Hackaday Links: July 25, 2021

July 25, 2021 by Dan Maloney 10 Comments

Everyone makes mistakes in their job, but very few of us get the chance to make a one-character mistake with the potential to brick millions of devices. But that’s what happened to a hapless Google developer, who made an understandable typo in the ChromeOS code that ended up making it all the way to production. The error, which was in the OS encryption keys vault, was supposed to include the “&&” operator for a logical AND. The developer instead used a single ampersand, which broke the who conditional statement. This meant the OS evaluated even correct passwords as invalid, leaving users locked out of their Chromebooks. To be fair to the developer there should be a lot of QA steps between that typo and production, but it still has to sting.

Speaking of whoopsies, sometimes it just doesn’t pay to be right on the internet. It started when a player of the popular tank battle simulator “War Thunder” took issue with the in-game 3D model of the British Challenger 2 main battle tank. The player argued that the model was inaccurate to the point of affecting gameplay, and thought the model should be changed to make things more realistic. There seemed to be some basis for this, as the player claimed to have been a Challenger 2 commander and gunnery instructor. What’s more, like any good Netizen, the player cited sources to back up the claims, including excerpts from the official Challenger 2 instruction manual. Players on the War Thunder forum flagged this as likely classified material, but the player insisted that it wasn’t — right up to the point where the UK Ministry of Defence said, “Not so fast.” It turns out that the manual hasn’t been declassified, and that releasing the material potentially runs afoul of the Official Secrets Act, which carries with it up to 14 years detention at Her Majesty’s pleasure.

For fans of pinball, the announcement that the Museum of Pinball in Banning, California is closing its doors for good is probably a mix of good news and bad. It’s obviously bad news for any museum to close, especially one that curates collections from popular culture. And there’s no denying that pinball has been a big part of that culture, and that the machines themselves are often works of electromechanical art. But it appears that the museum just couldn’t make a go of it, and now its cavernous space will be sold off to a cannabis grower. But the sad news is tempered by the potential for private collectors and other pinball aficionados to score one of the estimated 1,100 pins the museum now needs to find a home for. We’ve never been to the museum, so it’s hard to say what kinds of machines they have and how collectible they are, but regardless, the market is about to be flooded. If you’re nearby, you might want to take a chance to see and play some of these machines one last time, before they get shipped off to private game rooms around the world.

And finally, exciting news from Hackaday superfriend Fran Blanche, who will soon tick an item off her bucket list with a zero-G ride on “G-Force 1”. Not to be confused with its military cousin the “Vomit Comet”, the weightlessness-simulating aircraft will afford Fran a total of about five minutes of free-fall when she takes the ride in a couple of months. There will also be periods of the flight that will simulate the gravity on both the Moon and Mars, so Fran has promised some Matt Damon mythbusting and Buzz Aldrin moonbouncing. And always one to share, Fran will bring along a professional video crew, so she can concentrate on the experience rather than filming it. We’ve actually scheduled Fran for a Hack Chat in August, to talk about the flight and some of her other cool goings-on, so watch out for that.

Hackaday Links: July 18, 2021

July 18, 2021 by Dan Maloney 12 Comments

Tell the world that something is in short supply, and you can bet that people will start reacting to that news in the ways that make the most sense to them — remember the toilet paper shortage? It’s the same with the ongoing semiconductor pinch, except that since the item in short supply is (arguably) more valuable than toilet paper, the behavior and the risks people are willing to take around it are even more extreme. Sure, we’ve seen chip hoarding, and a marked rise in counterfeit chips. But we’d imagine that this is the first time we’ve seen chip smuggling quite like this. The smuggler was caught at the Hong Kong-Macao border with 256 Core i7 and i9 processors, valued at about $123,000, strapped to his legs and chest. It reminds us more of “Midnight Express”-style heroin smuggling, although we have to say we love the fact that this guy chose a power of 2 when strapping these babies on.

