation of German law. The judge agreed, stating that merely looking at and using the password constituted a criminal offense, regardless of intent and despite the fact that Modern Solution had provided the password to the programmer’s client when they sold them the software. The upshot of all of this nonsense? A €3,000 fine for the programmer, if the verdict stands on appeal. It could have been worse, though; German law allows for up to three years in prison for such offenses.

Continue reading “Hackaday Links: January 28, 2024” →

Hackaday Links: January 21, 2024

January 21, 2024 by Dan Maloney 15 Comments

Have you noticed any apps missing from your Android phone lately? We haven’t but then again, we try to keep the number of apps on our phone to a minimum, just because it seems like the prudent thing to do. But apparently, Google is summarily removing apps from the Play Store, often taking the extra step of silently removing the apps from phones. The article, which seems to focus mainly on games, and has a particular bone to pick about the removal of RPG Wayward Souls, isn’t clear about how widespread the deletions are, or what exactly the reason behind the removals could be. But they sure are exercised about it, and rightly so since in some cases the deleted games have actually been paid for by the users, and Google pretty much says that if you think you’re getting a refund, think again. They make some interesting points, such as this being the very definition of larceny, while also acknowledging that in all likelihood Google has a get-out-of-jail-free card buried in some EULA somewhere permitting them to do exactly what they’re doing. Google’s gonna Google, right?

Continue reading “Hackaday Links: January 21, 2024” →