This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware

April 10, 2020 by 9 Comments

You were promised Zoom news last week, but due to a late night of writing, that story was delayed to this week. So what’s the deal with Zoom? Google, SpaceX, and even the government of Taiwan and the US Senate have banned Zoom. You may remember our coverage of Zoom from nearly a year ago, when Apple forcibly removed the Zoom service from countless machines. The realities of COVID-19 have brought about an explosion of popularity for Zoom, but also a renewed critical eye on the platform’s security.

“Zoombombing”, joining a Zoom meeting uninvited, made national headlines as a result of a few high profile incidents. The US DOJ even released a statement about it. Those incidents seem to have been a result of Zoom default settings: no meeting passwords, no “waiting room”, and meeting IDs that persist indefinitely. A troll could simply search google for Zoom links, and try connecting to them until finding an active meeting. Ars ran a great article on how to avoid getting zoombombed (thanks to Sheldon for pointing this out last week).

There is another wrinkle to the Zoom story. Zoom is technically an American company, but its Chinese roots put it in a precarious situation. Recently it’s been reported that encryption keying is routed through infrastructure in China, even though the calling parties are elsewhere. In some cases, call data itself goes through Chinese infrastructure, though that was labeled as a temporary bug. Zoom was also advertising its meetings as having end-to-end encryption. That claim was investigated, and discovered to be false. All meetings get decrypted at Zoom servers, and could theoretically be viewed by Zoom staff. Continue reading “This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware”

Iceland Is Doing Its COVID-19 Proximity Tracing The Open Source Way

April 10, 2020 by 6 Comments

As governments around the world grapple with the problem of tracing those who have had contact with a person known to have been infected with the COVID-19 virus, attention has turned to the idea of mobile apps that can divulge who a person has been near so that they can be alerted of potential infections. This has a huge potential for abuse by regimes with little care for personal privacy, and has been a significant concern for those working in that field. An interesting compromise has been struck by Iceland, who have produced an app for their populace that stores the information on the device and only uploads it with the user’s consent once they have received a diagnosis. We can all take a look, because to ensure transparency they have released it as open source.

On signing up for the scheme a central server stores the details of each user as well as their phone number. When the epidemiologists have a need to trace a person’s contacts they send a notification, and the person can consent to their upload. This is a fine effort to retain user privacy, with depending on your viewpoint the flaw or the advantage being that the user can not have their data slurped without their knowledge. Iceland is a country with a relatively small population, so we can imagine that with enough consent there could be effective tracing.

We installed the Android version on the Hackaday phone to have a look, but unfortunately it seems to need to be in Iceland to be of use enough to explore. We would be interested to hear from our Icelandic readers, to hear their views. Meanwhile readers can juxtapose the Icelandic app with another proposal for a more anonymised version.

Accessible Controller Plays Around With Modularity

April 10, 2020 by 8 Comments

Video games are a great way to have some fun or blow off a little steam when real life becomes laughable. But stock controllers and other inputs are hardly one size fits all. Even if you have no physical issues, they can be too big, too small, or just plain uncomfortable to hold.

[kefcom] wrote in to give us a heads up about a modular, adaptive system he designed for anyone who is unable to operate a PS3, PS4, or PC with a standard controller. The project was inspired by Microsoft’s adaptive XBOX controller and works pretty much the same way — broken-out buttons, joysticks, and other inputs all connect to a hub that unifies them into a controller the console or computer can communicate with. The major difference is that this project is open source and can be realized much more cheaply.

If you want to give this a try, [kefcom]’s project repo has step-by-step instructions for disassembling two types of wireless controllers and converting them into hubs for modular controls. He’s looking for help with design, documentation, and finding reliable suppliers for all the parts, so let him know if you can assist.

Some players need something more accessible than just broken-out buttons and full-size joysticks. Here’s an adaptive controller that uses ridged foam rollers to actuate buttons.

A Fantastic Raspberry Pi Handheld Just Got Better

April 9, 2020 by 23 Comments

Last year, we brought you word of the MutantC by [rahmanshaber]. The Raspberry Pi handheld was more than a little inspired by the classic T-Mobile Sidekick, with a sliding display and physical QWERTY keyboard. The design was a little rough around the edges and missing a few key features, but it was clear the project had a lot of potential.

Today, we’re happy to report that [rahmanshaber] has officially released MutantC_v2. It looks like the new version of this handheld, perhaps more properly categorized as a ultra-mobile PC (UMPC), successfully addresses a number of the shortcomings found in the original; so if you held off on building one last year, you might want to start warming up the 3D printer now.

The major improvement over the original is the inclusion of a battery, which makes the device truly mobile. This was something that we mentioned [rahmanshaber] was working on back when he released the first version, as it was easily the most requested feature from the community. We certainly wouldn’t say a miniature handheld computer is completely useless if it has to stay tethered, but there’s no arguing that being able to take it on the go is ideal.