Speaking of big money, let’s say you’ve pulled off a few chip heists without getting caught, and have retired from the smuggling business. What is one to do with the ill-gotten gains? Apparently, there’s a big boom in artifacts from the early days of console gaming, so you might want to start spreading some money around there. But you’d better prepare to smuggle a lot of chips: last week, an unopened Legend of Zelda cartridge for the NES sold for $870,000 at auction. Not to be outdone, two days later someone actually paid $1.56 million for a Super Mario 64 cartridge, this time apparently still in the tamperproof container that displayed it on a shelf somewhere in 1996. Nostalgia can be an expensive drug.

And it’s not just video games that are commanding high prices these days. If you’ve got a spare quarter million or so, why not bid on this real Apollo Guidance Computer and DSKY? The AGC is a non-flown machine that was installed in LTA-8, the “lunar test article” version of the Landing Module (LM) that was used for vacuum testing. If the photos in the auction listing seem familiar, it’s with good reason: this is the same AGC that was restored to operating condition by Carl Claunch, Mike Stewart, Ken Shiriff, and Marc Verdiell. Sotheby’s estimates the value at $200,000 to $300,000; in a world of billionaire megalomaniacs with dreams of space empires, we wouldn’t be surprised if a working AGC went for much, much more than that.

Meanwhile, current day space exploration is going swimmingly. Just this week NASA got the Hubble Space Telescope back online, which is great news for astronomers. And on Mars, the Ingenuity helicopter just keeps on delivering during its “operations demonstration” mission. Originally just supposed to be a technology demonstration, Ingenuity has proven to be a useful companion to the Perseverance rover, scouting out locations of interest to explore or areas of hazard to avoid. On the helicopter’s recent ninth flight, it scouted a dune field for the team, providing photographs that showed the area would be too dangerous for the rover to cross. The rover’s on-board navigation system isn’t great at seeing sand dunes, so Ingenuity’s images are a real boon to mission planners, not to mention geologists and astrobiologists, who are seeing promising areas of the ancient lakebed to explore.

And finally, most of us know all too well how audio feedback works, and all the occasions to avoid it. But what about video feedback? What happens when you point a camera that a screen displaying the image from the camera? Fractals are what happens, or at least something that looks a lot like fractals. Code Parade has been playing with what he calls “analog fractals”, which are generated just by video feedback and not by computational means. While he’d prefer to do this old school with analog video equipment, it easy enough to replicate on a computer; he even has a web page that lets you arrange a series of virtual monitors on your screen. Point a webcam at the screen, and you’re off on a fractal journey that constantly changes and shifts. Give it a try.

Hackaday Links: July 11, 2021

July 11, 2021 by Dan Maloney 5 Comments

Well, at least the acronym will stay the same. It looks like black is the new blue for Windows 11, as the BSOD screen gets its first makeover in years. It’s an admittedly minor change, since the on-screen text is virtually identical to the BSOD from recent versions of Windows 10, and the new death-knell even sports the same frowny-face emoji and QR code. Really, the white-on-black color scheme is the only major difference we can see — even the acronym will stay the same. It’s not really that newsworthy, we suppose, although it does make us miss the extremely busy BSODs from back in the Windows NT days.

As the semiconductor shortage continues, manufacturers are getting desperate to procure the parts they need to make their products. And if there’s one thing as certain as death and taxes, it’s that desperation provides opportunity to criminals. A thread over on EEVBlog details an encounter one company had with an alleged scammer, who sent an unsolicited offer to them for a large number of ordinarily hard-to-find microprocessors at a good price. Wisely, the company explored the offer in some depth and found that “Brian” (the representative who contacted them) is actually named Nick Martin and, according to an article on the Electronic Resellers Association International (ERAI) website, is apparently associated with a number of fraudulent operations. Their list of allegedly fraudulent deals made by Mr. Martin stretches back to 2018 and totals over $300,000 of ill-gotten gain.

