Hack The Pentagon, Legally

April 11, 2016 by 26 Comments

The United States Department of Defense just launched the world’s first government-funded bug bounty program named HackThePentagon. Following the example of Facebook, Google, and other big US companies, the DoD finally provides “a legal avenue for the responsible disclosure of security vulnerabilities”.

However, breaking into the Pentagon’s weapon programs will still get you in trouble. This pilot program has a very limited scope of the Pentagon’s cafeteria menu some non-critical systems and is open only between April 18 and May 12 this year. In total, about $150,000 of bounties may be rewarded to responsible hackers.

Anyone can take part in the program, but to receive financial rewards, you need to fulfill a list of criteria. Your profile will undergo a criminal background check and certain restrictions based on your country of residence may apply. Also, to hack into the government’s computer system and get a tax return, you must be a US taxpayer in the first place.

Even though this framework turns the initiative more into one-month hacking contest than a permanently installed bug bounty program, it is certainly a good start. The program itself is hosted on HackerOne, a platform that aims to streamline the process of distributing bug bounties.

IPhone Microscopy And Other Adventures

April 11, 2016 by 31 Comments

CMOS imaging chips have been steadily improving, their cost and performance being driven by the highly competitive smartphone industry. As CMOS sensors get better and cheaper, they get more interesting for hacker lab projects. In this post I’m going to demonstrate a few applications of the high-resolution sensor that you’ve already got in your pocket — or wherever you store your cell phone.

CMOS vs CCD

First lets quickly review image sensors. You’ve probably head of CMOS and CCD sensors, but what’s the difference exactly?

cddandcmos
CCD and CMOS imaging sensors: from this excellent page at CERN.

As the figure above shows, CCD and CMOS sensors are both basically photodiode arrays. Photons that hit regions on the chip are converted into a charge by a photodiode. The difference is in how this charge in shoved around. CCD sensors are analogue devices, the charge is shifted through the chip and out to a single amplifier. CMOS sensors have amplifiers embedded in each cell and also generally include on-chip analogue to digital conversion allowing complete “camera-on-a-chip” solutions.

Because CMOS sensors amplify and move the signal into the digital domain sooner, they can use cheaper manufacturing processes allowing lower-cost imaging chips to be developed. Traditionally they’ve also had a number of disadvantages however, because more circuitry is included in each cell, less space is left to collect light. And because multiple amplifiers are used, it’s harder to get consistent images due to slight fabrication differences between the amplifiers in each cell. Until recently CMOS sensors were considered a low-end option. While CCD sensors (and usually large cooled CCD sensors) are still often preferred for scientific applications with big budgets, CMOS sensors have now however gained in-roads in high performance DSLRs.

Continue reading “IPhone Microscopy And Other Adventures”

Fourier Machine Mimics Michelson Original In Plywood

April 11, 2016 by 4 Comments

It’s funny how creation and understanding interact. Sometimes the urge to create something comes from a new-found deep understanding of a concept, and sometimes the act of creation leads to that understanding. And sometimes creation and understanding are linked together in such a way as to lead in an entirely new direction, which is the story behind this plywood recreation of the Michelson Fourier analysis machine.

For those not familiar with this piece of computing history, it’s worth watching the videos in our article covering [Bill “The Engineer Guy” Hammack]’s discussion of this amazing early 20th-century analog computer. Those videos were shown to [nopvelthuizen] in a math class he took at the outset of degree work in physics education. The beauty of the sinusoids being created by the cam-operated rocker arms and summed to display the output waveforms captured his imagination and lead to an eight-channel copy of the 20-channel original.

Working with plywood and a CNC router, [nopvelthuizen]’s creation is faithful to the original if a bit limited by the smaller number of sinusoids that can be summed. A laser cutter or 3D printer would have allowed for a longer gear train, but we think the replica is great the way it is. What’s more, the real winners are [nopvelthuizen]’s eventual physics students, who will probably look with some awe at their teacher’s skills and enthusiasm.

Continue reading “Fourier Machine Mimics Michelson Original In Plywood”

Hackaday Belgrade Was Hardware Center Of Universe On Saturday

April 11, 2016 by 9 Comments

One of my favorite conversation from Saturday’s Hackaday | Belgrade conference was about border crossing. This guy was saying the border station coming into Serbia needed a separate lane with the Skull and Wrenches on the digital sign since it was obvious the two cars in front of them were also packed with people coming to the con (and all the custom hardware that travels with the Hackaday crowd). The thought of caravans full of hardware hackers were on their way to this epic gathering.

We packed the place, selling at least 50 tickets past our limit in the last few weeks to people who just wanted to get in and didn’t mind not being able to get their hands on one of the sweet badges. I recall meeting people who came from Romania, Bulgaria, Greece, Slovenia, Spain, Italy, Switzerland, USA, Germany, France, UK, and of course Serbia. If you were there and I missed your country let us know in the comments.

Mike Harrison talking about the Eidophor
Mike Harrison talking about the Eidophor

Obviously the main event is the incredible slate of talks that happen at our conferences. We had great presenters at last November’s SuperConference — our first every conference — so we’re delighted to say that our second was just as good. (We anticipate a third this fall.) Hackaday is so thankful for all of the speakers who donated their time and talent to share their knowledge and experience with our worldwide community.

Among my favorites were Seb Lee-Delisle’s talk on his many huge laser and projection mapping installations, Mike Harrison’s drilldown of the absolutely stunning engineering that went into Eidophor projector systems, Dejan Ristanovic’s fascinating talk about the on-again off-again history of Internet in Serbia, Sophi Kravitz’s collaborative work with polarizing materials, and Voja Antonic’s talk on the many trials of designing the conference badge which cleared out the world’s stock of more than one type of Kingbrite LED modules. If you missed the live stream of these talks don’t worry, we recorded all of them. It will take a bit of time to edit and post them so keep your eyes on the front page.

