Rebraining an LED Marquee with a Spark Trammell Hudson’Core

Wires? Where this LED scroller is going we don’t need wires. Well, except for power but everything needs power. The 90×7 LED marquee hangs over the entrance to NYC Resistor’s laser cutter room. Thanks to a Spark Core and a bit of work from [Trammell Hudson], the sign is working and attached to the network.

The original unit called for an RS485 connection for input. Other than that there wasn’t really a reason it had been collecting dust. Closer inspection of the internals proved that the display is driven exactly as you would expect: transistors for the rows and shift registers for the columns. Well, actually the columns are split into separate shift registers for the even and odd but that doesn’t complicate things too much. GPIO takes the seven row-driving transistors, two shift register clocks, data, latch, and enable for a total of twelve pins.

The Spark Core completely replaces the Atmel 80C32X2 and its RTC by pinging the network for UTC time synchronization once per day.

[via NYC Resistor]

TwitterPrinter Keeps Track of 2015 Hack-A-Day Prize

[Mastro Gippo] is getting to be somewhat of a Hackaday legend. He didn’t win the 2014 Hackaday prize but was in attendance at the event in Munich, and to make sure he keeps up with this year’s Prize, he built this old-school printer that prints all of the updates from the Hackaday Prize Twitter account.

The device uses the now-famous ESP8266 module for connecting the printer to the Internet. It doesn’t scrape data straight from Twitter though, it looks at [Mastro Gippo]’s own server to avoid getting inundated with too many tweets at once. The program splits the tweets into a format that is suitable for the printer (plain text) and then the printer can parse the data onto the paper. The rest of the design incorporates a 3.3V regulator for power and some transistors to turn the printer on and off. Be sure to check out the video of the device in action after the break!

[Mastro Gippo] notes that this eliminates the need to have a smartphone in order to keep up with the 2015 Hackaday Prize, which is ironic because his entry into the Trinket Everyday Carry Contest was a smarter-than-average phone. We’ll be expecting something that doesn’t waste quite as much paper for his official contest entry, though!

Continue reading “TwitterPrinter Keeps Track of 2015 Hack-A-Day Prize”

Automatic Garage Door Opener Works for Your Cat

Using an Arduino or Raspberry Pi to perform a task in the real world is certainly a project we’ve seen here before, and certainly most of these projects help to make up the nebulous “Internet of Things” that’s all the rage these days. Once in a while though, a project comes along that really catches our eye, as is the case with [Jamie’s] meticulously documented automatic garage door opener.

This garage door opener uses an ATMega328 to connect the internet to the garage door. A reed switch is installed which lets the device sense the position of the door, which is relayed back to the internet. [Jamie] wrote an Android app that can open and close the door and give the user the information on the door’s status. One really interesting feature is the ability to “crack” the garage door. This is done by triggering the garage door opener twice with a delay in between. From the video after the break we’d say this is how [Jamie’s] cat gets in and out.

We love seeing projects that are extremely well documented so that anyone who wants to make one can easily figure out how. Internet-connected garage door openers have been featured in other unique ways before too, but we’ve also seen ways to automatically open blinds or chicken coops!

Hackaday.io Land Rush: Vanity URLs

Hurry! Carve out your Hackaday.io homestead with a vanity URL. You can see I’ve already secured hackaday.io/mike, but get in before the rest of Hackaday finds out and you can you have ‘/tom’, ‘/jane’, or ‘/zerocool’. (Don’t do it… you can be more creative than zerocool!)

Whether you already have an account, or if you want to create one right now, the next time you log into Hackaday.io the interface will give you the opportunity to choose your vanity address. Like the Oklahoma land rush, we’re sure there will be a swell of folks looking to squat on the most pristine land. So if your first name is already taken, now is the perfect time to re-invent your perfect username.

For those that need a jump start picking their slug, we want to hear your favorite screen name/handle/user alias of all time in the comments. At the risk of embarassing [Jeff Keyzer], I have to say his alias (and company name) Mighty Ohm is pretty spectacular. Can anyone beat it?

Ask Hackaday: A Robot’s Black Market Shopping Spree

It was bad when kids first started running up cell phone bills with excessive text messaging. Now we’re living in an age where our robots can go off and binge shop on the Silk Road with our hard earned bitcoins. What’s this world coming to? (_sarcasm;)

For their project ‘Random Darknet Shopper’, Swiss artists [Carmen Weisskopf] and [Domagoj Smoljo] developed a computer program that was given 100 dollars in bitcoins and granted permission to lurk on the dark inter-ether and make purchases at its own digression. Once a week, the AI would carrying out a transaction and have the spoils sent back home to its parents in Switzerland. As the random items trickled in, they were photographed and put on display as part of their exhibition, ‘The Darknet. From Memes to Onionland’ at Kunst Halle St. Gallen. The trove of random purchases they received aren’t all illegal, but they will all most definitely get you thinking… which is the point of course. They include everything from a benign Lord of the Rings audio book collection to a knock-off Hungarian passport, as well as the things you’d expect from the black market, like baggies of ecstasy and a stolen Visa credit card. The project is meant to question current sanctions on trade and investigate the world’s reaction to those limitations. In spite of dabbling in a world of questionable ethics and hazy legitimacy, the artists note that of all the purchases made, not a single one of them turned out to be a scam.

