Hackaday Links: January 26, 2019

January 26, 2020 by Dan Maloney 20 Comments

The news this week was dominated by the novel coronavirus outbreak centered in Wuhan, China. Despite draconian quarantines and international travel restrictions, the infection has spread far beyond China, at least in small numbers. A few cases have been reported in the United States, but the first case reported here caught our eye for the technology being used to treat it. CNN and others tell us that the traveler from Wuhan is being treated by a robot. While it sounds futuristic, the reality is a little less sci-fi than it seems. The device being used is an InTouch Vici, a telemedicine platform that in no way qualifies as a robot. The device is basically a standard telepresence platform that has to be wheeled into the patient suite so that providers can interact with the patient remotely. True, it protects whoever is using it from exposure, but someone still has to gown up and get in with the patient. We suppose it’s a step in the right direction, but we wish the popular press would stop slapping a “robot” label on things they don’t understand.

Also in health news, did you know you’re probably not as hot as you think you are? While a glance in the mirror would probably suffice to convince most of us of that fact, there’s now research that shows human body temperature isn’t what it used to be. Using medical records from the Civil War-era to the 1930s and comparing them to readings taken in the 1970s and another group between 2007 and 2017, a team at Stanford concluded that normal human body temperature in the USA has been slowly decreasing over time. They proposed several explanations as to why the old 98.6F (37C) value is more like 97.5F (36.4C) these days, the most interesting being that general overall inflammation has decreased as sanitation and food and water purity have increased, leading the body to turn down its thermostat, so to speak. Sadly, though, if the trend holds up, our body temperature will reach absolute zero in only 111,000 years.

Wine, the not-an-emulator that lets you run Windows programs on POSIX-compliant operating systems, announced stable release 5.0 this week. A year in the making, the new version’s big features are multi-monitor support with dynamic configuration changes and support for the Vulkan spec up to version 1.1.126.

Any color that you want, as long as it’s amorphous silicon. Sono Motors, the German start-up, has blown past its goal of raising 50 million euros in 50 days to crowdfund production of its Sion solar-electric car. The car is planned to have a 255 km range on a full charge, with 34 km of that coming from the solar cells that adorn almost every bit of the exterior on the vehicle. Living where the sun doesn’t shine for a third of the year, we’re not sure how well this will pay off, but it certainly seems smarter than covering roads with solar cells.

And finally, here’s a trip down memory lane for anyone who suffered through some of the cringe-worthy depictions of technology that Hollywood came up with during the 70s, 80s, and 90s. Looking back through the clips shown in “copy complete” reminds us just how many movies started getting into the tech scene. It wasn’t just the sci-fi and techno-thrillers that subjected us to closeups of scrolling random characters and a terminal that beeped every time something changed on the screen. Even straight dramas like Presumed Innocent and rom-coms like You’ve Got Mail and whatever the hell genre Ghost was got in on the act. To be fair, some depictions were pretty decent, especially given the realities of audience familiarity with tech before it became pervasive. And in any case, it was fun to just watch and remember when movies were a lot more watchable than they are today.

New Part Day: LED Driver Is FPGA Dev Board In Disguise

January 24, 2020 by Elliot Williams 51 Comments

Our new part of the day is the ColorLight 5A-75B, a board that’s meant to drive eight of those ubiquitous high-density color LED panels over gigabit Ethernet. If you were building a commercial LED wall, you’d screw a bunch of the LED panels together, daisy-chain a bunch of these boards to drive them, supply power, and you’d be done. Because of that high-volume application, these boards are inexpensive, around $15 each, and available as quickly as you can get stuff shipped from China.

But we’re not here to talk commercial applications. Managing fast Ethernet and pushing so many pixels in real time is a task best handled by an FPGA, and [Tom Verbeure] noticed that these things were essentially amazing FPGA development boards and started hacking on them. [q3k] put it up on GitHub, and you can follow along with the chubby75 reverse engineering project to dig into their secrets.

While the first generations of these boards used the old-standby Spartan 6, things got interesting for fans of open FPGA tools when newer versions were found using the Lattice ECP5-25 chips, the little brother of the stonking big chip [Sprite_TM] used on the 2019 Hackaday Supercon badge. If you want to grab one you’re looking for ColorLight boards marked with revision 6 or 7 as of this writing.

What does this mean? For the price of a gourmet hamburger, you get an FPGA that’s big enough to run a RISC-V softcore, two 166 MHz, 2 MB SDRAMS, flash for the FPGA bitstream, a bazillion digital outputs on 5 V level shifters, and two gigabit Ethernet ports. The JTAG port is broken out in 0.1″ headers, and it works with OpenOCD, which is ridiculously convenient. How’s that for a well-stocked budget FPGA dev board that’s served by a completely open toolchain? Continue reading “New Part Day: LED Driver Is FPGA Dev Board In Disguise” →

Hackaday Podcast 051: Pointing With Your Tongue, C64 Touchpad, USB Killcord, And Audacity Does Everything

January 24, 2020 by Mike Szczys 2 Comments

Hackaday editors Mike Szczys and Elliot Williams sort through the hacks you might have missed over the past seven days. In FPGA hacking news, there’s a ton of work being done on a newly discovered FPGA dev board. Kristina has a new column on input devices, kicking it off with tongue-actuated controllers. We wax philosophical about what data you need to backup and what you should let go. Plus Audacity is helping tune up CNC machines, copper tape is the prototyper’s friend, and fans of Open should take note of this laptop project.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 051: Pointing With Your Tongue, C64 Touchpad, USB Killcord, And Audacity Does Everything” →

This Week In Security: Chrome Speech Bug, UDP Fragmentation, And The Big Citrix Vulnerability

January 24, 2020 by Jonathan Bennett 5 Comments

A critical security bug was fixed in Chrome recently, CVE-2020-6378. The CVE report is still marked private, as well as the bug report. All we have is “Use-after-free in speech recognizer”. Are we out of luck, trying to learn more about this vulnerability? If you look closely at the private bug report, you’ll notice it’s in the Chromium bug tracker. Chrome is based primarily on the Chromium project, with a few proprietary features added. Since Chromium is open source, we can go find the code change that fixed this bug, and possibly learn more about it.

