Hackaday Berlin: First Round Of Talks

March 7, 2023 by Elliot Williams 11 Comments

We’re super excited to announce the first round of speakers for Hackaday Berlin! We’re set to convene on Friday night, March 24th for an evening warm up before the main show on Saturday, March 25. Featuring the triumphant return of Voja’s 4-bit badge, a crew of awesome speakers, lightning talks, workshops, music, food, badge hacking, and all the best of the Hackaday community, this will be a day to remember. And then we’ll chill out Sunday morning with a Bring-a-Hack brunch.

So without further ado: the first round of speakers!

Jiska Classen
Hacking Closed-Source: Reverse Engineering Real-World Products

Closed-source software is prevalent in our everyday lives, limiting our ability to understand how it works, which privacy implication it poses to the processed data, and addressing potential issues in time. Despite the growth of open-source movements, users often have no choice but to rely on closed-source solutions, e.g., for medical devices and IoT products. We’ll discuss key techniques to help you get started with reverse engineering. Hacking your own devices can be challenging, bricking a device is not uncommon, but so is celebrating the moments of a revived and modified device.

James Bruton
Being a Full-Time YouTuber

YouTube is my full-time job and has been for four years. I create STEM education content using everything from 3D printing, CNC, Welding, to Microcontrollers and Coding. Find out how I got started, how I make money, what goes on in the background, and what my future plans are. I’ll tell you how you can do it too!

Trammell Hudson
Hacking your dishwasher for cloudless appliances

Why does your dishwasher, laundry or coffee-pot need to talk to the cloud? In this presentation, Trammell Hudson shows how he reverse engineered the encrypted connections between Home Connect appliances and the Bosch-Siemens Cloud servers, and how you can control your own appliances with your self-hosted MQTT home automation system by extracting the devices’ authentication keys and connecting to their local websocket ports. No cloud required!

Bleeptrack
Oops, my project ended up in a museum

Parameterized design allows for the adaption of projects to different needs but can also change the aesthetic to a persons liking. Bleeptrack will walk you through the creation process and tools of her generative projects, talk about her experience manufacturing unique pieces and explains how to cope when your freshly finished project gets locked up in an art exhibition for a few months.

Ali Shtarbanov
Creating Hardware Development Platforms for Real-World Impact: FlowIO Platform

What does it really take do create and deploy a development platform for real-world impact? Why do we need development platforms and how can they democratize emerging fields and accelerate innovation? Why do most platform attempts fail and only very few succeed in terms of impact? I will discuss the key characteristics that any platform technology must have in order for it to be able to useful for diverse users. FlowIO was the winner of the 2021 Hackaday Grand Prize as well as over a dozen other engineering, research, and design awards.

Come join us!

You!

Whatever you’re up to.

We want you to bring your current project, world-changing ideas, or simply fun hacks for a 7-minute lightning talk!

ChatGPT, Bing, And The Upcoming Security Apocalypse

March 4, 2023 by Elliot Williams 44 Comments

Most security professionals will tell you that it’s a lot easier to attack code systems than it is to defend them, and that this is especially true for large systems. The white hat’s job is to secure each and every point of contact, while the black hat’s goal is to find just one that’s insecure.

Whether black hat or white hat, it also helps a lot to know how the system works and exactly what it’s doing. When you’ve got the source code, either because it’s open-source, or because you’re working inside the company that makes the software, you’ve got a huge advantage both in finding bugs and in fixing them. In the case of closed-source software, the white hats arguably have the offsetting advantage that they at least can see the source code, and peek inside the black box, while the attackers cannot.

Still, if you look at the number of security issues raised weekly, it’s clear that even in the case of closed-source software, where the defenders should have the largest advantage, that offense is a lot easier than defense.

So now put yourself in the shoes of the poor folks who are going to try to secure large language models like ChatGPT, the new Bing, or Google’s soon-to-be-released Bard. They don’t understand their machines. Of course they know how the work inside, in the sense of cross multiplying tensors and updating weights based on training sets and so on. But because the billions of internal parameters interact in incomprehensible ways, almost all researchers refer to large language models’ inner workings as a black box.

And they haven’t even begun to consider security yet. They’re still worried about how to construct obscure background prompts that prevent their machines from spewing hate speech or pornographic novels. But as soon as the machines start doing something more interesting than just providing you plain text, the black hats will take notice, and someone will have to figure out defense.

