Hackaday Columns

4657 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Books You Should Read: Exact Constraint: Machine Design Using Kinematic Principles

September 11, 2019 by 53 Comments

Surely, if you’re reading this website you’ve teased the thought of building your own 3D printer. I certainly did. But from my years of repeated rebuilds of my homebrew laser cutter, I learned one thing: machine design is hard, and parts cost money. Rather than jump the gun and start iterating on a few machine builds like I’ve done before, I thought I’d try to tease out the founding principles of what makes a rock-solid machine. Along the way, I discovered this book: Exact Constraint: Machine Design Using Kinematic Principles by Douglass L. Blanding.

This book is a casual but thorough introduction to the design of machines using the method of exact constraint. This methodology invites us to carefully assess how parts connect and move relative to each other. Rather than exclusively relying on precision parts, like linear guides or bearings, to limit a machine’s degrees of freedom, this book shows us a means of restricting degrees of freedom by looking at the basic kinematic connections between parts. By doing so, we can save ourselves cost by using precision rails and bearings only in the places where absolutely necessary.

While this promise might seem abstract, consider the movements made by a 3D printer. Many styles of this machine rely on motor-driven movement along three orthogonal axes: X, Y, and Z. We usually restrict individual motor movement to a single axis by constraining it using a precision part, like a linear rod or rail. However, the details of how we physically constrain the motor’s movements using these parts is a non-trivial task. Overconstrain the axis, and it will either bind or wiggle. Underconstrain it, and it may translate or twist in unwanted directions. Properly constraining a machine’s degrees of freedom is a fundamental aspect of building a solid machine. This is the core subject of the book: how to join these precision parts together in a way that leads to precision movement only in the directions that we want them.

Part of what makes this book so fantastic is that it makes no heavy expectations about prior knowledge to pick up the basics, although be prepared to draw some diagrams. Concepts are unfolded in a generous step-by-step fashion with well-diagrammed examples. As you progress, the training wheels come loose, and examples become less-heavily decorated with annotations. In this sense, the book is extremely coherent as subsequent chapters build off ideas from the previous. While this may sound daunting, don’t fret! The entire book is only about 140 pages in length.

Continue reading “Books You Should Read: Exact Constraint: Machine Design Using Kinematic Principles”

Ask Hackaday: At What Point Is Hand Pick And Place Too Much Work?

September 8, 2019 by 36 Comments
Just a section from a render of the board in question. It's a daunting task for anyone facing it with a set of tweezers or a vacuum pencil.
Just a section from a render of the board in question. It’s a daunting task for anyone facing it with a set of tweezers or a vacuum pencil.

A friend of ours here at Hackaday has an audacious design in the works that we hope will one day become a prototype that we can feature here. That day may be a little while coming though, because it has somewhere close to a thousand of the smaller SMD components in multiple repeated blocks on a modestly sized board, and his quote from a Chinese board house for assembly is eye-watering. He lacks a pick-and-place machine of his own, and unsurprisingly the idea of doing the job by hand is a little daunting.

We can certainly feel his pain, for in the past we’ve been there. The job described in the linked article had a similar number of components with much more variety and on a much larger board, but still took two experienced engineers all day and into the night to populate. The solder paste had started to spread by the end, morphing from clearly defined blocks to an indistinct mush often covering more than one pad. Our eyes meanwhile were somewhat fatigued by the experience, and it’s not something any sane person would wish to repeat.

Mulling over our friend’s board and comparing it with the experience related above, are we on the edge of what is possible with hand pick-and-place, or should we be working at the next level? Board assembly is a finely judged matter of economics at a commercial level, but when at a one-off personal construction level the option of paying for assembly just isn’t there, is there a practical limit to the scale of the task? Where do you, our readers, draw the line? We’d love to hear your views.

Meanwhile our friend’s audacious project is still shrouded in a bit of secrecy, but we’ll continue to encourage him to show it to the world. It’s not often that you look at a circuit diagram and think “I wish I’d thought of that!”, but from what we’ve seen this fits the category. If he pulls it off then we’ll bring you the result.

PCB image, Andrew Magill (CC BY 2.0).

