Hackaday Podcast 144: Jigs Jigs Jigs, Fabergé Mic, Paranomal Electronics, And A 60-Tube Nixie Clock

November 12, 2021 by Mike Szczys 2 Comments

Hackaday editors Elliot Williams and Mike Szczys get caught up on the week that was. Two builds are turning some heads this week; one uses 60 Nixie tube bar graphs to make a clock that looks like the sun’s rays, the other is a 4096 RGB LED Cube (that’s 12,288 total diodes for those counting at home) that leverages a ton of engineering to achieve perfection. Speaking of perfection, there’s a high-end microphone built on a budget but you’d never know from the look and the performance — no wonder the world is now sold out of the microphone elements used in the design. After perusing a CNC build, printer filament dryer, and cardboard pulp molds, we wrap the episode talking about electronic miniaturization, radionic analyzers, and Weird Al’s computer.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (55 MB)

Continue reading “Hackaday Podcast 144: Jigs Jigs Jigs, Fabergé Mic, Paranomal Electronics, And A 60-Tube Nixie Clock” →

This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack

November 12, 2021 by Jonathan Bennett 33 Comments

Maybe we really were better off with ASCII. Back in my day, we had space for 256 characters, didn’t even use 128 of them, and we took what we got. Unicode opened up computers to the languages of the world, but also opened an invisible backdoor. This is a similar technique to last week’s Trojan Source story. While Trojan Source used right-to-left encoding to manipulate benign-looking code, this hack from Certitude uses Unicode characters that appear to be whitespace, but are recognized as valid variable names.

const { timeout,ㅤ} = req.query;
Is actually:
const { timeout,\u3164} = req.query;

The extra comma might give you a clue that something is up, but unless you’re very familiar with a language, you might dismiss it as a syntax quirk and move on. Using the same trick again allows the hidden malicious code to be included on a list of commands to run, making a hard-to-spot backdoor.

The second trick is to use “confusable” characters like ǃ, U+01C3. It looks like a normal exclamation mark, so you wouldn’t bat an eye at if(environmentǃ=ENV_PROD){, but in this case, environmentǃ is a new variable. Anything in this development-only block of code is actually always enabled — imagine the chaos that could cause.

Neither of these are ground-breaking vulnerabilities, but they are definitely techniques to be wary of. The authors suggest that a project could mitigate these Unicode techniques by simply restricting their source code to containing only ASCII characters. It’s not a good solution, but it’s a solution. Continue reading “This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack” →

NFC Performance: It’s All In The Antenna

November 10, 2021 by Jenny List 15 Comments

NFC tags are a frequent target for experimentation, whether simply by using an app on a mobile phone to interrogate or write to tags, by incorporating them in projects by means of an off-the-shelf module, or by designing a project using them from scratch. Yet they’re not always easy to get right, and can often give disappointing results. This article will attempt to demystify what is probably the most likely avenue for an NFC project to have poor performance, the pickup coil antenna in the reader itself.

The tags contain chips that are energised through the RF field that provides enough power for them to start up, at which point they can communicate with a host computer for whatever their purpose is.

“NFC” stands for “Near Field Communication”, in which data can be exchanged between physically proximate devices without their being physically connected. Both reader and tag achieve this through an antenna, which takes the form of a flat coil and a capacitor that together make a resonant tuned circuit. The reader sends out pulses of RF which is maintained once an answer is received from a card, and thus communication can be established until the card is out of the reader’s range. Continue reading “NFC Performance: It’s All In The Antenna” →

Teardown: Analog Radionic Analyzer

November 9, 2021 by Tom Nardi 67 Comments

Have you ever looked up a recipe online, and before you got to the ingredients, you had to scroll through somebody’s meandering life story? You just want to know how many cans of tomato paste to buy, but instead you’re reading about cozy winter nights at grandma’s house? Well, that’s where you are right now, friend. Except instead of wanting to know what goes in a lasagna, you just want to see the inside of some weirdo alternative medicine gadget. I get it, and wouldn’t blame you for skipping ahead, but I would be remiss to start this month’s teardown without a bit of explanation as to how it came into my possession.

So if you’ll indulge me for a moment, I’ll tell you a story about an exceptionally generous patron, and the incredible wealth of sham medical hokum that they have bestowed upon the Hackaday community…

Continue reading “Teardown: Analog Radionic Analyzer” →

Linux Fu: Automatic Header File Generation

November 8, 2021 by Al Williams 22 Comments

I’ve tried a lot of the “newer” languages and, somehow, I’m always happiest when I go back to C++ or even C. However, there is one thing that gets a little on my nerves when I go back: the need to have header files with a declaration and then a separate file with almost the same information duplicated. I constantly make a change and forget to update the header, and many other languages take care of that for you. So I went looking for a way to automate things. Sure, some IDEs will automatically insert declarations but I’ve never been very happy with those for a variety of reasons. I wanted something lightweight that I could use in lots of different toolsets.

