Long-Distance Wi-Fi With Steam Deck Server

June 16, 2023 by 11 Comments

It’s no secret that the Steam Deck is a powerful computer, especially for its price point. It has to be capable enough to run modern PC games while being comfortable as a handheld, all while having a useful amount of battery life. Thankfully Valve didn’t lock down the device like most smartphone manufacturers, allowing the computer to run whatever operating system and software the true owner of the device wants to run. That means that a whole world of options is open for this novel computer, like using it to set up an 802.11ah Wi-Fi network over some pretty impressive distances.

Of course the Steam Deck is more of a means to an end for this project; the real star of the show is DragonOS, a Debian-based Linux distribution put together by [Aaron] to enable easy access to the tools needed for plenty of software-defined radio projects like this one. Here, he’s using it to set up a long-distance Wi-Fi network on one side of a lake, then testing it by motoring over to the other side of the lake to access the data from the KrakenSDR setup running on the Deck, as well as performing real-time capture of IQ data that was being automatically demodulated and feed internally to whispercpp.

While no one will be streaming 4K video over 802.11ah, it’s more than capable of supporting small amounts of data over relatively large distances, and [Aaron] was easily able to SSH to his access point from over a kilometer away with it. If the lake scenery in the project seems familiar at all, it’s because this project is an extension of another one of his DragonOS projects using a slightly lower frequency to do some impressive direction-finding, also using the Steam Deck as a base of operations.

Continue reading “Long-Distance Wi-Fi With Steam Deck Server”

Hinged Parts For The 8th Grade Set

June 16, 2023 by 8 Comments

I recently agreed to run a 3D printing camp for 8th graders. If you’ve never shared your knowledge with kids, you should. It is a great experience. However, it isn’t without its challenges. One thing I’ve learned: don’t show the kids things that you don’t want them to try to print.

I learned this, of course, the hard way. I have several “flexy”3D prints. You know the kind. Flexy dinosaurs, cats, hedgehogs, and the like. They all have several segments and a little hinge so the segments wobble. The problem is the kids wanted to print their own creations with flexy hinges.

I’ve built a few print-in-place hinges, but not using Tinkercad, the software of choice for the camp. While I was sure it was possible, it seemed daunting to get the class to learn how to do it. Luckily, there’s an easy way to add hinges like this to a Tinkercad design. There was only one problem.

Continue reading “Hinged Parts For The 8th Grade Set”

Hackaday Podcast 223: Smoking Smart Meter, 489 Megapixels, And Unshredding Documents

June 16, 2023 by 10 Comments

Elliot’s back from vacation, and Dan stepped into the virtual podcast studio with him to uncover all the hacks he missed while hiking in Italy. There was a lot to miss, what with a smart meter getting snuffed by a Flipper Zero — or was it? How about a half-gigapixel camera built out of an old scanner, or a sonar-aimed turret gun? We also looked at a couple of projects that did things the hard way, like a TV test pattern generator that was clearly a labor of love, and an all-transistor HP frequency counter. More plastic welding? Hey, a fix is a fix! Plus, we’ll dive into why all those Alexas are just gathering dust, and look at the really, REALLY hard problems involved in restoring shredded documents.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download a long series of ones and zeroes that, when appropriately interpreted, sound like two people talking about nerdy stuff!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 223: Smoking Smart Meter, 489 Megapixels, And Unshredding Documents”

IKEA LACK Table Becomes Extremely Affordable DIY Copy Stand

June 16, 2023 by 14 Comments

A copy stand is a tool used to capture images of photos, artwork, books, and things of a similar nature. It holds a camera perpendicular to a large and flat surface, upon which the subject rests.

A threaded rod provides effective vertical adjustment.

They are handy, but there’s no need to spend a lot when [BlandPasta]’s DIY copy stand based on a cheap IKEA LACK table can be turned into an economical afternoon project with the help of simple hardware and a few 3D printed parts.

The main structure comes from a mixture of parts from two LACK tables: one small and one normal-sized. A tabletop is used as the bed, and the square legs make up the structural parts with the help of some printed pieces. A threaded rod combined with some captive hardware provides a way to adjust the camera up and down with a crank, while one can manually slide the horizontal camera mount as needed to frame the subject appropriately.

This is a clever remix of IKEA parts, and the somewhat matte white finish of the LACK complements photography well. Adding some DIY LED lighting is about all it takes to get a perfectly serviceable copy stand that won’t break the bank.

This Week In Security: ACME.sh, Leaking LEDs, And Android Apps

June 16, 2023 by 3 Comments

Let’s Encrypt has made an enormous difference to the landscape of the web. The protocol used for authenticating and receiving certificates, ACME, has spawned quite a few clients of various flavors. Some are written in Rust, some in Python or Go, and a few in straight Bash shell script. One of those last ones, acme.sh, was doing something odd when talking to a particular “Certificate Authority”, HiCA. This pseudo-CA only supports acme.sh, and now we know why. The folks behind HiCA found an RCE exploit in acme.sh, and decided to use that exploit to do certificate issuance with more “flexability”. Oof.