Hackaday Podcast 034: 15 Years Of Hackaday, ESP8266 Hacked, Hydrogen Seeps Into Cars, Giant Scara Drawbot, Really Remote RC Car Racing

September 6, 2019 by 5 Comments

Elliot Williams and Mike Szczys wish Hackaday a happy fifteenth birthday! We also jump into a few vulns found (and fixed… ish) in the WiFi stack of ESP32/ESP8266 chips, try to get to the bottom of improved search for 3D printable CAD models, and drool over some really cool RC cars that add realism to head-to-head online racing. We look at the machining masterpiece that is a really huge SCARA arm drawbot, ask why Hydrogen cars haven’t been seeing the kind of sunlight that fully electric vehicles do, and give a big nod of approval to a guide on building your own custom USB cables.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 034: 15 Years Of Hackaday, ESP8266 Hacked, Hydrogen Seeps Into Cars, Giant Scara Drawbot, Really Remote RC Car Racing”

This Week In Security: Mass IPhone Compromise, More VPN Vulns, Telegram Leaking Data, And The Hack Of @Jack

September 6, 2019 by 15 Comments

In a very mobile-centric installment, we’re starting with the story of a long-running iPhone exploitation campaign. It’s being reported that this campaign was being run by the Chinese government. Attack attribution is decidedly non-trivial, so let’s be cautious and say that these attacks were probably Chinese operations.

In any case, Google’s Project Zero was the first to notice and disclose the malicious sites and attacks. There were five separate vulnerability chains, targeting iOS versions 10 through 12, with at least one previously unknown 0-day vulnerability in use. The Project Zero write-up is particularly detailed, and really documents the exploits.

The payload as investigated by Project Zero doesn’t permanently install any malware on the device, so if you suspect you could have been compromised, a reboot is sufficient to clear you device.

This attack is novel in how sophisticated it is, while simultaneously being almost entirely non-targeted. The malicious code would run on the device of any iOS user who visited the hosting site. The 0-day vulnerability used in this attack would have a potential value of over a million dollars, and these high value attacks have historically been more targeted against similarly high-value targets. While the websites used in the attack have not been disclosed, the sites themselves were apparently targeted at certain ethnic and religious groups inside China.

Once a device was infected, the payload would upload photos, messages, contacts, and even live GPS information to the command & control infrastructure. It also seems that Android and Windows devices were similarly targeted in the same attack.

Telegram Leaking Phone Numbers

“By default, your number is only visible to people who you’ve added to your address book as contacts.” Telegram, best known for encrypted messages, also allows for anonymous communication. Protesters in Hong Kong are using that feature to organize anonymously, through Telegram’s public group messaging. However, a data leak was recently discovered, exposing the phone numbers of members of these public groups. As you can imagine, protesters very much want to avoid being personally identified. The leak is based on a feature — Telegram wants to automatically connect you to other Telegram users whom you already know.

By default, your number is only visible to people who you’ve added to your address book as contacts.

Telegram is based on telephone numbers. When a new user creates an account, they are prompted to upload their contact list. If one of the uploaded contacts has a number already in the Telegram system, those accounts are automatically connected, causing the telephone numbers to become visible to each other. See the problem? An attacker can load a device with several thousand phone numbers, connect it to the Telegram system, and enter one of the target groups. If there is a collision between the pre-loaded contacts and the members of the group, the number is outed. With sufficient resources, this attack could even be automated, allowing for a very large information gathering campaign.

In this case, it seems such a campaign was carried out, targeting the Hong Kong protesters. One can’t help but think of the first story we covered, and wonder if the contact data from compromised devices was used to partially seed the search pool for this effort.

The Hack of @Jack

You may have seen that Twitter’s CEO, Jack [@Jack] Dorsey’s Twitter account was hacked, and a series of unsavory tweets were sent from that account. This seems to be a continuing campaign by [chucklingSquad], who have also targeted other high profile accounts. How did they manage to bypass two factor authentication and a strong password? Cloudhopper. Acquired by Twitter in 2010, Cloudhopper is the service that automatically posts a user’s SMS messages to Twitter.

Rather than a username and password, or security token, the user is secured only by their cell phone number. Enter the port-out and SIM-swap scams. These are two similar techniques that can be used to steal a phone number. The port-out scam takes advantage of the legal requirement for portable phone numbers. In the port-out scam, the attacker claims to be switching to a new carrier. A SIM-swap scam is convincing a carrier he or she is switching to a new phone and new SIM card. It’s not clear which technique was used, but I suspect a port-out scam, as Dorsey hadn’t gotten his cell number back after several days, while a SIM swap scam can be resolved much more quickly.

Google’s Bug Bounty Expanded

In more positive news, Google has announced the expansion of their bounty programs. In effect, Google is now funding bug bounties for the most popular apps on the Play store, in addition to Google’s own code. This seems like a ripe opportunity for aspiring researchers, so go pick an app with over 100 million downloads, and dive in.

