Mitch Altman Mentors Manufacturing With Hackaday Prize Expert Session

June 28, 2019 by 7 Comments

For whatever you have built, there is someone who has done it longer, and knows more about it. That is the basic premise of expertise, and for this year’s Hackaday Prize we’re rolling out with a series of mentor sessions. These are master classes that match up experts in product development with the people behind the projects in the Hackaday Prize. We’ve been recording all of these so everyone can benefit from the advice, guidance, and mentorship presented in these fantastic recordings.

The DrumKid, a random drum synthesizer

Mitch Altman is someone who should be very familiar to all Hackaday readers. He’s the inventor of the TV-B-Gone, that wonderful device that simultaneously turns you into a hero and a villain in any sports bar. He’s the President and CEO of Cornfield Electronics and co-founder of the Noisebridge hackerspace in San Francisco. Mitch is an author and teacher, and seems to be at just about every conference and workshop around the world promoting hackerspaces, Open Source hardware, and mentorship where ever he goes.

The first hardware creator to meet Mitch is Matt Bradshaw, creator of the DrumKid. This is a pocket-sized drum machine that is heavily inspired by Teenage Engineering’s Pocket Operators. Years ago, Matt built a web app that generated drum tracks, and this project is simply taking that idea into the physical realm. For Mitch, this is well-tread territory; years ago, Mitch also built an Arduino-based synth, and for the most part, both Mitch and Matt’s projects are remarkably similar. There were, however, some improvements to be made with Matt’s circuit. The power supply was two AAA batteries and a switching regulator that introduced noise and added cost. Mitch suggested that the ATMega328 could be run directly from three AA batteries reducing the cost and the noise.

eAgrar, a system for monitoring conditions of plants and weather conditions at agricultural fields

The next project up for review is eAgrar, a system for monitoring conditions of plants and the weather in fields. This project comes from Slaven Damjanovic and Marko Čalić. They’ve been developing this device for almost two years building the entire system around the ATMega328. Slaven ran into a problem with this chip in that he didn’t have enough inputs and outputs. The firmware is already written, but thanks to the Arduino IDE, there’s no reason to keep using that ATMega. Mitch suggested using an STM32 or another ARM core. That’s what he’s using for one of his synthesizer projects, and you get more than enough inputs and outputs for the same price as an ATMega.

Finally, we come to Joseph, with his project, the Pilates Reformer. A Pilates Reformer is a bit of exercise equipment that’s only made by three companies and everything costs thousands of dollars. Joseph is bringing that cost down, but there’s a problem: how do you build a hundred or two hundred of these? Mitch suggested simply finding another manufacturer that could build this design, and not necessarily one that builds Pilates machines. This makes sense — if all you’re doing is cutting and connecting structural beams, any manufacturer can do this, that’s what manufacturers do.

This is the third in our series of Hackaday Prize mentor sessions this year, and we have far more we need to edit, and many more we need to record. That doesn’t mean you can’t get help from experts from your prize entry; we’re looking for people who need help with their project and we have a lot of mentors willing to dispense advice. If you’re interested in having someone look over your shoulder, sign up your entry.

Continue reading “Mitch Altman Mentors Manufacturing With Hackaday Prize Expert Session”

Building A Foam Machine From A Leaf Blower And A Water Pump

June 28, 2019 by 24 Comments

Imagine a tub overflowing with bubble bath, except it’s a club dancefloor and music is pumping all night. This is what is known as a “foam party” — a wild and exciting concept that nonetheless many are yet to experience. The concept exploded in popularity in Ibiza in the 1990s, and foam parties are regularly held at nightclubs and festivals the world over.

Foam is generated with the obviously-named foam machine, and these can be readily purchased or hired for anyone wishing to host such an event. However, that’s not the hacker way. If you’re a little ingenious and take heed of the safety precautions, here’s how you can do it yourself.

