Hackaday Podcast 234: Machines On Fire, Old Kinect New Kinect, And Birth Of The Breadboard

September 1, 2023 by 6 Comments

It might sound like a joke, but this week, Elliot Williams and Tom Nardi start things off by asking how you keep a Polish train from running. Like always, the answer appears to be a properly modulated radio signal. After a fiery tale about Elliot’s burned beans, the discussion moves over to the adventure that is home CNC ownership, the final chapter in the saga of the Arecibo Telescope, and the unexpected longevity of Microsoft’s Kinect. Then it’s on to the proper way to cook a PCB, FFmpeg in the browser, and a wooden cyberdeck that’s worth carrying around. Finally, they’ll go over the next generation of diode laser engravers, and take a look back at the origins of the lowly breadboard.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Download it yourself. You don’t need the cloud!

Continue reading “Hackaday Podcast 234: Machines On Fire, Old Kinect New Kinect, And Birth Of The Breadboard”

Motorized Camera Slider Rides On Carbon

September 1, 2023 by 1 Comment

While not every camera mount needs to have six degrees of freedom, one or two can be extremely helpful in the photographic world. In order to make time-lapse shots with some motion or shots that incorporate some parallax, a moving camera mount or dolly is needed, and this small one builds upon a pre-existing, although non-motorized, camera slider.

The slider is an inexpensive model from everyone’s favorite online warehouse, with rails that are at least coated in carbon, if not made out of it entirely, to ensure smooth camera motion. To add the motorization to automatically move the camera, a stepper motor with a belt drive is used which is controlled by an Arduino. A few limit switches are added, letting the dolly perform different movement patterns automatically, and a pair of potentiometers for fine and coarse speed control are included as well, letting the camera take both time-lapse and video while using this mount at various controllable speeds.

With everything tucked into a relatively small box at one end of the dolly, the build is both accessible and functional. The code for the microcontroller is also available on the project’s GitHub page for anyone looking to replicate or build upon the project. And, for those looking to add more degrees of freedom to their camera setups, take a look at this DIY pan and tilt mount.

Continue reading “Motorized Camera Slider Rides On Carbon”

This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack

September 1, 2023 by 6 Comments

Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice something odd about those two vulnerabilities, but I promise the 2020 date is only the tip of the iceberg here.

Let’s start with PostgreSQL. That vulnerability was only present in version 12.2, which released in February of 2020, and was fixed with the 12.3 release in May of that same year. The problem is a stack buffer overflow, which doesn’t seem to enable code execution, but does cause a denial of service situation. To trigger the bug? Repeatedly send the PostgreSQL daemon the SIGHUP signal.

If you’re familiar with Linux signals, that might sound odd. See, the SIGHUP signal technically indicates the end of a user session, but most daemons use it to indicate a restart or reload request. And to send this signal, a user has to have elevated privileges — elevated enough to simply stop the daemon altogether. Put simply, it’s not a security vulnerability, just a minor bug.

And now on to curl — This one is just bizarre. The issue is a integer overflow in the --retry-delay argument, which specifies in seconds how often curl should retry a failing download. The value is multiplied by 1000 to convert to milliseconds, resulting in an overflow for very large values. The result of that overflow? A smaller value for the retry delay.

[Daniel Stenberg] makes the point that this tale is a wonderful demonstration of the brokenness of the CVE system and NVD’s handling of it. And in this case, it’s hard not to see this as negligence. We have to work really hard to construct a theoretical scenario where this bug could actually be exploited. The best I’ve been able to come up with is an online download tool, where the user can specify part of the target name and a timeout. If that tool had a check to ensure that the timeout was large enough to avoid excess traffic, this bug could bypass that check. Should we be assigning CVEs for that sort of convoluted, theoretical attack?

But here’s the thing, that attack scenario should rate something like a CVSS of 4.8 at absolute worst. NVD assigned this a 9.8. There’s no way you can squint at this bug hard enough to legitimately rank it that severe. At the time of writing, the NVD lists this as “UNDERGOING REANALYSIS”.
Continue reading “This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack”

Re-Creating Pink Floyd In The Name Of Speech

September 1, 2023 by 18 Comments

For people who have lost the ability to speak, the future may include brain implants that bring that ability back. But could these brain implants also allow them to sing? Researchers believe that, all in all, it’s just another brick in the wall.

In a new study published in PLOS Biology, twenty-nine people who were already being monitored for epileptic seizures participated via a postage stamp-sized array of electrodes implanted directly on the surface of their brains. As the participants were exposed to Pink Floyd’s Another Brick In the Wall, Part 1, the researchers gathered data from several areas of the brain, each attuned to a different musical element such as harmony, rhythm, and so on. Then the researchers used machine learning to reconstruct the audio heard by the participants using their brainwaves.

