Faulty ESP8266s Release Smoke, Then Keep Working?

[Ray] is in a bit of a pickle. All appeared well when he began selling an ESP8266-based product, but shortly thereafter some of them got hot and let the smoke out. Not to worry, he recommends ignoring the problem since once the faulty components have vaporized the device will be fine.

The symptom lies in the onboard red power indicator LED smoking. (Probably) nothing is wrong with the LED, because upon testing the batch he discovered its current limiting resistor is sometimes a little bit low to spec. Off by a hair of, oh, call it an even 1000x.

HAD - HotESPY3Yep, the 4700 ohm resistor is sometimes replaced with a 4.7 ohm. Right across the power rail. That poor little LED is trying to dissipate half a watt on a pinhead. Like a sparrow trying to slow a sledgehammer, it does not end well. Try not to be too critical, pick ‘n place machines have rough days now and then too and everyone knows those reels look practically the same!

The good news is that the LED and resistor begin a thermal race and whoever wins escapes in the breeze. Soon as the connection cuts the heat issue disappears and power draw drops back to normal. Everything is fine unless you needed that indicator light. Behold – there are not many repairs you can make with zero tools, zero effort, and only a few seconds of your time.

[Ray] also recommends measuring and desoldering the resistor or LED if you are one of the unlucky few, or, if worst comes to worst, he has of course offered to replace the product too. He did his best to buy from authentic vendors and apologizes to the few customers affected. As far as he knows no one else has had this problem yet so he wanted to share it with the community here on Hackaday as soon as possible. Keep an eye out.

If you have never seen smoke ISO9001-certified electronics repair before, there is a short video of this particular disaster upgrade caught live on tape after the break.

Continue reading “Faulty ESP8266s Release Smoke, Then Keep Working?”

Moonpig

When Responsible Disclosure Isn’t Enough

Moonpig is a well-known greeting card company in the UK. You can use their services to send personalized greeting cards to your friends and family. [Paul] decided to do some digging around and discovered a few security vulnerabilities between the Moonpig Android app and their API.

First of all, [Paul] noticed that the system was using basic authentication. This is not ideal, but the company was at least using SSL encryption to protect the customer credentials. After decoding the authentication header, [Paul] noticed something strange. The username and password being sent with each request were not his own credentials. His customer ID was there, but the actual credentials were wrong.

[Paul] created a new account and found that the credentials were the same. By modifying the customer ID in the HTTP request of his second account, he was able to trick the website into spitting out all of the saved address information of his first account. This meant that there was essentially no authentication at all. Any user could impersonate another user. Pulling address information may not sound like a big deal, but [Paul] claims that every API request was like this. This meant that you could go as far as placing orders under other customer accounts without their consent.

[Paul] used Moonpig’s API help files to locate more interesting methods. One that stood out to him was the GetCreditCardDetails method. [Paul] gave it a shot, and sure enough the system dumped out credit card details including the last four digits of the card, expiration date, and the name associated with the card. It may not be full card numbers but this is still obviously a pretty big problem that would be fixed immediately… right?

[Paul] disclosed the vulnerability responsibly to Moonpig in August 2013. Moonpig responded by saying the problem was due to legacy code and it would be fixed promptly. A year later, [Paul] followed up with Moonpig. He was told it should be resolved before Christmas. On January 5, 2015, the vulnerability was still not resolved. [Paul] decided that enough was enough, and he might as well just publish his findings online to help press the issue. It seems to have worked. Moonpig has since disabled its API and released a statement via Twitter claiming that, “all password and payment information is and has always been safe”. That’s great and all, but it would mean a bit more if the passwords actually mattered.

Measuring The Planck Constant With Lego

For nearly 130 years, the kilogram has been defined by a small platinum and iridium cylinder sitting in a vault outside Paris. Every other unit of measurement is defined by reproducible physical phenomenon; the second is a precise number of oscillations of a cesium atom, and a meter is the length light travels in 1/299792458th of a second. Only the kilogram is defined by an actual object, until NIST and the International Committee of Weights and Measures defines it as a function of the Planck constant. How do you measure the Planck constant? With a Watt balance. How do you build a Watt balance? With Lego, of course.

A Watt balance looks like a double-armed scale where one weight can be compared to another weight of known mass. Instead of using two arms, a Watt balance only has one arm, brought into balance by a current flowing through a coil. The mechanical power in the balance – brought about by whatever is on the balance plate – can then be compared to the electrical power, and eventually the Planck constant. This will soon be part of the formal definition of the kilogram, and yes, a machine to measure this can be made out of Lego.

The only major non-Lego parts in the Lego Watt balance are a few coils of wire wound around a PVC pipe and a few neodymium magnets. These are placed on both arms of the balance, and a pair of lasers are used to make sure both arms of the balance are level. Data are collected by measuring the coils through a few analog pins on a Labjack and a Phidget. Once the voltage and current induced in each coil is measured, the Wattage can be calculated, then the Planck constant, and finally how close the mass on the balance pan is to a real, idealized kilogram. Despite being made out of Lego, this system can measure a gram mass to 1% uncertainty.

