3D Printering: Getting Started Is (Still) Harder Than It Needs To Be

March 5, 2020 by Donald Papp 83 Comments

Stop me if this sounds familiar. You are interested in 3D printing but lacked a clear idea of what was involved. Every time you looked into it, it returned to the back burner because after spending your limited free time researching, it still looked like a part time job just to get up to speed on the basics. If this is you, then you’re exactly the reason I say the following: despite 3D printing being more accessible than ever, getting started remains harder than it needs to be. It’s a shame, because there are smart, but busy, people just waiting for that to change.

A highly technical friend and colleague of mine had, off and on, been interested in 3D printing for some time. He had questions, but also didn’t have a very good understanding of the basics because it’s clumsy and time-consuming to research something when one doesn’t even know the right terms.

I told him to video call me. Using my phone I showed him the everyday process, from downloading a model to watching the first layer get put down by the printer. He had researched getting started before, but our call was honestly the first time he had ever seen a 3D printer’s actual workflow, showing hands-on what was involved from beginning to end. It took less than twenty minutes to give him a context into which he could fit everything else, and from where he felt comfortable seeking more information. I found out later, when I politely inquired whether he had found our talk useful, that he had ordered a Prusa MK3S printer later that same day.

It got me thinking. What from our call was important and useful, but not available elsewhere? And why not?

Continue reading “3D Printering: Getting Started Is (Still) Harder Than It Needs To Be” →

Inputs Of Interest: My First Aggressively Ergonomic Keyboard

March 3, 2020 by Kristina Panos 59 Comments

Ever since my RSI surgery, I’ve had to resort to using what I call my compromise keyboard — a wireless rubber dome affair with a gentle curvature to the keys. It’s far from perfect, but it has allowed me to continue to type when I thought I wouldn’t be able to anymore.

This keyboard has served me well, but it’s been nearly three years since the surgery, and I wanted to go back to a nice, clicky keyboard. So a few weeks ago, I dusted off my 1991 IBM Model M. Heck, I did more than that — I ordered a semi-weird hex socket (7/32″) so I could open it up and clean it properly.

And then I used it for half a day or so. It was glorious to hear the buckling springs singing again, but I couldn’t ignore the strain I felt in my pinkies and ring fingers after just a few hours. I knew I had to stop and retire it for good if I wanted to keep being able to type.

Continue reading “Inputs Of Interest: My First Aggressively Ergonomic Keyboard” →

The Last Scientific Calculator?

March 2, 2020 by Al Williams 107 Comments

There was a time when being an engineering student meant you had a sword. Well, really it was a slide rule hanging from your belt, but it sounds cooler to call it a sword. The slide rule sword gave way to calculators hanging from your belt loop, and for many engineers that calculator was from HP. Today’s students are more likely to have a TI or Casio calculator, but HP is still in there with the HP Prime. It is hard to call it a calculator since the latest variant has a 528 MHz ARM Cortex A7, 256 MB of RAM, and 512 MB of ROM. But if you can’t justify a $150 calculator, there are some cheap and even free options out there to get the experience. To start with, HP has a free app that runs on Windows or Mac that works just like the calculator. Of course, that’s free as in no charge, not free as in open source. But still, it will run under Wine with no more than the usual amount of coaxing.

You might wonder why you need a calculator on your computer, and perhaps you don’t. However, the HP Prime isn’t just your 1980s vintage calculator. It also has an amazing number of applications including a complete symbolic math system based on xCAS/Giac. It is also programmable using a special HP language that is sort of like Basic or Pascal. Other applications include plotting, statistics, solvers, and even a spreadsheet that can hold up to 10,000 rows and 676 columns.

Portability

It is easy to think that HP provides the free PC software so you’ll go out and buy the real calculator, and that may be part of it. However, you can also get official apps for Android and iOS. They aren’t free, but they are relatively inexpensive. On iOS the cost right now is $25 and on Android it is $20. There are also “lite” versions that are free.

Continue reading “The Last Scientific Calculator?” →

On-Demand Manufacturing Hack Chat

March 2, 2020 by Dan Maloney 5 Comments

Join us on Wednesday, March 4 at noon Pacific for the On-Demand Manufacturing Hack Chat with Dan Emery!

The classical recipe for starting a manufacturing enterprise is pretty straightforward: get an idea, attract investors, hire works, buy machines, put it all in a factory, and profit. Things have been this way since the earliest days of the Industrial Revolution, and it’s a recipe that has largely given us the world we have today, for better and for worse.

One of the downsides of this model is the need for initial capital to buy the machines and build the factory. Not every idea will attract the kind of money needed to get off the ground, which means that a lot of good ideas never see the light of day. Luckily, though, we live in an age where manufacturing is no longer a monolithic process. You can literally design a product and have it tested, manufactured, and sold without ever taking one shipment of raw materials or buying a single machine other than the computer that makes this magic possible.

