Espressif’s ESP32-P4 Application Processor: Details Begin To Emerge

April 2, 2024 by 54 Comments

Every now and then there’s a part that comes along which is hotly anticipated, but which understandably its manufacturer remains tight-lipped about in order to preserve maximum impact surrounding its launch. Right now that’s Espressif’s ESP32-P4: a powerful application processor with dual-core 400 MHz and a single-core low power 40 MHz RISC-V processors. Interestingly it doesn’t appear to have the radios which have been a feature of previous ESP parts, but it makes up for those with a much more comprehensive array of peripherals.

Some details are beginning to emerge, whether from leaks or in preparation for launch, including the first signs of support in their JTAG tool, and a glimpse in a video from another Chinese company of a development board. We got our hopes up a little when we saw the P4 appearing in some Espressif documentation, but on closer examination there’s nothing there yet about the interesting new peripherals.

Looking at the dev board and the video we can see some of what the thing is capable of as it drives a large touchscreen and a camera. There are two MIPI DSI/CSI ports on  the PCB, as well as three USB ports and a sound codec. A more run-of-the-mill ESP32-C3 is present we think to provide wireless networking, and there’s a fourth USB port which we are fairly certain is in fact only for serial communications via a what our best blurry photograph reading tells us is a Silicon Labs USB-to-serial chip. Finally there’s large Raspberry Pi-style header which appears to carry all the GPIOs and other pins. We’ve placed the video below the break, if you see anything we’ve missed please tell us in the comments.

We first covered this chip back in January, and then as now we’re looking forward to seeing what our community does with it.

Continue reading “Espressif’s ESP32-P4 Application Processor: Details Begin To Emerge”

Wrencher-2: A Bold New Direction For Hackaday

April 1, 2024 by 44 Comments

Over the last year it’s fair to say that a chill wind has blown across the face of the media industry, as the prospect emerges that many content creation tasks formerly performed by humans instead being swallowed up by the inexorable rise of generative AI. In a few years we’re told, there may even be no more journalists, as the computers become capable of keeping your news desires sated with the help of their algorithms.

Here at Hackaday, we can see this might be the case for a gutter rag obsessed with celebrity love affairs and whichever vegetable is supposed to cure cancer this week, but we continue to believe that for quality coverage of the latest and greatest in the hardware hacking world, you can’t beat a writer made of good old-fashioned meat. Indeed, in a world saturated by low-quality content, the opinions of smart and engaged writers become even more valuable. So we’ve decided to go against the trend, by launching not a journalist powered by AI, but an AI powered by journalists.

Announcing Wrencher-2, a Hackaday chat assistant in your browser

Wrencher-2 is a new paradigm in online chat assistants, eschewing generative algorithms in favour of the collective expertise of the Hackaday team. Ask Wrencher-2 a question, and you won’t get a vague and made-up answer from a computer, instead you’ll get a pithy and on-the-nail answer from a Hackaday staffer. Go on – try it! Continue reading “Wrencher-2: A Bold New Direction For Hackaday”

Security Alert: Potential SSH Backdoor Via Liblzma

March 29, 2024 by 34 Comments

In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux systems. The most detailed analysis so far seems to be by [Andres Freund] on the oss-security list.

The xz release tarballs from 5.6.0 in late February and 5.6.1 on March 9th both contain malicious code. A pair of compressed files in the repository contain the majority of the malicious patch, disguised as test files. In practice, this means that looking at the repository doesn’t reveal anything amiss, but downloading the release tarballs gives you the compromised code.

This was discovered because SSH logins on a Debian sid were taking longer, with more CPU cycles than expected. And interestingly, Valgrind was throwing unexpected errors when running on the liblzma library. That last bit was first discovered on February 24th, immediately after the 5.6.0 release. The xz-utils package failed its tests on Gentoo builds.

Continue reading “Security Alert: Potential SSH Backdoor Via Liblzma”

This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256

March 29, 2024 by 1 Comment

The Linux command wall is a hold-over from the way Unix machines used to be used. It’s an abbreviation of Write to ALL, and it was first included in AT&T Unix, way back in 1975. wall is a tool that a sysadmin can use to send a message to the terminal session of all logged-in users. So far nothing too exciting from a security perspective. Where things get a bit more interesting is the consideration of ANSI escape codes. Those are the control codes that moves the cursor around on the screen, also inherited from the olden days of terminals.

The modern wall binary is actually part of util-linux, rather than being a continuation of the old Unix codebase. On many systems, wall runs as a setgid, so the behavior of the system binary really matters. It’s accepted that wall shouldn’t be able to send control codes, and when processing a message specified via standard input, those control codes get rejected by the fputs_careful() function. But when a message is passed in on the command line, as an argument, that function call is skipped.

