Lubrication Engineering Hack Chat

October 17, 2022 by Dan Maloney 27 Comments

Join us on Wednesday, October 19 at noon Pacific for the Lubrication Engineering Hack Chat with Rafe Britton!

You know the old joke: if it moves when it shouldn’t, fix it with duct tape, and if it doesn’t move but it should, fix it with WD-40. For a lot of us, that’s about as far as our expertise on lubricants — and adhesives — goes. That’s a shame, because with hundreds of years of petrochemical engineering expertise behind us, not to mention millennia more of ad hoc experience with natural substances, just reaching for that trusty blue and yellow can for a spritz is perhaps a wasted opportunity. Sure, it’ll work — maybe — but is it really the right tool for the job?

Modern lubricants are extremely complex and highly engineered materials, often built atom by atom to perform a specific job under specific, often extremely challenging, conditions. Oils and greases are much more than just the slippery stuff that keeps our mechanical systems running, and while you might not need to know all the details of how they’re made to put them to use, a little inside information could go a long way in making sure your mechanism lasts.

We’ve invited Rafe Britton on the Hack Chat to talk about all aspects of lubrication engineering. With degrees in engineering and physics, Rafe runs Lubrication Expert and the Lubrication Explained channel on YouTube to help his clients figure out what they don’t know about lubrication, and how to put that knowledge to use in the real world. Be sure to bring your questions and concerns about lubrication, as well as your lubrication success stories and failures — especially the failures!

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, October 19 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Teardown: Cooler Max Liquid Cooling System

October 17, 2022 by Tom Nardi 57 Comments

Every week, the Hackaday tip line is bombarded with offers from manufacturers who want to send us their latest and greatest device to review. The vast majority of these are ignored, simply because they don’t make sense for the sort of content we run here. For example, there’s a company out there that seems Hell-bent on sending us a folding electronic guitar for some reason.

At first, that’s what happened when CoolingStyle recently reached out to us about their Cooler Max. The email claimed it was the “World’s First AC Cooler System For Gaming Desktop”, which featured a “powerful compressor which can bring great cooling performance”, and was capable of automatically bringing your computer’s temperature down to as low as 10℃ (50°F). The single promotional shot in the email showed a rather chunky box hooked up to a gaming rig with a pair of flexible hoses, but no technical information was provided. We passed the email around the (virtual) water cooler a bit, and the consensus was that the fancy box probably contained little more than a pair of Peltier cooling modules and some RGB LEDs.

The story very nearly ended there, but there was something about the email that I couldn’t shake. If it was just using Peltier modules, then why was the box so large? What about that “powerful compressor” they mentioned? Could they be playing some cute word games, and were actually talking about a centrifugal fan? Maybe…

It bothered me enough that after a few days I got back to CoolingStyle and said we’d accept a unit to look at. I figured no matter what ended up being inside the box, it would make for an interesting story. Plus it would give me an excuse to put together another entry for my Teardowns column, a once regular feature which sadly has been neglected since I took on the title of Managing Editor.

There was only one problem…I’m no PC gamer. Once in a while I’ll boot up Kerbal Space Program, but even then, my rockets are getting rendered on integrated video. I don’t even know anyone with a gaming computer powerful enough to bolt an air conditioner to the side of the thing. But I’ve got plenty of experience pulling weird stuff apart to figure out how it works, so let’s start with that.

Continue reading “Teardown: Cooler Max Liquid Cooling System” →

Hackaday Links: October 16, 2022

October 16, 2022 by Dan Maloney 20 Comments

Be careful where your take your iPhone 14 or Apple Watch, because under the right circumstances, you might end up swatting yourself. At least that’s what seems to have happened to some owners when their device’s crash detection feature interpreted a roller coaster ride as a car crash, and dialed emergency services. Crash detection is apparently set up to make the call automatically when accelerometers detect the high g-forces that normally occur in a crash, but can also occur on a coaster ride — at least the good one. In at least one case, an ersatz call to 911 was accompanied by the screams of fellow coaster riders, as the service apparently opens the device’s microphone when a crash is detected.

Hilarity ensued, of course, as long as you weren’t someone with a legit emergency who experienced a delayed response because of this. We’d have sworn that having a system auto-dial 911 was strictly illegal for just this reason, but apparently not. We guess there are two lessons here: one, that Apple engineers really should have thought this through, and maybe need to get out into the real world once in a while; and two, that people will gladly fork over their hard-earned dollars for the privilege of going on a fun ride that’s indistinguishable from a car crash. Our own Lewin Day took a close look at the situation earlier this week if you’d like to read more on the subject.

Continue reading “Hackaday Links: October 16, 2022” →

Why Learn Ancient Tech?

