Fly Like You Drive With This Flying RC Drift Car

May 26, 2023 by 9 Comments

So it’s 2023, and you really feel like we should have flying cars by now, right? Well, as long as you ignore the problem of scale presented by [Nick Rehm]’s flying RC drift car, we pretty much do.

At first glance, [Nick]’s latest build looks pretty much like your typical quadcopter. But the design has subtle differences that make it more like a car without wheels. The main difference is the pusher prop at the aft, which provides forward thrust without having to pitch the entire craft. Other subtle clues include the belly-mounted lidar and nose-mounted FPV camera, although those aren’t exactly unknown on standard UAVs.

The big giveaway, though, is the RC car-style remote used to fly the drone. Rather than use the standard two-joystick remote, [Nick] rejiggered his dRehmFlight open-source flight control software to make operating the drone less like flying and more like driving. The lidar is used to relieve the operator of the burden of altitude keeping by holding the drone at about a meter or so off the deck. And the video below shows it doing a really good job of it, for the most part — with anything as complicated as the multiple control loops needed to keep this thing in the air, it’s easy for a sudden input to confuse things.

We have to admit that [Nick]’s creation looks like a lot of fun to fly, or drive — whichever way you want to look at it. Either way, we like the simplification of the flight control system and translating the driving metaphor into flying — it seems like that’ll be something we need if we’re ever to have full-size flying cars.

Continue reading “Fly Like You Drive With This Flying RC Drift Car”

Nice Try, But It’s Not Aperture Synthesis

May 26, 2023 by 17 Comments

Some of the world’s largest radio telescopes are not in fact as physically large as they claim to be, but instead are a group of telescopes spread over a wide area whose outputs are combined to produce a virtual telescope equal in size to the maximum distance between the constituents of the array. Can this be done on the cheap with an array of satellite dishes? It’s possible, but as [saveitforparts] found out when combining a set of Tailgater portable dishes, not simply by linking together the outputs from a bunch of LNBs.

The video below the break still makes for an interesting investigation and the Tailgater units are particularly neat. It prompted us to read up a little on real aperture synthesis, which requires some clever maths and phase measurement for each antenna. Given four somewhat more fancy LNBs with phase-locked local oscillators and an software-defined radio (SDR) for each one then he might be on to something.

If you’re curious about the cyberdeck in the video, you might like to read our coverage of it. And the Tailgater might be a bit small, but you can still make a useful radio telescope from satellite TV parts.

Continue reading “Nice Try, But It’s Not Aperture Synthesis”

Nokia N-Gage QD Becomes Universal Bluetooth Gamepad

May 26, 2023 by 5 Comments

The Nokia N-Gage might not have put up much of a fight against Nintendo’s handheld dynasty, but you can’t say it didn’t have some pretty impressive technology for the time. [BeardoGuy] happens to have a perfectly functional N-Gage QD, which he turned into a universal Bluetooth gamepad.

The handheld runs a program that makes it act as a gamepad, and a DIY Bluetooth dongle is required on the client side. The dongle consists of an ATtiny85-based development board and HC-06 Bluetooth module, and will be recognized as a USB gamepad by just about anything it plugs in to.

[BeardoGuy]’s custom GamepadBT program sends button events via Bluetooth to the dongle, and those events are then sent via USB and look just like those from any standard gamepad.

This project can be used as a resource for how to implement a USB gamepad, whether on a Nokia N-Gage or not. You can see all the details at the project’s GitHub repository, and watch it in action in the video embedded below.

As for the Nokia N-Gage itself, one might be interested to know there’s an up-to-date development environment and even Wordle has been ported to the N-Gage. It may look like a relic of the past, but it is far from being forgotten.

Continue reading “Nokia N-Gage QD Becomes Universal Bluetooth Gamepad”

Learning 3D Printing Best Practices From A Pro

May 26, 2023 by 13 Comments

It might seem like 3D printing is a thoroughly modern technology, but the fact is, it’s been used in the industry for decades. The only thing that’s really new is that the printers have become cheap and small enough for folks like us to buy one and plop it on our workbench. So why not take advantage of all that knowledge accumulated by those who’ve been working in the 3D printing field, more accurately referred to as additive manufacturing, since before MakerBot stopped making wooden printers?

