I keep saying I need to stay away from auction sites, but then I wouldn’t have as much fodder for Hackaday, would I? As I write this, I’m waiting on a Dell AT101W, which will be my first keeb with Alps switches. Well, hopefully it has Alps SKCM salmon or black switches — according to Deskthority, it might have rubber domes. If it doesn’t keyboard, I will probably salvage the switches and build something more ergonomic. Either way, I’m thinking we need a post about Alps switches, because some people think they’re even better than Cherry MX switches.
When we picture the Medieval world, it conjures up images of darkness, privations, and sickness the likes of which are hard to imagine from our sanitized point of view. The 1400s, and indeed the entirety of history prior to the introduction of antibiotics in the 1940s, was a time when the merest scratch acquired in the business of everyday life could lead to an infection ending in a slow, painful death. Add in the challenges of war, where violent men wielding sharp things on a filthy field of combat, and it’s a wonder people survived at all.
But then as now, some people are luckier than others, and surviving what even today would likely be a fatal injury was not unknown, as one sixteen-year-old boy in 1403 would discover. It didn’t hurt that he was the son of the king of England, and when he earned an arrow in his face in combat, every effort would be made to save the prince and heir to the throne. It also helped that he had the good fortune to have a surgeon with the imagination to solve the problem, and the skill to build a tool to help.
Things might be getting a bit dicey out in Jezero crater for Ingenuity. The little helicopter that could is starting to have trouble dealing with the thinning Martian atmosphere, and may start pressing against its margin of safety for continued operation. Ingenuity was designed for five flights that would all take place around the time its mothership Perseverance touched down on Mars back in February, at which time the mean atmospheric pressure was at a seasonal high. Over the last few months, the density of the Martian atmosphere has decreased a wee bit, but when you’re starting with a plan for a pressure that’s only 1.4% of Earth’s soupy atmosphere, every little bit counts. The solution to keeping Ingenuity flying is simple: run the rotors faster. NASA has run a test on that, spinning the rotors up to 2,800 RPM, and Ingenuity handled the extra stresses and power draw well. A 14th flight is planned to see how well the rotors bite into the rarefied air, but Ingenuity’s days as a scout for Perseverance could be numbered.
If you thought privacy concerns and government backdoors into encryption technology were 21st-century problems, think again. IEEE Spectrum has a story about “The Scandalous History of the Last Rotor Cipher Machine,” and it’s a great read — almost like a Tom Clancy novel. The story will appeal to crypto — not cryptocurrency — fans, especially those fascinated by Enigma machines, because it revolves around a Swiss rotor cipher machine called the HX-63, which was essentially a refinement of the original Enigma technology. With the equivalent of 2,000-bit encryption, it was considered unbreakable, and it was offered for sale to any and all — at least until the US National Security Agency sprung into action to persuade the inventor, Boris Hagelin, to shelve the HX-63 project in favor of electronic encryption. The NSA naturally helped Hagelin design this next generation of crypto machines, which of course all had backdoors built into them. While the cloak and dagger aspects of the story — including a possible assassination of Boris Hagelin’s son in 1970, when it became clear he wouldn’t “play ball” as his father had — are intriguing, the peek inside the HX-63, with its Swiss engineering, is the real treat.
One of the great things about the internet is how easy it is to quickly answer completely meaningless questions. For me, that usually involves looking up the lyrics of a song I just heard and finding out that, no, Robert Plant didn’t sing “Whoopie Cat” during Misty Mountain Hop. But it also let me answer a simple question the other day: what’s the largest single-piece metal object ever created? I figured it would have to be a casting of some sort, and likely something from the middle of the previous century. But as it turns out, the largest casting ever appears to have been manufactured in Sheffield, England in 2015. The company, Sheffield Forgemaster International, produced eleven castings for the offshore oil industry, each weighing in at over 320 tonnes. The scale of each piece is mind-boggling, and the technology that went into making them would be really interesting to learn about. And it goes without saying that my search was far from exhaustive; if you know of a single-piece metal part larger than 320 tonnes, I’ll be glad to stand corrected.
Have you heard about “teledriving” yet? On the face of it, a remote-controlled car where a qualified driver sits in an office somewhere watching video feeds from the car makes little sense. But as you dig into the details, the idea of remotely piloted cars starts to look like one of those “Why didn’t I think of that?” ideas. The company behind this is called Vay, and the idea is to remotely drive a ride-share vehicle to its next customer. Basically, when you hail a ride, a remote driver connects to an available car and drives it to your location. You get in and take over the controls to drive to your destination. When you arrive, another remote drive pilots the car to its next pickup. There are obvious problems to work out, but the idea is really the tacit admission that all things considered, humans are way better at driving than machines are, at least right now.
