Supercon 2022: Selling Your Company And Not Your Soul

February 28, 2023 by Matthew Carlson 11 Comments

Haddington Dynamics is a particular company. After winning the 2018 Hackaday Prize with an open-source robotic arm, we’ve covered their micro-factories and suction cup end-effectors for making face shields during 2020. They’ve been laser-focused on their mission of creating a fantastic robot arm at a small price tag with open-source software and design. So how does a company with such a hacker ethos get bought by a much larger company, and why? They came to SuperCon 2022 to share their story in a panel discussion.

Haddington Dynamics started with two clever inventions: optical encoders that used analog values instead of digital values and an FPGA that allowed them to poll those encoders and respond rapidly. This allowed them to use cheaper motors and rely on the incredibly sensitive encoders to position them. After the Hackaday prize, they open-sourced the HD version of the robot and released the HDI version. But in 2020, they were bought by a group called Ocado. As to why the somewhat practical but not exciting answer is that they needed money. Employees needed to be paid, and they needed capital to keep the doors open.

So this leads to the next tricky question, how do you sell your company without changing it? The fine folks at Haddington Dynamics point out in their panel discussion that a company is a collection of people. The soul of that company is the collective soul of those people coming together. A company being bought can be akin to stopping working for yourself and going to work for someone else. Working alone, you have values and principles that you can easily stick to. But once you start working for someone else, they will value different things, and while the people that make up the company might not change, the company’s decisions might become unrecognizable.

As the panel points out, looking for a buyer with the same values is critical. Ocado was a great fit as their economic interests and culture matched Haddington’s. However, it’s not all roses, as Ocadao tends to be a very closed-source group. However, Haddington Dynamics still supports its open-source initiatives. It’s a fascinating look into a company’s life cycle and how they navigate the waters of open-source, funding, acquisitions, innovation, and invention. Despite the fairytale-like nature of inventing a revolutionary robot arm in your garage and winning many awards, it turns out there is quite a lot that happens after the happily ever after.

We look forward to seeing more of Haddington Dynamics and where they go next. Video after the break.

Continue reading “Supercon 2022: Selling Your Company And Not Your Soul” →

Emulating All The TRS-80 Software

February 27, 2023 by Al Williams 37 Comments

Even if you didn’t own a TRS-80, the widespread footprint of Radio Shack in malls meant that if you are old enough, it is a good bet you have seen one and maybe even played with one. The games were crude, but state-of-the-art for 1982. If you wanted business software, that was there too, just don’t expect much on any of the personal computers of the day. My old TRS-80 Model III doesn’t boot anymore and is waiting for me to find time to pull it apart. But it turns out you can run all those old programs with almost no effort. If you’ve experimented with emulators before, you know there are two major problems. First, you need to install the sometimes-fidgety emulator. Second, you need to find the software you want to run and probably convert it into some format the emulator will read. The website named The Big List of TRS-80 Software solves both problems.

You are probably thinking this doesn’t solve any problem because it is just a list of links to software. That’s a reasonable thing to think, but we think the website really needs a new name. There are 15,873 pieces of software on the site, although some of them are duplicates or multiple versions of a single program. You can download them in a format that is useful for some emulators or, in some cases, the original files. But here’s the kicker. You can also click to launch a virtual TRS-80 in your browser and start the program.

Sounds great, right? Well, for the most part, it is. However, some of the programs are finicky and don’t run well in the browser. There’s also the problem of finding the documentation, but you can’t have everything. If you want a quick run of a very common game from back in the day, try Flying Saucers. Continue reading “Emulating All The TRS-80 Software” →

Life At CERN Hack Chat

February 27, 2023 by Dan Maloney No comments

Join us on Wednesday, March 1st at noon Pacific for the Life at CERN Hack Chat with Daniel Valuch!

You know the story — work is just…work. The daily grind, the old salt mine, the place where you trade your time and talent for the money you need to do other stuff in the few hours you’re not at work. It’s not the same for everyone, of course, but chances are good that just getting through the day is a familiar enough experience even for someone who’s currently working his or her dream job.

We’re going to go out on a limb here a bit, but it really seems like working at the European Organization for Nuclear Research (CERN), has got to be a dream gig for almost any engineer. CERN is the top place in the world for particle physics research and home to such ludicrously large machines as the famous Large Hadron Collider (LHC). The facilities and instruments at CERN attract tens of thousands of researchers from all over the world every year who produce multiple petabytes of data; perhaps not coincidentally, it’s also the place where Tim Berners Lee invented the World Wide Web. Thanks, Sir Tim!

To say that being an electrical engineer at CERN might be a little like dropping a kid off at a combination candy store/bouncy house/petting zoo is probably not an understatement. When the biggest of Big Science is always on the menu, it must be hard to focus on this cool project or that new instrument. Then again, we’re just guessing — maybe it’s all still “just work.” Luckily, we found someone to ask: Daniel Valuch, currently an electrical engineer who is rapidly closing in on 25 years at the fabled institution.

