News

3649 Articles

Smartglove Helps Cyclists Be Seen

June 20, 2020 by 25 Comments

Cyclists share the road with other vehicles, often leading to problems when drivers fail to see or respect the rider’s space. To try and alleviate these issues, [Matlek] built the Smartglove to help cyclists communicate their intentions to other road users.

The project consists of a glove fitted with an Arduino Nano 33 BLE sense, featuring Bluetooth and motion sensing on board. Combined with TinyML machine learning code, the Arduino is able to sense hand gestures from the rider. These gestures are then interpreted, and relevant messages displayed on an LED screen worn on the rider’s back. Flicking the wrist left and right flashes indicators that the user is about to change direction, while a rearward flick flashes a warning that the user is braking.

It’s a tidy way to integrate vehicle-style lighting into a simple interface for cycling. This has benefits, particularly at night, for allowing other road users to see a cyclist and understand their intentions on the road. Of course, if you really want to be noticed, this bike boombox could also be a big help. Video after the break. Continue reading “Smartglove Helps Cyclists Be Seen”

This Week In Security: HaveIBeenPwned And Facebook Attack Their Customers

June 19, 2020 by 27 Comments

We’re fans of haveibeenpwned.com around here, but a weird story came across my proverbial desk this week — [Troy Hunt] wrote a malicious SQL injection into one of their emails! That attack string was a simple ';--

Wait, doesn’t that look familiar? You remember the header on the haveibeenpwned web page? Yeah, it’s ';--have i been pwned?. It’s a clever in-joke about SQL injection that’s part of the company’s brand. An automated announcement was sent out to a company that happened to use the GLPI service desk software. That company, which shall not be named for reasons that are about to become obvious, was running a slightly out-of-date install of GLPI. That email generated an automated support ticket, which started out with the magic collection of symbols. When a tech self-assigned the ticket, the SQL injection bug was triggered, and their entire ticket database was wiped out. The story ends happily, thanks to a good backup, and the company learned a valuable lesson. Continue reading “This Week In Security: HaveIBeenPwned And Facebook Attack Their Customers”

Metasurface Design Methods Can Make LED Light Act More Like Lasers

June 18, 2020 by 33 Comments

Light-emitting diodes (LEDs) are not exactly new technology, but their use over time has evolved from rather dim replacements of incandescent signal lights in control panels to today’s home lighting. Although LEDs have the reputation of being power-efficient, there is still a lot of efficiency to be gained.

UC Santa Barbara researchers [Jonathan Schuller] and his team found that a large number of the photons that are generated never make it out of the LED. This means that the power that was used to generate these photons was essentially wasted. Ideally one would be able to have every single photon successfully make it out of the LED to contribute to the task of illuminating things.

In their paper titled ‘Unidirectional luminescence from InGaN/GaN quantum-well metasurfaces‘  (pre-publication Arxiv version) they describe the problem of photon emission in LEDs. Photons are normally radiated in all directions, causing a ‘spray’ of photons that can be guided somewhat by the LED’s packaging and other parameters. The challenge was thus to start at the beginning, having the LED emit as many photons in one direction as possible.

Their solution was the use of a metasurface-based design, consisting out of gallium nitride (GaN) nanorods on a sapphire substrate. These were embedded with indium gallium nitride (InGaN) quantum wells which emit the actual photons. According to one of the researchers, the idea is based on subwavelength antenna arrays already used with coherent light sources like lasers.

With experiments showing the simulated improvements, it seems that this research may lead to even brighter, more efficient LEDs before long if these findings translate to mass production.

(Thanks, Qes)

Copy And Paste Deemed Insecure

June 18, 2020 by 23 Comments

Back when Windows NT was king, Microsoft was able to claim that it met the strict “Orange Book” C2 security certification. The catch? Don’t install networking and remove the floppy drives.  Turns out most of the things you want to do with your computer are the very things that are a security risk. Even copy and paste.

[Michal Benkowki] has a good summary of his research which boils down to the following attack scenario:

  1. Visit a malicious site.
  2. Copy something to the clipboard which allows the site to put in a dangerous payload.
  3. Visit another site with a browser-based visual editor (e.g., Gmail or WordPress)
  4. Paste the clipboard into the editor.

