A white male in a green shirt sitting next to a tall rectangular robot made of green and black components with an aluminum frame. In front of him are a variety of components from several windshield wiper motor assemblies. Casings, gearboxes, and the like are strewn across the wooden table.

A Wiper Motor 101

February 2, 2024 by 22 Comments

Need a powerful electric motor on the cheap? [Daniel Simu] and his friend [Werner] show us the ins and outs of using windshield wiper motors.

Through many examples and disassembled components, the duo walk us through some of the potential uses of wiper motors to power a project. Some of the nuggets we get are the linear relationship of torque to current (10-15A max) and speed to voltage (12-15V DC) on these units, and some of the ways the wiring in these motors is a little different than a simple two wire DC motor.

They also discuss some of their favorite ways to control the motors ranging from a light switch to an Arduino. They even mention how to turn one into a big servo thanks to a project on Hackaday.io and a few modifications of their own. [Simu] also discusses some of the drawbacks of wiper motors, the most evident being that these motors use nylon gears which are prone to stripping or failing in other ways when subjected to high torque conditions for too long.

If you recognize [Simu], it may be from his robotic acrobat built with wiper motors. Want to see some more wiper motor hacks? How about a 3D scanner or making sure your wipers always keep the beat?

Continue reading “A Wiper Motor 101”

Read QR Codes Without A Computer

January 22, 2024 by 23 Comments

Did you ever watch Star Wars and wondered how people understood what R2D2 was saying? Maybe [Luke Skywalker] would enjoy learning to decode QR Codes by hand, too. While it might not be very practical, it would be a good party trick — assuming, like us, you party with nerds.

You can start by scanning a code, or the site will create one according to your specifications or generate one randomly. It then takes the selected code and shows you how it is put together. Fun fact: 21×21 “modules” (QR-speak for pixels) is the size of a version 1 QR code. Each version increases the size by four modules.

Continue reading “Read QR Codes Without A Computer”

X-Ray Investigations Hack Chat

January 22, 2024 by 7 Comments

Join us on Wednesday, January 24 at noon Pacific for the X-Ray Investigation Hack Chat with Ahron Wayne!

It’s hard to imagine a world where we didn’t figure out how to use X-rays to peer inside things. Before Röntgen’s discovery that X-rays could penetrate living tissue, doctors had only limited (and often unpleasant) ways to get a look at what was going on inside the human body, and few of us would want to return to those days.

As fantastically useful as X-rays and later computed tomography (CT) became in medicine, it didn’t take too long for other uses for the technology to come along. Non-clinical applications for X-ray and CT abound, including their use in non-invasively exploring relics of immense archaeological value. One recent effort in this space that gained a lot of coverage in the press was the combination of CT imaging and machine learning to read the ink inside carbonized papyrus scrolls from the ruins of Pompeii.

join-hack-chatThe result was the “Vesuvius Challenge,” where different teams looked for techniques to virtually unwrap the roasted relics. Ahron’s contribution to the project was a little unusual — he bought a used desktop CT scanner, fixed it up, and started experimenting with reading ink from the carbonized remains of simulated papyrus scrolls. In other words, he made some scrolls, cooked them to beyond well-done in the oven, and tried to understand what happens to ink on papyrus that gets blasted by a volcano. If that’s not enough to get you to stop by the Hack Chat when Ahron joins us, we’re not sure what else would be! Suffice it to say we’re pretty excited about what Ahron has to say about DIY CT,  X-rays, collaborative open-source citizen science, and unwrapping the mysteries of Pompeii.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, January 24 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Featured image: Daderot, CC0, via Wikimedia Commons

This Week In Security: AI Is Terrible, Ransomware Wrenches, And Airdrop

January 12, 2024 by 8 Comments

So first off, go take a look at this curl bug report. It’s a 8.6 severity security problem, a buffer overflow in websockets. Potentially a really bad one. But, it’s bogus. Yes, a strcpy call can be dangerous, if there aren’t proper length checks. This code has pretty robust length checks. There just doesn’t seem to be a vulnerability here.

OK, so let’s jump to the punch line. This is a bug report that was generated with one of the Large Language Models (LLMs) like Google Bard or ChatGPT. And it shouldn’t be a surprise. There are some big bug bounties that are paid out, so naturally people are trying to leverage AI to score those bounties. But as [Daniel Stenberg] point out, LLMs are not actually AI, and the I in LLM stands for intelligence.

