Hackaday Links: May 5, 2019

May 5, 2019 by Brian Benchoff 22 Comments

Simulacra and simulation and Kickstarter videos. The Amigo Robot is a 4-wheeled omnibot robot on Kickstarter. It does STEM or STEAM or whatever. Oh neat, injection molded magnetic pogo pins, that’s cool. Watch the video for this Kickstarter, it is a work of postmodern horror. We live in a post-reality world, and this is beyond parody. You have the ubiquitous cheerful whistling, a ukulele, tambourine and a glockenspiel. You’ve got a narrator that falls squarely into the uncanny valley and a cadence that could have only been generated by a computer. You’ve got grammar that is very much correct, but somehow wrong; ‘It is the key to interact with family pets’. This is really, really bad.

Who is Satoshi? The creator of Bitcoin, a person or persons known as Satoshi Nakamoto, has been an open question for years now, with many people claiming they are the one that invented Bitcoin (with the implication that they’re in control of the first coins and therefore a multi-Billionaire). Newsweek found someone named Dorian Nakamoto, but that guy didn’t make Bitcoin. Wired magazine used back-dated blog posts to identify the creator of Bitcoin. Needless to say, the creator of Bitcoin has not been identified yet. Now, there’s an unveiling of sorts coming up. gotsatoshi.com has a live countdown and doesn’t use Rockapella as a house band. This bears repeating, again: there is exactly one way to prove the identity of Satoshi Nakamoto. To prove you are Satoshi, all you need to do is move some of the first Bitcoins. That’s it, that’s all you need to do, and it’s not going to happen when the gotsatoshi.com countdown hits zero.

CNC machines controlled by a Pi abound, but here’s a word of warning about buying a ‘bargain’ CNC machine from China from [Rob] via our tips line:

In the “homebrew” community, I know some people have their own CNC machines – I’ve seen a hundred and one projects using Raspberry Pis to run homemade CNCs and so on, so I guess there is a good supply of open-source/freeware to software to control them with.

However, some people, like a mate at work, might be tempted by a good “bargain” from China. No names, no pack drill, but just before last Christmas, my mate bought a “cheap” CNC system from China – It was about three or four thousand Euros, if I remember rightly. It has been working well and he done some work for our work as well. No problems.

Last week, our firm was contacted by Siemens. They claimed that someone at our firm has been using unlicensed Siemens software. At first no-one knew what they were on about. Someone thought it might be about some CAD system or other – we had been trialing a few to see which suited us best, but we had stuck well within the restrictions for the trials.

Then we found out it was the software on his CNC machine. Because he had used his work laptop with it, the system had “phoned home” and alerted Siemens that an unlicensed version was being used. Siemens then demanded EUR 32,000 – yes, thirty two THOUSAND Euros to license the software. That was something like EUR 27,000 for the commercial license and EUR 5 000 for the second one. It was explained that he had bought the CNC system from where-ever and had a license issued by the manufacturer. I license that Siemens do not acknowledge. They have now accepted that he bought and used it in good faith that it was fully legit, so they waived the commercial license and are now demanding “only” EUR 5,000, but that still comes with the threat – pay up or we take you to court…

We’re all very familiar that Dassault Systems will start hitting you up for that Solidworks license you didn’t pay for, but this is effectively firmware for a CNC machine that is phoning home through a laptop. In effect it’s a reverse Stuxnet, brought to you by a cheap Chinese CNC machine.

Here’s a hot tip for anyone who wants to do something people want. Direct to garment printers (DTG printers) are pretty much inkjet printers modified to print on t-shirts. ‘dtg printer’ is one of Hackaday’s perennial top search terms, most likely because of a post we did ten years ago. If you want to join the cool kids club and do something people desperately want, find a cheap inkjet and turn it into a DTG printer.

Red Hat has changed its logo. Red Hat, the company that somehow makes money on Open Source software, changed their logo this week. The branding for Red Hat hasn’t been very good since 2016 or thereabouts, and the branding for the Fedora project has been taking hits for just as long, m’lady. Beyond that, customer surveys revealed that the old ‘Shadowman’ logo evoked feelings like, ‘sinister, secretive, evil, and sneaky’. The new logo removes the shadowman entirely, and makes the hat the focus of attention. There is now official confirmation that there is a black band around the crown of the hat (in the Shadowman logo, this band could be confused for a shadow), and the crown is sharper. The jury is still out on the fedora vs. trilby argument, and indeed the argument is even more divisive now: the difference between a trilby and a fedora is in how they are worn, and by removing the Shadowman from the logo we now have fewer context clues to make the determination. Bet you didn’t think you were going to read two hundred words about the Red Hat logo today, did you?

