Hackaday Links: February 6, 2022

February 6, 2022 by Dan Maloney 41 Comments

Last week, the news was filled with stories of Jack Sweeney and his Twitter-bot that tracks the comings and goings of various billionaires in their private jets. This caught the attention of the billionaire-iest of them all, one Elon Musk, who took exception to the 19-year-old’s feat of data integration, which draws from a number of public databases to infer the location of Elon’s plane. After Jack wisely laughed off Elon’s measly offer of $5,000 to take the bot down, Elon ghosted him — pretty childish behavior for the richest man on the planet, we have to say. But Jack might just have the last laugh, as an Orlando-based private jet chartering company has now offered him a job. Seems like his Twitter-bot and the resulting kerfuffle is a real resume builder, so job-seekers should take note.

Here’s hoping that you have a better retirement plan than NASA. The space agency announced its end-of-life plans for the International Space Station this week, the details of which will just be a run-up to the 2031 de-orbit and crash landing of any remaining debris into the lonely waters of Point Nemo. The agency apparently sees the increasingly political handwriting on the ISS’s aging and sometimes perforated walls, and acknowledges that the next phase of LEO space research will be carried out by a fleet of commercial space stations, none of which is close to existing yet. Politics aside, we’d love to dig into the technical details of the plan, and see exactly what will be salvaged from the station before its fiery demise, if anything. The exact method of de-orbiting too would be interesting — seems like the station would need quite a bit of thrust to put on the brakes, and might need the help of a sacrificial spacecraft.

“You break it, you fix it,” is a philosophy that we Hackaday types are probably more comfortable with than the general public, who tend to leave repairs of broken gear to professionals. But that philosophy seems to be at the core of Google’s new Chromebook repair program for schools, which encourages students to fix the Chromebooks they’re breaking in record numbers these days. Google is providing guidance for schools on setting up complete Chromebook repair facilities, including physical layout of the shop, organization of workflows, and complete repair information for at least a couple of popular brands of the stripped-down laptops. Although the repairs are limited to module-level stuff, like swapping power supplies, we still love the sound of this. Here’s hoping that something like this can trigger an interest in electronics for students that would otherwise never think to open up something as complicated as a laptop.

Back in July, we took note of a disturbing report of an RTL-SDR enthusiast in Crimea who was arrested for treason, apparently based on his interest in tracking flights and otherwise monitoring the radio spectrum. Now, as things appear to be heating up in Ukraine again, our friends at RTL-SDR.com are renewing their warning to radio enthusiasts in the area that there may still be risks. Then as now, we have little interest in the politics of all this, but in light of the previous arrest, we’d say it pays to be careful with how some hobbies are perceived.

And finally, aside from the aforementioned flight-tracking dustup, it’s been a tough week for Elon and Tesla. Not only have 817,000 of the expensive electric vehicles been recalled over something as simple as a wonky seatbelt chime, but another 54,000 cars are also being recalled for a software bug that causes them to ignore stop signs in “Full Self-Driving” mode. We’re not sure if this video of this Tesla hell-ride has anything to do with that bug, but it sure illustrates the point that FSD isn’t really ready for prime time. Then again, as a former Boston resident, we can pretty safely say that what that Tesla was doing isn’t really that much different than the meat-based drivers there.

The Weirdest Hack

February 5, 2022 by Elliot Williams 31 Comments

I was on the FLOSS podcast (for the Episode of the Beast no less!) and we were talking all about Hackaday. One of the hosts, secretly Hackaday’s own Jonathan Bennett in disguise, asked me what the weirdest hack I’d ever seen on Hackaday was. Weird?!?!

I was caught like a deer in headlights. None of our hacks are weird! Or maybe all of them are? I dunno, it certainly depends on your perspective. Is it weird to build a box that makes periodic meowing noises to hid in a friend’s closet? Is it weird to design new and interesting wheels for acrobats to roll themselves around in? Is it weird to want a rainbow-colored USB DIP switch? Is it weird that these are all posts from the last week?

OK, maybe we are a little bit weird. But that’s the way we like it. Keep it weird and wonderful, Hackaday. You’ve got enough normal stuff to do eight hours a day!

