Hackaday Podcast 198: Major Tom On The ISS, 3DP Ovals And Overhangs, Inside A Mini Cheetah Clone

December 23, 2022 by Dan Maloney No comments

As we slide into the Christmas break, Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney look at the best and brightest of this week’s hacks. It wasn’t an easy task — so much good stuff to choose from! But they figured it out, and talked about everything from impossible (and semi-fractal) 3D printing overhangs and the unfortunate fishies of Berlin’s ex-aquarium, to rolling your own FM radio station and how a spinning Dorito of doom is a confusing way to make an electric vehicle better.

Think it’s no fun when your friend forgets to pick you up at the airport? Wait until you hear about what it’s like to get stuck on the ISS, and the incredibly risky way you might have to get home. Interested in the anatomy and physiology of a cloned robo-dog? Then let the master do a teardown and give you his insight. We’ll make some time for tea, cross our eyes for stereo photos, and dive into the mechanics of the USB-C.

Download the podcast and put it on a minidisc for the reindeer.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Continue reading “Hackaday Podcast 198: Major Tom On The ISS, 3DP Ovals And Overhangs, Inside A Mini Cheetah Clone” →

This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability

December 23, 2022 by Jonathan Bennett 6 Comments

It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever a pull request is opened. But that pull request is run in some part of the target’s development environment, and there’s been a few clever attacks found over the years that take advantage of that. There’s now another one, what Legit Security calls Github Environment Injection, and there were some big-name organizations vulnerable to it.

The crux of the issue is the $GITHUB_ENV file, which contains environment variables to be set in the Actions environment. Individual variables get added to this file as part of the automated action, and that process needs to include some sanitization of data. Otherwise, an attacker can send an environment variable that includes a newline and completely unintended environment variable. And an unintended, arbitrary environment variable is game over for the security of the workflow. The example uses the NODE_OPTIONS variable to dump the entire environment to an accessible output. Any API keys or other secrets are revealed.

This particular attack was reported to GitHub, but there isn’t a practical way to fix it architecturally. So it’s up to individual projects to be very careful about writing untrusted data into the $GITHUB_ENV file.

Continue reading “This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability” →

Arduboy Mini Is A Fresh Take On An 8-bit Favorite

December 22, 2022 by Tom Nardi 8 Comments

We’ve always been big fans of the Arduboy here at Hackaday. When creator Kevin Bates showed us the original prototype back in 2014, the idea was to use his unique method of mounting components inside routed holes in the PCB to produce an electronic business card that was just 1.6 mm thick. But the Internet quickly took notice of the demos he posted online, and what started as a one-off project led to a wildly successful Kickstarter for a sleek handheld gaming system that used modern components and manufacturing techniques to pay homage to the 8-bit retro systems that came before it.

It’s the sort of hacker success story that we live for around here, but it didn’t end there. After the Kickstarter, the Arduboy community continued to grow, thanks in no small part to Kevin never forgetting the open source principles the product was built on.

He took an active role in the growing community, and when some Arduboy owners started tinkering with adding external storage to their systems so they could hold hundreds of games at a time, he didn’t chastise them for exploring. Instead, he collaborated with them to produce not only a fantastic add-on modification for the original Arduboy, but a new version of the Arduboy that had the community-inspired modifications built in.

Now Kevin is back with the Arduboy Mini, which not only retains everything that made the original a success, but offers some exciting new possibilities. There’s little doubt that he’s got another success on his hands as well as the community’s backing — at the time of this writing, the Kickstarter campaign for the $29 USD Mini has nearly quadrupled its funding goal.

But even still, Kevin offered us a chance to go hands-on with a prototype of the Arduboy Mini so that anyone on the fence can get a third party’s view on the new system. So without further ado, let’s take a look at how this micro machine stacks up to its full-sized counterparts.

Continue reading “Arduboy Mini Is A Fresh Take On An 8-bit Favorite” →

Blood Pressure Monitoring, Courtesy Of Cameras And AI

December 21, 2022 by Lewin Day 60 Comments

At the basic level, methods of blood pressure monitoring have slowly changed in the last few decades. While most types of sphygmomanometer still rely on a Velcro cuff placed around the arm, the methodology used in measurement varies. Analog mercury and aneroid types still abound, while digital blood pressure monitors using electrical sensors have become mainstream these days.

