2021 Hackaday Prize Hack Chat; Join Us Live On Wednesday

May 18, 2021 by Dan Maloney 1 Comment

Join us on Wednesday, May 19 at noon Pacific for the 2021 Hackaday Prize Hack Chat with Majenta Strongheart!

At this point last year, we probably all felt like we’d been put through a wringer, and that things would get back to normal any day now. Little did we know how much more was in store for us, and how many more challenges would be heaped on our plates. Everything that we thought would be temporary seems to be more or less permanent now, and we’ve all had to adapt to the new facts of life as best we can.

But we’re hackers, and adapting to new situations more often than not means making the world fit our vision. And that’s why the 2021 Hackaday Prize has adopted the theme of “Rethink, Refresh, Rebuild.” We want you to rethink and refresh familiar concepts across the hardware universe, and create the kind of innovation this community is famous for.

The 2021 Hackaday Prize will have it all. As in previous years, the Prize will have several specific challenges, where we set you to work on a creative problem. There will also be mentoring sessions available, $500 cash prizes for 50 finalists along the way, with $25,000 and a Supplyframe Design Lab residency awarded to the Grand Prize winner.

We know you’re going to want to step up to the challenge, so to help get you started, Majenta Strongheart, Head of Design and Partnerships at Supplyframe, will drop by the Hack Chat with all the details on the 2021 Hackaday Prize. Come prepared to pick her brain on how the Prize is going to work this year, find out about the mentoring opportunities, and learn everything there is to know about this year’s competition. It’s the Greatest Hardware Design Challenge on Earth, so make sure you get in on the action.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, May 19 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
Continue reading “2021 Hackaday Prize Hack Chat; Join Us Live On Wednesday” →

Telemetry Debate Rocks Audacity Community In Open Source Dustup

May 17, 2021 by Tom Nardi 102 Comments

Starting an open source project is easy: write some code, pick a compatible license, and push it up to GitHub. Extra points awarded if you came up with a clever logo and remembered to actually document what the project is supposed to do. But maintaining a large open source project and keeping its community happy while continuing to evolve and stay on the cutting edge is another story entirely.

Just ask the maintainers of Audacity. The GPLv2 licensed multi-platform audio editor has been providing a powerful and easy to use set of tools for amateurs and professionals alike since 1999, and is used daily by…well, it’s hard to say. Millions, tens of millions? Nobody really knows how many people are using this particular tool and on what platforms, so it’s not hard to see why a pull request was recently proposed which would bake analytics into the software in an effort to start answering some of these core questions.

Now, the sort of folks who believe that software should be free as in speech tend to be a prickly bunch. They hold privacy in high regard, and any talk of monitoring their activity is always going to be met with strong resistance. Sure enough, the comments for this particular pull request went south quickly. The accusations started flying, and it didn’t take long before the F-word started getting bandied around: fork. If Audacity was going to start snooping on its users, they argued, then it was time to take the source and spin it off into a new project free of such monitoring.

The situation may sound dire, but truth be told, it’s a common enough occurrence in the world of free and open source software (FOSS) development. You’d be hard pressed to find any large FOSS project that hasn’t been threatened with a fork or two when a subset of its users didn’t like the direction they felt things were moving in, and arguably, that’s exactly how the system is supposed to work. Under normal circumstances, you could just chalk this one up to Raymond’s Bazaar at work.

But this time, things were a bit more complicated. Proposing such large and sweeping changes with no warning showed a troubling lack of transparency, and some of the decisions on how to implement this new telemetry system were downright concerning. Combined with the fact that the pull request was made just days after it was announced that Audacity was to be brought under new management, there was plenty of reason to sound the alarm.

Continue reading “Telemetry Debate Rocks Audacity Community In Open Source Dustup” →

Hackaday Links: May 16, 2021

May 16, 2021 by Dan Maloney 19 Comments

With the successful arrival of China’s first Mars lander and rover this week, and the relatively recent addition of NASA’s Perseverance rover and its little helicopter sidekick Ingenuity, Mars has collected a lot of new hardware lately. But while the new kids on the block are getting all the attention, spare a thought for the reliable old warhorse which has been plying Gale Crater for the better part of a decade now — Curiosity. NASA has been driving the compact-car-sized rover around Mars for a long time now, long enough to rack up some pretty severe damage to its six highly engineered wheels, thanks to the brutal Martian rocks. But if you think Curiosity will get sidelined as its wheels degrade, think again — the rover’s operators have a plan to continue surface operations that includes ripping off its own wheels if necessary. It’s a complex operation that would require positioning the wheel over a suitable rock and twisting with the steering motor to peel off the outer section of the wheel, leaving a rim to drive around on. JPL has already practiced it, but they predict it won’t be necessary until 2034 or so. Now that’s thinking ahead.

