Hackaday Podcast 074: Stuttering Swashplate, Bending Mirrors, Chasing Curves, And Farewell To Segway

July 3, 2020 by Mike Szczys 5 Comments

Hackaday editors Elliot Williams and Mike Szczys recap a week of hacks. A telescope mirror that can change shape and a helicopter without a swashplate lead the charge for fascinating engineering. These are closely followed by a vibratory wind generator that has no blades to spin. The Open Source Hardware Association announced a new spec this week to remove “Master” and “Slave” terminology from SPI pin names. The Segway is no more. And a bit of bravery and rock solid soldering skills can resurrect that Macbook that has one dead GPU.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 074: Stuttering Swashplate, Bending Mirrors, Chasing Curves, And Farewell To Segway” →

This Week In Security: Palo Alto Scores A 10, Cursed Images, VM Escapes, And Malicious Music

July 3, 2020 by Jonathan Bennett 12 Comments

We’ve looked at many vulnerabilities over the years here on Hackaday, but it’s rather rare for a CVE to score a perfect 10 severity. This is reserved for the most severe and exploitable of problems. Palo Alto announced such a vulnerability, CVE-2020-2021, on the 29th. This vulnerability affects Palo Alto devices running PAN-OS that have SAML authentication enabled and a certain validation option disabled. The vulnerability is pre-authentication, but does require access to a service protected by SAML authentication. For example, a Palo Alto device providing a web-based VPN could be vulnerable. The good news is that the vulnerable settings aren’t default, but the bad news is that the official configuration guide recommends the vulnerable settings for certain scenarios, like using a third party authentication service.

The issue is in the Security Assertion Markup Language (SAML) implementation, which is an XML based open standard for authentication. One of the primary use cases for SAML is to provide a Single Sign On (SSO) scheme. The normal deployment of SAML SSO is that a central provider handles the authentication of users, and then asserts to individual services that the connecting user is actually who they claim to be.

The setting needed for this vulnerability to be exploitable is ‘Validate Identity Provider Certificate’ to be disabled. If this option is enabled, the SSO provider must use a CA signed SAML certificates. This doesn’t appear to mean that unsigned SSL certificates would be accepted, and only applies to certificates inside the SAML messages. It seems to be widely accepted that these certificates don’t need to be CA signed. In the official announcement, the vulnerability type is said to be “CWE-347 Improper Verification of Cryptographic Signature”. Continue reading “This Week In Security: Palo Alto Scores A 10, Cursed Images, VM Escapes, And Malicious Music” →

Inputs Of Interest: X-Bows Ergo-Mechanical Keyboard

July 2, 2020 by Kristina Panos 21 Comments

Okay, let’s just get this out of the way up front, shall we? This ergonomic mechanical keyboard was a free sample offered to me by X-Bows. They contacted me after I expressed interest in trying one in the comments of my post about the Kinesis Advantage. I had my doubts about this keyboard as far as my own personal ergonomic needs go, which are admittedly on the extreme side. TL;DR: I won’t be abandoning my curvy girls anytime soon. But I will say that I’m definitely impressed by the X-Bows.

X-Bows was founded by a doctor who saw a lot of RSI issues in programmers and writers and decided to take matters into his own hands. The keyboard was born on Kickstarter in 2017 and now comes in three models. They sent me the mid-range model called The Knight, which retails for $249, but seems to be on permanent sale for $199. The top-of-the-line Knight Plus has a magnetic, detachable 10-key that can attach to either side. Continue reading “Inputs Of Interest: X-Bows Ergo-Mechanical Keyboard” →

Why Are Digital Cameras Still Boring?

July 1, 2020 by Jenny List 102 Comments

In the matter of technological advancement, we are as a species, mostly insatiable. The latest toy, the fastest silicon, the largest storage, the list goes on. Take digital cameras as an example, what was your first one? Mine was a Casio QV200 in about 1997, I still have it somewhere though I can’t immediately lay my hands on it, and it could hold a what was for its time a whopping 64 VGA-resolution pictures in its 4Mb of onboard memory.

