Hackaday Links: October 10, 2021

October 10, 2021 by Dan Maloney 14 Comments

We have to admit, it was hard not to be insufferably smug this week when Facebook temporarily went dark around the globe. Sick of being stalked by crazy aunts and cousins, I opted out of that little slice of cyber-hell at least a decade ago, so Monday’s outage was no skin off my teeth. But it was nice to see that the world didn’t stop turning. More interesting are the technical postmortems on the outage, particularly this great analysis by the good folks at the University of Nottingham. Dr. Steve Bagley does a great job explaining how Facebook likely pushed a configuration change to the Border Gateway Protocol (BGP) that propagated through the Internet and eventually erased all routes to Facebook’s servers from the DNS system. He also uses a graphical map of routes to show peer-to-peer connections to Facebook dropping one at a time, until their machines were totally isolated. He also offers speculation on why Facebook engineers were denied internal access, sometimes physically, to their own systems.

It may be a couple of decades overdue, but the US Federal Communications Commission finally decided to allow FM voice transmissions on Citizen’s Band radios. It seems odd to be messing around with a radio service whose heyday was in the 1970s, but Cobra, the CB radio manufacturer, petitioned for a rule change to allow frequency modulation in addition to the standard amplitude modulation that’s currently mandatory. It’s hard to say how this will improve the CB user experience, which last time we checked is a horrifying mix of shouting, screaming voices often with a weird echo effect, all put through powerful — and illegal — linear amps that distort the signal beyond intelligibility. We can’t see how a little less static is going to improve that.

Can you steal a car with a Game Boy? Probably not, but car thieves in the UK are using some sort of device hidden in a Game Boy case to boost expensive cars. A group of three men in Yorkshire used the device, which supposedly cost £20,000 ($27,000), to wirelessly defeat the security systems on cars in seconds. They stole cars for garages and driveways to the tune of £180,000 — not a bad return on their investment. It’s not clear how the device works, but we’d love to find out — for science, of course.

There have been tons of stories lately about all the things AI is good for, and all the magical promises it will deliver on given enough time. And it may well, but we’re still early enough in the AI hype curve to take everything we see with a grain of salt. However, one area that bears watching is the ability of AI to help fill in the gaps left when an artist is struck down before completing their work. And perhaps no artist left so much on the table as Ludwig von Beethoven, with his famous unfinished 10th Symphony. When the German composer died, he had left only a few notes on what he wanted to do with the four-movement symphony. But those notes, along with a rich body of other works and deep knowledge of the composer’s creative process, have allowed a team of musicologists and AI experts to complete the 10th Symphony. The article contains a lot of technical detail, both on the musical and the informatics sides. How will it sound? Here’s a preview:

And finally, Captain Kirk is finally getting to space. William Shatner, who played captain — and later admiral — James Tiberius Kirk from the 1960s to the 1990s, will head to space aboard Blue Origin’s New Shepard rocket on Tuesday. At 90 years old, Shatner will edge out Wally Funk, who recently set the record after her Blue Origin flight at the age of 82. It’s interesting that Shatner agreed to go, since he is said to have previously refused the offer of a ride upstairs with Virgin Galactic. Whatever the reason for the change of heart, here’s hoping the flight goes well.

Hackers And China

October 9, 2021 by Elliot Williams 26 Comments

The open source world and Chinese manufacturing have a long relationship. Some fifteen years ago, the big topic was how companies could open-source their hardware designs and not get driven bankrupt by competition from overseas. Companies like Sparkfun, Adafruit, Arduino, Maple Labs, Pololu, and many more demonstrated that this wasn’t impossible after all.

Maybe ten years ago, Chinese firms started picking up interesting hacker projects and producing them. This gave us hits like the AVR transistor tester and the NanoVNA. In the last few years, we’ve seen open-source hardware and software projects that have deliberately targeted Chinese manufacturers, and won. We do the design and coding, they do the manufacturing, sales, and distribution.

But this is something else: the Bangle.js watch takes an essentially mediocre Chinese smartwatch and reflashes the firmware, and sells them as open-source smartwatches to the general public. These pre-hacked watches are being sold on Kickstarter, and although the works stands on the shoulders of previous hacker’s reverse engineering work on the non-open watch hardware, it’s being sold by the prime mover behind the Espruino JavaScript-on-embedded language, which it runs on.

We have a cheap commodity smartwatch, being sold with frankly mediocre firmware, taken over by hackers, re-flashed, re-branded, and sold by the hackers on Kickstarter. As a result of it being (forcibly) opened, there’s a decently sized app store of contributed open-source applications that’ll run on the platform, making it significantly more useful and hacker friendly than it was before.

Will this boost sales? Will China notice the hackers’ work? Will this, and similar projects, end up in yet another new hacker/China relationship? We’re watching.

