Hackaday Podcast 036: Camera Rig Makes CNC Jealous, Become Your Own Time Transmitter, Pi HiFi With 80s Vibe, DJ Xiaomi

September 20, 2019 by Mike Szczys 5 Comments

Hackaday Editors Elliot Williams and Mike Szczys work their way through a fantastic week of hacks. From a rideable tank tread to spoofing radio time servers and from tune-playing vacuum cleaners to an epic camera motion control system, there’s a lot to get caught up on. Plus, Elliot describes frequency counting while Mike’s head spins, and we geek out on satellite optics, transistor-based Pong, and Jonathan Bennett’s weekly security articles.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 036: Camera Rig Makes CNC Jealous, Become Your Own Time Transmitter, Pi HiFi With 80s Vibe, DJ Xiaomi” →

This Week In Security: Zeroconf Strikes Again, Lastpass Leaks Your Last Password, And All Your Data Is Belong To Us

September 20, 2019 by Jonathan Bennett 18 Comments

VoIP cameras, DVRs, and other devices running the Web Services Dynamic Discovery (WSDD) protocol are being used in a new type of DDoS attack. This isn’t the first time a zeroconf service has been hijacked as part of a DDoS, as UPnP has also been abused in similar ways.

Feel like alphabet soup yet? A Denial of Service attack is one where the target is simply made unavailable, rather than actually compromised. The classic example of this is the SYN flood, where an attacker would open hundreds of connections to a web server at once, exhausting the server’s resources and interrupting legitimate use of that server. As mitigations for these attacks were developed (SYN Cookies, for example), DoS attacks were replaced by Distributed Denial of Service (DDOS) attacks. Rather than attack a weakness on the target machine, like available RAM or CPU cycles, a DDoS generally targets available network bandwidth by hitting the target website from many, many locations at once. No clever software tricks can help when your Internet connection is fully saturated with junk traffic. Continue reading “This Week In Security: Zeroconf Strikes Again, Lastpass Leaks Your Last Password, And All Your Data Is Belong To Us” →

Pictorial Guide To The Unofficial Electronic Badges Of DEF CON 27

September 19, 2019 by Mike Szczys 15 Comments

DEF CON has become the de facto showplace of the #Badgelife movement. It’s a pageant for clever tricks that transform traditional green rectangular circuit boards into something beautiful, unique, and often times hacky.

Today I’ve gathered up about three dozen badge designs seen at DC27. It’s a hint of what you’ll see in the hallways and meetups of the conference. From hot-glue light pipes and smartphone terminal debugging consoles to block printing effects and time of flight sensors, this is a great place to get inspiration if you’re thinking of trying your hand at unofficial badge design.

If you didn’t catch “The Badgies” you’ll want to go back and read that article too as it rounds up the designs I found to be the craziest and most interesting including the Car Hacking Village, Space Force, SecKC, DC503, and Frankenbadge. Do swing by the Hands-On articles for the AND!XOR badge and for [Joe Grand’s] official DC27 badge. There was also a lot of non-badge hardware on display during Hackaday’s Breakfast at DEF CON so check out that article as well.

Enough preamble, let’s get to the badges!

Continue reading “Pictorial Guide To The Unofficial Electronic Badges Of DEF CON 27” →

What’s In A Name? Tales Of Python, Perl, And The GIMP

September 18, 2019 by Sven Gregori 58 Comments

In the older days of open source software, major projects tended to have their Benevolent Dictators For Life who made all the final decisions, and some mature projects still operate that way. Guido van Rossum famously called his language “Python” because he liked the British comics of the same name. That’s the sort of thing that only a single developer can get away with.

However, in these modern times of GitHub, GitLab, and other collaboration platforms, community-driven decision making has become a more and more common phenomenon, shifting software development towards democracy. People begin to think of themselves as “Python programmers” or “GIMP users” and the name of the project fuses irrevocably with their identity.

