This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
Hackaday editors Elliot Williams and Mike Szczys riff on the hardware hacks that took the Internet by storm this week. Machining siege weapons out of aluminum? If they can throw a tennis ball at 180 mph, yes please! Welding aficionados will love to see the Hero Engine come together. We dive into the high-efficiency game of hypermiling, and spin up the polarizing topic of the Sun Cycle. The episode wouldn’t be complete without hearing what the game of Go sounds like as a loop sequencer, and how a variable speed cassette player can be abused for the benefit of MIDI lovers the world over.
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
GitHub has enabled free code analysis on public repositories. This is the fruit of the purchase of Semmle, almost exactly one year ago. Anyone with write permissions to a repository can go into the settings, and enable scanning. Beyond the obvious use case of finding vulnerabilities, an exciting option is to automatically analyse pull requests and flag potential security problems automatically. I definitely look forward to seeing this tool in action.
The Code Scanning option is under the Security tab, and the process to enable it only takes a few seconds. I flipped the switch on one of my repos, and it found a handful of issues that are worth looking in to. An important note, anyone can run the tool on a forked repo and see the results. If CodeQL finds an issue, it’s essentially publicly available for anyone who cares to look for it.
Simpler Code Scanning
On the extreme other hand, [Will Butler] wrote a guide to searching for exploits using grep. A simple example, if raw shows up in code, it often signals an unsafe operation. The terms fixme or todo, often in comments, can signal a known security problem that has yet to be fixed. Another example is unsafe, which is an actual keyword in some languages, like Rust. If a Rust project is going to have vulnerabilities, they will likely be in an unsafe block. There are some other language-dependent pointers, and other good tips, so check it out.
The Android phone that you carry in your pocket is basically a small computer running Linux. So why is it so hard to get to a usable Linux environment on your phone? If you could run Linux, you could turn your cell phone into an ultra-portable laptop replacement.
Of course, the obvious approach is just to root the phone and clean-slate install a Linux distribution on it. That’s pretty extreme and, honestly, you would probably lose a lot of phone function unless you go with a Linux-specific phone like the PinePhone. However, using an installer called AnLinux, along with a terminal program and a VNC client, you can get a workable setup without nuking your phone’s OS, or even having root access. Let’s see what we can do. Continue reading “Linux Fu: The Linux Android Convergence”→
The coolest part of this year’s Hackaday Prize is teaming up with four nonprofit groups that outlined real-world challenges to tackle as part of the prize. To go along with this, the Dream Team challenge set out a two-month design and build program with small teams whose members each received a $6,000 stipend to work full time on a specific build.
The work of the Dream Team project is in, and today we’re taking a look at United Cerebral Palsy of Los Angeles (UCPLA) project which not only designed and built a universal remote for those affected with this condition, but also went to great lengths to make sure that “universal” was built into the software and user experience just as much as it was built into the hardware itself. Join us after the break for a closer look a the project, and to see the team’s presentation video.
SLA printing in resin is great, but part washing can be a hassle. The best results come from a two-stage wash, but that also means more material and more processing steps. Fortunately, there are ways to make it easier and more effective. One such way is to use a part washing machine, and I’ll cover a DIY option to make your own, but despite what the advertising implies for the commercial ones, a wash machine isn’t a cure-all.
Let’s go through how to get the best results from part washing, how to make the solvent last as long as possible, and how to dispose of the eventual waste.
Resin-Printed Parts Need Washing
All parts printed in resin emerge from the printer coated in syrupy, uncured goop. This needs to be removed completely, or the print ends up sticky and no amount of drying or additional UV curing will change that. (There is a way to fix sticky prints, but it’s better to avoid the situation in the first place.)
Simple part washing can be done with nothing more than a jar in which to rinse and soak a small part for about ten minutes, but agitation and a secondary wash will go a long way toward better and more consistent results. As mentioned, part washing machines like to present themselves as a one-appliance solution, but best results still come from a two-stage wash, and that means some additional steps.
Join us on Wednesday, October 7th at noon Pacific for the DIY Lasers Hack Chat with Les Wright!
It’s not too much of a reach to say that how we first experienced the magic of lasers sort of dates where we fall on the technology spectrum. For the youngest among us, lasers might have been something trivial, to be purchased for a couple of bucks at the convenience store. Move back a few decades and you might have had to harvest a laser from a CD player to do some experiments, or back further, perhaps you first saw a laser in high school physics class, with that warm, red-orange glow of a helium-neon tube.