Researchers have now developed a new non-invasive method of measurement that does away with the arm cuff entirely. The method relies entirely on video capture with a camera and processing via AI.

Continue reading “Blood Pressure Monitoring, Courtesy Of Cameras And AI” →

All About USB-C: Connector Mechanics

December 20, 2022 by Arya Voronova 32 Comments

There’s two cases when hackers have to think about USB-C connector mechanics. The first is when a USB-C connector physically breaks, and the second is when we need to put a connector on our own board. Let’s go through both of them.

Clean That Connector

What if a socket on your phone or laptop fails? First off, it could be due to dust or debris. There’s swabs you can buy to clean a USB-C connector; perhaps adding some isopropyl alcohol or other cleaning-suitable liquids, you can get to a “good enough” state. You can also reflow pins on your connector, equipped with hot air or a sharp soldering iron tip, as well as some flux – when it comes to mechanical failures, this tends to remedy them, even for a short period of time.

How could a connector fail, exactly? Well, one of the pins could break off inside the plastic, or just get too dirty to make contact. Consider a device with a USB-C charging and data socket, with USB 2.0 but without high-speed pairs – which is to say, sadly, the majority of the phones out there. Try plugging it into a USB-A charger using a USB-A to USB-C cable. Does it charge, even if slowly? Then, your VBUS pins are okay.

Plug it into a Type-C charger using a Type-C cable, and now the CC pins are involved. Does it charge in both orientations? Then both of your CC pins are okay. Does it charge in only one orientation? One of the CC pins has to be busted. Then, you can check USB 2.0 pins, used for data transfer and legacy charging. Plug the phone into a computer using a USB-A to USB-C cable. Does it enumerate as a device? Does it enumerate in both orientations? If not, you might want to clean D- and D+ pins specifically, maybe even both sets. Continue reading “All About USB-C: Connector Mechanics” →

Laser Fusion Ignition: Putting Nuclear Fusion Breakthroughs Into Perspective

December 19, 2022 by Maya Posch 45 Comments

This month the media was abuzz with the announcement that the US National Ignition Facility (NIF) had accomplished a significant breakthrough in the quest to achieve commercial nuclear fusion. Specifically, the announcement was that a net fusion energy gain (Q) had been measured of about 1.5: for an input of 2.05 MJ, 3.15 MJ was produced.

What was remarkable about this event compared to last year’s 1.3 MJ production is that it demonstrates an optimized firing routine for the NIF’s lasers, and that changes to how the Hohlraum – containing the deuterium-tritium (D-T) fuel – is targeted result in more effective compression. Within this Hohlraum, X-rays are produced that serve to compress the fuel. With enough pressure, the Coulomb barrier that generally keeps nuclei from getting near each other can be overcome, and that’s fusion.

Based on the preliminary results, it would appear that a few percent of the D-T fuel did undergo fusion. So then the next question: does this really mean that we’re any closer to having commercial fusion reactors churning out plentiful of power?

Continue reading “Laser Fusion Ignition: Putting Nuclear Fusion Breakthroughs Into Perspective” →

Hackaday Links: December 18, 2022

December 18, 2022 by Dan Maloney 27 Comments

By now everyone has probably seen the devastation wrought by the structural failure of what was once the world’s largest free-standing cylindrical aquarium. The scale of the tank, which until about 5:50 AM Berlin time on Friday graced the lobby of the Raddison Blu hotel, was amazing — 16 meters tall, 12 meters in diameter, holding a million liters of saltwater and some 1,500 tropical fish. The tank sat atop a bar in the hotel lobby and was so big that it even had an elevator passing up through the middle of it.

But for some reason, the tank failed catastrophically, emptying its contents into the hotel lobby and spilling the hapless fish out into the freezing streets of Berlin. No humans were killed by the flood, which is miraculous when you consider the forces that were unleashed here. Given the level of destruction, the displaced hotel guests, and the fact that a €13 million structure just up and failed, we’re pretty sure there will be a thorough analysis of the incident. We’re pretty interested in why structures fail, so we’ll be looking forward to finding out the story here.

Continue reading “Hackaday Links: December 18, 2022” →