That’s why we asked Eric Utley, an applications engineer with Protolabs, to stop by the Hack Chat this week. With over 15 years of experience in additive manufacturing, it’s fair to say he’s seen the technology go through some pretty big changes. Hes worked on everything from the classic stereolithography (SLA) to the newer Multi Jet Fusion (MJF) printers, with a recent focus on printing in metals such as Inconel and aluminum. Compared to the sort of 3D printers he’s worked with, we’re basically playing with hot, semi-melted, LEGOs — but that doesn’t mean some of the lessons he’s learned can’t be applied at the hobbyist level. Continue reading “Learning 3D Printing Best Practices From A Pro”

Hackaday Podcast 220: Transparent Ice, Fake Aliens, And Bendy Breadboards

May 26, 2023 by 7 Comments

You can join Elliot and Al as they get together to talk about their favorite hacks of the week. There’s news about current contests, fake alien messages, flexible breadboards, hoverboards, low-tech home automation, and even radioactive batteries that could be a device’s best friend.

We have a winner in the What’s that Sound competition last week, which was, apparently, a tough one. You’ll also hear about IC fabrication, FPGAs, and core memory. Lots to talk about, including core memory, hoverboards, and vacuum tubes.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Or download all the things!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 220: Transparent Ice, Fake Aliens, And Bendy Breadboards”

UAV Flight Controller Saves Weight

May 26, 2023 by 12 Comments

When building autonomous airborne vehicles like drones or UAVs, saving a little bit of weight goes a long way, literally. Every gram saved means less energy needed to keep the aircraft aloft and ultimately more time in the air, but unmanned vehicles often need to compromise some on weight in order to carry increased computing abilities. Thankfully this one carries a dizzying quantity of computer power for an absolute minimum of weight, and has some clever design considerations to improve its performance as well.

The advantage of this board compared to other similar offerings is that it is built to host a Raspberry Pi Compute Module 4, while the rest of the flight controllers are separated out onto a single circuit board. This means that the Pi is completely sandboxed from the flight control code, freeing up computing power on the Pi and allowing it to run a UAV-specific OS like OpenHD or RubyFPV. These have a number of valuable tools available for unmanned flight, such as setting up a long range telemetry and camera links. The system itself supports dual HD camera input as well as additional support for other USB devices, and also includes an electronic speed controller mezzanine which has support for quadcopters and fixed wing crafts.

Separating non-critical tasks like cameras and telemetry from the more important flight controls has a number of benefits as well, including improved reliability and simpler software and program design. And with a weight of only 30 grams, it won’t take too much cargo space on most UAVs. While the flight computer is fairly capable of controlling various autonomous aircraft, whether it’s a multi-rotor like a quadcopter or a fixed wing device, you might need a little more computing power if you want to build something more complicated.

This Week In Security: Gitlab, KeyPassMini, And Horse

May 26, 2023 by 6 Comments

There’s a really nasty CVSS 10.0 severity vulnerability in Gitlab 16.0.0. The good news is that this is the only vulnerable version, and the fix came a mere two days after the vulnerable release. If you happened to be very quick to go to 16.0.0, then be very quick to get the fix, because CVE-2023-2825 looks like a bad one.

An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

That’s a very specific set of requirements for vulnerability, so it seems like hardly any installs would be vulnerable. The rest of the story is that regular users can create groups, and many installs allow for open user registration. So if you’re running Gitlab 16.0.0, update now!

KeyPassMini

A Redditor got a surprising notice that someone attempted to access a bank account, but failed two-factor authentication. That seemed odd, and led the Redditor down the rabbithole of auditing applications. And one iOS app in particular stood out as maybe problematic — KeyPassMini.

The app was a mobile client for KeyPass, the password manager. The problem was some analytics. It looks like KeyPassMini was bundling up some system information and uploading it to a server controlled by the creator. Analytics are often unpopular, but this app was including the system clipboard contents in the uploaded data. Yikes! And it gets worse: The app does password fills by using that same clipboard, so some of the protected passwords may have been scooped up into that analytics data. And sent unencrypted. Oof.

