New Contest: Beautiful Hardware

July 2, 2019 by Mike Szczys 13 Comments

We all have awesome hardware projects to show off. Great photos of them are how you unlock the excitement others see in your work. Whether you’re using a DSLR or the camera in your smartphone, it’s not difficult to capture an amazing picture of the project you pour so much effort into. We want you to unleash your photography skills for the Beautiful Hardware contest. Show us your epic hardware photos and win prizes.

The Skeleton Watch by Mile is a great example of superb photography. Excellent framing, focus, and color make it great.

The only real barrier between us and superb hardware photos is having an eye for framing your shots, and a few simple tricks to get everything else right. Think about good lighting, shooting with an interesting background, framing off to the side and at an angle (as just one example) for more interest, and spending a few moments with an image editor to complement what the camera captured. With this contest, we want you to take those tricks for a spin on your own workbench.

Lee Wilkins put together a simple guide to get you going with spectacular hardware photography. From the basics of photography and the tricks used for making product hype photos, to capturing great images of LEDs and getting the colors just right, this is a comprehensive quickstart. There’s even a collection of great examples to strive for.

There are three top prizes of $100 cash waiting for you. Just start a new project on Hackaday.io and upload the finest photos you can take of some fun hardware. In the left sidebar of that project use the “Submit project to…” menu to enter it in the Beautiful Hardware contest.

Ask Hackaday: How Can You Build For A Ten Millennia Lifespan?

July 1, 2019 by Al Williams 97 Comments

There’s been a lot of news lately about the Long Now Foundation and Jeff Bezos spending $42 million or so on a giant mechanical clock that is supposed to run for 10,000 years. We aren’t sure we really agree that it is truly a 10,000 year clock because it draws energy — in part — from people visiting it. As far as we can tell, inventor Danny Hills has made the clock to hoard energy from several sources and occasionally chime when it has enough energy, so we aren’t sure how it truly sustains itself. However, it did lead us to an interesting question: how could you design something that really worked for 10,000 years?

Continue reading “Ask Hackaday: How Can You Build For A Ten Millennia Lifespan?” →

Hackaday Links: June 30, 2019

June 30, 2019 by Brian Benchoff 31 Comments

In our continuing series of, ‘point and laugh at this guy’, I present a Kickstarter for the, “World’s First Patented Unhackable Computer Ever”. It’s also a real web site and there’s even a patent (US 10,061,923, not showing up on Google Patents for some reason), and a real product: you can get an unhackable laptop, and you can get it in either space gray or gold finish. This gets fun when you actually dig into the patent; it appears this guy invented protected memory, with one section of memory dedicated to the OS, and another dedicated to the browser. This is a valid, live patent, by the way.

The 2019 New York Maker Faire is off. Yeah, it says it’s still going to happen on the website, but trust me, it’s off, and you can call the New York Hall of Science to confirm that for yourself. Maker Media died recently, and there will be no more ‘Flagship’ Maker Faires. That doesn’t mean the ‘mini’ and ‘featured’ Maker Faires are dead, though: the ‘Maker Faire’ trademark is simply licensed out to those organizers. In the next few weeks, there is going to be a (mini) Maker Faire in Coeur d’Alene, Idaho, Gilroy, California, Edmonton, Alberta, Kingsport Tennessee, and a big ‘ol one in Detroit. This raises an interesting question: where is the money for the licensing going? I’m sure some Mini Maker Faire organizers are reading this; have your checks been cashed? What is the communication with Maker Media like?

Just because you can, doesn’t mean you should. It’s valuable words of wisdom like that and can apply to many things. Commenting on blog posts, for example. Yes, you can throw sticks at a wasp’s nest, that doesn’t mean you should. Yes, you can 3D print Heely adapters for your shoes, but it doesn’t mean you should. It does look dope, though and you’re automatically a thousand times cooler than everyone else.

The C64 Mini is a pocket-sized Linux device with an HDMI port meant to play C64 games. There were high hopes when the C64 Mini was announced, but it turned out the keyboard isn’t actually a mini keyboard. Now someone had the good sense to combine one of these ‘smartphone chips running an emulator in a retro case’ products with a full-sized keyboard. The C64 will be around by Christmas, and yeah, it has a full working keyboard.

