This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
For many of us, magic things happen on our benches. We mix a little of this, one of those, and a couple of the other things, and suddenly the world has the Next Big Thing. Or does it? Will it ever see the light of day? Will you ever build a community around your project so that the magic can escape the shop and survive the harsh light of the marketplace? And perhaps most importantly, will you be able to afford to bring your project to market?
Crowdfunding is often the answer to these questions and more, and Kickstarter is one of the places where hackers can turn their project into a product. Beau and Clarissa, both outreach leads for the crowdfunding company, will stop by the Hack Chat to answer all your questions about getting your project off the bench and into the marketplace. Join us as we discuss everything from building a community that’s passionate enough about your idea to fund it, to the right way to share your design story.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
When the SpaceX Dragon spacecraft reached orbit for the first time in 2010, it was a historic achievement. But to qualify for NASA’s Commercial Orbital Transportation Services (COTS) program, the capsule also needed to demonstrate that it could return safely to Earth. Its predecessor, the Space Shuttle, had wings that let it glide home and land like a plane. But in returning to the classic capsule design of earlier spacecraft, SpaceX was forced to rely on a technique not used by American spacecraft since the 1970s: parachutes and an ocean splashdown.
The Dragon’s descent under parachute, splashdown, and subsequent successful recovery paved the way for SpaceX to begin a series of resupply missions to the International Space Station that continue to this day. But not everyone at SpaceX was satisfied with their 21st century spacecraft having to perform such an anachronistic landing. At a post-mission press conference, CEO Elon Musk told those in attendance that eventually the Dragon would be able to make a pinpoint touchdown using thrusters and deployable landing gear:
The architecture that you observed today is obviously similar to what was employed in the Apollo era, but the next generation Dragon, the Crew Dragon, we’re actually going to be aiming for a propulsive landing with gear. We’ll still have the parachutes as a backup, but it’s going to be a precision landing, you could literally land on something the size of a helipad propulsively with gear, refuel, and take off again.
But just shy of a decade later, the violent explosion of the first space worthy Crew Dragon has become the final nail in the coffin for Elon’s dream of manned space capsules landing like helicopters. In truth, the future of this particular capability was already looking quite dim given NASA’s preference for a more pragmatic approach to returning their astronauts from space. But Crew Dragon design changes slated to be implemented in light of findings made during the accident report will all but completely remove the possibility of Dragon ever performing a propulsive landing.
Is the hacking community facing a HOPEless future? It may well be, if this report from 2600 Magazine is any indication. The biennial “Hackers On Planet Earth” conference is in serious financial jeopardy after the venue that’s hosted it for years, the Hotel Pennsylvania in Manhattan, announced a three-fold increase in price. Organizers are scrambling to save the conference and they’re asking for the community’s help in brainstorming solutions. Hackaday was at HOPE XI in 2016 and HOPE XII in 2018; let’s HOPE we get to see everyone again in 2020.
If you’ve ever been curious about how a 1970s PROM chip worked, Ken Shirriff has you covered. Or uncovered, as he popped the top off a ceramic MMI 5300 DIP to look at the die within. Closeups of the somewhat cockeyed die reveal its secrets – 1,024 tiny fusible links. Programming was a matter of overloading a particular fuse, turning a 1 into a 0 permanently. It’s a fascinating look at how it used to be done, with Ken’s usual attention to detail in the documentation department.
We had a great Hack Chat this week with Mihir Shah from Royal Circuits. Royal is one of the few quick-turn PCB fabs in the USA, and they specialize in lightning-fast turnaround on bare PCBs and assembled boards. He told us all about this fascinating business, and dropped a link to a side project of his. Called DebuggAR, it’s an augmented reality app that runs on a smartphone and overlays component locations, signal traces, pinouts, and more right over a live image of your board. He’s got a beta going now for iPhone users and would love feedback, so check it out.
With all the cool things you can do with LoRa radios, it’s no wonder that wireless hobbyists have taken to pushing the limits on what the technology can do. The world record distance for a LoRa link was an astonishing 702 km (436 miles). That stood for two years until it was topped, twice in the same day. On July 13th, the record was pushed to 741 km, and a mere five hours later to 766 km. All on a scant 25 mW of power.
Linux distro Manjaro made an unconventional choice regarding which office suite to include, and it’s making some users unhappy. It appears that they’ve dumped LibreOffice from the base install, opting instead to include the closed-source FreeOffice. Worse, FreeOffice doesn’t have support for saving .doc and OpenDocument files; potentially leaving LibreOffice users stranded. Paying for an upgrade to SoftMaker’s Office product can fix that, but that’s hardly free-as-in-beer free. It’s kind of like saying the beer is free, but the mug is an upgrade. UPDATE: It looks like the Manjaro team heard all the feedback and are working on a selector so you can install the office suite of your choice.
