Hackaday Columns

4430 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Choosing The Right Battery For Your Electric Vehicle Build

January 7, 2020 by 43 Comments

Many a hacker has looked at their scooter, bike, or skateboard, and decided that it would be even better if only it had a motor on it. Setting out to electrify one’s personal transport can be an exciting and productive journey, and one that promises to teach many lessons about mechanical and electronic engineering. Fundamentally, the key to any build is the battery, which has the utmost say in terms of your vehicle’s performance and range. To help out, we’ve prepared a useful guide on selecting the right battery for your needs.

One Chemistry To Rule Them All

Batteries come in all shapes and sizes, and a variety of different chemistries that all have their own unique properties and applications. When it comes to small electric vehicles, it’s desirable to have a battery with a low weight, compact size, plenty of current delivery for quick acceleration, and high capacity for long range.

30 years ago, options were limited to lead acid, nickel cadmium, and nickel metal hydride batteries. These were heavy, with low current output, poor capacity, and incredibly slow charge times. Thankfully, lithium polymer batteries have come along in the meantime and are more capable across the board. Offering huge discharge rates, fast charging, light weight and high capacity, they’re undeniably the ultimate choice for a high performance electric vehicle. They’re also wildly popular, and thus cheap, too!

There are some hangups, however. It’s important to keep all the cells in a pack at the same voltage in order to avoid cells back-charging each other. This can cause damage to the pack, or even explosions or fire. Maintaining the battery voltages to avoid this is called “balancing”. It can be handled in various ways, depending on the exact style of battery you’re using, as we’ll cover later.

Additionally, lithium batteries do not like being over-discharged. As a rule of thumb, it’s a good idea not to let your batteries drop below 3.0 V per cell. Failure to keep this in check can lead to ruining a pack, hurting its maximum capacity and ability to deliver current.

There are thankfully ways around these issues, and which ones you use depends on the battery you choose for your application. Continue reading “Choosing The Right Battery For Your Electric Vehicle Build”

Organic Audio: Putting Carrots As Audio Couplers To The Test

January 6, 2020 by 34 Comments

[Boltz999]'s carrot interconnect.
[Boltz999]’s carrot interconnect.
If there’s one thing that gives us joy here at Hackaday it’s a story of audio silliness. There is a rich vein of dubious products aimed at audiophiles which just beg to be made fun of, and once in a while we oblige. But sometimes an odd piece of audio equipment emerges with another purpose. Take [Boltz999]’s interconnects for example, which were born of necessity when there were no female-to-female phono adapters to connect a set of cables. Taking a baby carrot and simply plugging the phonos into its flesh delivered an audio connectivity solution that worked.

Does this mean that our gold-nanoparticle-plated oxygen-free directional audio cables are junk, and we should be heading for the supermarket to pick up a bag of root vegetables instead? I set out to test this new material in the secret Hackaday audio lab, located on an anonymous 1970s industrial estate in Milton Keynes, UK.

Continue reading “Organic Audio: Putting Carrots As Audio Couplers To The Test”

Hackaday Links Column Banner

Hackaday Links: January 5, 2020

January 5, 2020 by 30 Comments

It looks like the third decade of the 21st century is off to a bit of a weird start, at least in the middle of the United States. There, for the past several weeks, mysterious squads of multicopters have taken to the night sky for reasons unknown. Witnesses on the ground report seeing both solo aircraft and packs of them, mostly just hovering in the night sky. In mid-December when the nightly airshow started, the drones seemed to be moving in a grid-search pattern, but that seems to have changed since then. These are not racing drones, nor are they DJI Mavics; witnesses report them to be 6′ (2 meters) in diameter and capable of staying aloft for 90 minutes. These are serious professional machines, not kiddies on a lark. So far, none of the usual government entities have taken responsibility for the flights, so speculation is all anyone has as to their nature. We’d like to imagine someone from our community will get out there with radio direction finding gear to locate the operators and get some answers.

We all know that water and electricity don’t mix terribly well, but thanks to the seminal work of White, Pinkman et al (2009), we also know that magnets and hard drives are a bad combination. But that didn’t stop Luigo Rizzo from using a magnet to recover data from a hard drive. He reports that the SATA drive had been in continuous use for more than 11 years when it failed to recover after a power outage. The spindle would turn but the heads wouldn’t move, despite several rounds of percussive maintenance. Reasoning that the moving coil head mechanism might need a magnetic jump-start, he probed the hard drive case with a magnetic parts holder until the head started moving again. He was then able to recover the data and retire the drive. Seems like a great tip to file away for a bad day.

