Solid State Battery from the Man Who Brought Us Lithium Ion

Who is [John Goodenough]? He’s 94, so he’s been around long enough that you ought to know him. He was one of the co-inventors of the lithium-ion battery. Think about how much that battery has changed electronics. [Goodenough] along with [Maria Helena Braga] may have come up with that battery’s successor: the solid state battery. There’s a paper available that is free, but requires registration. If you don’t want to register, you can read the news release from the University of Texas with no trouble.

Keywords used to describe the new battery are low-cost, noncombustible, long cycle life, high energy density, and fast charge and discharge rates. The pair is also claiming three times the energy density of a current lithium-ion battery. They also claim that the batteries recharge in minutes instead of hours. You can see a video from [Transport Evolved] that discusses the invention, below.

Continue reading “Solid State Battery from the Man Who Brought Us Lithium Ion”

$10 Raspberry Pi Zero W Adds WiFi and Bluetooth

The Raspberry Pi was born on February 29th which means we’re only three years away from its second birthday, and a new hardware release from the Pi Foundation is becoming somewhat of a tradition. This year is no different: a new Raspberry Pi has been announced. The Raspberry Pi Zero W is the latest iteration of the Pi foundation’s tiny and extremely inexpensive single board computer. It’s a Raspberry Pi Zero with WiFi and Bluetooth.

The specs of the new Pi Zero W are nearly identical to the previous incarnation of the non-W Zero. It sports a 1GHz single-core processor, 512 MB of RAM, features Mini HDMI and USB OTG ports, uses a micro USB port for power, features the now-standard 40-pin header with four additional pins for composite video and a reset button. This board, like the second hardware revision of the Pi Zero, also features a CSI camera connector.

Of course, the big feature is the addition of WiFi and Bluetooth. The Pi Zero W adds the wireless functionality from the Raspberry Pi 3B. That’s 802.11n and Bluetooth 4.0.

The Pi Zero’s claim to fame was, of course, the price. The original Pi Zero was at first a bit of hardware glued to the cover of the MagPi magazine, later to sell for just $5 USD. The Raspberry Pi Zero W is priced at just $10.

Continue reading “$10 Raspberry Pi Zero W Adds WiFi and Bluetooth”

Is Your Child A Hacker?

Parents in Liverpool, UK, are being prepared to spot the signs that their children might be hackers. The Liverpool Echo reports on the launch of a “Hackers To Heroes” scheme targeting youngsters at risk of donning a black hat, and has an expert on hand, one [Vince Warrington], to come up with a handy cut-out-and-keep list. Because you never know when you’re going to need one, and he’s helped the Government so should know what he’s talking about.

Of course, they’re talking about “Hacker” (cybercriminal) while for us the word has much more positive connotations. And it’s yet another piece of ill-informed media scaremongering about technology that probably fits like so many others in the “People are having fun. Something Must Be Done About It!” category. But it’s still something that will probably result in hassle for a few youngsters with an interest in technology, and that’s not encouraging.

The full list is reproduced below, if you’re a parent it seems you will need to watch your children if:

  1. They spend most of their free time alone with their computer
  2. They have few real friends, but talk extensively to online friends about computers
  3. Teachers say the child has a keen interest in computers, almost to the exclusion of all other subjects
  4. They’re online so much it affects their sleeping habits
  5. They use the language of hacking, with terms such as ‘DdoS’ (pronounced D-dos), Dossing, pwnd, Doxing, Bots, Botnets, Cracking, Hash (refers to a type of encryption rather than cannabis), Keylogger, Lulz, Phishing, Spoof or Spoofing. Members of the Anonymous Hackivist group refer to their attacks as ‘Ops’
  6. They refer to themselves and their friends as hackers or script kiddies
  7. They have multiple social media profiles on one platform
  8. They have multiple email addresses
  9. They have an odd sounding nickname (famous ones include MafiaBoy and CyberZeist)
  10. Their computer has a web browser called ToR (The Onion Router) which is used to access hacking forums on the dark web
  11. Monitoring tools you’ve put on the computer might suddenly stop working
  12. They can connect to the wifi of nearby houses (especially concerning if they have no legitimate reason to have the password)
  13. They claim to be making money from online computer games (many hackers get started by trying to break computer games in order to exploit flaws in the game. They will then sell these ‘cheats’ online).
  14. They might know more than they should about parents and siblings, not being able to resist hacking your email or social media
  15. Your internet connection slows or goes off, as their hacker rivals try to take them down
  16. Some circumstantial evidence suggests children with Autism and Asperger’s could be more vulnerable to becoming hackers.