The authors have included a list of Lego parts, most of which could be found in any giant tub of Lego in an 8-year-old’s closet. The only really expensive item on the BOM is a 16-bit USB DAQ; apart from that, it’s something anyone can build.

Thanks [Matt] for the tip.

Best Of The Dinosaur Den 2014

If you haven’t been watching The Dinosaur Den, shame on you. This joint enterprise between [Fran Blanche] and our very own [Bil Herd] premiered in July and it is, simply put, the duck’s guts. In spite of being introduced to each other just a few months before the first episode, they banter like old friends. When they’re not riffing off each other, they’re giving a show and tell of all kinds of vintage technology. Most importantly, they’re always wearing really cool t-shirts.

Hot on the heels of their excellent holiday special comes this Best of the Dinosaur Den 2014 highlight reel. Some of our favorite bits are from said holiday special, because they spent the whole hour talking about their best-loved toys from holidays past, most of which started them on their paths to greatness. Come for the t-shirts, stay for the Zaxxon tabletop arcade and the toy that probably inspired LittleBits. Check out the best-of after the break, and then cook a Hot Pocket or something and watch them all. You’re pretty much guaranteed to learn something cool and/or useful.

Continue reading “Best Of The Dinosaur Den 2014”

“Superfan” Gaming Peripheral Lets You Feel Your Speed

Virtual reality has come a long way but some senses are still neglected. Until Smell-O-Vision happens, the next step might be feeling the wind in your hair. Perhaps dad racing a sportbike or kids giggling on a rollercoaster. Not as hard to build as you might think, you probably have the parts already.

HAD - Superfan4Off-the-shelf devices serve up the seeing and hearing part of your imaginary environment, but they stop there. [Jared] wanted to take the immersion farther by being able to feel the speed, which meant building his own high power wind generator and tying it into the VR system. The failed crowdfunding effort of the “Petal” meant that something new would have to be constructed. Obviously, to move air without actually going on a rollercoaster requires a motor controller and some fans. Powerful fans.

A proponent of going big or going home, [Jared] picked up a pair of fans and modified them so heavily that they will launch themselves off of the table if not anchored down. Who overdrives fans so hard they need custom heatsinks for the motors? He does. He admits he went overboard and sensibly way overbudget for most people but he built it for himself and does not care.

Continue reading ““Superfan” Gaming Peripheral Lets You Feel Your Speed”

Global Space Balloon Challenge

Looking for a reason to put up a balloon and payload into near-space? Not that one’s necessary, but the Global Space Balloon Challenge has got a variety of good reasons for you to do so, in the form of prizes and swag from their sponsors. Go for highest altitude, best photograph, longest ground track, best on-board science payload, or a bunch more. Have a look through the gallery to check out last year’s winners, including teams that dropped a 3ft paper airplane or floated an R2D2 replica.

Basically all you need to do is register on their website and then go fly a high-altitude balloon between April 10th and 27th. Last year 60 teams took part, and this year they’ve already got 90 teams from 31 countries.

And if you’re just getting into the (hobby? sport?) of high-altitude ballooning, be sure to check out their tutorials and forum. Of course Hackaday has been covering folks’ near-space balloon efforts for a while now too, so you’ve got plenty of reading.

So what are you waiting for? Helium’s not getting any cheaper and spring is on its way. Start planning your balloon launch now.

Name of the game

Repairing And Reviewing A 1976 PONG Clone

Hackaday alum [Todd] has been searching for an old PONG clone for the last two years. This variant is called, “The Name of the Game”. [Todd] has fond memories of playing this game with his sister when they were young. Unfortunately, being the hacker that he is, [Todd] tore the game apart when he was just 14 to build his own Commodore 64 peripherals. He’s been wanting to make it up to his sister ever since, and he finally found a copy of this game to give to his sister last Christmas.

After opening up the box, [Todd] quickly noticed something strange with the power connector. It looked a bit charred and was wiggling inside of the enclosure. This is indicative of a bad solder joint. [Todd] decided he’d better open it up and have a look before applying power to the device.

It was a good thing he did, because the power connector was barely connected at all. A simple soldering job fixed the problem. While the case was still opened, [Todd] did some sleuthing and noticed that someone else had likely made repairs to several other solder joints. He also looked for any possible short circuits, but everything else looked fine. The system ended up working perfectly the first time it was started.

The end of the video shows that even after all this time, simple games like this can still capture our attention and be fun to play for hours at a time. [Todd] is working on part 2 of this series, where he’ll do a much more in-depth review of the system. You can watch part 1 below. Continue reading “Repairing And Reviewing A 1976 PONG Clone”