This allows any user that can send wall messages to also send ANSI control codes. Is that really a security problem? There are two scenarios where it could be. The first is that some terminals support writing to the system clipboard via command codes. The other, more creative issue, is that the output from running a binary could be overwritten with arbitrary text. Text like:
Sorry, try again.
[sudo] password for jbennett:

You may have questions. Like, how would an attacker know when such a command would be appropriate? And how would this attacker capture a password that has been entered this way? The simple answer is by watching the list of running processes and system log. Many systems have a command-not-found function, which will print the failing command to the system log. If that failing command is actually a password, then it’s right there for the taking. Now, you may think this is a very narrow attack surface that’s not going to be terribly useful in real-world usage. And that’s probably pretty accurate. It is a really fascinating idea to think through, and definitively worth getting fixed. Continue reading “This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256”

A Stirling Engine From Minimal Parts

March 28, 2024 by 5 Comments

The model Stirling engine is a staple of novelty catalogues, and we daresay that were it not for their high price there might be more than one Hackaday reader or writer who might own one. All is not lost though, because [jirka.luftner] has posted one on Instructables which eschews the fancy machined brass of the commercial models and achieves the same result with an array of salvaged parts.

The main cylinder is a former apple drops tin with a cardboard displacer, and the CD/DVD flywheel is mounted on either a 3D printed or cut out frame with the secondary cylinder cut into it. A diaphragm for the secondary cylinder is taken from a rubber glove, and the cranks come courtesy of bent wire.

A slight mystery of this design is that it appears not to have a regenerator, or heat store. This usually lies in the path between the two cylinders to improve efficiency by taking the heat from the air as it passes in-between the two, and returning it when it goes the other way. We’re guessing that on an engine this small it’s the tin itself which performs this function. Either way this is a neat little engine that shouldn’t break the bank.

If this has whetted your appetite, you’ll be pleased to hear it’s not the first Stirling engine we’ve seen made from what was lying around.

2024 Home Sweet Home Automation: [HEX]POD – Climate Tracker And Digital Nose

March 27, 2024 by 10 Comments

[eBender] was travelling India with friends, when one got sick. Unable to find a thermometer anywhere during COVID, they finally ended up in a hospital. After being evacuated back home, [eBender] hatched an idea to create a portable gadget featuring a few travel essentials: the ability to measure body temperature and heart rate, a power bank and an illumination source. The scope evolved quite a lot, with the concept being to create a learning platform for environmental multi-sensor fusion. The current cut-down development kit hosts just the air quality measurement components, but expansion from this base shouldn’t be too hard.

ML for Hackers: Fiddle with that Tensor Flow

This project’s execution is excellent, with a hexagon-shaped enclosure and PCBs stacked within. As everyone knows, hexagons are the bestagons. The platform currently hosts SCD41 and SGP41 sensors for air quality, a BME688 for gas detection, LTR-308 for ambient light and motion, and many temperature sensors.

On top sits a 1.69-inch IPS LCD, with an OLED display on the side for always-on visualization. The user interface is completed with a joystick and a couple of buttons. An internal blower fan is ducted around the sensor array to pull not-so-fresh air from outside for evaluation. Control is courtesy of an ESP32 module, with the gory details buried deep in the extensive project logs, which show sensors and other parts being swapped in and out.

On the software side, some preliminary work is being done on training TensorFlow to learn the sensor fusion inputs. This is no simple task. Finally, we would have a complete package if [eBender] could source a hexagonal LCD to showcase that hexagon-orientated GUI. However, we doubt such a thing exists, which is a shame.

There are many air quality sensors on the market now, so we see a few hacks based on them, like this simple AQ sensor hub. Let’s not forget the importance of environmental CO2 detection; here’s something to get you started.

2024 Home Sweet Home Automation Contest

The Roller Ship Was Not An Effective Way To Cross The High Seas

March 27, 2024 by 25 Comments

Boats come in all shapes and sizes. We have container ships, oil tankers, old-timey wooden sailing ships, catamarans, trimarans, and all sorts besides. Most are designed with features that give them a certain advantage or utility that justifies their construction for a given application.

The roller ship, on the other hand, has not justified its own repeat construction. Just one example was ever built, which proved unseaworthy and impractical. Let’s explore this nautical oddity and learn about why it didn’t make waves as its inventor may have hoped.

Continue reading “The Roller Ship Was Not An Effective Way To Cross The High Seas”