Reading the list, we can’t help wondering how many Hackaday readers would recognise as perfectly normal behaviours from their own formative years. And some of them look ripe for misinterpretation, for example your internet connection slowing down does not automatically mean that little [Jimmy] is selling a billion compromised social media accounts on the Dark Web.

Particularly concerning though is the final association of computer crime with children who are autistic or have Asperger’s Syndrome. Picking on a minority as a scapegoat for a public moral panic is reprehensible, and is not responsible journalism.

Still, you have to laugh. They remembered to include a stock photo of a hacker using a keyboard, but they’ve completely missed the telltale sign of a real hacker, which is of course wr1t1n9 11k3 r341 1337 h4xxx0rzzz.

Via The Register.

Liverpool skyline, G-Man (Public domain) via Wikimedia Commons.

Audi Engineer Exposes Cheat Order

In an interesting turn of events last week in a German court, evidence has materialized that engineers were ordered to cheat emissions testing when developing automotive parts.

Last Tuesday, Ulrich Weiß brought forward a document that alleges Audi Board of Director members were involved in ordering a cheat for diesel emissions. Weiß was the head of engine development for Audi, suspended in November of 2015 but continued to draw more than half a million dollars in salary before being fired after prior to last week’s court testimony.

Volkswagen Group is the parent company of Audi and this all seems to have happened while the VW diesel emissions testing scandal we’ve covered since 2015 was beginning to come to light. Weiß testified that he was asked to design a method of getting around strict emissions standards in Hong Kong even though Audi knew their diesel engines weren’t capable of doing so legitimately.

According to Weiß, he asked for a signed order. When he received that order he instructed his team to resist following it. We have not seen a copy of the letter, but the German tabloid newspaper Bild reports that the letter claims approval by four Audi board members and was signed by the head of powertrain development at the company.

Hackaday was unable to locate any other sources reporting on the letter other than the Bild article we have linked to (also the source used in the Forbes article above). Sources such as Die Welt reference only “internal papers”. If you know of other reporting on the topic please leave a comment about it below.

 

The Tiko Printer: What Happens When You Innovate Too Much

Sometime in the very distant future, the Universe will become the domain of black holes. Energy and entropy will be compressed into minuscule quantum fluctuations. Even in this domain of nothingness, there will still be one unassailable truth: you should not buy a 3D printer on Kickstarter.

We’re no strangers to failed 3D printer crowdfunding campaigns. Around this time last year, backers for the Peachy Printer, an inordinately innovative resin printer, found out they were getting a timeshare in Canada instead of a printer. This was unusual not because a crowdfunding campaign failed, but because we know what actually happened. It’s rare to get the inside story, and the Peachy Printer did not disappoint.

For the last few months, we’ve been watching another crowdfunding campaign on its long walk to the gallows. The Tiko 3D printer is another 3D printer that looks innovative, and at the time of the crowdfunding campaign, the price couldn’t be beat. For just $179 USD, the backers of the Tiko printer would receive a 3D printer. Keep in mind the Tiko launched nearly two years ago, when a bargain-basement printer still cost about $400. Fools and money, or something like that, and the Tiko 3D printer campaign garnered almost three million dollars in pledges.