Sometimes you just get lucky. I had a project on my list for a long time, and it was one that I had been putting off for a few months now because I loathed one part of what it entailed — sensitive, high-accuracy analog measurement. And then, out of the blue I stumbled on exactly the right trick, and my problems vanished in thin air. Thanks, Internet of Hackers!
The project in question is a low-vacuum regulator for “bagging” fiberglass layups. What I needed was some way to read a pressure sensor and turn on and off a vacuum pump accordingly. The industry-standard vacuum gauges are neat devices, essentially a tiny little strain gauge on a membrane between the vacuum side and the atmosphere side, in a package the size of a dime. (That it’s a strain gauge is foreshadowing, but I didn’t know that at the time.) I bought one for $15 ages ago, and it sat on my desk, awaiting its analog circuitry.
See, the MPX2100 runs on 12 V and puts out a signal around 40 mV on top of a 6 V offset. That voltage level is inconvenient for modern 3.3 V microcontroller ADCs, and the resolution would get clobbered by the 6 V signal if I just put a voltage divider on it. This meant whipping together some kind of instrument amplifier circuit to null out the 6 V and amplify the 40 mV for the ADC. The circuits I found online all called for 1% resistors in values I didn’t have, and mildly special op-amps. No fun, for me at least. So there it sat.
Until I ran into this project that machetes through the analog jungle with one part, and it happened to be one I had on hand. A vacuum pressure sensor is a strain gauge, set up like a Wheatstone bridge, just like you would use for weighing something with a load cell. The solution? A load-cell ADC chip, the HX711, found in every cheap scale or online for under a buck. The only other trick was finding a low-voltage pressure sensor to work with it, but that turns out to be easy as well, and I had one delivered in two days.
In all, this project took months of foot-dragging, but only a few clicks and five minutes of soldering once I got the right idea. The industrial applications and manufacturers’ app notes all make sense if you are making hundreds or millions of these devices, where the one-time cost of prototyping up the hard bits gets amortized, but the hacker solution of using a weight-scale chip was just the ticket for a one-off. That just goes to show how useful sharing our tips and tricks can be — you won’t get this from the industry. So send us your success stories, and your useful failures too, and Read More Hackaday!
Many people find themselves working in confined spaces every day, whether it be in sewer systems, drains, or other tight spots. These areas come with their own unique risks to life and limb that must be carefully considered in order to avoid disaster.
To this end, the Worker’s Compensation Board of British Columbia, known as WorkSafe BC, produced a video on the dangers of working in these areas. Confined Spaces, Deadly Spaces highlights how these areas can kill, and the right way to work around these hazards.
Hackaday editors Elliot Williams and Mike Szczys look back on a great week of hardware hacking. What a time to be alive when you can use open source tools to decode signals from a probe that has long since left our solar system! We admire two dirt-cheap builds, one to measure current draw in mains power, another to mill small parts with great precision for only a few bucks. A display built from a few hundred 7-segment modules begs the question: who says pixels need to be the same size? We jaw on the concept of autonomous electric cargo ships, and marvel at the challenges of hitting an asteroid with a space probe. All that and we didn’t even mention using GLaDOS as a personal assistant robot, but that’s on the docket too!
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!Direct download (60 MB or so.)
A particularly nasty 0-day was discovered in the wild, CVE-2021-40444, a flaw in how Microsoft’s MSHTML engine handled Office documents. Not all of the details are clear yet, but the result is that opening a office document can trigger a remote code execution. It gets worse, though, because the exploit can work when simply previewing a file in Explorer, making this a potential 0-click exploit. So far the attack has been used against specific targets, but a POC has been published.
It appears that there are multiple tricks that should be discrete CVEs behind the exploit. First, a simple invocation of
mshtml:http in an Office document triggers the download and processing of that URL via the Trident engine, AKA our old friend IE. The real juicy problem is that in Trident, an iframe can be constructed with a
.cpl URI pointing at an
dll file, and that gets executed without any prompt. This is demonstrated here by [Will Dormann]. A patch was included with this month’s roundup of fixes for Patch Tuesday, so make sure to update. Continue reading “This Week In Security: Office 0-day, ForcedEntry, ProtonMail, And OMIGOD”