Though [Weisskopf] and [Smoljo] aren’t worried about being persecuted for illegal activity, as Swiss law protects their right to freely express ideas publicly through art, the implications behind their exhibition did raise some questions along those lines. If your robot goes out and buys a bounty of crack on its own accord and then gives it to its owner, who is liable for having purchased the crack?

If a collection of code (we’ll loosely use the term AI here) is autonomous, acting independent of its creator’s control, should the creator still be held accountable for their creation’s intent? If the answer is ‘no’ and the AI is responsible for the repercussions, then we’re entering a time when its necessary to address AI as separate liable entities. However, if you can blame something on an AI, this suggests that it in some way has rights…

Before I get ahead of myself though, this whole notion circulates around the idea of intent. Can we assign an artificial form of life with the capacity to have intent?

Christmas Village Spin on the Weasley Clock

Have we seen any Christmas village hacks before? None come to mind and our Google-fu didn’t turn up any either. No matter, even if there were a handful this would rank quite high. [Kyle Anderson] built models of the homes each of his loved-ones inhabit. Each model lights up when its occupant is at home.

This reminds us of the Weasley Clock, itself a popular concept to hack on. The idea is that each family member’s location is shown with a unique clock hand and a set of whimsical locations on the clock face.

The Etherhouse, as [Kyle] calls it, performs a similar action. The WiFi access point in each loved one’s home is monitored for their smart phone. When it is detected, the light for their home model is illuminated. Since each person has their own copy of the village, everyone knows who is home and who is away.

Continue reading “Christmas Village Spin on the Weasley Clock”

Yik Yak MITM Hack (Give the Dog a Bone)

Yik Yak is growing in popularity lately. If you are unfamiliar with Yik Yak, here’s the run down. It’s kind of like Twitter, but your messages are only shared with people who are currently within a few miles of you. Also, your account is supposed to be totally anonymous. When you combine anonymity and location, you get some interesting results. The app seems to be most popular in schools. The anonymity allows users to post their honest thoughts without fear of scrutiny.

[Sanford Moskowitz] decided to do some digging into Yik Yak’s authentication system. He wanted to see just how secure this “anonymous” app really is. As it turns out, not as much as one would hope. The primary vulnerability is that Yik Yak authenticates users based solely on a user ID. There are no passwords. If you know the user’s ID number, it’s game over.

The first thing [Sanford] looked for was an encrypted connection to try to sniff out User ID’s. It turned out that Yik Yak does actually encrypt the connection to its own servers, at least for the iPhone app. Not to worry, mobile apps always connect to other services for things like ad networks, user tracking, etc. Yik Yak happens to make a call to an analytics tool called Flurry every time the app is fired. Flurry needs a way to track the users for Yik Yak, so of course the Yik Yak App tells Flurry the user’s ID. What other information would the anonymous app have to send?

Unfortunately, Flurry disables HTTPS by default, so this initial communication is in plain text. That means that even though Yik Yak’s own communications are protected, the User ID is still exposed and vulnerable. [Sanford] has published a shell script to make it easy to sniff out these user ID’s if you are on the same network as the user.

Once you have the user ID, you can take complete control over the account. [Sanford] has also published scripts to make this part simple. The scripts will allow you to print out every single message a user has posted. He also describes a method to alter the Yik Yak installation on a rooted iPhone so that the app runs under the victim’s user ID. This gives you full access as if you owned the account yourself.

Oh, there’s another problem too. The Android app is programmed to ignore bad SSL certificates. This means that any script kiddie can perform a simple man in the middle attack with a fake SSL certificate and the app will still function. It doesn’t even throw a warning to the user. This just allows for another method to steal a user ID.

So now you have control over some poor user’s account but at least they are still anonymous, right? That depends. The Yik Yak app itself appears to keep anonymity, but by analyzing the traffic coming from the client IP address can make it trivial to identify a person. First of all, [Sanford] mentions that a host name can be a dead giveaway. A host named “Joe’s iPhone” might be a pretty big clue. Other than that, looking out for user names and information from other unencrypted sites is easy enough, and that would likely give you everything you need to identify someone. Keep this in mind the next time you post something “anonymously” to the Internet.

[via Reddit]