We are once again saddened to report the loss of another great hacker. Patrick Joyce has passed away after a decade-long struggle with ALS/MND. Patrick was the team captain of Eyedriveomatic, the Grand Prize winning hardware from the 2015 Hackaday Prize. The loss of Patrick comes quickly after receiving word on Monday about the death of Patrick’s teammate, Steve Evans.
Despite the challenges Patrick faced in the final years of his life he was a prolific hardware hacker. He and his team won the Hackaday Prize in 2015 for designing a system which allowed electric wheelchairs to be controlled with eye gaze software without altering the chairs themselves (which are often not owned by the user). But he was also a finalist in the Assistive Technologies challenge of the 2016 Hackaday Prize. The Raimi’s Arm project set its goal at creating bionic arms for kids — a noble and worthy challenge for everyone to undertake. Check out Patrick’s profile page and you’ll see he has also built an open source head mouse (an alternative to eye gaze controls) and a headphone robot which allowed him to put on and take off his own headphones.
I find it amazing what he achieved in his work considering the physical limitations placed before him. Patrick had limited use of one hand which he used with a joystick for mouse control. His typing was done using eye gaze. Yet he managed to design and document a number of incredible creations. This is inspiring.
Reflect on this loss to our community, but take comfort in the fact that his work lives on. Cody Barnes, the software developer for the Eyedrivomatic, plans to continue work on the project. If you are interested in helping to make that open source assistive tech available to more people who need it, now is a great time to send a private message to Cody to learn more about getting involved.
Ben Einstein, a product designer and founder at Bolt, a hardware-based VC, recently got his hands on a Juicero press. This desktop juice press that only works with proprietary pouches filled with chopped fruits and vegetables is currently bandied in the tech press as evidence Silicon Valley has gone mad, there is no future in building hardware, and the Internet of Things is a pox on civilization. Hey, at least they got the last one right.
This iFixit-style tear down digs into the Juicero mixer in all its gory details. It’s beautiful, it’s a marvel of technology, and given the engineering that went into this machine, it was doomed to fail. Not because it didn’t accomplish the task at hand, but because it does so with a level of engineering overkill that’s delightful to look at but devastating to the production cost.
Continue reading “Juicero: A Lesson On When To Engineer Less”
It is with great sadness that Hackaday learns of the passing of Steve Evans. He was one of the creators of Eyedrivomatic, the eye-controlled wheelchair project which was awarded the Grand Prize during the 2015 Hackaday Prize.
News of Steve’s passing was shared by his teammate Cody Barnes in a project update on Monday. For more than a decade Steve had been living with Motor Neurone Disease (MND). He slowly lost the function of his body, but his mind remained intact throughout. We are inspired that despite his struggles he chose to spend his time creating a better world. Above you can see him test-driving an Eyedrivomatic prototype which is the blue 3D printed attachment seen on the arm of his chair.
The Eyedrivomatic is a hardware adapter for electric wheelchairs which bridges the physical controls of the chair with the eye-controlled computer used by people living with ALS/MND and in many other situations. The project is Open Hardware and Open Source Software and the team continues to work on making Eyedriveomatic more widely available by continuing to refine the design for ease of fabrication, and has even begun to sell kits so those who cannot build it themselves still have access.
The team will continue with the Eyedrivomatic project. If you are inspired by Steve’s story, now is a great time to look into helping out. Contact Cody Barnes if you would like to contribute to the project. Love and appreciation for Steve and his family may be left as comments on the project log.
[Symantec] Reports Hajime seems to be a white hat worm that spreads over telnet in order to secure IoT devices instead of actually doing anything malicious.
[Brian Benchoff] wrote a great article about the Hajime Worm just as the story broke when first discovered back in October last year. At the time, it looked like the beginnings of a malicious IoT botnet out to cause some DDoS trouble. In a crazy turn of events, it now seems that the worm is actually securing devices affected by another major IoT botnet, dubbed Mirai, which has been launching DDoS attacks. More recently a new Mirai variant has been launching application-layer attacks since it’s source code was uploaded to a GitHub account and adapted.
Hajime is a much more complex botnet than Mirai as it is controlled through peer-to-peer propagating commands through infected devices, whilst the latter uses hard-coded addresses for the command and control of the botnet. Hajime can also cloak its self better, managing to hide its self from running processes and hide its files from the device.