I found an older tool, however, that does a pretty good job, although there are a few limitations. The tool seems to be a little obscure, so I thought I’d show you what makeheaders — part of the Fossil software configuration management system. The program dates back to 1993 when [Dwayne Richard Hipp] — the same guy that wrote SQLite — created it for his own use. It isn’t very complex — the whole thing lives in one fairly large C source file but it can scan a directory and create header files for everything. In some cases, you won’t need to make big changes to your source code, but if you are willing, there are several things you can do.

Continue reading “Linux Fu: Automatic Header File Generation” →

Heavy-Copper PCB Hack Chat

November 8, 2021 by Dan Maloney 23 Comments

Join us on Wednesday, November 10 at noon Pacific for the Heavy Copper PCBs Hack Chat with Mark Hughes and Greg Ziraldo!

For as useful as printed circuit boards are, they do seem a little flimsy at times. With nothing but a thin layer — or six — of metal on the board, and ultra-fine traces that have to fit between a dense forest of pads and vias, the current carrying capacity of the copper on most PCBs is somewhat limited. That’s OK in most cases, especially where logic-level and small-signal currents are concerned. But what happens when you really need to turn up the juice on a PCB?

Enter the world of heavy-copper PCBs, where the copper is sometimes as thick as the board substrate itself. Traces that are as physically chunky as these come with all sorts of challenges, from thermal and electrical considerations to potential manufacturing problems. To help us sort through all these issues, Mark and Greg will stop by the Hack Chat. They both work at quick-turn PCB assembly company Advanced Assembly, Mark as Research Director and Greg as Senior Director of Operations. They know the ins and outs of heavy-copper PCB designs, and they’ll share the wealth with us.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, November 10 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Hackaday Links: November 7, 2021

November 7, 2021 by Dan Maloney 3 Comments

More trouble for Hubble this week as the space observatory’s scientific instruments package entered safe mode again. The problems started back on October 25, when the Scientific Instrument Command and Data Handling Unit, or SI C&DH, detect a lack of synchronization messages from the scientific instruments — basically, the cameras and spectrometers that sit at the focus of the telescope. The issue appears to be different from the “payload computer glitch” that was so widely reported back in the summer, but does seem to involve hardware on the SI C&DH. Mission controller took an interesting approach to diagnosing the problem: the dusted off the NICMOS, or Near Infrared Camera and Multi-Object Spectrometer, an instrument that hasn’t been used since 1998. Putting NICMOS back into the loop allowed them to test for loss of synchronization messages without risking the other active instruments. In true hacker fashion, it looks like the fix will be to change the software to deal with the loss of sync messages. We’ll keep you posted.

What happened to the good old days, when truck hijackings were for things like cigarettes and booze? Now it’s graphics cards, at least according to a forum post that announced the theft of a shipment of EVGA GeForce RTX 30-series graphics cards from a delivery truck. The truck was moving the cards from San Francisco to the company’s southern California distribution center. No word as to the modus operandi of the thieves, so it’s not clear if the whole truck was stolen or if the cards “fell off the back.” Either way, EVGA took pains to note that receiving stolen goods is a crime under California law, and that warranties for the stolen cards will not be honored. Given the purpose these cards will likely be used for, we doubt that either of these facts matters much to the thieves.

Remember “Jet Pack Man”? We sure do, from a series of reports by pilots approaching Los Angeles International airport stretching back into 2020 and popping up occasionally. The reports were all similar — an object approximately the size and shape of a human, floating aloft near LAX. Sightings persisted, investigations were launched, but nobody appeared to know where Jet Pack Man came from or what he was flying. But now it appears that the Los Angeles Police may have identified the culprit: one Jack Skellington, whose street name is the Pumpkin King. Or at least a helium balloon version of the gangly creature, which is sure what an LAPD helicopter seems to have captured on video. But color us skeptical here; after all, they spotted the Halloween-themed balloon around the holiday, and it’s pretty easy to imagine that the hapless hero of Halloween Town floated away from someone’s front porch. More to the point, video that was captured at the end of 2020 doesn’t look anything like a Skellington balloon. So much for “case closed.”

Speaking of balloons, here’s perhaps a more productive use for them — lifting a solar observatory up above most of the atmosphere. The Sunrise Solar Observatory is designed to be lifted to about 37 km by a balloon, far enough above the Earth’s ozone layer to allow detailed observation of the Sun’s corona and lower atmosphere down into the UV range of the spectrum. Sunrise has already flown two successful missions in 2009 and 2013 which have netted over 100 scientific papers. The telescope has a one-meter aperture and automatic alignment and stabilization systems to keep it pointed the right way. Sunrise III is scheduled to launch in June 2022, and aims to study the flow of material in the solar atmosphere with an eye to understanding the nature of the Sun’s magnetic field.

And finally, what a difference a few feet can make. Some future Starlink customers are fuming after updating the location on their request for service, only to find the estimated delivery date pushed back a couple of years. Signing up for Starlink satellite service entails dropping a pin on a map to indicate your intended service location, but when Starlink put a new, more precise mapping app on the site, some eager pre-order customers updated their location to more accurately reflect where the dish will be installed. It’s not clear if the actual location of the dish is causing the change in the delivery date, or if just the act of updating an order places you at the bottom of the queue. But the lesson here may be that with geolocation, close enough is close enough.