[Jordan] has been playing around with WS2812b RGB LED strips with TI’s Tiva and Stellaris Launchpads. He’s been using the SPI lines to drive data to the LED strip, but this method means the processor is spending a lot of time grabbing data from a memory location and shuffling it out the SPI output register. It’s a great opportunity to learn about the μDMA available on these chips, and to write a library that uses DMA to control larger numbers of LEDs than a SPI peripheral could handle with a naive bit of code.
DMA is a powerful tool – instead of wasting processor cycles on moving bits back and forth between memory and a peripheral, the DMA controller does the same thing all by its lonesome, freeing up the CPU to do real work. TI’s Tiva C series and Stellaris LaunchPads have a μDMA controller with 32 channels, each of which has four unique hardware peripherals it can interact with or used for DMA transfer.
[Jordan] wrote a simple library that can be used to control a chain of WS2812b LEDs using the SPI peripheral. It’s much faster than transferring bits to the SPI peripheral with the CPU, and updating the frames for the LED strip are easier; new frames of a LED animation can be called from the main loop, or the DMA can just start again, without wasting precious CPU cycles updating some LEDs.
Photographer [Stephen Orlando] has an awesome body of work that focuses on human motion. The images he captures with colored light and a camera set up in a setting of choice tell a story of time in a way that’s visually stunning.
[Stephen] has experimented with various types of action. He’s attached LED strips onto props like oars in order to capture the rhythmic movements of rowing, or directly onto parts of the body to visualize more chaotic gestures, like the forms of a martial artist. His camera is set up to take long exposures, soaking in the light as it plots itself through space over time.
Though this isn’t a hack directly in itself, [Stephen’s] experimentation with time and light is a great case of technology being added to the arsenal of traditional mediums we’re accustomed to seeing in the production of artistic work. The clean execution of his idea to tell a story about what we don’t typically get to see by use of light should inspire all of us who love to play around with LEDs in our projects. Sometimes the more interesting aspects of our work are created in the negative space we forget to consider.
The next time you find yourself working on a hack, look at what you’re creating from a perspective beyond its original context. For example, 3D printing with a delta robot is a bit of a departure from it’s original purpose as a pick and place machine. Even further yet is the concept of using one to draw images in space with light. Often the process of somethings creation, as well as the byproduct of what it took to make it, is just as worthy of investigation. Don’t forget to search between the lines… that’s where the magic is.
[Mike] is a laser cutting newbie and has never had the opportunity to create a file and send it off to a laser for cutting. He knew he didn’t want to squint at a CAD package, nudging lines by tenths of a millimeter, only to screw something up and have to do it all over again. His solution, like so many other automation tasks, was to create a program that would generate a box of any size in .SVG format.
[Mike]’s program runs in C, and only requires a few variables set in the program to create a box of any size. There’s no argc or argv for the program – the one thing that would turn this into a command line utility that simply creates SVG boxes. Perhaps another time.
The rest of [Mike]’s hackerspace, Fab Lab xChc, was impressed the program worked the first time. With this small bit of C code, [Mike] has an easy, simple tool to generate laser cut boxes. The only remotely complicated bit of C this program uses is printf(), so even an Arduino can spit out the SVG for a laser cut box.
The computer security industry has made many positive changes since the early days of computing. One thing that seems to be catching on with bigger tech companies is bug bounty programs. PayPal offers such a program and [Yasser] decided to throw his hat in the ring and see if he could find any juicy vulnerabilities. His curiosity paid off big time.
Paypal is a huge player in the payment processing world, but that doesn’t mean they aren’t without their flaws. Sometimes the bigger the target, the more difficult it is to find problems. [Yasser] wanted to experiment with a cross-site request forgery attack. This type of attack typically requires the attacker to trick the victim into clicking a malicious link. The link would then impersonate the victim and make requests on the victim’s behalf. This is only made possible if the victim is logged into the target website.
