Arduino v. Arduino

Arduino LLC is suing Arduino Srl (the Italian version of an LLC). Sounds confusing? It gets juicier. What follows is a summary of the situation as we learned it from this article at MakeMagazin.de (google translatrix)

Arduino LLC is the company founded by [Massimo Banzi], [David Cuartielles], [David Mellis], [Tom Igoe] and [Gianluca Martino] in 2009 and is the owner of the Arduino trademark and gave us the designs, software, and community support that’s gotten the Arduino where it is. The boards were manufactured by a spinoff company, Smart Projects Srl, founded by the same [Gianluca Martino]. So far, so good.

Things got ugly in November when [Martino] and new CEO [Federico Musto] renamed Smart Projects to Arduino Srl and registered arduino.org (which is arguably a better domain name than the old arduino.cc). Whether or not this is a trademark infringement is waiting to be heard in the Massachussetts District Court.

According to this Italian Wired article, the cause of the split is that [Banzi] and the other three wanted to internationalize the brand and license production to other firms freely, while [Martino] and [Musto] at the company formerly known as Smart Projects want to list on the stock market and keep all production strictly in the Italian factory.

Naturally, a lot of the original Arduino’s Open Source Hardware credentials and ethos are hanging in the balance, not to mention its supply chain and dealer relationships. However the trademark suit comes out, we’re guessing it’s only going to be the first in a series of struggles. Get ready for the Arduino wars.

We’re not sure if this schism is at all related to the not-quite-open-source hardware design of the Yun, but it’s surely the case that the company is / the companies are going through some growing pains right now.

Thanks [Philip Steffan] for the pointer to the MakeMagazin.DE article. (And for writing it.)

In Chicago? Bring A Hack!

It’s been far too long since we’ve had a Hackaday presence at a hackerspace. This, of course, is a terrible oversight and something must be done to correct it. If you’re in Chicago, you’re in luck. We’re going to be at Pumping Station: One this Wednesday for a Bring-A-Hack meetup.

If you have a cool build to show off, a bunch of blinky things, wearables, or just some cool tech, the mythical Hackaday Prize guru [Sophi Kravitz] will be at PS:1 Wednesday evening. I’m pretty sure there will be stickers, but sadly no t-shirt cannon just yet.

The event is free, open to everyone, and there’s pizza. RSVPing would be a good idea, and you can do that over on the meetup.com page for the event.

Lenovo Shipped PC’s with Spyware that Breaks HTTPS

If you’ve ever purchased a new computer then you are probably familiar with the barrage of bloatware that comes pre-installed. Usually there are system tools, antivirus software trials, and a whole bunch of other things that most of us never wanted in the first place. Well now we can add Superfish spyware to the list.

You may wonder what makes this case so special. A lot of PC’s come with software pre-installed that collect usage statistics for the manufacturer. Superfish is a somewhat extreme case of this. The software actually installs a self-signed root HTTPS certificate. Then, the software uses its own certificates for every single HTTPS session the user opens. If you visit your online banking portal for example, you won’t actually get the certificate from your bank. Instead, you’ll receive a certificate signed by Superfish. Your PC will trust it, because it already has the root certificate installed. This is essentially a man in the middle attack performed by software installed by Lenovo. Superfish uses this ability to do things to your encrypted connection including collecting data, and injecting ads.

As if that wasn’t bad enough, their certificate is actually using a deprecated SHA-1 certificate that uses 1024-bit RSA encryption. This level of encryption is weak and susceptible to attack. In fact, it was reported that [Rob Graham], CEO of Errata Security has already cracked the certificate and revealed the private key. With the private key known to the public, an attacker can easily spoof any HTTPS certificate and systems that are infected with Superfish will just trust it. The user will have no idea that they are visiting a fake phishing website.

Since this discovery was made, Lenovo has released a statement saying that Superfish was installed on some systems that shipped between September and December of 2014. They claim that server-side interactions have been disabled since January, which disables Superfish. They have no plans to pre-load Superfish on any new systems.

Tindie, the Etsy and Yelp for Electronics

For one reason or another, Tindie has become known as the Etsy for DIY electronics, tinkering, and all things that are regularly featured on Hackaday. Now [Emile] over at Tindie is tackling another problem faced by homebrew electronic wizards: finding good middlemen, board houses, places that do assembly, and machinists. The answer to that is Tindie Biz, something that [Emile] is calling the ‘Yelp for electronics.’

