Hackaday Podcast 074: Stuttering Swashplate, Bending Mirrors, Chasing Curves, And Farewell To Segway

July 3, 2020 by 5 Comments

Hackaday editors Elliot Williams and Mike Szczys recap a week of hacks. A telescope mirror that can change shape and a helicopter without a swashplate lead the charge for fascinating engineering. These are closely followed by a vibratory wind generator that has no blades to spin. The Open Source Hardware Association announced a new spec this week to remove “Master” and “Slave” terminology from SPI pin names. The Segway is no more. And a bit of bravery and rock solid soldering skills can resurrect that Macbook that has one dead GPU.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 074: Stuttering Swashplate, Bending Mirrors, Chasing Curves, And Farewell To Segway”

This Week In Security: Palo Alto Scores A 10, Cursed Images, VM Escapes, And Malicious Music

July 3, 2020 by 12 Comments

We’ve looked at many vulnerabilities over the years here on Hackaday, but it’s rather rare for a CVE to score a perfect 10 severity. This is reserved for the most severe and exploitable of problems. Palo Alto announced such a vulnerability, CVE-2020-2021, on the 29th. This vulnerability affects Palo Alto devices running PAN-OS that have SAML authentication enabled and a certain validation option disabled. The vulnerability is pre-authentication, but does require access to a service protected by SAML authentication. For example, a Palo Alto device providing a web-based VPN could be vulnerable. The good news is that the vulnerable settings aren’t default, but the bad news is that the official configuration guide recommends the vulnerable settings for certain scenarios, like using a third party authentication service.

The issue is in the Security Assertion Markup Language (SAML) implementation, which is an XML based open standard for authentication. One of the primary use cases for SAML is to provide a Single Sign On (SSO) scheme. The normal deployment of SAML SSO is that a central provider handles the authentication of users, and then asserts to individual services that the connecting user is actually who they claim to be.

The setting needed for this vulnerability to be exploitable is ‘Validate Identity Provider Certificate’ to be disabled. If this option is enabled, the SSO provider must use a CA signed SAML certificates. This doesn’t appear to mean that unsigned SSL certificates would be accepted, and only applies to certificates inside the SAML messages. It seems to be widely accepted that these certificates don’t need to be CA signed. In the official announcement, the vulnerability type is said to be “CWE-347 Improper Verification of Cryptographic Signature”. Continue reading “This Week In Security: Palo Alto Scores A 10, Cursed Images, VM Escapes, And Malicious Music”

DIY Filtered Positive Pressure Suit Shows Fine Workmanship

July 3, 2020 by 19 Comments

[Andrew]’s Air filtering unit & positive pressure supply might look like something off the set of Ghostbusters, but it’s an experiment in making a makeshift (but feasible) positive pressure suit. The idea is to provide an excess of filtered air to what is essentially an inflatable soft helmet. The wearer can breathe filtered air while the positive pressure means nothing else gets in. It’s definitely an involved build that uses some specific hardware he had on hand, but the workmanship is great and shows some thoughtful design elements.

The unit has three stacked filters that can be easily swapped. The first stage is medical mask material, intended to catch most large particles, which is supported by a honeycomb frame. The next filter is an off-the-shelf HEPA filter sealed with a gasket; these are available in a wide variety of sizes and shapes so [Andrew] selected one that was a good fit. The third and final stage is an activated carbon filter that, like the first stage, is supported by a honeycomb frame. The idea is that air that makes it through all three filters is safe (or at least safer) to breathe. There isn’t any need for the helmet part to be leakproof, because the positive pressure relative to the environment means nothing gets in.

Air is sucked through the filters and moved to the helmet by an HP BLc7000 server fan unit, which he had on hand but are also readily available on eBay. These fan units are capable of shoveling a surprising amount of air, if one doesn’t mind a surprising amount of noise in the process, so while stacked filter stages certainly impede airflow, the fan unit handles it easily. The BLc7000 isn’t a simple DC motor and requires a driver, so for reference [Andrew] has a short YouTube video of how the fan works and acts.

All the 3D models and design files are available online should anyone wish to take a closer look. It’s certainly a neat experiment in making a filtered positive pressure supply and head cover with materials that are fairly common. If [Andrew] ever wants to move to a whole-body suit, maybe repurpose an old Halloween costume into a serviceable positive pressure suit.

Watch Conway’s Game Of Life Flutter Across A Flip-Dot Display

July 2, 2020 by 21 Comments

Like many of us, [John Whittington] was saddened with the news that John Horton Conway passed away a little earlier this year, and in honor of his work, he added the Game of Life to a flip-dot display that he has been working on. The physicality of an electromechanical display seems particularly fitting for cellular automata.

