Hackaday Links: July 11, 2021

July 11, 2021 by Dan Maloney 5 Comments

Well, at least the acronym will stay the same. It looks like black is the new blue for Windows 11, as the BSOD screen gets its first makeover in years. It’s an admittedly minor change, since the on-screen text is virtually identical to the BSOD from recent versions of Windows 10, and the new death-knell even sports the same frowny-face emoji and QR code. Really, the white-on-black color scheme is the only major difference we can see — even the acronym will stay the same. It’s not really that newsworthy, we suppose, although it does make us miss the extremely busy BSODs from back in the Windows NT days.

As the semiconductor shortage continues, manufacturers are getting desperate to procure the parts they need to make their products. And if there’s one thing as certain as death and taxes, it’s that desperation provides opportunity to criminals. A thread over on EEVBlog details an encounter one company had with an alleged scammer, who sent an unsolicited offer to them for a large number of ordinarily hard-to-find microprocessors at a good price. Wisely, the company explored the offer in some depth and found that “Brian” (the representative who contacted them) is actually named Nick Martin and, according to an article on the Electronic Resellers Association International (ERAI) website, is apparently associated with a number of fraudulent operations. Their list of allegedly fraudulent deals made by Mr. Martin stretches back to 2018 and totals over $300,000 of ill-gotten gain.

Last year, friend-of-Hackaday and laser artist Seb Lee-Delisle spent a lot of time and effort getting together an amazing interactive laser light show for the night skies of cities in the UK. Laser Light City, with powerful lasers mounted on the tops of tall buildings, was a smashing success that brought a little cheer into what was an otherwise dreadful time. But we have to admit that the videos and other materials covering Laser Light City left us wanting more — something like that, with a far-flung installation on rooftops and the ability for audience members to control it all from their phone, really needs a deeper “how it works” treatment. Thankfully, Seb has released a video that dives into the nuts and bolts of the show, including a look at ludicrously powerful lasers with beams that can still be seen in broad daylight.

Continue reading “Hackaday Links: July 11, 2021” →

Hackaday Links: July 4, 2021

July 4, 2021 by Dan Maloney 9 Comments

With rescue and recovery efforts at the horrific condo collapse in Florida this week still underway, we noted with interest some of the technology being employed on the site. Chief among these was a contribution of the Israeli Defense Force (IDF), whose secretive Unit 9900 unveiled a 3D imaging system to help locate victims trapped in the rubble. The pictures look very much like the 3D “extrusions” that show up on Google Maps when you zoom into a satellite view and change the angle, but they were obviously built up from very recent aerial or satellite photos that show the damage to the building. The idea is to map where parts of the building — and unfortunately, the building’s occupants — ended up in the rubble pile, allowing responders to concentrate their efforts on the areas most likely to hold victims. The technology, which was developed for precision targeting of military targets, has apparently already located several voids in the debris that weren’t obvious to rescue teams. Here’s hoping that the system pays off, and that we get to learn a little about how it works.

Radio enthusiasts, take note: your hobby may just run you afoul of authorities if you’re not careful. That seems to be the case for one Stanislav Stetsenko, a resident of Crimea who was arrested on suspicion of treason this week. Video of the arrest was posted which shows the equipment Stetsenko allegedly used to track Russian military aircraft on behalf of Ukraine: several SDR dongles, a very dusty laptop running Airspy SDR#, an ICOM IC-R6 portable communications receiver, and various maps and charts. In short, it pretty much looks like what I can see on my own desk right now. We know little of the politics around this, but it does give one pause to consider how non-technical people view those with technical hobbies.

If you could choose a superpower to suddenly have, it really would take some careful consideration. Sure, it would be handy to shoot spider webs or burst into flames, but the whole idea of some kind of goo shooting out of your wrists seems gross, and what a nuisance to have to keep buying new clothes after every burn. Maybe just teaching yourself a new sense, like echolocation, would be a better place to start. And as it turns out, it’s not only possible for humans to echolocate, but it’s actually not that hard to learn. Researchers used a group of blind and sighted people for the test, ranging in age from 21 to 79 years, and put them through a 10-week training program to learn click-based echolocation. After getting the basics of making the clicks and listening for the returns in an anechoic chamber, participants ran through a series of tasks, like size and orientation discrimination of objects, and virtual navigation. The newly minted echolocators were also allowed out into the real world to test their skills. Three months after the study, the blind participants had mostly retained their new skill, and most of them were still using it and reported that it had improved their quality of life.

