In Chicago? Bring A Hack!

It’s been far too long since we’ve had a Hackaday presence at a hackerspace. This, of course, is a terrible oversight and something must be done to correct it. If you’re in Chicago, you’re in luck. We’re going to be at Pumping Station: One this Wednesday for a Bring-A-Hack meetup.

If you have a cool build to show off, a bunch of blinky things, wearables, or just some cool tech, the mythical Hackaday Prize guru [Sophi Kravitz] will be at PS:1 Wednesday evening. I’m pretty sure there will be stickers, but sadly no t-shirt cannon just yet.

The event is free, open to everyone, and there’s pizza. RSVPing would be a good idea, and you can do that over on the meetup.com page for the event.

Lenovo Shipped PC’s with Spyware that Breaks HTTPS

If you’ve ever purchased a new computer then you are probably familiar with the barrage of bloatware that comes pre-installed. Usually there are system tools, antivirus software trials, and a whole bunch of other things that most of us never wanted in the first place. Well now we can add Superfish spyware to the list.

You may wonder what makes this case so special. A lot of PC’s come with software pre-installed that collect usage statistics for the manufacturer. Superfish is a somewhat extreme case of this. The software actually installs a self-signed root HTTPS certificate. Then, the software uses its own certificates for every single HTTPS session the user opens. If you visit your online banking portal for example, you won’t actually get the certificate from your bank. Instead, you’ll receive a certificate signed by Superfish. Your PC will trust it, because it already has the root certificate installed. This is essentially a man in the middle attack performed by software installed by Lenovo. Superfish uses this ability to do things to your encrypted connection including collecting data, and injecting ads.

As if that wasn’t bad enough, their certificate is actually using a deprecated SHA-1 certificate that uses 1024-bit RSA encryption. This level of encryption is weak and susceptible to attack. In fact, it was reported that [Rob Graham], CEO of Errata Security has already cracked the certificate and revealed the private key. With the private key known to the public, an attacker can easily spoof any HTTPS certificate and systems that are infected with Superfish will just trust it. The user will have no idea that they are visiting a fake phishing website.

Since this discovery was made, Lenovo has released a statement saying that Superfish was installed on some systems that shipped between September and December of 2014. They claim that server-side interactions have been disabled since January, which disables Superfish. They have no plans to pre-load Superfish on any new systems.

Tindie, the Etsy and Yelp for Electronics

For one reason or another, Tindie has become known as the Etsy for DIY electronics, tinkering, and all things that are regularly featured on Hackaday. Now [Emile] over at Tindie is tackling another problem faced by homebrew electronic wizards: finding good middlemen, board houses, places that do assembly, and machinists. The answer to that is Tindie Biz, something that [Emile] is calling the ‘Yelp for electronics.’

[Emile], the owner and creator of Tindie used to work for Yelp, something that got him more than a few “boo”s at last week’s Hackaday Omnibus Launch Party. Despite the community’s inexplicable hatred of Yelp, [Emile] actually learned a lot; verification is the ultimate problem of user-submitted reviews, and his solution to that problem is to put proof of a transaction in with the review, lest Tindie Biz fall into a disarray of spam and astroturfing.

Already there are over 1,400 manufacturers on Tindie Biz, but [Emile] said right now, his new manufacturer review site needs input from DIYers; the real value is in getting people who have done business with manufacturers around the globe to submit reviews. It needs reviewers, and that’s where you come in. It’s all free, and like most good ideas, something that makes you say, ‘I should have thought of that first.’

Hackaday.io Reaches 50,000 Registered Users

Hackaday.io, our neat project hosting site, has been around for a little more than a year. It’s been public for juuussst over 11 months, and today we’ve hit a milestone: we have over 50,000 hackers on board, documenting their builds and giving skulls for the cool projects they find. The lucky 50,000th hacker? This guy.

Over the past year, we’ve seen a ton of cool projects that have included a $300 pick and place machine, a very inexpensive machine vision camera system that’s also a very successful Kickstarter, the closest Hackaday ever get to a MOOC from a Cornell professor, and something that would be called the decapitron if it weren’t built by a NASA engineer.

All of this wouldn’t be possible without those 50,000 people on Hackaday.io. This one is for everybody out there who’s already registered. We have to give a shoutout to [Dave Darko], by far the most helpful guy on the entire site.  He has been a thorn in the side of the devs, giving us an amazing amount of feedback.

Speaking of devs, we’re going to be giving out a t-shirt and a few goodies for the 65,536th hacker to sign on (yes, an off-by-one error), for being the person who forced us to refactor everything. Considering the backroom planning, that shouldn’t be long. If you’re one of the nearly 200,000 unregistered users who visited over the last 30 days, there’s a tiny incentive to sign up.

