Hackaday Columns

4552 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Psychic Paper, Spilled Salt, And Malicious Captchas

May 8, 2020 by 10 Comments

Apple recently patched a security problem, and fixed the Psychic Paper 0-day. This was a frankly slightly embarrasing flaw that [Siguza] discovered in how iOS processed XML data in an application’s code signature that allowed him access to any entitlement on the iOS system, including running outside a sandbox.

Entitlements on iOS are a set of permissions that an application can request. These entitlements range from the aforementioned com.apple.private.security.no-container to platform-application, which tells the system that this is an official Apple application. As one would expect, Apple controls entitlements with a firm grip, and only allows certain entitlements on apps hosted on their official store. Even developer-signed apps are extremely limited, with only two entitlements allowed.

This system works via an XML list document that is part of the signed application. XML is a relative of HTML, but with a stricter set of rules. What [Siguza] discovered is that iOS contains 4 different XML parsers, and they deal with malformed XML slightly differently. The kicker is that one of those parsers does the security check, while a different parser is used for that actual permission implementation. Is it possible that this mismatch could contain a vulnerability? Of course there is.
Continue reading “This Week In Security: Psychic Paper, Spilled Salt, And Malicious Captchas”

Fail Of The Week: Bright Idea For LED Signs Goes Bad

May 8, 2020 by 43 Comments

Typically when we select a project for “Fail to the Week” honors, it’s because something went wrong with the technology of the project. But the tech of [Leo Fernekes]’ innovative LED sign system was never the problem; it was the realities of scaling up to production as well as the broken patent process that put a nail in this promising project’s coffin, which [Leo] sums up succinctly as “The Inventor’s Paradox” in the video below.

The idea [Leo] had a few years back was pretty smart. He noticed that there was no middle ground between cheap, pre-made LED signs and expensive programmable signboards, so he sought to fill the gap. The result was an ingenious “LED pin”, a tiny module with an RGB LED and a microcontroller along with a small number of support components. The big idea is that each pin would store its own part of a display-wide animation in flash memory. Each pin has two terminals that connect to metal cladding on either side of the board they attach to. These two conductors supply not only power but synchronization for all the pins with a low-frequency square wave. [Leo]’s method for programming the animations — using a light sensor on each pin to receive signals from a video projector — is perhaps even more ingenious than the pins themselves.

[Leo]’s idea seemed destined for greatness, but alas, the cruel realities of scaling up struck hard. Each prototype pin had a low part count, but to be manufactured economically, the entire BOM would have to be reduced to almost nothing. That means an ASIC, but the time and expense involved in tooling up for that were too much to bear. [Leo] has nothing good to say about the patent game, either, which his business partners in this venture insisted on playing. There’s plenty of detail in the video, but he sums it up with a pithy proclamation: “Patents suck.”

Watching this video, it’s hard not to feel sorry for [Leo] for all the time he spent getting the tech right only to have no feasible way to get a return on that investment. It’s a sobering tale for those of us who fancy ourselves to be inventors, and a cautionary tale about the perils of participating in a patent system that clearly operates for the benefit of the corporations rather than the solo inventor. It’s not impossible to win at this game, as our own [Bob Baddeley] shows us, but it is easy to fail.

Continue reading “Fail Of The Week: Bright Idea For LED Signs Goes Bad”

Ask Hackaday: Wink Hubs, Extortion As A Service?

May 7, 2020 by 142 Comments

Wink Labs just announced that their home automation hub, the Wink Hub, is “transitioning to a $4.99 monthly subscription, starting on May 13, 2020.” Should you fail to pay the fiver every month, you will lose access to their app, voice control, and automations, which is everything it does as far as we can tell.

This is an especially bitter pill to swallow for Hub users, because the device was just that — a hub. It speaks Bluetooth, Z-Wave, ZigBee, WiFi, Kidde, and a couple other specific device protocols, interfaces with Amazon’s Alexa, has a handy Android master panel app, and had a nice “robot” system that made the automation side of “home automation” simple for normal people. In short, with its low one-time purchase price, compatibility with many devices, nice phone app, and multiple radios, it was a great centerpiece for a home-automation setup.

“Nice home automation system you’ve got there. Would be a shame if anything happened to it.”

Continue reading “Ask Hackaday: Wink Hubs, Extortion As A Service?”

Inputs Of Interest: I’m Building An ErgoDox!

May 6, 2020 by 33 Comments

I’ve been using my Kinesis Advantage keyboard for two months, and I love it. I’ll never go back to a regular keyboard again if I can help it.

There are a few downsides to it, however. The biggest one is that split distance between the two sides is fixed. It doesn’t have Cherry MX blues (although the browns plus the firmware beeps is pretty nice). It doesn’t have layers, really — just a ten-key under the right hand. And honestly, it’s not very portable.