Hackaday Podcast 139: Furter Burner, Glowing Potato Peeler, Hacked Smartwatch, And The Last Atlas

October 8, 2021 by Tom Nardi No comments

Hackaday editors Tom Nardi and Elliot Williams bring you up to speed on the most interesting stories of the week. Hackaday’s Remoticon and Germany’s Chaos Communication Congress are virtual again this year, but the Vintage Computer Festival will be live. We’ll also talk about ocean-going drones, the recreation of an old-school light bulb with a potato peeler, cheap smart watches with hidden potential, and sanding down shady modules to figure out just how you’ve been scammed. Stick around for some thoughts on turning real-estate signs into a handy prototyping material, and to find out why some very impressive Soviet tech is getting the boot from America’s space program.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (52.775158 MB)

Continue reading “Hackaday Podcast 139: Furter Burner, Glowing Potato Peeler, Hacked Smartwatch, And The Last Atlas” →

This Week In Security: Apache Nightmare, REvil Arrests? And The Ultimate RickRoll

October 8, 2021 by Jonathan Bennett 14 Comments

The Apache HTTP Server version 2.4.49 has a blistering vulnerability, and it’s already being leveraged in attacks. CVE-2021-41773 is a simple path traversal flaw, where the %2e encoding is used to bypass filtering. Thankfully the bug was introduced in 2.4.49, the latest release, and a hotfix has already been released, 2.4.50.

curl --data "echo;id" 'http://127.0.0.1:80/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'

If that returns anything other than a 403 error, your server may be vulnerable. It’s worth pointing out that Apache is shipped with a configuration block that mitigates this vulnerability.

# Deny access to the entirety of your server's filesystem. You must # explicitly permit access to web content directories in other # blocks below. # <Directory /> AllowOverride none Require all denied </Directory>

The Day The Internet Stood Still

You might have noticed a bit of a kerfluffel on the Internet on Monday. Facebook dropped out for nearly six hours. While the break was nice for some, it was a major problem for others. What exactly happened? The most apparent cause was that the Facebook.com domain was returning nxdomain to DNS lookups. This led to some fun tweets, with screen caps showing Facebook.com for sale.
Continue reading “This Week In Security: Apache Nightmare, REvil Arrests? And The Ultimate RickRoll” →

Retrotechtacular: 3D-Printed Buildings, 1930s Style

October 6, 2021 by Dan Maloney 35 Comments

Here we are in the future, thinking we’re so fancy and cutting edge with mega-scale 3D printers that can extrude complete, ready-to-occupy buildings, only to find out that some clever inventor came up with essentially the same idea back in the 1930s.

The inventor in question, one [William E. Urschel] of Valparaiso, Indiana, really seemed to be onto something with his “Machine for Building Walls,” as his 1941 patent describes the idea. The first video below gives a good overview of the contraption, which consists of an “extruder” mounted on the end of a counterweighted boom, the length of which determines the radius of the circular structure produced. The boom swivels on a central mast, and is cranked up manually for each course extruded. The business end has a small hopper for what appears to be an exceptionally dry concrete or mortar mix. The hopper has a bunch of cam-driven spades that drive down into the material to push it out of the hopper; the mix is constrained between two rotating disks that trowel the sides smooth and drive the extruder forward.

The device has a ravenous appetite for material, as witnessed by the hustle the workers show keeping the machine fed. Window and door openings are handled with a little manual work, and the openings are topped with lintels to support the concrete. Clever tools are used to cut pockets for roof rafters, and the finished structure, complete with faux crenellations and a coat of stucco, looks pretty decent.

Continue reading “Retrotechtacular: 3D-Printed Buildings, 1930s Style” →

3D Printering: Corrugated Plastic For Cheaper & Easier Enclosures

October 6, 2021 by Donald Papp 37 Comments

Clear acrylic panels have long been a mainstay of 3D printer enclosure designs, but they can also add significant cost in terms of money, shipping, weight, and hassle. An alternative material worth looking at is corrugated plastic (also known by its trade name coroplast) which is cheap, light, an excellent insulator, and easy to work with. Many enclosure designs can be refitted to use it instead of acrylic, so let’s take a closer look at what it has to offer.

What’s Wrong With Acrylic?

It’s not just the purchase price that makes acrylic a spendy option. Acrylic is fairly heavy, and shipping pieces the size of enclosure panels can be expensive. Also, cutting acrylic without special tools can be a challenge because it cracks easily if mishandled. Acrylic cuts beautifully in a laser cutter, but most laser cutters accessible to a hobbyist are not big enough to make enclosure-sized panels. If you are stuck with needing to cut acrylic by hand, here are some tips on how to get by with the tools you have.

It is best to source acrylic from a local shop that can also cut it to size with the right tools for a reasonable price, but it is still far from being a cheap material. There’s another option: corrugated plastic has quite a few properties that make it worth considering, especially for a hobbyist.

Continue reading “3D Printering: Corrugated Plastic For Cheaper & Easier Enclosures” →

Yes, You Can Put Out A Burning Gas Well With A Nuclear Bomb

October 5, 2021 by Lewin Day 30 Comments

Nuclear explosives were first developed as weapons of war in the pitched environment of World War II. However, after the war had passed, thoughts turned to alternative uses for this new powerful technology. Scientists and engineers alike dreamed up wild schemes to dig new canals or blast humans into space with the mighty power of the atom.

Few of these ever came to pass, with radiological concerns being the most common reason why. However, the Soviet Union did in fact manage to put nuclear explosions to good use for civilian ends. One of the first examples was using a nuke to plug an out-of-control gas well in the mid 1960s.

Continue reading “Yes, You Can Put Out A Burning Gas Well With A Nuclear Bomb” →