Go Ape With A Banana Macropad

May 14, 2021 by 14 Comments

The super fun thing about macro pads is that they’re inherently ultra-personalized, so why not have fun with them? This appealing little keeb may have been a joke originally, but [dapperrogue] makes a valid point among a bunch of banana-related puns on the project page — the shape makes it quite the ergonomic little input device.

Inside this open-source banana is that perennial favorite for macro pads, the Arduino Pro Micro, and eight switches that are wired up directly to input pins. We’re not sure what flavor of Cherry those switches are, hopefully brown or green, but we suddenly wish Cherry made yellow switches. If you want to build your own, the STLs and code are available, and we know for a fact that other switch purveyors do in fact make yellow-stemmed switches.

Contrary to what the BOM says, we believe the sticker is mandatory because it just makes the build — we imagine there would be fewer double takes without it. Hopefully this fosters future fun keyboard builds from the community, and we can’t wait to sink our teeth into the split version!

There are a bunch of ways to make a macropad, including printing everything but the microcontroller.

Via r/mk and KBD

This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6

May 14, 2021 by 26 Comments

Some weeks are slow, and the picking are slim when discussing the latest security news. This was not one of those weeks.

First up is Fragattacks, a set of flaws in wireless security protocols, allowing unauthenticated devices to inject packets into the network, and in some cases, read data back out. The flaws revolve around 802.11’s support for packet aggregation and frame fragmentation. The whitepaper is out, so let’s take a look.

Fragmentation and aggregation are techniques for optimizing wireless connections. Packet aggregation is the inclusion of multiple IP packets in a single wireless frame. When a device is sending many small packets, it’s more efficient to send them all at once, in a single wireless frame. On the other hand, if the wireless signal-to-noise ratio is less than ideal, shorter frames are more likely to arrive intact. To better operate in such an environment, long frames can be split into fragments, and recombined upon receipt.

There are a trio of vulnerabilities that are built-in to the wireless protocols themselves. First up is CVE-2020-24588, the aggregation attack. To put this simply, the aggregation section of a wireless frame header is unauthenticated and unencrypted. How to exploit this weakness isn’t immediately obvious, but the authors have done something clever.

First, for the purposes of explanation, we will assume that there is already a TCP connection established between the victim and an attacker controlled server. This could be as simple as an advertisement being displayed on a visited web page, or an image linked to in an email. We will also assume that the attacker is performing a Man in the Middle attack on the target’s wireless connection. Without the password, this only allows the attacker to pass the wireless frames back and forth unmodified, except for the aggregation header data, as mentioned. The actual attack is to send a special IP packet in the established TCP connection, and then modify the header data on the wireless frame that contains that packet.

When the victim tries to unpack what it believes to be an aggregated frame, the TCP payload is interpreted as a discrete packet, which can be addressed to any IP and port the attacker chooses. To put it more simply, it’s a packet within a packet, and the frame aggregation header is abused to pop the internal packet out onto the protected network. Continue reading “This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6”

Make Android’s New Power Menu Work On Your Terms

May 14, 2021 by 7 Comments

Introduced in Android 11, the power menu is a way to quickly interact with smart home gadgets without having to open their corresponding applications. Just hold the power button for a beat, and you’ll be presented with an array of interactive tiles for all the gadgets you own. Well that’s the idea, anyway.

[Mat] of “NotEnoughTech” wasn’t exactly thrilled with how this system worked out of the box, so he decided to figure out how he could create his own power menu tiles. His method naturally requires quite a bit more manual work than Google’s automatic solution, but it also offers some compelling advantages. For one thing, you can make tiles for your own DIY devices that wouldn’t be supported otherwise. It also allows you to sidestep the cloud infrastructure normally required by commercial home automation products. After all, does some server halfway across the planet really need to be consulted every time you want to turn on the kitchen light?

Adding tiles in Tasker.

The first piece of the puzzle is Tasker, a popular automation framework for Android. It allows you to create custom tiles that will show up on Android’s power menu, complete with their own icons and brief descriptions. If you just wanted to perform tasks on the local device itself, this would be the end of the story. But assuming that you want to control devices on your network, Tasker can be configured to fire off a command to a Node-RED instance when you interact with the tiles.