Last year, friend-of-Hackaday and laser artist Seb Lee-Delisle spent a lot of time and effort getting together an amazing interactive laser light show for the night skies of cities in the UK. Laser Light City, with powerful lasers mounted on the tops of tall buildings, was a smashing success that brought a little cheer into what was an otherwise dreadful time. But we have to admit that the videos and other materials covering Laser Light City left us wanting more — something like that, with a far-flung installation on rooftops and the ability for audience members to control it all from their phone, really needs a deeper “how it works” treatment. Thankfully, Seb has released a video that dives into the nuts and bolts of the show, including a look at ludicrously powerful lasers with beams that can still be seen in broad daylight.

Continue reading “Hackaday Links: July 11, 2021” →

Hackaday Links: July 4, 2021

July 4, 2021 by Dan Maloney 9 Comments

With rescue and recovery efforts at the horrific condo collapse in Florida this week still underway, we noted with interest some of the technology being employed on the site. Chief among these was a contribution of the Israeli Defense Force (IDF), whose secretive Unit 9900 unveiled a 3D imaging system to help locate victims trapped in the rubble. The pictures look very much like the 3D “extrusions” that show up on Google Maps when you zoom into a satellite view and change the angle, but they were obviously built up from very recent aerial or satellite photos that show the damage to the building. The idea is to map where parts of the building — and unfortunately, the building’s occupants — ended up in the rubble pile, allowing responders to concentrate their efforts on the areas most likely to hold victims. The technology, which was developed for precision targeting of military targets, has apparently already located several voids in the debris that weren’t obvious to rescue teams. Here’s hoping that the system pays off, and that we get to learn a little about how it works.

Radio enthusiasts, take note: your hobby may just run you afoul of authorities if you’re not careful. That seems to be the case for one Stanislav Stetsenko, a resident of Crimea who was arrested on suspicion of treason this week. Video of the arrest was posted which shows the equipment Stetsenko allegedly used to track Russian military aircraft on behalf of Ukraine: several SDR dongles, a very dusty laptop running Airspy SDR#, an ICOM IC-R6 portable communications receiver, and various maps and charts. In short, it pretty much looks like what I can see on my own desk right now. We know little of the politics around this, but it does give one pause to consider how non-technical people view those with technical hobbies.

If you could choose a superpower to suddenly have, it really would take some careful consideration. Sure, it would be handy to shoot spider webs or burst into flames, but the whole idea of some kind of goo shooting out of your wrists seems gross, and what a nuisance to have to keep buying new clothes after every burn. Maybe just teaching yourself a new sense, like echolocation, would be a better place to start. And as it turns out, it’s not only possible for humans to echolocate, but it’s actually not that hard to learn. Researchers used a group of blind and sighted people for the test, ranging in age from 21 to 79 years, and put them through a 10-week training program to learn click-based echolocation. After getting the basics of making the clicks and listening for the returns in an anechoic chamber, participants ran through a series of tasks, like size and orientation discrimination of objects, and virtual navigation. The newly minted echolocators were also allowed out into the real world to test their skills. Three months after the study, the blind participants had mostly retained their new skill, and most of them were still using it and reported that it had improved their quality of life.

As with everything else he’s involved with, Elon Musk has drawn a lot of criticism for his Starlink satellite-based internet service. The growing constellation of satellites bothers astronomers, terrestrial ISPs are worried the service will kill their business model, and the beta version of the Starlink dish has been shown to be flakey in the summer heat. But it’s on equipment cost where Musk has taken the most flak, which seems unfair as the teardowns we’ve seen clearly show that the phased-array antenna in the Starlink dish is being sold for less than it costs to build. But still, Musk is assuring the world that Starlink home terminals will get down in the $250 to $300 range soon, and that the system could have 500,000 users within a year. There were a couple of other interesting insights, such as where Musk sees Starlink relative to 5G, and how he’s positioning Starlink to provide backhaul services to cellular companies.