You’ll recall Daniel from some of his side projects, like the most accurate pendulum clock in the world, or his super-clicky pseudorandom number generator. He’s also teaching at the university level, and we’ve seen him give back to the community with his work for the “ZENIT in Electronics” contest, an annual STEM event that’s currently in its 39th year of inspiring students. Daniel is going to stop by the Hack Chat so we can pick his brain about what it’s like to work at CERN, what kind of projects he’s worked on, and what a career in Big Science is all about.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, March 1 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

[Featured image: CERN, CC BY 4.0, via Wikimedia Commons]

Hackaday Links: February 26, 2023

February 26, 2023 by Dan Maloney 32 Comments

It’s probably safe to say that most of us have had enough of the Great Balloon Follies to last the rest of 2023 and well beyond. It’s been a week or two since anything untoward was spotted over the US and subsequently blasted into shrapnel, at least that we know of, so we can probably put this whole thing behind us.

But as a parting gift, we present what has to be the best selfie of the year — a photo by the pilot of a U-2 spy plane of the balloon that started it all. Assuming no manipulation or trickery, the photo is remarkable; not only does it capture the U-2 pilot doing a high-altitude flyby of the balloon, but it shows the shadow cast by the spy plane on the surface of the balloon.

The photo also illustrates the enormity of this thing; someone with better math skills than us could probably figure out the exact size of the balloon from the apparent size of the U-2 shadow, in fact.

Continue reading “Hackaday Links: February 26, 2023” →

Hackaday Podcast 207: Modular Furniture, Plastic Prosthetics, And Your Data On YouTube

February 24, 2023 by Tom Nardi 6 Comments

Join Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi as they explore the best and most interesting stories from the last week. The top story if of course the possibility that at least some of the unidentified flying objects the US Air Force valiantly shot down were in fact the work of amateur radio enthusiasts, but a quantitative comparison of NASA’s SLS mega-rocket to that of popular breakfast cereals is certainly worth a mention as well.

Afterwards the discussion will range from modular home furnishings to the possibility of using YouTube (or maybe VHS tapes) to backup your data and AI-generated Pong. Also up for debate are cheap CO2 monitors which may or may not be CO2 monitors, prosthetic limbs made from locally recycled plastic, and an answer to Jenny’s Linux audio challenge from earlier this month.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download it your own bad self!

Continue reading “Hackaday Podcast 207: Modular Furniture, Plastic Prosthetics, And Your Data On YouTube” →

This Week In Security: GoDaddy, Joomla, And ClamAV

February 24, 2023 by Jonathan Bennett 1 Comment

We’ve seen some rough security fails over the years, and GoDaddy’s recent news about a breach leading to rogue website redirects might make the highlight reel. The real juicy part is buried on page 30 of a PDF filing to the SEC.

Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.

That multi-year campaign appears to goes back to at least October 2019, when an SSH file was accessed and altered, leading to 28,000 customer SSH usernames and passwords being exposed. There was also a 2021 breach of the GoDaddy WordPress environment, that has been linked to the same group.

Reading between the lines, there may be an implication here that the attackers had an ongoing presence in GoDaddy’s internal network for that entire multi-year period — note that the quote above refers to a single campaign, and not multiple campaigns from the same actor. That would be decidedly bad.

Joomla’s Force Persuasion

Joomla has a critical vulnerability, CVE-2023-23752, which is a trivial information leak from a web endpoint. This flaw is present in all of the 4.x releases, up to 4.2.8, which contains the fix. The issue is the Rest API, which gives access to pretty much everything about a given site. It has an authentication component, of course. The bypass is to simply append ?public=true. Yes, it’s a good old “You don’t need to see his identification” force suggestion.

There’s even a PoC script that runs the request and spits out the most interesting data: the username, password, and user id contained in the data. It’s not quite as disastrous as that sounds — the API isn’t actually leaking the administrative username and password, or even password hash. It’s leaking the SQL database information. Though if your database is accessible from the Internet, then that’s pretty much as bad as it could be. Continue reading “This Week In Security: GoDaddy, Joomla, And ClamAV” →

Supercon 2022: Tap Your Rich Uncle To Fund Your Amateur Radio Dreams

February 23, 2023 by Dan Maloney 11 Comments

Imagine you had a rich uncle who wanted to fund some of your projects. Like, seriously rich — thanks to shrewd investments, he’s sitting on a pile of cash and is now legally obligated to give away $5,000,000 a year to deserving recipients. That would be pretty cool indeed, but like anything else, if it sounds too good to be true, it probably is, right?

Well, maybe not. It turns out that we in the amateur radio community — and even amateur radio adjacent fields — have a rich uncle named Amateur Radio Digital Communications (ARDC), a foundation with a large endowment and a broad mission to “support amateur radio, funds scholarships and worthy educational programs, and financially support technically innovative amateur radio and digital communications projects.” As the foundation’s Outreach Manager John Hayes (K7EV) explained at Supercon 2022, ARDC is a California-based 501(c)3 non-profit organization that has been in the business of giving away money to worthy projects in the amateur radio space since 2021.

Continue reading “Supercon 2022: Tap Your Rich Uncle To Fund Your Amateur Radio Dreams” →