The Atomic Pi: Is It Worth It?

June 6, 2019 by Brian Benchoff 140 Comments

Several months ago, a strange Kickstarter project from ‘Team IoT’ appeared that seemed too good to be true. The Atomic Pi was billed as a high-power alternative to the Raspberry Pi, and the specs are amazing. For thirty five American buckaroos, you get a single board computer with an Intel processor. You get 16 Gigs of eMMC Flash, more than enough for a basic Linux system and even a cut-down version of Windows 10. You have WiFi, you have Bluetooth, you have a real time clock, something so many of the other single board computers forget. The best part? It’s only thirty five dollars.

Naturally, people lost their minds. There are many challengers to the Raspberry Pi, but nothing so far can beat the Pi on both price and performance. Could the Atomic Pi be the single board computer that finally brings the folks from Cambridge to their knees? Is this the computer that will revolutionize STEM education, get on a postage stamp, and sell tens of millions of units?

No. The answer is no. While I’m not allowed to call the Atomic Pi “literal garbage” because our editors insist on the technicality that it’s “surplus” because they were purchased before they hit the trash cans, there will be no community built around this thirty five dollar single board computer. This is a piece of electronic flotsam that will go down in history right next to the Ouya console. There will be no new Atomic Pis made, and I highly doubt there will ever be any software updates. Come throw your money away on silicon, fiberglass and metal detritus! Or maybe you have a use for this thing. Meet the Atomic Pi!

Continue reading “The Atomic Pi: Is It Worth It?” →

Circuit VR: Resistance Measurement With Four Wires

June 5, 2019 by Al Williams 13 Comments

If you want to measure resistance and you know Ohm’s law, it seems like you have an easy answer, right? Feed a known current through the thing you want to measure and read the voltage required. A little math, and that’s it. Or is it? If you are measuring reasonably large resistance and you don’t mind small inaccuracies, sure. But for tiny measurements or highly accurate measurements, you’d be better off using the four-wire method. What’s more is, understanding why you want to use the four-wire method is a great example of using an understanding of electronics to find solutions to problems.
Continue reading “Circuit VR: Resistance Measurement With Four Wires” →

Hunting Replicants With The 2019 LayerOne Badge

June 4, 2019 by Roger Cheng 9 Comments

Blade Runner showed us a dystopian megatropolis vision of Los Angeles in the far-off future. What was a distant dream for the 1982 theater-goes (2019) is now our everyday. We know Los Angeles is not perpetually overcast, flying cars are not cruising those skies, and replicants are not hiding among the population. Or… are they?

The LayerOne conference takes place in greater Los Angeles and this year it adopted a Blade Runner theme in honor of that landmark film. My favorite part of the theme was the conference badge modeled after a Voight-Kampff machine. These were used in the film to distinguish replicants from humans, and that’s exactly what this badge does too. In the movies, replicants are tested by asking questions and monitoring their eyes for a reaction — this badge has an optional eye-recognition camera to deliver this effect. Let’s take a look!

Continue reading “Hunting Replicants With The 2019 LayerOne Badge” →

Disrupting Cell Biology Hack Chat With Incuvers

June 3, 2019 by Dan Maloney No comments

Join us on Wednesday 5 June 2019 at noon Pacific for the Disrupting Cell Biology Hack Chat with Incuvers!

A lot of today’s most successful tech companies have creation myths that include a garage in some suburban neighborhood where all the magic happened. Whether there was literally a garage is not the point; the fact that modest beginnings can lead to big things is. For medical instrument concern Incuvers, the garage was actually a biology lab at the University of Ottawa, and what became the company’s first product started as a simple incubator project consisting of a Styrofoam cooler, a space blanket, and a Soda Stream CO2 cylinder controlled by an Arduino.

From that humble prototype sprang more refined designs that eventually became marketable products, setting the fledgling company on a course to make a huge impact on the field of cell biology with innovative incubators, including one that can image cell growth in real time. What it takes to go from prototype to product has been a common theme in this year’s Hack Chats, and Noah, Sebastian, and David from Incuvers will drop by Wednesday to talk about that and more.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday June 5 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Repairdown: Disklavier DKC500RW Control Unit

June 3, 2019 by Tom Nardi 61 Comments

If you’ve been kind enough to accompany me on these regular hardware explorations, you’ve likely recognized a trend with regards to the gadgets that go under the knife. Generally speaking, the devices I take apart for your viewing pleasure come to us from the clearance rack of a big box retailer, the thrift store, or the always generous “AS-IS” section on eBay. There’s something of a cost-benefit analysis performed each time I pick up a piece of gear for dissection, and it probably won’t surprise you to find that the least expensive doggy in the window is usually the one that secures its fifteen minutes of Internet fame.

