Start Your Engines!

May 23, 2020 by Elliot Williams 11 Comments

Here we go again: The 2020 Hackaday Prize has just been announced! And as usual, we want to see you all using your powers for good, to help make the world a better place. The twist this year is that four nonprofits have been selected, and your job is to help them with their goals: developing solutions to aid ocean conservation, creating or redesigning open-source assistive tools for people with cerebral palsy, designing modular housing for communities in need, and engineering open-source medical and technical tools that can be easily built in the field.

How often have you wanted to help, but been held back by lacking the background knowledge of which problems to tackle, or where to start? That’s the point of teaming up with non-profits that already have a very tangible need right now.

Oh, and did we mention the prize money? Not only can you do good, but you’ll also do well! The Best All Around Solution gets $50,000, there are four $10,000 prizes, one for each non-profit, $3,000 honorable mentions, a $5,000 wildcard, twenty $500community-chosen prizes, and then the twelve two-month Dream Team grants.

Pshwew! There’s something for everyone, and that’s made possible by our sponsors:Supplyframe, Digi-Key, Microchip, and ARM.

We’ve got four good ways for you to do good. Get out there and get hacking!

Is It A Toy? A Prototype? It’s A Hack!

May 16, 2020 by Elliot Williams 2 Comments

Some of the coolest hacks do a lot with a little. I was just re-watching a video from [Homo Faciens], who after building a surprisingly capable CNC machine out of junk-bin parts and a ton of ingenuity, was accidentally challenged by Hackaday’s own [Dan Maloney] to take it a step further. [Dan] was only joking when he asked “Can anyone build a CNC machine out of cardboard and paperclips?”, but then [Homo Faciens] replied: cardboard and paperclip CNC plotter. Bam!

My favorite part of the cardboard project is not just the clever “encoder wheel” made of a bolt dipped in epoxy, with enough scraped off that it contacts a paperclip once per rotation. Nor was it the fairly sophisticated adjustable slides and ways that he built to mimic the functionality of the real deal. Nope.

My favorite part of this project is [Norbert] explaining that the machine has backlash here, and it’s got play there, due to frame flex. It is a positive feature of the machine. The same flaws that a full-metal machine would have are all present here, but due to the cheesy construction materials, you can see them with the naked eye instead of requiring a dial indicator. Because it wiggles visible tenths of an inch where a professional mill would wiggle invisible thousandths, that helps you build up intuition for the system.

This device isn’t a “prototype” because there’s no way [Norbert] intends it for serious use. But it surely isn’t just a “toy” either. “Instructional model” makes it sound like a teaching aid, created by a know-it-all master, intended to be consumed by students. If anything, there’s a real sense of exploration, improvisation, and straight-up hacking in this project. I’m sure [Norbert] learned as much from the challenge as we did from watching him tackle it. And it also captures the essence of hacking: doing something unexpected with tech.

Surprise us!

How Much Is DIY Worth To You?

May 9, 2020 by Elliot Williams 104 Comments

It all started with an article about Wink Labs putting a monthly fee on their previously free service. It wasn’t so much the amount they were asking ($5 / month) that raised my hackles, but rather the fact that they would essentially render a device that you ostensibly bought worthless unless you paid up. I’ve ranted about this enough recently, and the quick summary is that IoT companies seem very bad at estimating their true costs, and the consumer ends up suffering for it.

So I started thinking about the price myself. Is $5 per month for a home automation service a lot or a little? On one hand, if you stretch that out to, say, 10 years, you end up with a net present value of something north of $400, plus $70 for the device. That’s a lot, right? Surely, I could DIY myself a solution for less? Or am I falling into the same IoT trap?

This isn’t hypothetical, because I already have a modest DIY home automation system. We run a bunch of switches, have temperature and humidity loggers in relevant rooms, and the washer and dryer notify us when they’re done. I also use the MQTT infrastructure for all sorts of fun projects, but that’s a bonus. Our hub is a $10 Orange Pi and a long-since depreciated WRT54g router, and it’s run for four years now, and probably will last another six. So that looks like $460 in my pocket.

