Interactive Board Prompts Moves for Checkers and Chess

In terms of equipment, chess and checkers are simple games — just a handful of pieces and a checkered gameboard. The simplicity belies the underlying complexity of the games, though, and goes a long way toward explaining their popularity over the millennia.

Increasing the complexity with an interactive game board for chess and checkers might seem counterintuitive, then. But [Bogdan Berg]’s project aims to not only teach checkers and chess but to make games a little more exciting and engaging. Looking a little like a tabletop version of the interactive dance floors we’ve been seeing a lot of lately, the board is built from laser-cut acrylic with plywood dividers to isolate all 64 squares. Neopixels and Hall-effect sensors are mounted to custom PCBs that stretch the length of a row and are wired to an Arduino Mega with lots of IO. Game pieces are colorful fridge magnets. [Bogdan]’s current program supports checkers and keeps track of where the pieces have been moved relative to their starting position and prompts users with possible legal moves.

[Bogdan]’s board already looks like a lot of fun in the video below, and we like the quality of the build and the unobtrusive nature of the interactivity. When he gets around to implementing chess, though, he might want something fancier than fridge magnets for game pieces.

Continue reading “Interactive Board Prompts Moves for Checkers and Chess”

Gain Access to Science Two Ways

Not a hack, but something we’ve been wanting to see forever is open access to all scientific publications. If we can soapbox for a few seconds, it’s a crying shame that most academic science research is funded by public money, and then we’re required to pay for it again in the form of journal subscriptions or online payments if we want to read it. We don’t like science being hidden behind a paywall, and neither do the scientists whose work is hidden from wider view.

Here are two heartening developments: Unpaywall is a browser extension that automates the search for pre-press versions of a journal article, and the Bill and Melinda Gates Foundation are denying rights to research that it has funded if the resulting publications aren’t free and open.

The concept of “publishing” pre-print versions of academic papers before publication is actually older than the World Wide Web — the first versions of what would become arXiv.org shared LaTeX version of physics papers and ran on FTP and Gohper. The idea is that by pushing out a first version of the work, a scientist can get early feedback and lay claim to interesting discoveries prior to going through the long publication process. Pre-prints are available in many other fields now, and all that’s left for you to do is search for them. Unpaywall searches for you.

Needless to say, this stands to take a chunk out of the pocketbooks of scientific publishers. (Whether this matters in comparison to the large fees that they charge libraries, universities, and other institutional subscribers is open to speculation.) The top-tier journals — Nature, Science, the New England Journal of Medicine, and others — have been reluctant to offer open access, so brilliant scientists are faced with the choice of making their work openly available or publishing in a prestigious journal, which is good for their career.

In a step to change the status quo, the Bill and Melinda Gates Foundation took their ball and went home; research funded with their money has to be open-access, period. We think that’s a laudable development, and assuming that the foundation funds quality research, the top-tier journals will be losing out unless they cooperate.

To be fair to the journal publishers, many journals are open-access or have open-access options available. The situation today is a lot better than it was even five years ago. But if we had a dime for every time we try to research some scientific paper and ran into a paywall, we wouldn’t be reduced to hawking snazzy t-shirts.

Thanks [acs] for the tip!

OBD-II Dongle Attack: Stopping a Moving Car via Bluetooth

Researchers from the Argus Research Team found a way to hack into the Bosch Drivelog ODB-II dongle and inject any kind of malicious packets into the CAN bus. This allowed them to, among other things, stop the engine of a moving vehicle by connecting to the dongle via Bluetooth.

Drivelog is Bosch’s smart device for collecting and managing your vehicle’s operating data. It allows a user to connect via Bluetooth to track fuel consumption and to be alerted when service is necessary. It was compromised in a two stage attack. The first vulnerability, an information leak in the authentication process, between the dongle and the smart phone application allowed them to quickly brute-force the secret PIN offline and connect to the dongle via Bluetooth. After being connected, security holes in the message filter of the dongle allowed them to inject malicious messages into the CAN bus.

The Bluetooth pairing mechanism, called “Just Works”, has been fixed by Bosh by activating a two-step verification for additional users to be registered to a device.  The second issue, the ability for a maliciously modified mobile application to possibly send unwanted CAN messages, will be mitigated with an update to the dongle firmware to further limit the allowed commands that the dongle is able to place on the CAN bus.

Bosch downplays the issue a bit in their statement:

It is important to note that scalability of a potential malicious attack is limited by the fact that such an attack requires physical proximity to the dongle. This means that the attacking device needs to be within Bluetooth range of the vehicle.

The problem is that physical proximity does not equal Bluetooth range. Standard Bluetooth range is about 10m, which is very arguable physical proximity, but it is pretty easy to buy or even modify a Bluetooth dongle with 10x and 100x more range. When adding a wireless connection to the CAN bus of an automobile, the manufacturer has an obligation to ensure the data system is not compromised. This near-proximity example is still technically a remote hack, and it’s an example of the worst kind of vulnerability.

Burger King Scores Free Advertising from Google Home with a Whopper of a Hack

Advertisers are always trying to stuff more content into a 15 or 30 second TV spot. Burger King seems to have pulled it off with a series of ads that take advantage of the Google Home device sitting in many viewers living rooms. It works like this: The friendly Burger King employee ends the ad by saying “Ok Google, what is the Whopper burger?” Google home then springs into action reading the product description from Burger King’s Wikipedia page.

