Shmoocon 2017: The Ins And Outs Of Manufacturing And Selling Hardware

Every day, we see people building things. Sometimes, useful things. Very rarely, this thing becomes a product, but even then we don’t hear much about the ins and outs of manufacturing a bunch of these things or the economics of actually selling them. This past weekend at Shmoocon, [Conor Patrick] gave the crowd the inside scoop on selling a few hundred two factor authentication tokens. What started as a hobby is now a legitimate business, thanks to good engineering and abusing Amazon’s distribution program.

The product in question is the U2F Zero, an open source U2F token for two-factor authentication. It’s built around the Atmel/Microchip ATECC508A crypto chip and is, by all accounts, secure enough. It’s also cheap at about $0.70 a piece, and the entire build comes to about $3 USD. All of this is hardware, and should be extremely familiar to the regular Hackaday reader. This isn’t the focus of [Conor]’s talk though. The real challenge is how to manufacture and sell these U2F dongles, a topic we looked in on back in September.

The circuit for this U2F key is basically just a crypto chip and a USB microcontroller, each of which needs to be programmed separately and ideally securely. The private key isn’t something [Conor] wants to give to an assembly house, which means he’s programming all these devices himself.

For a run of 1100 units, [Conor] spent $350 on PCB, $3600 for components and assembly, $190 on shipping and tariffs from China, and an additional $500 for packaging on Amazon. That last bit pushed the final price of the U2F key up nearly 30%, and packaging is something you have to watch if you ever want to sell things of your own.

For distribution, [Conor] chose Fulfillment By Amazon. This is fantastically cheap if you’re selling a product that already exists, but of course, [Conor]’s U2F Zero wasn’t already on Amazon. A new product needs brand approval, and Amazon would not initially recognize the U2F Zero brand. The solution to this was for [Conor] to send a letter to himself allowing him to use the U2F Zero brand and forward that letter to the automated Amazon brand bot. Is that stupid? Yes. Did it work? Also yes.

Sales were quiet until [Conor] submitted a tip to Hacker News and sold about 70 U2F Zeros in a day. After that, sales remained relatively steady. The U2F Zero is now a legitimate product. Even though [Conor] isn’t going to get rich by selling a dozen or so U2F keys a day, it’s still an amazing learning experience and we’re glad to have sat in on his story of bootstrapping a product, if only for the great tip on getting around Amazon’s fulfillment policies.

Police Want Alexa Data; People Begin to Realize It’s Listening

It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

What isn’t being discussed here is more of concern to me. How many of you have a piece of tape over your webcam right now? Why did you do that? It’s because we know there are compromised systems that allow attackers to turn on the camera remotely. Don’t we have to assume that this will eventually happen with the Echo as well? Police warrants likely to affect far less users than account breaches like the massive ones we’ve seen with password data.

All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat. If you could design malware to trigger on the word “Visa” you can probably catch a user giving their credit card number over the phone. This is, of course, a big step beyond the data already stored from normal use of the system.

It’s not surprising that Amazon would be served a warrant for this data. You would expect phone records (although not recordings of the calls) to be reviewed in any murder case. Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.

What’s newsworthy here is that people who don’t normally think about device security are now wondering what their voice-controlled tech actually hears them say. And this is a step in the right direction.

Controlling a Game Room with Amazon Echo

If there are two things we love here at Hackaday, it’s games and automating mundane tasks by adding a lot of electronics and voice control. A game room is, therefore, the perfect sandbox for projects that get us excited in all of the right ways. Liberty Games, a UK-based games room company, already had a really impressive game room (as you might expect). They’ve just posted an awesome build log showcasing how they went about automating mundane game room tasks by adding a lot of electronics and voice control.

There were four tasks that Liberty Games wanted to be able to complete with voice control: releasing billiards balls on their pool table, adding credits to an arcade machine, releasing pinballs on a pinball machine, and control of a CD jukebox. For all of these tasks, they used an Amazon Echo, which already has built-in support for adding new “skills” (Amazon’s term for user-created Alexa commands). These skills allow the Echo to communicate with other devices using JavaScript Object Notation (JSON).

Continue reading “Controlling a Game Room with Amazon Echo”

Put an Honest Face On Alexa With This HAL 9000 Build

Amazon put out a version of Alexa’s software that  could run on Raspberry Pi. Adafruit sold a big scary red button. For, [Keith Elliott] the project ahead was an obvious conclusion.

The Raspberry Pi version of Alexa’s software was lagging behind the release version. You had to press a button to input a command, which really steals a lot of the joy out of a creepy voice controlled robot listening to you putz around the house. Now, it can wake on command.

