Month: November 2019

Making A Robotic Dog Better By Adding Springiness Without Springs

November 8, 2019 by 5 Comments

Getting a legged robot to stay upright, especially a quadruped or biped, can be a challenging undertaking. To experiment with different approaches, [James Bruton] built robot dog test platform and is playing with “dynamic compliant simulated springs“, or in other words, using the motors to act as though they were springs and dampers..

When robotic legs are kept stiff, they tend to reduce the stability of the platform due to the sudden erratic movements of the robot, especially on uneven surfaces. With a back drivable joint arrangement, [James] is using limited holding current on the motor, and the position of the motor shaft is monitored using an encoder. When a leg experiences a resisting force, with will have some “give” and then the motor will return it to it’s intended position more slowly. Using a IMU on top of the robot, it can detect when it start leaning to a side, and then temporarily soften the other side to balance the robot.

This is quite a common technique in legged robots, but [James] does an excellent job of explaining just how it works. He hopes to use the lessons learned from the test platform to improve or redesign his already impressive OpenDog.

We’ve seen a number of quadruped robots on Hackaday recently. Including Boston Dynamics’ very expensive Spot as well as a low cost robot dog that giving its big brothers a run for their money, and doing some back flips in the process. Check out James’ video after the break. Continue reading “Making A Robotic Dog Better By Adding Springiness Without Springs”

Why Buy Toys When You Can Build Them Instead?

November 8, 2019 by 10 Comments

Like many creative individuals who suddenly find themselves parents, [Marta] wanted to make something special for his children to play with. Anybody can just purchase an off-the-shelf electronic toy, but if you’ve got the ability to design one on your own terms, why not do it? But even compared to the fairly high standards set by hacker parents, we have to admit that the amount of time, thought, and effort that was put into the “Marta Musik Maschine” is absolutely phenomenal.

[Marta] was inspired by the various commercial offerings which use RFID and other technologies to identify which characters the child is playing with and respond accordingly. But since he didn’t want to get locked into one particular company’s ecosystem and tinkering with the toys seemed frowned upon by their creators, he decided to just come up with his own version.

Over the course of many posts on the Musik Maschine’s dedicated website, [Marta] explains his thought process for every design consideration of the toy in absolutely exquisite detail. Each of the writeups, which have helpfully been broken down for each sub-system of the final toy, are arguably detailed and complete enough to stand as their own individual projects. Even if you’re not looking to get into the world of DIY electronic toys, there’s almost certainly an individual post here which you’ll find fascinating. From the finer points of interfacing your Python code with arcade buttons to tips for designing 3D printed enclosures, there’s really something for everyone here.

The children of hackers are often the envy of the neighborhood thanks to the one-of-a-kind playthings provided by their parents, and considering the level of commitment [Marta] has put into a toddler toy, we can’t wait to see what he comes up with next.

Continue reading “Why Buy Toys When You Can Build Them Instead?”

UECG – A Very Small Wearable ECG

November 8, 2019 by 16 Comments

[Ultimate Robotics] has been working on designing and producing an extremely small ECG that can stream data real time.

Typical electrocardiogram equipment is bulky: miniaturization doesn’t do much for a hospital where optimizations tend to lean towards, durability, longevity, and ease of use. Usually a bunch of leads are strung between a conductive pad and an analog front end and display which interprets the data; very clearly identifying the patient as a subject for measurement.

uECG puts all this in a finger sized package. It’s no surprise that this got our attention at Maker Faire Rome and that they’re one of the Hackaday Prize Finalists. The battery, micro controller, and sampling circuitry are all nearly packed onto the board. The user has the option of streaming through BLE at 125 Hz or using a radio transceiver for 1 kHz of data. Even transmitting at these sample rates and filtering the signal of unwanted noise the device draws less than 10 mA.

The files to make the device are all on their page. Though they are planning to produce the boards in a small run which should be the best way to acquire one and start experimenting with this interesting data.

The HackadayPrize2019 is Sponsored by:

The Dyson Awards Definitely Do Not Suck

November 8, 2019 by 32 Comments

Named after British inventor James Dyson of cyclonic vacuum cleaner fame, the Dyson Awards are presented annually to current and recent students of engineering, industrial design, and product design, regardless of age. Students from 27 countries work alone or in groups to describe their inventions, which are then judged for their inventiveness, the production feasibility of their design, and the overall strength of the entry itself.

Much like our own Hackaday Prize, the Dyson Awards encourage and highlight innovation in all areas of science and technology. Some ideas help the suffering individual, and others seek to cure the big problems that affect everyone, like the microplastics choking the oceans. The Hackaday spirit is alive and well in these entries and we spotted at least one Hackaday prize alum — [Amitabh]’s Programmable Air. I had fun browsing through everything on offer, and you will too. This is a pretty good source of design inspiration.