An odd coincidence, that 100 million number is approximately how many downloads CamScanner had when it was pulled from the Play store for malicious behavior. This seems to have been caused by a third party advertisement library.

Updates

Last week we talked about Devcore and their VPN Appliance research work. Since then, they have released part 3 of their report. Pulse Secure doesn’t have nearly as easily exploited vulnerabilities, but the Devcore team did find a pre-authentication vulnerability that allowed reading arbitraty data off the device filesystem. As a victory lap, they compromised one of Twitter’s vulnerable devices, reported it to Twitter’s bug bounty program, and took home the highest tier reward for their trouble.

3D Printering: The Search For Better Search

September 5, 2019 by 48 Comments

There’s no question that a desktop 3D printer is at its most useful when it’s producing parts of your own design. After all, if you’ve got a machine that can produce physical objects to your exacting specifications, why not give it some? But even the most diligent CAD maven will occasionally defer to an existing design, as there’s no sense spending the time and effort creating their own model if a perfectly serviceable one is already available under an open source license.

But there’s a problem: finding these open source models is often more difficult than it should be. The fact of the matter is, the ecosystem for sharing 3D printable models is in a very sorry state. Thingiverse, the community’s de facto model repository, is antiquated and plagued with technical issues. Competitors such as Pinshape and YouMagine are certainly improvements on a technical level, but without the sheer number of models and designers that Thingiverse has, they’ve been unable to earn much mindshare. When people are looking to download 3D models, it stands to reason that the site with the most models will be the most popular.

It’s a situation that the community is going to have to address eventually. As it stands, it’s something of a minor miracle that Thingiverse still exists. Owned and operated by Makerbot, the company that once defined the desktop 3D printer but is today all but completely unknown in a market dominated by low-cost printers from the likes of Monoprice and Creality, it seems only a matter of time before the site finally goes dark. They say it’s unwise to put all of your eggs in one basket, and doubly so if the basket happens to be on fire.

So what will it take to get people to consider alternatives to Thingiverse before it’s too late? Obviously, snazzy modern web design isn’t enough to do it. Not if the underlying service operates on the same formula. To really make a dent in this space, you need a killer feature. Something that measurably improves the user experience of finding the 3D model you need in a sea of hundreds of thousands. You need to solve the search problem.

Continue reading “3D Printering: The Search For Better Search”

BornHack 2019, A Laid-Back Hacker Camp In A Danish Forest

September 4, 2019 by 11 Comments

This is a fantastic summer for hacker camps and I was very happy to make it to BornHack this year. This week-long camp attracts hackers from all over Europe and the mix of a few hundred friends and soon-to-be friends who gathered on the Danish island of Fyn delivered a unique experience for the curious traveller.

The camp takes place at the Hylkedam Danish scout camp, located in a forest amid the rolling Danish famland not too far from the small town of Gelsted. It’s a few kilometres from a motorway junction, but easy enough to find after the long haul up from the UK via the Channel Tunnel. As an aside, every bored cop between France and the Danish border wanted to stop my 20-year-old right-hand-drive Volkswagen on UK plates, but soon lost interest after walking up to the passenger side and finding no driver. It seems Brits are considered harmless, which is good to hear. Continue reading “BornHack 2019, A Laid-Back Hacker Camp In A Danish Forest”

Clean Water Technologies Hack Chat

September 3, 2019 by 2 Comments

Join us on Wednesday, September 4th at noon Pacific for the Clean Water Technologies Hack Chat with Ryan Beltrán!

Access to clean water is something that’s all too easy to take for granted. When the tap is turned, delivering water that won’t sicken or kill you when you drink it, we generally stop worrying. But for millions around the world, getting clean water is a daily struggle, with disease and death often being the penalty for drinking from a compromised source. Thankfully, a wide range of water technologies is available to help secure access to clean water. Most are expensive, though, especially at the scale needed to supply even a small village.

Seeing a need to think smaller, Ryan started MakeWater.org, a non-profit program that seeks to give anyone the power to make clean water through electrocoagulation, or the use of electric charge to precipitate contaminants from water. There’s more to MakeWater than electrocoagulation kits, though. By partnering with STEM students and their teachers, MakeWater seeks to crowdsource improvements to the technology, incorporating student design changes into the next version of the kit. They also hope to inspire students to develop the skills they need to tackle real-world problems and make a difference in the lives of millions.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, September 4 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.