Voltmeter Clock Looks Great On Display

January 3, 2020 by 8 Comments

Voltmeters are cheap, and have a great industrial aesthetic about them. This makes them prime candidates for hackers looking to do a clock build. [Brett Oliver] went down this very road, and built a very stylish timepiece along the way.

[Brett] initially wanted to go with 240-degree voltmeters, however the cost was prohibitive, so settled for the more common 90-degree models. New dials were produced by first sanding down the old dials, repainting in an old-fashioned off-white, and then applying the new graphics with inkjet transfer paper.

The attention to detail continues with the case. [Brett] aimed to build the clock with an old-school lab equipment aesthetic. A large piece of mahogany was crafted into the base.  A clear plastic cover was sourced from eBay, which really makes the piece. Large buttons and toggle switches were chosen to complete the look.

On the electronic side of things, it’s all run by a PIC16F628A, which controls the voltmeters via PWM. Running with a 20MHz crystal, the PIC is not a great timekeeper. Instead, the whole show is synchronized to [Brett]’s master clock we featured a few years back.

Building a clock is a rite of passage for a hacker, and [Brett]’s example goes to show how craftsmanship can really pay off in this pursuit. Video after the break.
Continue reading “Voltmeter Clock Looks Great On Display”

Unique 3D Printer Turned CNC Engraver

January 3, 2020 by 4 Comments

As we’ve said in the past, one of the most exciting things about the proliferation of low-cost desktop 3D printers (beyond all the little boats we get to see on Reddit), is the fact that their motion control systems are ripe for repurposing. Outfitting a cheap 3D printer with a drag knife, pen holder, or even a solid-state laser module, are all very common ways of squeezing even more functionality out of these machines.

But thanks to the somewhat unusual nature of his printer, [Hammad Nasir] was able to take this concept a bit farther. Being considerably more rigid than the $99 acrylic-framed box of bolts we’ve become accustomed to, he was able to fit it with a basic spindle and use it for CNC engraving. He won’t be milling any steel on this rig, but judging by the pictures on the Hackaday.io page for the project, it does a respectable job cutting designs into plastic at least.

The IdeaWerk 3D printer that [Hammad] used for this project is phenomenally overbuilt. We don’t know whether the designers simply wanted to make it look futuristic and high-tech (admittedly, it does look like it could double as a movie prop) or they thought there was a chance it might get thrown down the stairs occasionally. In either event, it’s built like an absolute tank.

While the frame on lesser printers would likely flex as soon as the bit started moving across the workpiece, this thing isn’t going anywhere. Of course this machine is presumably still running on the standard GT2 belt and NEMA 17 arrangement that has been used in desktop 3D printers since the first wooden machines clattered to life. So while the frame might be ready to take some punishment, the drive system could respectfully disagree once the pressure is on.

Modification was simplified by the fact that the hotend and extruder assembly on the IdeaWerk is mounted to the X axis with just a single bolt. This makes it exceptionally easy to design alternate tool mounts, though arguably the 3D printed motor holder [Hammad] is using here is the weak link in the entire system; if it’s going to flex anywhere, it’s going to be there.

If you’re more photonically inclined, you might be interested in this similarly straightforward project that sees a 2.5 W laser module get bolted onto an entry level 3D printer.

You Could Be A Manufacturing Engineer If You Could Only Find The Time

January 3, 2020 by 9 Comments

Let’s be honest, Ruth Grace Wong can’t teach you how to be a manufacturing engineer in the span of a twenty minute talk. But no-one can. This is about picking up the skills for a new career without following the traditional education path, and that takes some serious time. But Grace pulled it off, and her talk at the 2019 Hackaday Superconference shares what she learned about reinventing your career path without completely disrupting your life to do so.

Ruth got on this crazy ride when she realized that being a maker made her happy and she wanted to do a lot more of it. See wanted to be “making stuff at scale” which is the definition of manufacturing. She took the hacker approach, by leveraging her personal projects to pull back the veil of the manufacturing world. She did a few crowd funding campaigns that exposed her to the difficulties of producing more than one of something. And along the way used revenue from those projects to get training and to seek mentorships.