But back things up only a few decades before that, and if you wanted to play with lasers, you had to build one yourself. It was a popular if niche hobby with a dedicated following of amateur physicists who scrounged around for the unlikely parts needed: ruby rods, quartz-glass tubes, and exotic dyes. Couple them together with high-voltage power supplies, vacuum pumps made from converted refrigerator compressors, and homemade optical benches, and if the stars aligned, these parts could be coaxed into producing a gloriously intense burst of light, which as often as not hooked its creator as a lifelong laser addict.
We’re not sure which camp Les Wright falls into, but from the content of his growing YouTube channel, we’d say he’s caught the laser bug. We recently took a look at his high-performance nitrogen laser, which he’s been having fun with as the basis for a tunable dye laser. Along the way he’s been necessarily mucking around with high-voltage power supplies, oscilloscopes, and the occasional robot or two.
Les will stop by the Hack Chat to talk about everything going on in his lab, with a focus on his laser experiments. Join us with your questions on DIY lasers, and stop by to pick up some tricks that might help you catch the laser bug too.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
In case you hadn’t noticed, it was a bad week for system admins. Pennsylvania-based United Health Services, a company that owns and operates hospitals across the US and UK, was hit by a ransomware attack early in the week. The attack, which appears to be the Ryuk ransomware, shut down systems used by hospitals and health care providers to schedule patient visits, report lab results, and do the important job of charting. It’s not clear how much the ransomers want, but given that UHS is a Fortune 500 company, it’s likely a tidy sum.
And as if an entire hospital corporation’s IT infrastructure being taken down isn’t bad enough, how about the multi-state 911 outage that occurred around the same time? Most news reports seemed to blame the outage on an Office 365 outage happening at the same time, but Krebs on Security dug a little deeper and traced the issue back to two companies that provide 911 call routing services. Each of the companies is blaming the other, so nobody is talking about the root cause of the issue. There’s no indication that it was malware or ransomware, though, and the outage was mercifully brief. But it just goes to show how vulnerable our systems have become.
Our final “really bad day at work” story comes from Japan, where a single piece of failed hardware shut down a $6-trillion stock market. The Tokyo Stock Exchange, third-largest bourse in the world, had to be completely shut down early in the trading day Thursday when a shared disk array failed. The device was supposed to automatically failover to a backup unit, but apparently the handoff process failed. This led to cascading failures and blank terminals on the desks of thousands of traders. Exchange officials made the call to shut everything down for the day and bring everything back up carefully. We imagine there are some systems people sweating it out this weekend to figure out what went wrong and how to keep it from happening again.
With our systems apparently becoming increasingly brittle, it might be a good time to take a look at what goes into space-rated operating systems. Ars Technica has a fascinating overview of the real-time OSes used for space probes, where failure is not an option and a few milliseconds error can destroy billions of dollars of hardware. The article focuses on the RTOS VxWorks and goes into detail on the mysterious rebooting error that affected the Mars Pathfinder mission in 1997. Space travel isn’t the same as running a hospital or stock exchange, of course, but there are probably lessons to be learned here.
As if 2020 hasn’t dealt enough previews of various apocalyptic scenarios, here’s what surely must be a sign that the end is nigh: AI-generated PowerPoint slides. For anyone who has ever had to sit through an endless slide deck and wondered who the hell came up with such drivel, the answer may soon be: no one. DeckRobot, a startup company, is building an AI-powered extension to Microsoft Office to automate the production of “company compliant and visually appealing” slide decks. The extension will apparently be trained using “thousands and thousands of real PowerPoint slides”. So, great — AI no longer has to have the keys to the nukes to do us in. It’ll just bore us all to death.
And finally, if you need a bit of a palate-cleanser after all that, please do check out robotic curling. Yes, the sport that everyone loves to make fun of is actually way more complicated than it seems, and getting a robot to launch the stones on the icy playing field is a really complex and interesting problem. The robot — dubbed “Curly”, of course — looks like a souped-up Roomba. After sizing up the playing field with a camera on an extendable boom, it pushes the stone while giving it a gentle spin to ease it into exactly the right spot. Sadly, the wickedly energetic work of the sweepers and their trajectory-altering brooms has not yet been automated, but it’s still pretty cool to watch. But fair warning: you might soon find yourself with a curling habit to support.
