[Geohot]’s Self-Driving Car Cancelled

October 29, 2016 by Elliot Williams 146 Comments

George [Geohot] Hotz has thrown in the towel on his “comma one” self-driving car project. According to [Geohot]’s Twitter stream, the reason is a letter from the US National Highway Traffic Safety Administration (NHTSA), which sent him what basically amounts to a warning to not release self-driving software that might endanger people’s lives.

This comes a week after a post on comma.ai’s blog changed focus from a “self-driving car” to an “advanced driver assistance system”, presumably to get around legal requirements. Apparently, that wasn’t good enough for the NHTSA.

When Robot Cars Kill, Who Gets Sued?

On one hand, we’re sorry to see the system go out like that. The idea of a quick-and-dirty, affordable, crowdsourced driving aid speaks to our hacker heart. But on the other, especially in light of the recent Tesla crash, we’re probably a little bit glad to not have these things on the road. They were not (yet) rigorously tested, and were originally oversold in their capabilities, as last week’s change of focus demonstrated.

Comma.ai’s downgrade to driver-assistance system really begs the Tesla question. Their autopilot is also just an “assistance” system, and the driver is supposed to retain full control of the car at all times. But we all know that it’s good enough that people, famously, let the car take over. And in one case, this has led to death.

Right now, Tesla is hiding behind the same fiction that the NHTSA didn’t buy with comma.ai: that an autopilot add-on won’t lull the driver into overconfidence. The deadly Tesla accident proved how that flimsy that fiction is. And so far, there’s only been one person injured by Tesla’s tech, and his family hasn’t sued. But we wouldn’t be willing to place bets against a jury concluding that Tesla’s marketing of the “autopilot” didn’t contribute to the accident. (We’re hackers, not lawyers.)

Should We Take a Step Back? Or a Leap Forward?

Stepping away from the law, is making people inattentive at the wheel, with a legal wink-and-a-nod that you’re not doing so, morally acceptable? When many states and countries will ban talking on a cell phone in the car, how is it legal to market a device that facilitates taking your hands off the steering wheel entirely? Or is this not all that much different from cruise control?

What Tesla is doing, and [Geohot] was proposing, puts a beta version of a driverless car on the road. On one hand, that’s absolutely what’s needed to push the technology forward. If you’re trying to train a neural network to drive, more data, under all sorts of conditions, is exactly what you need. Tesla uses this data to assess and improve its system all the time. Shutting them down would certainly set back the progress toward actually driverless cars. But is it fair to use the general public as opt-in Guinea pigs for their testing? And how fair is it for the NHTSA to discourage other companies from entering the field?

We’re at a very awkward adolescence of driverless car technology. And like our own adolescence, when we’re through it, it’s going to appear a miracle that we survived some of the stunts we pulled. But the metaphor breaks down with driverless cars — we can also simply wait until the systems are proven safe enough to take full control before we allow them on the streets. The current halfway state, where an autopilot system may lull the driver into a false sense of security, strikes me as particularly dangerous.

So how do we go forward? Do we let every small startup that wants to build a driverless car participate, in the hope that it gets us through the adolescent phase faster? Or do we clamp down on innovation, only letting the technology on the road once it’s proven to be safe? We’d love to hear your arguments in the comment section.

Protecting Your Home Against Potato Invaders

October 29, 2016 by Elliot Williams 7 Comments

Not sure where the potatoes were sneaking in, [24Gospel] did what any decent hacker would do: strapped a camera to a Raspberry Pi, hacked a bit on OpenCV, and built himself a potato detection system. Now those pesky Russets can’t get into the house without tripping the tuber alarm.

OK, seriously. [24Gospel] works for a potato farm as a systems/software developer. (How big does a potato farm have to be to require a dedicated software guy?) His system is still a first step, but the goal is to grade the potatoes, record data about size and defects, and even tell different potato types apart. And he’s found decent success so far, especially for the money. We don’t often build projects that need to operate in hostile environments, but we appreciate the nice plastic case and rugged adjustable steel frame that supports the Pi and camera over the sorting bed.

Even more, we applaud the hacker spirit here. [24Gospel] is obviously working in a serious production environment, but still he’s trying out new things in an attempt to make it work better. While it would be impossible to quantify the impact of this kind of on-the-job ingenuity, we bet it’s not insignificant. Why don’t we see more documented workplace hacks around here? Would the unsung heroes please stand up?

