Internet of Laundry — Let the ESP8266 Watch Your Dirty Drawers Get Clean

When you think of world-changing devices, you usually don’t think of the washing machine. However, making laundry manageable changed not only how we dress but how much time people spent getting their clothes clean. So complaining about how laborious our laundry is today would make someone from the 1800s laugh. Still, we all hate the laundry and [Andrew Dupont], in particular, hates having to check on the machine to see if it is done. So he made Laundry Spy.

How do you sense when the machine — either a washer or a dryer — is done? [Andrew] thought about sensing current but didn’t want to mess with house current. His machines don’t have LED indicators, so using a light sensor wasn’t going to work either. However, an accelerometer can detect vibrations in the machine and most washers and dryers vibrate plenty while they are running.

The four-part build log shows how he took an ESP8266 and made it sense when the washer and dryer were done so it could text his cell phone. He’d already done a similar project with an Adafruit HUZZAH. But he wanted to build in some new ideas and currently likes working with NodeMCU. While he was at it he upgraded the motion sensor to an LIS3DH which was cheaper than the original sensor.

[Andrew] already runs Node – RED on a Raspberry Pi, so incorporating this project with his system was a snap. Of course, you could adapt the approach to lots of other things, as well. The device produces MQTT messages and Node – RED subscribes to them. The Pushover handles the text messaging. Node – RED has a graphical workflow that makes integrating all the pieces very intuitive. Here’s the high-level workflow:

You might wonder why he didn’t just have the ESP8266 talk directly to Pushover. That is possible, of course, but in part 2, [Andrew] enumerates some good reasons for his design. He wants to decouple components in the system for easier future upgrades. And MQTT is simple to publish on the sensor side of things compared to API calls which are handled by the Raspberry Pi for now.

Laundry monitoring isn’t a unique idea and everyone has a slightly different take on it, even some Hackaday authors. If phone notification is too subtle for you, you can always go bigger.

Welcome to the Internet of Hamsters

It was only a matter of time. Everything else is getting its data logged and reported to the Internet for detailed analysis, so why should our rodents be any different? The cover story is that [Nicole Horward] hooked her pet hamster Harold up to the web because she wanted to see if he was getting as much exercise as he should. The real reason is, of course, that Harold wanted to show off to his “friends” on Hamsterbook.

The hardware side of this hack is very simple, a magnetic door sensor (like the kind used in alarm systems) is used to detect each time the wheel makes a complete rotation. The sensor is hooked up to the GPIO pins of a Raspberry Pi, where it’s read by a Python script. A small LCD screen was added to give some visual feedback on Harold’s daily activity, and the whole thing was boxed up in a laser cut enclosure.

That gave [Nicole] a cute little display next to Harold’s cage, but it didn’t do much for analyzing his activity. For that, a script is used to upload the data every minute to a ThingSpeak channel via MQTT. This automatically generates attractive graphs from the raw data, making it much easier to visualize what’s happening over the long term.

Now might be a good time to brush up on your MQTT knowledge, so that your pet could be the next to join the IoT revolution.

Continue reading “Welcome to the Internet of Hamsters”

Firefox Reality, A Browser For VR Devices

The browser you are reading this page in will be an exceptionally powerful piece of software, with features and APIs undreamed of by the developers of its early-1990s ancestors such as NCSA Mosaic. For all that though, it will very probably be visually a descendant of those early browsers, a window for displaying two-dimensional web pages.

Some of this may be about to change, as in recognition of the place virtual reality devices are making for themselves, Mozilla have released Firefox Reality, in their words “a new web browser designed from the ground up for stand-alone virtual and augmented reality headset“. For now it will run on Daydream and GearVR devices as a developer preview, but the intended target for the software is a future generation of hardware that has yet to be released.

