This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
To start our week of vulnerabilities in everything, there’s a potentially big vulnerability in Android handsets, but it’s Apple’s fault. OK, maybe that’s a little harsh — Apple released the code to their Apple Lossless Audio Codec (ALAC) back in 2011 under the Apache License. This code was picked up and shipped as part of the driver stack for multiple devices by various vendors, including Qualcomm and MediaTek. The problem is that the Apple code was terrible, one researcher calling it a “walking colander” of security problems.
Apple has fixed their code internally over the years, but never pushed those updates to the public code-base. It’s a fire-and-forget source release, and that can cause problems like this. The fact that ALAC was released under a permissive license may contribute to the problem. Someone (in addition to Apple) likely found and fixed the security problems, but the permissive license doesn’t require sharing those fixes with a broader community. It’s worth pondering whether a Copyleft license like the GPL would have gotten a fix distributed years ago.
Regardless, CVE-2021-0674 and CVE-2021-0675 were fixed in both Qualcomm and MediaTek’s December 2021 security updates. These vulnerabilities are triggered by malicious audio files, and can result in RCE. An app could use this trick to escape the sandbox and escalate privileges. This sort of flaw has been used by actors like the NSO group to compromise devices via messaging apps. Continue reading “This Week In Security: Android And Linux, VirusTotal, More Psychic Signatures”→
The Sci-Fi Contest closed out on Monday, and we put our heads together and picked our favorites. And it was no easy task, because in addition to many of the projects simply looking stellar, many went all-out on the documentation as well, making these stellar examples that we can all learn from, whether you’re into sci-fi or not. But who are we kidding? From the responses we got, you are.
The Winners
[RubenFixit]’s Star Trek Shuttle Console is a Trek themed escape room in a box. The project’s extraordinary attention to detail and exhaustive project logs absolutely won our judges heart. From the LCARS graphics to the 3D printed isolinear chip bays and mimetic crystals, it’s all there. [Ruben] estimates about 300 hours of work went into this one, and it shows.
We had no shortage of robotic projects in the contest, but [RudyAramayo]’s R.O.B. won our judges over. This one is not a joke, weighing in at over 140 lbs of custom metalwork and righteous treads. It’s also made out of some expensive hardware all around, so maybe this isn’t your weekend-build robot. We love the comment on the Arduino test code suite: “For gods sake man, you must test your code when it becomes an autonomous vehicle.”
Finally, [zapwizard]’s Functional Razor Crest Control Lever is a prop and a video game controller in one. We can totally see Grogu playing with this, and we were wowed by the attention to detail in the physical build — with custom gears and a speed limiter — as well as the attention to prop-making detail. Some parts are custom-cut stainless steel plates. 3D printed parts are covered in aluminum tape and chemically aged. Awesome. Oh yeah, it’s also a working USB joystick.
These three winners will be receiving a $150 shopping spree at Digi-Key.
Time flies! This weekend marks the end of the first stage of the 2022 Hackaday Prize, and your chance to enter your alternative-energy projects. There are ten $500 prizes up for grabs, and there’s still time to whip up a project page over on Hackaday.io to showcase it.
In this round, we’re looking for projects that harvest their own energy — solar, wind, heat, vibration, you name it — or projects that make it easier to collect, store, or use renewable energy. Whether this is microwatts or megawatts, the scale of the project is up to you! As long as it’s using or making it easier to use clean energy, we want to see it.
The sun is not the only game in town, though. There are a surprising number of projects based on human energy production in emergency situations, from cranking to shaking. Thermionic converters were new to us, but we love explorations of fringe tech. Other traditional favorites like wind and water may make more sense for larger applications. And don’t forget how you’re going to store all this juice you’ve collected.
In short, we’ve got a bunch of great entries, but we’re still missing yours! There’s no minute like the last minute: if you’ve done some work in clean or renewable energy, set yourself up a Hackaday.io project page now. You’ll help make all our projects cleaner, and stand a good chance of taking home some real money to boot!
Once we’ve handled power, the next round is “Reuse, Recycle, Revamp” where any tech that uses recycled parts or facilitates reuse, repair, or recycling is fair game!
The ozone layer is a precious thing, helping protect the Earth from the harshest of the sun’s radiative output. If anything were to damage this layer, we’d all feel the results in a very short order indeed.
In the past, humanity has worked to limit damage to the ozone layer from our own intentional actions. However, it’s not just aerosol cans and damaged air conditioning systems that are putting it at risk these days. The fierce wildfires we’ve seen so much of in recent years are also having a negative effect. Let’s take a look at why the ozone layer matters, and how it’s being affected by these wildfires.
Welding is often a hot and noisy process. It generally involves some fancy chemistry and proper knowledge to achieve good results. Whether you’re talking about arc, TIG, or MIG, these statements all apply.
The same is true for explosion welding, though it’s entirely unlike any traditional hand welding methods you’ve ever seen before. Today, we’ll explore how this technique works and the applications it’s useful for. Fire in the hole!
Don’t Blow Them Apart, Blow Them Together!
Explosion welding occurs near-instantaneously, but is done in a progressive fashion. The angle of collision, as well as the speed of the explosive front, is key to getting a quality weld. Image credit: NASA, public domain
The technique of explosion welding is relatively new compared to other metal-joining techniques. In the two World Wars of the 20th century, pieces of shrapnel were often found stuck to armor plating. Close observation showed that shrapnel was in fact welding on to metal armor, rather than simply being embedded in such. Given that collisions between shrapnel and armor often occur without the extreme heat of typical welding operations, it indicated that it was instead great velocity of the impact between shrapnel and armor that was melding the metals together.