Continue reading “Building A Foam Machine From A Leaf Blower And A Water Pump”

Hackaday Podcast 025: Of Cheese Graters, Fauxberries, Printed Gears, Power Latching, And Art-Loving AI

June 28, 2019 by 3 Comments

Hackaday Editors Mike Szczys and Elliot Williams dish their favorite hacks from the past week. Seems like everyone is trying to mill their own Mac Pro grille and we love seeing how they go about it. Elliot is gaga over a quintet of power latching circuits, Mike goes crazy for a dough sheeter project, and we dig through the news behind methane on Mars, the Raspberry Pi 4 release, and spoofing Presidential text alerts with SDR. If you like mini-keyboards you need to see the Fauxberry, Artificial Intelligence became an art critic this week, and poorly-lit rooms have been solved with a massive mirror system.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

And note: next week we’re taking a break to go outside and shoot off some 4th of July fireworks, so there will be no podcast and you’ve got some time to listen through our 24 previous episodes for anything you’ve missed.  You’ll hear from us again the week after.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 025: Of Cheese Graters, Fauxberries, Printed Gears, Power Latching, And Art-Loving AI”

Be On Twitter Without Being On Twitter

June 28, 2019 by 1 Comment

Social media can connect us to a vibrant worldwide community, but it is also a huge time sink as it preys on both our need for attention and our insatiable curiosity. Kept on a leash by those constant notification sounds, we can easily look up from our phones to find half a day has gone and we’re behind with our work. [Laura Lytle] has a plan to tackle this problem, her OutBox project involves a single button press machine that posts a picture to Twitter of whatever is put in it. It’s not just another gateway to social media addiction though, she tells us it follows Design For Disuse principles in which it must be powered up and adjusted for each picture, and that it provides no feedback to satisfy the social media craving.

Under the hood of the laser-cut housing reminiscent of an older hobby 3D printer is a Raspberry Pi 3 Model A+ and a webcam, with a ring of LEDs for illumination. On top is the only interface, a small “arm” button to set things up and a big red arcade button to do the business. The software is in Python, and provides glue between resizing the photo, uploading it to a cloud service, and triggering ITTT to do the Tweeting. You can see the whole thing in the video below, and the result is a rather eye-catching device.

Of course, there are other ways to keep yourself off social media.

Continue reading “Be On Twitter Without Being On Twitter”

This Week In Security: Invalid Curve Attacks, OpenSSH Shielded, And More Details On Coinbase

June 28, 2019 by 19 Comments

AMD Epyc processors support Secure Encrypted Virtualization (SEV), a technique that prevents even a hypervisor reading memory belonging to a virtual machine. To pull this off, the encryption and decryption is handled on the fly by the Platform Security Processor (PSP), which is an ARM core that handles processor start-up and many security features of modern AMD processors. The vulnerability announced this week is related to the encryption scheme used. The full vulnerability is math heavy, and really grokking it requires a deeper understanding of elliptical curve cryptography (ECC) than your humble author currently possesses.

During the process of starting a virtual machine, the VM process goes through a key-sharing process with the PSP, using an ECC Diffie-Hellman key exchange. Rather than raising prime numbers to prime exponents, an ECC-DH process bounces around inside an elliptical curve in order to find a shared secret. One of the harder problems to solve when designing an ECC based cryptographic system, is the design of the curve itself. One solution to this problem is to use a published curve that is known to be good. AMD has taken this route in their SEV feature.

The attack is to prime the key exchange with invalid data, and observing the shared key that is generated. A suitably simple initial value will leak information about the PSP’s secret key, allowing an attacker to eventually deduce that key and decrypt the protected memory. If you’d like to bone up on invalid curve attacks, here’s the seminal paper. (PDF)

OpenSSH Shielding

[Damien Miller] of OpenSSH was apparently tired of seeing that project tied to vulnerabilities like Rambleed and Rowhammer, so added a technique he’s calling key-shielding. OpenSSH now encrypts private keys in memory using a 16 kB pre-key. While an attacker with full knowledge of the process’s memory wouldn’t be deterred, the error rate of Rambleed and similar attacks is high enough that the 16 kB of randomness is likely to thwart the attempt to recover the secret key.