The QV200 showing off its VGA photography capabilities. It’s March 1998, and this is a brand-new PlayStation that I’m about to install a mod chip inside.

It’s a shock to realise that nearly a quarter century has passed since then, and its fixed-focus 640×480 camera module with a UV-sensitive CMOS sensor that gave everything a slight blue tint would not even grace the cheapest of feature phones in 2020. Every aspect of a digital camera has improved beyond measure since the first models in the 1980s and early 1990s that started to resemble what we’d know today as a standalone digital camera, they have near-limitless storage, excellent lenses, huge and faithfully-reproducing sensors, and broadcast-quality video capability.

But how playful have camera manufacturers been with the form factor? We see reporters in sci-fi movies toting cameras that look nothing like their film-based ancestors. What do our real-life digital cameras have on offer as far as creative body design goes?

Continue reading “Why Are Digital Cameras Still Boring?” →

Your Own Open Source ASIC: SkyWater-PDK Plans First 130 Nm Wafer In 2020

June 30, 2020 by Al Williams 51 Comments

You might have caught Maya Posch’s article about the first open-source ASIC tools from Google and SkyWater Technology. It envisions increased access to make custom chips — Application Specific Integrated Circuits — designed using open-source tools, and made real through existing chip fabrication facilities. My first thought? How much does it cost to tape out? That is, how do I take the design on my screen and get actual parts in my hands? I asked Google’s Tim Ansel to explain some more about the project’s goals and how I was going to get my parts.

The goals are pretty straightforward. Tim and his collaborators would like to see hardware open up in the same way software has. The model where teams of people build on each other’s work either in direct collaboration or indirectly has led to many very powerful pieces of software. Tim’s had some success getting people interested in FPGA development and helped produce open tools for doing so. Custom ASICs are the next logical step.

Continue reading “Your Own Open Source ASIC: SkyWater-PDK Plans First 130 Nm Wafer In 2020” →

LED Art Hack Chat

June 29, 2020 by Dan Maloney 1 Comment

Join us on Wednesday, July 1 at noon Pacific for the LED Art Hack Chat with Aaron Oppenheimer!

From the first time humans crawled into a cave with a bit of charcoal to sketch scenes from the world around them, artists have been searching for new media and new ways to express themselves. Natural products ruled for thousands of years, with pigments stolen or crafted from nature as well as wood, ivory, bone, and stone for carving. Time and experience guided our ancestors to new and better formulations and different materials, to the point that what qualifies as art and what we’d normally think of as technology have, in many cases, blended into one, with the artist often engineering projects of mammoth proportions and breathtaking beauty.

Aaron Oppenheimer co-founded color+light, a company that specializes in large-scale custom art installations for companies like Google, Nike, and Nissan. One of their projects, the “Oddwood Tree”, is displayed alongside other gigantic art pieces at Area15 on the Las Vegas strip. His most recent project, fluora, is a digital houseplant, with addressable LEDs in the leaves that can be controlled by a smartphone app or respond to stimuli in the environment.

Aaron will join us on the Hack Chat to discuss the LED as artistic medium. Join us as we learn what it takes to make enormous art that’s strong enough to interact with yet responsive enough to be engaging.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 1 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Continue reading “LED Art Hack Chat” →

Linux-Fu: Parallel Universe

June 29, 2020 by Al Williams 38 Comments

At some point, you simply run out of processing power. Admittedly, that point keeps getting further and further away, but you can still get there. If you run out of CPU time, the answer might be to add more CPUs. However, sometimes there are other bottlenecks like memory or disk space. However, it is also likely that you have access to multiple computers. Who doesn’t have a few Raspberry Pis sitting around their network? Or maybe a server in the basement? Or even some remote servers “in the cloud.” GNU Parallel is a tool that lets you spread work across multiple tasks either locally to remote machines. In some ways, it is simple, since it looks sort of like xargs but with parallel execution. On the other hand, it has myriad options and configurations that can make it a little daunting to use. Continue reading “Linux-Fu: Parallel Universe” →