This Week In Security: John Deere, ProxyLogin Detailed, And Pneumatic Tubes

August 13, 2021 by Jonathan Bennett 14 Comments

We’ve covered the right-to-repair saga, and one of the companies that have become rather notorious is John Deere. The other side to the poorly managed interconnected mess is security issues. There’s a certain irony to how this story started: Somebody noticed that John Deere equipment didn’t have any CVEs at all. A normal person might think that this must mean their products are super secure, but a security researcher knows that something more interesting is afoot. Our old friends [Sick Codes], [John Jackson], and a host of others saw this as a sure sign that there were plenty of vulnerabilities to be found, and it seems they were correct.

Vulnerabilities included a handful of cross-site scripting attacks, an authentication bypass via request smuggling, misconfigured security, SQL injections, RCEs and more. Put together, these vulnerabilities allowed for full control of the John Deere system, including the ability to manipulate all the equipment connected to the system.

During the Defcon presentation, linked below, [Sick Codes] recalled the moment when they realized they were working on an important problem. Rather than complain about not getting paid for the vulnerabilities found, a contributor simply noted that he valued having food to eat. A coordinated attack on JD equipment could cause big problems for a bunch of farms across a country.

They ended up contacting CISA, due to a lack of serious response from the vendors. CISA took the threat seriously, and the problems starting getting fixed. This isn’t a problem limited to one company. Case had similar issues that have also been fixed, and it was implied that other vendors have similar problems that are still in the process of being addressed. Continue reading “This Week In Security: John Deere, ProxyLogin Detailed, And Pneumatic Tubes” →

Review: Mini AMG8833 Thermal Camera

August 12, 2021 by Jenny List 29 Comments

In our ceaseless quest to bring you the best from the cheaper end of the global electronics markets, there are sometimes gadgets that we keep an eye on for a while because when they appear they’re just a little bit too pricey to consider cheap.

Today’s subject is just such a device, it’s a minimalist infra-red camera using the 8 pixel by 8 pixel Panasonic AMG8833 thermal sensor. This part has been around for a while, but even though any camera using it has orders of magnitude less performance than more accomplished models it has remained a little too expensive for a casual purchase. Indeed, these mini cameras were somewhere above £50 ($70) when they first came to our attention, but have now dropped to the point at which they can be found for somewhere over £30 ($42). Thirty quid is cheap enough for a punt on a thermal camera, so off went the order to China and the expected grey parcel duly arrived.

The interface on this camera is about as simple as it gets.

It’s a little unit, 40 mm x 35 mm x 18 mm, constructed of two laser-cut pieces of black plastic held together by brass stand-offs that hold a PCB between them, and on the front is a cut-out for the sensor while on the rear is one for the 35mm OLED display.At the side on the PCB is a micro USB socket which serves only as a power supply. It’s fair to say that this is a tiny unit.

Applying power from a USB battery bank, the screen comes up with a square colour thermal picture and a colour to temperature calibration stripe to its left. The colours adapt to the range of temperatures visible to the sensor, and there is a crosshair in the centre of the picture for which the temperature in Celsius is displayed below the picture. It’s a very straightforward and intuitive interface that requires no instruction, which is handy because the device has none. Continue reading “Review: Mini AMG8833 Thermal Camera” →

Should You Be Able To Repair It? We Think So.

August 11, 2021 by Jenny List 179 Comments

You own it, you should be able to fix it. So much equipment on sale today has either been designed to be impossible to maintain, unnecessarily too complex to maintain, maintainable only with specialist tooling only available to authorised service agents, or with no repair parts availability. It’s a hot-button issue in an age when sustainability is a global concern, so legislators and regulators worldwide now finally have it in their sights after years of inaction and it’s become a buzzword. But what exactly is the right to repair, and what do we want it to be?

Is It Designed For Repair?

A Nestle Dolce Gusto machine — For some reason, pod coffee makers are especially resistant to repair. Andy1982, CC BY 3.0

The first question to consider is this: does it matter whether or not you have the right to repair something, if it’s designed specifically with lack of repairability in mind? Consider a typical domestic pod coffeemaker such as a Tassimo or similar: despite being physically quite a simple device, it is designed to be especially complex to dismantle and reassemble. You just can’t get into it when something goes wrong.

Should it be the preserve of regulators to require design for easy repair? We think so. There are other forces working on the designers of home appliances; design-for-manufacture considerations and exterior appearance concerns directly affect the firm’s bottom line, while the end users’ repair experience is often at the bottom of the list, even though the benefit at a national level is obvious. That’s what laws are for.
Continue reading “Should You Be Able To Repair It? We Think So.” →

New Contest: Halloween Hackfest

August 10, 2021 by Mike Szczys 4 Comments

It’s as if Halloween was made for hardware hackers. The world is begging us to build something cleaver as we decorate our houses and ourselves for the big day. And one thing’s for sure: the Hackaday crowd never disappoints. This year we’re fully embracing that with the Halloween Hackfest, our newest contest beginning today along with the help of our sponsors Digi-Key and Adafruit.

The animated video combined with the 3D-printed prop makes for an excellent effect.

Wait, isn’t it the beginning of August? Why are we talking about Halloween? The procrastinator’s dillema, that’s why! Start working on your build now and it will be epic by the time the day actually rolls around. Decorating for trick-or-treaters is a good place to start. For our money, projected heads are a really cool party trick, like these singing Jack-o-laterns, or these disembodied heads inspired by Disney’s Haunted Mansion. Or maybe you’re more of a flamethrower-hidden-in-pumpkin type of person?

It doesn’t take much tech to bring a good costume to life — a few LED strips make a plain old princess dress light up the night and builds some permanent memories for the lucky little one who’s wearing it. Speaking of memories, we doubt the little one will remember this mechwarrior family costume, which is why you’ve always got to make a video of these things.

