This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
This week we’re starting off with a somber note, as Dan Kaminsky passed at only 42, of diabetic ketoacidosis. Dan made a name for himself by noticing a weakness in DNS response verification that could allow attackers to poison a target DNS resolver’s cache. A theoretical attack was known, where spoofed DNS responses could collide with requests, but Time-To-Live values meant that DNS requests only go out once per eight hours or so. The breakthrough was realizing that the TTL limitation could be bypassed by requesting bogus subdomains, and aiming the spoofed responses at those requests. This simple technique transformed a theoretical attack that would take 87 years to a very real 10 second attack. Check out the period video after the break, where Dan talked about his efforts in getting the problem fixed. Continue reading “This Week In Security: Dan Kaminsky, Banned From Kernel Development, Ransomware, And The Pentagon’s IPv4 Addresses”→
I’ve been playing with a few MicroPython projects recently on several different embedded platforms, including a couple of ESP32 WiFi modules. There are various ways to program these modules:
Use a serial terminal and ampy (maintained by [devxpy] since being dropped by Adafruit in 2018).
If you use Pycom boards or WiFy firmware, there are the pymakr plugins for Atom and Visual Studio.
If you prefer the command-line like me, there is rshell by one of the top MicroPython contributors [Dave Hylands].
For over a year, I have been quite happy with rshell until I started working on these wireless nodes. Being lazy, I want to tinker with my ESP32 modules from the sofa, not drag my laptop into the kitchen or balcony to plug up a USB cable. Can’t I work with them wirelessly?
Well, you can use WebREPL. While its functional, it just didn’t strike my fancy for some reason. [Elliot] mentioned in a recent podcast that he’s using telnet to access his wireless nodes, but he’s using esp-link on an ESP8266, which means throwing another chip into the mix.
The Thonny IDE
I had all but given up when by chance I saw this video on the Dronebot Workshop channel about running MicroPython on the new Raspberry Pi Pico boards. Bill was using Thonny, a Python IDE that is popular in the education community. Thonny was introduced in 2015 by Aivar Annamaa of the University of Tartu in Estonia. Thonny was designed to address common issues observed during six years of teaching Python programming classes to beginners. If you read about the project and its development, you’ll see that he’s put a lot of effort into making Thonny, and it shows.
Leaning about Thonny got me curious, and after a little digging I discovered that it has WebREPL support for MicroPython right out-of-the-box. Although this is a new feature and classified as experimental, I found it reasonably stable to use and more than adequate for home lab use. Continue reading “Wireless MicroPython Programming With Thonny”→
When computers were the sort of thing you ordered from a catalog and soldered together in your garage, swap meets were an invaluable way of exchanging not just hardware and software, but information. As computers became more mainstream and readily available, the social aspect of these events started to take center stage. Once online retail started really picking up steam, it was clear the age of the so-called “computer show” was coming to a close. Why wait months to sell your old hardware at the next swap when you could put it on eBay from the comfort of your own home?
Of course, like-minded computer users never stopped getting together to exchange ideas. They just called these meets something different. By the 2000s, the vestigial remnants of old school computer swap meets could be found in the vendor rooms of hacker cons. The Vintage Computer Festival (VCF) maintained a small consignment area where attendees could unload their surplus gear, but it wasn’t the real draw of the event. Attendees came for the workshops, the talks, and the chance to hang out with people who were passionate about the same things they were.
Consignment goods at VCF East XIII in 2018.
Then came COVID-19. For more than a year we’ve been forced to cancel major events, suspend local meetups, and in general, avoid one another. Some of the conventions were revamped and presented virtually, and a few of them actually ended up providing a unique and enjoyable experience, but it still wasn’t the same. If you could really capture the heart and soul of these events with a video stream and a chat room, we would’ve done it already.
But this past weekend, the folks behind VCF East tried something a little different. As indoor gatherings are still strongly discouraged by New Jersey’s stringent COVID restrictions, they decided to hold a computer swap meet in the large parking lot adjacent to the InfoAge Science and History Museum. There were no formal talks or presentations, but you could at least get within speaking distance of like-minded folks again in an environment were everyone felt comfortable.
We’re blessed to have such a great community at Hackaday. Our tipline often overfloweth with all manner of projects and builds of all stripes. We see it all here, from beginners just starting out with their first Arduino to diehard hackers executing daringly complex builds in their downtime, and everything in between.
