When hackers in the US think of a retailer called Harbor Freight, we usually think of cheap tools, workable but terrible DVM’s, zip ties, and tarps. [Jimbo] over at [Robot Cantina] looked at the 212cc “Predator” engine that they sell and thought “I bet I could power my Honda Insight with that.” And he did, successfully! How much power did the heavily modified engine make? In the video below the break, [Jimbo] takes us through the process of measuring its output using a home built dyno.
The dyno that [Jimbo] has built is a Prony Dyno, and it’s among the oldest and simplest designs available. A torque arm is extended from a disk brake caliper and connects to a force gauge. The engine is ran up to its highest speed, and then he brake is applied to the crankshaft until the engine almost stalls. A tachometer keep track of the RPM, and the force gauge measures the force on the torque arm. Torque is multiplied by RPM and the result is divided by a constant of 5252, and voilĂ : Horsepower. A computer plots the results across the entire range, and the dyno test is complete.
That only tells part of the story, and the real hack comes when you realize that the dyno stand, the force gauge setup and pretty much everything that can be built at home has been built at home. You’ll also enjoy seeing the results of some driving tests between the 212cc engine and its bigger 420cc brother, how even minor changes to the engine affect the horsepower and torque curves, and how that affects the Honda that he calls his “Street legal go cart.”
Ten years ago the concept of having on our desks an affordable 3D printer knocking out high quality reproducible prints, with sub-mm accuracy, in a wide range of colours and material properties would be the would be just a dream. But now, it is reality. The machines that are now so ubiquitous for us hackers, are largely operating with the FDM principle of shooting molten plastic out of a moving nozzle, but they’re not the only game in town. A technique that has also being around for donkeys’ years is SLS or Selective Laser Sintering, but machines of this type are big, heavy and expensive. However, getting one of those in your own ‘shop now is looking a little less like a dream and more of a reality, with the SLS4All project by [Tomas Starek] over on hackaday.io.
[Tomas] has been busy over the past year, working on the design of his machine and is now almost done with the building and testing of the hardware side. SLS printing works by using a roller to transfer a layer of powdered material over the print surface, and then steering a medium-power laser beam over the surface in order to heat and bond the powder grains into a solid mass. Then, the bed is lowered a little, and the process repeats. Heating of the bed, powder and surrounding air is critical, as is moisture control, plus keeping that laser beam shape consistent over the full bed area is a bit tricky as well. These are all hurdles [Tomas] has to overcome, but the test machine is completed and is in a good place to start this process control optimisation fun. Continue reading “DIY SLS 3D Printer Getting Ready To Print”→
It’s always good to welcome a new hackerspace to the fold, and thus we’re pleased to hear about the upcoming opening of Hackerspace Drenthe, on the north-eastern edge of the Netherlands. Starting a new space during a global pandemic is something of a feat. As part of their opening something is required to demonstrate a robot for the curious public, and what could be more accessible than a robot arm playing tic-tac-toe!
It would be correct to say that a robot moving blocks with precision is not necessarily a ground-breaking achievement, but in its purpose of providing eye-candy for a hackerspace opening while also serving as an experiment for some of the students from the school adjacent to the space it is a success. The interface is a pleasingly retro War Games style terminal, and the software is written in Python. For the curious all can be found on a GitHub repository, and should you be in that region of Europe you can find Hackerspace Drenthe in the Netherlands border town of Coevorden and attend their opening on the 2nd of April.
The US Senate has approved the “Sunshine Protection Act”, a bill to make Daylight Saving time the default time and do away with the annual time changes. While I can get behind the latter half of this motion, redefining Daylight Saving time as Standard time is, in my opinion, nonsense.
It’s particularly funny timing, coming right around the Vernal Equinox, when the sun stands at its highest right at Noon Standard Time, to be debating calling this time “one PM” forevermore.
Right Idea, Wrong Time
Let’s do a quick overview of the good idea here — doing away with time changes. These are known to cause sleep disturbances and this leads not just to sleepy heads on Monday morning, but to an increased risk of heart attack and accidents in general. When researchers look into the data, it’s the “springing forward” that causes trouble. People who’ve slept one extra hour don’t seem to suffer as much as people who’ve lost one. Go figure.