As co-founder of Ponoko, Dan Emery is in the thick of this manufacturing revolution. His company capitalizes on the need for laser cutting, whether it be for parts used in rapid prototyping or complete production runs of cut and engraved pieces. Their service is part of a wider ecosystem that covers almost every additive and subtractive manufacturing process, including 3D-printing, CNC machining, PCB manufacturing, and even final assembly and testing, providing new entrepreneur access to tools and processes that would have once required buckets of cash to acquire and put under one roof.

Join us as we sit down with Derek and discuss the current state of on-demand manufacturing and what the future holds for it. We’ll talk about Ponoko’s specific place in this ecosystem, and what role outsourced laser cutting could play in getting your widget to market. We’ll also take a look at how Ponoko got started and how it got where it is today, as well as anything else that comes up.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, March 4 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links: March 1, 2020

March 1, 2020 by Dan Maloney 16 Comments

Talk about buried treasure: archeologists in Germany have – literally – unearthed a pristine Soviet spy radio, buried for decades outside of Cologne. While searching for artifacts from a Roman empire settlement, the archeologists found a pit containing the Soviet R-394KM transceiver, built in 1987 and apparently buried shortly thereafter without ever being used. It was found close to a path in the woods and not far from several sites of interest to Cold War-era spies. Curiously, the controls on the radio are labeled not in Cyrillic characters, but in the Latin alphabet, suggesting the radio was to be used by a native German speaker. The area in which it was found is destined to be an open-cast lignite mine, which makes us think that other Cold War artifacts may have fallen victim to the gore-covered blades of Bagger 288.

Good news for Betelgeuse fans, bad news for aficionados of cataclysmic cosmic explosions: it looks like the red giant in Orion isn’t going to explode anytime soon. Betelgeuse has been dimming steadily and rapidly since October of 2019; as a variable star such behavior is expected, but the magnitude of its decline was seen by some astronomers as a sign that the star was reaching the point in its evolution where it would go supernova. Alas, Betelgeuse started to brighten again right on schedule, suggesting that the star is not quite ready to give up the ghost. We’d have loved to witness a star so bright it rivals the full moon, but given the times we live in, perhaps it’s best not to have such a harbinger of doom appear.

If you plan to be in the Seattle area as the winter turns to spring, you might want to check out the Vintage Computer Fair Pacific Northwest. We visited back during the show’s first year and had a good time, and the Living Computers: Museum + Labs, where the event is held, is not to be missed. The Museum of Flight is supposed to be excellent as well, and not far away.

Mozilla announced this week that Firefox would turn on DNS over HTTPS (DoH) by default in the United States. DoH encrypts the DNS requests that are needed to translate a domain name to an IP address, which normally travel in clear text and are therefore easily observed. Easily readable DNS transactions are also key to content blockers, which has raised the hackles of regulators and legislators over the plan, who are singing the usual “think of the children” song. That DoH would make user data collection and ad-tracking harder probably has nothing to do with their protests.

And finally, sad news from California as daredevil and amateur rocketeer “Mad” Mike Hughes has been killed in a crash of his homemade rocket. The steam-powered rocket was to be a follow-up to an earlier, mostly successful flight to about 1,900 feet (580 m), and supposed to reach about 5,000 feet (1.5 km) at apogee. But in an eerily similar repeat of the mishap that nearly killed Evel Knievel during his Snake River Canyon jump in 1974, Mike’s parachute deployed almost as soon as his rocket left the launch rails. The chute introduced considerable drag before being torn off the rocket by the exhaust plume. The rocket continued in a ballistic arc to a considerable altitude, but without a chute Mike’s fate was sealed. Search for the video at your own peril, as it’s pretty disturbing. We never appreciated Mike’s self-professed Flat Earth views, but we did like his style. We suppose, though, that such an ending was more likely than not.

This Week In Security: Chrome Bugs And Non-bugs, Kr00k, And Letsencrypt

February 28, 2020 by Jonathan Bennett 20 Comments

Google Chrome minted a new release to fix a trio of bugs on Monday, with exploit code already in the wild for one of them. The first two bugs don’t have much information published yet. They are an integer-overflow problem in Unicode internationalization, and a memory access issue in streams. The third issue, type confusion in V8, was also fixed quietly, but a team at Exodus Intel took the time to look at the patches and figure out what the problem was.

The actual vulnerability dives into some exotic Javascript techniques, but to put it simply, it’s possible to change a data-type without V8 noticing. This allows malicious code to write into the header area of the attacked variable. The stack, now corrupted, can be manipulated to the point of arbitrary code execution. The researchers make the point that even with Google’s fast-paced release schedule, a determined attacker could have several days of virtual zero-day exploitation of a bug mined from code changes. Story via The Register.

The Chrome Problem that Wasn’t

A second Chrome story came across my desk this week: Chrome 80 introduces a new feature, ScrollToTextFragment. This useful new feature allows you to embed a string of text in a URL, and when loading that address, Chrome will scroll the page to make that text visible. For certain use cases, this is an invaluable feature. Need to highlight a specific bit of text in a big document online?