Continue reading “Hackaday Belgrade Was Hardware Center Of Universe On Saturday”

Continuing The Dialog: “It’s Time Software People And Mechanical People Had A Talk”

April 11, 2016 by 59 Comments

A while back I wrote a piece titled, “It’s Time the Software People and Mechanical People Sat Down and Had a Talk“. It was mostly a reaction to what I believe to be a growing problem in the hacker community. Bad mechanical designs get passed on by what is essentially digital word of mouth. A sort of mythology grows around these bad designs, and they start to separate from science. Rather than combat this, people tend to defend them much like one would defend a favorite band or a painting. This comes out of various ignorance, which were covered in more detail in the original article.

There was an excellent discussion in the comments, which reaffirmed why I like writing for Hackaday so much. You guys seriously rock. After reading through the comments and thinking about it, some of my views have changed. Some have stayed the same.

It has nothing to do with software guys.

being-wrong-quoteI definitely made a cognitive error. I think a lot of people who get into hardware hacking from the hobby world have a beginning in software. It makes sense, they’re already reading blogs like this one. Maybe they buy an Arduino and start messing around. It’s not long before they buy a 3D printer, and then naturally want to contribute back.

Since a larger portion of amateur mechanical designers come from software, it would make sense that when I had a bad interaction with someone over a design critique, they would be end up coming at it from a software perspective. So with a sample size too small, that didn’t fully take into account my positive interactions along with the negative ones, I made a false generalization. Sorry. When I sat down to think about it, I could easily have written an article titled, “It’s time the amateur mechanical designers and the professionals had a talk.” with the same point at the end.

Though, the part about hardware costs still applies.

I started out rather aggressively by stating that software people don’t understand the cost of physical things. I would, change that to: “anyone who hasn’t designed a physical product from napkin to market doesn’t understand the cost of things.”

Continue reading “Continuing The Dialog: “It’s Time Software People And Mechanical People Had A Talk””

Apple Aftermath: Senate Entertains A New Encryption Bill

April 11, 2016 by 62 Comments

If you recall, there was a recent standoff between Apple and the U. S. Government regarding unlocking an iPhone. Senators Richard Burr and Dianne Feinstein have a “discussion draft” of a bill that appears to require companies to allow the government to court order decryption.

Here at Hackaday, we aren’t lawyers, so maybe we aren’t the best source of legislative commentary. However, on the face of it, this seems a bit overreaching. The first part of the proposed bill is simple enough: any “covered entity” that receives a court order for information must provide it in intelligible form or provide the technical assistance necessary to get the information in intelligible form. The problem, of course, is what if you can’t? A covered entity, by the way, is anyone from a manufacturer, to a software developer, a communications service, or a provider of remote computing or storage.

There are dozens of services (backup comes to mind) where only you have the decryption keys and there is nothing reasonable the provider can do to get your data if you lose your keys. That’s actually a selling point for their service. You might not be anxious to backup your hard drive if you knew the vendor could browse your data when they wanted to do so.

The proposed bill has some other issues, too. One section states that nothing in the document is meant to require or prohibit a specific design or operating system. However, another clause requires that covered entities provide products and services that are capable of complying with the rule.

A broad reading of this is troubling. If this were law, entire systems that don’t allow the provider or vendor to decrypt your data could be illegal in the U. S. Whole classes of cybersecurity techniques could become illegal, too. For example, many cryptography systems use the property of forward secrecy by generating unrecorded session keys. For example, consider an SSH session. If someone learns your SSH key, they can listen in or interfere with your SSH sessions. However, they can’t take recordings of your previous sessions and decode them. The mechanism is a little different between SSHv1 (which you shouldn’t be using) and SSHv2. If you are interested in the gory details for SSHv2, have a look at section 9.3.7 of RFC 4251.

In all fairness, this isn’t a bill yet. It is a draft and given some of the definitions in section 4, perhaps they plan to expand it so that it makes more sense, or – at least – is more practical. If not, then it seems to be an indication that we need legislators that understand our increasingly technical world and have some understanding of how the new economy works. After all, we’ve seen this before, right? Many countries are all too happy to enact and enforce tight banking privacy laws to encourage deposits from people who want to hide their money. What makes you think that if the U. S. weakens the ability of domestic companies to make data private, that the business of concealing data won’t just move offshore, too?

If you were living under a rock and missed the whole Apple and FBI controversy, [Elliot] can catch you up. Or, you can see what [Brian] thought about Apple’s response to the FBI’s demand.

Colorful Fan And LED Controller For 3D Printer

April 11, 2016 by 5 Comments

[Dave] just couldn’t take the ambient noise from his Lulzbot Mini anymore, so he built a fancy fan controller for it.

He measured some points on the printer’s Rambo controller board to see what actually got hot during a print. The hottest components were the motor drivers, so he taped a thermistor to them. He also placed one in the printer’s power supply. He replaced the main fan with a low noise model from Noctua (which have the most insanely fancy packaging you could imagine for a computer fan). The software on an Arduino Nano now idles the fan at an inaudible 650RPM, if an unacceptable temperature increase is detected, it increases the fan speed for a period, keeping everything nice and quietly cool.

The graphics display was added because, “why not?” A classic reason. The graphics runs on a hacked version of Adafruit’s library. It took him quite a while to get the graphics coded, but they add that extra bit of high-tech flair to keep the cool factor of the 3d printer up before they become as ubiquitous as toasters in the home. The code, fritzing board layout, 3D models, and a full build log is available at his site.