Tragic news out of New Hampshire, as amateur radio operator Joe Areyzaga (K1JGA) was killed while trying to dismantle an antenna tower. Local news has coverage with no substantial details, however the hams over on r/amateurradio seem to have the inside line on the cause. It appears the legs of the tower had filled with water over the years, rusting them from the inside out. The tower likely appeared solid to Joe and his friend Mike Rancourt (K1EEE) as they started to climb, but the tower buckled at the weak point and collapsed. K1EEE remains in critical condition after the 40′ (12 m) fall, but K1JGA is now a silent key. The tragedy serves as a reminder to everyone who works on towers to take nothing for granted before starting to climb.
And finally, just for fun, feast your eyes on this movie of the ESA’s Rosetta spacecraft as is makes its flyby of comet 67P/Churyumov–Gerasimenko. It’s stitched together from thousands of images and really makes 67P look like a place, not just a streak of light in the night sky.
If I were to ask you what is the oldest man-made orbiting satellite still in use, I’d expect to hear a variety of answers. Space geeks might mention the passive radar calibration spheres, or possibly one of the early weather satellites. But what about the oldest communication satellite still in use?
The answer is a complicated one. Oscar 7 is an amateur radio satellite launched on November 5th 1974, carrying two transponders and four beacons, all of which operate on bands available to amateur radio operators. Nearly 45 years later it still provides radio amateurs with contacts just as it did in the 1970s. But this bird’s history is anything but ordinary. It’s the satellite that came back from the dead after being thought lost forever. And just as it was fading from view it played an unexpected role in the resistance to the communist government in Poland.
This has been an interesting week. First off, security researchers at Armis discovered a set of serious vulnerabilities in the vxWorks Real Time Operating System (RTOS). Released under a name that sounds like the title of a western or caper movie, Urgent/11. Not familiar with vxWorks? It’s a toss-up as to whether vxWorks or Linux is more popular for embedded devices. Several printer brands, Arris modems, Sonicwall firewalls, and a whole host of other industrial and medical devices run the vxWorks RTOS.
Several of these vulnerabilities are in the network stack, rather than in applications. The worst offender is CVE-2019-12256, a vulnerability in error handling. An ICMP error response is generated from an incoming packet, and assumptions are made about that incoming packet. When data is copied from that packet into the ICMP error, the length is not first checked, allowing unconfined memory write. If this sounds familiar, it should. We covered a similar vulnerability in Apple’s XNU kernel not long ago.
This particular vulnerability can compromise a vxWorks machine even without an opened port. The saving grace of that vulnerability applies here: a maliciously crafted packet is necessarily malformed, and won’t navigate public routing. In other words, it’s LAN only, and can’t be sent over the internet.
They come in through the firewall.
A second class of vulnerability, where the name comes from, is related to the TCP urgent pointer. This rarely used TCP feature was intended to allow more up-to-date information to supersede data still being processed. Not only has TCP urgent not been widely used, the specifications were not written particularly well, with the various RFC documents describing conflicting implementations. It’s surprising that vxWorks supports it at all, but isn’t particularly surprising that their implementation is flawed. Manipulation of the data stream can cause a length integer to underflow. The nature of binary arithmetic means that underflowing an unsigned integer causes it to wrap around to maximum value, which can lead to writing packet data in the buffer in unexpected memory locations. These vulnerabilities require an established TCP connection, but the researchers describe several scenarios where that could be accomplished by an attacker.
The last RCE vulnerability they describe is in the DHCP client, ipdhcpc. This is a very simple vulnerability. One section of code allocates a buffer for DHCP options, but allocates 24 bytes fewer than the maximum size. An attacker could use this 24 byte overflow to manipulate the data structure and potentially jump execution into manipulated memory.
Update (2019-08-02 09:15 UTC-7): Hackaday received a statement from SonicWall that they made a patch for this vulnerability back on July 19th:
Ensuring the security of our customers is a responsibility we take seriously at SonicWall and we work vigilantly to always keep our customers secure. SonicWall physical firewall appliances running certain versions of SonicOS contain vulnerabilities in code utilized for remote management. At this time, there is no indication that the discovered vulnerabilities are being exploited in the wild. The patches are available now and we strongly advised our partners and end users July 19 th to apply the SonicOS patch immediately.