Readers with long memories may remember some of the hype surrounding VR in browsers back in the 1990s, when crystal-ball-gazers who’d read about VRML would hail it as the Next Big Thing without pausing to think about whether the devices to back it up were on the market. It could be that this time the hardware will match the expectation, and maybe one day you’ll be walking around the Hackaday WrencherSpace rather than reading this in a browser. See you there!

They’ve released a video preview that disappointingly consists of a 2D browser window in a VR environment. But it’s a start.

Continue reading “Firefox Reality, A Browser For VR Devices”

IoT Potty Training

If you have not had children, stop reading now, we implore you. Because before you’ve had kids, you can’t know how supremely important it is that they take care of going to the bathroom by themselves. [David Gouldin] knows how it is. But unlike most of us, he resorted to using an Amazon IoT button and Twilio. No, we are not kidding.

The problem he was trying to solve is when his younger child would need to use the potty in the middle of the night, calling out for assistance would wake the older child. [David] said it best himself:

Behind the smiling emoji facade is an Amazon IoT button, a variant of Amazon’s dash button. When my kid presses this button, it triggers an AWS Lambda function that uses Twilio’s Python Helper Library to call my iPhone from a Twilio number. The Twilio number is stored in my contacts with “emergency bypass” turned on, so even when it’s 2am and I’m on “do not disturb” I still get the call.

Continue reading “IoT Potty Training”

Memcached Servers Abused For DDoS Attacks

Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.

We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.

This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.

So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.

Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway.  And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.

Count Your Fans with this Stylish ESP8266 Display

Continuous self-affirmation is a vital component to the modern lifestyle. Of course you know the world loves you, but exactly how much do they love you? Checking your phone every few minutes to see if you’ve gained any followers is gauche, and perhaps more to the point, doesn’t let you show off when you’ve got visitors over. In the modern era, the up-and-coming social media star needs a stylish way to display just how popular they are for the world to see.

That’s the idea behind this very slick social media counter created by [Becky Stern]. Built into a standard shadow box frame and using LED displays glowing through a printed piece of paper, the finished product looks more like modern art than the usual hacker fare.

The counter is powered by a NodeMCU, but you could drop in your favorite variant of the ESP8266 and things would work more or less the same. For the displays, [Becky] is using four Adafruit 7-Segment LED modules, which are easily controlled via I2C which keeps the wiring to a minimum.

It’s interesting to note that since her follower count on Twitter has already hit five digits, two of the display modules are used next to each other for that particular service. Her Instructables and Instagram counters only have one display each however, limiting her counts on those services to 9,999 each. There’s probably something to be learned here in terms of the relative follower counts you can expect on the different social networks if you’re targeting your content to the hacker and maker crowd, but we’ll leave the analysis to those with a better handle on such matters.

Hardware aside, [Becky] spends a lot of time in the video talking about the code she’s come up with to pull her stats from the various services and push them out to the LED displays at a regular interval. It’s nice to see so much attention and explanation given to the software side of a project like this, as more often than not you’re left to your own to figure out what the source code is doing.

This project is quite similar to the YouTube Play Button hack we covered a few months back, but the addition of multiple social networks in one device is a nice improvement over the basic concept.

Continue reading “Count Your Fans with this Stylish ESP8266 Display”

The Grooviest Random Number Generator Ever

Cloudflare is one of those Internet companies you use all the time, but don’t usually know it. Big websites you visit use Cloudflare to shore up their defenses against denial of service attacks. The company needed some truly random numbers for its security solutions, so it turned to some groovy old tech: lava lamps. In their office is a wall of 100 lava lamps monitored by cameras. The reaction of the lamps is unpredictable, and this allows them to generate really random numbers. [Joshua], a Cloudflare employee, talks about the technical details of the system in a recent blog post.

You might think this is a new and novel idea, but it turns out the LavaRnd (or maybe it is LavaRand — there’s some dispute if you read the comments below) system has been around for a while. In fact, we covered it way back in 2005. Silicon Graphics patented the system in 1996.

Continue reading “The Grooviest Random Number Generator Ever”