Continue reading “You Could Be A Manufacturing Engineer If You Could Only Find The Time”

The Quadratic Equation Solution A Few Thousand Years In The Making

January 3, 2020 by 38 Comments

Everyone learns (and some readers maybe still remember) the quadratic formula. It’s a pillar of algebra and allows you to solve equations like Ax2+Bx+C=0. But just because you’ve used it doesn’t mean you know how to come up with the formula itself. It’s a bear to derive so the vast majority of us simply memorize the formula. A Carnegie Mellon mathematician named Po-Shen Loh didn’t expect to find a new way to derive the solution when he was reviewing math materials for middle school use to make them easier to understand. After all, people have been solving that equation for about 4,000 years. But that’s exactly what he did.

Before we look at the new solution, let’s talk about why you want to solve quadratic equations. They are used in many contexts. In ancient times you might use them to determine how much more crop to grow to cover pay tax payments without eating in to the crop you needed to subsist. In physics, it can describe motion. There’s seemingly no end to how many things you can describe with a quadratic equation.

Babylonians, in particular, would solve simultaneous equations to find the roots of a quadratic. Egyptians, Grecians, Indians, and Chinese peoples used graphical methods to solve the equations. The entire history is a bit much to get into, but still a great read. For this article, let’s dig into how the new derivation was discovered.

Continue reading “The Quadratic Equation Solution A Few Thousand Years In The Making”

Hackaday Podcast 048: Truly Trustworthy Hardware, Glowing Uranium Marbles, Bitstreaming The USB, Chaos Of Congress

January 3, 2020 by 7 Comments

Hackaday editors Elliot Williams and Mike Szczys kick off the first podcast of the new year. Elliot just got home from Chaos Communications Congress (36c3) with a ton of great stories, and he showed off his electric cargo carrier build while he was there. We recount some of the most interesting hacks of the past few weeks, such as 3D-printed molds for making your own paper-pulp objects, a rudimentary digital camera sensor built by hand, a tattoo-removal laser turned welder, and desktop-artillery that’s delivered in greeting-card format.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 048: Truly Trustworthy Hardware, Glowing Uranium Marbles, Bitstreaming The USB, Chaos Of Congress”

The Fun Is On The Christmas Tree With This Playable Duck Hunt Decoration

January 3, 2020 by 5 Comments

‘Tis the season for leftovers, be they food, regifted presents, or the decorations left behind in the wake of the festivities. Not to mention the late tips we get for holiday-themed builds, like this Duck Hunt ornament that’s completely playable.

Details are sparse in [wermy]’s video below, but there’s enough there to get the gist. The game is based on the Nintendo classic, where animated ducks fly across the screen and act as targets for a light pistol. Translating that to something suitable for decorating a Christmas tree meant adding an Arduino and an IR LED to the original NES light pistol, and building a base station with a Feather and a small LCD screen into a case that looks like [The Simpsons] TV. An LED on each 3d-printed duck target lights in turn, prompting you to blast it with the gun. An IR sensor on each duck registers hits, while the familiar sound effects are generated by the base, which also displays the score. Given a background of festive blinkenlights, it’s harder than it sounds – see it in action briefly below.

[wermy] has done some interesting builds before, like a RetroPie in an Altoids tin and a spooky string of eyes for Halloween. We hope he’ll come through with a more detailed build video for this project at some point – we’re particularly interested in those beautiful multi-color 3D-prints.

Continue reading “The Fun Is On The Christmas Tree With This Playable Duck Hunt Decoration”

This Week In Security: ToTok, Edgium, Chrome Checks Your Passwords, And More

January 3, 2020 by 11 Comments

Merry Christmas and happy New Year! After a week off, we have quite a few stories to cover, starting with an unexpected Christmas gift from Apple. Apple has run an invitation-only bug bounty program for years, but it only covered iOS, and the maximum payout topped out at $200K. The new program is open to the public, covers the entire Apple product lineup, and has a maximum payout of $1.5 million. Go forth and find vulnerabilities, and make sure to let us know what you find.

