This Week In Security: GoDaddy, Tardigrade, Monox, And BigSig

December 3, 2021 by 10 Comments

After the Thanksgiving break, we have two weeks of news to cover, so hang on for an extra-long entry. First up is GoDaddy, who suffered a breach starting on September 6th. According to an SEC filing, they noticed the problem on November 17th, and determined that there was unauthorized access to their provisioning system for their WordPress hosting service. For those keeping track at home, that’s two months and eleven days that a malicious actor had access. And what all was compromised? The email address and customer number of the approximate 1.2 million GoDaddy WordPress users; the initial WordPress password, in the clear; the SFTP and database passwords, also in the clear; and for some customers, their private SSL key.

The saving grace is that it seems that GoDaddy’s systems are segregated well enough that this breach doesn’t seem to have led to further widespread compromise. It’s unclear why passwords were stored in the clear beyond the initial setup procedure. To be safe, if you have a WordPress instance hosted by GoDaddy, you should examine it very carefully for signs of compromise, and rotate associated passwords. The SSL keys may be the most troubling, as this would allow an attacker to impersonate the domain. Given the length of time the attack had access, it would not surprise me to learn that more of GoDaddy’s infrastructure was actually compromised. Continue reading “This Week In Security: GoDaddy, Tardigrade, Monox, And BigSig”

iPod Prototype

IPod, Therefore I Am: Looking Back At An Original IPod Prototype

December 3, 2021 by 17 Comments

Have you ever wondered what consumer electronics look like when they’re in the ugly prototype stages? So have we. And thanks to [Cabel] of at Panic.com, we have a rare glimpse at a prototype first generation Apple iPod.

In the days before you could just stream your favorite music directly from your phone and into your Bluetooth speaker, pods, or car, there was the Sony Walkman and various portable tape players. Then there were portable CD players. As MP3’s became a popular format, CD players that could play MP3’s on home made CD’s were popular. Some portable digital media players came to market in the mid 1990’s. But in October of 2001, the scene changed forever when Apple unveiled the first generation iPod.

Of course, the iPod didn’t start out being so svelte, shiny, and downright cool. This engineering prototype has been hiding in [Cabel]’s closet for almost 20 years and they’ve just now decided to share with us its hilariously oversized case, JTAG port, and square pushbuttons that look like they came from a local electronics supply house. As [Cabel] brings out in the excellent writeup, the hardware itself is very close to production level, and the date on the prototype is very near the actual product launch.

Of course prototyping is an essential part of building any product, production or otherwise. Having a gander at such pre-production devices like this, or these off-ear speaker prototype for Valve’s VR headset reminds us just how important even the ugliest prototypes can be.

Have you got any pre-production nuggets to share with the world? Be sure to let us know by dropping a note in the Tip Line, and thanks to [jp] who sent this one in!

 

SCAMP runs SCAMP/os

Homebrew 16 Bit Computer Reinvents All The Wheels

December 3, 2021 by 23 Comments

Building your own computer has many possible paths. One can fabricate their own Z80 or MOS 6502 computers and then run a period correct OS. Or a person could start from scratch as [James Stanley] did. [James] has invented a completely unique computer and CPU he calls SCAMP. SCAMP runs a custom OS called SCAMP/os which you can check out in the video below the break.

[James] describes the CPU and computer as purposefully primitive. Built out of discrete 74xx series logic chips, it runs at a fast-enough-for-homebrew 1 MHz. Plus, it has a lot of blinking lights that can’t help but remind us of the original Imsai 8080. But instead of a panel of switches for programming, the SCAMP/os boots to a shell, which is presented through a serial terminal. Programs are written in a bespoke language with its own compiler. The OS is described as a having a Unix-like feel with CP/M-like functionality. That’s quite a combination!

What we love most about the build, other than its clean looks and blinkenlights, is the amount of work that [James] has put into documenting the build both on his blog and on Github, where the source code and design is available. There’s also an open invitation for contributors to help advance the project. We’re sure he’ll get there, one bit at a time.

While [James] is using a Compact Flash card for storage currently we can’t help but wonder if a Cassette Tape storage system might be a worthwhile future upgrade.

Continue reading “Homebrew 16 Bit Computer Reinvents All The Wheels”

Smart Ruler Has Many Features

December 2, 2021 by 12 Comments

For those of us who remember old ball mice, they were a lot like modern optical mice except that they needed to be cleaned constantly. Having optical mice as a standard way of interacting with a computer is a major improvement over previous eras in computing. With extinction of the ball mouse, there are an uncountable number of cheap optical mice around now which are easy pickings for modern hacking, and this latest project from [Vipul] shows off some of the ways that optical mice can be repurposed by building a digital ruler.

