Fixing The Flicker Afflicting A Night Light

January 31, 2020 by 11 Comments

It’s hard to part with some things, even if they’re broken and were worth next to nothing to begin with. But some things are just special, y’know? And we would say in this case, the thing was definitely worth saving.

[Taste the Code]’s daughter’s beloved night light had a terrible flickering problem, and then stopped working altogether. Eager to make her happy, he cracked it open and found that one of the wires had disconnected from the outlet pin it was soldered to. That’s a simple enough fix, but trying to solder in tight quarters where the walls are soft plastic can be quite challenging.

Once that was fixed, [Taste the Code] plugged it in to a test outlet. It’s back to working, but also back to flickering, because there is no capacitor to smooth out the signal going to the LEDs. [Taste the Code] measured the voltage drop across the output of the bridge rectifier and soldered in an electrolytic cap with more than double the necessary voltage rating, just to be safe. You can check out the video after the break.

This goes to show several things: one, you can learn from fixing and improving cheap electronics from the likes of your local dollar store. Two, you can also get some kinds of components there quite inexpensively from things like magnetic sensor-based window alarms and dirt cheap solar garden lights.

You can also do some fun stuff with those cheap IKEA lamps designed for children. Here’s an adorable cloud lamp with an RGB LED upgrade that shows the weather mood using an ESP8266.

Continue reading “Fixing The Flicker Afflicting A Night Light”

Water Switch Lamp Illuminates Current Flow

January 31, 2020 by 25 Comments

They always told you not to mix water and electricity. And while yes, that is good general advice regarding the two, you won’t rip a hole in the fabric of space-time should you go about it responsibly. Water will conduct electricity, so why not use it to switch on a lamp?

[Manvith Subraya]’s Hydro Lamp is, among other things, a reminder not to let Big Switch dim your idea of what’s possible with simple components. Switches don’t have to be complex, and some of the most reliable switches are pretty simple — the reed switch and the mercury tilt switch are good examples. By salinating the water at a ratio of 1:1, [Manvith] ensures power will flow through the acrylic tank, completing the circuit and lighting the 20W LEDs in both ends.

The brief demo video after the break sheds light on an interesting aspect of using water as a tilt switch — it’s not instantaneous. As he slowly moves the lamp from vertical to horizontal and back again, the light brightens and dims with the tide of electrons. We think it would be interesting to build a motorized frame that takes advantage of this for mood lighting purposes, especially if there were a few LEDs positioned behind the water.

Water is often used to explain the basic principle of current flow and the relationship dynamics of voltage, current, and resistance. As we saw in this water computer, the concept flows all the way into logic gates.

Continue reading “Water Switch Lamp Illuminates Current Flow”

Companion Bots Definitely Are The Droids You’re Looking For

January 31, 2020 by 14 Comments

Companion robots are a breed that, heretofore, we’ve primarily seen in cinema. Free from the limits of real-world technology, they manage to be charismatic, cute, and capable in ways that endear them to audiences the world over. Jorvon Moss and Alex Glow decided that this charming technology shouldn’t just live on the silver screen, and have been developing their own companion bots to explore this field. Lucky for us, they came down to Hackaday Superconference to tell us all about it!

The duo use a variety of techniques to build their ‘bots, infusing them with plenty of personality along the way. Jorvon favors the Arduino as the basis of his builds, while Alex has experimented with the Google AIY Vision Kit, BBC Micro:bit, as well as other platforms. Through clever design and careful planning, the two common maker techniques to create their unique builds. Using standard servos, 3D printed body parts, and plenty of LEDs, it’s all stuff that’s readily accessible to the home gamer.

[Alex]’s companion bot, Archimedes, has been through many upgrades to improve functionality. Plus, he’s got a cute hat!
Having built many robots, the different companions have a variety of capabilities in the manner they interact. Alex’s robot owl, Archimedes, uses machine vision to find people, and tries to figure out if they’re happy or sad. If they’re excited enough, it will give the person a small gift. Archimedes mounts on a special harness Alex built out of armature wire, allowing the avian to perch on her shoulder when out and about. Similarly, Jorvon’s Dexter lurks on his back, modeled after a monkey. Featuring an LED matrix for emotive facial expressions, and a touch sensor for high fives, Dexter packs plenty of character into his 3D printed chassis.

