DIY Airbag, Explosions Included

July 14, 2013 by 16 Comments

AnAirbagSavedMyLife

Your car’s airbag is one of the major engineering accomplishments of the auto industry. In an accident, a whole host of processes must take place in sequence to keep your face from slamming into the steering wheel, and  everything must happen in just a fraction of a second. [Steve] over at Make thought it would be a cool idea to discover what actually goes in to saving a life with an airbag and decided to build his own.

The electronics of the build consisted of an accelerometer and an Arduino. A lot of research, development, and experimentation has gone into the algorithms that trigger airbags, but [Steve] decided to keep things simple: when a sudden acceleration is detected, set off a small charge of black powder.

The airbag itself is ripstop nylon reinforced with canvas, contained in a small wooded box fitted with hinged doors. All these components are put on wheeled aluminum test rig, manned with a honeydew melon crash test dummy, and pulled into a short wall at a few miles per hour.

Despite [Steve] not putting hundreds of thousands of man hours into the development of his airbag – unlike the ones you’ll find in your steering column – his device actually worked pretty well. While not a complete success, he did manage to come up with something that both looks and acts like the familiar device that has saved countless lives.

The Rock-afire Explosion Movie Trailer

July 6, 2008 by 10 Comments


A small group of enthusiasts have apparently been restoring and reprogramming the animatronic bands from the former Showbiz Pizza Place chain. Original engineer [Aaron Fechter] and car salesman/choreographer [Chris Thrash] have started performing modern pop songs with the bands and have a page where you can bid on new songs to perform. This feels like Billy Bass hacking on a much larger scale. The original machines were controlled by a four track reel, but now they’re using a hard disk recorder. The trailer above is worth watching just for the rows of partially assembled bears performing on the factory floor.

[via Waxy]

Japan’s First Commercial Rocket Debuts With A Bang

March 27, 2024 by 11 Comments

Though it suffered through decades of naysayers, these days you’d be hard pressed to find anyone who would still argue that the commercialization of space has been anything but a resounding success for the United States. SpaceX has completely disrupted what was a stagnant industry — of the 108 US rocket launches in 2023, 98 of them were performed by the Falcon 9. Even the smaller players, such as Rocket Lab and Blue Origin, are innovating and bringing new technologies to market at a rate which the legacy aerospace companies haven’t been able to achieve since the Space Race.

So it’s no surprise that other countries are looking to replicate that success. Japan in particular has been following NASA’s playbook by offering lucrative space contracts to major domestic tech companies such as Mitsubishi, Honda, NEC, Toyota, Canon, Kyocera, and Sumitomo. Over the last several years this has resulted in the development of a number spacecraft and missions, such as the Hakuto-R Moon lander. It’s also laid the groundwork for exciting future projects, like the crewed lunar rover Toyota and Honda are jointly developing for the Artemis program.

But so far there’s been a crucial element missing from Japan’s commercial space aspirations, an orbital booster rocket. While the country has state-funded launch vehicles such as the H-IIA and H3 rockets, they come with the usual bureaucracy one would expect from a government program. In comparison, a privately developed and operated booster holds the promise of reduced costs and a higher launch cadence, especially if there are multiple competing vehicles on the market.

With the recent test flight of Space One’s KAIROS rocket, that final piece of the puzzle may finally be falling into place. While the launch unfortunately failed shortly after liftoff, the fact that the private rocket was able to get off the ground — literally and figuratively — is a promising sign of what’s to come.

Continue reading “Japan’s First Commercial Rocket Debuts With A Bang”

Hackaday Links Column Banner

Hackaday Links: March 24, 2024

March 24, 2024 by 6 Comments

Way to rub it in, guys. As it turns out, due to family and work obligations we won’t be able to see the next Great American Eclipse, at least not from anywhere near the path of totality, when it sweeps from Mexico into Canada on April 8. And that’s too bad, because compared to the eclipse back in 2017, “Eclipse 2: Solar Boogaloo” is occurring during a much more active phase in the solar cycle, with the potential for some pretty exciting viewing. The sun regularly belches out gigatons of plasma during coronal mass ejections (CMEs), most of which we can’t see with the naked eye because not only is staring at the sun not a great idea, but most of that activity occurs across the disk of the sun, obscuring the view in the background light. But during the eclipse, we — oops, you — might just get lucky enough to have a solar prominence erupt along the limb of the sun that will be visible during totality. The sun has been quite active lately, as reflected by the relatively high sunspot number, so even though it’s an outside chance, it’s certainly more likely than it was in 2017. Good luck out there.  Continue reading “Hackaday Links: March 24, 2024”

