Spare RPi? You Have A Currency Trading Platform

October 17, 2017 by 29 Comments

While Bitcoin and other altcoins are all the rage these days, there is still a lot of activity in the traditional currency exchanges. Believe it or not, there’s money to be made there as well, although it rarely makes fanciful news stories like cryptocurrency has been. Traditional currency trading can be done similar to picking stocks, but if you’d rather automate your particular trading algorithm you can set up a Raspberry Pi to make money by trading money.

This particular project by [dmitry] trades currency on the Forex exchange using an already-existing currency trading software package called MetaTrader. This isn’t an ARM-compatible software suite though, so some auxiliary programs (Wine and ExaGear Desktop) need to be installed to get it working properly. From there, its easy enough to start trading in government-backed currency while reaping all of the low-power-usage benefits that the Pi offers.

[dmitry] does note that you can easily use MetaTrader on a standard laptop, but you might be tempted to go against your trading algorithms and even then you won’t be reaping the power benefits of the ARM processor. We don’t see too many traditional currency or stock trading tips around here, but don’t forget that it’s still possible to mine some types of cryptocurrency even if BitCoin is out of reach of most now.

Hackaday Prize Entry: Playing With USB Power Delivery

October 17, 2017 by 29 Comments

USB Power Delivery is the technology that’s able to pump 100 Watts down a USB cable. It’s been around for half a decade now, but only in the last few years have devices and power supplies supporting USB PD shown up on the market. This is a really interesting technology, and we can’t wait to see the outcome of people messing around with five amps flowing through a cable they picked up at the dollar store, but where are the DIY solutions to futz around with USB PD?

For his Hackaday Prize entry, [Clayton] is doing just that. He’s built a tiny little power jack for USB PD that has a USB type-C plug on one end and a pair of screw terminals on the other. It’s the USB PD Buddy Sink, and once we find some cheap 100 Watt USB power adapters, this is going to be an invaluable tool.

Getting 100 Watts out of a USB charger is a bit more complex than just soldering a few wires together. The power delivery must be negotiated, and for that [Clayton] is using a simple, cheap STM32F0 ARM microcontroller. Plugging into a USB bus is a bit more complicated, but luckily On Semi has a neat little programmable USB Type-C controller PHY that does all the work. Throw in a few MOSFETS and other ancillary parts, and you have a simple, small 100 Watt power supply that plugs right into your new fancy laptop charger.

The design of the USB PD Buddy Sink is complete, and [Clayton] has a bunch of these on hand. He’s selling them on Tindie, but it’s also a great entry to the Hackaday Prize.

The HackadayPrize2017 is Sponsored by:

Microsoft Bug Tracking Hacked

October 17, 2017 by 15 Comments

It seems that the database containing descriptions of critical and unfixed bugs and/or vulnerabilities in some of the most widely used software in the world, including the Windows operating system, was hacked back in 2013. This database is basically gold for any security researcher, regardless of the color of their hat. To know which programs fail and the preconditions for that to happen is half an exploit right there.

Microsoft discovered the database breach in early 2013 after the highly skilled hacking group Morpho a.k.a. Butterfly a.k.a. Wild Neutron broke into computers at a number of major tech companies, including Apple, Facebook, and Twitter. The group exploited a flaw in the Java programming language to penetrate employees’ Apple Macintosh computers and then use them as pivots into the company internal network.

Official sources say that the Microsoft bug database was poorly protected, with access possible via little more than a password. Four years later, we have official confirmation that it happened. To measure the breach impact, Microsoft started a study to correlate the potential flaws in their databases and subsequent attacks. The study found that the flaws in the stolen database were actually used in cyber attacks, but Microsoft argued the hackers could have obtained the information elsewhere, and that there’s “no evidence that the stolen information had been used in those breaches.”

There is really no way to know besides asking the actual hacking group, which will most likely not happen… unless they are HaD readers, in this case they can feel free to comment.

[via Reuters]

Bad RSA Library Leaves Millions Of Keys Vulnerable

October 17, 2017 by 20 Comments

So, erm… good news everyone! A vulnerability has been found in a software library responsible for generating RSA key pairs used in hardware chips manufactured by Infineon Technologies AG. The vulnerability, dubbed ROCA, allows for an attacker, via a Coppersmith’s attack, to compute the private key starting with nothing more than the public key, which pretty much defeats the purpose of asymmetric encryption altogether.

Affected hardware includes cryptographic smart cards, security tokens, and other secure hardware chips produced by Infineon Technologies AG. The library with the vulnerability is also integrated in authentication, signature, and encryption tokens of other vendors and chips used for Trusted Boot of operating systems. Major vendors including Microsoft, Google, HP, Lenovo, and Fujitsu already released software updates and guidelines for mitigation.

The researchers found and analysed vulnerable keys in various domains including electronic citizen documents (750,000 Estonian identity cards), authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP. The currently confirmed number of vulnerable keys found is about 760,000 but could be up to two to three orders of magnitude higher.

Devices dating back to at least 2012 are affected, despite being NIST FIPS 140-2 and CC EAL 5+ certified.. The vulnerable chips were not necessarily sold directly by Infineon Technologies AG, as the chips can be embedded inside devices of other manufacturers.