Hackaday Podcast 154: A Good Enough CNC, Stepper Motors Unrolled, Smart Two-Wire LEDs, A Volcano Heard Around The World

February 4, 2022 by Tom Nardi 1 Comment

Join Hackaday Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney for this week’s podcast as we talk about Elliot’s “defection” to another podcast, the pros and cons of CNC builds, and making Nixie clocks better with more clicking. We’ll explore how citizen scientists are keeping a finger on the pulse of planet Earth, watch a 2D stepper go through its paces, and figure out how a minimalist addressable LED strip works. From solving a Rubik’s cube to answering the age-old question, “Does a watched pot boil?” — spoiler alert: if it’s well designed, yes — this episode has something for everyone.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct Download (Less than 60 MB)

Continue reading “Hackaday Podcast 154: A Good Enough CNC, Stepper Motors Unrolled, Smart Two-Wire LEDs, A Volcano Heard Around The World” →

Adafruit Hack Chat Helps You Copy That Floppy

February 4, 2022 by Tom Nardi 22 Comments

You might think the era of the 3.5 inch “floppy” disk is over, and of course, you’d be right. But when has that ever stopped hackers before? Just because these disks are no longer being manufactured doesn’t mean you can’t find them, or that the appropriate drives aren’t readily available. In fact, as [Ladyada] explained during this week’s Floppy Interfacing Hack Chat with Adafruit, the ongoing chip shortages mean its often easier and cheaper to track down old hardware like this than it is modern microcontrollers and other high-tech components.

What awaits the brave hacker that picks up a box of random floppies and a dusty old drive at the local thrift store? More than you might expect. As the Hack Chat goes on, it becomes increasingly obvious that these quaint pieces of antiquated technology can be rather difficult to work with. For one thing there are more formats out there than you’ve probably considered, and maddeningly, not all drives are able to read all types (even if they say they do). That means a disk which might seem like a dud on one drive could work perfectly fine in another, which is why the team at Adafruit recommend having a few on hand if you want to maximize your chances of success.

Now here comes the tricky part: unless you happen to have a 1990s vintage computer laying around, getting these drives hooked up is decidedly non-trivial. Which is why Adafruit have been researching how to interface the drives with modern microcontrollers. This includes the Adafruit_Floppy project, which aims to port the well known Greaseweazle and FluxEngine firmwares to affordable MCUs like the Raspberry Pi Pico. There’s also been promising developments with bringing native floppy support to CircuitPython, which would make reading these disks as easy as writing a few lines of code.

But wait, surely this is a solved problem? Why not just pick up a cheap USB floppy drive from the A to Z online retailer we all love to hate? Unfortunately, these gadgets are something of a mixed bag. [Ladyada] pulls one apart on camera to show that what you’re actually getting with one of these units is a new old stock laptop floppy drive hooked up to a dodgy purpose-built chip that connects to the original 26-pin flex cable and offers up a USB interface. That would be great, if it wasn’t for the fact that the chip is exceedingly selective about what kind of disks it will read. If you’re only worried about bog standard IBM-formatted disks they can work in a pinch, but like they say, you get what you pay for.

So is it all just academic? Is there really any reason to use a floppy disk in 2022? The fine folks at Adafruit would argue that the skills necessary to read usable data out of a stream of magnetic flux changes may very well come in handy in unexpected ways down the road. But even if not, there’s at least one good reason to cultivate the technology required to reliably read from these once ubiquitous storage devices: archiving the data stored on these disks before they invariably succumb to so-called “bit rot” and are potentially lost to history.

Continue reading “Adafruit Hack Chat Helps You Copy That Floppy” →

This Week In Security: Samba, Wormhole Crypto Heist, And A Bogus CVE

February 4, 2022 by Jonathan Bennett 6 Comments

Samba has a very serious vulnerability, CVE-2021-44142, that was just patched in new releases 4.13.17, 4.14.12, and 4.15.5. Discovered by researchers at TrendMicro, this unauthenticated RCE bug weighs in at a CVSS 9.9. The saving grace is that it requires the fruit VFS module to be enabled, which is used to support MacOS client and server interop. If enabled, the default settings are vulnerable. Attacks haven’t been seen in the wild yet, but go ahead and get updated, as PoC code will likely drop soon.