There have always been vulnerability reports of dubious quality, sent by people that either don’t understand how vulnerability research works, or are willing to waste maintainer time by sending in raw vulnerability scanner output without putting in any real effort. What LLMs do is provide an illusion of competence that takes longer for a maintainer to wade through before realizing that the claim is bogus. [Daniel] is more charitable than I might be, suggesting that LLMs may help with communicating real issues through language barriers. But still, this suggests that the long term solution may be “simply” detecting LLM-generated reports, and marking them as spam. Continue reading “This Week In Security: AI Is Terrible, Ransomware Wrenches, And Airdrop”

37C3: The Tech Behind Life With Quadraplegia

January 9, 2024 by 21 Comments

While out swimming in the ocean on vacation, a big wave caught [QuadWorker], pushed him head first into the sand, and left him paralyzed from the neck down. This talk isn’t about injury or recovery, though. It’s about the day-to-day tech that makes him able to continue living, working, and travelling, although in new ways. And it’s a fantastic first-hand insight into how assistive technology works for him.

If you can only move your head, how do you control a computer? Surprisingly well! A white dot on [QuadWorker]’s forehead is tracked by a commodity webcam and some software, while two button bumpers to the left and right of his head let him click with a second gesture. For cell phones, a time-dependent scanner app allows him to zero in successively on the X and Y coordinates of where he’d like to press. And naturally voice recognition software is a lifesaver. In the talk, he live-demos sending a coworker a text message, and it’s almost as fast as I could go. Shared whiteboards allow him to work from home most of the time, and a power wheelchair and adapted car let him get into the office as well.

The lack of day-to-day independence is the hardest for him, and he says that they things he misses most are being able to go to the bathroom, and also to scratch himself when he gets itchy – and these are yet unsolved problems. But other custom home hardware also plays an important part in [QuadWorker]’s setup. For instance, all manner of home automation allows him to control the lights, the heat, and the music in his home. Voice-activated light switches are fantastic when you can’t use your arms.

This is a must-watch talk if you’re interested in assistive tech, because it comes direct from the horse’s mouth – a person who has tried a lot, and knows not only what works and what doesn’t, but also what’s valuable. It’s no surprise that the people whose lives most benefit from assistive tech would also be most interested in it, and have their hacker spirit awakened. We’re reminded a bit of the Eyedrivomatic, which won the 2015 Hackaday Prize and was one of the most outstanding projects both from and for the quadriplegic community.

Continue reading “37C3: The Tech Behind Life With Quadraplegia”

Hackaday Podcast Episode 248: Cthulhu Clock Radio Transharmonium, Thunderscan, And How To Fill Up In Space

December 15, 2023 by No comments

This week, Elliot sat down with Dan for the penultimate podcast of 2023, and what a week it was. We started with news about Voyager; at T+46 years from launch, any news tends to be bad, and the latest glitch has everyone worried. We also took a look at how close the OSIRIS-REx mission came to ending in disaster, all for want of consistent labels.

Elliot was charmed by a Cthulhu-like musical instrument, while Dan took a shine to a spark gap transmitter that’s probably on the FCC’s naughty list. Any sufficiently advanced technology is indistinguishably from magic, and we looked at the laser made possible by the magician-in-chief himself, C.V. Raman. Why would you stuff a PSU full of iron filings? Probably for the same reason you’d print fake markings on a 6502 chip. We also took a look at the chemistry and history of superglue, a paper tape reader that could lop off your arm, and rocket gas stations in space.

 

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 248: Cthulhu Clock Radio Transharmonium, Thunderscan, And How To Fill Up In Space”

This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints

December 1, 2023 by 18 Comments

We’re back! And while the column took a week off for Thanksgiving, the security world didn’t. The most pressing news is an issue in Owncloud, that is already under active exploitation.

The problem is a library that can be convinced to call phpinfo() and include the results in the page response. That function reveals a lot of information about the system Owncloud is running on, including environment variables. In something like a Docker deployment, those environment variables may contain system secrets like admin username and password among others.

Now, there is a bit of a wrinkle here. There is a public exploit, and according to research done by Greynoise Labs, that exploit does not actually work against default installs. This seems to describe the active exploitation attempts, but the researcher that originally found the issue has stated that there is a non-public exploit that does work on default installs. Stay tuned for this other shoe to drop, and update your Owncloud installs if you have them. Continue reading “This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints”