Hackaday Podcast 217: The Unintentional Space And 3D Printing Episode

May 5, 2023 by Tom Nardi No comments

Hackaday Editors Elliot Williams and Tom Nardi definitely didn’t plan on devoting most of this episode to 3D printing and space stories, but let’s be honest, it was bound to happen sooner or later. After an update on the Hackaday Prize, the discussion moves on to a pair of troubled spacecraft and the challenges of exploring the final frontier. From there you’ll hear about a chocolate 3D printer we’ve had our eyes on for years, the tools you should have next to your own (non-chocolate) 3D printer, and a bit of contemplation of what it really means to design for 3D printing versus traditional manufacturing methods. But it’s not all plastic fantastic — by the end of the episode you’ll also hear about some particularly bold high-altitude aviators and the surprisingly short time we have left with the humble barcode.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Going to be stranded on a desert island? Download the podcast now!

Continue reading “Hackaday Podcast 217: The Unintentional Space And 3D Printing Episode” →

A History Of NASA Supercomputers, Among Others

May 5, 2023 by Dave Rowntree 8 Comments

The History Guy on YouTube has posted an interesting video on the history of the supercomputer, with a specific focus on their use by NASA for the implementation of computational fluid dynamics (CFD) models of aeronautical assemblies.

The aero designers of the day were quickly finding out the limitations of the wind tunnel testing approach, especially for so-called transonic flow conditions. This occurs when an object moving through a fluid (like air can be modeled) produces regions of supersonic flow mixed in with subsonic flow and makes for additional drag scenarios. This severely impacts aircraft performance. Not accounting for these effects is not an option, hence the great industry interest in CFD modeling. But the equations for which (usually based around the Navier-Stokes system) are non-linear, and extremely computationally intensive.

Obviously, a certain Mr. Cray is a prominent player in this story, who, as the story goes, exhausted the financial tolerance of his employer, CDC, and subsequently formed Cray Research Inc, and the rest is (an interesting) history. Many Cray machines were instrumental in the development of the space program, and now adorn computing museums the world over. You simply haven’t lived until you’ve sipped your weak lemon drink whilst sitting on the ‘bench’ around an early Cray machine.

You see, supercomputers are a different beast from those machines mere mortals have access to, or at least the earlier ones were. The focus is on pure performance, ideally for floating-point computation, with cost far less of a concern, than getting to the next computational milestone. The Cray-1 for example, is a 64-bit machine capable of 80 MIPS scalar performance (whilst eating over 100 kW of juice), and some very limited parallel processing ability.

While this was immensely faster than anything else available at the time, the modern approach to supercomputing is less about fancy processor design and more about the massive use of parallelism of existing chips with lots of local fast storage mixed in. Every hacker out there should experience these old machines if they can, because the tricks they used and the lengths the designers went to get squeeze out every ounce of processing grunt, can be a real eye-opener.

Want to see what happens when you really push out the boat and use the whole wafer for parallel computation? Checkout the Cerberus. If your needs are somewhat less, but dabbling in parallel computing gets you all pumped, you could build a small array out of Pine64s. Finally, the story wouldn’t be complete without talking about the life and sad early demise of Seymour Cray.
Continue reading “A History Of NASA Supercomputers, Among Others” →

This Week In Security: Oracle Opera, Passkeys, And AirTag RFC

May 5, 2023 by Jonathan Bennett 10 Comments

There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of big-name hotels around the world. The PMS is the system that handles reservations and check-ins, talks to the phone system to put room extensions in the proper state, and generally runs the back-end of the property. It’s old code, and handles a bunch of tasks. And researchers at Assetnote found a serious vulnerability. CVE-2023-21932 is an arbitrary file upload issue, and rates at least a 7.2 CVSS.

It’s a tricky one, where the code does all the right things, but gets the steps out of order. Two parameters, jndiname and username are encrypted for transport, and the sanitization step happens before decryption. The username parameter receives no further sanitization, and is vulnerable to path traversal injection. There are two restrictions to exploitation. The string encryption has to be valid, and the request has to include a valid Java Naming and Directory Interface (JNDI) name. It looks like these are the issues leading Oracle to consider this flaw “difficult to exploit vulnerability allows high privileged attacker…”.

The only problem is that the encryption key is global and static. It was pretty straightforward to reverse engineer the encryption routine. And JDNI strings can be fetched anonymously from a trio of endpoints. This lead Assetnote to conclude that Oracle’s understanding of the flaw is faulty, and a much higher CVSS score is appropriate. Particularly with this Proof of Concept code, it is relatively straightforward to upload a web shell to an Opera system.