The nuts and bolts here is that HiCA was working as a CA-in-the-Middle, wrapping other CA’s authentication services. Those services don’t support ACME authentication at all, and HiCA used the acme.sh vulnerability to put the authentication token in the place SSL.com expected to find it. So, just a good community member offering a service that ACME doesn’t quite support, right?

Well, maybe not so innocent. The way it appears this works, is that the end user sends a certificate request to HiCA. HiCA takes that information, and initiates a certificate request off to SSL.com. SSL.com sends back a challenge, and HiCA embeds that challenge in the RCE and sends it to the end user. The end user’s machine triggers the RCE, which pushes the challenge token to the well-known location, and bypasses the ACME protection against exactly this sort of CA-in-the-middle situation.

The last piece of the authentication process is that the signing server reaches out over HTTP to the domain being signed, and looks for the token to be there. Once found, it sends the signed certificates to HiCA, who then forward them on to the end user. And that’s the problem. HiCA has access to the key of every SSL cert they handled. This doesn’t allow encryption, but these keys could be used to impersonate or even launch MitM attacks against those domains. There’s no evidence that HiCA was actually capturing or using those keys, but this company was abusing an RCE to put itself in the position to have that ability.

The takeaway is twofold. First, as an end user, only use reputable CAs. And second, ACME clients need to be hardened against potentially malicious CAs. The fact that HiCA only supported the one ACME client was what led to this discovery, and should have been a warning flag to anyone using the service. Continue reading “This Week In Security: ACME.sh, Leaking LEDs, And Android Apps”

Persistence Pays In TI-99/4A Cassette Tape Data Recovery

June 16, 2023 by 11 Comments

In the three or four decades since storing programs on audio cassettes has been relevant, a lot of irreplaceable personal computing history has been lost to the ravages of time and the sub-optimal conditions in the attics and basements where tapes have been stored. Luckily, over that time we’ve developed a lot of tools and techniques that might make it possible to recover some of these ancient treasures. But as [Noel] shows us, recovering data from cassette tapes is a tricky business.

His case study for the video below is a tape from a TI-99/4A that won’t load. A quick look in Audacity at the audio waveform seems to show the problem — an area of severely attenuated signal. Unfortunately, no amount of boosting and filtering did the trick, so [Noel] had to dig a bit deeper. It turns out that the TI tape interface standard, with its redundant data structure, was somewhat to blame for the inability to read this particular tape. As [Noel] explains, each 64-bit data record is recorded to tape twice, along with a header and a checksum. If neither record decodes correctly, then tape playback just stops.

Luckily, someone who had already run into this problem spun up a Windows program to help. CS1er — our guess would be “Ceaser” — takes WAV file input and loads each record, simply flagging the bad ones instead of just bailing out. [Noel] used the program to analyze multiple recordings of the same data and eventually got enough good records to reassemble the original program, a game called Dogfight — or was it Gogfight? Either way, he managed to get most of the data off the tape, and since it was a BASIC program, it was pretty easy to figure out the missing bytes by inspection.

[Noel]’s experience will no doubt be music to the ears of the TI aficionados out there. Of which we’ve seen plenty, from the TI-99 demoscene to running Java on one, and whatever this magnificent thing is.

Continue reading “Persistence Pays In TI-99/4A Cassette Tape Data Recovery”

These Illusions Celebrate Exploiting Human Senses

June 16, 2023 by 7 Comments

Illusions are perceptual experiences that do not match physical reality, and the 2023 Illusion of the Year contest produced a variety of nifty ones that are worth checking out. A video for each is embedded below the break, but we’ll briefly explain each as well.

Some of the visual illusions play with perspective. One such example happens to be the contest winner: Platform 9 3/4 has a LEGO car appear to drive directly through a wall. It happens so quickly it’s difficult to say what happened at all!

Another good one is the Tower of Cubes, which appears as two stacks of normal-looking hollow cubes, but some of the cubes are in fact truly bizarre shapes when seen from the side. This is a bit reminiscent of the ambiguous cylinder illusion by Japanese mathematician and artist [Kokichi Sugihara].

Cornelia is representative of the hollow face illusion, in which a concave face is perceived as a normal convex one. (Interestingly this illusion is used to help diagnose schizophrenia, as sufferers overwhelmingly fail to perceive the illusion.)

The Accelerando Illusion is similar to (but differs from) an auditory effect known as the Risset Rhythm by composer Jean-Claude Risset. It exploits ambiguities in sound to create a dense musical arrangement that sounds as though it is constantly increasing in tempo.

The Buddha’s Ear Illusion creates the illusion of feeling as though one’s earlobe is being stretched out to an absurd length, and brings to mind the broader concept of body transfer illusion.

While it didn’t appear into the contest, we just can’t resist bringing up the Thermal Grill Illusion, in which one perceives a painful burning sensation from touching a set of alternating hot and cold elements. Even though the temperatures of the individual elements are actually quite mild, the temperature differential plays strange tricks on perception.

A video of each of the contest’s entries is embedded below, and they all explain exactly what’s going on for each one, so take a few minutes and give them a watch. Do you have a favorite illusion of your own? Share it in the comments!

Continue reading “These Illusions Celebrate Exploiting Human Senses”