Hackaday Prize Mentor Session: Product Engineering With Giovanni Salinas

May 23, 2019 by Jenny List No comments

This year we’ve added something new and exciting to the Hackaday Prize mix. Mentor sessions link up hardware teams with experts from backgrounds useful in moving their product development forward. We’ve assembled a dream team of mentors, and today we’re excited to publish video of the first mentor session which you’ll find embedded below. It’s a great chance to hear about the engineering going into each entry, and to learn from these back and forth conversations that help move the effort forward. We encourage you to sign up for an upcoming session!

Giovanni Salinas, the Product Development Engineer at Supplyframe’s DesignLab, is the mentor for this session. He has a huge breadth of experience in product development, and in today’s installment he’s working with four different product teams.

Continue reading “Hackaday Prize Mentor Session: Product Engineering With Giovanni Salinas” →

From Dirt To Space, Backyard Iron Smelting Hackerspace Style

May 22, 2019 by Jenny List 21 Comments

When I went to a hacker camp in the Netherlands in February I was expecting to spend a few days in a comfortable venue with a bunch of friends, drink some beer, see a chiptune gig, and say “Ooh!” a lot at the exciting projects people brought along. I did all of those things, but I also opened the door to something unexpected. The folks from RevSpace in the Hague brought along their portable forge, and before long I found myself working a piece of hot rebar while wearing comically unsuitable clothing. One thing led to another, and I received an invite to come along and see another metalworking project of theirs: to go form ore to ornamental technology all in one weekend.

From Dirt To Space is a collaboration between Dutch hackerspaces with a simple aim: to take iron ore and process it into a component that will be launched into space. The full project is to be attempted at the German CCCamp hacker camp in August, but to test the equipment and techniques a trial run was required. Thus I found myself in a Le Shuttle car transporter train in the Channel Tunnel, headed for the Hack42 hackerspace in Arnhem where all the parties involved would convene.

Continue reading “From Dirt To Space, Backyard Iron Smelting Hackerspace Style” →

New Part Day: Espressif Announces ESP32-S2 With USB

May 21, 2019 by Brian Benchoff 60 Comments

Espressif, the company behind the extremely popular ESP8266 and ESP32 microcontrollers has just announced their latest chip. It’s the ESP32-S2. It’s a powerful WiFi-enabled microcontroller, and this one has support for USB OTG.

Compared to the ESP32 we know and love, there are a few differences. The ESP32-S2 uses a single core Xtensa LX7 core running at up to 240 MHz, where the current ESP32 uses either a single or dual core LX6. The differences between these cores is hidden away in marketing speak and press releases, but it appears the LX7 core is capable of many more floating point operations per cycle: apparently 2 FLOPS / cycle for the LX6, but 64 FLOPS / cycle for the LX7. This is fantastic for DSP and other computationally heavy applications. Other features on the chip include 320 kB SRAM, 128 kB ROM, and 16 kB of RTC memory.

Connectivity for the ESP32-S2 is plain WiFi; Bluetooth is not supported. I/O includes 42 GPIOs, 14 capacitive touch sensing IOs, the regular SPI, I2C, I2S, UART, and PWM compliment, support for parallel LCDs, a camera interface, and interestingly full-speed USB OTG support. Yes, the ESP32-S2 is getting USB, let us all rejoice.

Other features include an automatic power-down of the RF circuitry when it isn’t needed, support for RSA and AES256, and plenty of support for additional Flash and SRAMs should you need more memory. The packaging is a 7 mm x 7 mm QFN, so get out the microscope, enhance your calm, and bust out the flux for this one. Engineering samples will be available in June, and if Espressif’s past performance in supplying chips to the community holds true, we should see some projects using this chip by September or thereabouts.

(Banner image is of a plain-old ESP32, because we don’t have any of the new ones yet, naturally.)

This Week In Security: What’s Up With Whatsapp, Windows XP Patches, And Cisco Is Attacked By The Thrangrycat

May 21, 2019 by Jonathan Bennett 21 Comments

Whatsapp allows for end-to-end encrypted messaging, secure VoIP calls, and until this week, malware installation when receiving a call. A maliciously crafted SRTCP connection can trigger a buffer overflow, and execute code on the target device. The vulnerability was apparently found first by a surveillance company, The NSO Group. NSO is known for Pegasus, a commercial spyware program that they’ve marketed to governments and intelligence agencies, and which has been implicated in a number of human rights violations and even the assassination of Jamal Khashoggi. It seems that this Whatsapp vulnerability was one of the infection vectors used by the Pegasus program. After independently discovering the flaw, Facebook pushed a fixed client on Monday.

Windows XP Patched Against Wormable Vulnerability

What year is it!? This Tuesday, Microsoft released a patch for Windows XP, five years after support for the venerable OS officially ended. Reminiscent of the last time Microsoft patched Windows XP, when Wannacry was the crisis. This week, Microsoft patched a Remote Desktop Protocol (RDP) vulnerability, CVE-2019-0708. The vulnerability allows an attacker to connect to the RDP service, send a malicious request, and have control over the system. Since no authentication is required, the vulnerability is considered “wormable”, or exploitable by a self-replicating program.

Windows XP through Windows 7 has the flaw, and fixes were rolled out, though notably not for Windows Vista. It’s been reported that it’s possible to download the patch for Server 2008 and manually apply it to Windows Vista. That said, it’s high time to retire the unsupported systems, or at least disconnect them from the network.

