The global COVID-19 pandemic has kept many of us socially isolated from friends, family, and colleagues for several months at this point. But thanks to modern technology, the separation has only been in the physical sense. From job interviews to grade school book reports, many of the things we’d previously done in person are now happening online. The social distancing campaign has also shown that virtual meetups can be a viable alternative to traditional events, with several notable hacker conventions already making the leap into cyberspace.
With this in mind, we’re proud to announce HackadayU. With weekly online videos and live office hours, these online classes will help you make the most of your time in isolation by learning new skills or diving deeper into subjects with experienced instructors from all over the world. Whether you’re just curious about a topic or want to use these classes to help put yourself on a new career path, we’re here to help.
In a community like ours, where so many people already rely on self-study and tutorial videos, these four week classes are perfect for professional engineers and hobbyists alike. To make sure HackadayU is inclusive as possible, classes will be offered on a pay-as-you-wish basis: we’ll pick up the tab for the instructor’s time, and you kick in whatever you think is fair. All money collected will be donated to charities that help feed, house, and educate others. We know these are tough times, and the hope is that HackadayU can not only benefit the members of our core community, but pass on some goodwill to those who are struggling.
Although online voting in elections has been a contentious topic for decades already, it is during the current pandemic that it has seen significant more attention. Along with mail-based voting, it can be a crucial tool in keeping the world’s democratic nations running smoothly. This is where the OmniBallot software, produced by Democracy Live, comes into play, and its unfortunate unsuitability for this goal.
Despite already being used by multiple US jurisdictions for online voting, a study by MIT’s [Michael Specter] and University of Michigan researchers points out the flaws in this web-based platform. Their recommendations are to either avoid using OmniBallot completely, or to only use it for printing out a blank ballot that one then marks by hands and sends in by mail.
One of the issues with the software is that it by default creates the marked ballot PDF on the Democracy Live servers, instead of just on the user’s device. Another is that as a web-based platform it is hosted on Amazon Web Services (AWS), with JavaScript sources pulled from both CloudFlare and Google servers. Considering that the concern with electronic voting machines was that of unauthorized access at a polling station, it shouldn’t require a lengthy explanation to see this lack of end-to-end security with OmniBallot offers many potential attack surfaces.
When Ars Technica contacted Democracy Live for commentary on these findings, Democracy Live CEO [Bryan Finney] responded that “The report did not find any technical vulnerabilities in OmniBallot”. Since the researchers did not examine the OmniBallot code itself that is technically true, but misses the larger point of the lack of guarantee of every single voter’s device being secured, as well as every AWS, CloudFlare and Google instance involved in the voting process.
As a result, the recommended use of OmniBallot is to use it for the aforementioned printing out of blank ballots, to save half of the trip time of the usual mail-in voting.
Last week, [Danal Estes] passed away. This comes as a shock to many of us who had the pleasure of interacting with him online. Not only was [Danal] an active contributor to the 3D printing community, he was simply a warm-hearted character who was just fun to get along with. I met [Danal] online less than a year ago. But I owe him a debt in helping transform a set of design files that I posted online into a full blown community of hardware enthusiasts.
Here’s my best shot at recounting some of this fellow human’s legacy as seen from the fellow tool changing 3D printing enthusiasts who knew him.
Getting to Know an Online Community Builder
I first met [Danal] online last September through Thingiverse when he posted a make of Jubilee, a tool changing machine design that I posted a few weeks prior. At a time when Jubilee was just a set of files and instructions on the internet, I was stoked that someone in the world was out there building a duplicate. To get to know these people better and work out any pinch points in their assembly process, I started a Discord Chat Server. [Danal] was the first to join and start telling his story in pictures.
