Marian Croak Is The MVP Of VoIP Adoption

July 7, 2020 by Kristina Panos 23 Comments

If you’ve ever used FaceTime, Skype, own a Magic Jack, or have donated money after a disaster by sending a text message, then you have Marian Croak to thank. Her leadership and forward thinking changed how Ma Bell used its reach and made all of these things possible.

Marian Croak is a soft-spoken woman and a self-described non-talker, but her actions spoke loudly in support of Internet Protocol (IP) as the future of communication. Humans are always looking for the next best communication medium, the fastest path to understanding each other clearly. We are still making phone calls today, but voice has been joined by text and video as the next best thing to being there. All of it is riding on a versatile network strongly rooted in Marian’s work.

Continue reading “Marian Croak Is The MVP Of VoIP Adoption” →

Linux In The Machine Shop Hack Chat

July 6, 2020 by Dan Maloney 67 Comments

Join us on Wednesday, July 8 at noon Pacific for the Linux in the Machine Shop Hack Chat with Andy Pugh!

From the time that numeric control started making inroads into machine shops in the middle of the last century until relatively recently, the power of being able to control machine tools with something other than a skilled human hand was evident. Unfortunately, the equipment to do so was expensive, and so NC technology remained firmly in the big shops, where a decent return on investment could be realized.

Fast forward a few decades, and everything that makes the computerized version of NC possible is cheap and easily available. Servos, steppers, drivers, and motion control components can be plugged together into CNC machines that can move a tool to a fixed point in space with incredible accuracy and repeatability. But without CNC software, none of it means a thing.

Enter Linux CNC, the free and open-source CNC package. With support for realtime operation, one-step installations, and a huge range of capabilities provided by a team of volunteer developers and supported by an active community, Linux CNC has democratized the world of CNC machines.

Andy Pugh is a frequent contributor to the Linux CNC codebase and a moderator on the forum. He knows a thing or two about Linux CNC in particular and Linux in the machine shop in general. He’ll stop by the Hack Chat to share his experiences with the Linux CNC project, tell us how Linux can revolutionize the machine shop, and maybe share a few stories from the world of CAD, CAM, and using Linux to make a few chips.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 8 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Continue reading “Linux In The Machine Shop Hack Chat” →

Hackaday Links: July 5, 2020

July 5, 2020 by Dan Maloney 8 Comments

Remember all the hubbub over Betelgeuse back in February? For that matter, do you even remember February? If you do, you might recall that the red giant in Orion was steadily dimming, which some took as a portent of an impending supernova. That obviously didn’t happen, but we now seem to have an explanation for the periodic dimming: an enormous dark spot on the star. “Enormous” doesn’t begin to describe this thing, which covers 70% of the face of a star that would extend past Jupiter if it replaced the sun. The dimming was originally thought to be dust being blown off the star as it goes through its death throes, but no evidence could be found for that, while direct observations in the terahertz range showed what amounted to a reduction in surface temperature caused by the enormous star spot. We just think it’s incredibly cool that Betelgeuse is so big that we can actually observe it as a disk rather than a pinpoint of light. At least for now.

If you think you’ve seen some challenging user interfaces, wait till you get a load of the cockpit of an F-15C Eagle. As part of a new series on human interfaces, Ars Technica invited Col. Andrea Themely (USAF-ret.) to give a tour of the fighter she has over 1,100 hours on. Bearing in mind that the Eagle entered service in 1976 and has been continually updated with the latest avionics — compare the video with the steam gauges of the cockpit of an F-15A — its cockpit is still a pretty busy place. As much as possible has been done to reduce pilot load, with controls being grouped by function and the use of color-coding — don’t touch the yellow and black stuff! — and the use of tactile feedback. It’s a fascinating deep dive into a workplace that few of us ever get to see, and we’re looking forward to the rest of the series.

Sad news from Seattle, where the Living Computers: Museum + Labs is closing up shop. The announcement only says they’re closing “for now”, so there’s at least some hope that the museum will be back once the COVID-19 downturn has run its course. We hope they do bounce back; it really was a great museum with a lot of amazing hardware on display. The Vintage Computer Festival PNW was held there in its inaugural year, an event we covered and had high hopes for in the future. We hope for the best for these educational and cultural institutions, but we can’t help but fear a little for their future.