Like what you see? If you’re curious about what makes it all tick, the display shown is an Alfa-Zeta XY5 28×14 but [John] is currently working on building them into a much larger 256 x 56 display. GitHub hosts the flip-dot simulator and driver software [John] is using, and the Game of Life functions are here.

If you’re new to the Game of Life and are not really sure what you’re looking at, [Elliot Williams] tells you all you need to know in his writeup celebrating its profound impact and lasting legacy. Watch the flip-dot display in action in the video embedded below.

Continue reading “Watch Conway’s Game Of Life Flutter Across A Flip-Dot Display”

The Open Source Mars Rover, One Year Later

July 2, 2020 by 18 Comments

As the name implies, here at Hackaday we strive to bring you interesting projects every single day. But that doesn’t necessarily mean a project only gets one day to grace these storied pages. Quite the opposite, in fact. We’re always happy to revisit a project and find out how far it’s evolved since we last crossed paths with it, especially when the creators themselves reach out to give us an update.

Which is exactly what happened when [Jakob Krantz] recently wrote in to get us up to speed on this incredible open source rover project. We first saw this 3D printed Curiosity inspired robot a little less than a year ago, and at that point it was essentially just a big box with the distinctive NASA rocker-bogie suspension bolted on. Now it not only looks a lot closer to the Martian rovers that inspired it, but it’s also learned a number of new tricks that really take this project to the next level.

The articulated head and grabber arm don’t just help sell the Curiosity look, they’re actually functional. [Jakob] notes that he doesn’t have kinematics integrated yet, so moving the arm around is more for show than practical application, but in the future it should be able to reach out and grab objects. With the new cameras in the head, he’ll even be able to get a first person view of what he’s picking up.

Last year [Jakob] was using a standard RC transmitter to drive the rover around, but he’s since put together a custom controller that’s truly a thing of beauty. It uses an ESP32 and LoRa module to communicate with matching hardware inside the rover, as well as a smartphone clipped onto the top that’s displaying telemetry and video over WiFi. The controller is actually its own separate project, so even if you aren’t in the market for a scaled down Mars rover, its controller could come in handy for your next robotics project.

Presumably the multi-mission radioisotope thermoelectric generator (MMRTG) on the back of the rover is just pretend….but with this guy, we’re not so sure. Give him another year, and who knows.

An Off-The-Grid Instant Messaging Plattform

July 2, 2020 by 19 Comments

Having an open-source communication device that is independent of any network and works without fees sounds like a hacker’s dream come true. Well, this is exactly what [bobricius]’ is aiming at with his Armawatch and Armachat devices.

Recently, [bobricius] built a LoRa based instant messaging device named Armachat. The gadget is controlled by a SAMD21 MCU with native USB and includes a QWERTY keyboard and an LCD display. Communication is based on an RFM95 LoRa transceiver which can reach a range of up to 2 km under ideal conditions. [bobricius] is a wiz when it comes to PCB design and one thing that makes his projects look so good is how he often uses PCBs as enclosures.

Armachat came in two form factors a large desktop and a smaller pocket version. The new Armawatch is another downsized version that perfectly fits on your arm by using a smaller display and keyboard. [bobricius] also did a lot of work on the firmware which now features a message delivery confirmation and the possibility to automatically resend undelivered messages. Future improvements will include message encryption, a store-and-forward function, and GPS position parsing. [bobricius] is also working on completing his portfolio of communicators with a credit-card-sized version.

LoRa is the go-to technology for off-the-grid communication devices and there are already other ongoing projects for using it to construct a mesh network.

The HackadayPrize2020 is Sponsored by:
Supplyframe
Digi-Key
Microchip
Arm

Review: Calculator Kit Is Just A Few Hacks From Greatness

July 2, 2020 by 48 Comments

While most people are satisfied with a calculator application on their smartphone these days, there’s still something to be said for the old fashioned desk calculator. Maybe it’s the fact the batteries last long enough that you can’t remember the last time you changed them, or the feel of physical buttons under your fingers. It could even be the fact that it keeps your expensive smartphone from needing to sit out on the workbench. Whatever the reason, it’s not uncommon to see a real-life calculator (or two) wherever solder smoke tends to congregate.

Which is precisely the idea behind this DIY calculator kit. Available from the usual overseas retailers for about $15 USD, it has some hobbyist-oriented features such as the ability to decode resistor color bands, convert hexadecimal numbers, and calculate resistor values for driving LEDs. If you’re going to keep a knock-around calculator on your bench, why not build the thing yourself?

Given the dual nature of this product, a DIY electronics kit and a functional desk calculator for electronic hobbyists, it seems only appropriate to review both aspects of it individually. Which is good, since there may be more to this product than just the sum of its parts.

Continue reading “Review: Calculator Kit Is Just A Few Hacks From Greatness”