As a community of curious people on Discord grew, questions about the machine started to arise. How big was it? How did the tool changing work? I tried answering as many as I could, putting an FAQ blurb on Thingiverse, But a few weeks in, something else happened: [Danal] started answering the questions. Not only that, he was greeting nearly every single person who introduced themselves on the server. I didn’t understand the value of a simple “welcome aboard!” that follows someone’s first post in a budding online community, but [Danal] did. So he did just that. He made you feel welcome to have landed in this corner of the internet. In a world full of engineers who don’t like repeating themselves, [Danal] seemed to get that his repeat interaction was new for the person on the other end; and that made it worth doing.
Danal’s first tool changes
As the days passed, questions continued, and [Danal] continued to fill people in with answers to questions–even repeat questions. All the while, he posted progress pictures of his own machine. In a way, the rest of the community seemed to be holding their breath during this time, watching [Danal] post status reports; waiting for some conviction that these files actually turned into something that worked. Then, less than a month later, [Danal] posted a video of his first successful tool change. It did work! Almost certainly inspired by [Danal’s] success, a few more folks started building machines of their own. But [Danal] was the first person to duplicate a Jubilee.
More than twenty machines have been built in the wild since I posted the project files back in September. I believe that the inspiration to start draws from the success of people who have finished before, which chains down to the inspiration drawn from the success of the first person to finish: [Danal Estes]. I owe him one for that: for inspiring a community of folks to follow in this adventure.
Commoditized Automatic Nozzle Alignment
[Danal] did more than affirm the machine design to a new Jubilee community. Over the short span of the project, [Danal] put his software hat on and developed an automated machine-vision based tool alignment system that he called TAMV. It turns out that tool tip calibration is one of the gnarly problems for any multi-nozzle 3D printer. Tools must be aligned relative to each other such that each of the unique materials they print are aligned in the resulting print. The current ways of doing this are cumbersome and manual. Either you measure offsets by printing a vernier scale or by taking pictures with an upwards-facing microscope. [Danal] took this gnarly problem as an opportunity to automate the process completely, so he did.
In just two months, [Danal] returned with an announcement on the Jubilee Discord to present TAMV, aka: Tool Align Machine Vision. By mounting an upwards facing webcam to the front of his Jubilee, [Danal] simply ran his one-button script, and his machine automatically calibrated each available tool both automatically and better than most humans could with the prior methods. It did this by sequentially picking up tools, putting them in the camera field of view, and then measuring their offsets. What’s more, he released the entire code base as open-source, literally transforming a gnarly problem into a thing of the past with a commodity solution made usable with a simple installation script and setup instructions that he also wrote.
Here on Hackaday, it’s humbling to read about the amazing feats folks are overcoming all from the comfort of their home workbenches. But it’s invigorating to see that same feat unfolded in a way that lets us unpack it, learn from it, build on top of it. The act of documenting work you’ve already done with the intent that others could follow it is an act of grace. [Danal] was gracious.
A Shared Story Told in Projects
As [Danal] became one of the most active community members on Discord, we started to learn more about his other projects. For [Danal], 3D printers were as much a side project as they were tools in a family of other tools for creative projects. Armed with these machines, [Danal] put them to work on machines for flight, from extraordinary remote control aircraft (3D printed of course) that could barely work their wingspan through a doorway to the consoles of real world aircraft that could carry a pilot.
It was always a pleasure to get a slice of [Danal’s] adventures. Getting to hear about his excitement in projecting was food for a growing community of hobbyists eager to get back to our workbenches. And the framing of his adventures was warm enough to make you feel not just that you wanted a bit of this lifestyle for yourself, but that you could have it too. I hope that this part of [Danal’s] legacy is something that we online folk can continue: the shared courtesy and warm attitude to newcomers in a hardware hacking community.
Yesterday we reported that Lattice Semiconductor had inserted a clause that restricted the reverse engineering of bitstreams produced by their FPGA toolchains. Although not explicitly stated, it’s assumed that this was directed toward several projects over the past five years that have created fully open source toolchains by reverse engineering the bitstream protocols of the Lattice ICE40 and ECP5 FPGA architectures. Late yesterday Lattice made an announcement reversing course.