As with everything else he’s involved with, Elon Musk has drawn a lot of criticism for his Starlink satellite-based internet service. The growing constellation of satellites bothers astronomers, terrestrial ISPs are worried the service will kill their business model, and the beta version of the Starlink dish has been shown to be flakey in the summer heat. But it’s on equipment cost where Musk has taken the most flak, which seems unfair as the teardowns we’ve seen clearly show that the phased-array antenna in the Starlink dish is being sold for less than it costs to build. But still, Musk is assuring the world that Starlink home terminals will get down in the $250 to $300 range soon, and that the system could have 500,000 users within a year. There were a couple of other interesting insights, such as where Musk sees Starlink relative to 5G, and how he’s positioning Starlink to provide backhaul services to cellular companies.

Well, this is embarrassing. Last week, we mentioned that certain unlucky users of an obsolete but still popular NAS device found that their data had disappeared, apparently due to malefactors accessing the device over the internet and forcing a factory reset. Since this seems like something that should require entering a password, someone took a look at the PHP script for the factory restore function and found that a developer had commented out the very lines that would have performed the authentication:

    function get($urlPath, $queryParams=null, $ouputFormat='xml'){
//        if(!authenticateAsOwner($queryParams))
//        {
//            header("HTTP/1.0 401 Unauthorized");
//            return;
//        }

It’s not clear when the PHP script was updated, but support for MyBook Live was dropped in 2015, so this could have been a really old change. Still, it was all the hacker needed to get in and wreak havoc; interestingly, the latest attack may be a reaction to a three-year-old exploit that turned many of these devices into a botnet. Could this be a case of hacker vs. hacker?

Hackaday Links: June 27, 2021

June 27, 2021 by Dan Maloney 24 Comments

When asked why he robbed banks, career criminal Willie Sutton is reported to have said, “Because that’s where the money is.” It turns out that a reporter made up the quote, but it’s a truism that offers by extension insight into why ATMs and point-of-sale terminals are such a fat target for criminals today. There’s something far more valuable to be taken from ATMs than cash, though — data, in the form of credit and debit card numbers. And taking a look at some of the hardware used by criminals to get this information reveals some pretty sophisticated engineering. We’d heard of ATM “skimmers” before, but never the related “shimmers” that are now popping up, at least according to this interesting article on Krebs.

While skimmers target the magnetic stripe on the back of a card, simmers are aimed at reading the data from card chips instead. Shimmers are usually built on flex PCBs and are inserted into the card slot, where traces on the device make contact with the chip reader contacts. The article describes a sophisticated version of shimmer that steals power from the ATM itself, rather than requiring a separate battery. The shimmer sits inside the card slot, completely invisible to external inspection (sorry, Tom), and performs what amounts to man-in-the-middle attacks. Card numbers are either stored on the flash and read after the device is retrieved, or are read over a Bluetooth connection; PINs are stolen with the traditional hidden camera method. While we certainly don’t condone criminal behavior, sometimes you just can’t help but admire the ingenuity thieves apply to their craft.

In a bit of foreshadowing into how weird 2020 was going to be, back in January of that year we mentioned reports of swarms of mysterious UAVs moving in formation at night across the midwest United States. We never heard much else about this — attention shifted to other matters shortly thereafter — but now there are reports out of Arizona of a “super-drone” that can outrun law enforcement helicopters. The incidents allegedly occurred early this year, when a Border Patrol helicopter pilot reported almost colliding with a large unmanned aerial system (UAS) over Tucson, and then engaged them in a 70-mile chase at speeds over 100 knots. The chase was joined by a Tucson police helicopter, with the UAS reaching altitudes of 14,000 feet at one point. The pilots didn’t manage to get a good look at it, describing it only as having a single green light on its underside. The range on the drone was notable; the helicopter pilots hoped to exhaust its batteries and force it to land or return to base, but they themselves ran out of fuel long before the drone quit. We have to admit that we find it a little fishy that there’s apparently no photographic evidence to back this up, especially since law enforcement helicopters are fairly bristling with sensors, camera, and spotlights.