On the other hand, it’s only really a bargain for me because I already knew what I was doing when I set the system up, and what I didn’t know I wanted to learn. Realistically, I probably spent around 20 hours on the system in total, but most of that has been adding in new devices and tweaking old ones. You’d have to do this sort of thing with any other system too, although my guess is that the professional systems are more streamlined at enrolling new gadgets: I have a whole directory full of Python scripts running as daemons and have to do a lot of hand editing. Still, assuming nothing else drastic happens to the system, I’m probably winning by DIYing here.

But imagine that I had little or no technical clue, and even flashing an image of a pre-configured home automation system to a Raspberry Pi were new. How much time does it take to learn how to do something like that? How much time to learn to administer even such a simple system on your home network? If it took the real me 20 hours, it could be easily twice that much for the hypothetical me. Let’s say 46 hours of time invested. $10 / hour is below minimum wage in many places, and this isn’t minimum wage labor, and that was fairly optimistic.

In the end, the $5 per month is probably pretty fair if the system works. Indeed, when I look around at all of the systems I’ve built, most all of them have taken more time to build than I thought when I was starting. Of course, I’ve enjoyed it most of the time, so maybe it’s not fair to apply my full consulting rates. (Which if I charged my father-in-law for tech support, I’d be rich!) But it’d probably be naive to say that everyone should just DIY themselves a home automation solution when the going gets tough.

So look around you and revel in the hours you’ve spent on your various DIY projects. Who knew that they were worth so much?

Ask Hackaday: Wink Hubs, Extortion As A Service?

May 7, 2020 by Elliot Williams 142 Comments

Wink Labs just announced that their home automation hub, the Wink Hub, is “transitioning to a $4.99 monthly subscription, starting on May 13, 2020.” Should you fail to pay the fiver every month, you will lose access to their app, voice control, and automations, which is everything it does as far as we can tell.

This is an especially bitter pill to swallow for Hub users, because the device was just that — a hub. It speaks Bluetooth, Z-Wave, ZigBee, WiFi, Kidde, and a couple other specific device protocols, interfaces with Amazon’s Alexa, has a handy Android master panel app, and had a nice “robot” system that made the automation side of “home automation” simple for normal people. In short, with its low one-time purchase price, compatibility with many devices, nice phone app, and multiple radios, it was a great centerpiece for a home-automation setup.

“Nice home automation system you’ve got there. Would be a shame if anything happened to it.”

Continue reading “Ask Hackaday: Wink Hubs, Extortion As A Service?” →

Hardware Hacker’s Marie Kondo: How Many LM386s Is Too Many?

May 2, 2020 by Elliot Williams 57 Comments

We’re running a contest on Making Tech at Home: building projects out of whatever you’ve got around the house. As a hacker who’s never had a lab outside of my apartment, house, or hackerspace, I had to laugh at the premise. Where the heck else would I hack?

The idea is that you’re constrained to whatever parts you’ve got on hand. But at the risk of sounding like Scrooge McDuck sitting on a mountain of toilet paper, I’ve got literally hundreds of potentiometers in my closet, a couple IMUs, more microcontrollers than you can shake a stick at, and 500 ml of etching solution waiting for me in the bathroom. Switches, motors, timing belts, nichrome wire…maybe I should put in an order for another kilogram of 3D printer filament. In short, unless it’s a specialty part or an eBay module, I’m basically set.

But apparently not everyone is so well endowed. I’ve heard rumors of people who purchase all of the parts for a particular project. That ain’t me. The guru of household minimalism asks us to weigh each object in our possession and ask “does it spark joy?”. And the answer, when I pull out the needed 3.3 V low-dropout regulator and get the project built now instead of three days from now, is “yes”.

And I’m not even a hoarder. (I keep telling myself.) The rule that keeps me on this side of sanity: I have a box for each type of part, and they are essentially fixed. When no more motors fit in the motor box, no more motors are ordered, no matter how sexy, until some project uses enough of them to free up space. It’s worked for the last 20 years, long before any of us had even heard of Marie Kondo.

