Flashlight Door Lock Is A Bright Idea

December 29, 2023 by 44 Comments

There are many ways to lock a door. You could use a keypad, an RFID card, a fingerprint or retina scan, Wi-Fi, Bluetooth, the list goes on. You could even use a regular old metal key. But none of these may be as secure as [mircemk]’s Arduino-based door lock that employs a smartphone’s flashlight as a pass code.

At first blush, this seems horribly insecure. Use a plain old flashlight to open a door? Come on. But the key is in the software. In fact, between the typed-in pass code and the flash of light it generates, this lock kind of has two layers of security.

Here’s what’s going on: inside the accompanying smart phone application, there’s a list of passwords. Each of these passwords corresponds to a flash of light in milliseconds. Enter the correct password to satisfy the Arduino, and the phone’s flashlight is activated for the appropriate number of milliseconds to unlock the door.

As you’ll see in the video below, simply flashing the light manually doesn’t unlock the door, and neither does entering one of the other, bogus passwords. Although it does activate the flashlight each time, they don’t have the appropriate light-time length defined.

Hardware-wise, there is an Arduino Nano Every in charge of the LDR module that reads the flashlight input and the 12 V relay that unlocks the door. Be sure to check it out it the video after the break.

If you want to keep your critters from bringing wild critters back inside, check out this Wi-Fi cat door that lets you have a look at what might be dangling from their jaws before unlocking the door.

Continue reading “Flashlight Door Lock Is A Bright Idea”

Gentoo Linux, Now A Bit Less For The 1337

December 29, 2023 by 37 Comments

Among users of Linux distributions there’s a curious one-upmanship, depending on how esoteric or hardcore  your distro is. Ubuntu users have little shame, while at the other end if you followed Linux From Scratch or better still hand-compiled the code and carved it onto the raw silicon with a tiny chisel, you’re at the top of the tree*. Jokes aside though, it’s fair to say that if you were running the Gentoo distribution you were something of a hardcore user, because its source-only nature meant that everything had to be compiled to your liking. We’re using the past tense here though, because in a surprise announcement, the distro has revealed that it will henceforth also be available as a set of precompiled binary packages.

There may be readers with long and flowing neckbeards who will decry this moment as the Beginning of the End, but while it does signal a major departure for the distro if it means that more people are spurred to take their Linux usage further and experiment with Gentoo, this can never be a bad thing. Gentoo has been on the list for a future Jenny’s Daily Drivers OS review piece, and while we’re probably going to stick with source-only when we do it, it’s undeniable that there will remain a temptation to simply download the binaries.

Meanwhile this has been written on a machine running Manjaro, or Arch-for-cowards as we like to call it, something that maybe confers middle-ranking bragging rights. Read a personal tale of taking off those Linux training wheels.

* Used a magnifying glass? You’re just not cutting it!

This Baby ‘Scope Is Within Your Reach

December 29, 2023 by 19 Comments

The modern oscilloscope is truly a marvelous instrument, being a computer with a high-speed analogue front end which can deliver the function of an oscilloscope alongside that of a voltmeter and a frequency counter. They don’t cost much, and having one on your bench gives you an edge unavailable in a previous time. That’s not to dismiss older CRT ‘scopes though, the glow of a phosphor trace has illuminated many a fault finding procedure. These older instruments can even be pretty simple, as [Mircemk] demonstrates with a small home-made example that we have to admit to rather liking.

At its heart is a small 5 cm round CRT tube, with an off-the-shelf buck converter supplying the HT, a neon lamp relaxation oscillator supplying the timebase, and a set of passive components conditioning the signal to the deflection plates. The whole thing runs from 12 V and fits in a neat case. It has one huge flaw in that there is no trigger circuit, and sadly this compromises its usefulness as an instrument. Our understanding of a neon oscillator is a little rusty but we’re guessing the two-terminal neon lamp would have to be replaced by one of the more exotic gas-filled tubes with more electrodes, of which one takes the trigger pulse.

Even without a trigger it’s still a neat device, so take a look at it. Perhaps surprisingly we’ve seen few CRT ‘scopes made from scratch here at Hackaday, but never fear, here’s one used as an audio visualiser.

Hackaday Podcast Episode 250: Trains, RC Planes, And EEPROMS In Flames

December 29, 2023 by 1 Comment

This week in the Podcast, Elliot Williams is off at Chaos Communication Congress, hearing tales of incredible reverse engineering that got locomotives back up and running, while Al Williams is thinking over what happened in 2023. There’s a lot of “how things work” in this show, from data buoys to sewing machines to the simulated aging of ICs.