The build seems straightforward on the surface. As the ruler is passed over a surface the device keeps track of exactly how far it has moved, making it an effective and very accurate ruler. To built it, the optical component of a mouse was scavenged and mated directly to a Raspberry Pi Zero W over USB. Originally he intended to use an ESP32 but could not get the USB interface to work. [Vipul] was then able to write some software which can read the information from the mouse’s PCB directly and translate it into human-readable form where it is displayed on a small screen. The entire device is housed in a custom 3D-printed enclosure to wrap everything up, but the build doesn’t stop there though. [Vipul] also leveraged the Bluetooth functionality of the Pi and wrote a smartphone app which can be used to control the ruler as well.

While the device does have some limitations in that it has to make contact with the object being measured across its entire length, there are some situations where we can imagine something like this being extremely useful especially when measuring things that aren’t a straight line. [Vipul] has also made all of the code for this project publicly available for those of us who might have other uses in mind for something like this. We’ve seen optical mice repurposed for all kinds of things in the past, too, including measuring travel distances in autonomous vehicles.

Continue reading “Smart Ruler Has Many Features”

Play Runescape IRL

December 2, 2021 by 5 Comments

Runescape is pushing nearly 21 years old, and while that’s quite a long time for a game to stay active with an engaged userbase, it’s also a long time for people to modify the game in all kinds of colorful ways. For some older games like Team Fortress 2 this means spinning up a bot to ruin servers, but for Runescape the hacks are a little more lighthearted and fun. Like this axe which allows [BigFancyBen] to play Runescape in real life.

This is more of an augmented reality hack which upgrades his normal human interface device from a simple keyboard and mouse to also include this axe. When the axe is manipulated in real life, the in-game axe can be used at the same time. There are a lot of layers to this one but essentially a Switch joycon is connected to the axe to sense motion, which relays the information on axe swings to an API via a Python script. A bot in the game then chops the virtual tree, which is reported back to the API which then reports it back to [BigFancyBen]’s viewscreen which is additionally streamed on Twitch.

While this started off as frustration with the game’s insistence on grinding in order to reach certain objectives, it seems that there are some fun ways of manipulating that game mechanic for the greater good. [BigFancyBen] originally said he would rather go to the gym than “click anymore rooftops”  this is quite the start on the full IRLScape world. Don’t forget that it’s equally possible to take this type of build in the opposite direction and control real-world things from inside a video game.

Continue reading “Play Runescape IRL”

Jared Holladay

The Safest Model Roller Coaster

December 2, 2021 by 9 Comments

[Jared Holladay] is a computer engineering student at the University of Cincinnati and a life-long roller coaster fanatic. A lot of people look at roller coasters as an exciting example of physics, like potential energy versus kinetic energy or inertia, and rightly so. [Jared] looks at them and wonders about the controls. Video also below and there is a feature-length explanation with more details. Some Hackaday readers and writers can identify the components, so we think his coaster model belongs here.

Like many folks in this field, he’s built K’nex models to get a handle on construction. He’s toured STEM shows with the tracks and undoubtedly wowed kids, adults, and physics teachers, but since he can speak to the programming, he is a triple threat. Now, he’s growing out of the toy construction plastic and moving into 3D printed parts with needle-fine tolerances.

His latest base is extruded aluminum, like what you’d want in a rigid CNC or printer. In addition to the industrial-grade surface, Rockwell Automation sent him a safety programmable logic controller, PLC, and a touchscreen HMI. Our fellows in the industry tell us those are far beyond the price scope of regular hobbyists. But fear not; your Arduino clones will suffice until you get your first grant.

The point of all the ruggedized hardware, aside from authenticity, is to implement safety features the same way you would in the industry. The redundant PLC connects to inductive prox sensors to check train speed and location. Other moving parts, like friction brakes, have sensors to report if there is a jam. After all, it’s no good if you can’t stop a train full of people. There are hundreds of things that can go wrong. Just ask [Jared] because he programmed on-screen indicators for all of them and classified them to let an operator know if they can keep the ride moving or if they need to call maintenance.

Not all homemade coasters are scale models, and some of the traditional ones have more than meets the eye.

Continue reading “The Safest Model Roller Coaster”

Master craftsperson turns a huge bolt into a pneumatic engraving tool.

Impressive Hack Turns Bolt Into Pneumatic Engraver

December 2, 2021 by 24 Comments

Did you ever see one of those videos that causes you to look at an everyday object in a new light? This is one of those videos (embedded below). And fortunately for us, there’s a write-up to go along with it in case you don’t always understand what’s going on.

In this case, what’s going on is that [AMbros Custom] is masterfully turning a stainless steel M20 bolt into a pneumatic engraving tool. Yeah, you read that correctly. But the most amazing thing about this hack is the minimum of tools used to do it. For one thing, there’s not a lathe in sight — [AMbros Custom] just chucked it into the drill or added a few nuts and clamped it in a vise.

So, how does it work? [AMbros Custom] hooks it up to a compressor, which causes the piston inside to go up and down, agitating the engraving bit. If you don’t want to watch the video, there are a ton of build pictures in the write-up.

What else can you do with a bolt? If you have the tools, you can do plenty. You could even turn one into a secret cash stash for buying more large bolts.

Continue reading “Impressive Hack Turns Bolt Into Pneumatic Engraver”