Continue reading “Bad RSA Library Leaves Millions Of Keys Vulnerable”

3D Prints And Food

October 17, 2017 by 55 Comments

We recently ran a post about a cute little 3D printed elephant that could dispense booze. The design didn’t actually have the plastic touching the liquid — there was a silicone tube carrying the shots. However, it did spark a conversation at the secret Hackaday bunker about how safe it is to use 3D printed objects for food. In particular, when I say 3D printing, I’m talking fused deposition modeling. Yes, there are other technologies, but most of us are printing using filament laid out in layers with a hot nozzle.

There’s a common idea that ABS is bad in general, but that PET and PLA are no problem because there are food-safe versions of those plastics available. However, the plastic is only a small part of the total food safety picture. Let me be clear: I am not a medical professional and although my computers have run a few plastics plants in years past, I am not really an expert on polymer chemistry, either. However, I don’t use 3D printed materials to hold or handle food and while you might not drop dead if you do, you might want to reconsider.

Continue reading “3D Prints And Food”

Stripping 3D Printed Gears For Science

October 17, 2017 by 33 Comments

While 3D printing is now well on its way to becoming “boring” in the same way that a table saw or lathe is, there was a time when the media and even some early adopters would have told you that the average desktop 3D printer was perhaps only a few decades behind the kind of replicator technology we saw on the Enterprise. But as the availability of these machines increased and more people got to see one up close, reality sunk in pretty quickly.

Many have dismissed the technology as little more than a novelty, and even within the 3D printing community itself there’s a feeling that most printers are used for little more than producing “dust collectors”. Some would see this attitude as disheartening, but the hackers over at [Gear Down For What?] see it as a challenge. They’ve made it their mission to push printed parts to increasingly ridiculous heights to show just what the technology is capable of, and in their latest entry, set out to push a pair of 3D printed gearboxes to failure.

The video starts out with a head to head challenge between two of their self-designed gearboxes. As they were spun up with battery powered drills, the smaller of the two quickly gave up the ghost, stripping out at 228 lbs. The victor of the first round then went on to pull a static load, only to eventually max out the scale at an impressive 680 lbs.

The gearbox may have defeated the scale, but the goal of the experiment was to run it to failure. By rigging up a compound pulley arrangement, they were able to double the amount of force their scale could detect. With this increased capacity the gearbox was then run up to an astonishing 1,000 lbs before it started to slip.

But perhaps the most impressive: after they got the gearbox disassembled, it was discovered that only a single planet gear out of the ten had broken. Even then, judging by how the gear sheared, the issue was more likely due to poor layer adhesion during printing than from stress alone. No gears were stripped, and in fact no visible damage was seen anywhere in the mechanism. The team is currently unable to explain the failure, other than to say that the stresses may have been so great that the plastic deformed enough that the gears were no longer meshed tightly.

This isn’t the first time we’ve checked in with the team at [Gear Down For What?], just a few months ago they impressed us by lifting an anvil with one of their printed mechanisms. They’re also not the only ones curious to find out just how far 3D printed plastic can go.

Continue reading “Stripping 3D Printed Gears For Science”

TeensyStep – Fast Stepper Library For Teensy

October 17, 2017 by 27 Comments

The Teensy platform is very popular with hackers — and rightly so. Teensys are available in 8-bit and 32-bit versions, the hardware has a bread-board friendly footprint, there are a ton of Teensy libraries available, and they can also run standard Arduino libraries. Want to blink a lot of LED’s? At very fast update rates? How about MIDI? Or USB-HID devices? The Teensy can handle just about anything you throw at it. Driving motors is easy using the standard Arduino libraries such as Stepper, AccelStepper or Arduino Stepper Library.

But if you want to move multiple motors at high micro-stepping speeds, either independently or synchronously and without step loss, these standard libraries become bottlenecks. [Lutz Niggl]’s new TeensyStep fast stepper control library offers a great improvement in performance when driving steppers at high speed. It works with all of the Teensy 3.x boards, and is able to handle accelerated synchronous and independent moves of multiple motors at the high pulse rates required for micro-stepping drivers.

The library can be used to turn motors at up to 300,000 steps/sec which works out to an incredible 5625 rpm at 1/16 th micro-stepping. In the demo video below, you can see him push two motors at 160,000 steps/sec — that’s 3000 rpm — without the two arms colliding. Motors can be moved either independently or synchronously. Synchronous movement uses Bresenham’s line algorithm to plan motor movements based on start and end positions. While doing a synchronous move, it can also run other motors independently. The TeensyStep library uses two class objects. The Stepper class does not require any system resources other than 56 bytes of memory. The StepControl class requires one IntervallTimer and two channels of a FTM  (FlexTimer Module) timer. Since all supported Teensys implement four PIT timers and a FTM0 module with eight timer channels, the usage is limited to four StepControl objects existing at the same time. Check out [Lutz]’s project page for some performance figures.

As a comparison, check out Better Stepping with 8-bit Micros — this approach uses DMA channels as high-speed counters, with each count sending a pulse to the motor.

Thanks to [Paul Stoffregen] for tipping us off about this new library. Continue reading “TeensyStep – Fast Stepper Library For Teensy”