The author can open a shell script to any infected machine in the network at any time, and the code is modular, so new capabilities can be added on the fly. It is apparent from the code that a fair amount of development time went into designing this worm.
So where is this all going? So far this is beginning to look like a cyber battle of Good vs Evil. Or it’s a turf war between rival cyber-mafias. Only time will tell.
We’ve been watching the development of the ESP32 chip for the last year, but honestly we’ve been a little bit cautious to throw all of our friendly ESP8266s away just yet. Earlier this month, Espressif released version 2.0 of their IoT Development Framework (ESP-IDF), and if you haven’t been following along, you’ve missed a lot.
We last took a serious look at the IDF when the chips were brand-new, and the framework was still taking its first baby steps. There was no support for such niceties as I2C and such at the time, but you could get both cores up and running and the thing connected to the network. We wanted to test out the power-save modes, but that wasn’t implemented yet either. In short, we were watching the construction of a firmware skyscraper from day one, and only the foundation had been poured.
But what a difference eight months make! Look through the GitHub changes log for the release, and it’s a totally new ballgame. Not only are their drivers for I2C, I2S, SPI, the DAC and ADCs, etc, but there are working examples and documentation for all of the above. Naturally, there are a ton of bugfixes as well, especially in the complex WiFi and Bluetooth Low Energy stacks. There’s still work left to do, naturally, but Espressif seems to think that the framework is now mature enough that they’ve opened up their security bug bounty program on the chip. Time to get hacking!
Continue reading “ESP32’s Dev Framework Reaches 2.0”
Well, think again. At least if you are using Chrome or Firefox. Don’t believe us? Well, check out Apple new website then, at https://www.apple.com . Notice anything? If you are not using an affected browser you are just seeing a strange URL after opening the webpage, otherwise it’s pretty legit. This is a page to demonstrate a type of Unicode vulnerability in how the browser interprets and show the URL to the user. Notice the valid HTTPS. Of course the domain is not from Apple, it is actually the domain: “https://www.xn--80ak6aa92e.com/“. If you open the page, you can see the actual URL by right-clicking and select view-source.
So what’s going on? This type of phishing attack, known as IDN homograph attacks, relies on the fact that the browser, in this case Chrome or Firefox, interprets the “xn--” prefix in a URL as an ASCII compatible encoding prefix. It is called Punycode and it’s a way to represent Unicode using only the ASCII characters used in Internet host names. Imagine a sort of Base64 for domains. This allows for domains with international characters to be registered, for example, the domain “xn--s7y.co” is equivalent to “短.co”, as [Xudong Zheng] explains in his blog.
Different alphabets have different glyphs that work in this kinds of attacks. Take the Cyrillic alphabet, it contains 11 lowercase glyphs that are identical or nearly identical to Latin counterparts. These class of attacks, where an attacker replaces one letter for its counterpart is widely known and are usually mitigated by the browser:
Continue reading “You Think You Can’t Be Phished?”
The Libre Space Foundation is an organization dedicated to the development of libre space hardware. It was born from the SatNOGS project — the winners of the first Hackaday Prize — and now this foundation is in space. The Libre Space Foundation hitched a ride on the Orbital ATK launch yesterday, and right now their completely Open Source cube sat is on its way to the International Space Station.
The cube sat in question is UPSat, a 2U cubesat that is completely Open Source. Everything from the chassis to the firmware is completely Open, with all the source files hosted on GitHub.
UPSat is currently on its way to the International Space Station stowed in an Orbital ATK Cygnus cargo spacecraft. From here, the UPSat will be unloaded by members of the current ISS expedition and deployed with help from NanoRacks. Basically, the first Open Source satellite will be tossed overboard from the International Space Station. If you want to listen in on the data UPSat is beaming down, build a SatNOGS ground station and tune into 435.765 MHz. With a good antenna, you should be able to hear it when the ISS is in the sky, or a few times a week.
You can check out the launch of the Cygnus the UPSat is flying on in the video below. NASA also recorded a 360° video from the launch pad that unfortunately cuts out in the first few seconds after launch.
Continue reading “Flying The First Open Source Satellite”