It seems like we’re getting closer to a Star Trek future every day. No, we probably won’t get warp drives or transporters anytime soon, and if we’re lucky velour tunics and Spandex unitards won’t be making a fashion statement either. But we may get something like Dr. McCoy’s medical scanner thanks to work out of MIT using lasers to conduct a non-contact medical ultrasound study. Ultrasound exams usually require a transducer to send sound waves into the body and pick up the echoes from different structures, with the sound coupled to the body through an impedance-matching gel. The non-contact method uses pulsed IR lasers to penetrate the skin and interact with blood vessels. The pulses rapidly heat and expand the blood vessels, effectively turning them into ultrasonic transducers. The sound waves bounce off of other structures and head back to the surface, where they cause vibrations that can be detected by a second laser that’s essentially a sophisticated motion sensor. There’s still plenty of work to do to refine the technique, but it’s an exciting development in medical imaging.

And finally, it may actually be that the future is less Star Trek more WALL-E in the unlikely event that Segway’s new S-Pod personal vehicle becomes popular. The two-wheel self-balancing personal mobility device is somewhat like a sitting Segway, except that instead of leaning to steer it, the operator uses a joystick. Said to be inspired by the decidedly not Tyrannosaurus rex-proof “Gyrosphere” from Jurassic World, the vehicle tops out at 24 miles per hour (39 km/h). We’re not sure what potential market for these things would need performance like that – it seems a bit fast for the getting around the supermarket and a bit slow for keeping up with city traffic. So it’s a little puzzling, although it’s clearly easier to fully automate than a stand-up Segway.

Hackaday Podcast 048: Truly Trustworthy Hardware, Glowing Uranium Marbles, Bitstreaming The USB, Chaos Of Congress

January 3, 2020 by 7 Comments

Hackaday editors Elliot Williams and Mike Szczys kick off the first podcast of the new year. Elliot just got home from Chaos Communications Congress (36c3) with a ton of great stories, and he showed off his electric cargo carrier build while he was there. We recount some of the most interesting hacks of the past few weeks, such as 3D-printed molds for making your own paper-pulp objects, a rudimentary digital camera sensor built by hand, a tattoo-removal laser turned welder, and desktop-artillery that’s delivered in greeting-card format.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 048: Truly Trustworthy Hardware, Glowing Uranium Marbles, Bitstreaming The USB, Chaos Of Congress”

This Week In Security: ToTok, Edgium, Chrome Checks Your Passwords, And More

January 3, 2020 by 11 Comments

Merry Christmas and happy New Year! After a week off, we have quite a few stories to cover, starting with an unexpected Christmas gift from Apple. Apple has run an invitation-only bug bounty program for years, but it only covered iOS, and the maximum payout topped out at $200K. The new program is open to the public, covers the entire Apple product lineup, and has a maximum payout of $1.5 million. Go forth and find vulnerabilities, and make sure to let us know what you find.

ToTok

The United Arab Emirates had an odd policy regarding VoIP communications. At least on mobile networks, it seems that all VoIP calls are blocked — unless you’re using a particular app: ToTok. Does that sound odd? Is your “Security Spider Sense” tingling? It probably should. The New York Times covered ToTok, claiming it was actually a tool for spying on citizens.

While that coverage is interesting, more meat can be found in [Patrick Wardle]’s research on the app. What’s most notable, however, is the distinct lack of evidence found in the app itself. Sure, ToTok can read your files, uploads your contact book to a centralized server, and tries to send the device’s GPS coordinates. This really isn’t too far removed from what other apps already do, all in the name of convenience.

It seems that ToTok lacks end-to-end encryption, which means that calls could be easily decrypted by whoever is behind the app. The lack of malicious code in the app itself makes it difficult to emphatically call it a spy tool, but it’s hard to imagine a better way to capture VoIP calls. Since those articles ran, ToTok has been removed from both the Apple and Google’s app stores.

SMS Keys to the Kingdom

Have you noticed how many services treat your mobile number as a positive form of authentication? Need a password reset? Just type in the six-digit code sent in a text. Prove it’s you? We sent you a text. [Joakim Bech] discovered a weakness that takes this a step further: all he needs is access to a single SMS message, and he can control your burglar alarm from anywhere. Well, at least if you have a security system from Alert Alarm in Sweden.

The control messages are sent over SMS, making them fairly accessible to an attacker. AES encryption is used for encryption, but a series of errors seriously reduces the effectiveness of that encryption. The first being the key. To build the 128-bit encryption key, the app takes the user’s four-digit PIN, and pads it with zeros, so it’s essentially a 13 bit encryption key. Even worse, there is no message authentication built in to the system at all. An attacker with a single captured SMS message can brute force the user’s PIN, modify the message, and easily send spoofed commands that are treated as valid.