When is a backup not a backup? Apparently, when it’s an iCloud backup. At least that’s the experience of one iCloud user, who uses a long Twitter thread to vent about the loss of many years of drawings, sketches, and assorted files. The user, Erin Sparling, admits their situation is an edge case — he had been using an iPad to make sketches for years, backing everything up to an iCloud account. When he erased the iPad to loan it to a family member for use during the pandemic, he thought he’s be able to restore the drawings from his backups, but alas, more than six months had passed before he purchased a new iPad. Apparently iCloud just up and deletes everythign if you haven’t used the account in six months — ouch! We imagine that important little detail was somehere in the EULA fine print, but while that’s not going to help Erin, it may help you.

And less the Apple pitchfork crowd think that this is something only Cupertino could think up, know that some Western Digital external hard drive users are crying into their beer too, after a mass wiping of an unknown number of drives. The problem impacts users of the WD My Book Live storage devices, which as basically network attached storage (NAS) devices with a cloud-based interface. The data on these external drives is stored locally, but the cloud interface lets you configure the device and access the data from anywhere. You and apparently some random “threat actors”, as WD is calling them, who seem to have gotten into some devices and performed a factory reset. While we feel for the affected users, it is worth noting that WD dropped support for these devices in 2015; six years without patching makes a mighty stable codebase for attackers to work on. WD is recommending that users disconnect these devices from the internet ASAP, and while that seems like solid advice, we can think of like half a dozen other things that need to get done to secure the files that have accumulated on these things.

And finally, because we feel like we need a little palate cleanser after all that, we present this 3D-printed goat helmet for your approval. For whatever reason, the wee goat pictured was born with a hole in its skull, and some helpful humans decided to help the critter out with TPU headgear. Yes, the first picture looks like the helmet was poorly Photoshopped onto the goat, but scroll through the pics and you’ll see it’s really there. The goat looks resplendent in its new chapeau, and seems to be getting along fine in life so far. Here’s hoping that the hole in its skull fills in, but if it doesn’t, at least they can quickly print a new one as it grows.

Hackaday Links: June 20, 2021

June 20, 2021 by Dan Maloney 15 Comments

The hits just keep coming for Elon Musk, as this week Starlink users reported their new satellite dishes apparently can’t take the heat. Granted, the places these reports are coming from are really, really hot, like Topock, Arizona, where one Starlink beta tester is located and where the air temperature is expected to hit 123°F (50°C) on Saturday. One user contacted Starlink customer service and was told that Dishy McFlatface is programmed to shut down if the surface temperature exceeds 50°C, which even in non-Arizona locations would be easily exceeded on a rooftop or in an urban heat island. Users experiencing thermal shutdown are taking extreme measures to get back online in the heat of the day, like by setting up sprinklers to water-cool their dishes. Others are building solar shades, and one die-hard is even considering putting the dish on an antenna tower, to get it up into the relatively cooler air above the ground. But these are just workarounds, and according to the engineer who did the Starlink teardown we featured a while back, the permanent fix may just be to redesign the thermal management. In other words, this isn’t likely to be another one of those problems that gets fixed with an OTA software push. Which is probably to be expected for something that’s still in the “Better than Nothing Beta” release.

We’ve all heard that AI and robots are going to replace pretty much every job at some point, but if one customer’s experience with an AI drive-through window is any gauge, it might take quite a while to get there. In a video posted on TikTok (we know, we know), a customer at a Chicago-area McDonald’s showed that the fast-food giant put exactly zero effort into making the experience anything but engaging. The synthesized voice is creepy, and evokes all the wrong kinds of feelings, like the ones you get when you’re forced to use a voice-response system to get through “voice mail jail”. At least in those cases, the voice at least sounds semi-apologetic when it can’t understand what you’ve said. After listening to it once, we’d much rather have a real human, even if it is a surly teen. This seems like a missed opportunity by McDonald’s, which probably has the resources to put a little humanity into their AI.

A while back, we dropped a link about satellites made largely of wood. At the time it seemed interesting if a bit self-serving, since the effort was largely backed by a large Finnish plywood company. And while that aspect of the project hasn’t changed, we’ve now got a better idea of how the WISA Woodsat is put together, and what it will do once it flies later this year. To be clear, the 1U CubeSat is not 100% wood, which of course would make including any electronics problematic. Instead, the side and top panels of the satellite are made from plywood, which are attached to aluminum rails that integrate with the launcher on the mothership. There’s also a metal pantograph-style selfie-stick, because pics or it didn’t happen. The interesting bit is the pre-treatment of the birch plywood, which is dried in a thermal vacuum chamber to prevent outgassing in space. Additionally, the exterior surface of the wood panels was covered with a thin layer of aluminum oxide, to give the surface a chance against highly reactive atomic oxygen. There will be sensors inside the satellite to see if any outgassing occurs, so we could actually get some valuable data about using wood in satellites out of what otherwise could have been just a publicity stunt.

