Change The Jingle In Your Makita Charger Because You Can

Lots of things beep these days. Washing machines, microwaves, fridge — even drill battery chargers. If you’re on Team Makita, it turns out you can actually change the melody of your charger’s beep, thanks to a project from [Real-Time-Kodi].

The hack is for the Makita DR18RC charger, and the implementation of the hack is kind of amusing. [Real-Time-Kodi] starts by cutting the trace to the buzzer inside the charger. Then, an Arduino is installed inside the charger, hooked up to the buzzer itself and the original line that was controlling it. When it detects the charger trying to activate the buzzer, it uses this as a trigger to play its own melody on the charger instead. The Arduino also monitors the LEDs on the charger in order to determine the current charge state, and play the appropriate jingle for the situation.

It’s an amusing hack, and one that could certainly confuse the heck out of anyone expecting the regular tones out of their Makita charger. It also shows that the simple ways work, too — there was no need to dump any firmware or decompile any code.

Continue reading “Change The Jingle In Your Makita Charger Because You Can”

Slime Mold-Powered Smart Watches See Humans Fall In Love With The Goo

Humans are very good at anthropomorphising things. That is, giving them human characteristics, like ourselves. We do it with animals—see just about any cartoon—and we even do it with our own planet—see Mother Nature. But we often extend that courtesy even further, giving names to our cars and putting faces on our computers as well.

A recent study has borne this out in amusing fashion. Researchers at the University of Chicago found that human attitudes towards a device can change if they are required to take actions to look after it. Enter the slime mold smartwatch, and a gooey, heartwarming story of love and care between human and machine, mediated by mold.

Continue reading “Slime Mold-Powered Smart Watches See Humans Fall In Love With The Goo”

Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5

Hackaday Editors Elliot Williams and Tom Nardi discuss all the week’s best and most interesting hacks and stories, starting with Canada’s misguided ban on the Flipper Zero for being too spooky. From there they’ll look at the state-of-the-art in the sub-$100 3D printer category, Apple’s latest “Right to Repair” loophole, running UNIX on the NES (and how it’s different from Japan’s Famicom), and the latency of various wireless protocols.

After singing the praises of the new Bus Pirate 5, discussion moves on to embedded Linux on spacecraft, artfully lifting IC pins, and the saga of the blue LED. Finally you’ll hear the how and why behind electrical steel, and marvel at a Mach 10 missile that (luckily) never needed to be used.

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5”

Compact Cycloidal Drive Lives Inside This Custom Brushless Motor

With the popularity of robot dogs, many people have gotten on the bandwagon and tried building DIY versions. Most of them end up attaching a gearbox to an off-the-shelf brushless motor and call it a day. Not everyone goes that way, though, which is why this internal cycloidal drive actuator caught our eye.

Taking design cues from the MIT Mini Cheetah, [Aaed Musa] approached his actuator from the inside out, literally. His 3D printed cycloidal gearbox is designed to fit inside the stator of a BLDC motor. And not just any BLDC motor, but one built mostly from scratch using a hand-wound — and unwound, and wound again — stator along with a rotor that started as a printed part but was eventually machined from steel. Apart from its fixed ring, the cycloidal drive was mostly 3D printed, with everything fitting nicely inside the stator.

The video below shows the design and assembly process as well as testing of the finished drive. It seems to do really well with speed and positional accuracy, and it delivers a substantial amount of torque. Maybe a little too much, though; testing it with a heavy weight on the end of an arm got the stator coils hot enough to warp the printed parts within. But no matter; this was only a prototype after all. [Aaed] says improvements are in the works, including replacing all the plastic parts with metal ones.

Need a little background on cycloidal drives? They’re pretty cool.

Continue reading “Compact Cycloidal Drive Lives Inside This Custom Brushless Motor”

This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!

Reading through a vulnerability report about ClamAV, I came across a phrase that filled me with dread: “The file name is not sanitized”. It’s a feature, VirusEvent, that can be enabled in the ClamnAV config. And that configuration includes a string formatting function, where the string includes %v and %s, which gets replaced with a detected virus name and the file name from the email. And now you see the problem, I hope: The filename is attacker supplied input.