Indeed, this week, we saw the first real shot across the bow: a hack to make Bing direct users to arbitrary (bad) webpages. The Bing hack requires the user to already be on a compromised website, so it’s maybe not very threatening, but it points out a possible real security difference between Bing and ChatGPT: Bing gives you links to follow, and that makes it a juicy target.

We’re right on the edge of a new security landscape, because even the white hats are facing a black box in the AI. So far, what ChatGPT and Codex and other large language models are doing is trivially secure – putting out plain text – but Bing is taking the first dangerous steps into doing something more useful, both for users and black hats. Given the ease with which people have undone OpenAI’s attempts to keep ChatGPT in its comfort zone, my guess is that the white hats will have their hands full, and the black-box nature of the model deprives them of their best hope. Buckle your seatbelts.

Simultaneous Invention, All The Time?

February 25, 2023 by Elliot Williams 20 Comments

As Tom quipped on the podcast this week, if you have an idea for a program you’d like to write, all you have to do is look around on GitHub and you’ll find it already coded up for you. (Or StackOverflow, or…) And that’s probably pretty close to true, at least for really trivial bits of code. But it hasn’t always been thus.

I was in college in the mid 90s, and we had a lab of networked workstations that the physics majors could use. That’s where I learned Unix, and where I had the idea for the simplest program ever. It took the background screen color, in the days before wallpapers, and slowly random-walked it around in RGB space. This was set to be slow enough that anyone watching it intently wouldn’t notice, but fast enough that others occasionally walking by my terminal would see a different color every time. I assure you, dear reader, this was the very height of wit at the time.

With the late 90s came the World Wide Web and the search engine, and the world got a lot smaller. For some reason, I was looking for how to set the X terminal background color again, this time searching the Internet instead of reading up in a reference book, and I stumbled on someone who wrote nearly exactly the same random-walk background color changer. My jaw dropped! I had found my long-lost identical twin brother! Of course, I e-mailed him to let him know. He was stoked, and we shot a couple funny e-mails back and forth riffing on the bizarre coincidence, and that was that.

Can you imagine this taking place today? It’s almost boringly obvious that if you search hard enough you’ll find another monkey on another typewriter writing exactly the same sentence as you. It doesn’t even bear mentioning. Heck, that’s the fundamental principle behind Codex / CoPilot – the code that you want to write has been already written so many times that it will emerge as the most statistically likely response from a giant pattern-matching, word-word completion neural net model.

Indeed, stop me if you’ve read this before.

Come Join Us For Hackaday Berlin!

February 7, 2023 by Elliot Williams 55 Comments

It’s been far too long since we’ve had an event in Europe, and we’re going to fix that right now. Hackaday Berlin 2023 will be a day-long conference full of great talks, badge hacking, music, art, madness, and gathering with your favorite hackers on Saturday, March 25.

But it doesn’t stop there. We’ll have a pre-event party Friday night, and then a bring-a-hack brunch on Sunday with further opportunities to show off whatever projects you’re bringing along, hack some more on the badge, wind down, and/or play together. So if your travel plans allow it, come in Friday mid-day and don’t schedule your return ticket until Sunday evening.

Cutting to the chase: early bird tickets are on sale right now, so go get one! But even if you miss out on those, and they’ll go like hotcakes, the regular tickets are well worth it. Everything is fully catered, the badge and the swag are phenomenal, and the talks will be first-rate.

Last time we were in Europe, the party went on until 2 AM!

Saturday’s main events will include a handful of fantastic invited guest talks, but also a few hours of Lightning Talks given by you – yes, you! If you’ve never attended a lightning talk, you get seven minutes to run through one of your favorite projects. We want to know what’s on your workbench right now, what new skills you’ve been teaching yourself, or the groundwork you’ve been laying for the next big project. It’s your chance to inspire everyone in the room – grab it.

Everyone asked us to do a second run of the 2022 Hackaday Supercon badge, and now we’ve got the perfect excuse! Designed by Voja Antonic, the badge is a standalone retrocomputer in the style of an Altair or similar, but it’s much more. Between blinking LEDs that display everything going on, down to the gates in the ALU, and a trimmed-down machine language, it’s an invitation to get deeply in touch with the machine. If you felt left out because you couldn’t travel to Pasadena last November, here’s your second chance.

And then there’s the crowd. Hackaday really is a global community of hackers, and Hackaday events tend to bring out the best. Even if you’re not planning to give a lightning talk (and you should!) be prepared to talk about what you’re doing, because everyone else there is just as interested in cool projects as you are. Hackaday Berlin will be a great opportunity to connect and reconnect with new and old friends alike. Come join us!