This upgraded version of the design now officially supports the Raspberry Pi 4 as well, which previously [rahmanshaber] was advising against due to overheating concerns. Slotting in the latest-and-greatest edition of every hacker’s favorite Linux single board computer will definitely kick things up a notch, though we imagine the older and less power hungry iterations of the Pi will be plenty for the sort of tasks you’re likely to be doing on a gadget like this.

If you like the idea of having a diminutive Linux computer within arm’s reach of your bench but aren’t necessarily committed enough to build something like the MutantC, there are certainly simpler designs you can get started with.

Continue reading “A Fantastic Raspberry Pi Handheld Just Got Better”

Controlling A Building Sized Pipe Organ With Midi

April 9, 2020 by 13 Comments

Musical instruments come in all shapes and sizes. For sheer scale and complexity though, you can’t beat pipe organs. [Rob Scallon] visited the Fourth Presbyterian Church in Chicago to look at their massive pipe organ which boasts over 8000 individual pipes. He also discovered that it has a MIDI interface, and off course hooked up his laptop to play the Mario Bros theme song.

This organ is actually the third one the church has had, and was completed in 2016. Its capabilities are impressive, but the engineering side of it is what really blew us away. Every pipe is unique to allow it to recreate the sound of almost an entire orchestra, and the “control station” looks a bit like the cockpit of modern airliner in terms of complexity. The organ covers multiple stories across multiple parts of the church and every single pipe and part needs to be accessible for tuning and maintenance, which is almost a full time job. Check out the first video after the break for a full demonstration and tour of this incredible machine by [John Sherer], the church’s music director and organist.

The second video after the break goes through the process of hooking up a laptop to the organ after getting a technician to completely wire up the MIDI interface. They go full music geek as they marry ancient and modern music technology. [Rob] says it multiple times, and we have to believe that you need to be in the building to truly experience the sound. Let us know in the comments if any readers have heard this organ in person.

Continue reading “Controlling A Building Sized Pipe Organ With Midi”

Tell Time Like It’s 1960 With This All-Transistor Digital Clock

April 9, 2020 by 44 Comments

When you’ve got time on your hands, doing something the hard way can be therapeutic. Not that the present situation and the abundance of free time that many are experiencing has anything to do with [Leo Fernekes] all-transistor digital clock build, which he started a year ago with his students. But if you’ve got time to burn, this might be a good way to do it.

[Leo] says one of his design goals with this clock was to do it with the technology commercially available in 1960, which means relying completely on discrete components. And he and his students managed to do just that, with the exception of the seven-segment displays, which were built from the LED filaments from some modern light bulbs. Everything else, though, is as old school as it gets, and really underscores all the complexity that gets abstracted away from timekeeping with modern chips. The video below covers each module in detail, from the Schmitt trigger that cleans up the 50-Hz line frequency to the ring counters and diode matrices used to drive the display. We found the analog stair step dividers used to bring the line frequency down to a more usable pulse train particularly interesting. That clever bit of engineering saved 10 transistors over what would be required for traditional flip-flop dividers.

There’s a lot to learn from this design, and the execution is great too – we’re suckers for Manhattan-style builds, of course. Hats off to [Leo] and his lucky students on a great build.

Continue reading “Tell Time Like It’s 1960 With This All-Transistor Digital Clock”

The Evolution Of A 3D Printed Off-Road R/C Car

April 9, 2020 by 13 Comments

For about as long as hackers and makers have been using desktop 3D printers, there have been critics that say the plastic parts they produce aren’t good for much else than toys and decorative pieces. They claim that printed parts are far too fragile to be of any practical use, and are better suited as prototype placeholders until the real parts can be injection molded or milled. Sure. Try telling that to [Engineering Nonsense].

He recently wrote in (as did a few other people, incidentally) to share the latest version of his incredible 3D printed remote control car, and seeing it tearing around in the video after the break, “fragile” certainly isn’t a word we’d use to describe it. Though it didn’t get that way overnight. The Tarmo4 represents a year of development, and as the name suggests, is the fourth version of the design.

We know the purists out there will complain that the car isn’t entirely 3D printed, but honestly, it’s hard to imagine you could get much closer than this. Outside of the electronics, fasteners, tires, and shocks, the Tarmo4 is all plastic. That includes the gearbox and drive shafts. [Engineering Nonsense] even mentions in the video that he’s not happy with the tires he’s found on the market, and that they too will likely get replaced with printed versions in the future.

While the car is certainly an incredible technical achievement, what’s perhaps just as impressive is the community that’s developed around it in such a relatively short time. Towards the end of the video he shows off a number of custom builds based on previous iterations of the Tarmo. We’re sure that interest from the community has played a part in pushing the design forward, and it’s always good to see a one-off project become something bigger. Hopefully we’ll be seeing even more from this passionate community in the near future.

Just like the Open R/C Project, Tarmo proves that 3D printed parts are more than a novelty. If these diminutive powerhouses can run with printed gears and drive shafts, then you shouldn’t have anything to worry about when you run off the parts for your next project.

Continue reading “The Evolution Of A 3D Printed Off-Road R/C Car”