New Part Day: Lynxmotion Smart Servos

May 3, 2019 by Roger Cheng 33 Comments

Anyone who shops for robotics kits would have come across a few designed by Lynxmotion. They’ve been helping people build robots since 1995, from robot arm kits to hexapod chassis and everything in between. We would expect these people know their motors, so when they launched their own line of servo motors called Lynxmotion Smart Servos (LSS), it is worth spending a bit of time to look over what they offer.

While these new devices have a PWM mode compatible with classic remote control servos, unleashing their full power requires bidirectional communication over a serial bus. We’ve previously given an overview of three serial bus servos already on the market for comparison. A quick look at the $68-$100 price tags listed on Lynxmotion’s parent company RobotShop made it clear they do not intend to compete on price, so what interesting features do these new kids on the block have?

Digging into product documentation found some great details. Acceleration and deceleration rates are adjustable, which can help with smoother robot movement. There’s also an adjustable level of “stiffness” that adds some “give” (compliance) so a robot won’t have to be as stiff as… well, a robot!

Mechanically, the most interesting internal component is the magnetic position sensor. They are far more precise than potentiometers, but more importantly, they allow positioning anywhere within full 360 degrees. Many other serial bus servos are constrained to positions within an arc less than 360 degrees leaving a blind spot.

An interesting quirk of the LSS offerings is that the serial communication protocol uses human-readable text characters, so sending a number 255 means transmitting a three byte string ‘2’, ‘5’, and ‘5’ instead of single byte 0xFF. This would make debugging our custom robot code far easier, at the cost of reduced bandwidth efficiency and loss of checksum for detecting communication errors. It’s a trade-off that some robot builders would be happy to make, but others might not.

Externally, these servos have bountiful mounting options including some we didn’t know to ask for. Historically Lynxmotion kits have used a wide variety of servo mounting brackets, so they are motivated to make mechanical integration easy. The most novel offering is the ability to bolt external gears to the servo body. A set of 1:3 gears allow for gearing the servo up or down, or you can use a set of 1:1 gears for a compact gripper.

As you’d expect of servos in this price range, they all have metal gears, but they also have the ability to power the motor directly from a battery pack (a 3 cell lithium polymer is recommended). There are additional features, like an RGB LED for visual feedback, which we didn’t cover here so dig into the documentation for more. We look forward to seeing how these interesting little actuators perform in future robotics projects.

Hackaday Podcast 017: Are Cheap Microcontrollers Worth It? Android On Your Bike. Plus Food Printers And Coffee Bots

May 3, 2019 by Mike Szczys 5 Comments

Join Editors Mike Szczys and Elliot Williams as they recount a week of fascinating hacks. We take a good look at the PMS150C, a microcontroller that literally costs pennies but can only be flashed once. SNES emulators have a new trick up their sleeves to make low-def a lot less low, and you retro enthusiasts will either hate or love the NES zapper chandelier. Elliot’s enamored by a bike computer running Android core, and both Mike and Elliot delve into the food hacking scene, be it meat, chocolate, coffee, or of course frosting!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 017: Are Cheap Microcontrollers Worth It? Android On Your Bike. Plus Food Printers And Coffee Bots” →

How-To: Mapping Server Hits With ESP8266 And WS2812

May 2, 2019 by Pedro Umbelino 17 Comments

It has never been easier to build displays for custom data visualization than it is right now. I just finished one for my office — as a security researcher I wanted a physical map that will show me from where on the planet my server is being attacked. But the same fabrication techniques, hardware, and network resources can be put to work for just about any other purpose. If you’re new to hardware, this is an easy to follow guide. If you’re new to server-side code, maybe you’ll find it equally interesting.

I used an ESP8266 module with a small 128×32 pixel OLED display connected via an SSD1306 controller. The map itself doesn’t have to be very accurate, roughly knowing the country would suffice, as it was more a decorative piece than a functional one. It’s a good excuse to put the 5 meter WS2812B LED strip I had on the shelf to use.

The project itself can be roughly divided into 3 parts:

Physical and hardware build
ESP8266 firmware
Server-side code

It’s a relatively simple build that one can do over a weekend. It mashes together LED strips, ESP8266 wifi, OLED displays, server-side code, python, geoip location, scapy, and so on… you know, fun stuff.

Continue reading “How-To: Mapping Server Hits With ESP8266 And WS2812” →

This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day

May 1, 2019 by Jonathan Bennett 33 Comments

Ah, Facebook. Only you could mess up email verification this badly, and still get a million people to hand over their email address passwords. Yes, you read that right, Facebook’s email verification scheme was to ask users for their email address and email account password. During the verification, Facebook automatically downloaded the account’s contact list, with no warning and no way to opt out.