So maybe it makes sense to stop changing times. If we’re going to settle on one standard time, do we pick Standard time or Daylight Saving time? Admittedly, this is a totally unfair way to pose the question, but there are a number of good reasons to prefer all-year Standard time. The biggest one is winter. Basically, it’s already tough enough to get up on a cold January morning when the sun is not due to rise for another hour or two. Add another hour of darkness on top, and you know why the two previous attempts to run all-year Daylight Saving were short-lived. And why the Swedes drink so much coffee.
There’s also the fundamental logic behind our measurement of time that’s stood for centuries, and is embedded in most of our cultural references to time. Ante Meridian and Post Meridian. High Noon, when the hour hand on the clock points straight up, represents the sun itself. But even before clocks, the sun’s halfway point along its daily journey marked the halfway point of the day. That’s not only why we eat lunch when we do, it’s the origin of man’s time-telling itself.
If we change the definition of noon permanently, we’ve decoupled time from the sun. How will we explain time to future children? I’ll accept Daylight Saving time when we start reprinting analog watches with 1 o’clock at the top and start referring to 12 AM as the one that’s just before the sun reaches its peak. As soon as “one noon” replaces “twelve noon”, I’ll get on board. Midnight, when the clock strikes one, just doesn’t send the same shiver down my spine. Sorry, Dracula.
If culture and physics point to Standard Time, why would you want Daylight Saving to be the new normal? When people think of Daylight Saving, they naturally think of those nice long summer days that stretch out into the night. My personal bet is that many folks are confounding summertime with Summer Time. Heck, even the name of the bill proposes to protect sunshine itself, rather than just move the hands of the clock around. These are not good reasons.
Join Hackaday Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney for an audio tour of the week’s top stories and best hacks. We’ll look at squeezing the most out of a coin cell, taking the first steps towards DIY MEMS fabrication, and seeing if there’s any chance that an 80’s-vintage minicomputer might ride again. How small is too small when it comes to chip packages? We’ll find out, and discover the new spectator sport of microsoldering while we’re at it. Find out what’s involved in getting a real dead-tree book published, and watch a hacker take revenge on a proprietary memory format — and a continuous glucose monitor, too.
If you’ve ever had to use SMD components on tape outside the realm of the automated assembly machines for which they were designed, you’ll know that one tape looks very like another and it can be very annoying to keep track of which is which. We can’t help admiring [Yvo de Haas’] inkjet printer for SMD tapes then, which efficiently prints whatever identifying marks you need on the back of your tapes.
The printer uses the venerable HP45 inkjet cartridge, and teams it with a 3D printed mechanism and [Yvo]’s self-designed driver board. A worm gear motor and a sprocket take care of advancing the tape through the mechanism past the printhead, and there is a well-assembled piece of software to drive it all. With extremely comprehensive build instructions it should be within the reach of anyone who handles component tape, and from our experience of hand-labeling tape for kits we can see that it could be a Godsend. Take a look at it in action in the video below.
For every very clever security protocol that keeps people safe, there’s a stupid hack that defeats it in an unexpected way. Take OAuth for instance. It’s the technology that sites are using when they offer to “log in with Facebook”. It’s a great protocol, because it lets you prove your identity using a trusted third party. You don’t have to use a password at whatever site you’re trying to use, you just to be logged in to your Google/Facebook/Apple account, and click the button to allow access. If you’re not logged in, the pop-up window prompts for your username and password, which of course is one way phishing attacks try to steal passwords. So we tell people to look at the URL, and make sure they are actually signing in to the proper site.
An OAuth pop-up window
The stupid hack that isn’t stupid, because it works: Recreating the browser window in HTML/CSS. Yep, it’s pretty straightforward to add a div to your site, and decorate it to look just like a browser window, just like an OAuth pop-up. In the appropriate place goes an iframe pointing to the actual phishing form. It looks convincing, but once you’re aware of the game, there’s a dead giveaway — try to move the OAuth window outside the browser window that spawned it. Websites can’t draw outside the browser window or over its window decorations, so this limitation makes it easy to confirm whether this hack is in play. The other saving grace is that a password manager isn’t fooled by this trick at all.