Now, after almost two years of development, Tiko is closing up shop. In an update posted to the Tiko Kickstarter this week, Tiko announced they are laying off their team and winding down operations. It’s a sad but almost predictable end to a project that could have been cool. Unlike so many other failed crowdfunding campaigns, Tiko has given us a post-mortum on their campaign. This is how the Tiko became a standout success on Kickstarter, how it failed, and is an excellent example of the difference between building one of something and building ten thousand.

Continue reading “The Tiko Printer: What Happens When You Innovate Too Much”

Old Thermometer Gets New Eyes

As much as we’d like to have the right tools for the right job all of the time, sometimes our parts drawers have other things in mind. After all, what’s better than buying a new tool than building one yourself from things you had lying around? That’s at least what [Saulius] must have been thinking when he needed a thermometer with a digital output, but only had a dumb, but feature-rich, thermometer on hand.

Luckily, [Saulius] had a webcam lying around as well as an old thermometer, and since the thermometer had a LCD display it was relatively straightforward to get the camera to recognize the digits in the thermometer’s display. This isn’t any old thermometer, either. It’s a four-channel thermometer with good resolution and a number of other useful features (with an obvious lack of communications abilities), so it’s not something that he could just overlook.

Once the camera was mounted to an arm and pointed at the thermometer’s screen, an algorithm running on a computer detects polygons and reports its information into a CSV file. This process is made simpler by the fact that LCD screens like this are very predictable. From there, the data is imported into LibreOffice and various charts and graphs can be made.

Although perhaps not the most elegant of hacks, sometimes you have to work with the supplies that are on hand at the time. Sometimes the tools you need are too expensive, politically dangerous, or too impractical to obtain. To that end [Saulius]’s hack is a great example of what hacks are possible with the right mindset.

Cloudbleed — Your Credentials Cached in Search Engines

In case you are still wondering about the SHA-1 being broken and if someone is going to be spending hundreds of thousands of dollars to create a fake Certificate Authority and sniff your OkCupid credentials, don’t worry. Why spend so much money when your credentials are being cached by search engines?… Wait, what?

A serious combination of bugs, dubbed Cloudbleed by [Tavis Ormandy], lead to uninitialized memory being present in the response generated by the reverse proxies and leaked to the requester. Since these reverse proxies are shared between Cloudflare clients, this makes the problem even worst, since random data from random clients was leaking. It’s sort of like Heartbleed for HTTP requests. The seriousness of the issue can be fully appreciated in [Tavis] words:

“The examples we’re finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I’ve informed cloudflare what I’m working on. I’m finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We’re talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.”

sexAccording to Cloudflare, the leakage can include HTTP headers, chunks of POST data (perhaps containing passwords), JSON for API calls, URI parameters, cookies and other sensitive information used for authentication (such as API keys and OAuth tokens). An HTTP request to a Cloudflare web site that was vulnerable could reveal information from other unrelated Cloudflare sites.

Adding to this problem, search engines and any other bot that roams free on the Internet, could have randomly downloaded this data. Cloudflare released a detailed incident report explaining all the technicalities of what happened and how they fixed it. It was a very quick incident response with initial mitigation in under 47 minutes. The deployment of the fix was also quite fast. Still, while reading the report, a sense that Cloudflare downplayed this issue remains. According to Cloudflare, the earliest date that this problem could have started is 2016-09-22 and the leak went on until 2017-02-18, five months, give or take.

Just to reassure the readers and not be alarmist, there is no evidence of anyone having exploiting what happened. Before public exposure, Cloudflare worked in proximity with search engines companies to ensure memory was scrubbed from search engine caches from a list of 161 domains they had identified. They also report that Cloudflare has searched the web (!), in sites like Pastebin, for signs of leaks and found none.

On the other hand, it might be very well impossible to know for sure if anyone has a chunk of this data cached away somewhere in the aether. It’s impossible to know. What we would really like to know is: does [Tavis] get the t-shirt or not?