As our long global nightmare appears to be playing out its endgame, and as the world begins to reopen itself to normal pursuits, it’s nice to see that some cons and meetups are actually returning to meatspace. One such event will be BornHack 2021, that week-long campout in a Danish forest with hundreds of like-minded hackers, tinkerers, and artists. The Call for Participation deadline has been extended to July 1, which gives you just a little more time to consider giving a presentation. We’ve heard Jenny List speak glowingly of BornHack, and it actually looks like a lot of fun.

And finally, it’s said that one can never include too many comments when writing code. Not everyone feels that way, of course; I once had a co-worker complain that I commented my code too much, which of course meant that I redoubled my efforts to make sure I had as many comments as possible. That meant I often ran out of ideas for pithy, pertinent, and gratuitous comments to sprinkle into my code. It’s a shame What The Commit didn’t exist back then. Just click the link and you’ll get a fresh, auto-generated comment ready to copy into your commits or embed in your code. Have fun!

Hackaday Links: June 13, 2021

June 13, 2021 by Dan Maloney 6 Comments

When someone offers to write you a check for $5 billion for your company, it seems like a good idea to take it. But in the world of corporate acquisitions and mergers, that’s not always the case, as Altium proved this week when they rebuffed a A$38.50 per share offer from Autodesk. Altium Ltd., the Australian company whose flagship Altium Designer suite is used by PCB and electronic designers around the world, said that the Autodesk offer “significantly undervalues” Altium, despite the fact that it represents a 42% premium of the company’s share price at the end of last week. Altium’s rejection doesn’t close the door on ha deal with Autodesk, or any other comers who present a better offer, which means that whatever happens, changes are likely in the EDA world soon.

There were reports this week of a massive explosion and fire at a Chinese polysilicon plant — sort of. A number of cell phone videos have popped up on YouTube and elsewhere that purport to show the dramatic events unfolding at a plant in Xinjiang province, with one trade publication for the photovoltaic industry reporting that it happened at the Hoshine Silicon “997 siloxane” packing facility. They further reported that the fire was brought under control after about ten hours of effort by firefighters, and that the cause is under investigation. The odd thing is that we can’t find a single mention of the incident in any of the mainstream media outlets, even five full days after it purportedly happened. We’d have figured the media would have been all over this, and linking it to the ongoing semiconductor shortage, perhaps erroneously since the damage appears to be limited to organic silicone production as opposed to metallic silicon. But the company does supply something like 17% of the world’s supply of silicon metal, so anything that could potentially disrupt that should be pretty big news.

It’s always fun to see “one of our own” take a project from idea to product, and we like to celebrate such successes when they come along. And so it was great to see the battery-free bicycle tire pressure sensor that Hackaday.io user CaptMcAllister has been working on make it to the crowdfunding stage. The sensor is dubbed the PSIcle, and it attaches directly to the valve stem on a bike tire. The 5-gram sensor has an NFC chip, a MEMS pressure sensor, and a loop antenna. The neat thing about this is the injection molding process, which basically pots the electronics in EDPM while leaving a cavity for the air to reach the sensor. The whole thing is powered by the NFC radio in a smartphone, so you just hold your phone up to the sensor to get a reading. Check out the Kickstarter for more details, and congratulations to CaptMcAllister!

We’re saddened to learn of the passing of Dale Heatherington last week. While the name might not ring a bell, the name of his business partner Dennis Hayes probably does, as together they founded Hayes Microcomputer Products, makers of the world’s first modems specifically for the personal computer market. Dale was the technical guru of the partnership, and it’s said that he’s the one who came up with the famous “AT-command set”. Heatherington only stayed with Hayes for seven years or so before taking his a $20 million share of the company and retiring, which of course meant more time and resources to devote to tinkering with everything from ham radio to battle bots. ATH0, Dale.

