Slime Mold-Powered Smart Watches See Humans Fall In Love With The Goo

February 16, 2024 by 13 Comments

Humans are very good at anthropomorphising things. That is, giving them human characteristics, like ourselves. We do it with animals—see just about any cartoon—and we even do it with our own planet—see Mother Nature. But we often extend that courtesy even further, giving names to our cars and putting faces on our computers as well.

A recent study has borne this out in amusing fashion. Researchers at the University of Chicago found that human attitudes towards a device can change if they are required to take actions to look after it. Enter the slime mold smartwatch, and a gooey, heartwarming story of love and care between human and machine, mediated by mold.

Continue reading “Slime Mold-Powered Smart Watches See Humans Fall In Love With The Goo”

Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5

February 16, 2024 by 2 Comments

Hackaday Editors Elliot Williams and Tom Nardi discuss all the week’s best and most interesting hacks and stories, starting with Canada’s misguided ban on the Flipper Zero for being too spooky. From there they’ll look at the state-of-the-art in the sub-$100 3D printer category, Apple’s latest “Right to Repair” loophole, running UNIX on the NES (and how it’s different from Japan’s Famicom), and the latency of various wireless protocols.

After singing the praises of the new Bus Pirate 5, discussion moves on to embedded Linux on spacecraft, artfully lifting IC pins, and the saga of the blue LED. Finally you’ll hear the how and why behind electrical steel, and marvel at a Mach 10 missile that (luckily) never needed to be used.

Grab a copy for yourself if you want to listen offline.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5”

Compact Cycloidal Drive Lives Inside This Custom Brushless Motor

February 16, 2024 by 7 Comments

With the popularity of robot dogs, many people have gotten on the bandwagon and tried building DIY versions. Most of them end up attaching a gearbox to an off-the-shelf brushless motor and call it a day. Not everyone goes that way, though, which is why this internal cycloidal drive actuator caught our eye.

Taking design cues from the MIT Mini Cheetah, [Aaed Musa] approached his actuator from the inside out, literally. His 3D printed cycloidal gearbox is designed to fit inside the stator of a BLDC motor. And not just any BLDC motor, but one built mostly from scratch using a hand-wound — and unwound, and wound again — stator along with a rotor that started as a printed part but was eventually machined from steel. Apart from its fixed ring, the cycloidal drive was mostly 3D printed, with everything fitting nicely inside the stator.

The video below shows the design and assembly process as well as testing of the finished drive. It seems to do really well with speed and positional accuracy, and it delivers a substantial amount of torque. Maybe a little too much, though; testing it with a heavy weight on the end of an arm got the stator coils hot enough to warp the printed parts within. But no matter; this was only a prototype after all. [Aaed] says improvements are in the works, including replacing all the plastic parts with metal ones.

Need a little background on cycloidal drives? They’re pretty cool.

Continue reading “Compact Cycloidal Drive Lives Inside This Custom Brushless Motor”

This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!

February 16, 2024 by 6 Comments

Reading through a vulnerability report about ClamAV, I came across a phrase that filled me with dread: “The file name is not sanitized”. It’s a feature, VirusEvent, that can be enabled in the ClamnAV config. And that configuration includes a string formatting function, where the string includes %v and %s, which gets replaced with a detected virus name and the file name from the email. And now you see the problem, I hope: The filename is attacker supplied input.

Where this really gets out of hand is what ClamAV does with this string. execle("/bin/sh", "sh", "-c", buffer_cmd, NULL, env). So let’s talk defensive program design for a minute. When it comes to running a secondary command, there are two general options, system() and the exec*() family of system calls. system() is very simple to use. It pauses execution of the main process and asks the operating system to run a string, just as if the user had typed that command into the shell. While this is very convenient to use, there is a security problem if any of that command string is user-supplied. All it takes is a semicolon or ampersand to break assumptions and inject a command.

To the rescue comes exec(). It’s a bit more complicated to use, requiring the programmer to manually call fork() and wait(). But it’s not running the command via the shell. exec() executes a program directly, totally eliminating the potential for command injection! Except… oops.

Yeah, exec() and related calls don’t offer any security protections when you use them to execute /bin/sh. I suspect the code was written this way to allow running a script without specifying /bin/sh in the config. The official fix was to disable the filename format character, and instead supply it as an environment variable. That certainly works, and that fix is available in 1.0.5, 1.2.2, and 1.3.0.

The real danger here is that we have another case where some hardware appliance manufacturer has used ClamAV for email filtering, and uses this configuration by default. That’s how we get orders from CISA to unplug your hardware, because it’s already compromised. Continue reading “This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!”