So if you also sit atop a heap of VFD displays like Smaug under the Lonely Mountain, we want to see what you can do. If you do win, Digi-Key is sending you a $500 goodie box to replenish your stash. But even if you don’t win, you’ve freed up space in the “Robot Stuff” box. That’s like winning, and you deserve some new servos. Keep on hacking!

You Need More Weird

April 25, 2020 by Elliot Williams 61 Comments

What do you do when you need to solve a problem creatively? Me, I go for a walk, preferably in the woods. It’s about as far away from the desk and computer as possible, and somehow getting outside of the box that is my office helps me to think outside of the metaphorical box as well. Maybe it’s the fresh air, maybe it’s the exercise. Or maybe, it’s putting my physical head in a different (head)space that helps me to think differently.

Psychologists are finding that being outside, being an outsider, or even just being exposed to the straight-up strange can help you think weirder, that is, more creatively. That artists, authors, and other hyper-creative folks are often a little bit odd is almost a cliche. Think of the artists who did their best work while under the influence of drugs, mental illness, or drastic dislocations.

The good news is that you might not have to go so far. Psychologists are able to measure increases in creative problem solving simply by exposing people to weirdness. And you don’t have to go on a magic-mushroom trip to get there either. In one study, this was playing in an upside-down VR world before answering a questionnaire, for instance. Ray Wilson meant it tongue-in-cheek when he suggested that building a silly synthesizer would help you think, but who’s laughing now that science is backing him up?

So if you find yourself, as I do, stuck inside the same four walls, make sure that you break out of the box from time to time. Expose your brain to weird, for your own creativity’s sake. Make some time for a completely wacky project. And of course, read more Hackaday! (We’ve got weird.)

Researchers Break FPGA Encryption Using FPGA Encryption

April 23, 2020 by Elliot Williams 18 Comments

FPGAs are awesome — they can be essentially configured into becoming any computing device you want. Simply load your selected bitstream into the device on boot, and it behaves like a different piece of hardware. With great power comes great responsibility.

You might try to hack a given FPGA system by getting between the EEPROM that stores the bitstream and the FPGA during bootup, but FPGA manufacturers are a step ahead of you. Xilinx 7 series FPGAs have an onboard encryption and signing engine, and facilities for storing a secret key. Once the security bit is set, bitstreams coming in have to be encrypted to protect from eavesdropping, and HMAC-signed to assure that they are authentic. You can’t simply read the bitstream in transit or inject your own.

Researchers at Ruhr University Bochum and Max Planck Institute for Cybersecurity and Privacy in Germany have figured out a way to use the FPGA’s own encryption engine against itself to break both of these security guarantees for the entire mainstream 7-series. The attack abuses a MultiBoot function that allows you to specify an address to begin execution after reboot. The researchers send 32 bits of the encoded payload as a MultiBoot address, the FPGA decrypts it and stores it in a register, and then resets because their command wasn’t correctly HMAC signed. But because the WBSTAR register is meant to be readable on boot after reset, the payload is still there in its decrypted form. Repeat for every 32 bits in the bitstream, and you’re done.

Pulling off this attack requires physical access to the FPGA’s debug pins and up to 12 hours, so you only have to worry about particularly dedicated adversaries, but the results are catastrophic — if you can reconfigure an FPGA, you can make it do essentially anything. Security-sensitive folks, we have three words of consolation for you: “restrict physical access”.

What does this mean for Hackaday? If you’re looking at a piece of hardware with a hardened Xilinx 7-series FPGA in it, you’ll be able to use it, although it’s horribly awkward for debugging due to the multi-hour encryption procedure. Anyone know of a good side-channel bootloader for these chips? On the other hand, if you’re just looking to dig secrets out from the bitstream, this is a one-time cost.

This hack is probably only tangentially relevant to the Symbiflow team’s effort to reverse-engineer an open-source toolchain for this series of FPGAs. They are using unencrypted bitstreams for all of their research, naturally, and are almost done anyway. Still, it widens the range of applicability just a little bit, and we’re all for that.

[Banner image is a Numato Lab Neso, and comes totally unlocked naturally.]