ErgoDox with Nuclear Data keycaps via geekhack

I took the Kinesis out to a coffee shop a few times before they all dried up into drive-thrus, and plunking it down on a four-top out in public made me realize just how large and loud it really is.

And so I’m building an ErgoDox keyboard. What I really want to build is a Dactyl — a curved variation on the ErgoDox — but I can’t just go whole-hog into that without building some type of keyboard first. That’s just my practical nature, I guess. I realize that the comparison is weak, because I’ll have to hand-wire the keyboard matrix when I make the dactyl. Assembling an ErgoDox is child’s play, comparatively. Our goal today is to lay out just what I’m getting myself into with a build like this one.

Continue reading “Inputs Of Interest: I’m Building An ErgoDox!”

NASA’s Plan For Sustained Lunar Exploration

May 5, 2020 by 41 Comments

The Apollo program proved that humans could land on the Moon and do useful work, but due to logistical and technical limitations, individual missions were kept short. For the $28 billion ($283 billion adjusted) spent on the entire program, astronauts only clocked in around 16 days total on the lunar surface. For comparison, the International Space Station has cost an estimated $150 billion to build, and has remained continuously occupied since November 2000. Apollo was an incredible technical achievement, but not a particularly cost-effective way to explore our nearest celestial neighbor.

Leveraging lessons learned from the Apollo program, modern technology, and cooperation with international and commercial partners, NASA has recently published their plans to establish a sustained presence on the Moon within the next decade. The Artemis program, named for the twin sister of Apollo, won’t just be a series of one-off missions. Fully realized, it would consist not only of a permanent outpost where astronauts will work and live on the surface of the Moon for months at a time, but a space station in lunar orbit that provides logistical support and offers a proving ground for the deep-space technologies that will eventually be required for a human mission to Mars.

It’s an ambitious program on a short timeline, but NASA believes it reflects the incredible technological strides that have been made since humans last left the relative safety of low Earth orbit. Operating the International Space Station for 20 years has given the countries involved practical experience in assembling and maintaining a large orbital complex, and decades of robotic missions have honed the technology required for precision powered landings. By combining all of the knowledge gained since the end of Apollo, the Artemis program hopes to finally establish a continuous human presence on and around the Moon.

Continue reading “NASA’s Plan For Sustained Lunar Exploration”

The Vaccine Factory Inside You: RNA Vaccine Basics

May 4, 2020 by 19 Comments

As the world pulls back from the acute phase of the COVID-19 pandemic, it enters what will be perhaps a more challenging time: managing the long-term presence of the SARS-CoV-2 virus that causes the disease. In the roughly two-century history of modern vaccination practices, we’ve gotten pretty good at finding ways to protect ourselves from infectious diseases, and there’s little doubt that we’ll do the same for SARS-CoV-2. But developing a vaccine against any virus or bacterium takes time, and in a pandemic situation, time is exactly what’s at a premium.

In an effort to create an effective vaccine against this latest viral threat, scientists and physicians around the world have been taking a different approach to inoculation. Rather than stimulating the immune system in the usual way with a weakened sample of the virus, they’re trying to use the genetic material of the virus to stimulate an immune response. These RNA vaccines are a novel approach to a novel infection, and understanding how they work will be key to deciding whether they’ll be the right way to attack this pandemic.

Continue reading “The Vaccine Factory Inside You: RNA Vaccine Basics”

ESP32-S2 Hack Chat With Adafruit

May 4, 2020 by 23 Comments

Join us on Wednesday, May 6 at noon Pacific for the ESP32-S2 Hack Chat with Limor “Ladyada” Fried and Scott Shawcroft!

When Espressif released the ESP8266 microcontroller back in 2014, nobody could have predicted how successful the chip was to become. While it was aimed squarely at the nascent IoT market and found its way into hundreds of consumer devices like smart light bulbs, hackers latched onto the chip and the development boards it begat with gusto, thanks to its powerful microcontroller, WiFi, and lots of GPIO.

The ESP8266 was not without its problems, though, and security was always one of them. The ESP32, released in 2016, addressed some of these concerns. The new chip added another CPU core, a co-processor, Bluetooth support, more GPIO, Ethernet, CAN, more and better ADCs, a pair of DACs, and a host of other features that made it the darling of the hacker world.

Now, after being announced in September of 2019, the ESP32-S2 is finally making it into hobbyist’s hands. On the face of it, the S2 seems less capable, with a single core and neither Bluetooth nor Ethernet. But with a much faster CPU, scads more GPIO, more ADCs, a RISC-V co-processor, native USB, and the promise of very low current draw, it could be that the ESP32-S2 proves to be even more popular with hobbyists as it becomes established.

To talk us through the new chip’s potential, Limor “Ladyada” Fried and Scott Shawcroft, both of Adafruit Industries, will join us on the Hack Chat. Come along and learn everything you need to know about the ESP32-S2, and how to put it to work for you.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, May 6 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
Continue reading “ESP32-S2 Hack Chat With Adafruit”