open source

288 Articles

An Open-Source Ebike Motor Controller

November 8, 2023 by 18 Comments

DIY e-bikes are often easy to spot. If they’re not built out of something insane like an old washing machine motor, the more subtle kits that are generally used still stand out when compared to a non-assisted bike. The motors tend to be hub- or mid-drive systems with visible wires leading to a bulky battery, all of which stand out when you know what to look for. To get a stealthy ebike that looks basically the same as a standard bicycle is only possible with proprietary name-brand solutions that don’t lend themselves to owner repair or modification, but this one has at least been adapted for use with an open source motor controller.

The bike in use here is a model called the Curt from Estonian ebike builder Ampler, which is notable in that it looks indistinguishable from a regular bicycle with the exception of the small 36-volt, 350-watt hub motor somewhat hidden in the rear wheel. [BB8] decided based on no reason in particular to replace the proprietary motor controller with one based on VESC, an open-source electric motor controller for all kinds of motors even beyond ebikes. Installed on a tiny Arduino, it fits inside the bike’s downtube to keep the stealthy look and can get the bike comfortably up to around 35 kph. It’s also been programmed to turn on the bike’s lights if the pedals are spun backwards, and this method is also used to change the pedal assist level, meaning less buttons and other user-interface devices on the handlebars. Continue reading “An Open-Source Ebike Motor Controller”

Most AI Content Is Trash, Just Like Everything Else

November 3, 2023 by 31 Comments

[Max Woolf] has been working in the AI space since 2015, and among other work has created numerous useful open-source tools. He also recently wrote a thoughtful blog post that attempts to put into words his feelings on the state of things in the wake of experiencing a bit of an AI backlash-related burnout. Essentially, people effortlessly creating vast amounts of bad AI content has caused a bigger problem than we may realize.

How so? Well, Sturgeon’s law (summarized as “ninety percent of everything is crud”) applies to AI as much as it does to anything else. Theodore Sturgeon was a science fiction author and critic (and writer of multiple Star Trek episodes) who observed in the 1950s that while Science Fiction — the hot new popular thing at the time — was often derided by critics as being little more than low quality pap, so was everything else. It was true that most Science Fiction was garbage. But most work in other fields was of similarly low quality, and thus Science Fiction was really no different. It’s all trash, except for the parts one likes. Just like anything else.

What makes this observation particularly applicable to the current AI landscape is that, according to [Max], the incredible ease of use makes AI’s “ninety percent crud” very large indeed, and the attached backlash is similarly big. The remaining ten percent of AI that is absolutely fantastic and full of possibilities? It’s practically invisible due to how quickly the industry is moving, the speed with which the big players are vying to control it, and how unfashionable it has become to admit one is using AI tools at all.

[Max] knows the scene better than most. One of his projects is simpleaichat, a tool aimed not just at enabling people to integrate AI into projects easier, but piercing the hype around AI to more easily reveal just how these tools actually work. Sadly, a general AI backlash has made developing these tools feel rather less rewarding than it once did.

This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning

October 6, 2023 by 8 Comments

This week starts out with a nifty vulnerability in the glibc dynamic loader. This is an important step in running a binary executable on Linux, as it pulls the list of required shared libraries, and loads those libraries into memory. Glibc also includes a feature to adjust some runtime settings, via the GLIBC_TUNABLES environment variable. That’s where the vulnerability resides, and researchers from Qualsys obviously had a bit of fun in taking inspiration to pick the vulnerability name, “Looney Tunables”.

The problem is memory handling in the sanitizing parser. This function iterates through the environment variable, looking for strings of tunable1=aa, separated by colons. These strings get copied to the sanitized buffer, but the parsing logic goes awry when handling the malformed tunable1=tunable2=AAA. The first equals sign is taken at face value, copying the rest of the string into the buffer. But then the second equals sign is also processed as another key=value pair, leading to a buffer overflow.

The reason this particular overflow is interesting is that if the binary to be run is a Set-User-ID (SUID) root application, the dynamic loader runs as root, too. If the overflow can achieve code execution, then it’s a straightforward privilege escalation. And since we’re talking about it, you know there’s a way to execute code. It turns out, it’s possible to overwrite the pointer to the library search path, which determines where the dynamic loader will look for libraries. Tell it to look first in an attacker-controlled location, and you can easily load a malicious libc.so for instant code execution.

This vulnerability affects many Linux distros, and there’s already a Proof of Concept (PoC) published. So, it’s time to go check for updates for cve-2023-4911. Continue reading “This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning”

Do Bounties Hurt FOSS?