Well, this is embarrassing. Last week, we mentioned that certain unlucky users of an obsolete but still popular NAS device found that their data had disappeared, apparently due to malefactors accessing the device over the internet and forcing a factory reset. Since this seems like something that should require entering a password, someone took a look at the PHP script for the factory restore function and found that a developer had commented out the very lines that would have performed the authentication:

    function get($urlPath, $queryParams=null, $ouputFormat='xml'){
//        if(!authenticateAsOwner($queryParams))
//        {
//            header("HTTP/1.0 401 Unauthorized");
//            return;
//        }

It’s not clear when the PHP script was updated, but support for MyBook Live was dropped in 2015, so this could have been a really old change. Still, it was all the hacker needed to get in and wreak havoc; interestingly, the latest attack may be a reaction to a three-year-old exploit that turned many of these devices into a botnet. Could this be a case of hacker vs. hacker?

Hackaday Links: June 27, 2021

June 27, 2021 by Dan Maloney 24 Comments

When asked why he robbed banks, career criminal Willie Sutton is reported to have said, “Because that’s where the money is.” It turns out that a reporter made up the quote, but it’s a truism that offers by extension insight into why ATMs and point-of-sale terminals are such a fat target for criminals today. There’s something far more valuable to be taken from ATMs than cash, though — data, in the form of credit and debit card numbers. And taking a look at some of the hardware used by criminals to get this information reveals some pretty sophisticated engineering. We’d heard of ATM “skimmers” before, but never the related “shimmers” that are now popping up, at least according to this interesting article on Krebs.

While skimmers target the magnetic stripe on the back of a card, simmers are aimed at reading the data from card chips instead. Shimmers are usually built on flex PCBs and are inserted into the card slot, where traces on the device make contact with the chip reader contacts. The article describes a sophisticated version of shimmer that steals power from the ATM itself, rather than requiring a separate battery. The shimmer sits inside the card slot, completely invisible to external inspection (sorry, Tom), and performs what amounts to man-in-the-middle attacks. Card numbers are either stored on the flash and read after the device is retrieved, or are read over a Bluetooth connection; PINs are stolen with the traditional hidden camera method. While we certainly don’t condone criminal behavior, sometimes you just can’t help but admire the ingenuity thieves apply to their craft.

In a bit of foreshadowing into how weird 2020 was going to be, back in January of that year we mentioned reports of swarms of mysterious UAVs moving in formation at night across the midwest United States. We never heard much else about this — attention shifted to other matters shortly thereafter — but now there are reports out of Arizona of a “super-drone” that can outrun law enforcement helicopters. The incidents allegedly occurred early this year, when a Border Patrol helicopter pilot reported almost colliding with a large unmanned aerial system (UAS) over Tucson, and then engaged them in a 70-mile chase at speeds over 100 knots. The chase was joined by a Tucson police helicopter, with the UAS reaching altitudes of 14,000 feet at one point. The pilots didn’t manage to get a good look at it, describing it only as having a single green light on its underside. The range on the drone was notable; the helicopter pilots hoped to exhaust its batteries and force it to land or return to base, but they themselves ran out of fuel long before the drone quit. We have to admit that we find it a little fishy that there’s apparently no photographic evidence to back this up, especially since law enforcement helicopters are fairly bristling with sensors, camera, and spotlights.

When is a backup not a backup? Apparently, when it’s an iCloud backup. At least that’s the experience of one iCloud user, who uses a long Twitter thread to vent about the loss of many years of drawings, sketches, and assorted files. The user, Erin Sparling, admits their situation is an edge case — he had been using an iPad to make sketches for years, backing everything up to an iCloud account. When he erased the iPad to loan it to a family member for use during the pandemic, he thought he’s be able to restore the drawings from his backups, but alas, more than six months had passed before he purchased a new iPad. Apparently iCloud just up and deletes everythign if you haven’t used the account in six months — ouch! We imagine that important little detail was somehere in the EULA fine print, but while that’s not going to help Erin, it may help you.