First, an AI model looked at the data generated from the brains’ responses to components of the song, like the changes in rhythm, pitch, and tone. Then a second model rejiggered the piecemeal song and estimated the sounds heard by the patients. Of the seven audio samples published in the study results, we think #3 sounds the most like the song. It’s kind of creepy but ultimately very cool. What do you think?

Continue reading “Re-Creating Pink Floyd In The Name Of Speech”

Big 3D Printed Hand Uses Big Servos, Naturally

September 1, 2023 by 15 Comments

[Ivan Miranda] isn’t afraid to dream big, and hopes to soon build a 3D printed giant robot he can ride around on. As the first step towards that goal, he’s built a giant printed hand big enough to hold a basketball.

The hand has fingers with several jointed segments, inspired by those wooden hand models sold as home decor at IKEA. The fingers are controlled via a toothed belt system, with two beefy 11 kg servos responsible for flexing each individual finger joint. A third 25 kg servo flexes the finger as a whole. [Ivan] does a good job of hiding the mechanics and wiring inside the structure of the hand itself, making an attractive robot appendage.

As with many such projects, control is where things get actually difficult. It’s one thing to make a robot hand flex its fingers in and out, and another thing to make it move in a useful, coordinated fashion. Regardless, [Ivan] is able to have the hand grip various objects, in part due to the usefulness of the hand’s opposable thumb. Future plans involve adding positional feedback to improve the finesse of the control system.

Building a good robot hand is no mean feat, and it remains one of the challenges behind building capable humanoid robots. Video after the break.

Continue reading “Big 3D Printed Hand Uses Big Servos, Naturally”

Super NES Cartridge Pulls A Sneaky, Plays Minecraft

August 31, 2023 by 24 Comments

Sometimes it’s the little touches and details that make a project. That’s certainly the case with [Franklinstein]’s Super Nintendo (SNES) Cartridge Hard Drive. It might only be an enclosure for a solid-state hard drive with a USB interface, but the attention to detail is what really makes it worth checking out.

A SNES cartridge has a pretty standard clamshell-ish construction, but fitting the solid-state drive plus cable adapter turned out to be a bit of a challenge.

Since [Franklinstein] wanted the cartridge to look as original as possible, careful measuring and cutting was needed to securely fit the drive and provide an unobtrusive USB-C port tucked discreetly into the cartridge’s opening. We like the technique of using a 3D printed fixture to take up the slack on the cable by exactly the right amount, resulting in a 100% rattle-free end product. A custom Minecraft sticker label provides the finishing touch.

Being able to plug it into a computer and actually play Minecraft is a neat gimmick, but it really shows that some careful construction and assembly can be what makes something look like a clean build instead of a hack job. Take a look at additional build detail and pictures, and check out the video of the build, embedded below.

Hey, if sneaky cartridge mod tricks intrigue you, then you’ll absolutely want to check out how it was possible to play DOOM on a NES from a cartridge. Maybe that’s the next evolution for a cartridge with a Minecraft label on it?

Continue reading “Super NES Cartridge Pulls A Sneaky, Plays Minecraft

Emulating X86 On Apple’s AARCH64 X64 Emulator

August 31, 2023 by 7 Comments

You might know [Evan Martin] as the developer of retrowin32. It’s a Windows and x86 emulator designed to run on a Mac or on the web. He’s recently been exploring how to run 32-bit x86 binaries on the AArch64 (aka ARM64) architecture.

[Evan] realized that Apple’s ARM-based Macs feature a high-quality x86 emulator, used via the Rosetta binary translation system. It only supports 64-bit x86-64 binaries, also known as x64, and thus he had initially discounted it for running older 32-bit x86 software. However, as it turns out, x64 features a special compatibility mode for running 32-bit code. [Evan] was able to leverage this to run 32-bit Windows executables rather neatly via the high-performance Rosetta emulator.

To run a 32-bit executable on a 64-bit processor in this way, one creates a 64-bit program that is tasked with loading the 32-bit executable. It’s a little fussy, involving some tricks to handle memory management between the 32-bit code and the 64-bit wrapper, and how to interface with the OS, but [Evan] explains deftly how it’s all done.

[Evan] notes that this hack may not work forever, especially if Apple changes or deprecates Rosetta’s remaining x86-64 emulation in the future. Regardless, Apple’s “Game Porting Toolkit” relies on similar techniques used by Wine. If you find yourself dancing across platforms, you might learn some nifty tricks from [Evan]’s example!