Hackaday Podcast 138: Breakin’ Bluetooth, Doritos Rockets, Wireless Robots, And Autonomous Trolling

October 1, 2021 by Mike Szczys 6 Comments

Hackaday editors Elliot Williams and Mike Szczys peruse the great hardware hacks of the past week. There’s a robot walker platform that wirelessly offloads motor control planning to a computer. We take a look at automating your fishing boat with a trolling motor upgrade, building the Hoover dam in your back yard, and playing Holst’s Planets on an army of Arduini. Make sure you stick around until the end as we stroll through distant memories of Gopher, and peek inside the parking garages of the sea.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 138: Breakin’ Bluetooth, Doritos Rockets, Wireless Robots, And Autonomous Trolling” →

This Week In Security: OpenOffice Vulnerable, IOS Vulnerable, Outlook… You Get The Idea

October 1, 2021 by Jonathan Bennett 13 Comments

We start this week with a good write-up by [Eugene Lim] on getting started on vulnerability hunting, and news of a problem in OpenOffice’s handling of DBase files. [Lim] decided to concentrate on a file format, and picked the venerable dbase format, .dbf. This database format was eventually used all over the place, and is still supported in Microsoft Office, Libreoffice, and OpenOffice. He put together a fuzzing approach using Peach Fuzzer, and found a handful of possible vulnerabilities in the file format, by testing a very simple file viewer that supported the format. He managed to achieve code execution in dbfview, but that wasn’t enough.

Armed with a vulnerability in one application, [Lim] turned his attention to OpenOffice. He knew exactly what he was looking for, and found vulnerable code right away. A buffer is allocated based on the specified data type, but data is copied into this buffer with a different length, also specified in the dbase file. Simple buffer overflow. Turning this into an actual RCE exploit took a bit of doing, but is possible. The disclosure didn’t include a full PoC, but will likely be reverse engineered shortly.

Normally we’d wrap by telling you to go get the update, but OpenOffice doesn’t have a stable release with this fix in it. There is a release candidate that does contain the fix, but every stable install of OpenOffice in the world is currently vulnerable to this RCE. The vulnerability report was sent way back on May 4th, over 90 days before full disclosure. And what about LibreOffice, the fork of OpenOffice? Surely it is also vulnerable? Nope. LibreOffice fixed this in routine code maintenance back in 2014. The truth of the matter is that when the two projects forked, the programmers who really understood the codebase went to LibreOffice, and OpenOffice has had a severe programmer shortage ever since. I’ve said it before: Use LibreOffice, OpenOffice is known to be unsafe. Continue reading “This Week In Security: OpenOffice Vulnerable, IOS Vulnerable, Outlook… You Get The Idea” →

NASA Sets Eyes On Deep Space With Admin Shuffle

September 30, 2021 by Tom Nardi 17 Comments

Since the Apollo 17 crew returned from the Moon in 1972, human spaceflight has been limited to low Earth orbit (LEO). Whether they were aboard Skylab, Mir, the Space Shuttle, a Soyuz capsule, or the International Space Station, no crew has traveled more than 600 kilometers (372 miles) or so from the Earth’s surface in nearly 50 years. Representatives of the world’s space organizations would say they have been using Earth orbit as a testing ground for the technology that will be needed for more distant missions, but those critical of our seemingly stagnated progress into the solar system would say we’ve simply been stuck.

Many have argued that the International Space Station has consumed an inordinate amount of NASA’s time and budget, making it all but impossible for the agency to formulate concrete plans for crewed missions beyond Earth orbit. The Orion and SLS programs are years behind schedule, and the flagship deep space excursions that would have utilized them, such as the much-touted Asteroid Redirect Mission, never materialized. The cracks are even starting to form in the Artemis program, which appears increasingly unlikely to meet its original goal of returning astronauts to the Moon’s surface by 2024.

But with the recent announcement that NASA will be splitting the current Human Exploration and Operations Mission Directorate into two distinct groups, the agency may finally have the administrative capacity it needs to juggle their existing LEO interests and deep space aspirations. With construction of the ISS essentially complete, and the commercial spaceflight market finally coming together, the reorganization will allow NASA to start shifting the focus of their efforts to more distant frontiers such as the Moon and Mars.

Continue reading “NASA Sets Eyes On Deep Space With Admin Shuffle” →

Teardown: Sling Adapter

September 29, 2021 by Tom Nardi 27 Comments

The consumer electronics space is always in a state of flux, but perhaps nowhere is this more evident than with entertainment equipment. In the span of just a few decades we went from grainy VHS tapes on 24″ CRTs to 4K Blu-rays on 70″ LED panels, only to end up spending most of our viewing time watching streaming content on our smartphones. There’s no sign of things slowing down, either. In fact they’re arguably speeding up. Sure that 4K TV you bought a couple years back might have HDR, but does it have HDMI 2.1 and Dolby Vision?