Off to the Chromium source, mirrored on Github. We could look at every commit, and eventually find the one we’re looking for, but Chromium commit messages usually include a reference to the bug that is fixed by that commit. So, we can use Github’s search function to find a commit that mentions 1018677. Just like that, we’ve found a single commit and more information.

The shutdown mentioned in the commit message is possibly referring to the browser being closed, but could also refer to the tab doing the speech recognizing, or even the speech system itself. Because multiple parts are being unloaded in parallel, there is a race condition between calling the abort object, and that object being unloaded from memory. This race can result in a classic use-after-free, jumping code execution to a memory location that’s already been freed.

All interesting, but how does this warrant a Critical rating? Enter the Web Speech API. I’m speculating just a bit, but it’s likely that this API uses the speech recognizer code in question. It may even be interacting with the security prompt that triggers the crash. Imagine that an attacking page attempts to use the speech API, and then releases the API object before the user can respond to the prompt. That *might* be the scenario that was discovered, though we’re deep into speculation, now. Continue reading “This Week In Security: Chrome Speech Bug, UDP Fragmentation, And The Big Citrix Vulnerability” →

The Truth Is In There: The Art Of Electronics, The X-Chapters

January 23, 2020 by Ted Yapo 41 Comments

If you’ve been into electronics for any length of time, you’ve almost certainly run across the practical bible in the field, The Art of Electronics, commonly abbreviated AoE. Any fan of the book will certainly want to consider obtaining the latest release, The Art of Electronics: The x-Chapters, which follows the previous third edition of AoE from 2015. This new book features expanded coverage of topics from the previous editions, plus discussions of some interesting but rarely traveled areas of electrical engineering.

For those unfamiliar with it, AoE, first published in 1980, is an unusually useful hybrid of textbook and engineer’s reference, blending just enough theory with liberal doses of practical experience. With its lively tone and informal style, the book has enabled people from many backgrounds to design and implement electronic circuits.

After the initial book, the second edition (AoE2) was published in 1989, and the third (AoE3) in 2015, each one renewing and expanding coverage to keep up with the rapid pace of the field. I started with the second edition and it was very well worn when I purchased a copy of the third, an upgrade I would recommend to anyone still on the fence. While the second and third books looked a lot like the first, this new one is a bit different. It’s at the same time an expanded discussion of many of the topics covered in AoE3 and a self-contained reference manual on a variety of topics in electrical engineering.

I pre-ordered this book the same day I learned it was to be published, and it finally arrived this week. So, having had the book in hand — almost continuously — for a few days, I think I’ve got a decent idea of what it’s all about. Stick around for my take on the latest in this very interesting series of books.

Continue reading “The Truth Is In There: The Art Of Electronics, The X-Chapters” →

P-51 Cockpit Recreated With Help Of Local Makerspace

January 22, 2020 by Dan Maloney 22 Comments

It’s surprisingly easy to misjudge tips that come into the Hackaday tip line. After filtering out the omnipresent spam, a quick scan of tip titles will often form a quick impression that turns out to be completely wrong. Such was the case with a recent tip that seemed from the subject line to be a flight simulator cockpit. The mental picture I had was of a model cockpit hooked to Flight Simulator or some other off-the-shelf flying game, many of which we’ve seen over the years.

I couldn’t have been more wrong about the project that Grant Hobbs undertook. His cockpit simulator turned out to be so much more than what I thought, and after trading a few emails with him to get all the details, I felt like I had to share the series of hacks that led to the short video below and the story about how he somehow managed to build the set despite having no previous experience with the usual tools of the trade.

Continue reading “P-51 Cockpit Recreated With Help Of Local Makerspace” →

Fail Of The Week: Padlock Purports To Provide Protection, Proves Pathetic

January 21, 2020 by Dan Maloney 49 Comments

Anyone in the know about IoT security is likely to steer clear of a physical security product that’s got some sort of wireless control. The list of exploits for such devices is a long, sad statement on security as an afterthought, if at all. So it’s understandable if you think a Bluetooth-enabled lock is best attacked via its wireless stack.

As it turns out, the Master 5440D Bluetooth Key Safe can be defeated in a few minutes with just a screwdriver. The key safe is the type a realtor or AirBnB host would use to allow access to a property’s keys. [Bosnianbill] embarked on an inspection of the $120 unit, looking for weaknesses. When physical attacks with a hammer and spoofing the solenoids with a magnet didn’t pay off, he decided to strip off the resilient skin that Master so thoughtfully provided to prevent the box from marring the finish of a door or gate. The denuded device thus revealed its awful secret: two Phillips screws, each securing a locking shackle to the cover. Once those are loose, a little prying with a screwdriver is all that’s need to get the keys to the kingdom.

In a follow-up video posted later, [Bill] took a closer look at another key safe and found that Master had made an anemic effort to fix this vulnerability with a squirt of epoxy in each screw head. It’s weak, at best, since a tap with a hammer compresses the gunk enough to get a grip on the screw.

We really thought [Bosnianbill]’s attack would be electronic, like that time [Dave Jones] cracked a safe with an oscilloscope. Who’d have thought a screwdriver would be the best way past the wireless stack?

Continue reading “Fail Of The Week: Padlock Purports To Provide Protection, Proves Pathetic” →