Now, the app author has pulled the plug on the app altogether, and responded on the old Github project page. It’s a bit odd, but it’s perfectly believable that there were no ill intentions here. Regardless, code to send the clipboard is a big problem, and definitely undoes a lot of trust in a project.

And KeyPass itself has a problem, though much less worrying. KeyPass attempts to keep sensitive data out of its own memory when possible. This approach aims to protect even in the event of a compromised machine. [vdohney] on Sourceforge discovered that there is a channel to recover the master password, by being just a bit clever. When a user types in the master password, by default, KeyPass will show the last letter typed, and replace the previous letters with bullets. But each iteration of that string ends up in program memory, so a privileged attacker can get a memory dump, look for the bullet characters, and find a set of leftover strings like •a, ••s, •••s, ••••w, •••••o, ••••••r, •••••••d. It’s an easy password grab. Now remember, this essentially implies an attacker has memory access on your system, so it’s not a gaping weakness in KeyPass.

As you can see from the POC on GitHub, the problem is that a .NET text box keeps the strings in memory, so it probably hits both Windows and Linux users under Mono. The proposed solution that the KeyPass team is taking is to poison the well with enough random characters that retrieving the correct password is a lot harder. It’s still getting fixed in the next release.

Horse Shell for MIPS Routers

Checkpoint Research brings us news of the Horse Shell, a bit of malware specifically for MIPS architecture routers running Linux. It’s been found in TP-Link firmware images so far, but as so many of those routers are essentially based on the same Linux SDK, the malware appears to be applicable to many models. The exact firmware images being examined were found in a collection of tools used by Camaro Dragon, a rather catchy name for a Chinese APT group.

The firmware images have some of the normal bits you would expect, like data collection, remote shell, and remote proxy support. They have some really sneaky tricks, too, like storing part of the data on the partition reserved for WiFi calibration data. One has to wonder if hijacking that partition negatively affects the router’s wireless performance. In the firmware images examined, the quickest tell is to go to the firmware upgrade page. If it’s blank, without a form to upload new firmware, you may have the malicious image.

WordPress

WordPress 6.2.1 has a security fix, that is then improved upon in 6.2.2, where block themes could parse user-generated shortcodes. A shortcode is tags inside [brackets], that gets replaced by more complicated data. We use a code shortcode all the time here on Hackaday, to try to get source code to render nicely, angle brackets and all.

It turns out, the fix in 6.2.1 went a little overboard, breaking quite a few sites by disabling shortcodes in block themes altogether. The situation in 6.2.2 is a bit better, with most of the problems being dealt with. Sometimes it’s hard to tell the bugs and the features apart.

And a WordPress plugin, Beautiful Cookie Consent Banner, is under active attack for a Cross-Site Scripting vulnerability. The attack is odd, as WordPress.org shows just 40,000 active installs, and almost 1.5 million sites have been sent the malicious payload to try to exploit the plugin. And the kicker? It looks like the payload on this attack is a dud, and fails to actually infect a vulnerable site. It can still goober a vulnerable site, so make sure to check your plugins.

Bits and Bytes

Speaking of plugins, be careful what VScode plugins you use. They’re not all friendly. Microsoft has been working to keep malicious plugins off the official marketplace, but that arms race never seems to have an end. And as such, there were a couple known malicious plugins with nearly 50,000 installs.

For some in-depth fun, check out this PDF paper on Android Fingerprint Reader attacks. It seems simple, right? Take a screenshot of a finger, compare it to a known data set, and lock the phone if the test fails too many times. It is, of course, not quite that simple. Researchers formulated two loopholes, Cancel-After-Match-Fail and Match-After-Lock, both of which abuse user-friendly features to manage way more attempts at a fingerprint read. Read the paper for the juicy details.

And finally, Troy Hunt had some fun at the expense of a scammer. Troy’s wife was selling a fridge on Gumtree, and they decided to play along with a suspicious “buyer”. Turns out, it’s the old agent fee scam. I’ll give you the money you asked for, plus $800 to cover the fee. Can you forward that extra money on? But of course, the Paypal confirmation message was faked, and there was no money paid. Troy managed to get an impressive bit of information, including that the scam is actually being run out of, you guessed it, Nigeria. Shipping would be a pain. ><