Hack allows ESP-01 to go to Deep Sleep

The ESP-01 module based on the ESP8266 is all the rage with IoT folks at the moment – and why not. For about 5 bucks, it can’t be beat on price for the features it offers. The one thing that such radios do a lot is suck power. So, it’s no surprise that ways to cut down on the juice that this device consumes is top priority for many people. [Tim] figured out a simple hardware hack to get the ESP-01 to go to deep sleep, effectively reducing its current draw to 78uA – low enough to allow battery powered deployment.

While [Tim] was working on understanding the ESP8266 tool chain (NodeMCU firmware > Lua interpreter > ESPlorer IDE), he realized that some essential pins weren’t accessible on the ESP-01 module. [Tim] built a Dev board on perf board that let him access these pins and also added some frills while at it. We’re guessing he (or someone else) will come up with a proper PCB to make things easier. But the real hack is on the ESP-01 module itself. [Tim] needed to hardwire the ‘post-sleep-reset-pin’ on the MCU to the Reset terminal. That, and also pry off the indicator LED’s with a screw driver! That sounds a bit drastic, and we’d recommend pulling out your soldering iron instead. If you’re one of the unlucky one’s to receive the “magic smoke” releasing ESP8266 modules, then you don’t need the LED anyway.

Photonic Reset of the Raspberry Pi 2

For the past month, the Raspberry Pi 2 has only been available to the Raspi Foundation, and for about 2 weeks, select members of the media who have worn the Raspi 2 on a necklace like [Flavor Flav] wears a clock. That’s not many people with real, working hardware and when a product is released, the great unwashed masses will find some really, really weird bugs. The first one to crop up is a light-sensitive reset of the Raspberry Pi 2.

[PeterO] on the Raspberry Pi forums took a few pictures – with flash – of a running Raspberry Pi 2. It took a little bit of deduction to realize that a camera flash will either reset or turn the Raspi 2 off. Yes, this is weird, and experiments are ongoing.

A short video from [Mike Redrobe] confirms the finding and a reddit thread offers an explanation. U16, a small chip located in the power supply part of the Raspi 2, is sensitive to light. Putting enough photons will cause the Pi to shut down or restart.

There’s still some research to be done, however, I can confirm a cheap green laser pointer will reset a Raspberry Pi 2 when the beam is directed at the U16 chip. This is the chip that is responsible, and this is not an EMP issue. This is a photon/light issue with the U16 chip. The solution to this bug is to either keep it in a case, or put a tiny amount of electrical tape over the chip.

Thanks [Arko] for staying up until an ungodly hour and sending this to me.

I’ve come to bury Radio Shack, Not praise it.

This is a post that has been a long time coming. Today, Radio Shack, the store that has been everything from an excellent introduction to electronics and computers to a store that sells cell phones, cell phone accessories, and cell phone plans has declared bankruptcy.

To anyone, this should not be news. For the last decade, the public perception of Radio Shack was one of a shell of its former self. In 2007, The Onion famously published Even CEO Can’t Figure Out How RadioShack Still In Business, an article that like most of The Onion’s work, is a sand dune of grains of truth.

In recent years, Radio Shack has made attempts to appeal to the demographic that holds the ‘shack in such high regard. Just four short years ago, Radio Shack made an appeal to this community and asked for suggestions for what people would actually buy at Radio Shack. The answers ranged from Arduinos and larger component selections to Parallax Propellers. Even with this renewed focus on DIY, repair, electronic tinkering, and even in-house cellphone repair shops in some select locations, this was not enough.

This was a make or break year for Radio Shack. Last fall, Standard General, a hedge fund with an amazing name, attempted to refinance Radio Shack’s debt with specific revenue benchmarks set for the holiday season. These benchmarks were not met, and now Radio Shack has filed for bankruptcy protection after reaching a deal to sell nearly 2,500 stores. Radio Shack now has about 5,000 stores in the U.S.. Half of them will close, and as many as 1,700 will be operated by Sprint. The future of Radio Shack was a cell phone store, it seems.

Right now, there are rumors of Radio Shack employees ‘released from service’, with mass closings of stores very, very soon.

There has always been a love-hate relationship with Radio Shack with the DIY and tinkerer community. It was everything from many programmer’s first introduction to computers, the only place in town you could buy [Forrest Mims]’ excellent books, to a horrible place to work, and an odd store where you need a phone number to buy batteries.

This is not a eulogy; Radio Shack isn’t quite dead just yet, and eulogies are reserved for the loved ones in our lives. Radio Shack is neither. We all have a rich history with Radio Shack, and next time you’re buying some resistors on Mouser or Digikey, just remember we’re living in a different world now.