But this month I present to you, Good Reader, something a bit different. This time I’m not taking something apart just for the simple joy of seeing PCB laid bare. I’ve been given the task of repairing an expensive piece of antiquated oddball equipment because, quite frankly, nobody else wanted to do it. If we happen to find ourselves learning about its inner workings in the process, that’s just the cost of doing business with a Hackaday writer.

The situation as explained to me is that in the late 1990’s, my brother’s employer purchased a Yamaha Mark II XG “Baby Grand” piano for somewhere in the neighborhood of $20,000. This particular model was selected for its ability to play MIDI files from 3.5 inch floppy disks, complete with the rather ghostly effect of the keys moving by themselves. The idea was that you could set this piano up in your lobby with a floppy full of Barry Manilow’s greatest hits, and your establishment would instantly be dripping with automated class.

Unfortunately, about a month or so back, the piano’s Disklavier DKC500RW control unit stopped reading disks. The piano itself still worked, but now required a human to do the playing. Calls were made, but as you might expect, most repair centers politely declined around the time they heard the word “floppy” and anyone who stayed on the line quoted a price that simply wasn’t economical.

Before they resorted to hiring a pianist, perhaps a rare example of a human taking a robot’s job, my brother asked if he could remove the control unit and see if I could make any sense of it. So with that, let’s dig into this vintage piece of musical equipment and see what a five figure price tag got you at the turn of the millennium.

Continue reading “Repairdown: Disklavier DKC500RW Control Unit” →

Hackaday Links: June 2, 2019

June 2, 2019 by Brian Benchoff 17 Comments

The works of Shakespeare, Goethe, and Cervantes combined do not equal the genius of Rick And Morty. Actually, the word ‘genius’ is thrown around a bit too much these days. Rick and Morty has surpassed genius. This cartoon is sublime. It is beyond any art that could be created. Now, you might not have a high enough IQ to follow this, but Rick and Morty is, objectively, the best art that can be produced. It just draws upon so much; Rick’s drunken stammering is a cleverly hidden allusion to Dostoevsky’s Netochka Nezvanova, absolutely brilliantly providing the back-story to Rick’s character while never actually revealing anything. Now, you’re probably not smart enough to understand this, but Teenage Engineering is releasing a Rick and Morty Pocket Operator. Only the top percentages of IQs are going to understand this, but this is game-changing. Nothing like this has ever been done before.

The Microsoft IntelliMouse Explorer 3.0 is the high water mark of computer peripheral design. Originally released in 2003, the IntelliMouse Explorer 3.0 was an instant classic. The design is nearly two decades old, but it hasn’t aged a day. That said, mouse sensors have gotten better in the years since, and I believe the original tooling has long worn out. Production of the original IntelliMouse Explorer 3.0 stopped a long time ago. Microsoft tried to revive the IntelliMouse a few years ago using a ‘BlueTrack’ sensor that was ridiculed by the gaming community. Now Microsoft is reviving the IntelliMouse with a good sensor. The Pro IntelliMouse is on sale now for $60 USD.

It has come to my attention that wooden RFID cards exist. This shouldn’t come as a surprise to anyone because wood veneer exists, thin coils of wire exist, and glue exists. That said, if you’re looking for an RFID card you can throw in the laser cutter for engraving, or you just want that special, home-made touch, you can get a wooden RFID card.

Lego has just released an Apollo Lunar Lander set, number 10266. It’s 1087 pieces and costs $99. This is a full-scale (or minifig-scale, whatever) Apollo LEM, with an ascent module detachable from the descent module. Two minifigs fit comfortably inside. Previously, the only full-scale (or, again, minifig-scale) Apollo LEM set was 10029, a Lego Discovery kit from 2003 (original retail price $39.99). Set 10029 saw a limited release and has since become a collectible: the current value for a new kit is $336. The annualized ROI of Lego set 10029-1 is 13.69%, making this new Apollo LEM set a very attractive investment vehicle. I’m going to say this one more time: Lego sets, and especially minifigs, are one of the best long-term investments you can make.

A Weinermobile is for sale on Craigslist. Actually, it’s not, because this was just a prank posted by someone’s friends. Oh, I wish I had an Oscar Mayer Weinermobile.

Rumors are swirling that Apple will release a new Mac Pro at WWDC this week. Say what you will about Apple, but people who do audio and video really, really like Apple, and they need machines with fast processors and good graphics cards. Apple, unfortunately, doesn’t build that anymore. The last good expandable mac was the cheese grater tower, retired in 2013 for the trash can pro. Will Apple manage to build a machine that can hold a video card? We’ll find out this week.

