See The Hands-on Details Behind Stunning Helmet Build

September 28, 2024 by 6 Comments

[Zibartas] recently created wearable helmets from the game Starfield that look fantastic, and we’re happy to see that he created a video showcasing the whole process of design, manufacture, and assembly. The video really highlights just how much good old-fashioned manual work like sanding goes into getting good results, even in an era where fancy modern equipment like 3D printing is available to just about anyone.

The secret to perfectly-tinted and glassy-smooth clear visors? Lots and lots of sanding and polishing.

The visor, for example, is one such example. The usual approach to making a custom helmet visor (like for Daft Punk helmet builds) is some kind of thermoforming. However, the Starfield helmet visors were poor candidates due to their shape and color. [Zibartas]’s solution was to 3D print the whole visor in custom-tinted resin, followed by lots and lots of sanding and polishing to obtain a clear and glassy-smooth end product.

A lot of patient sanding ended up being necessary for other reasons as well. Each helmet has a staggering number of individual parts, most of which are 3D printed with resin, and these parts didn’t always fit together perfectly well.

[Zibartas] also ended up spending a lot of time troubleshooting an issue that many of us might have had an easier time recognizing and addressing. The helmet cleverly integrates a faux-neon style RGB LED strip for internal lighting, but the LED strip would glitch out when the ventilation fan was turned on. The solution after a lot of troubleshooting ended up being simple decoupling capacitors, helping to isolate the microcontrollers built into the LED strip from the inductive load of the motors.

What [Zibartas] may have lacked in the finer points of electronics, he certainly makes up for in practical experience when it comes to wearable pieces like these. The helmets look solid but are in fact full of open spaces and hollow, porous surfaces. This makes them more challenging to design and assemble, but it pays off in spades when worn. The helmets not only look great, but allow a huge amount of airflow. This along with the fans makes them comfortable to wear as well as prevents the face shield from misting up from the wearer’s breathing. It’s a real work of art, so check out the build video, embedded just below.

Continue reading “See The Hands-on Details Behind Stunning Helmet Build”

3D Printed Jellyfish Lights Up

September 27, 2024 by 1 Comment

[Ben] may be 15 years old, but he’s got the knack for 3D printing and artistic mechanical design. When you see his 3D-printed mechanical jellyfish lamp, we think you’ll agree. Honestly, it is hardly fair to call it a lamp. It is really — as [Ben] points out — a kinetic sculpture.

One of the high points of the post is the very detailed documentation. Not only is everything explained, but there is quite a bit of background information on jellyfish, different types of gears, and optimizing 3D prints along with information on how to recreate the sculpture.

There is quite a bit of printing, including the tentacles. There are a few options, like Arduino-controlled LEDs. However, the heart of the operation is a geared motor.

All the design files for 3D printing and the Arduino code are in the post. There’s also a remote control. The design allows you to have different colors for various pieces and easily swap them with a screwdriver.

One major concern was how noisy the thing would be with a spinning motor. According to [Ben], the noise level is about 33 dB, which is about what a whisper sounds like. However, he mentions you could consider using ball bearings, quieter motors, or different types of gears to get the noise down even further.

We imagine this jellyfish will come in at well under $6 million. If you don’t want your jellyfish to be art, maybe you’d prefer one that creates art.

Hacking Kia: Remotely Hijack A Car Using Only Its License Plate

September 27, 2024 by 55 Comments

These days everything needs to be connected to remote servers via the internet, whether it’s one’s TV, fridge or even that new car you just bought. A recently discovered (and already patched) vulnerability concerning Kia cars was a doozy in this regard, as a fairly straightforward series of steps allowed for any attacker to obtain the vehicle identification number (VIN) from the license plate, and from there become registered as the car’s owner on Kia’s network. The hack and the way it was discovered is described in great detail on [Sam Curry]’s website, along with the timeline of its discovery.

Notable is that this isn’t the first vulnerability discovered in Kia’s HTTP-based APIs, with [Sam] this time taking a poke at the dealer endpoints. To his surprise, he was able to register as a dealer and obtain a valid session ID using which he could then proceed to query Kia’s systems for a user’s registered email address and phone number.

With a specially crafted tool to automate the entire process, this information was then used to demote the car’s owner and register the attacker as the primary owner. After this the attacker was free to lock/unlock the doors, honk to his heart’s content, locate the car and start/stop the vehicle. The vulnerability affected all Kia cars made after 2013, with the victim having no indication of their vehicle having been hijacked in this manner. Aside from the doors randomly locking, the quaint honking and engine turning on/off at a whim, of course.

Perhaps the scariest part about this kind of vulnerability is that it could have allowed an attacker to identify a vulnerable parked car, gained access, before getting into the car, starting the engine and driving away. As long as these remote APIs allow for such levels of control, one might hope that one day car manufacturers will take security somewhat more serious, as this is only the latest in a seemingly endless series of amusingly terrifying security vulnerabilities that require nothing more than some bored hackers with HTTP query crafting tools to discover.

Continue reading “Hacking Kia: Remotely Hijack A Car Using Only Its License Plate”

Retro Gadgets: Things Your TV No Longer Needs

September 27, 2024 by 58 Comments

It is hard to imagine that a handful of decades ago, TV wasn’t a thing. We’ve talked a few times about the birth of television. After an admittedly slow slow start, it took over like wildfire. Of course, anything that sells millions will spawn accessories. Some may be great. Then there are others.

