Heavy Engineering Hack Chat

September 13, 2022 by Dan Maloney 1 Comment

Join us on Wednesday, September 14 at noon Pacific for the Heavy Engineering Hack Chat with Andy Oliver!

Here at Hackaday, we focus mainly on engineering at the small end of the spectrum. Millimeter waves, nearly microscopic SMD components, nanoscale machines like MEMS accelerometers, and silicon chips with features that measure in the nanometer range. We’ve all become pretty good at wrapping our heads around problems at the wee end of the spectrum.

And while all that tiny stuff is great, there’s a whole, big world out there to explore, with big engineering to solve big problems. Think of things like dam spillways, lift bridges, and canal locks — big stuff that still has to move, and has to do it safely and efficiently. Those are problems that demand an entirely different way of thinking, and skills that not a lot of us have.

Andy Oliver works in the world of big, movable structures, designing control systems for them. He’ll drop by the Hack Chat to discuss the engineering that not only makes these structures work but also keeps them safe and reliable. If you’ve ever wondered how big things work, you won’t want to miss this one.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, September 14 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Git Intro For Hardware Hackers

September 12, 2022 by Arya Voronova 20 Comments

Git is a wonderful tool that can multiply your project’s impact, or make your project easier to manage by an order of magnitude. Some of us hackers don’t yet know how to use command-line Git, but a relatable example of why a certain tool would be useful might be a good start. Today, I’d like to give you a Git crash course – showing you why and how to put a KiCad PCB into a Git repository, later to be shared with the world.

KiCad works wonderfully with Git. The schematic and PCB files of KiCad are human-readable, especially when compared to other PCB file formats. KiCad creates different files for different purposes, each of them with a well-defined role, and you can make sense of every file in your project folder. What’s more, you can even modify KiCad files in a text editor! This is exactly the kind of use case that Git fits like a glove.

Not Just For Software Developers

What’s Git about, then? Fundamentally, Git is a tool that helps you keep track of code changes in a project, and share these changes with each other. Intended for Linux kernel development as its first target, this is what it’s been designed for, but it’s flexibility extends far beyond software projects. We hardware hackers can make use of it in a variety of ways – we can store PCB and other design software files, blog articles, project documentation, personal notes, configuration files and whatever else that even vaguely fits the Git modus operandi. Continue reading “Git Intro For Hardware Hackers” →

Hackaday Links: September 11, 2022

September 11, 2022 by Kristina Panos 10 Comments

Good news out of Mars from the little lunchbox that could — in the seven times that MOXIE has run since it arrived in February 2021, it has reached its target production of six grams of oxygen per hour, which is in line with the output of a modest tree here on Earth. The research team which includes MOXIE engineers report that although the solid oxide electrolysis machine has shown it can produce oxygen at almost any time or day of the Martian scale, they have not shown what MOXIE can do at dawn or dusk, when the temperature changes are substantial, but they say they have ‘an ace up (their) sleeve’ that will let them do that. We can’t wait to see what they mean.

In other, somewhat funnier space news — early last Sunday morning, the ESA’s Solar Orbiter was cruising by Venus as part of a gravity-assist maneuver to get the Orbiter closer to the Sun. Two days before the Orbiter was to reach its closest point to the spacious star, it spat a coronal mass ejection in the general direction of both Venus and the Orbiter (dibs on that band name), as if to say ‘boo’. Fortunately, the spacecraft is designed to withstand such slights, but the same cannot be said for Venus — these events have their way with Venus’ atmosphere, depleting it of gasses.

Continue reading “Hackaday Links: September 11, 2022” →

Who Is Responsible For Your Safety?

September 10, 2022 by Elliot Williams 182 Comments

We recently posted a video where some ingenious metal-shop hackers made a simple jig to create zig-zag oil grooves on the inside of a cylinder, and the comment section went wild. What ensued was a flood of complaints that the video displayed unsafe shop practices, from lack of safety glasses to wearing flip-flops while operating a lathe.

Where the comments went off the rails were people asking Hackaday to remove our discussion of the video, because the commenters thought that we were somehow implicitly encouraging open-toed footwear in the presence of machine tools. We certainly weren’t! We wanted you all to see the clever machining hack, and be inspired to build your own. We figure that you’ve got the safety angle covered.

Now don’t get me wrong – there were safety choices made in the video that I would not personally make. But it also wasn’t my shop and I wasn’t operating the machines. And you know who is ultimately responsible for the safety in my basement shop? Me! And guess who is responsible for safety in your shop.

But of course, none of us know everything about every possible hazard. (Heck, I wrote just that a few weeks ago!) So while we’re sympathetic with the “that’s not safe!” crew, we’re not going to censor inspiring hacks just because something done along the way wasn’t done in the way we would do it. Instead, it’s our job, in the comment section as in Real Life™, to help each other out and share our good safety tips when we can.