And less the Apple pitchfork crowd think that this is something only Cupertino could think up, know that some Western Digital external hard drive users are crying into their beer too, after a mass wiping of an unknown number of drives. The problem impacts users of the WD My Book Live storage devices, which as basically network attached storage (NAS) devices with a cloud-based interface. The data on these external drives is stored locally, but the cloud interface lets you configure the device and access the data from anywhere. You and apparently some random “threat actors”, as WD is calling them, who seem to have gotten into some devices and performed a factory reset. While we feel for the affected users, it is worth noting that WD dropped support for these devices in 2015; six years without patching makes a mighty stable codebase for attackers to work on. WD is recommending that users disconnect these devices from the internet ASAP, and while that seems like solid advice, we can think of like half a dozen other things that need to get done to secure the files that have accumulated on these things.

And finally, because we feel like we need a little palate cleanser after all that, we present this 3D-printed goat helmet for your approval. For whatever reason, the wee goat pictured was born with a hole in its skull, and some helpful humans decided to help the critter out with TPU headgear. Yes, the first picture looks like the helmet was poorly Photoshopped onto the goat, but scroll through the pics and you’ll see it’s really there. The goat looks resplendent in its new chapeau, and seems to be getting along fine in life so far. Here’s hoping that the hole in its skull fills in, but if it doesn’t, at least they can quickly print a new one as it grows.

Hackaday Links: June 20, 2021

June 20, 2021 by Dan Maloney 15 Comments

The hits just keep coming for Elon Musk, as this week Starlink users reported their new satellite dishes apparently can’t take the heat. Granted, the places these reports are coming from are really, really hot, like Topock, Arizona, where one Starlink beta tester is located and where the air temperature is expected to hit 123°F (50°C) on Saturday. One user contacted Starlink customer service and was told that Dishy McFlatface is programmed to shut down if the surface temperature exceeds 50°C, which even in non-Arizona locations would be easily exceeded on a rooftop or in an urban heat island. Users experiencing thermal shutdown are taking extreme measures to get back online in the heat of the day, like by setting up sprinklers to water-cool their dishes. Others are building solar shades, and one die-hard is even considering putting the dish on an antenna tower, to get it up into the relatively cooler air above the ground. But these are just workarounds, and according to the engineer who did the Starlink teardown we featured a while back, the permanent fix may just be to redesign the thermal management. In other words, this isn’t likely to be another one of those problems that gets fixed with an OTA software push. Which is probably to be expected for something that’s still in the “Better than Nothing Beta” release.

We’ve all heard that AI and robots are going to replace pretty much every job at some point, but if one customer’s experience with an AI drive-through window is any gauge, it might take quite a while to get there. In a video posted on TikTok (we know, we know), a customer at a Chicago-area McDonald’s showed that the fast-food giant put exactly zero effort into making the experience anything but engaging. The synthesized voice is creepy, and evokes all the wrong kinds of feelings, like the ones you get when you’re forced to use a voice-response system to get through “voice mail jail”. At least in those cases, the voice at least sounds semi-apologetic when it can’t understand what you’ve said. After listening to it once, we’d much rather have a real human, even if it is a surly teen. This seems like a missed opportunity by McDonald’s, which probably has the resources to put a little humanity into their AI.

A while back, we dropped a link about satellites made largely of wood. At the time it seemed interesting if a bit self-serving, since the effort was largely backed by a large Finnish plywood company. And while that aspect of the project hasn’t changed, we’ve now got a better idea of how the WISA Woodsat is put together, and what it will do once it flies later this year. To be clear, the 1U CubeSat is not 100% wood, which of course would make including any electronics problematic. Instead, the side and top panels of the satellite are made from plywood, which are attached to aluminum rails that integrate with the launcher on the mothership. There’s also a metal pantograph-style selfie-stick, because pics or it didn’t happen. The interesting bit is the pre-treatment of the birch plywood, which is dried in a thermal vacuum chamber to prevent outgassing in space. Additionally, the exterior surface of the wood panels was covered with a thin layer of aluminum oxide, to give the surface a chance against highly reactive atomic oxygen. There will be sensors inside the satellite to see if any outgassing occurs, so we could actually get some valuable data about using wood in satellites out of what otherwise could have been just a publicity stunt.