The Latest Windows 11 Release Might Not Work On Your Oldest Machines

February 16, 2024 by 76 Comments

Everybody knows you can’t install Windows XP on a 386, or Windows 95 on an original IBM PC. But for Windows 11, the goalposts seem to be changing with newer releases of the existing OS. As covered by The Register, it appears the latest Windows 11 24H2 update might be incompatible with older machines.

It’s all down to the POPCNT CPU instruction. As shared on Twitter by [TheBobPony], the instruction appears in a number of Windows 11 system files, including kernel and USB XHCI drivers. Thus, it appears that any CPU not able to run this instruction will not be able to boot Windows 11. POPCNT was first included in AMD’s Barcelona architecture in 2007, and Intel’s Core processors in 2008. It’s an instruction for counting set bits in a word.

Ultimately, the effect is that computers with older CPUs will no longer be able to run the latest version of Windows 11. It could be as simple as Microsoft engineers enabling more modern CPU instructions at compilation time. However, given affected hardware is more than 15 years old, it’s perhaps likely that Microsoft is perfectly willing to cut these machines off from using the latest versions of its main operating system. We’ve talked about this phenomenon before, too.

In any case, keep a close eye on Windows update if you’re running super-old hardware. Let us know if you’ll be affected in the comments.

Thanks to [Stephen Walters] for the tip!

All-Sky Camera Checks For Aurora

February 16, 2024 by 4 Comments

The aurora borealis (and its southern equivalent, the aurora australis) is a fleeting and somewhat rare phenomenon that produces vivid curtains of color in the sky at extreme latitudes. It’s a common tourist activity to travel to areas where the aurora is more prevalent in order to catch a glimpse of it. The best opportunities are in the winter though, and since most people don’t want to spend hours outside on a cold night night in high latitudes, an all-sky camera like this one from [Frank] can help notify its users when an aurora is happening.

Because of the extreme temperatures involved, this is a little more involved than simply pointing a camera at the sky and hoping for the best. The enclosure and all electronics need to be able to withstand -50°C and operate at at least -30. For the enclosure, [Frank] is going with PVC tubing with a clear dome glued into a top fits to the end of the pipe, providing a water-resistant enclosure. A Raspberry Pi with a wide-angle lens camera sits on a 3D printed carriage so it can easily slide inside. The electronics use power-over-ethernet (PoE) rather than a battery due to the temperature extremes, which conveniently provides networking capabilities for viewing the images.

This is only part one of this build — in part two [Frank] is planning to build a system which can use this camera assembly to detect the aurora automatically and send out notifications when it sees it. Watching the night sky from the comfort of a warm house or sauna isn’t the only reason for putting an all-sky camera to use, either. They can also be used to observe meteors as they fall and then triangulate the position of the meteorites on the ground.

PC AT mainboard with both 16-bit ISA and 32-bit PCI slots. (Credit: htomari, Flickr)

How Intel Gave Us The PCI Bus While Burying VESA’s VL-Bus

February 15, 2024 by 38 Comments
Gigabyte GA486IM mainboard from 1994 with ISA, VLB and PCI slots. (Credit: Rjluna2, Wikimedia)
Gigabyte GA486IM mainboard from 1994 with ISA, VLB and PCI slots. (Credit: Rjluna2, Wikimedia)

The early days of home computing were quite a jungle of different standards and convoluted solutions to make one piece of hardware work on as many different platforms as possible. IBM’s PC was an unexpected shift here, as with its expansion card-based system (retroactively called the ISA bus) it inspired a new evolution in computers. Of course, by the early 1990s the ISA bus couldn’t keep up with hardware demands, and a successor was needed. Many expected this to be VESA’s VLB, but as [Ernie Smith] regales us in a recent article in Tedium, Intel came out of left field with its PCI standard after initially backing VLB.

IBM, of course, wanted to see its own proprietary MCA standard used, while VLB was an open standard. One big issue with VLB is that it isn’t a new bus as such, but rather an additional slot tacked onto the existing ISA bus, as it was then called. While the reasoning for PCI was sound, with it being a compact, 32-bit (also 64-bit) design with plug and play and more complex but also more powerful PCI controller, its announcement came right before VLB was supposed to be announced.

Although there was some worry that having both VLB and PCI in the market competing would be bad, ultimately few mainboards ended up supporting VLB, and VLB quietly vanished. Later on PCI was extended into the Accelerated Graphics Port (AGP) that enabled the GPU revolution of the late 90s and still coexists with its PCIe successor. We covered making your own ISA and PCI cards a while ago, which shows that although PCI is more complex than ISA, it’s still well within the reach of today’s hobbyist, unlike PCIe which ramps up the hardware requirements.

Top image: PC AT mainboard with both 16-bit ISA and 32-bit PCI slots. (Credit: htomari, Flickr)