The Worst Vulnerability Name of All Time

Thrangrycat. Or more accurately, “😾😾😾” is a newly announced vulnerability in Cisco products, discovered by Red Balloon Security. Cisco uses secure boot on many of their devices in order to prevent malicious tampering with device firmware. Secure boot is achieved through the use of a secondary processor, a Trust Anchor module (TAm). This module ensures that the rest of the system is running properly signed firmware. The only problem with this scheme is that the dedicated TAm also has firmware, and that firmware can be attacked. The TAm processor is actually an FPGA, and researchers discovered that it was possible to modify the FPGA bitstream, totally defeating the secure boot mechanism.

The name of the attack, thrangrycat, might be a satirical shot at other ridiculous vulnerability names. Naming issues aside, it’s an impressive bit of work, numbered CVE-2019-1649. At the same time, Red Balloon Security disclosed another vulnerability that allowed command injection by an authenticated user.

Odds and Ends

Google discovered that their Bluetooth Security Keys use Bluetooth, and maybe that’s not a great idea.
Our own Bob Baddeley finally put the Supermicro server story to bed, probably.
Fifty year old aviation technology is hackable, but probably won’t be.

See a security story you think we should cover? Drop us a note in the tip jar!

Flexible PCBs Hack Chat With OSH Park

May 20, 2019 by Dan Maloney No comments

Join us Thursday at noon Pacific time for the Flexible PCBs Hack Chat with Drew and Chris from OSH Park!
Note the different day from our usual Hack Chat schedule!
Printed circuit boards have been around for decades, and mass production of them has been an incalculable boon to the electronics industry. But turning the economics of PCB production around and making it accessible to small-scale producers and even home experimenters is a relatively recent development, and one which may have an even broader and deeper impact on the industry in the long run.

And now, as if professional PCBs at ridiculous prices weren’t enough, the home-gamer now has access to flexible PCBs. From wearables to sensor applications, flex PCBs have wide-ranging applications and stand to open up new frontiers to the hardware hacker. We’ve even partnered with OSH Park in the Flexible PCB Contest, specifically to stretch your flexible wings and get you thinking beyond flat, rigid PCBs.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Thursday, May 23 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Thursday; join whenever you want and you can see what the community is talking about.

Hackaday Links: May 19, 2019

May 19, 2019 by Brian Benchoff 16 Comments

Cheap nostalgia, that’s the name of the game. If you can somehow build and ship ‘cheap nostalgia’, you’re going to be raking in the bucks. For the ‘musicians’ in the crowd, the king of cheap nostalgia has something great. Behringer is cloning the Yamaha CS-80. and it was announced at this month’s Superbooth.

The Yamaha CS-80 is the synth in Blade Runner, and since Toto’s Africa is making a comeback on top-40 radio, it’s the instrument of our time. A Wonderful Christmas Time, it seems. Aaaannnyway, yes, there might be a huge and inexpensive version of one of the greatest synthesizers ever made real soon. The cheap 808s and 909s are making their way to stores soon, and the 101 needs a firmware update but you can buy it now. Cheap nostalgia. That’s how you do it.

The PiDP-11/70 is a project we’ve been neglecting for some time, which is an absolute shame. This is a miniature simulation of what is objectively the best-looking minicomputer of all time, the PDP-11/70. This version is smaller, though, and it runs on a Pi with the help of SimH. There are injection molded switches, everything is perfect, and now there are a whole bunch of instructional videos on how to get a PiDP-11/70 up and running. Check it out, you want this kit.

Considering you can put a phone screen in anything, and anyone can make a keyboard, it’s a wonder no one is making real, well-designed palmtop computers anymore. The Vaio P series of PCs would be great with WiFi, Bluetooth, and a slight upgrade in memory and storage. This was [NFM[‘s recent project. This palmtop gets an SSD. The object of modification is a decade-old Sony Vaio CPCP11 palmtop modified with a 256 GB SSD. The Vaio only supports PATA, and the SSD is mSATA, so this is really a project of many weird adapters that also have to be built on flex connectors.

Here’s something for the brain trust in the Hackaday comments. First, take a look at this picture. It’s the inside of a rotary encoder. On the top, you have a Gray code (or what have you) that tracks the absolute position of a shaft. On the bottom, you have some sort of optical detection device with 13 photodiodes (or something) that keeps track of each track in the Gray code. This is then translated to some output, hopefully an I2C bus. What is this device, circled in red? I know what it is — it’s an optical decoder, but that phrase is utterly ungooglable, unmouserable, and undigikeyable. If you were me, what would you use to build your own custom absolute rotary encoder and you only needed the sensor? I technically only need 10 tracks/sensors/resolution of 1024, but really I only need a name.

Lol, someone should apply to Y Combinator and pitch yourself as a B Corp.

The $50 Ham: Dummy Loads, Part 2

May 17, 2019 by Dan Maloney 21 Comments

In the last installment of “The $50 Ham” I built a common tool used by amateur radio operators who are doing any kind of tuning or testing of transmitters: a dummy load. That build resulted in “L’il Dummy”, a small dummy load intended for testing typical VHF-UHF handy talkie (HT) transceivers, screwing directly into the antenna jack on the radio.

As mentioned in the comments by some readers, L’il Dummy has little real utility. There’s actually not much call for a dummy load that screws right into an HT, and it was pointed out that a proper dummy load is commercially available on the cheap. I think the latter observation is missing the point of homebrewing specifically and the Hackaday ethos in general, but I will concede the former point. That’s why at the same time I was building L’il Dummy, I was building the bigger, somewhat more capable version described here: Big Dummy.

Continue reading “The $50 Ham: Dummy Loads, Part 2” →