Alarm Notifies the Office When the Coffee is Ready

[Stian] thought it would be nice if his coworkers could be electronically notified when the latest batch of coffee is ready. He ended up building an inexpensive coffee alarm system to do exactly that. When the coffee is done, the brewer can press a giant button to notify the rest of the office that it’s time for a cuppa joe.

[Stian’s] first project requirement was to activate the system using a big physical button. He chose a button from Sparkfun, although he ended up modifying it to better suit his needs. The original button came with a single LED built-in. This wasn’t enough for [Stian], so he added two more LEDs. All three LEDs are driven by a ULN2003A NPN transistor array. Now he can flash them in sequence to make a simple animation.

This momentary push button supplies power to a ESP8266 microcontroller using a soft latch power switch. When the momentary switch is pressed, it supplies power to the latch. The latch then powers up the main circuit and continues supplying power even when the push button is released. The reason for this power trickery is to conserve power from the 18650 li-on battery.

The core functionality of the alarm uses a combination of physical hardware and two cloud-based services. The ESP8266 was chosen because it includes a built-in WiFi chip and it only costs five dollars. The microcontroller is configured to connect to the WiFi network with the push of a button. The device also monitors the giant alarm button.

When the button is pressed, it sends an HTTP request to a custom clojure app running on a cloud service called Heroku. The clojure app then stores brewing information in a database and sends a notification to the Slack cloud service. Slack is a sort of project management app that allows multiple users to work on projects and communicate easier over the internet. [Stian] has tapped into it in order to send the actual text notification to his coworkers to let them know that the coffee is ready. Be sure to watch the demo video below. Continue reading “Alarm Notifies the Office When the Coffee is Ready”

Fooling Google Search Console With Tricky PHP

When [Steve] received a notice from Google that a new owner had been added to his Google Search Console account, he knew something was wrong. He hadn’t added anyone to his account. At first he thought it might be a clever phishing tactic. Maybe the email was trying to get him to click a malicious link. Upon further investigation, he discovered that it was legitimate. Some strange email address had been added to his account. How did this happen?

When you want to add a website to Google’s services, they require that you prove that you own the actual website as a security precaution. One method to provide proof is by uploading or creating an HTML file to your website with some specific text inside. In this case, the file needed to be called “google1a74e5bf969ded17.html” and it needed to contain the string “google-site-verification: googlea174e5bf969ded17.html”.

[Steve] logged into his web server and looked in the website directory but he couldn’t find the verification file. Out of curiosity, he tried visiting the web page anyways and was surprised to find that it worked. After some experimentation, [Steve] learned that if he tried to load any web page that looked like “googleNNNNNNN.html”, he would be presented with the corresponding verification code of “google-site-verification: googleNNNNNNNN.html”. Something was automatically generating these pages.

After further investigation, [Steve] found that some malicious PHP code had been added to his website’s index.php page. Unfortunately the code was obfuscated, so he couldn’t determine exactly what was happening. After removing the new code from the index.php file, [Steve] was able to remove the hacker’s email address from [Steve’s] Google account.

This is a very interesting hack, because not only did it allow this one hacker to add himself to [Steve’s] Google account, but it would also have allowed anyone else to do the same thing. This is because each new hacker would have been able to fool Google’s servers into thinking that they had uploaded the verification file thanks to the malicious PHP code. It makes us think that perhaps Google’s verification system should use a separate randomized string inside of the verification file. Perhaps one that can’t be guessed or calculated based on known variables such as the file name.

Simple LED Project to Spice Up Your Halloween Party

[Paul’s] project is a great example of how you can take a simple project and turn it into something more interesting. He built himself a jack-o-lantern with an Internet controlled RGB LED embedded inside.

[Paul] first wired up an RGB LED to a Raspberry Pi. He was sure to wire up each color using a 100ohm resistor to prevent the LED from burning out. The web interface was written in Python. The interface is pretty simple. It consists of three text fields. The user enters a value between 0 and 255 for each of the three LED colors. The program then lights up the LED accordingly.

[Paul] realized he would need a diffuser for the LED in order to really see the blended colors properly. Instead of using a common solution like a ping-pong ball, he opted to get festive and use a plastic jack-o-lantern. [Paul] removed the original incandescent bulb from the lantern and mounted the LED inside instead. The inside of the pumpkin is painted white, so it easily diffuses the light. The result is a jack-o-lantern that glows different colors as defined by his party guests. Be sure to check out the demonstration video below.

Webmote: control anything with web-based remote

control-anything-from-the-web

We’ve seen a lot of projects that let you control all of your devices from a smartphone. But this universal web-based remote control system looks like the most versatile we’ve seen yet. The project is called Webmote as the controls are served up as a web interface so that you’re not limited to say an Android device. The UI can be customized by choosing what buttons you will use and where to place them on the display. You can get a good feel for this by viewing this G+ album. Setup is made a bit easier thanks to an add-on system that has predefined layouts for common things like controlling XBMC.

The hardware seen above is the business end of Webmote. It’s an Arduino with an IR receiver, IR LED, and an XBee module. For your common home entertainment devices you can teach the system your codes using the IR receiver. The IR LED is used to transmit those codes back, and the Xbee gives you the ability to control X10 (home automation) devices. Right now the setup requires the hardware be connected to a server via USB, but it shouldn’t be hard to set up some type of wireless alternative.

Web-enabled Kinect

There are Kinect hacks out there for robot vision, 3D scanners, and even pseudo-LIDAR setups. Until now, one limiting factor to these builds is the requirement for a full-blown computer on the device to deal with the depth maps and do all the necessary processing and computation. This doesn’t seem like much of a problem since [wizgrav] published Intrael, an HTTP interface for the Kinect.

[Eleftherios] caught up to [wizgrav] at his local hackerspace where he did a short tutorial on Intrael. [wizgrav]’s project provides each frame from the Kinect over HTTP wrapped up in JSON arrays. Everything a Kinect outputs aside from sound is now easily available over the Internet.

The project is meant to put computer vision outside the realm of desktops and robotic laptops and into the web. [wizgrav] has a few ideas on what his project can be used for, such as smart security cameras and all kinds of interactive surfaces.

After the break, check out the Intrael primer [wizgrav] demonstrated (it’s Greek to us, but there are subtitles), and a few demos of what Intrael ‘sees.’

Continue reading “Web-enabled Kinect”

Ego Box monitors web hits

[Bogdan’s] latest project is a box that displays web hits for a chosen site. He calls it the Ego Box because depending on how traffic goes it either bloats or crushes your ego. This provides similar functionality as our Troll Sniffing Rat but the biggest difference is that this is a stand-alone Ethernet device. That’s thanks to the ENC28J60 Ethernet controller chip which manages the stack and has been quite popular in DIY electronic projects. In order to monitor your hits [Bogdan] crafted a bit of code to add to the header of your index page. It increments the counter file each time the page is loaded, and the Ego Box simply monitors that file, displaying the traffic on an eight digit 7 segment display.

[via Adafruit]

Abusing HTTP status codes

Concerns over privacy online are an ever growing theme. Every day we see people complaining about the policies of facebook and the like. [Mike Cardwell] points out another method of gleaning a bit of personal data from you that you may not have seen yet. By embedding a hidden image or using some really simple javascript, he can tell if you are currently logged into Gmail, Twitter, Facebook, or Digg. While this could possibly be used for more nefarious things, he points out that you could also use it for customizing your website to better suit the experience of the browser. For example, if the “reader” is already logged into Gmail, you could have any email links automatically open a gmail instance instead of the local mail client.