Where this really gets out of hand is what ClamAV does with this string. execle("/bin/sh", "sh", "-c", buffer_cmd, NULL, env). So let’s talk defensive program design for a minute. When it comes to running a secondary command, there are two general options, system() and the exec*() family of system calls. system() is very simple to use. It pauses execution of the main process and asks the operating system to run a string, just as if the user had typed that command into the shell. While this is very convenient to use, there is a security problem if any of that command string is user-supplied. All it takes is a semicolon or ampersand to break assumptions and inject a command.

To the rescue comes exec(). It’s a bit more complicated to use, requiring the programmer to manually call fork() and wait(). But it’s not running the command via the shell. exec() executes a program directly, totally eliminating the potential for command injection! Except… oops.

Yeah, exec() and related calls don’t offer any security protections when you use them to execute /bin/sh. I suspect the code was written this way to allow running a script without specifying /bin/sh in the config. The official fix was to disable the filename format character, and instead supply it as an environment variable. That certainly works, and that fix is available in 1.0.5, 1.2.2, and 1.3.0.

The real danger here is that we have another case where some hardware appliance manufacturer has used ClamAV for email filtering, and uses this configuration by default. That’s how we get orders from CISA to unplug your hardware, because it’s already compromised. Continue reading “This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!”

The Latest Windows 11 Release Might Not Work On Your Oldest Machines

Everybody knows you can’t install Windows XP on a 386, or Windows 95 on an original IBM PC. But for Windows 11, the goalposts seem to be changing with newer releases of the existing OS. As covered by The Register, it appears the latest Windows 11 24H2 update might be incompatible with older machines.

It’s all down to the POPCNT CPU instruction. As shared on Twitter by [TheBobPony], the instruction appears in a number of Windows 11 system files, including kernel and USB XHCI drivers. Thus, it appears that any CPU not able to run this instruction will not be able to boot Windows 11. POPCNT was first included in AMD’s Barcelona architecture in 2007, and Intel’s Core processors in 2008. It’s an instruction for counting set bits in a word.

Ultimately, the effect is that computers with older CPUs will no longer be able to run the latest version of Windows 11. It could be as simple as Microsoft engineers enabling more modern CPU instructions at compilation time. However, given affected hardware is more than 15 years old, it’s perhaps likely that Microsoft is perfectly willing to cut these machines off from using the latest versions of its main operating system. We’ve talked about this phenomenon before, too.

In any case, keep a close eye on Windows update if you’re running super-old hardware. Let us know if you’ll be affected in the comments.

Thanks to [Stephen Walters] for the tip!

All-Sky Camera Checks For Aurora

The aurora borealis (and its southern equivalent, the aurora australis) is a fleeting and somewhat rare phenomenon that produces vivid curtains of color in the sky at extreme latitudes. It’s a common tourist activity to travel to areas where the aurora is more prevalent in order to catch a glimpse of it. The best opportunities are in the winter though, and since most people don’t want to spend hours outside on a cold night night in high latitudes, an all-sky camera like this one from [Frank] can help notify its users when an aurora is happening.

Because of the extreme temperatures involved, this is a little more involved than simply pointing a camera at the sky and hoping for the best. The enclosure and all electronics need to be able to withstand -50°C and operate at at least -30. For the enclosure, [Frank] is going with PVC tubing with a clear dome glued into a top fits to the end of the pipe, providing a water-resistant enclosure. A Raspberry Pi with a wide-angle lens camera sits on a 3D printed carriage so it can easily slide inside. The electronics use power-over-ethernet (PoE) rather than a battery due to the temperature extremes, which conveniently provides networking capabilities for viewing the images.

This is only part one of this build — in part two [Frank] is planning to build a system which can use this camera assembly to detect the aurora automatically and send out notifications when it sees it. Watching the night sky from the comfort of a warm house or sauna isn’t the only reason for putting an all-sky camera to use, either. They can also be used to observe meteors as they fall and then triangulate the position of the meteorites on the ground.