Alex and Jorvon also talk about some of the pitfalls and challenges they’ve faced through the development of their respective companion bots. Jorvon defines a companion robot as “any robot that you can take with you, on any type of adventure”. Being out in the real world and getting knocked around means breakages are common, with both of the duo picking up handfuls of smashed plastic and bundles of wires at times. Thankfully, with 3D printing being the tool of the trade, it’s easy to iteratively design new components to better withstand the rough and tumble of daily life out and about. This also feeds into the rest of the design process, with Jorvon giving the example of Dexter’s last minute LED upgrades that were built and fitted while at Supercon.

Develop on companion bots is never really finished. Future work involves integrating Chirp.io data-over-sound communications to allow the bots to talk. There’s been some headaches on the software side, but we look forward to seeing these ‘bots chatting away in their own droid language. While artificial intelligence doesn’t yet have homebrew companion bots matching the wisecracking droids seen in movies, designing lifelike bodies for our digital creations is a big step in that direction. With people like Alex and Jolyon on the case, we’re sure it won’t be long before we’re all walking around with digital pals on our shoulders — and it promises to be fun!

Continue reading “Companion Bots Definitely Are The Droids You’re Looking For”

The Internet Of Football

January 31, 2020 by 37 Comments

While football in the United States means something totally different from what it means in the rest of the world, fans everywhere take it pretty seriously. This Sunday is the peak of U.S. football frenzy, the Super Bowl, and it is surprisingly high-tech. The NFL has invested in a lot of technology and today’s football stats are nothing like those of the last century thanks to some very modern devices.

It is kind of interesting since, at the core, the sport doesn’t really need a lot of high tech. A pigskin ball, some handkerchiefs, and a field marked off with some lime and a yardstick will suffice. However, we’ve seen a long arc of technology in scoreboards, cameras — like instant replay — and in the evolution of protective gear. But the last few years have seen the rise of data collection. It’s being driven by RFID tags in the player’s shoulder pads.

These aren’t the RFID chips in your credit card. These are long-range devices and in the right stadium, a computer can track not only the player’s position, but also his speed, acceleration, and a host of other statistics.

Continue reading “The Internet Of Football”

Hackaday Podcast 052: Shorting Components, Printing Typewriter Balls, Taking Minimal Time Lapse, And Building A Makerspace Movie Prop

January 31, 2020 by 2 Comments

Hackaday editors Elliot Williams and Mike Szczys recap a great week in hardware hacking. There’s perfection in the air as clever 3D-printing turns a button and LED matrix into an aesthetically awesome home automation display. Take a crash course in RF modulation types to use on your next project. Did you know the DB-9 connector is actually a DE-9? Building your own underwater ROV tether isn’t as simple as it sounds. And Elliot found a treasure trove of zero-ohm jumpers in chip packages — what the heck are these things for?

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 052: Shorting Components, Printing Typewriter Balls, Taking Minimal Time Lapse, And Building A Makerspace Movie Prop”

The Multiyear Hunt For A Gameboy Game’s Bug

January 31, 2020 by 7 Comments

[Enddrift] had a real problem trying to run a classic game, Hello Kitty Collection: Miracle Fashion Maker, into a GBA (Gameboy Advance) emulator. During startup, the game would hit an endless loop waiting for a read from a non-existent memory location and thus wouldn’t start under the emulator. The problem is, the game works on real hardware even though that memory doesn’t exist there, either.

To further complicate things, a similar bug exists when loading a saved game under Sonic Pinball Party. Then a hack for Pokemon Emerald surfaced that helped break the case. The story is pretty interesting.

Continue reading “The Multiyear Hunt For A Gameboy Game’s Bug”

This Week In Security: OpenSMTPD, Kali Release, Scareware, Intel, And Unintended Consequences

January 31, 2020 by 15 Comments

If you run an OpenBSD server, or have OpenSMTPD running on a server, go update it right now. Version 6.6.2, released January 28th, fixes an exploit that can be launched locally or remotely, simply by connecting to the SMTP service. This was found by Qualys, who waited till the update was released to publish their findings.

It’s a simple logic flaw in the code that checks incoming messages. If an incoming message has either an invalid sender’s username, or invalid domain, the message is sent into error handling logic. That logic checks if the domain is an empty string, in which case, the mail is processed as a local message, sent to the localhost domain. Because the various parts of OpenSMTPD operate by executing commands, this logic flaw allows an attacker to inject unexpected symbols into those commands. The text of the email serves as the script to run, giving an attacker plenty of room to totally own a system as a result.