What happens when software projects fork, develop apart, or otherwise change significantly? Obviously, to prevent confusion, they get a new name, and all of those “Perl Monks” need to become “Raku Monks”. Needless to say, what should be a trivial detail — what we’ve all decided to call this pile of ones and zeros or language constructs — can become a big deal. Don’t believe us? Here are the stories of renaming Python, Perl, and the GIMP.

Continue reading “What’s In A Name? Tales Of Python, Perl, And The GIMP” →

Linux Fu: Shell Scripts In C, C++, And Others

September 17, 2019 by Al Williams 44 Comments

At first glance, it might not seem to make sense to write shell scripts in C/C++. After all, the whole point to a shell script is to knock out something quick and dirty. However, there are cases where you might want to write a quick C program to do something that would be hard to do in a traditional scripting language, perhaps you have a library that makes the job easier, or maybe you just know C and can knock it out faster.

While it is true that C generates executables, so there’s no need for a script, usually, the setup to build an executable is not what you want to spend your time on when you are just trying to get something done. In addition, scripts are largely portable. But sending an executable to someone else is fairly risky — but your in luck because C shell scripts can be shared as… well, as scripts. One option is to use a C interpreter like Cling. This is especially common when you are using something like Jupyter notebook. However, it is another piece of software you need on the user’s system. It would be nice to not depend on anything other than the system C compiler which is most likely gcc.

Luckily, there are a few ways to do this and none of them are especially hard. Even if you don’t want to actually script in C, understanding how to get there can be illustrative.

Continue reading “Linux Fu: Shell Scripts In C, C++, And Others” →

Trill: Easy Positional Touch Sensors For Your Projects

September 16, 2019 by Ted Yapo 8 Comments

Creating capacitive touch-sensitive buttons is easy these days; many microcontrollers have cap-sense hardware built-in. This will work for simple on/off control, but what if you want a linear, position-sensitive input, like you’d find on a computer touchpad or your smartphone screen? Not so easy — at least until now. Trill is a family of capacitive touch sensors you can add to your projects as a linear slider, a square touchpad, or by creating your own touch surface.

Trill was created by the same team that designed Bela, an embedded platform for low-latency interactive applications, especially with audio. The new trio of Trill sensors rely on capacitive sensing to track finger movement, and communicate over I2C with your microcontroller or development board of choice. The Trill I2C library targets Arduino and Bela, but should be easy to port to any I2C host.

The hardware and software are both open-source — or will be as the Kickstarter that launched this morning has already met its goal. The firmware for the Cypress CY8C20636A (PDF) controller that powers these sensors will be released CC-BY-NC-SA. But, starting with the controller itself sounds like a lot of work that Trill has already done for you, so let’s have a look at what we know so far, along with a healthy dose of speculation.

Continue reading “Trill: Easy Positional Touch Sensors For Your Projects” →

Software Defined Radio Hack Chat

September 16, 2019 by Dan Maloney 3 Comments

Join us on Wednesday, September 18 at noon Pacific for the Software Defined Radio Hack Chat with Corrosive!

If you’ve been into hobby electronics for even a short time, chances are you’ve got at least one software-defined radio lying around. From the cheap dongles originally intended to watch digital TV on a laptop to the purpose-built transmit-capable radio playgrounds like HackRF, SDR has opened up tons of RF experimentation. Before SDR, every change of band or mode would need new hardware; today, spinning up a new project is as simple as dragging and dropping a few blocks around on a screen, and SDRs that can monitor huge swaths of radio spectrum for the tiniest signal have been a boon to reverse engineers everywhere.

Corrosive is the handle of Harold Giddings, amateur callsign KR0SIV, and he’s gotten into SDR in a big way. Between his blog, his YouTube channel, and his podcast, all flying under the Signals Everywhere banner, he’s got the SDR community covered. Whether it’s satellite communications, aircraft tracking, amateur radio, or even listening in on railway operations, Harold has tried it all, and has a wealth of SDR wisdom to share. Join us as we discuss the state of the SDR ecosystem, which SDR to buy for your application, and even how to transmit with an SDR (hint: you’ll probably want a ham license.)

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, September 18 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.