Standing Desk Uses Pneumatics To Do The Job

Most standing desks on the market use electric motors or hand cranks to raise and lower the deck. However, [Matthias Wandel] found a Kloud standing desk that used an altogether different set up. He set about figuring out how it worked in the old-fashioned way—by pulling it apart.

The Kloud desk relies on pneumatics rather than electrical actuators to move up and down. Inside the desk sits a small tank that can be pressurized with a hand-cranked mechanism. A lever can then be used to release pressure from this tank into a pair of pneumatic cylinders that drive the top of the desk upwards. The two cylinders are kept moving in sync by a tensioned metal ribbon that ties the two sides together. The mechanism is not unlike a gas lift chair—holding the lever and pushing down lets the desk move back down. Once he’s explained the basic mechanism, [Matthias] gets into the good stuff—pulling apart the leg actuator mechanism to show us what’s going on inside in greater detail.

If you’ve ever thought about building your own standing desk, this might be a video worth watching. We’ve featured some other great pneumatics projects before, too. Video after the break.

Continue reading “Standing Desk Uses Pneumatics To Do The Job”

Can Digital Poison Corrupt The Algorithm?

These days, so much of what we see online is delivered by social media algorithms. The operations of these algorithms are opaque to us; commentators forever speculate as to whether they just show us what they think we want to see, or whether they try to guide our thinking and habits in a given direction. The Digital Poison device  from [Lucretia], [Auxence] and [Ramon] aims to twist and bend the algorithm to other ends.

The concept is simple enough. The device consists of a Raspberry Pi 5 operating on a Wi-Fi network. The Pi is set up with scripts to endlessly play one or more select YouTube videos on a loop. The videos aren’t to be watched by anyone; the device merely streams them to rack up play counts and send data to YouTube’s recommendation algorithm. The idea is that as the device plays certain videos, it will skew what YouTube recommends to users sharing the same WiFi network based on perceived viewer behavior.

To achieve subtle influence, the device is built inside an unobtrusive container. The idea being that it could be quietly connected to a given WiFi network to stream endlessly, in turn subtly influencing the view habits of other users on the same network.

It’s difficult to say how well this concept would work in practice. In many cases, sites like YouTube have robust user tracking that feeds into recommendation algorithms. Activity from a random user signed into the same network might not have much of an influence. However, conceptually, it’s quite interesting, and the developers have investigated ways to log the devices operation and compare it to recommendations fed to users on the network. Privacy provisions make this difficult, but it may be possible to pursue further research in this area. Files are on Github for the curious.

Ultimately, algorithms will always be a controversial thing as long as the public can’t see how they work or what they do. If you’re working on any projects of your own in this space, don’t hesitate to let us know!

[Thanks to Asher for the tip!]

Hackaday Podcast Episode 326: A DIY Pockels Cell, Funny Materials To 3D Print With, And Pwning A Nissan Leaf

Time for another European flavoured Hackaday Podcast this week, as Elliot Williams is joined by Jenny List, two writers sweltering in the humidity of a Central European summer. Both of our fans and air conditioners made enough noise to be picked up on the microphone when they were turned on, so we’re suffering for your entertainment.

The big Hackaday news stories of the week are twofold, firstly a cat-themed set of winners for the 2025 Pet Hacks contest, and then the announcement of a fresh competition: the 2025 Hackaday One Hertz Challenge. Get your once-a-second projects ready!

This week gave us a nice pile of interesting hacks, including some next-level work growing and machining the crystal for a home-made Pockels cell light valve, an upcoming technique for glass 3D prints, and enough vulnerabilities to make any Nissan Leaf owner nervous. We note that mechanical 7-segment displays are an arena showing excellent hacks, and we’re here for it.

Meanwhile among the quick hacks a filament made of PLA with a PETG core caught Elliot’s eye, while Jenny was impressed with a beautifully-made paper tape punch. Finally in the can’t miss section, The latest in Dan Maloney’s Mining and Refining series looks at drilling and blasting. Such an explosive piece should come last, but wait! There’s more! Al Williams gives us a potted history of satellite phones, and explains why you don’t carry an Iridium in your pocket.

Or download it your own fine self. MP3 for free!

Continue reading “Hackaday Podcast Episode 326: A DIY Pockels Cell, Funny Materials To 3D Print With, And Pwning A Nissan Leaf”

Audio Localization Gear Built On The Cheap

Most humans with two ears have a pretty good sense of directional hearing. However, you can build equipment to localize audio sources, too. That’s precisely what [Sam], [Ezra], and [Ari] did for their final project for the ECE4760 class at Cornell this past Spring. It’s an audio localizer!