Hackaday Links Column Banner

Hackaday Links: March 17, 2024

March 17, 2024 by 16 Comments

A friend of ours once described computers as “high-speed idiots.” It was true in the 80s, and it appears that even with the recent explosion in AI, all computers have managed to do is become faster. Proof of that can be found in a story about using ASCII art to trick a chatbot into giving away the store. As anyone who has played with ChatGPT or its moral equivalent for more than five minutes has learned, there are certain boundary conditions that the LLM’s creators lawyers have put in place to prevent discussion surrounding sensitive topics. Ask a chatbot to deliver specific instructions on building a nuclear bomb, for instance, and you’ll be rebuffed. Same with asking for help counterfeiting currency, and wisely so. But, by minimally obfuscating your question by rendering the word “COUNTERFEIT” in ASCII art and asking the chatbot to first decode the word, you can slip the verboten word into a how-to question and get pretty explicit instructions. Yes, you have to give painfully detailed instructions on parsing the ASCII art characters, but that’s a small price to pay for forbidden knowledge that you could easily find out yourself by other means.

Continue reading “Hackaday Links: March 17, 2024”

This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!

February 16, 2024 by 6 Comments

Reading through a vulnerability report about ClamAV, I came across a phrase that filled me with dread: “The file name is not sanitized”. It’s a feature, VirusEvent, that can be enabled in the ClamnAV config. And that configuration includes a string formatting function, where the string includes %v and %s, which gets replaced with a detected virus name and the file name from the email. And now you see the problem, I hope: The filename is attacker supplied input.

Where this really gets out of hand is what ClamAV does with this string. execle("/bin/sh", "sh", "-c", buffer_cmd, NULL, env). So let’s talk defensive program design for a minute. When it comes to running a secondary command, there are two general options, system() and the exec*() family of system calls. system() is very simple to use. It pauses execution of the main process and asks the operating system to run a string, just as if the user had typed that command into the shell. While this is very convenient to use, there is a security problem if any of that command string is user-supplied. All it takes is a semicolon or ampersand to break assumptions and inject a command.

To the rescue comes exec(). It’s a bit more complicated to use, requiring the programmer to manually call fork() and wait(). But it’s not running the command via the shell. exec() executes a program directly, totally eliminating the potential for command injection! Except… oops.

Yeah, exec() and related calls don’t offer any security protections when you use them to execute /bin/sh. I suspect the code was written this way to allow running a script without specifying /bin/sh in the config. The official fix was to disable the filename format character, and instead supply it as an environment variable. That certainly works, and that fix is available in 1.0.5, 1.2.2, and 1.3.0.

The real danger here is that we have another case where some hardware appliance manufacturer has used ClamAV for email filtering, and uses this configuration by default. That’s how we get orders from CISA to unplug your hardware, because it’s already compromised. Continue reading “This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!”

Retrotechtacular: Some Days You Just Can’t Get Rid Of A Nuclear Bomb

February 15, 2024 by 19 Comments

It may seem a bit obvious to say so, but when a munition of just about any kind is designed, little thought is typically given to how to dispose of it. After all, if you build something that’s supposed to blow up, that pretty much takes care of the disposal process, right?

But what if you design something that’s supposed to blow up only if things go really, really wrong? Like nuclear weapons, for instance? In that case, you’ll want to disassemble them with the utmost care. This 1993 film, produced by the US Department of Energy, gives a high-level overview of nuclear weapons decommissioning at the Pantex plant in Texas. Fair warning: this film was originally on a VHS tape, one that looks like it sat in a hot attic for quite a few years before being transferred to DVD and thence to YouTube. So the picture quality is lousy, in some points nearly unwatchably so. Then again, given the subject matter that may be a feature rather than a bug.

Continue reading “Retrotechtacular: Some Days You Just Can’t Get Rid Of A Nuclear Bomb”