We wanted to take a nostalgic look back at some of the strange add-ons people used to put on or in their TVs. Sure, VCRs, DVD players, and video game consoles were popular. But we were thinking a little more obscure than that.

Rabbit Ears

A state-of-the-art set of rabbit ears from the 1970s

Every once in a while, we see an ad or a box in a store touting the ability to get great TV programming for free. Invariably, it is a USB device that lets you watch free streaming channels or it is an antenna. There was a time when nearly all TVs had “rabbit ears” — so called because they made an inverted V on the top of your set.

These dipoles were telescoping and you were supposed to adjust them to fit the TV station you were watching but everyone “knew” that you wanted them as long as possible at all times. Holding one end of them gave it a ground and would give you a major improvement in picture. People also liked to wrap tin foil around the tips. Was it like a capacitive hat? We aren’t sure.

The better rabbit ears had knobs and switches along with multiple elements. If you lived close to a TV station, you probably didn’t need much. If you didn’t, no number of fancy add-ons would likely help you. Continue reading “Retro Gadgets: Things Your TV No Longer Needs”

This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9

September 27, 2024 by 15 Comments

It looks like there’s finally hope for sane password policies. The US National Institue of Standards and Technology, NIST, has released a draft of SP 800-63-4, the Digital Identity Guideline.

There’s password guidance in there, like “SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords” and “SHALL NOT require users to change passwords periodically.” NIST approved passwords must be at least 8 characters long, with a weaker recommendation of at least 15 characters. Security questions like name of first pet get the axe. And it’s strongly recommended that all ASCII and Unicode characters should be acceptable for passwords.

This is definitely moving in the right direction. NIST guidelines are only binding for government services and contractors, though they do eventually get picked up by banks and other industries. So there’s hope for sane password policies eventually.

Tank Hacking

Researchers at Bitsight are interested in infrastructure security, and they opted to take a closer look at Automatic Tank Gauging (ATG) systems. Those are found at gas stations, as well as any other facility that needs automated monitoring of liquids or gasses in a tank. There is an actual ATG message format, originally designed for RS-232 serial, and woefully unprepared for the interconnected present. The protocol allows for an optional security code, but it maxes out at only six alpha-numeric characters.

Among the vulnerabilities getting announced today, we have a pair of CVSS 10 command injection flaws, a quartet of 9.8 authentication bypass flaws, with one of those being a hardcoded credential — AKA a backdoor. The other CVSS9+ flaw is a SQL injection, with a trio of slightly less serious flaws. Continue reading “This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9”

Digital Audio Workstation In A Box

September 23, 2024 by 4 Comments

Although it’s still possible to grab a couple of friends, guitars, and a set of drums and start making analog music like it’s 1992 and there are vacant garages everywhere yearning for the sounds of power chords, the music scene almost demands the use of a computer now. There are a lot of benefits, largely that it dramatically lowers the barrier to entry since it greatly reduces the need for expensive analog instruments. It’s possible to get by with an impressively small computer and only a handful of other components too, as [BAussems] demonstrates with this tiny digital audio workstation (DAW).

The DAW is housed inside a small wooden box and is centered around a Behringer JT-4000 which does most of the heavy lifting in this project. It’s a synthesizer designed to be as small as possible, but [BAussems] has a few other things to add to this build to round out its musical capabilities. A digital reverb effects pedal was disassembled to reduce size and added to the DAW beneath the synthesizer. At its most basic level this DAW can be used with nothing but these components and a pair of headphones, but it’s also possible to add a smartphone to act as a sequencer and a stereo as well.

For a portable on-the-go rig, this digital audio workstation checks a lot of the boxes needed including MIDI and integration with a computer. It’s excellent inspiration for anyone else who needs a setup like this but doesn’t have access, space, or funds for a more traditional laptop- or desktop-centered version. For some other small on-the-go musical instruments we recently saw a MIDI-enabled keyboard not much larger than a credit card.

Fukushima Daiichi: Cleaning Up After A Nuclear Accident

September 23, 2024 by 47 Comments

On 11 March, 2011, a massive magnitude 9.1 earthquake shook the west coast of Japan, with the epicenter located at a shallow depth of 32 km,  a mere 72 km off the coast of Oshika Peninsula, of the Touhoku region. Following this earthquake, an equally massive tsunami made its way towards Japan’s eastern shores, flooding many kilometers inland. Over 20,000 people were killed by the tsunami and earthquake, thousands of whom were dragged into the ocean when the tsunami retreated. This Touhoku earthquake was the most devastating in Japan’s history, both in human and economic cost, but also in the effect it had on one of Japan’s nuclear power plants: the six-unit Fukushima Daiichi plant.

In the subsequent Investigation Commission report by the Japanese Diet, a lack of safety culture at the plant’s owner (TEPCO) was noted, along with significant corruption and poor emergency preparation, all of which resulted in the preventable meltdown of three of the plant’s reactors and a botched evacuation. Although afterwards TEPCO was nationalized, and a new nuclear regulatory body established, this still left Japan with the daunting task of cleaning up the damaged Fukushima Daiichi nuclear plant.

Removal of the damaged fuel rods is the biggest priority, as this will take care of the main radiation hazard. This year TEPCO has begun work on removing the damaged fuel inside the cores, the outcome of which will set the pace for the rest of the clean-up.

Continue reading “Fukushima Daiichi: Cleaning Up After A Nuclear Accident”