September 27, 2023 by 17 Comments

As with many things in life, motivation is everything. This also applies to the development of software, which is a field that has become immensely important over the past decades. Within a commercial context, the motivation  to write software is primarily financial, in that a company’s products are developed by individuals who are being financially compensated for their time. This is often different with Free and Open Source Software (FOSS) projects, where the motivation to develop the software is in many cases derived more out of passion and sometimes a wildly successful hobby rather than any financial incentives.

Yet what if financial incentives are added by those who have a vested interest in seeing certain features added or changed in a FOSS project? While with a commercial project it’s clear (or should be) that the paying customers are the ones whose needs are to be met, with a volunteer-based FOSS project the addition of financial incentives make for a much more fuzzy system. This is where FOSS projects like the Zig programming language have put down their foot, calling FOSS bounties ‘damaging’.

Continue reading “Do Bounties Hurt FOSS?”

PyOBD Gets Python3 Upgrades

September 17, 2023 by 19 Comments

One of the best things about open source software is that, instead of being lost to the ravages of time like older proprietary software, anyone can dust off an old open source program and bring it up to the modern era. PyOBD, a python tool for interfacing with the OBD system in modern vehicles, was in just such a state with its latest version still being written in Python 2 which hasn’t had support in over three years. [barracuda-fsh] rewrote the entire program for Python 3 and included a few other upgrades to it as well.

Key feature updates with this version besides being completely rewritten in Python 3 include enhanced support for OBD-II commands as well as automating the detection of the vehicle’s computer capabilities. This makes the program much more plug-and-play than it would have been in the past. PyOBD now also includes the python-OBD library for handling the actual communication with the vehicle, while PyOBD provides the GUI for configuring and visualizing the data given to it from the vehicle. An ELM327 adapter is required.

With options for Mac, Windows, or Linux, most users will be able to make use of this software package provided they have the necessary ELM327 adapter to connect to their vehicle. OBD is a great tool as passenger vehicles become increasingly computer-driven as well, but there are some concerns surrounding privacy and security in some of the latest and proposed versions of the standard.

DIY Pan And Tilt Camera Mount

August 23, 2023 by 2 Comments

Pan and tilt mounts have a number of uses that can increase the functionality of various types of cameras. Security cameras can use them to adjust the field of view remotely, astronomers can use them as telescope mounts to accurately track celestial objects, and of course photographers and videographers can use them to add dynamic elements to shots. But getting the slow, smooth, and reliable movement isn’t as simple as slapping some servos on a tripod. So unless you want to break the bank for a commercial mount, this DIY pan and tilt mount might be the way to go.

The mount is built largely out of 3D printed parts and a few fairly common motors, belts, pulleys, and bearings. The movements are controlled using stepper motors, and there are two additional systems built in so that focus and zoom can be controlled through the system as well. The software controlling it all is open-source and  available on GitHub, and controls the mount remotely through a network connection. It’s also designed to use the readily-available ESP32 chip, making it overall fairly adaptable.

The system doesn’t slouch on features, either. It can move from one point to another with various programmable speeds, has a key sequencer for more complex movements, and can accommodate the needs of stop motion animators as well. It’s an impressive build that should be accessible to plenty of photographers with a 3D printer and the right parts, but photography and astronomy aren’t the only reasons to use a pan and tilt mount. Check out this one that brings some sunlight to a shaded room.

SLR To DSLR Conversion Becomes Full Camera

August 22, 2023 by 8 Comments

At least as far as the inner workings are concerned, there’s not a whole lot of difference between an single-lens reflex (SLR) camera that uses film and a digital SLR (DSLR) camera that uses an electronic sensor except the method for capturing the image. So adding the digital image sensor to a formerly analog camera like this seemed like an interesting project for [Wenting Zhang]. But this camera ballooned a little further than that as he found himself instead building a complete, full-frame digital camera nearly from scratch.

The camera uses a full-frame design and even though the project originally began around the SLR mechanism, in the end [Wenting] decided not to keep this complex system in place. Instead, to keep the design simple and more accessible a mirrorless design is used with an electronic viewfinder system. It’s also passive M lens mount, meaning that plenty of manual lenses will be available for this camera without having to completely re-invent the wheel.

As far as the sensor goes, [Wenting] wanted something relatively user-friendly with datasheets available so he turned to industrial cameras to find something suitable, settling on a Kodak charge-coupled device (CCD) for the sensor paired with an i.MX processor. All of the electronics have publicly-available datasheets which is important for this open-source design. There’s a lot more work that went into this build than just picking parts and 3D printing a case, though, and we’d definitely recommend anyone interested to check out the video below for how this was all done. And, for those who want to go back to the beginnings of this project and take a different path, it’s definitely possible to convert an analog SLR to a digital one.

Continue reading “SLR To DSLR Conversion Becomes Full Camera”