PayPal has protection mechanisms in place to prevent this kind of thing, but [Yasser] found a loophole. When a user logs in to make a request, PayPal gives them an authentication token. This token is supposed to be valid for one user and one request only. Through experimentation, [Yasser] discovered a way to obtain a sort of “skeleton key” auth token. The attacker can attempt to initiate a payment transfer without first logging in to any PayPal account. Once the transfer is attempted, PayPal will request the user to authenticate. This process produces an auth token that apparently works for multiple requests from any user. It renders the authentication token almost entirely ineffective.
Once the attacker has a “universal auth token”, he can trick the victim into visiting a malicious web page. If the user is logged into their PayPal account at the time, the attacker’s webpage can use the universal auth token to trick the victim’s computer into making many different PayPal requests. Examples include adding email addresses to the account, changing the answers to security questions, and more. All of this can be done simply by tricking the user into clicking on a single link. Pretty scary.
[Yasser] was responsible with his disclosure, of course. He reported the bug to PayPal and reports that it was fixed promptly. It’s always great to see big companies like PayPal promoting responsible disclosure and rewarding it rather than calling the lawyers. Be sure to catch a video demonstration of the hack below. Continue reading “Hacking PayPal Accounts With CSRF”
Making an electromagnet is as simple as wrapping some wire around a nail and taping the wire to both ends of a battery. When you’re done, you can pick up some paper clips – it demonstrates the concept well, but it could use some more oomph. [Amazing Science] has done just that, making an “electric train” (YouTube link). All that’s needed is some coiled copper wire, a battery and magnets thin enough to fit through the coils. The magnets snap onto both ends of the battery. Put the battery inside the coil and watch the fun! The electromagnetic force generated by the current moving through the coil pushes against the magnets attached to the battery, pushing the battery along the way.
[Amazing Science] plays with the setup a bit. Connect both ends of the coil together and the battery will travel in a loop until it’s drained. Add a small hill, or even another battery/magnet set to the mix, and watch them go! We may even make a version of this ourselves to take with us to family gatherings this holiday season – it’s simple, fun, and can teach the young ‘uns about science while we swig some egg nog.
Continue reading “[Amazing Science’s] Simple Electric Train”
[Gene] has a project that writes a lot of settings to a PIC microcontroller’s Flash memory. Flash has limited read/erase cycles, and although the obvious problem can be mitigated with error correction codes, it’s a good idea to figure out how Flash fails before picking a certain ECC. This now became a problem of banging on PICs until they puked, and mapping out the failure pattern of the Flash memory in these chips.
The chip on the chopping block for this experiment was a PIC32MX150, with 128K of NOR Flash and 3K of extra Flash for a bootloader. There’s hardware support for erasing all the Flash, erasing one page, programming one row, and programming one word. Because [Gene] expected one bit to work after it had failed and vice versa, the testing protocol used RAM buffers to compare the last state and new state for each bit tested in the Flash. 2K of RAM was tested at a time, with a total of 16K of Flash testable. The code basically cycles through a loop that erases all the pages (should set all bits to ‘1’), read the pages to check if all bits were ‘1’, writes ‘0’ to all pages, and reads pages to check if all bits were ‘0’. The output of the test was a 4.6 GB text file that looked something like this:
Continue reading “Flash Memory Endurance Testing”
Breaking a pane of glass in half is easy – just score it, break it, and after practicing a few times, you’ll eventually get it right. What about cuts that are impossible with a normal glass cutter, like radiused corners and holes? For that, you’ll need CNC. Yes, you can cut glass on a CNC machine. All you need is a diamond burr or glass drilling bit, high speeds, low feeds, and lots and lots of coolant.
Cutting glass on a CNC machine doesn’t require any spectacularly specialist equipment. [Peter] is using an $800 Chinese mini CNC engraver for this project, but that’s not the only tool that was required. A fixture for holding a glass plate was also needed, but [Peter] quickly fabricated one out of acrylic.
Cutting glass with a CNC is something we’ve seen before. [Ben Krasnow] has been using diamond burrs, high speeds, low feeds, and lots of coolant to cut mirrors so expensive you don’t even want to guess.
While [Peter] isn’t getting the perfect finish [Ben] got a few years ago, he’s still milling holes and slots in glass. He’s wondering if it could be possible to mill an aspheric lens using this technique and a special spherical burr, something that would be very interesting to see, and could be a pretty good way to rough out telescope blanks.