Continue reading “The Dyson Awards Definitely Do Not Suck”

Hackaday Podcast 043: Ploopy, Castlevania Cube-Scroller, Projection Map Your Face, And Smoosh Those 3D Prints

November 8, 2019 by No comments

Before you even ask, it’s an open source trackball and you’re gonna like it. Hackaday Editors Mike Szczys and Elliot Williams get down to brass tacks on this week’s hacks. From laying down fatter 3D printer extrusion and tricking your stick welder, to recursive Nintendos and cubic Castlevania, this week’s episode is packed with hacks you ought not miss.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 043: Ploopy, Castlevania Cube-Scroller, Projection Map Your Face, And Smoosh Those 3D Prints”

Steampunk Water Thief Clock Steals Attention, Too

November 8, 2019 by 7 Comments

The funny thing about clocks is that the more intriguing they are to look at, the more precious time is wasted. This steampunk clepsydra is no exception. A clepsydra, or water thief clock is an ancient design that takes many forms. Any clock that uses the inflow or outflow of water to measure time could be considered a clepsydra, even if it uses electronics like this steampunk version.

[DickB1]’s sticky-fingered timepiece works by siphoning water from the lower chamber into the upper chamber on a one-minute cycle. An MSP430 and a MOSFET control the 12 V diaphragm pump. As the water level rises in the upper chamber, a float in the siphon pushes a lever that moves a ratchet and pawl that’s connected to the minute hand. The hour hand is driven by gears. A hidden magnet and Hall effect sensor help keep the clock clicking at one-minute intervals.

Although [DickB1] doesn’t tell you exactly how to replicate this clock, he offers enough information to get started in designing your own. Take a second to check it out after the break.

Most of the thieving around here is done for the joules, so here’s a joule thief running a clock.

Continue reading “Steampunk Water Thief Clock Steals Attention, Too”

This Week In Security: BGP Bogons, Chrome Zero Day, And Save Game Attacks

November 8, 2019 by 24 Comments

Our own [Pat Whetman] wrote about a clever technique published by the University of Michigan, where lasers can be used to trigger a home assistant device. It’s an interesting hack, and you should go read it.

Borrowing IP Addresses

We’ve lived through several IPv4 exhaustion milestones, and the lack of available addresses is really beginning to show, even for trolls and scammers. A new approach takes advantage of the weak security of the Border Gateway Protocol, and allows bad actors to temporarily take over reserved address blocks. These particular providers operate out of Russia, operating network services they advertise as “bulletproof”, or immune to takedown requests. What better way to sidestep takedowns than to use IP addresses that aren’t really yours to begin with?

BGP spoofing has been at the center of other types of attacks and incidents, like in 2018 when a misconfiguration in a Nigerian ISP’s BGP tables routed traffic intended for Google’s servers through Chinese and Russian infrastructure. In that case it appeared to be a genuine mistake, but little prevents malicious BGP table poisoning.

Chrome Zero-day

Google released an update to Chrome on the 31st that addresses two CVEs, one of which is being actively exploited. That vulnerability, CVE-2019-13720, is a race condition resulting in a potential use-after-free. Kaspersky Labs found this one being actively used on a Korean news site. The attack runs entirely from Javascript, and simply visiting a malicious site is enough for compromise, so update Chrome if it’s installed.

Anti-anti-doping

What do you do when you feel you’ve been unfairly targeted by an anti-doping investigation? Apparently hacking the investigating agency and releasing stolen information is an option. It seems like this approach is more effective when there are shenanigans revealed in the data dump. In this case, the data being released seems rather mundane.

Firefox Blocking Sideload Extensions

Mozilla made a controversial announcement on the 31st. They intend to block “sideload” browser extensions. Until this change, it was possible to install browser extensions by copying them to a particular folder on the computer. Some legitimate extensions used this installation method, but so did malware, adware, and other unwanted software. While this change will block some malicious add-ons, it does present a bit of a challenge to a user installing an extension that isn’t on the official Mozilla store or signed by Mozilla.

As you might imagine, the response has been… less than positive. While making malware harder to install is certainly welcome, this makes some use cases very difficult. An example that comes to mind is a Linux package that includes a browser extension. It remains to be seen exactly how this change will shake out.

Save Games as Attack Vector

An oddball vulnerability caught my eye, published by [Denis Andzakovic] over at Pulse Security. He discovered that a recent indy game, Untitled Goose Game, can be manipulated into running arbitrary code as a result of loading a maliciously modified save file. The vulnerability is rooted in a naive deserialization routine.

If you’re interested in a deeper dive into .net deserialization bugs, a great paper was submitted to Blackhat 2012 discussing the topic. The short version is that if a programmer isn’t careful, the deserialization routine can overwrite variables in unexpected ways, potentially leading to code execution.

At first glance, a vulnerability triggered by a malicious save file seems relatively harmless. The level of access needed to modify a save file on a hard drive is enough to compromise that computer in a multitude of better ways. Enter cloud save synchronization. Steam, for instance, will automatically sync save games across a user’s install locations. This is a very useful feature for those of us that might play the same game on a laptop and a desktop. Having the save game automatically synced to all your devices is quite useful, but if an attacker compromised your Steam account, your save games could be manipulated. This leads to the very real possibility that an attacker could use a save game vulnerability to turn a Steam account compromise into an attack on all your machines with Steam installs.