So you suffer a partial amputation of your left hand, leaving you with only your thumb and your palm. That raises an interesting conundrum: you haven’t lost enough to replace the hand with a prosthetic one, but you still don’t have any fingers. That appears to be what happened to Ian Davis, and so he built his own partial prosthetic to replace his fingers. There’s not much backstory on his YouTube channel, but from what we can gather he has gone through several designs, most of which are myomechanical rather than myoelectric. Through a series of complex linkages, he’s able to control not only the opening and closing of the fingers, but also to splay them apart. It’s all in the wrist, as it were — his input gestures all come from flexing and extending his hand relative to his forearm, where the prosthesis is anchored. This results in a pretty powerful grip — much stronger than a myoelectric hand in a head-to-head test. And the coolness factor of his work is just off the scale. We’re looking forward to more from Ian, and hopefully enough background information for a full story on what he has accomplished.

A Reason To Code

July 4, 2020 by Elliot Williams 48 Comments

My son is just getting to the age that puts him in the crosshairs of all of the learn-to-code toys. And admittedly, we’ve been looking at some of those Logo-like toys where you can instruct a turtle-bot to make a few moves, and then to repeat them. After all, if breaking down a problem into sub-problems and automating the repetition isn’t the essence of programming, I don’t know what is.

But here’s the deal: I think drawing ‘bots are cooler than he does. If you ask a kid “hey, do you want a car that can draw?” that’s actually pretty low on the robot list. I’m not saying he won’t get into it once he’s got a little bit more coding under his belt and he can start to make it do fun things, but by itself, drawing just isn’t all that impressive. He can draw just fine, thank-you-very-much.

Meanwhile, I was making a robot arm. Or rather, I started up on yet another never-to-be-completed robot arm. (Frankly, I don’t know what I would do with a robot arm.) But at least I started with the gripper and wrist. Now that’s pretty cool for a kid, but the programming is waaaay too complicated. So I pulled the brains out and hooked up the servos to an RC plane remote. Just wiggling the thing around, duct-taped to the table, got him hooked. And this weekend, we’re building a remote controlled cherry-picker arm to put on a pole, because cherries are in season. His idea!

So no coding. He’s a little too young anyway, IMO. But silly little projects like these, stored deep in his subconscious, will give him a reason to program in the future, will make it plainly obvious that knowing how to program is useful. Now all I need is a reason to finish up a robot arm project…

Spacing Out: OneWeb Rescue, Starlink Base Stations, And Rocket Tests

July 3, 2020 by Jenny List 23 Comments

Another couple of weeks, and a fresh crop of space news to run through as a quick briefing of the latest in the skies above us.

OneWeb's most recent launch, from Baikonur on the 21st of March 2020. — OneWeb’s most recent launch, from Baikonur on the 21st of March 2020. (OneWeb)

The global positioning orbits are getting pretty crowded, with GPS, Russia’s GLONASS, the EU’s Galileo, Japan’s QZSS, and now with the launch of the final satellite in their constellation, China’s BeiDou. As if five were not enough the chance that they might be joined by a sixth constellation from the United Kingdom resurfaced this week, as the UK government is expressing interest in supporting a rescue package for the troubled satellite broadband provider OneWeb. The idea of an independent GPS competitor from a post-Brexit UK has been bouncing around for a couple of years now, and on the face of it until this opportune chance to purchase an “oven ready” satellite constellation might deliver a route to incorporating a positioning payload into their design. The Guardian has its doubts, lining up a bevvy of scientists to point out the rather obvious fact that a low-earth-orbit satellite broadband platform is a very different prospect to a much-higher-orbiting global positioning platform. Despite the country possessing the expertise through its work on Galileo then it remains to be seen whether a OneWeb purchase would be a stroke of genius or a white elephant. Readers with long memories will know that British government investment in space has had its upsets before.

Happily for Brits, not all space endeavours from their islands end in ignominious retreat. Skyrora have scored another milestone, launching the first ever rocket skywards from the Shetland Islands. The Skylark Nano is a relatively tiny craft at only 2m high, and gathered research data during its flight to an altitude of 6km. We’ve followed their work before, including their testing in May of a Skylark L rocket on the Scottish mainland with a view to achieving launch capability in 2023.