Mitch Altman Mentors Manufacturing With Hackaday Prize Expert Session

June 28, 2019 by Brian Benchoff 7 Comments

For whatever you have built, there is someone who has done it longer, and knows more about it. That is the basic premise of expertise, and for this year’s Hackaday Prize we’re rolling out with a series of mentor sessions. These are master classes that match up experts in product development with the people behind the projects in the Hackaday Prize. We’ve been recording all of these so everyone can benefit from the advice, guidance, and mentorship presented in these fantastic recordings.

Mitch Altman is someone who should be very familiar to all Hackaday readers. He’s the inventor of the TV-B-Gone, that wonderful device that simultaneously turns you into a hero and a villain in any sports bar. He’s the President and CEO of Cornfield Electronics and co-founder of the Noisebridge hackerspace in San Francisco. Mitch is an author and teacher, and seems to be at just about every conference and workshop around the world promoting hackerspaces, Open Source hardware, and mentorship where ever he goes.

The first hardware creator to meet Mitch is Matt Bradshaw, creator of the DrumKid. This is a pocket-sized drum machine that is heavily inspired by Teenage Engineering’s Pocket Operators. Years ago, Matt built a web app that generated drum tracks, and this project is simply taking that idea into the physical realm. For Mitch, this is well-tread territory; years ago, Mitch also built an Arduino-based synth, and for the most part, both Mitch and Matt’s projects are remarkably similar. There were, however, some improvements to be made with Matt’s circuit. The power supply was two AAA batteries and a switching regulator that introduced noise and added cost. Mitch suggested that the ATMega328 could be run directly from three AA batteries reducing the cost and the noise.

eAgrar, a system for monitoring conditions of plants and weather conditions at agricultural fields

The next project up for review is eAgrar, a system for monitoring conditions of plants and the weather in fields. This project comes from Slaven Damjanovic and Marko Čalić. They’ve been developing this device for almost two years building the entire system around the ATMega328. Slaven ran into a problem with this chip in that he didn’t have enough inputs and outputs. The firmware is already written, but thanks to the Arduino IDE, there’s no reason to keep using that ATMega. Mitch suggested using an STM32 or another ARM core. That’s what he’s using for one of his synthesizer projects, and you get more than enough inputs and outputs for the same price as an ATMega.

Finally, we come to Joseph, with his project, the Pilates Reformer. A Pilates Reformer is a bit of exercise equipment that’s only made by three companies and everything costs thousands of dollars. Joseph is bringing that cost down, but there’s a problem: how do you build a hundred or two hundred of these? Mitch suggested simply finding another manufacturer that could build this design, and not necessarily one that builds Pilates machines. This makes sense — if all you’re doing is cutting and connecting structural beams, any manufacturer can do this, that’s what manufacturers do.

This is the third in our series of Hackaday Prize mentor sessions this year, and we have far more we need to edit, and many more we need to record. That doesn’t mean you can’t get help from experts from your prize entry; we’re looking for people who need help with their project and we have a lot of mentors willing to dispense advice. If you’re interested in having someone look over your shoulder, sign up your entry.

Continue reading “Mitch Altman Mentors Manufacturing With Hackaday Prize Expert Session” →

Hackaday Podcast 025: Of Cheese Graters, Fauxberries, Printed Gears, Power Latching, And Art-Loving AI

June 28, 2019 by Mike Szczys 3 Comments

Hackaday Editors Mike Szczys and Elliot Williams dish their favorite hacks from the past week. Seems like everyone is trying to mill their own Mac Pro grille and we love seeing how they go about it. Elliot is gaga over a quintet of power latching circuits, Mike goes crazy for a dough sheeter project, and we dig through the news behind methane on Mars, the Raspberry Pi 4 release, and spoofing Presidential text alerts with SDR. If you like mini-keyboards you need to see the Fauxberry, Artificial Intelligence became an art critic this week, and poorly-lit rooms have been solved with a massive mirror system.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

And note: next week we’re taking a break to go outside and shoot off some 4th of July fireworks, so there will be no podcast and you’ve got some time to listen through our 24 previous episodes for anything you’ve missed. You’ll hear from us again the week after.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 025: Of Cheese Graters, Fauxberries, Printed Gears, Power Latching, And Art-Loving AI” →

This Week In Security: Invalid Curve Attacks, OpenSSH Shielded, And More Details On Coinbase

June 28, 2019 by Jonathan Bennett 19 Comments

AMD Epyc processors support Secure Encrypted Virtualization (SEV), a technique that prevents even a hypervisor reading memory belonging to a virtual machine. To pull this off, the encryption and decryption is handled on the fly by the Platform Security Processor (PSP), which is an ARM core that handles processor start-up and many security features of modern AMD processors. The vulnerability announced this week is related to the encryption scheme used. The full vulnerability is math heavy, and really grokking it requires a deeper understanding of elliptical curve cryptography (ECC) than your humble author currently possesses.