Firefox and Coinbase

We mentioned Firefox vulnerabilities and updates last week, and as anticipated, more information is available. [Philip Martin] from Coinbase shared more information on Twitter. Coinbase employees, as well as other cryptocurrency companies, were targeted with fishing emails. These lured employees to a malicious page that attempted to exploit a pair of Firefox vulnerabilities. Coinbase has a security system in place that was able to prevent the exploit, and their security team was able to reverse engineer the attack.

The first vulnerability has been dissected in some detail by a Google security researcher. It’s a weakness in Firefox’s Javascript engine related to type handling. An object is created with one data type, and when that data is changed to another type, not all the data handlers are appropriately updated. Under the hood, a value is assumed to be a pointer, but is actually a double-length value, controlled by the attacker.

The second vulnerability is in the functions used to prompt for user interaction. Specifically the call to “Prompt:Open” isn’t properly validated, and can result in the un-sandboxed Firefox process loading an arbitrary web location. I suspect the sandbox escape is used to run the initial exploit a second time, but this time it’s running outside the sandbox.

Odds and Ends

[Tom] wrote a great intro into how to Impersonate The President With Consumer-Grade SDR, go check it out!

Another city, more ransomware. Riviera Beach, Florida was hit with a ransomware attack, and paid $600,000 in an attempt to get their data back. For a city of 35,000 inhabitants, that’s $17.14 in ransom per man, woman, and child. According to the linked article, though, the city was insured.

Power To The Pi 4: Some Chargers May Not Make The Grade

June 28, 2019 by 66 Comments

The Raspberry Pi 4 has been in the hands of consumers for a few days now, and while everyone seems happy with their new boards there are some reports of certain USB-C power supplies not powering them. It has been speculated that the cause may lie in the use of pulldown resistors on the configuration channel (CC) lines behind the USB-C socket on the Pi, with speculation that one may be used while two should be required. Supplies named include some Apple MacBook chargers, and there is a suggestion is that the Pi may not be the only device these chargers fail to perform for.

Is this something you should be worried about? Almost certainly not. The Pi folks have tested their product with a wide variety of chargers but it is inevitable that they would be unable to catch every possible one. If your charger is affected, try another one.

What it does illustrate is the difficulties faced by anybody in bringing a new electronic product to market, no matter how large or small they are as an organisation. It’s near-impossible to test for every possible use case, indeed it’s something that has happened to previous Pi models. You may remember that the Raspberry Pi 2 could be reset by a camera flash or if you have a very long memory, that the earliest boards had an unseemly fight between two 1.8 V lines that led to a hot USB chip, and neither of those minor quirks dented their board’s ability to get the job done.

Mistakes happen. Making the change to USB-C from the relative simplicity of micro-USB is a big step for all concerned, and it would be a surprise were it to pass entirely without incident. We’re sure that in time there will be a revised Pi 4, and we’d be interested to note what they do in this corner of it.

Yo Dawg, I Heard You Like FPGAs

June 28, 2019 by 12 Comments

When the only tool you have is a hammer, all problems look like nails. And if your goal is to emulate the behavior of an FPGA but your only tools are FPGAs, then your nail-and-hammer issue starts getting a little bit interesting. That’s at least what a group of students at Cornell recently found when learning about the Xilinx FPGA used by a researcher in the 1990s by programming its functionality into another FPGA.

Using outdated hardware to recreate a technical paper from decades ago might be possible, but an easier solution was simply to emulate the Xilinx in a more modern FPGA, the Cyclone V FPGA from Terasic. This allows much easier manipulation of I/O as well as reducing the hassle required to reprogram the device. Once all of that was set up, it was much simpler to perform the desired task originally set up in that 90s paper: using evolutionary algorithms to discriminate between different inputs.

While we will leave the investigation into the algorithms and the I/O used in this project as an academic exercise for the reader, this does serve as a good reminder that we don’t always have to have the exact hardware on hand to get the job done. Old computers can be duplicated on less expensive, more modern equipment, and of course video games from days of yore are a snap to play on other hardware now too.

Thanks to [Bruce Land] for the tip!