With all the upheaval caused by the ongoing and worsening semiconductor shortage, it might seem natural to expect that manufacturers are responding to market forces by building new fabs to ramp up production. And while there seems to be at least some movement in that direction, we stumbled across an article that seems to give the lie to the thought that we can build our way out of the crisis. It’s a sobering assessment, to say the least; the essence of the argument is that 20 years ago or so, foundries thought that everyone would switch to the new 300-mm wafers, leaving manufacturing based on 200-mm silicon wafers behind. But the opposite happened, and demand for chips coming from the older 200-mm wafers, including a lot of the chips used in cars and trucks, skyrocketed. So more fabs were built for the 200-mm wafers, leaving relatively fewer fabs capable of building the chips that the current generation of phones, IoT appliances, and 5G gear demand. Add to all that the fact that it takes a long time and a lot of money to build new fabs, and you’ve got the makings of a crisis that won’t be solved anytime soon.

From not enough components to too many: the Adafruit blog has a short item about XScomponent, an online marketplace for listing your excess inventory of electronic components for sale. If you perhaps ordered a reel of caps when you only needed a dozen, or if the project you thought was a done deal got canceled after all the parts were ordered, this might be just the thing for you. Most items offered appear to have a large minimum quantity requirement, so it’s probably not going to be a place to pick up a few odd parts to finish a build, but it’s still an interesting look at where the market is heading.

Speaking of learning from the marketplace, if you’re curious about what brands and models of hard drives hold up best in the long run, you could do worse than to look over real-world results from a known torturer of hard drives. Cloud storage concern Backblaze has published their analysis of the reliability of the over 175,000 drives they have installed in their data centers, and there’s a ton of data to pick through. The overall reliability of these drives, which are thrashing about almost endlessly, is pretty impressive: the annualized failure rate of the whole fleet is only 0.85%. They’ve also got an interesting comparison of HDDs and SSDs; Backblaze only uses solid-state disks for boot drives and for logging and such, so they don’t get quite the same level of thrash as drives containing customer data. But the annualized failure rate of boot SDDs is much lower than that of HDDs used in the same role. They slice and dice their data in a lot of fun and revealing ways, including by specific brand and model of drive, so check it out if you’re looking to buy soon.

And finally, you know that throbbing feeling you get in your head when you’re having one of those days? Well, it turns out that whether you can feel it or not, you’re having one of those days every day. Using a new technique called “3D Amplified Magnetic Resonance Imaging”, or 3D aMRI, researchers have made cool new videos that show the brain pulsating in time to the blood flowing through it. The motion is exaggerated by the imaging process, which is good because it sure looks like the brain swells enough with each pulse to crack your skull open, a feeling which every migraine sufferer can relate to. This reminds us a bit of those techniques that use special algorithms to detects a person’s heartbeat from a video by looking for the slight but periodic skin changes that occurs as blood rushes into the capillaries. It’s also interesting that when we spied this item, we were sitting with crossed legs, watching our upper leg bounce slightly in time with our pulse.

Continue reading “Hackaday Links: May 16, 2021” →

Should I Automate This?

May 15, 2021 by Elliot Williams 65 Comments

The short answer to the question posed in the headline: yes.

For the long answer, you have to do a little math. How much total time you will save by automating, over some reasonable horizon? It’s a simple product of how much time per occurrence, times how many times per day it happens, times the number of days in your horizon. Or skip out on the math because there’s an XKCD for that.

What’s fun about this table is that it’s kind of a Rorschach test that gives you insight into how much you suffer from automatitis. I always thought that Randall was trying to convince himself not to undertake (fun) automation projects, because that was my condition at the time. Looking at it from my current perspective, it’s a little bit shocking that something that’ll save you five seconds, five times a day, is worth spending twelve hours on. I’ve got some automating to do.

To whit: I use pass as my password manager because it’s ultimately flexible, simple, and failsafe. It stores passwords on my hard drive, and my backup server, encrypted with a GPG key that I have printed out on paper in a fireproof safe. Because I practice good cookie hygiene, I end up re-entering my passwords daily. Because I keep my passwords separate from my browser, that means entering username and password by cut-and-paste. There’s your five seconds, five times per day. Maybe two seconds, ten times, but it’s all the same. It shouldn’t take me even as long as twenty minutes to whip up a script that puts username and password into selection and clipboard for one-click pasting. Why haven’t I done this yet? I’m going to get on it as soon as I’m done with this newsletter.