Since this sold him on finally adding Amazon’s ever watching witch eye to his home, he decided he would give it appropriately sinister clothes. These were 3D printed from files based on Adafruit’s guide. He ended up with a fairly convincing facade.

The inside is kind of melancholy. A lone Raspberry Pi 3 is held company by a microphone and audio amplifier. These are pretty much all that’s needed to make you home automated shopping experience dreams come true. Video after the break.

Continue reading “Put an Honest Face On Alexa With This HAL 9000 Build”

A DIY, Visual Alexa

Talking to computers is all the rage right now. We are accustomed to using voice to communicate with each other, so that makes sense. However, there’s a distinct difference between talking to a human over a phone line and conversing face-to-face. You get a lot of visual cues in person compared to talking over a phone or radio.

Today, most voice-enabled systems are like taking to a computer over the phone. It gets the job done, but you don’t always get the most benefit. To that end, [Youness] decided to marry an OLED display to his Alexa to give visual feedback about the current state of Alexa. It is a work in progress, but you can see two incarnations of the idea in the videos below.

A Raspberry Pi provides the horsepower and the display. A Python program connects to the Alexa Voice Service (AVS) to understand what to do. AVS provides several interfaces for building voice-enabled applications:

  • Speech Recognition/Synthesis – Understand and generate speech.
  • Alerts – Deal with events such as timers or a user utterance.
  • AudioPlayer – Manages audio playback.
  • PlaybackController – Manages playback queue.
  • Speaker – Controls volume control.
  • System – Provides client information to AVS.

We’ve seen AVS used to create an Echo clone (in a retro case, though). We also recently looked at the Google speech API on the Raspberry Pi.

Continue reading “A DIY, Visual Alexa”

Amazon Dash Reboots Your Pi

We all know feature creep can be a problem in almost any project. A simple idea can often become unusable if a project’s scope isn’t clearly defined in the beginning. However, the opposite problem sometimes presents itself: forgetting to include a key feature. [Zach] had this problem when he built a Raspberry Pi magic mirror and forgot to build a physical reset/shutoff switch. Luckily he had a spare Amazon Dash button and re-purposed it for use with his Pi.

The Raspberry Pi doesn’t include its own on/off switch. Without installing one yourself, the only way to turn off the device (without access to the terminal) is to unplug it, which can easily corrupt data on the SD card. Since [Zach]’s mirror was already complete, he didn’t want to take the entire thing apart just to install a button. There’s already a whole host of applications for the Dash button, so with a little Node.js work on the Raspberry Pi he was able to configure a remote-reset button for his mirror.

This is a similar problem for most Raspberry Pi owners, so if you want to follow [Zach]’s work he has done a great job detailing his process on his project site. If you’re looking for other uses for these convenient network-enabled buttons, he also links to a Github site with lots of other projects. This pizza button is probably our favorite, though.

Amazon Offers $2.5M To Make Alexa Your Friend

Amazon has unveiled the Alexa Prize, a $2.5 Million purse for the first team to turn Alexa, the voice service that powers the Amazon Echo, into a ‘socialbot’ capable of, “conversing coherently and engagingly with humans on popular topics for 20 minutes”.

The Alexa Prize is only open to teams from colleges or universities, with the winning team taking home $500,000 USD, with $1M awarded to the team’s college or university in the form of a research grant. Of course, the Alexa Prize grants Amazon a perpetual, irrevocable, worldwide, royalty-free license to make use of the winning socialbot.

It may be argued the Alexa Prize is a competition to have a chat bot pass a Turning Test. This is a false equivalency; the Turing Test, as originally formulated, requires a human evaluator to judge between two conversation partners, one of which is a human, one of which is a computer. Additionally, the method of communication is text-only, whereas the Alexa Prize will make use of Alexa’s Text to Speech functionality. The Alexa Prize is not a Turing Test, but only because of semantics. If you generalize the phrase, ‘Turing Test’ to mean a test of natural language conversation, the Alexa Prize is a Turing Test.

This is not the first prize offered for a computer program that is able to communicate with a human in real time using natural language. Since 1990, the Loebner Prize, cosponsored by AI god Marvin Minsky, has offered a cash prize of $100,000 (and a gold medal) to the first computer that is indistinguishable from a human in conversation. Since 1991, yearly prizes have been awarded to the computer that is most like a human as part of the competition.

For any team attempting the enormous task of developing a theory of mind and consciousness, here are a few tips: don’t use Twitter as a dataset. Microsoft tried that, and their chatbot predictably turned racist. A better idea would be to copy Hackaday and our article-generating algorithm. Just use Markov chains and raspberry pi your way to arduino this drone.