Whether you’re into stacking bricks, stacking Pi Picos, or stacking your 3D prints to make better use of precious bed space, this episode is for you. Enjoy.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

This is your last chance to download a new podcast this year. Take it!

Continue reading “Hackaday Podcast Episode 250: Trains, RC Planes, And EEPROMS In Flames”

Using Local AI On The Command Line To Rename Images (And More)

December 29, 2023 by 36 Comments

We all have a folder full of images whose filenames resemble line noise. How about renaming those images with the help of a local LLM (large language model) executable on the command line? All that and more is showcased on [Justine Tunney]’s bash one-liners for LLMs, a showcase aimed at giving folks ideas and guidance on using a local (and private) LLM to do actual, useful work.

This is built out from the recent llamafile project, which turns LLMs into single-file executables. This not only makes them more portable and easier to distribute, but the executables are perfectly capable of being called from the command line and sending to standard output like any other UNIX tool. It’s simpler to version control the embedded LLM weights (and therefore their behavior) when it’s all part of the same file as well.

One such tool (the multi-modal LLaVA) is capable of interpreting image content. As an example, we can point it to a local image of the Jolly Wrencher logo using the following command:

llava-v1.5-7b-q4-main.llamafile --image logo.jpg --temp 0 -e -p '### User: The image has...\n### Assistant:'

Which produces the following response:

The image has a black background with a white skull and crossbones symbol.

With a different prompt (“What do you see?” instead of “The image has…”) the LLM even picks out the wrenches, but one can already see that the right pieces exist to do some useful work.

Check out [Justine]’s rename-pictures.sh script, which cleverly evaluates image filenames. If an image’s given filename already looks like readable English (also a job for a local LLM) the image is left alone. Otherwise, the picture is fed to an LLM whose output guides the generation of a new short and descriptive English filename in lowercase, with underscores for spaces.

What about the fact that LLM output isn’t entirely predictable? That’s easy to deal with. [Justine] suggests always calling these tools with the --temp 0 parameter. Setting the temperature to zero makes the model deterministic, ensuring that a same input always yields the same output.

There’s more neat examples on the Bash One-Liners for LLMs that demonstrate different ways to use a local LLM that lives in a single-file executable, so be sure to give it a look and see if you get any new ideas. After all, we have previously shown how automating tasks is almost always worth the time invested.

This Week In Security: Triangulation, ProxyCommand, And Barracuda

December 29, 2023 by 6 Comments

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly dedicated researchers at Kaspersky, which just happens to be headquartered in Moscow, that’s exactly what we have today. The name Operation Triangulation was picked, based off part of the device fingerprinting code that rendered a yellow triangle on an HTML canvas.

The entire talk is available, given this week at the 37th Chaos Communication Congress, 37c3. The exploit starts with an iMessage attachment, delivered silently, that exploits an undocumented TrueType font instruction. Looking at the source code implies that it was a copy-paste error where a programmer didn’t quite get the logic right for a pointer calculation. That vulnerability gives a memory write primitive that pivots into code execution. What’s particularly interesting is that Apple silently fixed this bug January 2023, and didn’t make any public statements. Presumably there were an uptick of crash logs that pointed to this problem, but didn’t conclusively show attempted exploitation.

The exploits then moves to using NSExpression as a next stage. NSExpression is an ugly way to write code, but it does allow the exploit chain to get to the next stage, running JavaScript as an application, without Just In Time compilation. The JS payload is quite a beast, weighing in at 11,000 lines of obfuscated code. It manages to call native APIs directly from JS, which then sets up a kernel exploit. This is multiple integer overflow flaws that result in essentially arbitrary system memory reads and writes. Continue reading “This Week In Security: Triangulation, ProxyCommand, And Barracuda”

The Gopher Revival Is Upon Us

December 29, 2023 by 39 Comments

A maxim for anyone writing a web page in the mid 1990s was that it was good practice to bring the whole thing (including graphics) in at around 30 kB in size. It was a time when the protocol still had some pretence of efficient information delivery, when information was self-published, before huge corporations brought everything under their umbrellas.

Recently, this idea of the small web has been experiencing something of a quiet comeback. [Serge Zaitsev]’s essay takes us back to a time before the Internet as we know it was born, and reminds us of a few protocols that have fallen by the wayside. Finger or Gopher, both things we remember from our student days, but neither of which was a match for the browser.

All is not lost though, because the Gemini protocol is a more modern take on minimalist Internet information sharing. It’s something like the web, but intentionally without the layer upon layer of extraneous stuff, and it’s been slowly gathering some steam. Every time we look at its software list it becomes more extensive, and we live in hope that it might catch on for use with internet-connected microcontroller-based computing. The essay is a reminder that the internet doesn’t have to be the web, and doesn’t have to be bloated either.