But the this begs the question. If you spend up to twelve hours on every possible 25-second-per-day savings, when will you ever get your real work done? Again, math gives us the answer. One eight-hour workday * 25 seconds * 12 hours (pessimistically) of labor = 1.58 years before everything that needs automating will be. Next week’s newsletter might be a little bit delayed.

What do you see in the XKCD “Is it worth the time” table? Automate more, or step back from the cliff edge?

Hackaday Podcast 118: Apple AirTag Hacked, Infill Without Perimeters, Hair-Pulling Robots, And Unpacking The 555

May 14, 2021 by Mike Szczys 5 Comments

Hackaday editors Elliot Williams and Mike Szczys gather to ooh and aah over a week of interesting hacks. This week we’re delighted to welcome special guest Kristina Panos to talk about the Inputs of Interest series she has been working on over the last couple of years. In the news is the effort to pwn the new Apple AirTags, with much success over the past week. We look at turning a screenless Wacom tablet into something more using a donor iPad, stare right into the heart of a dozen 555 die shots, and watch what happens when you only 3D print the infill and leave the perimeters out.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~55 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 118: Apple AirTag Hacked, Infill Without Perimeters, Hair-Pulling Robots, And Unpacking The 555” →

This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6

May 14, 2021 by Jonathan Bennett 26 Comments

Some weeks are slow, and the picking are slim when discussing the latest security news. This was not one of those weeks.

First up is Fragattacks, a set of flaws in wireless security protocols, allowing unauthenticated devices to inject packets into the network, and in some cases, read data back out. The flaws revolve around 802.11’s support for packet aggregation and frame fragmentation. The whitepaper is out, so let’s take a look.

Fragmentation and aggregation are techniques for optimizing wireless connections. Packet aggregation is the inclusion of multiple IP packets in a single wireless frame. When a device is sending many small packets, it’s more efficient to send them all at once, in a single wireless frame. On the other hand, if the wireless signal-to-noise ratio is less than ideal, shorter frames are more likely to arrive intact. To better operate in such an environment, long frames can be split into fragments, and recombined upon receipt.

There are a trio of vulnerabilities that are built-in to the wireless protocols themselves. First up is CVE-2020-24588, the aggregation attack. To put this simply, the aggregation section of a wireless frame header is unauthenticated and unencrypted. How to exploit this weakness isn’t immediately obvious, but the authors have done something clever.

First, for the purposes of explanation, we will assume that there is already a TCP connection established between the victim and an attacker controlled server. This could be as simple as an advertisement being displayed on a visited web page, or an image linked to in an email. We will also assume that the attacker is performing a Man in the Middle attack on the target’s wireless connection. Without the password, this only allows the attacker to pass the wireless frames back and forth unmodified, except for the aggregation header data, as mentioned. The actual attack is to send a special IP packet in the established TCP connection, and then modify the header data on the wireless frame that contains that packet.

When the victim tries to unpack what it believes to be an aggregated frame, the TCP payload is interpreted as a discrete packet, which can be addressed to any IP and port the attacker chooses. To put it more simply, it’s a packet within a packet, and the frame aggregation header is abused to pop the internal packet out onto the protected network. Continue reading “This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6” →

Toyota’s Hydrogen-Burning Racecar Soon To Hit The Track

May 13, 2021 by Lewin Day 90 Comments

With the rise of usable electric cars in the marketplace, and markets around the world slowly phasing out the sale of fossil fuel cars, you could be forgiven for thinking that the age of the internal combustion engine is coming to an end. History is rarely so cut and dry, however, and new technologies aim to keep the combustion engine alive for some time yet.

Toyota’s upcoming Corolla Sport-based hydrogen-burning racer. Credit: Toyota media

One of the most interesting technologies in this area are hydrogen-burning combustion engines. In contrast to fuel cell technologies, which combine hydrogen with oxygen through special membranes in order to create electricity, these engines do it the old fashioned way – in flames. Toyota has recently been exploring the technology, and has announced a racecar sporting a three-cylinder hydrogen-burning engine will compete in this year’s Fuji Super TEC 24 Hour race.

Hydrogen Engines?

The benefit of a hydrogen-burning engine is that unlike burning fossil fuels, the emissions from burning hydrogen are remarkably clean. Burning hydrogen in pure oxygen produces only water as a byproduct. When burned in atmospheric air, the result is much the same, albeit with small amounts of nitrogen oxides produced. Thus, there’s great incentive to explore the substitution of existing transportation fuels with hydrogen. It’s a potential way to reduce pollution output while avoiding the hassles of long recharge times with battery electric technologies. Continue reading “Toyota’s Hydrogen-Burning Racecar Soon To Hit The Track” →