The following bookmarklet code by [Paul Kinlan] is the easy way to start using this feature. Paste this code into the URL of a bookmark, put it on the bookmark bar, highlight some text in a webpage, and then run the bookmarklet. It should open a new tab with the new URL, ready to use or send to someone.

javascript:(function()%7Bconst%20selectedText%20%3D%20getSelection().toString()%3Bconst%20newUrl%20%3D%20new%20URL(location)%3BnewUrl.hash%20%3D%20%60%3A~%3Atext%3D%24%7BencodeURIComponent(selectedText)%7D%60%3Bwindow.open(newUrl)%7D)()

Since we’re talking about it in the security column, there must be more to the story. A privacy guru at Brave, [Peter Snyder], raised concerns about privacy implications of the feature. His argument has been repeated and misrepresented in a few places. What argument was he making? Simply put, that it’s not normal user behavior to immediately scroll to an exact position on the page. Because modern web pages and browsers do things like deferred loading of images, it could be possible to infer where in the page the link was pointing. He gives the example of a corporate network where DNS is monitored. This isn’t suggesting that the entire URL is leaked over DNS, but rather that DNS can indicate when individual components of a page are loaded, particularly when they are embedded images from other sites.

While this concern isn’t nonsensical, it seems to me to be a very weak argument that is being over-hyped in the press.

Whatsapp Groups Searchable on Google

It’s not new for search engines to index things that weren’t intended to be public. There is a bit of mystery surrounding how Google finds URLs to index, and StackExchange is full of plenty of examples of webadmins scratching their heads at their non-public folders showing up in a Google search.

That said, a story made the rounds in the last few days, that WhatsApp and Telegram group invites are being indexed by Google. So far, the official word is that all the indexed links must have been shared publicly, and Google simply picked them up from where they were publicly posted.

It appears that WhatsApp has begun marking chat invitation links as “noindex”, which is a polite way to ask search engines to ignore the link.

If it’s shown that links are getting indexed without being posted publicly online, then we have a much bigger story. Otherwise, everything is working as expected.

Letsencrypt Makes Attacks Harder

Letsencrypt has rolled out an invisible change to their validation process that makes a traffic redirection attack much harder. The new feature, Multi-Perspective Validation, means that when you verify your domain ownership, Letsencrypt will test that verification from multiple geographic regions. It might be possible to spoof ownership of a domain through a BGP attack, but that attack would be much harder to pull off against traffic originating from another country, or multiple countries simultaneously. Letsencrypt is currently using different regions of a single cloud, but plans to further diversify and use multiple cloud providers for even stronger validation.

Kr00k

Brought to us by the researchers at Eset, Krook (PDF) is a simple flaw in certain wireless chips. So far, the flaw seems to be limited to WPA2 traffic sent by Broadcom and Cypress chips. They discovered Kr00k while doing some followup research on KRACK.

Let’s talk about WPA2 for a moment. WPA2 has a 4-way handshake process that securely confirms that both parties have the shared key, and then establishes a shared Temporal Key, also known as a session key. This key is private between the two devices that performed the handshake, meaning that other devices on the same wireless network can’t sniff traffic sent by other devices.

When a device disconnects, or disassociates, that session key is reset to all 0s, and no packets should be sent until another handshake is performed. Here’s the bug: The packets already in the output buffer are still sent, but are encrypted with the zeroed key, making them trivially decrypted. As it’s simple to trigger deauthentication events, an attacker can get a sampling of in-the-clear packets. The ubiquity of TLS is a saving grace here, but any unencrypted traffic is vulnerable. Eset informed vendors about the flaw in 2019, and at least some devices have been patched.

Exchange

Microsoft Exchange got a security patch this past Tuesday that addressed a pair of bugs that together resulted in a remote code execution vulnerability. The first bug was an encryption key that is generated on Exchange server installation. That generation seemed to lack a good source of entropy, as apparently every Exchange install uses the the exact same key.

The second half of this bug is a de-serialization problem, where an encrypted payload can contain a command to run. Because the encryption key is known, any user can access the vulnerable endpoint. The process of exploitation is so trivial, be sure to patch your server right away.

TODO: Remove Vulnerabilities

This one is just humorous. An Intel virtualization feature appears to have been pushed into the Linux kernel before it was finished. Know what unfinished code tends to contain? Bugs and vulnerabilities. CVE-2020-2732, in this case. It’s unclear how exactly an exploit would work, but the essence is that a virtual guest is allowed to manipulate system state in unintended ways.

Hackaday Podcast 056: Cat Of 9 Heads, Robot Squats, PhD In ESP32, And Did You Hear About Sonos?

February 28, 2020 by Mike Szczys No comments

Hackaday editors Elliot Williams and Mike Szczys gab on great hacks of the past week. Did you hear that there’s a new rev of the Pi 4 out there? We just heard… but apparently it’s release into the wild was months ago. Fans of the ESP8266 are going to love this tool that flashes and configures the board, especially for Sonoff devices. Bitluni’s Supercon talk was published this week and it’s a great roadmap of all the things you should try to do with an ESP32. Plus we take on the Sonos IoT speaker debacle and the wacky suspension system James Bruton’s been building into his humanoid robot.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 056: Cat Of 9 Heads, Robot Squats, PhD In ESP32, And Did You Hear About Sonos?” →

Hackaday