News

3651 Articles

Arduino Plays The Glasses

November 22, 2021 by 8 Comments

Have you ever been on a city street and seen a busker playing music on glasses? Each glass has a different amount of water and produces a different note when tapped. [Cyberlab] must have seen them and created an Arduino robot to play tunes on glasses. You can see the result in the video below.

If we had done this, we might have had a solenoid per glass or used some linear component like a 3D printer axis to pick different glasses. [Cyberlab] did something smarter. The glasses go in a circle and a stepper motor points at the correct glass and activates a solenoid. The result is pretty good and it is a lot simpler than any of our ideas.

If you aren’t musically inclined, you might wonder how you’d program the songs. There’s an example of taking a music box score from a website — apparently, there are lots of these — and removing any polyphony from it. The site mentioned even has an editor where you can import MIDI files and work with them to produce a music box strip that you could then convert. Then you encode each note as a number from 0 to 6.

Of course, you also have to fill your glasses with the right amount of water. A piano tuning phone app should be useful. We’ve seen this done in a linear fashion before. You can even use a single glass for many notes with a little ingenuity.

Continue reading “Arduino Plays The Glasses”

FlowIO Takes Top Honors In The 2021 Hackaday Prize

November 20, 2021 by 8 Comments

FlowIO Platform, a modular pneumatics controller for soft robotics and smart material projects, took home Grand Prize honors at the 2021 Hackaday Prize. Aside from the prestige of coming out on top of hundreds of projects and bragging rights for winning the biggest hardware design challenge on Earth, the prize carries an award of $25,000 and a Supplyframe DesignLab residency to continue project development. Four other top winners were also announced at the Hackaday Remoticon virtual conference on Saturday evening.

In a year full of challenges, this year’s Hackaday Prize laid down yet another gauntlet: to “Rethink, Refresh, and Rebuild.” We asked everyone to take a good hard look at the systems and processes that make the world work — or in some cases, not work — and reimagine them from a fresh perspective. Are there better ways to do things? What would you come up with if you started from a blank piece of paper? How can you support and engage the next generation of engineers, and inspire them to take up the torch? And what would you come up with if you just let your imagination run wild?

And boy, did you deliver! With almost 500 entries, this year’s judges had quite a task in front of them. Each of the five challenges — Refresh Displays, Rethink Work-From-Home Life, Reimagine Supportive Tech, Redefine Robots, and Reactivate Wildcard — had ten finalists, which formed the pool of entries for the overall prize. And here’s what they came up with.

Continue reading “FlowIO Takes Top Honors In The 2021 Hackaday Prize”

This Week In Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, And The Blacksmith

November 19, 2021 by 21 Comments

Intel has announced CVE-2021-0146, a vulnerability in certain processors based on the Atom architecture, and the Trusted Platform Module (TPM) is at the center of the problem. The goal of the system around the TPM is to maintain system integrity even in the case of physical access by an attacker, so the hard drive is encrypted using a key stored in a secure chip on the motherboard. The TPM chip holds this encryption key and provides it during the boot process. When combined with secure boot, this is a surprisingly effective way to prevent tampering or data access even in the case of physical access. It’s effective, at least, when nothing goes wrong.

Earlier this year, we covered a story where the encryption key could be sniffed directly from the motherboard, by tapping the traces connecting the TPM to the CPU. It was pointed out that TPM 2.0 can encrypt the disk encryption key on the traces, making this attack impossible.

The entire Trusted Compute Model is based on the premise that the CPU itself is trustworthy. This brings us back to Intel’s announcement that a debug mode could be enabled via physical access. In this debug mode, the CPU master key can be extracted, leading to complete compromise. The drive encryption key can be recovered, and unsigned firmware can be loaded to the Management Engine. This means data in the TPM enclave and the TPM-stored encryption key can be compromised. Updated firmware is rolling out through motherboard vendors to address the problem. Continue reading “This Week In Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, And The Blacksmith”

Russian Anti-Satellite Weapon Test Draws Widespread Condemnation

November 17, 2021 by 44 Comments

On the morning of November 15, a Russian missile destroyed a satellite in orbit above Earth.  The successful test of the anti-satellite weapon has infuriated many in the space industry, put astronauts and cosmonauts alike at risk, and caught the attention of virtually every public and private space organisation on the planet.