[Emile], the owner and creator of Tindie used to work for Yelp, something that got him more than a few “boo”s at last week’s Hackaday Omnibus Launch Party. Despite the community’s inexplicable hatred of Yelp, [Emile] actually learned a lot; verification is the ultimate problem of user-submitted reviews, and his solution to that problem is to put proof of a transaction in with the review, lest Tindie Biz fall into a disarray of spam and astroturfing.

Already there are over 1,400 manufacturers on Tindie Biz, but [Emile] said right now, his new manufacturer review site needs input from DIYers; the real value is in getting people who have done business with manufacturers around the globe to submit reviews. It needs reviewers, and that’s where you come in. It’s all free, and like most good ideas, something that makes you say, ‘I should have thought of that first.’

Hackaday.io Reaches 50,000 Registered Users

Hackaday.io, our neat project hosting site, has been around for a little more than a year. It’s been public for juuussst over 11 months, and today we’ve hit a milestone: we have over 50,000 hackers on board, documenting their builds and giving skulls for the cool projects they find. The lucky 50,000th hacker? This guy.

Over the past year, we’ve seen a ton of cool projects that have included a $300 pick and place machine, a very inexpensive machine vision camera system that’s also a very successful Kickstarter, the closest Hackaday ever get to a MOOC from a Cornell professor, and something that would be called the decapitron if it weren’t built by a NASA engineer.

All of this wouldn’t be possible without those 50,000 people on Hackaday.io. This one is for everybody out there who’s already registered. We have to give a shoutout to [Dave Darko], by far the most helpful guy on the entire site.  He has been a thorn in the side of the devs, giving us an amazing amount of feedback.

Speaking of devs, we’re going to be giving out a t-shirt and a few goodies for the 65,536th hacker to sign on (yes, an off-by-one error), for being the person who forced us to refactor everything. Considering the backroom planning, that shouldn’t be long. If you’re one of the nearly 200,000 unregistered users who visited over the last 30 days, there’s a tiny incentive to sign up.

Hack allows ESP-01 to go to Deep Sleep

The ESP-01 module based on the ESP8266 is all the rage with IoT folks at the moment – and why not. For about 5 bucks, it can’t be beat on price for the features it offers. The one thing that such radios do a lot is suck power. So, it’s no surprise that ways to cut down on the juice that this device consumes is top priority for many people. [Tim] figured out a simple hardware hack to get the ESP-01 to go to deep sleep, effectively reducing its current draw to 78uA – low enough to allow battery powered deployment.

While [Tim] was working on understanding the ESP8266 tool chain (NodeMCU firmware > Lua interpreter > ESPlorer IDE), he realized that some essential pins weren’t accessible on the ESP-01 module. [Tim] built a Dev board on perf board that let him access these pins and also added some frills while at it. We’re guessing he (or someone else) will come up with a proper PCB to make things easier. But the real hack is on the ESP-01 module itself. [Tim] needed to hardwire the ‘post-sleep-reset-pin’ on the MCU to the Reset terminal. That, and also pry off the indicator LED’s with a screw driver! That sounds a bit drastic, and we’d recommend pulling out your soldering iron instead. If you’re one of the unlucky one’s to receive the “magic smoke” releasing ESP8266 modules, then you don’t need the LED anyway.

Photonic Reset of the Raspberry Pi 2

For the past month, the Raspberry Pi 2 has only been available to the Raspi Foundation, and for about 2 weeks, select members of the media who have worn the Raspi 2 on a necklace like [Flavor Flav] wears a clock. That’s not many people with real, working hardware and when a product is released, the great unwashed masses will find some really, really weird bugs. The first one to crop up is a light-sensitive reset of the Raspberry Pi 2.

[PeterO] on the Raspberry Pi forums took a few pictures – with flash – of a running Raspberry Pi 2. It took a little bit of deduction to realize that a camera flash will either reset or turn the Raspi 2 off. Yes, this is weird, and experiments are ongoing.

A short video from [Mike Redrobe] confirms the finding and a reddit thread offers an explanation. U16, a small chip located in the power supply part of the Raspi 2, is sensitive to light. Putting enough photons will cause the Pi to shut down or restart.

There’s still some research to be done, however, I can confirm a cheap green laser pointer will reset a Raspberry Pi 2 when the beam is directed at the U16 chip. This is the chip that is responsible, and this is not an EMP issue. This is a photon/light issue with the U16 chip. The solution to this bug is to either keep it in a case, or put a tiny amount of electrical tape over the chip.

Thanks [Arko] for staying up until an ungodly hour and sending this to me.