There’s a typo-squatting campaign going on at NPM, primarily targeted at Azure users. NPM has a packaging feature called “scoped packages”. A scope starts with the at sign, and indicates packages intentionally grouped together. In this case the scope is @azure, including packages like @azure/core-tracing, with over 1.5 million weekly downloads. The typo? Just drop the scope. NPM considers it completely acceptable to have both the @azure/core-tracing and core-tracing packages — in fact, it’s a feature of the scoping system. But forget to include the scope, and you may get a malicious package instead. Over 200 packages were targeted in this way, but have since been pulled by NPM.
The payload was strictly reconnaissance, grabbing directory listings, IP addresses, and the like. It’s likely that the information would be used to craft more malicious future updates, though no such behavior has been observed. This is likely due to how rapidly these packages were caught and removed — after only about two days. The domain used for data collection is 425a2.rt11.ml, so that string showing up in a DNS log somewhere is an indicator that one of these packages were installed.
Lapsus$ Strikes Again, Again
The loose collection of hackers knows as Lapsus$ have potentially scored breaches at both Microsoft and Okta. KrebsonSecurity has a bit more information about the group and the Microsoft case. The group seems to be doing some of their coordination over a Telegram channel, which is open for anyone to join. The group boasted of their exploits on this channel, and Microsoft respondents found and cut their access during the data exfiltration. A 10 GB file has been released containing partial source to Bing search, Bing Maps, and Cortana.
The Okta situation is even murkier, as the released screenshots indicate access back in late January. The access seems to have been limited to a administrative portal, via a Support Engineer’s account. Okta has gone out of their way to assure everyone that there was no actual breach, and the rogue access was quickly dealt with. This seems to be a bit disingenuous, as Lapsus$ was after companies making use of Okta services, and didn’t need to compromise their systems any further. Okta provides access management for other companies, like Cloudflare. There’s likely been some quiet infiltration happening in the months since this happened.
Linux Gets More Random
[Jason Donenfeld], kernel hacker and main developer of Wireguard, has worked recently on the Linux random number generator. A few changes landed in release 5.17, and more are coming in 5.18. He was kind enough to write up some of the interesting changes for our education. He considers his most important contribution to be documentation. I can confirm, among the most frustrating problems a programmer can face is when the documentation has bit-rotted to uselessness.
One of the biggest user-facing changes was the attempt to unify /dev/random and /dev/urandom. We say attempt, because this change caused multiple failures to boot on the kernel’s test setup. Apparently some architectures, specifically when being virtualized, have no method of generating high quality randomness during boot. There next killer feature is the new add_vmfork_randomness() call, that allows a newly cloned virtual machine to request a regeneration of its randomness pool. Without a call like this, the first few random numbers generated by the kernel after a VM fork would be identical — obviously a problem.
Internally, the randomness code retires the venerable SHA-1 algorithm, replacing it with the more modern BLAKE2 hash function. An interesting advantage is that BLAKE2 is intentionally a very fast algorithm, so the kernel gains a bit of performance when generating random numbers. The rest of the changes delve into more complicated cryptography considerations. Definitely worth reading if you’re interested.
Western Digital NAS RCE
We’ve covered plenty of vulnerabilties and attacks in NAS boxes from QNAP and Synology, but this week it’s Western Digital getting in on the action. Thankfully it’s research from NCC Group, demonstrated at Pwn2Own 2021, and fixed in a January update. This Remote Code Execution (RCE) vulnerability is in how the NAS handles the Apple Filing Protocol (AFP), and was actually a problem in the Netatalk project. AFP supports storing file metadata as a separate file, for the sake of compatibility. These files are in the AppleDouble format, are take the name of their parent file, prepended with a ._. The kicker is that these files can also be accessed using the Windows SMB protocol, allowing direct manipulation of the metadata file. The function that parses the metadata file does indeed detect a malformed data structure, and logs an error to that effect, but fails to fail — it goes ahead and processes the bad data.
This continue-on-error is the central flaw, but actually building an exploit required a data leak to defeat the address layout randomization in place on the device. A simpler first step was to write memory locations into the AppleDouble file, and use SMB access to read it. With the leaked address in hand, the full exploit was easy. This would be bad enough, but these devices ship with a “Public” share world-accessible over SMB and AFP. This configuration makes it a pre-auth RCE. And this demonstrates the purpose of Pwn2Own — it was discovered, made the researchers a bit of money, and was fixed before the details were made public.