If you’re sitting there in the grandstands, watching in awe, you might wonder what it takes to grace these hallowed black pages. In life, nothing is guaranteed, but I’ve been specially authorised to share with you a few tips that can maximise your chances of seeing your project on Hackaday.
In the movies, everything is modular. Some big gun fell off the spaceship when it crashed? Good thing you can just pick it up and fire it as-is (looking at you, Guardians of the Galaxy 2). Hyperdrive dead? No problem, because in the Star Wars universe you can just drop a new one in and be on your way.
Of course, things just aren’t that simple in the real world. Most systems, be they spaceships or cell phones, are enormously complicated and contain hundreds or thousands of interconnected parts. If the camera in my Samsung phone breaks, I can’t exactly steal the one from my girlfriend’s iPhone. They’re simply not interchangeable because the systems were designed differently. Even if we had the same phone and the cameras were interchangeable, they wouldn’t be easy to swap. We’d have to crack open the phones and carefully perform the switch. Speaking of switches, the Nintendo Switch is a good counterexample here. Joycon break? Just buy a new one and pop it on.
What if more products were like the Nintendo Switch? Is its modularity just the tip of the iceberg?
Over the past few years a new class of soldering iron has arisen: a temperature controlled iron no longer tied to a bulky mains-powered base station, but using low-voltage DC power and with all electronics concealed in a svelte handle. First came the Miniware TS100, and then many more, with slightly different feature sets and at varying price points. We’ve reviewed a few of them over the years, and today we have the most recent contender in the Sequre SQ-D60. It follows the formula closely, but costs only £20 (about $26). This price puts it in an attractive budget category, and its USB-C power option makes it forward-looking over models with barrel jacks. Description over, it’s time to plug it in and put it through its paces.
What’s In The Box?
That’s a lot of extra bits for a budget iron!
In the box, aside from the handle containing the electronics, were a surprisingly comprehensive array of parts and accessories. The handle itself is similarly-sized to its competitors, being only slightly longer than that of Pine64’s Pinecil. The tip supplied was unexpectedly a slanted chisel, so I may have managed to order incorrectly, though since it shares the same tip design as both the TS100 and the Pinecil I have plenty of alternative tips should I need one. Otherwise there was a little bag of hex screws along with a key and a driver for them, a little stand with a sponge, a set of Sequre stickers, a USB-C to barrel jack cable, and a barrel jack-to-XT60 connector for use with LiPo battery packs. These last two cables are a particularly useful addition.
At first sight the tip doesn’t seem to have any means of being fixed into its socket, but a closer inspection reveals that there is a hex screw hiding underneath a silicone finger sleeve that holds it securely when tightened. The handle has a simple enough interface, with just two buttons and a 3-digit, 7-segment display. Powering it up from a 45 W USB-PD power supply, and it heats up to 300 °C in around ten seconds after pressing one of the buttons. My usual soldering temperature is 360 °C, and it has an interface involving long presses of one of the buttons before they become up and down buttons to select the temperature. In prolonged use the handle doesn’t become noticeably warm, and aside from a slight new-electronics-getting-hot smell there was no immediate concern that it might release magic smoke. Continue reading “Review: Sequre SQ-D60 Temperature Controlled Soldering Iron”→
These days, embedded systems often have networks and that can make them significantly more complex. Networks are usually pretty nondeterministic and there are a variety of oddball conditions. For example, when your public-access pick and place machine gets written up on Hackaday and you suddenly get a 50X surge in traffic, how does your network stack handle it? While there’s no silver bullet for network testing, there are some tricks that can make it easier and one of those is the tcpreplay utilities that allow you to record complex network traffic and then play it back in a variety of ways. This has many benefits, especially if you manage to capture that one thing that triggers bad behavior sporadically. Being able to play it back on demand can speed up diagnostics considerably.
General Idea
You probably know that tcpdump allows you to grab packet captures from a network interface and save them to a file. If you prefer a GUI, you probably use Wireshark, which uses the same underlying library (libpcap) to grab the data. In fact, you can capture data using tcpdump and look at it with Wireshark, although there are other tools like tcptrace or Ngrep that can work with the output, also.
While the output of the command can be a little cryptic without tool support, a program called tcpreplay can take that data and feed it back in a variety of ways. Of course, you can modify the file first — there are tools to make that easier and — if you need to — you can craft your own network traffic by hand or using one of a variety of tools. This process is often called “packet crafting.”