ToTok

The United Arab Emirates had an odd policy regarding VoIP communications. At least on mobile networks, it seems that all VoIP calls are blocked — unless you’re using a particular app: ToTok. Does that sound odd? Is your “Security Spider Sense” tingling? It probably should. The New York Times covered ToTok, claiming it was actually a tool for spying on citizens.

While that coverage is interesting, more meat can be found in [Patrick Wardle]’s research on the app. What’s most notable, however, is the distinct lack of evidence found in the app itself. Sure, ToTok can read your files, uploads your contact book to a centralized server, and tries to send the device’s GPS coordinates. This really isn’t too far removed from what other apps already do, all in the name of convenience.

It seems that ToTok lacks end-to-end encryption, which means that calls could be easily decrypted by whoever is behind the app. The lack of malicious code in the app itself makes it difficult to emphatically call it a spy tool, but it’s hard to imagine a better way to capture VoIP calls. Since those articles ran, ToTok has been removed from both the Apple and Google’s app stores.

SMS Keys to the Kingdom

Have you noticed how many services treat your mobile number as a positive form of authentication? Need a password reset? Just type in the six-digit code sent in a text. Prove it’s you? We sent you a text. [Joakim Bech] discovered a weakness that takes this a step further: all he needs is access to a single SMS message, and he can control your burglar alarm from anywhere. Well, at least if you have a security system from Alert Alarm in Sweden.

The control messages are sent over SMS, making them fairly accessible to an attacker. AES encryption is used for encryption, but a series of errors seriously reduces the effectiveness of that encryption. The first being the key. To build the 128-bit encryption key, the app takes the user’s four-digit PIN, and pads it with zeros, so it’s essentially a 13 bit encryption key. Even worse, there is no message authentication built in to the system at all. An attacker with a single captured SMS message can brute force the user’s PIN, modify the message, and easily send spoofed commands that are treated as valid.

Microsoft Chrome

You may have seen the news, Microsoft is giving up on their Edge browser code, and will soon begin shipping a Chromium based Edge. While that has been a source of entertainment all on its own, some have already begun taking advantage of the new bug bounty program for Chromium Edge (Edgium?). It’s an odd bounty program, in that Microsoft has no interest in paying for bugs found in Google’s code. As a result, only bugs in the Edge-exclusive features qualify for payout from Microsoft.

As [Abdulrahman Al-Qabandi] puts it, that’s a very small attack surface. Even so, he managed to find a vulnerability that qualified, and it’s unique. One of the additions Microsoft has made to Edgium is a custom new tab page. Similar to other browsers, that new tab page shows the user their most visited websites. The problem is that the site’s title is shown on that page, but without any sanity checking. If your site’s title field happens to include Javascript, that too is injected into the new tab page.

The full exploit has a few extra steps, but the essence is that once a website makes it to the new tab page, it can take over that page, and maybe even escape the browser sandbox.

Chrome Password Checkup

This story is a bit older, but really grabbed my attention. Google has rolled a feature out in Chrome that automatically compares your saved passwords to past data breaches. How does that work without being a security nightmare? It’s clever. A three-byte hash of each username is sent to Google, and compared to the hashes of the compromised accounts. A encrypted database of potential matches is sent to your machine. Your saved passwords, already encrypted with your key, is encrypted a second time with a Google key, and sent back along with the database of possible matches, also encrypted with the same Google key. The clever bit is that once your machine decrypts your database, it now has two sets of credentials, both encrypted with the same Google key. Since this encryption is deterministic, the encrypted data can be compared without decryption. In the end, your passwords aren’t exposed to Google, and Google hasn’t given away their data set either.

The Password Queue

Password changes are a pain, but not usually this much of a pain. A university in Germany suffered a severe malware infection, and took the precaution of resetting the passwords for every student’s account. Their solution for bootstrapping those password changes? The students had to come to the office in person with a valid ID to receive their new passwords. The school cited German legal requirements as a primary cause of the odd solution. Still, you can’t beat that for a secure delivery method.