We’ll be following up with a speaker announcement next week, but if you have any questions, let us know in the comments below. Otherwise, we’ll see you in Berlin.

Copyright Data, But Do It Right

February 4, 2023 by Elliot Williams 33 Comments

Copyright law is a triple-edged sword. Historically, it has been used to make sure that authors and rock musicians get their due, but it’s also been extended to the breaking point by firms like Disney. Strangely, a concept that protected creative arts got pressed into duty in the 1980s to protect the writing down of computer instructions, ironically a comparatively few bytes of BIOS code. But as long as we’re going down this strange road where assembly language is creative art, copyright law could also be used to protect the openness of software as well. And doing so has given tremendous legal backbone to the open and free software movements.

So let’s muddy the waters further. Looking at cases like the CDDB fiasco, or the most recent sale of ADSB Exchange, what I see is a community of people providing data to an open resource, in the belief that they are building something for the greater good. And then someone comes along, closes up the database, and sells it. What prevents this from happening in the open-software world? Copyright law. What is the equivalent of copyright for datasets? Strangely enough, that same copyright law.

Data, being facts, can’t be copyrighted. But datasets are purposeful collections of data. And just like computer programs, datasets can be licensed with a restrictive copyright or a permissive copyleft. Indeed, they must, because the same presumption of restrictive copyright is the default.

I scoured all over the ADSB Exchange website to find any notice of the copyright / copyleft status of their dataset taken as a whole, and couldn’t find any. My read is that this means that the dataset is the exclusive property of its owner. The folks who were contributing to ADSB Exchange were, as far as I can tell, contributing to a dataset that they couldn’t modify or redistribute. To be a free and open dataset, to be shared freely, copied, and remixed, it would need a copyleft license like Creative Commons or the Open Data Commons license.

So I’ll admit that I’m surprised to have not seen permissive licenses used around community-based open data projects, especially projects like ADSB Exchange, where all of the software that drives it is open source. Is this just because we don’t know enough about them? Maybe it’s time for that to change, because copyright on datasets is the law of the land, no matter how absurd it may sound on the face, and the closed version is the default. If you want your data contributions to be free, make sure that the project has a free data license.

Speak To The Machine

January 28, 2023 by Elliot Williams 16 Comments

If you own a 3D printer, CNC router, or basically anything else that makes coordinated movements with a bunch of stepper motors, chances are good that it speaks G-code. Do you?

If you were a CNC machinist back in the 1980’s, chances are very good that you’d be fluent in the language, and maybe even a couple different machines’ specialized dialects. But higher level abstractions pretty quickly took over the CAM landscape, and knowing how to navigate GUIs and do CAD became more relevant than knowing how to move the machine around by typing.

a Reprap Darwin — Reprap Darwin: it was horrible, but it was awesome.

Strangely enough, I learned G-code in 2010, as the RepRap Darwin that my hackerspace needed some human wranglers. If you want to print out a 3D design today, you have a wealth of convenient slicers that’ll turn abstract geometry into G-code, but back in the day, all we had was a mess of Python scripts. Given the state of things, it was worth learning a little G-code, because even if you just wanted to print something out, it was far from plug-and-play.

For instance, it was far easier to just edit the M104 value than to change the temperature and re-slice the whole thing, which could take an appreciable amount of time back then. Honestly, we were all working on the printers as much as we were printing. Knowing how to whip up some quick bed-levelling test scripts and/or demo objects in G-code was just plain handy. And of course the people writing or tweaking the slicers had to know how to talk directly to the machine.

Even today, I think it’s useful to be able to speak to the machine in its native language. Case in point: the el-quicko pen-plotter I whipped together two weekends ago was actually to play around with Logo, the turtle language, with my son. It didn’t take me more than an hour or so to whip up a trivial Logo-alike (in Python) for the CNC: pen-up, pen-down, forward, turn, repeat, and subroutine definitions. Translating this all to machine moves was actually super simple, and we had a great time live-drawing with the machine.

So if you want to code for your machine, you’ll need to speak its language. A slicer is great for the one thing it does – turning an STL into G-code, but if you want to do anything a little more bespoke, you should learn G-code. And if you’ve got a 3D printer kicking around, certainly if it runs Marlin or similar firmware, you’ve got the ideal platform for exploration.

Does anyone else still play with G-code?