To the open source community, thank-you for pointing out a new bitstream usage restriction in the Lattice Propel license. We are excited about the community’s engagement with Lattice devices and our intent is to not hinder the creation of innovative open source FPGA tools.
It’s refreshing then to see this announcement from Lattice Semiconductor. Even more so is the unexpected turn of speed with which they have done so, within a couple of days of it being discovered by the open-source community. We report depressingly often on boneheaded legal moves from corporations intent on curbing open source uses of their products. This announcement from Lattice removes what was an admonition opposing open source toolchains, can we hope that the company will continue yesterday’s gesture and build a more lasting relationship with the open source community?
The underlying point to this story is that in the world of electronics there has long been an understanding that hardware hackers drive product innovation which will later lead to more sales. Texas Instruments would for years supply samples of exotic semiconductors to impecunious students for one example, and maybe you have a base-model Rigol oscilloscope with a tacitly-approved software hack that gives it an extra 50MHz of bandwidth for another.
We can only congratulate Lattice on their recognition that open source use of their products is beneficial for them, and wish that some of the other companies triggering similar stories would see the world in the same way. Try interacting more with your open source fans; they know and love your hardware more than the average user and embracing that could mean a windfall for you down the road.
There’s an old joke that you can’t trust atoms — they make up everything. But until fairly recently, there was no real way to see individual atoms. You could infer things about them using X-ray crystallography or measure their pull on tiny probes using atomic force microscopes, but not take a direct image. Until now. Two laboratories recently used cryo-electron microscopy to directly image atoms in a protein molecule with a resolution of about 1.2 x 10-7 millimeters or 1.2 ångströms. The previous record was 1.54 ångströms.
Recent improvements in electron beam technology helped, as did a device that ensures electrons that strike the sample travel at nearly the same speeds. The latter technique resulted in images so clear, researchers could identify individual hydrogen atoms in the apoferritin molecule and the water surrounding it.
The topic of reverse engineering is highly contentious at best when it comes to software and hardware development. Ever since the configuration protocol (bitstream) for Lattice Semiconductor’s iCE40 FPGAs was published in 2015 through reverse engineering efforts, there has been a silent war between proponents of open bitstream protocols and FPGA manufacturers, with the Lattice ECP5’s bitstream format having been largely reverse-engineered at this point.
Update: About eight hours after this article was published, Lattice Semiconductor issued a statement retracting the EULA language that banned bitstream reverse engineering. Please check out Hackaday’s article about this reversal.
Most recently, it appears that Lattice has fired a fresh shot across the bow of the open source projects. A recently discovered addition to the Propel SDK, which contains tools to program and debug Lattice devices, specifically references bitstream reverse engineering. When logged in with an account on the company’s website the user must agree to the Lattice Propel License Agreement for Lattice Propel 1.0 prior to download. That document includes the following language:
In particular, no right is granted hereunder […] (3) for reverse engineering a bitstream format or other signaling protocol of any Lattice Semiconductor Corporation programmable logic device.
So first off, remember the Unc0ver vulnerability/jailbreak from last week? In the 13.5.1 iOS release, the underlying flaw was fixed, closing the jailbreak. If you intend to jailbreak your iOS device, make sure not to install this update. That said, the normal warning applies: Be very careful about running out-of-date software.
Apple Sign In
An exploit in Apple’s web authentication protocol was fixed in the past week . Sign In With Apple is similar to OAuth, and allows using an Apple account to sign in to other sites and services. Under the hood, a JSON Web Token (JWT) gets generated and passed around, in order to confirm the user’s identity. In theory, this scheme even allows authentication without disclosing the user’s email address.
With this in mind, we’re proud to announce HackadayU. With weekly online videos and live office hours, these online classes will help you make the most of your time in isolation by learning new skills or diving deeper into subjects with experienced instructors from all over the world. Whether you’re just curious about a topic or want to use these classes to help put yourself on a new career path, we’re here to help.