During the process of starting a virtual machine, the VM process goes through a key-sharing process with the PSP, using an ECC Diffie-Hellman key exchange. Rather than raising prime numbers to prime exponents, an ECC-DH process bounces around inside an elliptical curve in order to find a shared secret. One of the harder problems to solve when designing an ECC based cryptographic system, is the design of the curve itself. One solution to this problem is to use a published curve that is known to be good. AMD has taken this route in their SEV feature.

The attack is to prime the key exchange with invalid data, and observing the shared key that is generated. A suitably simple initial value will leak information about the PSP’s secret key, allowing an attacker to eventually deduce that key and decrypt the protected memory. If you’d like to bone up on invalid curve attacks, here’s the seminal paper. (PDF)

OpenSSH Shielding

[Damien Miller] of OpenSSH was apparently tired of seeing that project tied to vulnerabilities like Rambleed and Rowhammer, so added a technique he’s calling key-shielding. OpenSSH now encrypts private keys in memory using a 16 kB pre-key. While an attacker with full knowledge of the process’s memory wouldn’t be deterred, the error rate of Rambleed and similar attacks is high enough that the 16 kB of randomness is likely to thwart the attempt to recover the secret key.

Firefox and Coinbase

We mentioned Firefox vulnerabilities and updates last week, and as anticipated, more information is available. [Philip Martin] from Coinbase shared more information on Twitter. Coinbase employees, as well as other cryptocurrency companies, were targeted with fishing emails. These lured employees to a malicious page that attempted to exploit a pair of Firefox vulnerabilities. Coinbase has a security system in place that was able to prevent the exploit, and their security team was able to reverse engineer the attack.

The first vulnerability has been dissected in some detail by a Google security researcher. It’s a weakness in Firefox’s Javascript engine related to type handling. An object is created with one data type, and when that data is changed to another type, not all the data handlers are appropriately updated. Under the hood, a value is assumed to be a pointer, but is actually a double-length value, controlled by the attacker.

The second vulnerability is in the functions used to prompt for user interaction. Specifically the call to “Prompt:Open” isn’t properly validated, and can result in the un-sandboxed Firefox process loading an arbitrary web location. I suspect the sandbox escape is used to run the initial exploit a second time, but this time it’s running outside the sandbox.

Odds and Ends

[Tom] wrote a great intro into how to Impersonate The President With Consumer-Grade SDR, go check it out!

Another city, more ransomware. Riviera Beach, Florida was hit with a ransomware attack, and paid $600,000 in an attempt to get their data back. For a city of 35,000 inhabitants, that’s $17.14 in ransom per man, woman, and child. According to the linked article, though, the city was insured.

Brett Smith Makes Your Life Easier With Hidden Microcontroller Features

June 27, 2019 by Jenny List 37 Comments

There was a time when microprocessors were slow and expensive devices that needed piles of support chips to run, so engineers came up with ingenious tricks using extra hardware preprocessing inputs to avoid having to create more code. It would be common to find a few logic gates, a comparator, or even the ubiquitous 555 timer doing a little bit of work to take some load away from the computer, and engineers learned to use these components as a matter of course.

The nice thing is that many of these great hardware hacks have been built into modern microcontrollers through the years. The problem is you know to know about them. Brett Smith’s newly published Hackaday Superconference talk, “Why Do It The Hard Way?”, aims to demystify the helpful hardware lurking in microcontrollers.

Join us below for a deeper dive and the embedded video of this talk. Supercon is the Ultimate Hardware con — don’t miss your chance to attend this year, November 15-17 in Pasadena, CA.

Continue reading “Brett Smith Makes Your Life Easier With Hidden Microcontroller Features” →