Hackaday Links: June 6, 2021

June 6, 2021 by Dan Maloney 12 Comments

There are a bunch of newly minted millionaires this week, after it was announced that Stack OverFlow would be acquired for $1.8 billion by European tech investment firm Prosus. While not exactly a household name, Prosus is a big player in the Chinese tech scene, where it has about a 30% stake in Chinese internet company Tencent. They trimmed their holdings in the company a bit recently, raising $15 billion in cash, which we assume will be used to fund the SO purchase. As with all such changes, there’s considerable angst out in the community about how this could impact everyone’s favorite coding help site. The SO leadership are all adamant that nothing will change, but only time will tell.

Continue reading “Hackaday Links: June 6, 2021” →

Hackaday Links: May 30, 2021

May 30, 2021 by Dan Maloney 19 Comments

That collective “Phew!” you heard this week was probably everyone on the Mars Ingenuity helicopter team letting out a sigh of relief while watching telemetry from the sixth and somewhat shaky flight of the UAV above Jezero crater. With Ingenuity now in an “operations demonstration” phase, the sixth flight was to stretch the limits of what the craft can do and learn how it can be used to scout out potential sites to explore for its robot buddy on the surface, Perseverance.

While the aircraft was performing its 150 m move to the southwest, the stream from the downward-looking navigation camera dropped a single frame. By itself, that wouldn’t have been so bad, but the glitch caused subsequent frames to come in with the wrong timestamps. This apparently confused the hell out of the flight controller, which commanded some pretty dramatic moves in the roll and pitch axes — up to 20° off normal. Thankfully, the flight controller was designed to handle just such an anomaly, and the aircraft was able to land safely within five meters of its planned touchdown. As pilots say, any landing you can walk away from is a good landing, so we’ll chalk this one up as a win for the Ingenuity team, who we’re sure are busily writing code to prevent this from happening again.

If wobbling UAVs on another planet aren’t enough cringe for you, how about a blind mechanical demi-ostrich drunk-walking up and down a flight of stairs? The work comes from the Oregon State University and Agility Robotics, and the robot in question is called Cassie, an autonomous bipedal bot with a curious, bird-like gait. Without cameras or lidar for this test, the robot relied on proprioception, which detects the angle of joints and the feedback from motors when the robot touches a solid surface. And for ten tries up and down the stairs, Cassie did pretty well — she only failed twice, with only one counting as a face-plant, if indeed she had a face. We noticed that the robot often did that little move where you misjudge the step and land with the instep of your foot hanging over the tread; that one always has us grabbing for the handrail, but Cassie was able to power through it every time. The paper describing how Cassie was trained is pretty interesting — too bad ED-209’s designers couldn’t have read it.

So this is what it has come to: NVIDIA is now purposely crippling its flagship GPU cards to make them less attractive to cryptocurrency miners. The LHR, or “Lite Hash Rate” cards include new-manufactured GeForce RTX 3080, 3070, and 3060 Ti cards, which will now have reduced Ethereum hash rates baked into the chip from the factory. When we first heard about this a few months ago, we puzzled a bit — why would a GPU card manufacturer care how its cards are used, especially if they’re selling a ton of them. But it makes sense that NVIDIA would like to protect their brand with their core demographic — gamers — and having miners snarf up all the cards and leaving none for gamers is probably a bad practice. So while it makes sense, we’ll have to wait and see how the semi-lobotomized cards are received by the market, and how the changes impact other non-standard uses for them, like weather modeling and genetic analysis.

Speaking of crypto, we found it interesting that police in the UK accidentally found a Bitcoin mine this week while searching for an illegal cannabis growing operation. It turns out that something that uses a lot of electricity, gives off a lot of heat, and has people going in and out of a small storage unit at all hours of the day and night usually is a cannabis farm, but in this case it turned out to be about 100 Antminer S9s set up on janky looking shelves. The whole rig was confiscated and hauled away; while Bitcoin mining is not illegal in the UK, stealing the electricity to run the mine is, which the miners allegedly did.

And finally, we have no idea what useful purpose this information serves, but we do know that it’s vitally important to relate to our dear readers that yellow LEDs change color when immersed in liquid nitrogen. There’s obviously some deep principle of quantum mechanics at play here, and we’re sure someone will adequately explain it in the comments. But for now, it’s just a super interesting phenomenon that has us keen to buy some liquid nitrogen to try out. Or maybe dry ice — that’s a lot easier to source.