Crypto Down the Wormhole

One notable selling point to cryptocurrencies and Web3 are smart contracts, little computer programs running directly on the blockchain that can move funds around very quickly, without intervention. It’s quickly becoming apparent that the glaring disadvantage is these are computer programs that can move money around very quickly, without intervention. This week there was another example of smart contracts at work, when an attacker stole $326 million worth of Ethereum via the Wormhole bridge. A cryptocurrency bridge is a service that exists as linked smart contracts on two different blockchains. These contracts let you put a currency in on one side, and take it out on the other, effectively transferring currency to a different blockchain. Helping us make sense of what went wrong is [Kelvin Fichter], also known appropriately as [smartcontracts].

Alright. I figured out the Solana x Wormhole Bridge hack. ~300 million dollars worth of ETH drained out of the Wormhole Bridge on Ethereum. Here's how it happened.

— smartcontracts (@kelvinfichter) February 3, 2022

When the bridge makes a transfer, tokens are deposited in the smart contract on one blockchain, and a transfer message is produced. This message is like a digital checking account check, which you take to the other side of the bridge to cash. The other end of the bridge verifies the signature on the “check”, and if everything matches, your funds show up. The problem is that one one side of the bridge, the verification routine could be replaced by a dummy routine, by the end user, and the code didn’t catch it.

It’s a hot check scam. The attacker created a spoofed transfer message, provided a bogus verification routine, and the bridge accepted it as genuine. The majority of the money was transferred back across the bridge, where other user’s valid tokens were being held, and the attacker walked away with 90,000 of those ETH tokens. Continue reading “This Week In Security: Samba, Wormhole Crypto Heist, And A Bogus CVE” →

Retrotechtacular: Understanding The Strength Of Structural Shapes

February 3, 2022 by Ryan Flowers 13 Comments

Strength. Rigidity. Dependability. The ability to bear weight without buckling. These are all things that we look for when we build a mechanical structure. And in today’s Retrotechtacular we take a closer look at the answer to a question: “What’s in A Shape?”

As it turns out, quite a lot. In a wonderful film by the prolific Jam Handy Organization in the 1940’s, we take a scientific look at how shape affects the load bearing capacity of a beam. A single sided piece of metal, angle iron, C-channel, and boxed tubing all made of the same thickness metal are compared to see not just just how much load they can take, but also how they fail.

The concepts are then given practical application in things that we still deal with on a daily basis: Bridges, cars, aircraft, and buildings. Aircraft spars, bridge beams, car frames, and building girders all benefit from the engineering discussed in this time capsule of film.

None of the concepts in this video are suddenly out of date, because while our understanding of engineering has certainly progressed since this film was made, these basic concepts remain the same. As such, they will apply to any structural or mechanical devices that we make, be it 3d printed, CNC routed, welded, glued, vacuum formed, zip tied, duct taped, bailing wired, or hot glued.

Keep your eyes open for a wonderful sights and sounds of a rare Boeing 314 Clipper landing on water and a 1920’s Buffalo Springfield Steam Roller demonstrating how wonderful the film’s sponsor, Chevrolet, makes their automobile frames.

Continue reading “Retrotechtacular: Understanding The Strength Of Structural Shapes” →

Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)

February 3, 2022 by Jenny List 5 Comments

One of the many fascinating fields that’s covered by Hackaday’s remit lies in the world of hardware security, working with physical electronic hardware to reveal inner secrets concealed in its firmware. Colin O’Flynn is the originator of the ChipWhisperer open-source analysis and fault injection board, and he is a master of the art of glitching chips. We were lucky enough to be able to welcome him to speak at last year’s Remoticon on-line conference, and now you can watch the video of his talk below the break. If you need to learn how to break RSA encryption with something like a disposable camera flash, this is the talk for you.

This talk is an introduction to signal sniffing and fault injection techniques. It’s well-presented and not presented as some unattainable wizardry, and as his power analysis demo shows a clearly different trace on the correct first letter of a password attack the viewer is left with an understanding of what’s going on rather than hoping for inspiration in a stream of the incomprehensible. The learning potential of being in full control of both instrument and target is evident, and continues as the talk moves onto fault injection with an introduction to power supply glitching as a technique to influence code execution.