As our long global nightmare appears to be playing out its endgame, and as the world begins to reopen itself to normal pursuits, it’s nice to see that some cons and meetups are actually returning to meatspace. One such event will be BornHack 2021, that week-long campout in a Danish forest with hundreds of like-minded hackers, tinkerers, and artists. The Call for Participation deadline has been extended to July 1, which gives you just a little more time to consider giving a presentation. We’ve heard Jenny List speak glowingly of BornHack, and it actually looks like a lot of fun.

And finally, it’s said that one can never include too many comments when writing code. Not everyone feels that way, of course; I once had a co-worker complain that I commented my code too much, which of course meant that I redoubled my efforts to make sure I had as many comments as possible. That meant I often ran out of ideas for pithy, pertinent, and gratuitous comments to sprinkle into my code. It’s a shame What The Commit didn’t exist back then. Just click the link and you’ll get a fresh, auto-generated comment ready to copy into your commits or embed in your code. Have fun!

Hackaday Links: June 13, 2021

June 13, 2021 by Dan Maloney 6 Comments

When someone offers to write you a check for $5 billion for your company, it seems like a good idea to take it. But in the world of corporate acquisitions and mergers, that’s not always the case, as Altium proved this week when they rebuffed a A$38.50 per share offer from Autodesk. Altium Ltd., the Australian company whose flagship Altium Designer suite is used by PCB and electronic designers around the world, said that the Autodesk offer “significantly undervalues” Altium, despite the fact that it represents a 42% premium of the company’s share price at the end of last week. Altium’s rejection doesn’t close the door on ha deal with Autodesk, or any other comers who present a better offer, which means that whatever happens, changes are likely in the EDA world soon.

There were reports this week of a massive explosion and fire at a Chinese polysilicon plant — sort of. A number of cell phone videos have popped up on YouTube and elsewhere that purport to show the dramatic events unfolding at a plant in Xinjiang province, with one trade publication for the photovoltaic industry reporting that it happened at the Hoshine Silicon “997 siloxane” packing facility. They further reported that the fire was brought under control after about ten hours of effort by firefighters, and that the cause is under investigation. The odd thing is that we can’t find a single mention of the incident in any of the mainstream media outlets, even five full days after it purportedly happened. We’d have figured the media would have been all over this, and linking it to the ongoing semiconductor shortage, perhaps erroneously since the damage appears to be limited to organic silicone production as opposed to metallic silicon. But the company does supply something like 17% of the world’s supply of silicon metal, so anything that could potentially disrupt that should be pretty big news.

It’s always fun to see “one of our own” take a project from idea to product, and we like to celebrate such successes when they come along. And so it was great to see the battery-free bicycle tire pressure sensor that Hackaday.io user CaptMcAllister has been working on make it to the crowdfunding stage. The sensor is dubbed the PSIcle, and it attaches directly to the valve stem on a bike tire. The 5-gram sensor has an NFC chip, a MEMS pressure sensor, and a loop antenna. The neat thing about this is the injection molding process, which basically pots the electronics in EDPM while leaving a cavity for the air to reach the sensor. The whole thing is powered by the NFC radio in a smartphone, so you just hold your phone up to the sensor to get a reading. Check out the Kickstarter for more details, and congratulations to CaptMcAllister!

We’re saddened to learn of the passing of Dale Heatherington last week. While the name might not ring a bell, the name of his business partner Dennis Hayes probably does, as together they founded Hayes Microcomputer Products, makers of the world’s first modems specifically for the personal computer market. Dale was the technical guru of the partnership, and it’s said that he’s the one who came up with the famous “AT-command set”. Heatherington only stayed with Hayes for seven years or so before taking his a $20 million share of the company and retiring, which of course meant more time and resources to devote to tinkering with everything from ham radio to battle bots. ATH0, Dale.