This Week In Security: Baltimore, MacOS Zipfile Security, And App Store Monopolies

May 31, 2019 by Jonathan Bennett 13 Comments

Baltimore. The city was breached, crippled and held for ransom. The ransomware attack was discovered on May 7th, shutting down a major portion of the city’s infrastructure. The latest news is that an NSA-written tool, EternalBlue, is responsible for the attack. Except maybe it isn’t? First off, digging back through the history of an attack is challenging. It’s often hard to determine the initial attack vector with certainty.

The “initial attack vector” is the patient zero of the attack — how the first machine was compromised. An organization generally has a firewall separating the outside internet from the internal network. Once an attacker has found a way to access a machine inside the network, the separation is not nearly so strict. This takes many forms, but the most common is phishing. Close contenders are RDP and SMB (Remote Desktop and Windows File Sharing). A report at Ars Technica indicates that the initial vector into the Baltimore network was a phishing email.

The second step to consider is what’s called “lateral movement”, which describes an attacker using the compromised machine to target other machines in the organization. Often an attacker will have an entire toolkit of exploits to attempt to compromise other machines. One of the exploits used in this case was the same exploit contained in the NSA tool, EternalBlue. A clever program called psexec is usually part of any lateral movement campaign. While the exploit associated with EternalBlue was probably used to compromise a few of the machines on the Baltimore network, placing all the blame on the shoulders of the NSA is missing the point. The tool is only a small part of this attack.

MacOS and NFS Shares Inside Zipfiles

MacOS has a sometimes irritating feature, Gatekeeper, that only allows running signed binaries by default. The point of Gatekeeper is to prevent a user from running a malicious binary that has been downloaded from the internet. While it is sometimes an annoyance, it is helpful for some users. [Filippo Cavallarin] announced an exploit that completely bypasses Gatekeeper on the 24th. This exploit takes advantage of the fact that Gatekeeper considers network shares to be trustworthy, and doesn’t run the normal check before executing a binary located there. While interesting, this isn’t useful unless there is a way for an attacker to mount a malicious location as a network share. Enter the Mac’s ability to automatically mount network locations through the use of the /net path. The last piece of this puzzle is the fact that zip files can contain symbolic links. A zip file can be built with a link to the /net location, automounting an arbitrary NFS location. If binary files are located in this location, the OS will happily allow the user to execute those binaries whether signed or not.

This exploit may not be the most serious of the year, but it’s still a problem that needs fixing. [Filippo] contacted Apple back in February and disclosed the problem, even getting an assurance that they would fix it within 90 days. 90 days have passed, and Apple has begun ignoring his emails, so he has made the announcement and published steps to reproduce on his website.

There has been discussion in the comments of this column about vulnerability disclosure and publishing proof of concept code. This is a perfect example of why researchers publish their work. As far as [Filippo] knows, Apple has no intention of fixing the issue he discovered. He also has no reason to believe that no one else has stumbled on this discovery before he did. We mentioned EternalBlue above. The NSA discovered the SMB vulnerability that exploit targeted and used it silently for up to five years before it was stolen and finally disclosed to Microsoft and fixed. Make no mistake, public disclosures and proof of concepts get vulnerabilities fixed. For any given vulnerability, there is no guarantee that someone else hasn’t already found it.

Just a Little Document Leak

OK, maybe not so little. A Fortune 500 company, First American, managed to host millions of private documents in an accessible format. Imagine you upload a document to a company, and get a confirmation link that looks like “test.com/documents.php?id=0252234”. If you’re like me, you’re very curious what is at id=0252233. [Ben Shoval] is a real estate developer who apparently also wanted to know the answer to that question. To his surprise, millions of uploaded documents were available for anyone to view. He tried reaching out to First American, and when there was no response to his emails, he forwarded his findings on to Krebs on Security. After what was likely years of exposure, the database was finally taken offline Friday the 24th.

Walled Garden Monopolies

Staying on the Apple train, the App Store is pretty obviously a monopoly. Someone has finally asked whether it’s an illegal monopoly. As most of these questions go, it’ll take a drawn out court battle to decide. How is this security news? If the court finds that Apple has been violating antitrust laws, one possible remediation is to allow alternative app stores. While there is always the potential for a high quality alternative store like F-droid, sketchy app stores and downloaded are a real possibility. On the other hand, it would be nice to have an iOS app store that is compatible with the GPL.