A Starlink phased array end user antenna, spotted in Winsconsin. (darkpenguin22)

SpaceX’s Starlink is never far away from the news, with a fresh set of launches delayed for extra pre-launch tests, and the prospect of signing up to be considered for the space broadband firm’s beta test. Of more interest for Hackaday readers though are a few shots of prototype Starlink ground stations and user terminals that have made it online, on the roof of a Tesla Gigafactory and at a SpaceX facility in Wisconsin. What can be seen are roughly 1.5m radomes for the ground stations and much smaller dinner-plate-sized enclosed arrays for the user terminals. The latter are particularly fascinating as they conceal computer-controlled phased arrays for tracking the constellation as it passes overhead. This is a technology more at home in billion-dollar military radars than consumer devices, so getting it to work on a budget that can put it on a roof anywhere in the world must be a challenge for the Starlink engineers. We can’t wait to see the inevitable eventual teardown when it comes.

Elsewhere, the Virgin Galactic SpaceShip Two completed its second glide test over its Mojave Spaceport home since being grounded in 2019 for extensive refitting, and is now said to be ready for powered tests leading to eventual commercial service giving the extremely well-heeled the chance to float in the zero gravity of suborbital spaceflight. And finally, comes the news that NASA are naming their Washington DC headquarters building for Mary W. Jackson, their first African American female engineer, whose story some of you may be familiar with from the book and film Hidden Figures. The previously unnamed building sits on a section of street named Hidden Figures Way.

Hackaday Podcast 074: Stuttering Swashplate, Bending Mirrors, Chasing Curves, And Farewell To Segway

July 3, 2020 by Mike Szczys 5 Comments

Hackaday editors Elliot Williams and Mike Szczys recap a week of hacks. A telescope mirror that can change shape and a helicopter without a swashplate lead the charge for fascinating engineering. These are closely followed by a vibratory wind generator that has no blades to spin. The Open Source Hardware Association announced a new spec this week to remove “Master” and “Slave” terminology from SPI pin names. The Segway is no more. And a bit of bravery and rock solid soldering skills can resurrect that Macbook that has one dead GPU.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 074: Stuttering Swashplate, Bending Mirrors, Chasing Curves, And Farewell To Segway” →

This Week In Security: Palo Alto Scores A 10, Cursed Images, VM Escapes, And Malicious Music

July 3, 2020 by Jonathan Bennett 12 Comments

We’ve looked at many vulnerabilities over the years here on Hackaday, but it’s rather rare for a CVE to score a perfect 10 severity. This is reserved for the most severe and exploitable of problems. Palo Alto announced such a vulnerability, CVE-2020-2021, on the 29th. This vulnerability affects Palo Alto devices running PAN-OS that have SAML authentication enabled and a certain validation option disabled. The vulnerability is pre-authentication, but does require access to a service protected by SAML authentication. For example, a Palo Alto device providing a web-based VPN could be vulnerable. The good news is that the vulnerable settings aren’t default, but the bad news is that the official configuration guide recommends the vulnerable settings for certain scenarios, like using a third party authentication service.

The issue is in the Security Assertion Markup Language (SAML) implementation, which is an XML based open standard for authentication. One of the primary use cases for SAML is to provide a Single Sign On (SSO) scheme. The normal deployment of SAML SSO is that a central provider handles the authentication of users, and then asserts to individual services that the connecting user is actually who they claim to be.

The setting needed for this vulnerability to be exploitable is ‘Validate Identity Provider Certificate’ to be disabled. If this option is enabled, the SSO provider must use a CA signed SAML certificates. This doesn’t appear to mean that unsigned SSL certificates would be accepted, and only applies to certificates inside the SAML messages. It seems to be widely accepted that these certificates don’t need to be CA signed. In the official announcement, the vulnerability type is said to be “CWE-347 Improper Verification of Cryptographic Signature”. Continue reading “This Week In Security: Palo Alto Scores A 10, Cursed Images, VM Escapes, And Malicious Music” →