It’s yet another chapter in the controversial history of military anti-satellite operations, and one with important implications for future space missions. Let’s examine what happened, and explore the greater context of the operation.

Continue reading “Russian Anti-Satellite Weapon Test Draws Widespread Condemnation”

This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack

November 12, 2021 by 33 Comments

Maybe we really were better off with ASCII. Back in my day, we had space for 256 characters, didn’t even use 128 of them, and we took what we got. Unicode opened up computers to the languages of the world, but also opened an invisible backdoor. This is a similar technique to last week’s Trojan Source story. While Trojan Source used right-to-left encoding to manipulate benign-looking code, this hack from Certitude uses Unicode characters that appear to be whitespace, but are recognized as valid variable names.

const { timeout,ㅤ} = req.query;
Is actually:
const { timeout,\u3164} = req.query;

The extra comma might give you a clue that something is up, but unless you’re very familiar with a language, you might dismiss it as a syntax quirk and move on. Using the same trick again allows the hidden malicious code to be included on a list of commands to run, making a hard-to-spot backdoor.

The second trick is to use “confusable” characters like ǃ, U+01C3. It looks like a normal exclamation mark, so you wouldn’t bat an eye at if(environmentǃ=ENV_PROD){, but in this case, environmentǃ is a new variable. Anything in this development-only block of code is actually always enabled — imagine the chaos that could cause.

Neither of these are ground-breaking vulnerabilities, but they are definitely techniques to be wary of. The authors suggest that a project could mitigate these Unicode techniques by simply restricting their source code to containing only ASCII characters. It’s not a good solution, but it’s a solution. Continue reading “This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack”

South Korean KSLV-2 Nuri Rocket Almost Orbits

November 8, 2021 by 4 Comments

There was a bit of excitement recently at the Naro Space Center on Outer Naro Island, just off the southern coast of the Korea Peninsula. The domestically developed South Korean Nuri rocket departed on its inaugural flight from launch pad LB-2 at 5pm in the afternoon on Thursday, 21 Oct. The previous launch in the KSLV-2 program from this facility was in 2018, when a single-stage Test Launch Vehicle was successfully flown and proved out the basic vehicle and its KRE-075 engines.

This final version of the three-stage Nuri rocket, formally known as Korean Space Launch Vehicle-II (KSLV-2), is 47.2 m long and 3.5 m in diameter. The first stage is powered by a cluster of four KRE-075 sea-level engines having 3 MN of thrust. The second stage is a single KRE-075 vacuum engine with 788 kN thrust, and the final stage is a KRE-007 vacuum engine with 69 kN thrust (all these engines are fueled by Jet-A / LOX). In this maiden flight, the first two stages performed as expected, but something went wrong when the third stage shut off prematurely and failed to gain enough velocity to put the 1400 kg dummy satellite into orbit.

A committee formed to investigate the flight failure convened this week, and issued a statement after a preliminary review of the collected telemetry data. So far, all indications point to a drop in oxidizer tank pressure in the third stage. This could be the result of a leak in the tank itself or the associated plumbing. They will also investigate whether a sensor or other failure in the tank pressurization control system could be at fault. A second launch is currently scheduled for May of next year. Check out [Scott Manley]’s video below the break, where he discusses the launch itself and some history of South Korea’s space program.

Continue reading “South Korean KSLV-2 Nuri Rocket Almost Orbits”

Solar Cells, Half Off

November 6, 2021 by 34 Comments

A company named Leap Photovoltaic claims they have a technology to create solar panels without silicon wafers which would cut production costs in half. According to [FastCompany] the cells are still silicon-based, but do not require creating wafers as a separate step or — as is more common — acquiring them as a raw material.

The process is likened to 3D printing as silicon powder is deposited on a substrate. The design claims to use only a tenth of the silicon in a conventional cell and requires fewer resources to produce, too.

Continue reading “Solar Cells, Half Off”