The one caveat there is that an attacker has to get network access to that install. These aren’t systems intended to be exposed to the internet, and my experience is that they are always on a dedicated network connection, not connected to the rest of the office network. Even the interconnect between the PMS and phone system is done via a serial connection, making this network flaw particularly hard to get to. Continue reading “This Week In Security: Oracle Opera, Passkeys, And AirTag RFC” →

Linux Cell Phone? Build OURPhone

May 5, 2023 by Al Williams 30 Comments

[Evan] couldn’t find a phone he liked, so he decided to build his own. There are advantages and disadvantages, as you might expect. On the plus side, you have the ultimate control. On the negative side, it doesn’t quite have the curb appeal — at least to the average user — of a sleek new cell phone from a major manufacturer.

The phone uses a Raspberry Pi, along with a 4G modem and a 480×800 touchscreen. There’s a laser cut box that measures 90x160x30 mm. For reference, a Google Pixel 7 is about 73x156x9 mm, so a little easier on the pocket.

But not one the pocketbook. The OURPhone only costs about $200 USD to build. There are trade-offs. For example, the touchscreen is resistive, so you’ll want a stylus (there’s a slot for it in the case). On the other hand, if you don’t like something, it is all there for you to change.

Obviously, a better screen would help. Thinner batteries might be a good enhancement too. But that’s the beauty of an open project. You can do all these things and more.

We wondered if you could get one of the “mobile” Linux editions to run or even Android. It seems like the hardest part is coming up with a sophisticated enclosure.

CNC Feeds And Speeds, Explained As A First-Timer

May 5, 2023 by Donald Papp 35 Comments

If you’ve ever looked into CNC cutting tools, you’ve probably heard the term “feeds and speeds”. It refers to choosing the speed at which to spin the cutting tool, and how fast to plow it into the material being cut. They’re important to get right, and some of the reasons aren’t obvious. This led [Callan Bryant] to share his learned insights as a first-timer. It turns out there are excellent (and somewhat non-intuitive) reasons not to simply guess at the correct values!

A table of variables and how they relate to one another (click to enlarge).

The image above shows a tool damaged by overheating. [Callan] points out that as a novice, one might be inclined to approach a first cutting jobs conservatively, with a low feed rate. But doing this can have an unexpected consequence: a tool that overheats due to spinning too quickly while removing too little material.

CNC cutting creates a lot of heat from friction, and one way to remove that heat is by having the tool produce shavings, which help carry heat away. If a tool is making dust instead of shavings — for example if the feed rate is too conservative — the removed pieces will be too small to carry significant energy, and the tool can overheat.

[Callan] makes a table of variables at work in a CNC system in order to better understand their relationship before getting into making a formula for calculating reasonable feed and speed rates. Of course, such calculations are a reasonable starting point only, and it’s up to the operator to ensure things are happening as they should for any given situation. As our own Elliot Williams observed, CNC milling is a much more manual process than one might think.

NVIDIA Jetson Powers Real-Time Iron Man HUD

May 4, 2023 by Tom Nardi 15 Comments

If you could recreate any of the capabilities of Tony Stark’s Iron Man suit in real life, it would probably be the ability to fly, the super strength, or maybe even the palm-mounted lasers that can cut through whatever obstacle is in your path. But let’s be real, all that stuff is way too hard to try and pull off. Plus you’ll probably just end up accidentally killing yourself in the backyard.

But judging by the videos he’s been posting, [Kris Kersey] is doing one hell of a job creating a functional heads-up display (HUD) similar to the one Tony uses in the films. He’s even building it into a 3D printed Iron Man helmet, with the NVIDIA Jetson board that’s powering the show inside a chest-mounted “Arc Reactor”. He goes into a bit more detail about the project and his goals in an interview recently published on NVIDIA’s own blog. Continue reading “NVIDIA Jetson Powers Real-Time Iron Man HUD” →

Hacking Hue Lightbulbs

May 4, 2023 by Al Williams 13 Comments

What do you do with a Hue smart lightbulb? Well, if you are [Chris Greening], you take it apart and get hacking. If you ever wondered what’s inside, the teardown is pretty good, and you can also watch the video below. The potting compound, however, makes a mess.

Once you get the potting undone, there are three PCBs: an LED carrier, a power supply, and a logic board. The arrangement of the LEDs is a bit confusing, but [Chris] explains it along with providing schematics for all of the boards.

Continue reading “Hacking Hue Lightbulbs” →