The project is a real-time audio localizer built on a Raspberry Pi Pico. The Pico is hooked up to three MEMS microphones which are continuously sampled at a rate of 50 kHz thanks to the Pico’s nifty DMA features. Data from each microphone is streamed into a rolling buffer, with peaks triggering the software on the Pico to run correlations between channels to determine the time differences between the signal hitting each microphone. Based on this, it’s possible to estimate the location of the sound source relative to the three microphones.

The team goes into great deal on the project’s development, and does a grand job of explaining the mathematics and digital signal processing involved in this feat. Particularly nice is the heatmap output from the device which gives a clear visual indication of how the sound is being localized with the three microphones.

We’ve seen similar work before, too, like this project built to track down fireworks launches. Video after the break.

Continue reading “Audio Localization Gear Built On The Cheap”

This Week In Security: MegaOWNed, Store Danger, And FileFix

Earlier this year, I was required to move my server to a different datacenter. The tech that helped handle the logistics suggested I assign one of my public IPs to the server’s Baseboard Management Controller (BMC) port, so I could access the controls there if something went sideways. I passed on the offer, and not only because IPv4 addresses are a scarce commodity these days. No, I’ve never trusted a server’s built-in BMC. For reasons like this MegaOWN of MegaRAC, courtesy of a CVSS 10.0 CVE, under active exploitation in the wild.

This vulnerability was discovered by Eclypsium back in March and it’s a pretty simple authentication bypass, exploited by setting an X-Server-Addr header to the device IP address and adding an extra colon symbol to that string. Send this along inside an HTTP request, and it’s automatically allowed without authentication. This was assigned CVE-2024-54085, and for servers with the BMC accessible from the Internet, it scores that scorching 10.0 CVSS.

We’re talking about this now, because CISA has added this CVE to the official list of vulnerabilities known to be exploited in the wild. And it’s hardly surprising, as this is a near-trivial vulnerability to exploit, and it’s not particularly challenging to find web interfaces for the MegaRAC devices using tools like Shodan and others.

There’s a particularly ugly scenario that’s likely to play out here: Embedded malware. This vulnerability could be chained with others, and the OS running on the BMC itself could be permanently modified. It would be very difficult to disinfect and then verify the integrity of one of these embedded systems, short of physically removing and replacing the flash chip. And malware running from this very advantageous position very nearly have the keys to the kingdom, particularly if the architecture connects the BMC controller over the PCIe bus, which includes Direct Memory Access.

This brings us to the really bad news. These devices are everywhere. The list of hardware that ships with the MegaRAC Redfish UI includes select units from “AMD, Ampere Computing, ASRock, ARM, Fujitsu, Gigabyte, Huawei, Nvidia, Supermicro, and Qualcomm”. Some of these vendors have released patches. But at this point, any of the vulnerable devices on the Internet, still unpatched, should probably be considered compromised. Continue reading “This Week In Security: MegaOWNed, Store Danger, And FileFix”

Meet Cucumber, The Robot Dog

Robots can look like all sorts of things, but they’re often more fun if you make them look like some kind of charming animal. That’s precisely what [Ananya], [Laurence] and [Shao] did when they built Cucumber the Robot Dog for their final project in the ECE 4760 class.

Cucumber is controllable over WiFi, which was simple enough to implement by virtue of the fact that it’s based around the Raspberry Pi Pico W. With its custom 3D-printed dog-like body, it’s able to move around on its four wheels driven by DC gear motors, and it can flex its limbs thanks to servos in its various joints. It’s able to follow someone with some autonomy thanks to its ultrasonic sensors, while it can also be driven around manually if so desired. To give it more animal qualities, it can also be posed, or commanded to bark, howl, or growl, with commands issued remotely via a web interface.

The level of sophistication is largely on the level of the robot dogs that were so popular in the early 2000s. One suspects it could be pretty decent at playing soccer, too, with the right hands behind the controls. Video after the break.

Continue reading “Meet Cucumber, The Robot Dog”

A Cheap Smart Plug To Block Distractions

We have all suffered from this; the boss wants you to compile a report on the number of paper clips and you’re crawling up the wall with boredom, so naturally your mind strays to other things. You check social media, or maybe the news, and before you know it a while has been wasted. [Neil Chen] came up with a solution, to configure a cheap smart plug with a script to block his diversions of choice.

The idea is simple enough, the plug is in an outlet that requires getting up and walking a distance to access, so to flip that switch you’ve really got to want to do it. Behind it lives a Python script that can be found in a Git Hub repository, and that’s it! We like it for its simplicity and ingenuity, though we’d implore any of you to avoid using it to block Hackaday. Some sites are simply too important to avoid!

Of course, if distraction at work is your problem, perhaps you should simply run something without it.