October 15, 2022 by Elliot Williams 69 Comments

The inner orbits of the Hackaday solar system have been vibrating with the announcement of the 2022 Hackaday Supercon badge. The short version of the story is that it’s a “retrocomputer”. But I think that’s somehow selling it short a little bit. The badge really is an introduction to machine language or maybe a programming puzzle, a ton of sweet blinky lights and clicky buttons, and what I think of as a full-stack hacking invitation.

Voja Antonic designed the virtual 4-bit machine that lives inside. What separates this machine from actual old computers is that everything that you might want to learn about its state is broken out to an LED on the front face, from the outputs of the low-level logic elements that compose the ALU to the RAM, to the decoder LEDs that do double-duty as a disassembler. You can see it all, and this makes it an unparalleled learning aid. Or at least it gives you a fighting chance.

So why would you want to learn a made-up machine language from a non-existent CPU? Tom Nardi and I were talking about our experiences on the podcast, and we both agreed that there’s something inexplicably magical about flipping bits, calling the simplest of computer operations into action, and nonetheless making it do your bidding. Or rather, it’s anti-magical, because what’s happening is the stripping away of metaphors and abstractions. Peering not just behind, but right through the curtain. You’re seeing what’s actually happening for once, from the bottom to the top.

As Voja wrote on the silkscreen on the back of the badge itself: “A programmer who has never coded 1s and 0s in machine language is like a child who has never run barefoot on the grass.” It’s not necessary, or maybe even relevant, but learning a complex machine in its entirety is simultaneously grounding and mind-expanding. It is simply an experience that you should have.

ERRF 22: After Two Years, Back And Better Than Ever

October 14, 2022 by Tom Nardi 5 Comments

When the COVID-19 pandemic hit, it became clear that organizers would have to pull the plug on any large social events they had planned. Many organizers decided to take their events online, but blurry web streams and meme-filled Discord channels can only get you so far. At this point we’re all keenly aware that, while they do have some advantages, virtual events are not the same as the real thing.

Which is why I was looking forward to making the trip down to Bel Air, Maryland for the first in-person East Coast RepRap Festival (ERRF) since 2019. I’m happy to report that the event, which was still in its infancy prior to the pandemic, was just as lively this year as it was doing my previous trips. Perhaps even more so, as local hackers and makers were eager for an outlet to show of their latest creations.

I’ll admit that part of me was concerned the two-year shutdown would have robbed ERRF of the momentum organizers had worked so hard to build. But judging by what I saw over the weekend, it seems even a global pandemic couldn’t slow down this fantastic event.

Continue reading “ERRF 22: After Two Years, Back And Better Than Ever” →

Hackaday Podcast 189: Seven Segments Three Ways, Candle Code, DIY E-Readers, And The Badge Reveal

October 14, 2022 by Tom Nardi 4 Comments

This week Hackaday Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi will discuss the return of the East Coast RepRap Festival, the scientific application of slices of baloney, and the state of the art in homebrew e-readers. The discussion weaves its way through various reimaginings of the seven (or more) segment display, an impressive illuminated headboard that comes with its own science-fiction film, and the surprising difficulty of getting a blinking LED to actually look like a flame. Stick around to the end to find out why iPhones are freaking out on amusement park rides, and to hear all the details about this year’s Supercon badge.

Direct download your own!

Continue reading “Hackaday Podcast 189: Seven Segments Three Ways, Candle Code, DIY E-Readers, And The Badge Reveal” →

This Week In Security: Npm Timing Leak, Siemens Universal Key, And PHP In PNG

October 14, 2022 by Jonathan Bennett 12 Comments

First up is some clever wizardry from the [Aqua Nautilus] research team, who discovered a timing attack that leaks information about private npm packages. The setup is this, npm hosts both public and private node.js packages. The public ones are available to everyone, but the private packages are “scoped”, meaning they live within a private namespace, “@owner/packagename” and are inaccessible to the general public. Trying to access the package results in an HTTP 404 error — the same error as trying to pull a package that doesn’t exist.

The clever bit is to keep trying, and really pay attention to the responses. Use npm’s API to request info on your target package, five times in a row. If the package name isn’t in use, all five requests will take the expected amount of time. That request lands at the service’s backend, a lookup is performed, and you get the response. On the flipside if your target package does exist, but is privately scoped, the first request returns with the expected delay, and the other four requests return immediately. It appears that npm has front-end that can cache a 404 response for a private package. That response time discrepancy means you can map out the private package names used by a given organization in their private scope.

Now this is all very interesting, but it turns into a plausible attack when combined with typosquatting and dependency confusion issues. Those attacks are two approaches to the same goal, get a node.js deployment to run a malicious package instead of the legitimate one the developer intended. One depends on typos, but dependency confusion just relies on a developer not explicitly defining the scope of a package.

Continue reading “This Week In Security: Npm Timing Leak, Siemens Universal Key, And PHP In PNG” →