So it’s little surprise that eBay is littered with outdated A/V gadgets that can be had for a pennies on the dollar. Take for example the SB700-100 Sling Adapter we’re looking at today. This device retailed for $99 when it was released in 2010, and enabled Dish Network users to stream content saved on their DVR to a smartphone or tablet. Being able to watch full TV shows and movies on a mobile device over the Internet was a neat trick back then, before Netflix had even started rolling out their Android application. But today it’s about as useful as an HD-DVD drive, which is why you can pick one up for as little as $5.

Of course, that’s only a deal if you can actually do something with the device. Contemporary reviews seemed pretty cagey about how the thing actually worked, explaining simply that plugging it into your Dish DVR imbued the set-top box with hitherto unheard of capabilities. They assured the reader that the performance was excellent, and that it would be $99 well spent should they decide to dive headfirst into this brave new world where your favorite TV shows and movies could finally be enjoyed in the bathroom.

Now, more than a decade after its release, we’ll crack open the SB700-100 Sling Adapter and see if we can’t figure out how this unusual piece of tech actually worked. Its days of slinging the latest episode of The Office may be over, but maybe this old dog can still learn a few new tricks.

Continue reading “Teardown: Sling Adapter” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One Where Shift Happens

September 28, 2021 by Kristina Panos 24 Comments

It’s been an exciting few weeks for me personally on the clacking front. I got a couple of new-to-me keyboards including my first one with ALPS switches, an old TI/99A keyboard with Futaba MD switches, and a couple of what are supposed to be the original Cherry switches (oh man they clack so nicely!) But enough about my keyboard-related fortuitousness, and on to the hacks and clacks!

Putting My Pedals to the Metal

I picked up this Kinesis Savant Elite triple foot pedal from Goodwill. It works fine, but I don’t like the way it’s programmed — left arrow, right arrow, and right mouse click. I found the manual and the driver on the Kinesis website easily enough, but I soon learned that you need a 32-bit computer to program it. Period. See, Kinesis never wrote an updated driver for the original Savant Elite pedal, they just came out with a new one and people had to fork over another $200 or figure something else out.

I’m fresh out of 32-bit computers, so I tried running the program in XP-compatibility mode like the manual says, but it just doesn’t work. Oh, and the manual says you can brick it if you don’t do things correctly, so that’s pretty weird and scary. It was about this time that I started to realize how easy it would be to open it up and just replace the controller with something much more modern. Once I got inside, I saw that all three switches use JST plugs and right angle header. Then I though hey, why not just re-use this set-up? I might have to make a new board, but it how awesome would it be to plug these pedals’ JSTs into my own board?

Continue reading “Keebin’ With Kristina: The One Where Shift Happens” →

Hurricane Hunting From Outer Space

September 27, 2021 by Al Williams 8 Comments

If you live in the right part of the world, you spend a lot of the year worried about hurricanes or — technically — tropical cyclones. These storms carry an amazing amount of power and can change your life. However, we are relatively spoiled these days compared to the past. It is hard to imagine, but there was a time when a hurricane’s arrival was something of a mystery. Sure, ships would report what they encountered, but finding exact data about a hurricane was a bit hit or miss. We often talk about space technology making life better. Weather forecasting — especially for tropical storms — is one place where money spent in space has made life much better on Earth.

The lack of data about storms can be fatal. The Great Galveston hurricane of 1900 took around 12,000 lives. It might have had a better outcome, but forecasters missed where the storm was heading, announcing that it would go from Cuba to Florida which was just totally wrong. Not that a forecaster couldn’t make a mistake today, but with aircraft and satellite coverage, you’d know very quickly that the prediction was wrong and you’d sound the alarm. In truth, the prediction models have become very good over the years, so the chances of this happening today are virtually nil in any event. But being able to precisely locate and track storms helps reduce the impact of the storm and also feeds data into the models that makes them even more accurate for the future.

Continue reading “Hurricane Hunting From Outer Space” →

Robot Dogs Hack Chat

September 27, 2021 by Dan Maloney 6 Comments

Join us on Wednesday, September 29 at noon Pacific for the Robot Dogs Hack Chat with Afreez Gan!

Thanks to the efforts of a couple of large companies, many devoted hobbyists, and some dystopian science fiction, robot dogs have firmly entered the zeitgeist of our “living in the future” world. The quadrupedal platform, with its agility and low center of gravity, is perfect for navigating in the real world, where the terrain is rarely even and unexpected obstacles are to be expected.

The robot dog has been successful enough that there are commercially available — if prohibitively priced — dogs on the market, doing everything from inspecting factory processes and off-shore oil platforms to dancing for their dinner. All the publicity around robot dogs has fueled a crush of DIY and open-source versions, so that hobbyists can take advantage of what the platform has to offer. And as a result, the design of these dogs has converged somewhat, with elements that provide a common design language for these electromechanical pets.

Afreez Gan has been exploring the robot dog space for a while now, and his MiniPupper is generating some interest. He’ll stop by the Hack Chat to talk about MiniPupper specifically and the quadruped platform in general. We’ll talk about what it takes to build your own robot dog, what you can do with one once you’ve built it, and how these bots can play a part in STEM education. Along the way, we’ll touch on ROS, lidar, machine vision with OpenCV, and pretty much anything involved in the care and feeding of your newest electronic pal.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, September 29 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.