The same results were later recreated in the lab, and explosoin welding was developed into a refined technique after World War II. 1962 saw DuPont patent a process for explosion welding later to be known under the “Detaclad” trademark.
Imagine, if you will, the perfect electronics lab. Exactly how it looks in your mind will depend a lot upon personal preferences and brand loyalty, but chances are good it’ll be stocked to the gills with at least one every conceivable type of high-precision, laboratory-grade instrument you can think of. It’ll have oscilloscopes with ridiculously high bandwidths, multimeters with digits galore, logic analyzers, waveform generators, programmable power supplies, spectrum analyzers — pretty much anything and everything that can make chasing down problems and developing new circuits easier.
Alas, the dream of a lab like this crashes hard into realities like being able to afford so many instruments and actually finding a place to put them all. And so while we may covet the wall of instruments that people like Marco Reps or Kerry Wong enjoy, most of us settle for a small but targeted suite of instruments, tailored to our particular needs and budgets.
It doesn’t necessarily need to be that way, though, and with software-defined instrumentation, you can pack a lab full of virtual instruments into a single small box. Software-defined instrumentation has the potential to make an engineering lab portable enough for field-service teams, flexible enough for tactical engineering projects, and affordable for students and hobbyists alike.
Ben Nizette is Product Manager at Liquid Instruments, the leader in precision software-defined instrumentation. He’s the engineer behind Moku:Go, the company’s first consumer product, which squeezes eleven instruments into one slim, easily transported, affordable package. He’s been in the thick of software-defined instrumentation, and he’ll drop by the Hack Chat to talk about the pros and cons of the virtual engineering lab, what it means for engineering education, and how we as hobbyists can put it to work on our benches.
Wait, what? Is it possible that a tech company just killed off a product with a huge installed base of hardware and a community of dedicated users, and it wasn’t Google? Apparently not, if the stories of the sudden demise of Insteon are to be believed. The cloud-based home automation concern seems to have just disappeared — users report the service went offline at the end of last week, and hasn’t been back since. What’s more, the company’s executives removed Insteon from their LinkedIn profiles, and the CEO himself went so far as to remove his entire page from LinkedIn. The reasons behind the sudden disappearance remained a mystery until today, when The Register reported that Smartlabs, Inc., the parent company of Insteon, had become financially insolvent after an expected sale of the company failed in March. The fact that the company apparently knew this was going to happen weeks ago and never bothered to give the community a heads up before pulling the switches has led to a lot of hard feelings among the estimated 100,000 Insteonhub users.
Then again, with a comet the size of Rhode Island heading our way, a bunch of bricked smart bulbs might just be a moot point. The comet, known as C/2014 UN271, has a nucleus that is far larger than any previously discovered comet, which makes it a bit of an oddball and an exciting object to study. For those not familiar with the United States, Rhode Island is said to be a state wedged between Connecticut and Massachusetts, but even having lived in both those states, we couldn’t vouch for that. For scale, it’s about 80 miles (128 km) across, or a little bit bigger than Luxembourg, which we’re pretty sure is mythical, too. The comet is a couple of billion miles away at this point; it may never get closer than a billion miles from the Sun, and that in 2031. But given the way things have been going these last few years, we’re not banking on anything.
From the “Answering the Important Questions” file, news this week of the Massachusetts Institute of Technology’s breakthrough development of the “Oreometer,” a device to characterize the physical properties of Oreo cookies. The 3D printed device is capable of clamping onto the wafer parts of the popular sandwich cookie while applying axial torque. The yield strength of the tasty goop gluing the two wafers together can be analyzed, with particular emphasis on elucidating why it always seems to stay primarily on one wafer. Thoughtfully, the MIT folks made the Oreometer models available to one and all, so you can print one up and start your own line of cookie-related research. As a starting point, maybe take a look at the shear strength of the different flavors of Oreo, which might answer why the world needs Carrot Cake Oreos.
And finally, since we mentioned the word “skiving” last week in this space, it seems like the all-knowing algorithm has taken it upon itself to throw this fascinating look at bookbinding into our feed. We’re not complaining, mind you; the look inside Dublin’s J.E. Newman and Sons bookbinding shop, circa 1981, was worth every second of the 23-minute video. Absolutely everything was done by hand back then, and we’d imagine that very little has changed in the shop over the ensuing decades. The detail work is incredible, especially considering that very few jigs or fixtures are used to ensure that everything lines up. By the way, “skiving” in this case refers to the process of thinning out leather using a razor-sharp knife held on a bias to the material. It’s similar to the just-as-fascinating process used to make heat sinks that we happened upon last week.
![[Nick Poole]'s thermionic converter array](https://i0.wp.com/hackaday.com/wp-content/uploads/2022/04/5315181650477410414_thumbnail.png?w=396&h=396&crop=1&ssl=1 "5315181650477410414_thumbnail")
![[Anuradha Gunawardhana]'s 18650 Pack](https://i0.wp.com/hackaday.com/wp-content/uploads/2022/04/5079001583214379162_thumbnail.png?w=396&h=396&crop=1&ssl=1 "5079001583214379162_thumbnail")