In his post, [Mat] gives a few examples of how this combination can be used to control smart devices and retrieve sensor data, but the exact implementation will depend on what you’re trying to do. If you need a bit of help getting started, our own [Mike Szczys] put together a Node-RED primer last year that can help you put this flow-based visual programming tool to work for you.

Continue reading “Make Android’s New Power Menu Work On Your Terms”

Keep An Eye On Your Bike With This DIY GPS Tracker

May 14, 2021 by 31 Comments

Owning a bike and commuting on it regularly is a great way to end up with your bike getting stolen, unfortunately. It can be a frustrating experience, and it can be particularly difficult to track a bike down once it’s vanished. [Johan] didn’t want to be caught out, however, and thus built a compact GPS tracker to give himself a fighting chance to hang on to his ride.

It’s built around the Arduino MKR GSM, a special Arduino built specifically for Internet of Things project. Sporting a cellular modem onboard, it can communicate with GSM and 3G networks out of the box. It’s paired with the MKR GPS shield to determine the bike’s location, and a ADXL345 3-axis accelerometer to detect movement. When unauthorised movement is detected, the tracker can send out text messages via cellular connection in order to help the owner track down the missing bike.

The tracker goes for a stealth installation, giving up the deterrent factor in order to lessen the chance of a thief damaging or disabling the hardware. It’s a project that should give [Johan] some peace of mind, though of course knowing where the bike is, and getting it back, are two different things entirely. We’ve seen creative techniques to build trackers for cats, too. It used to be the case that such “tracking devices” were the preserve of movies alone, but no longer. If you’ve got your own build, be sure to let us know on the tipline!

 

 

Apple Gets CP/M

May 13, 2021 by 13 Comments

In case you wanted to run WordStar on your Mac, [Tom Harte] offers CP/M for OS/X, and it looks like it would be a lot of fun. Of course you might be happier running Zork or Turbo Pascal, and you can do that, too.

There are plenty of Z80 emulators that can run CP/M, but what we found most interesting about this one is that it is written in Objective C, a language with a deep history in the Mac and NeXT worlds.

Continue reading “Apple Gets CP/M”

Nuclear Reactors Get Small

May 13, 2021 by 92 Comments

Steve Martin was ahead of his time when he told us “Let’s get small!” While you usually think of a nuclear reactor as a big affair, there’s a new trend towards making small microreactors to produce power where needed instead of large centralized generation facilities. The U.S. Department of Energy has a video about the topic, you can watch below.

You probably learned in science class how a basic nuclear fission reactor works. Nuclear fuel produces heat from fission while a moderator like water prevents it from melting down both by cooling the reactor and slowing down neutrons. Control rods further slow down the reaction or — if you pull them out — speed it up. Heat creates steam (either directly or indirectly) and the steam turns a conventional electric generator that is no more high tech than it ever has been.

Continue reading “Nuclear Reactors Get Small”

3D Printed Terminal Takes Computing Back In Time

May 13, 2021 by 14 Comments

It’s hard to look at today as anything but the golden age of computing. Even entry level machines have quad-core processors and a terabyte or more of storage space, to say nothing of the incredible amount of tech packed into the modern smartphone. But even so, there’s something to be said for the elegant simplicity of early desktop computers.

Looking to recreate the feeling of those bygone days, [Pigeonaut] created the Callisto II. Its entirely 3D printed case snaps together without glue or screws, making it easy to assemble, and the parts have been sized so they’ll be printable even on smaller machines like the Prusa Mini. Inside you’ll find a 1024×768 Pimoroni HDMI 8″ IPS LCD, 60% mechanical keyboard, four-port USB 3 hub, Raspberry Pi 4, and a 22 watt USB power supply to run it all.

The internal components can be easily accessed with the hatch on the rear of the case, and there’s plenty of room inside to add new hardware should you want to toss in a hard drive or even swap out the Pi for a different single-board computer.

To really drive home the faux-retro concept of the Callisto II, [Pigeonaut] has created a website for the fictional computer company behind the machine, replete with all the trappings you’d expect from the early web. There’s even a web-based “operating system” you can use to show off your freshly printed Callisto II.

Incidentally the II suffix isn’t just part of the meme, there really was a Callisto before this one. We covered the earlier machine back in 2019, and while we’re a bit sad to see that the functional 3.5 inch floppy drive has been deleted, we can’t deny the overall aesthetics have been greatly improved in the latest version.

Continue reading “3D Printed Terminal Takes Computing Back In Time”