The amount of terrible here is mind-boggling, but perhaps we need a new security rule-of-thumb for these kind of situations. Don’t ever give an online service the password to a different service. In order to make use of a password in this case, it’s necessary to handle it in plain-text. It’s not certain how long Facebook stored these passwords, but they also recently disclosed that they have been storing millions of Facebook and Instagram passwords in plain-text internally.

This isn’t the first time Facebook has been called out for serious privacy shenanigans, either: In early 2018 it was revealed that the Facebook Android app had been uploading phone call records without informing users. Mark Zuckerberg has recently outlined his plan to give Facebook a new focus on privacy. Time will tell whether any real change will occur.

Cyber Can Mean Anything

Have you noticed that “cyber” has become a meaningless buzz-word, particularly when used by the usual suspects? The Department of Energy released a report that contained a vague but interesting sounding description of an event: “Cyber event that causes interruptions of electrical system operations.” This was noticed by news outlets, and people have been speculating ever since. What is frustrating about this is the wide range of meaning covered by the term “cyber event”. Was it an actual attack? Was Trinity shutting down the power stations, or did an intern trip over a power cord?
Continue reading “This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day” →

KiCad Community Shines At First Ever KiCon

April 30, 2019 by Mike Szczys 22 Comments

Last weekend was KiCon, a gathering of hardware developers from all over the world who use KiCad open source EDA software. This included many of the software engineers who drive development, people who use KiCad in their business, and those who simply love it for being a professional quality tool available for anyone to use.

From hardware show-and-tell, to the lineup of talks, and the social events each evening, there was so much packed into two (plus) days. Join me after the break for a whirlwind tour of the people and the hardware found at 2019 KiCon.

Continue reading “KiCad Community Shines At First Ever KiCon” →

Ask Hackaday: Is USB Robust Enough?

April 29, 2019 by Mike Szczys 60 Comments

Earlier this month a single person pleaded guilty to taking down some computer labs at a college in New York. This was not done by hacking into them remotely, but by plugging a USB Killer in one machine at a time. This malicious act caused around $58,000 in damage to 66 machines, using a device designed to overload the data pins on the USB ports with high-voltage. Similar damage could have been done with a ball-peen hammer (albeit much less discreetly), and we’re not here to debate the merits of the USB Killer devices. If you destroy property you don’t own you should be held accountable.

But the event did bring an interesting question to mind. How robust are USB ports? The USB Killer — which we’ve covered off and on through the years — is billed as a “surge testing” device and operates by injecting -200 volts DC on the data lines of the USB connection. Many USB ports are not protected against this and the result is permanent damage to the computer hardware. Is protection for these levels of abuse necessary or would it needlessly add cost to our machines?

A chip like the TPD4S014 has ESD protection on the data lines that is rated up to +/- 1500 volts, clamping to ground to dissipate the energy. It’s a solution that should protect against repeated spikes on the data lines, as well as short circuits on the power lines and over/undervoltage situations.

The ADuM4160 is an interesting step up from this. It’s designed to provide isolation between a USB host and the device connected to it. Rather than relying on clamping, this chip implements isolation through air core transformers. Certainly this would be overkill to install in every product, but for those of use building and testing USB devices this would save you from “Oops, wrong USB cable” moments at the work bench.

Speaking of accidents at the bench, there is certainly a demand for USB isolation outside of what’s built into our computers. Earlier this year we saw a fantastic take on a properly-designed USB power strip. Among the goals were current limiting, undervoltage protection, and a proper power disconnect switch for each port. The very need to design your own reminds us that consumer manufacturers are often lazy in their USB design. “Use a USB hub” is bad advice for protection at the workbench since quality of design varies so wildly.

We would be interested in hearing from anyone who has insight on standards applying to equipment continuing to survive over current or over voltage events and remain functional. There are standards like UL-60950 that should apply to USB. But that standard includes language about failing safe for the operator, not necessarily remaining functional:

After abnormal operation or a single fault (see 1.4.14), the equipment shall remain safe for an OPERATOR in the meaning of this standard, but it is not required that the equipment should still be in full working order. It is permitted to use fusible links, THERMAL CUT-OUTS, overcurrent protection devices and the like to provide adequate protection.

So, we’re here to ask you, the readers of Hackaday. Are our USB devices robust enough? Do you have a go-to USB protection chip, part, or other circuit you like to use? Have you ever accidentally killed a USB host device (if so, how)? Do you have special equipment that you depend on when developing projects involving USB? Let us know what you think in the comments below.