Microsoft Chrome

You may have seen the news, Microsoft is giving up on their Edge browser code, and will soon begin shipping a Chromium based Edge. While that has been a source of entertainment all on its own, some have already begun taking advantage of the new bug bounty program for Chromium Edge (Edgium?). It’s an odd bounty program, in that Microsoft has no interest in paying for bugs found in Google’s code. As a result, only bugs in the Edge-exclusive features qualify for payout from Microsoft.

As [Abdulrahman Al-Qabandi] puts it, that’s a very small attack surface. Even so, he managed to find a vulnerability that qualified, and it’s unique. One of the additions Microsoft has made to Edgium is a custom new tab page. Similar to other browsers, that new tab page shows the user their most visited websites. The problem is that the site’s title is shown on that page, but without any sanity checking. If your site’s title field happens to include Javascript, that too is injected into the new tab page.

The full exploit has a few extra steps, but the essence is that once a website makes it to the new tab page, it can take over that page, and maybe even escape the browser sandbox.

Chrome Password Checkup

This story is a bit older, but really grabbed my attention. Google has rolled a feature out in Chrome that automatically compares your saved passwords to past data breaches. How does that work without being a security nightmare? It’s clever. A three-byte hash of each username is sent to Google, and compared to the hashes of the compromised accounts. A encrypted database of potential matches is sent to your machine. Your saved passwords, already encrypted with your key, is encrypted a second time with a Google key, and sent back along with the database of possible matches, also encrypted with the same Google key. The clever bit is that once your machine decrypts your database, it now has two sets of credentials, both encrypted with the same Google key. Since this encryption is deterministic, the encrypted data can be compared without decryption. In the end, your passwords aren’t exposed to Google, and Google hasn’t given away their data set either.

The Password Queue

Password changes are a pain, but not usually this much of a pain. A university in Germany suffered a severe malware infection, and took the precaution of resetting the passwords for every student’s account. Their solution for bootstrapping those password changes? The students had to come to the office in person with a valid ID to receive their new passwords. The school cited German legal requirements as a primary cause of the odd solution. Still, you can’t beat that for a secure delivery method.

Ask Hackaday: How Do You Keep The 3D Printer From Becoming EWaste

January 2, 2020 by 94 Comments

One thing we sometimes forget in our community is that many of the tecniques and machines that we take for granted are still something close to black magic for many outsiders. Here’s a tip: leave a 3D printer running next time you take a group of visitors round a hackerspace, and watch their reaction as a Benchy slowly emerges from the moving extruder. To us it’s part of the scenery, but to them it’s impossibly futuristic and their minds are blown.

Just because something says it's a Prusa i3, doesn't mean it is a Prusa i3.
Just because something says it’s a Prusa i3, doesn’t mean it is a Prusa i3.

Nearly 15 years after the dawn of the RepRap project we have seen a huge advancement in the capabilities of affordable 3D printers, and now a relatively low three-figure sum will secure a machine from China that will churn out prints whose quality would amaze those early builders. We’ve reached the point in our community at which many people are on their third or fourth printer, and this has brought with it an unexpected side-effect. Where once a hackerspace might have had a single highly prized 3D printer, now it’s not unusual to find a pile of surplus older printers on a shelf. My hackerspaces both have several, and it’s a sight I’ve frequently seen on my travels around others. Perhaps it’s a sign of a technology maturing when it becomes ewaste, and thus it seems affordable 3D printing has matured. Continue reading “Ask Hackaday: How Do You Keep The 3D Printer From Becoming EWaste”

Fail Of The Week: Ambitious Vector Network Analyzer Fails To Deliver

December 31, 2019 by 18 Comments

If you’re going to fail, you might as well fail ambitiously. A complex project with a lot of subsystems has a greater chance of at least partial success, as well as providing valuable lessons in what not to do next time. At least that’s the lemonade [Josh Johnson] made from his lemon of a low-cost vector network analyzer.

For the uninitiated, a VNA is a versatile test instrument for RF work that allows you to measure both the amplitude and the phase of a signal, and it can be used for everything from antenna and filter design to characterizing transmission lines. [Josh] decided to port a lot of functionality for his low-cost VNA to a host computer and concentrate on the various RF stages of the design. Unfortunately, [Josh] found the performance of the completed VNA to be wanting, especially in the phase measurement department. He has a complete analysis of the failure modes in his thesis, but the short story is poor filtering of harmonics from the local oscillator, unexpected behavior by the AD8302 chip at the heart of his design, and calibration issues. Confounding these issues was the time constraint; [Josh] might well have gotten the issues sorted out had the clock not run out on the school year.

After reading through [Josh]’s description of his project, which was a final-year project and part of his thesis, we feel like his rating of the build as a failure is a bit harsh. Ambitious, perhaps, but with a spate of low-cost VNAs coming on the market, we can see where he got the inspiration. We understand [Josh]’s disappointment, but there were a lot of wins here, from the excellent build quality to the top-notch documentation.