Over the year’s we’ve seen claw machines for candy delivery, and even a pumpkin piano. Of course pumpkin carving is an entire category unto itself where five-axis CNC machines are fair game. Look around, get inspired, and build something!

Three top winners will receive $150 shopping sprees in Digi-Key’s parts warehouse. If your build happens to use an Adafruit board, your prize will be doubled. We’ll also be awarding some $50 Tindie gift cards to the most artistic projects.

Get started now by creating a project page on Hackaday.io. In the left sidebar of your project page, use the “Submit Project To” button to enter in the Halloween Hackfest. You have from now until October 11th to spill the ~~beans~~ pumpkin seeds on what you’ve made.

A New Flying Car Illustrates The Same Old Problems

August 9, 2021 by Lewin Day 98 Comments

For almost as long as there have been cars and planes, people have speculated that one day we will all get around in flying cars. They’d allow us to “avoid the traffic” by flying through the air instead of sitting in snarling traffic jams on the ground.

The Klein Vision AirCar hopes to be just such a panacea to our modern traffic woes, serving as a transformable flying car that can both soar through the air and drive on the ground. Let’s take a look at the prototype vehicle’s achievements, and the inherent problems with the underlying flying car concept.

It Flies and Drives

The AirCar is a somewhat futuristic looking, yet simultaneously dated, vehicle. It’s a two-seater with a big bubble canopy for the driver and a single passenger. At the rear, there’s a propeller and twin-boom tail, while the folding wings tuck along either side of the vehicle in “car” mode. At the flick of a switch, the wings fold out and lock in place, while the tail extends further out to the rear. The conversion from driving mode to flight mode takes on the order of a few minutes. The powerplant at the heart of the vehicle is a 160-horsepower BMW engine which switches between driving the wheels and the propeller as needed.

Unlike some concepts we’ve explored in the past, the AirCar has successfully demonstrated itself as a working flying car without incident. Additionally, it did so as a single vehicular package, without removable wings or other such contrivances. On June 28th, 2021, it successfully flew from an airport in Nitra, Slovakia, down to the neighbouring city of Bratislava in 35 minutes – roughly half the time it takes by car. Company founder Stefan Klein was behind the controls, casually driving the vehicle downtown after the successful landing. Continue reading “A New Flying Car Illustrates The Same Old Problems” →

Vintage Displays Hack Chat With Fran Blanche

August 9, 2021 by Dan Maloney 1 Comment

Join us on Wednesday, August 11 at noon Pacific for the Vintage Displays Hack Chat with Fran Blanche!

In terms of ease of integration and density of the information that can be shown, it’s hard to argue with the fact that modern displays like LCD panels are anything but superior to the character-based displays of yore. Throw one into a project, add a little code from a few off-the-shelf libraries to drive it, and you’re on to the next job.

Efficient, yes, but what does this approach do for the engineer’s soul? What design itch does it scratch; what aesthetic does it celebrate? Nostalgic questions, true, and not every project lends itself to exploring old display technologies. But some still do, thankfully, and when the occasion calls for it, we’re glad that there are those out there who are still actively involved in the retro display community, making sure that what was once state-of-the-art technology is still able to be added to modern projects.

There’s no doubt that Fran Blanche is one of those passing the torch of vintage displays down to the next generation. You’ll certainly know Fran from her popular Fran Lab channel on YouTube, where in addition to about a million other interests, she has explored some really cool vintage displays: the Nimo cathode-ray tube, super-bright incandescent seven-segment displays, the delightfully strange “Bina-View”, and many, many more. Fran will stop by the Hack Chat to talk about all these retro displays, what she’s learned from collecting them, and how they shaped the displays we take so much for granted these days. Oh, and perhaps we’ll also talk about her upcoming ride on “G-Force 1” as well.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, August 11 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Hackaday Links: August 8, 2021

August 8, 2021 by Kristina Panos 6 Comments

Do you have burning opinions about GitHub Copilot, the AI pair programmer that Microsoft introduced a few months ago? Are you worried about the future of free and open software? The Free Software Foundation is funding a call for white papers of 3,000 or fewer words that address either Copilot itself or the subjects of copyright, machine learning, or free software as a whole. If you need more background information first, check out [Maya Posch]’s excellent article on the subject of Copilot and our disappointing AI present. Submissions are due by 10AM EDT (14:00 UTC) on Monday, August 23rd.

There are big antique books, and then there are antiphonaries — these are huge tomes full of liturgical chants and things of that nature. When one of them needs a lot of restoration work, what do you do? You build an all-in-one housing, display case, and cart that carefully holds it up and open (YouTube). Otherwise, you have to have multiple gloved people being extra careful. Jump to about the 14-minute mark to see the device, which is mostly made from extruded aluminum.

In more modern news: you may be waiting out this chip shortage like everyone else, but does it require renting out a bunch of real estate in perpetuity? We didn’t think so. Here’s an aerial photo of a stockpile of Ford Super Duty trucks that are waiting for chips at a dead stop outside the Kentucky Speedway. Thousands of brand new trucks, exposed to the elements for who knows how long. What could go wrong?

While we’re asking questions, what’s in a name? Well, that depends. We’ve all had to think of names for everything from software variables to actual children. For something like a new exoplanet survey, you might as well make the demonym remarkable, like COol COmpanions ON Ultrawide orbiTS, or COCONUTS. Hey, it’s more memorable than calling them X-14 and -15, et cetera. And it’s not like the name isn’t meaningful and descriptive. So, readers: do you think this is the worst name ever, planetary system or otherwise? Does it shake your tree? We’re on the fence.