Browser Locker

“Your browser has been locked to prevent damage from a virus. Please call our Windows help desk immediately to prevent further damage.” Sound familiar? I can’t tell you how many calls I’ve gotten from freaked-out customers, who stumbled upon a scare-ware site that locked their browser. This sort of scam is called a browlock, and one particular campaign was pervasive enough to catch the attention of the researchers at Malwarebytes (Note, the picture at the top of their article says “404 error”, a reference to a technique used by the scam. Keep reading, the content should be below that.).

“WOOF”, Malwarebyte’s nickname for this campaign, was unusual both in its sophistication and the chutzpah of those running it. Browsers were hit via ads right on the MSN homepage and other popular sites. Several techniques were used to get the malicious ads onto legitimate sites. The most interesting part of the campaign is the techniques used to only deliver the scareware payload to target computers, and avoid detection by automated scanners.

It seems that around the time Malwarebytes published their report, the central command and control infrastructure behind WOOF was taken down. It’s unclear if this was a coincidence, or was a result of the scrutiny they were under from the security community. Hopefully WOOF is gone for good, and won’t simply show up at a different IP address in a few days.

Kali Linux

Kali Linux, the distribution focused on security and penetration testing, just shipped a shiny new release. A notable new addition to the Kali lineup is a rootless version of their Android app. Running an unrooted Android, and interested in having access to some security tools on the go? Kali now has your back.

Not all the tools will work without root, particularly those that require raw sockets, and sending malformed packets. It’s still a potentially useful tool to put into your toolbox.

Cacheout, VRD, and Intel iGPU Leaks

Intel can’t catch a break, with three separate problems to talk about. First up is cacheout, or more properly, CVE-2020-0549, also known as L1DES. It’s a familiar song and dance, just a slightly different way to get there. On a context switch, data in the Level 1 cache isn’t entirely cleared, and known side-channel attacks can be used to read that data from unprivileged execution.

VRD, Vector Register Sampling, is another Intel problem just announced. So far, it seems to be a less exploitable problem, and microcode updates are expected soon to fix the issue.

The third issue is a bit different. Instead of the CPU, this is a data leak via the integrated GPU. You may be familiar with the most basic form of this problem. Some video games will flash garbage on the screen for a few moments while loading. In some cases, rather than just garbage, images, video stills, and other graphics can appear. Why? GPUs don’t necessarily have the same strict separation of contexts that we expect from CPUs. A group of researchers realized that the old assumptions no longer apply, as nearly every application is video accelerated to some degree. They published a proof of concept, linked above, that demonstrates the flaw. Before any details were released, Phoronix covered the potential performance hit this would cause on Linux, and it’s not great.

Unintended Legal Consequences

Remember the ransomware attack that crippled Baltimore, MD? Apparently the Maryland legislature decided to step in and put an end to ransomware, by passing yet another law to make it illegal. I trust you’ll forgive my cynicism, but the law in question is a slow-moving disaster. Among other things, it could potentially make the public disclosure of vulnerabilities a crime, all while doing absolutely nothing to actually make a difference.

GE Medical Equipment Scores 10/10

While scoring a 10 out of 10 is impressive, it’s not something to be proud of, when we’re talking about a CVE score, where it’s the most critical rating. GE Healthcare, subsidiary of General Electric, managed five separate 10.0 CVEs in healthcare equipment that they manufacture, and an 8.5 for a sixth. Among the jewels are statements like:

In the case of the affected devices, the configuration also contains a private key. …. The same private key is universally shared across an entire line of devices in the CARESCAPE and GE Healthcare family of products.

The rest of the vulnerabilities are just as crazy. Hard-coded SMB passwords, a network KVM that has no credential checking, and ancient VNC versions. We’ve known for quite some time that some medical equipment is grossly insecure. It will apparently take a security themed repeat of the Therac-25 incident before changes take place.

Odds’n’ends

The Windows 7 saga continues, as Microsoft’s “last” update for the venerable OS broke many users’ desktop backgrounds. Microsoft plans to release a fix.

Firefox purged almost 200 extensions from their official portal over the last few weeks. It was found that over 100 extensions by 2Ring was secretly pulling and running code from a central server.

The Citrix problems we discussed last week has finally been addressed, and patches released, but not soon enough to prevent the installation of future-proof backdoors on devices in the wild. There are already plenty of reports of compromised devices. Apparently the exploitation has been so widespread, that Citrix has developed a scanning tool to check for the indicators of compromise (IoCs) on your devices. Apply patch, check for backdoors.