Month: January 2021

Why Blobs Are Important, And Why You Should Care

January 29, 2021 by 53 Comments

We are extraordinarily fortunate to live at a time in which hardware with astounding capabilities can be had for only a few dollars. Systems that would once have taken an expensive pile of chips and discretes along with months of development time to assemble are now integrated onto commodity silicon. Whether it is a Linux-capable system-on-chip or a microcontroller, such peripherals as WiFi, GPUs, Bluetooth, or USB stacks now come as part of the chip, just another software library rather than a ton of extra hardware.

Beware The Blob!

An ESP-01 module
The cheapest of chips still comes with a blob.

If there is a price to be paid for this convenience, it comes in the form of the blob. A piece of pre-compiled binary software that does the hard work of talking to the hardware and which presents a unified API to the software. Whether you’re talking to the ESP32 WiFi through an Arduino library or booting a Raspberry Pi with a Linux distribution, while your code may be available or even maybe open source, the blob it relies upon to work is closed source and proprietary. This presents a challenge not only to Software Libre enthusiasts in search of a truly open source computer, but also to the rest of us because we are left reliant upon the willingness of the hardware manufacturer to update and patch their blobs.

An open-source advocate would say that the solution is easy, the manufacturers should simply make their blobs open-source. And it’s true, were all blobs open-source then the Software Libre crowd would be happy and their open-source nature would ease the generation of those updates and patches. So why don’t manufacturers release their blobs as open-source? In some cases that may well be due to a closed-source mindset of never releasing anything to the world to protect company intellectual property, but to leave it at that is not a full answer. To fully understand why that is the case it’s worth looking at how our multifunctional chips are made.

Continue reading “Why Blobs Are Important, And Why You Should Care”

Hackaday Podcast 103: Antennas For Everyone, A Clock Made Of Chains, Magic Eye Tubes, And A Little Google Bashing

January 29, 2021 by 2 Comments

Hackaday editors Mike Szczys and  Elliot Williams discuss the greatest hacks of the week that was. Antennas aren’t rocket science, so this week we really enjoyed a video that demystifies antenna designs and a project that tunes up the antennas on cheap wireless modules in the simplest of ways. Google’s in the news this week with the end to project Loon, and a dust-up with the volunteer package maintainers who have spent years making sure Chromium browser is in the Linux repos. Elliot is gaga for magic eye tubes and crazy musical instruments, while Mike is over the moon for a chain-based clock display. We close up the episode talking about the Concorde, and the math behind cable mechanisms.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~65 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 103: Antennas For Everyone, A Clock Made Of Chains, Magic Eye Tubes, And A Little Google Bashing”

The Last Few Analogue TV Stations In North America

January 29, 2021 by 40 Comments

Analogue TV is something that most of us consider to have been consigned to the history books about a decade ago depending on where in the world we are, as stations made the transition to much more power and frequency efficient digital multiplexes. However some of them still cling on for North American viewers, and [Antenna Man] took a trip to Upstate New York in search of some of them before their final switch-off date later this year.

What he reveals can be seen in the video below the break, an odd world of a few relatively low-power analogue TV stations still serving tiny audiences, as well as stations that only exist because their sound carrier can be picked up at the bottom of the FM dial. These stations transmit patterns or static photographs, with their income derived from the sound channel’s position as an FM radio station. While his journey is an entertaining glimpse into snowy-picture nostalgia it does also touch on some other aspects of the aftermath of analogue TV boradcasting. The so-called “FrankenFM” stations sound much quieter, we’re guessing because of the lower sound carrier deviation of the CCIR System M TV spec compared to regular FM radio. And we’re told that there are more stations remaining in Canada, so get out there if you still want to see an analogue picture before they’re gone forever. Where this is being written the switch to DVB was completed in 2013, and it’s still a source of regret that we didn’t stay up to see the final closedown.

Does your country still have an analogue TV service? Tell us in the comments.

Continue reading “The Last Few Analogue TV Stations In North America”

This Week In Security: Sudo, Database Breaches, And Ransomware

January 29, 2021 by 27 Comments
We couldn't resist, OK?
Obligatory XKCD

Sudo is super important Linux utility, as well as the source of endless jokes. What’s not a joke is CVE-2021-3156, a serious vulnerability around incorrect handling of escape characters. This bug was discovered by researchers at Qualys, and has been in the sudo codebase since 2011. If you haven’t updated your Linux machine in a couple days, you may very well be running the vulnerable sudo binary still. There’s a simple one-liner to test for the vulnerability:

sudoedit -s '\' `perl -e 'print "A" x 65536'`

In response to this command, my machine throws this error, meaning it’s vulnerable:

malloc(): corrupted top size
Aborted (core dumped)