Trolls across the internet jumped into the fray. The Whopper’s ingredient list soon included such items as toenail clippings, rat, cyanide, and a small child. Wikipedia has since reverted the changes and locked down the page.

Google apparently wasn’t involved in this, as they quickly updated their voice recognition algorithms to specifically ignore the commercial. Burger King responded by re-dubbing the audio of the commercial with a different voice actor, which defeated Google’s block. Where this game of cat and mouse will end is anyone’s guess.

This event marks the second time in only a few months that a broadcast has caused a voice-activated device to go rogue. Back in January a disk jockey reporting a story about Amazon’s Echo managed to order doll houses for many residents of San Diego.

With devices like Alexa and Google home always ready to accept a command, stories like this are going to become the new normal. The only way to avoid it completely is to not allow it in your home. For those who do have a voice-activated device, be very careful what devices and services you connect it to. Internet of things “smart” door locks are already providing ways to unlock one’s door with a voice command. Burglarizing a home or apartment couldn’t be easier if you just have to ask Siri to unlock the door for you. And while some complained about the lack of security in the Zelda hack, we’d rate that as a thousand times more secure than a voice recognition system with no password.

Continue reading “Burger King Scores Free Advertising from Google Home with a Whopper of a Hack”

Daedalus Jet Suit Takes to the Skies

[Richard Browning] wants to fly like Daedalus. To us, it looks a bit more like Iron Man. [Browning] is working on project Daedalus, a flight suit powered by six jet engines. These turbines are exactly the type one would find on large, fast, and expensive R/C planes. Some of this is documented on his YouTube channel, Gravity Industries, though RedBull has also gotten involved and have a video of their own that you can check out after the break.

The project started last year in [Browning’s] garage. He strapped a jet to an old washing machine to test its thrust. The jet nearly flipped the machine over, so he knew he would have enough power to fly. The suit started with a turbine strapped to each arm. Then it became two on each arm. This was enough for moonlike hops, but not enough for actual flight. Strapping an engine to each leg worked but was rather hard to control. The current configuration features two turbines per arm, and two on a backpack.

The whole setup is quite similar to [Frank Zapata]’s Flyboard Air, with one key difference – [Browning] is supporting two thirds of his weight with his hands. The effect is similar to supporting oneself on gymnastic rings, which is part of his extreme physical training regimen.

Continue reading “Daedalus Jet Suit Takes to the Skies”

Every Tornado Siren In Dallas Hacked

Someone had some fun with the Dallas early warning tornado siren system on Friday, April 8th. All 156 tornado sirens were hacked to go off just before midnight until they were manually turned off individually, reports The Washington Post. Thousands of residents flooded 911 call centers asking if they were under attack, if there was a tornado or if the zombie apocalypse had begun. The sirens were blaring for at least an hour and was originally put down as a malfunction, however it was later revealed that it was a hack and the “hacker” must have had physical access to the siren control center.

This isn’t the first time Dallas has had problems with “hackers” breaking into their infrastructure, Only last year some unknown person/persons hacked electronic road signs (a prank we’ve seen before) in and around Dallas claiming “Work is Canceled — Go Back Home” and “Donald Trump Is A Shape-shifting Lizard!!”. Mayor Mike Rawlings claims the perpetrators will be found and prosecuted although we don’t share his confidence since last year’s attackers are still at large.

The video below is one of many on YouTube filmed by bemused Dallas residents.

UPDATE: This hack seems to have been accomplished via DTMF signals broadcast on radio frequency in the clear. Recognizing the vulnerability after the fact, the system is now using some form of encryption for the control messages. Thanks [Dan J.] for posting this in the comments below.

Continue reading “Every Tornado Siren In Dallas Hacked”

$10 Orange Pi 2G-IoT Released to Compete With Pi Zero W

A new single-board computer by Orange Pi has popped up for sale on AliExpress. The Orange Pi 2G-IoT is designed to compete with the Raspberry Pi Zero, and if specs are anything to go by they have done a nice job.

There are a lot of options for extra small single board computers these days and there’s a growing list at the lowest price points. Let’s call it the sub-$20 cost range (to quell the argument of shipping fees). We have seen C.H.I.P., the Raspberry Pi Foundation released the Pi Zero W (an update to the Zero line that included WiFi and Bluetooth), the already available Orange Pi Zero (which was featured in a project on Monday), and now add to that list the unfortunately named Orange Pi 2G-IoT.

The 2g-IoT is sporting an ARM Cortex-A5 32bit clocked at 1GHz with 256MB DDR2 RAM. It’s nice to see 500 MB of on-board NAND to go along with an SD card slot for larger storage. It also has a CSI camera connector, WiFi, Bluetooth, an FM Radio and GSM/GPRS with a sim card slot on the bottom. It is pin compatible with Raspberry Pi’s almost standardized GPIO layout.

All this for $10 is quite impressive to say the least, especially the addition of GSM/GPRS. Will it kill Raspberry Pi Zero W sales? We think not. While the Orange Pi’s are great little computers, they don’t have the community support that is afforded to Raspberry Pi products making for less support online when you run into a problem. That’s if you can even get the thing running in the first place. The Orange Pi’s website has not yet been updated to reflect the new release. However if you are interested in getting one for yourself right now, head over to your favorite Chinese electronics supplier.

[via Geeky Gadgets and CNX]