[via /r/raspberry_pi]

Don’t Make Your Battlebot Out Of A Pumpkin

October 28, 2016 by Elliot Williams 8 Comments

It’s that time of year again. The nights are getting longer and the leaves are turning. The crisp fall air makes one’s thoughts turn to BattleBots: pumpkin-skinned BattleBots.

pumpkin-combat-robot-1azglafagdsmkv-shot0005 — Kids these days can’t even draw without a computer

If you’re asking yourself, “could a laser-cut plywood bot, sheathed in a pumpkin, stand up against an all-metal monster”, you haven’t seen BattleBots before. Besides the hilarious footage (see video embedded below), a lot of the build is documented, from making a CAD model of a pumpkin to laser-cutting the frame, to “testing” the bot just minutes before the competition. (That has to be a good idea!)

The footage of the pumpkinbot’s rival, Chomp, is equally cool. We love that the hammer weapon is accelerated so quickly that Chomp actually lifts in the air, just as Newton would have predicted. We’re not sure if the fire weapon is good for anything but show, and facing plywood pumpkinbots, but we love the effect.

Continue reading “Don’t Make Your Battlebot Out Of A Pumpkin” →

BASIC Interpreter Hidden In ESP32 Silicon

October 27, 2016 by Elliot Williams 115 Comments

We’ve been keeping up with the ongoing software developed for the ESP32 WiFi chip, and that means a lot of flashing, hooking up random wires, and rebooting. Along the way, we stumbled on an Easter egg: the ESP32 processor has a built-in BASIC interpreter to fall back on.

That’s a cool little hack to find, but we couldn’t find some crucial functions that would have made it a lot more useful. Still, it’s great fun to play around in real-time with the chip. And you’ll absolutely get an LED blinking faster in ESP32 BASIC than you will on an Arduino!

Continue reading “BASIC Interpreter Hidden In ESP32 Silicon” →

Botnet Recall Of Things

October 26, 2016 by Elliot Williams 33 Comments

After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.

Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to ~~300 million~~ 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)

Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.

Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)

Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.

Via threatpost.

Dual-boot Your Arduino

October 25, 2016 by Elliot Williams 28 Comments

There was a time, not so long ago, when all the cool kids were dual-booting their computers: one side running Linux for hacking and another running Windows for gaming. We know, we were there. But why the heck would you ever want to dual-boot an Arduino? We’re still scratching our heads about the application, but we know a cool hack when we see one; [Vinod] soldered the tiny surface-mount EEPROM on top of the already small AVR chip! (Check the video below.)

Aside from tiny-soldering skills, [Vinod] wrote his own custom bootloader for the AVR-based Arduino. With just enough memory to back up the AVR’s flash, the bootloader can shuffle the existing program out to the EEPROM while flashing the new program in. For more details, read the source.

While you might think that writing a bootloader is deep juju (it can be), [Vinod]’s simple bootloader application is written in C, using a style that should be familiar to anyone who has done work with an Arduino. It could certainly be optimized for size, but probably not for readability (and tweakability).

Why would you ever want to dual boot an Arduino? Maybe to be able to run testing and stable code on the same device? You could do the same thing over WiFi with an ESP8266. But maybe you don’t have WiFi available? Whatever, we like the hack and ‘because you can’ is a good enough excuse for us. If you do have a use in mind, post up in the comments!

Continue reading “Dual-boot Your Arduino” →

Internet Doorbell Gone Full-Hipster

October 24, 2016 by Elliot Williams 9 Comments

There are things and there are Things. Hooking up an Internet-connected doorbell that “rings” a piezo buzzer or sends a text message is OK, but it’s not classy. In all of the Internet-of-Things hubbub, too much attention is paid to the “Internet”, which is actually the easy part, and too little attention is paid to the “Things”.

[Moris Metz] is a hacker in Berlin who has a bi-weekly national radio spot. (Only in Germany!) This week, he connected the ubiquitous ESP8266 to a nice old (physical) bell for his broadcast over the weekend. (i”Translated” here.) Check out the video teaser embedded below.

Continue reading “Internet Doorbell Gone Full-Hipster” →