You’ll see some crazy stuff in videos, and none of it is to be repeated without thinking. And if you do see something dodgy, by all means point it out, and mention how you would do it better. Turn the negative example around for good, rather than calling for its removal. Use the opportunity to help, rather than hide.

But also remember that when the chips are flying toward your personal eyeballs, it’s up to you to have glasses on. We all do potentially hazardous things all the time, and it’s best to be thinking about the risks and their mitigation. So stay safe out there. Keep on learning and keep on hacking!

Hackaday Podcast 184: What Is Art, Bulk Tape Eraser Go Brr, And The Death Of Email

September 9, 2022 by Kristina Panos 3 Comments

This week, Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos had a lot of fun discussing the best of the previous week’s hacks in spite of Elliot’s microphone connectivity troubles. News-wise, we busted out the wine and cheese to briefly debate whether a Colorado man should have won an art competition by entering an image created by AI. Afterward, we went around a bit about floppies, which are being outlawed in Japan.

Then it’s on to the What’s That Sound Results Show, but since Elliot can’t find a 14-sided die, he pulled on the Internet for our random number needs. Congratulations to our big winner [D Rex], who will receive one our coveted Hackaday Podcast t-shirts (Ed. note: Heck, I don’t even have one! That’s how special these babies are).

Afterlife for dead floppies.

Make shoes out of this.

Kristina’s Cyberdeck Thoughts

Is the food-safety-of-3D-printing debate over once and for all? It is as far as Elliot’s concerned. You know what else is over? The era of distributed, independent email servers. Bah! We’re not kidding about that last one — and we discuss a lie-detecting app that may or may not prove our innocence.

Finally, we talk active foot cooling, heat barriers for hot shops, and big, strong magnets. What are they for? Fixing floppies, fool!

Direct download.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Continue reading “Hackaday Podcast 184: What Is Art, Bulk Tape Eraser Go Brr, And The Death Of Email” →

This Week In Security: One-click, UPnP, Mainframes, And Exploring The Fog

September 9, 2022 by Jonathan Bennett 8 Comments

A couple weeks ago we talked about in-app browsers, and the potential privacy issues when opening content in them. This week Microsoft reveals the other side of that security coin — JavaScript on a visited website may be able to interact with the JS embedded in the app browser. The vulnerability chain starts with a link handler published to Android, where any https://m.tiktok[.]com/redirect links automatically open in the TikTok app. The problem here is that this does trigger a redirect, and app-internal deeplinks aren’t filtered out. One of these internal schemes has the effect of loading an arbitrary page in the app webview, and while there is a filter that should prevent loading untrusted hosts, it can be bypassed with a pair of arguments included in the URI call.

Once an arbitrary page is loaded, the biggest problem shows up. The JavaScript that runs in the app browser exposes 70+ methods to JS running on the page. If this is untrusted code, it gives away the figurative keys to the kingdom, as an auth token can be accessed for the current user. Account modification, private video access, and video upload are all accessible. Thankfully the problem was fixed back in March, less than a month after private disclosure. Still, a one-click account hijack is nothing to sneeze at. Thankfully this one didn’t escape from the lab before it was fixed.

UPnP Strikes Again

It’s not an exaggeration to say that Universal Plug and Play (UPnP) may have been the most dangerous feature to be included in routers with the possible exception of open-by-default WiFi. QNAP has issued yet another advisory of ransomware targeting their devices, and once again UPnP is the culprit. Photo Station is the vulnerable app, and it has to be exposed to the internet to get pwned. And what does UPnP do? Exposes apps to the internet without user interaction. And QNAP, in their efforts to make their NAS products more usable, included UPnP support, maybe by default on some models. If you have a QNAP device (or even if you don’t), make sure UPnP is disabled on your router, turn off all port forwarding unless you’re absolutely sure you know what you’re doing, and use Wireguard for remote access. Continue reading “This Week In Security: One-click, UPnP, Mainframes, And Exploring The Fog” →

The TAK Ecosystem: Military Coordination Goes Open Source

September 8, 2022 by Danie Conradie 38 Comments

In recent years you’ve probably seen a couple of photos of tablets and smartphones strapped to the armor of soldiers, especially US Special Forces. The primary app loaded on most of those devices is ATAK or Android Tactical Assault Kit. It allows the soldier to view and share geospatial information, like friendly and enemy positions, danger areas, casualties, etc. As a way of working with geospatial information, its civilian applications became apparent, such as firefighting and law-enforcement, so CivTAK/ATAK-Civ was created and open sourced in 2020. Since ATAK-Civ was intended for those not carrying military-issued weapons, the acronym magically become the Android Team Awareness Kit. This caught the attention of the open source community, so today we’ll dive into the growing TAK ecosystem, its quirks, and potential use cases.