To understand the problem with sudo, we have to understand escape characters. It really boils down to spaces in file and folder names, and how to deal with them. You want to name your folder “My Stuff”? That’s fine, but how do you interact with that directory name on the command line, when spaces are the default delimiter between arguments? One option is to wrap it in quotation marks, but that gets old in a hurry. The Unix solution is to use the backslash character as an escape character. Hence you can refer to your fancy folder as My\ Stuff. The shell sees the escape character, and knows to interpret the space as part of the folder name, rather than an argument separator. Escape characters are a common vulnerability location, as there are plenty of edge cases. Continue reading “This Week In Security: Sudo, Database Breaches, And Ransomware”

Fire In The Palm Of Your Hand

January 29, 2021 by 15 Comments

For as long as super-heroes have existed, they have inspired hacker projects. For [Everett Bradford], emulating the character Pyro from X-Men has been an on and off project for the last decade. His latest version, Pyro System V4, integrates quite a bit of control electronics to give the rather convincing effect of mind-controlled fire in the palm of his hand. (Video, embedded below.)

The system is a motor-actuated slider strapped to [Everett]’s forearm, which pushes a pivoting end-effector with an integrated butane burner into the palm of his hand. The slider runs on 4 mm linear bearings actuated by a small geared DC motor using cables. The end effector is spring-loaded to push it into the palm and integrates a high voltage ignition arc generator circuit, nozzle, and capacitive activation button.

The butane gas canister and the valve was cannibalized from a small blow torch lighter, and the valve is actuated by another geared DC motor. The valve actuator, slide actuator, and end-effector hinge all integrate position feedback via hall effect sensors and magnets. The sensor in the hinge allows the slide to actively correct for the angle of the user’s wrist, keeping the end effector in the middle of the palm.

The control circuit is split into two parts. One PIC16 microcontroller runs all the motion control and position sensing, while a PIC18 connected to a small touch screen handles user interface, control parameters, and ignition. The touch screen proved especially useful for control parameters during development without needing to connect to a laptop.

Some of [Everett]’s previous version had a much more impressive (and dangerous) flame but was also very bulky. We think this latest version strikes a pretty good balance regarding compactness and achieving convincing illusion.

[Colin Furze] is another name commonly associated with fire-breathing contraptions, but they have a proven history of landing him in hospital.

Continue reading “Fire In The Palm Of Your Hand”

A Look At The Interesting RP2040 Peripheral, Those PIOs

January 29, 2021 by 41 Comments

The Raspberry Pi Pico is the latest product in the Raspberry Pi range, and it marks a departure from their previous small Linux-capable boards. The little microcontroller board will surely do well in the Pi Foundation’s core markets, but its RP2040 chip must have something special as a commercial component to avoid being simply another take on an ARM microcontroller that happens to be a bit more expensive and from an unproven manufacturer in the world of chips. Perhaps that special something comes in its on-board Programable IO perhipherals, or PIOs. [CNX Software] have taken an in-depth look at them, which makes for interesting reading.

Continue reading “A Look At The Interesting RP2040 Peripheral, Those PIOs”

This Negative Reinforcement Keyboard May Shock You

January 28, 2021 by 23 Comments

We wouldn’t be where we are today without Mrs. Coldiron’s middle school typing class. Even though she may have wanted to, she never did use negative reinforcement to improve our typing speed or technique. We unruly teenagers might have learned to type a lot faster if those IBM Selectrics had been wired up for discipline like [3DPrintedLife]’s terrifying, tingle-inducing typist trainer keyboard (YouTube, embedded below).

This keyboard uses capsense modules and a neural network to detect whether the user is touch-typing or just hunting and pecking. If you’re doing it wrong, you’ll get a shock from the guts of a prank shock pen every time you peck the T or Y keys. Oh, and just for fun, there’s a 20 V LED bar across the top that is supposed to deter you from looking down at your hands with randomized and blindingly bright strobing light.

Twenty-four of the keys are connected in groups of three by finger usage — for example Q, A, and Z are wired to the same capsense module. These are all wired up to a Raspberry Pi Zero along with the light bar. [3DPrintedLife] was getting a lot of cross-talk between capsense modules, so they solved the problem in software by training a TensorFlow model with a ton of both proper and improper typing data.

We love the little meter on the touchscreen that shows at a glance how you’re doing in the touch typing department. As the meter inches leftward, you know you’re in for a shock. [3DPrintedLife] even built in some games that use pain to promote faster and more accurate typing. Check out the build video after the break, but don’t say we didn’t warn you about the strobing lights.

The secret to the shock pen is a tiny flyback transformer like the kind used in CRT televisions. Find a full-sized flyback transformer and you can build yourself a handheld high-voltage power supply.

Continue reading “This Negative Reinforcement Keyboard May Shock You”