Capital One made use of Amazon AWS for storing customer data. This isn’t surprising, many companies have turned to Amazon’s seemingly inexhaustible cloud computing platform for storing large data sets. It seems, however, that Capital One failed to configure the security properly on that bucket. (As many other companies have done.) Information was leaked for over an estimated 100 million customers. A former Amazon employee has been arrested, and seems to have posted at least a portion of that data in a Github gist.
Reading between the lines, it seems that this was a very simple mistake. Perhaps credentials were leaked, or the S3 bucket was publicly available. That particular detail has not been released. There is something to be said for Capital One’s response to the incident. They were anonymously informed of the existence of the gist on July 17, using their responsible disclosure process. By the 29th, they had fixed the misconfiguration, coordinated with law enforcement, and publicly announced the breach. A twelve day turn-around is an impressive response, particularly when so many companies have tried to hide or ignore similar breaches.
Cabarrus County, NC
It seemed simple enough. The general contractor for the county’s new school building needed to update bank account information. The appropriate forms were signed and filed, and the information was updated. Nothing seemed amiss unto two months later, when the contractor notified the county that they had missed a scheduled payment of 2.5 million dollars. But the transaction went through, and the money was transferred to the account on file.
Yes, the transfer went through, but the the county had been hit with a social engineering scam. The report refers to it as an Email Account Compromise (EAC) scam, which seems to indicate that the scammer first gained access to a legitimate email account of the contractor in question. Alternatively, an attacker could simply spoof the sender’s email address, and set a different reply-to field. Unless a user was particularly watching for such a scheme, it would be easy to overlook the discrepancy. In any case, even after recovering some of the transferred money, the county seems to be out about $1.7 million. These scams are becoming more and more popular, so remember, don’t believe anything you read in an email.
The Weird and Wacky
And to round out this week’s news, yet another [Satoshi Nakamoto] candidate has been found: Linus Torvalds. While it appears to be a serious suggestion, I’ll just note that the author doesn’t have his name attached to this article. He does make one interesting observation — git is the killer blockchain app. You see, I tend to compare blockchain to the laser. Both were very clever inventions, but didn’t have any immediate uses. They were solutions in search of a problem. This article points out that core concepts of blockchain are present in git, which seems to be an accurate and clever observation. So what is blockchain good for? Git!
You’ve got to hand it to marketers – they really know how to make you want something. All it takes is a little parental guilt, a bit of technical magic, and bam, you’re locked into a product you never knew you needed.
This prototype flight tracking nightlight for kids is a great example. Currently under development by Canadian airline WestJet, the idea is to provide a way for traveling parents to let kids know how long it is until Mommy or Daddy gets home from their trip. The prototype shows a stylized jet airliner with Neopixel lighting in the base. A pair of projectors in the wings shine an animated flight path on the child’s darkened bedroom ceiling, showing them when the wayward parent will return. Get past the schmaltz in the video below, and perhaps get over your jealousy of parents with kids who still eagerly await their return, and it’s actually a pretty good idea.
Now for the ask: how would you go about building something like this? And more importantly, how would you make it work for any plane, train, or automobile trip, and not just a WestJet flight? A look at the “How it will work” section of the page shows several photos of the prototype, which suggests the hardware end is dead easy. A Raspberry Pi Zero W features prominently, and the projectors appear to be TI’s DLP2000EVM, which we’ve featured before, mounted to a riser card. The Neopixels, a 3D-printed case, and the superfluous flashlight fuselage would be pretty easy, too.
On the software side, a generic version that tracks flight from any airline would need an interface for the traveler to define a flight, and something to check an API like FlightAware’s, or similar ones for whatever mode of transportation you’re using.
Seems like a pretty straightforward project. WestJet claims they’ll have their Flight Light ready sometime this summer; think we can beat them to it?
You may not know the name Abraham Wald, but he has a very valuable lesson you can apply to problem solving, engineering, and many other parts of life. Wald worked for the Statistical Research Group (SRG) during World War II. This was part of a top secret organization in the United States that applied elite mathematical talent to help the allies win the war. Near Columbia University, mathematicians and computers — the human kind — worked on problems ranging from how to keep an enemy plane under fire longer to optimal bombing patterns.
One of Wald’s ways to approach problem was to look beyond the data in front of him. He was looking for things that weren’t there, using their absence as an additional data point. It is easy to critique things that are present but incorrect. It is harder to see things that are missing. But the end results of this technique were profound and present an object lesson we can still draw from today.
Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, August 7 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.