Continue reading “Copy And Paste Deemed Insecure”

Justice For The Gatwick Two: The Final Chapter In The British Drone Panic Saga

June 17, 2020 by 27 Comments

At the end of 2018, a spate of drone sightings caused the temporary closure of London Gatwick Airport, and set in train a chain of events that were simultaneously baffling and comedic as the authorities struggled to keep up with both events and the ever widening gap in their knowledge of the subject.

One of the more inept actions of the Sussex Police was to respond by arresting the first local drone enthusiast they could find on Facebook, locking up a local couple for 36 hours and creating a media frenzy by announcing the apprehension of the villains before shamefacedly releasing them without charge.

In a final twist to the sorry saga, the couple have sued the force for wrongful arrest and false imprisonment, for which the cops have had to make a £200,000 ($250,117) payout including legal fees.

We reported extensively on the events surrounding the case 18 months ago, and then on a follow-up event at London Heathrow airport. The mass media at the time were full of the official line that drone hobbyists must be at fault, but then as now we were more interested in seeing some hard evidence. As we said then: Show us the drone.

So how has the new drone law progressed, since it was decided that Something Must Be Done? Enthusiasts have continued as before, and the multirotor community is as technically creative as ever. We were fortunate enough to host the Lets Drone Out podcast at MK Makerspace back in those halcyon days before the pandemic and see the state of the art in sub-250g craft, and with those and commercial offerings such as the DJI Mavic Mini all requiring no registration there is increasingly little need for an enthusiast to purchase a larger machine. The boost to the British drone industry we were promised has instead been a boost for the Chinese industry as we predicted, and of course we’re still waiting for the public inquiry into the whole mess. Something tells us Hell will freeze over first.

If you’d like the whole backstory in a convenient and entertaining video format, can we direct you to this talk at CCCamp 2019.

Thanks [Stuart Rogers] for the tip.

Keystone Kops header image: Mack Sennett Studios [Public domain].

School’s In Session With HackadayU

June 17, 2020 by 13 Comments

The global COVID-19 pandemic has kept many of us socially isolated from friends, family, and colleagues for several months at this point. But thanks to modern technology, the separation has only been in the physical sense. From job interviews to grade school book reports, many of the things we’d previously done in person are now happening online. The social distancing campaign has also shown that virtual meetups can be a viable alternative to traditional events, with several notable hacker conventions already making the leap into cyberspace.

With this in mind, we’re proud to announce HackadayU. With weekly online videos and live office hours, these online classes will help you make the most of your time in isolation by learning new skills or diving deeper into subjects with experienced instructors from all over the world. Whether you’re just curious about a topic or want to use these classes to help put yourself on a new career path, we’re here to help.

In a community like ours, where so many people already rely on self-study and tutorial videos, these four week classes are perfect for professional engineers and hobbyists alike. To make sure HackadayU is inclusive as possible, classes will be offered on a pay-as-you-wish basis: we’ll pick up the tab for the instructor’s time, and you kick in whatever you think is fair. All money collected will be donated to charities that help feed, house, and educate others. We know these are tough times, and the hope is that HackadayU can not only benefit the members of our core community, but pass on some goodwill to those who are struggling.

Classes will be rolling out through the rest of 2020, but here’s a look at some of what we’ve got planned: Continue reading “School’s In Session With HackadayU”

OmniBallot, Another Flawed Attempt At Online Voting

June 14, 2020 by 49 Comments

Although online voting in elections has been a contentious topic for decades already, it is during the current pandemic that it has seen significant more attention. Along with mail-based voting, it can be a crucial tool in keeping the world’s democratic nations running smoothly. This is where the OmniBallot software, produced by Democracy Live, comes into play, and its unfortunate unsuitability for this goal.

Despite already being used by multiple US jurisdictions for online voting, a study by MIT’s [Michael Specter] and University of Michigan researchers points out the flaws in this web-based platform. Their recommendations are to either avoid using OmniBallot completely, or to only use it for printing out a blank ballot that one then marks by hands and sends in by mail.

One of the issues with the software is that it by default creates the marked ballot PDF on the Democracy Live servers, instead of just on the user’s device. Another is that as a web-based platform it is hosted on Amazon Web Services (AWS), with JavaScript sources pulled from both CloudFlare and Google servers. Considering that the concern with electronic voting machines was that of unauthorized access at a polling station, it shouldn’t require a lengthy explanation to see this lack of end-to-end security with OmniBallot offers many potential attack surfaces.

When Ars Technica contacted Democracy Live for commentary on these findings, Democracy Live CEO [Bryan Finney] responded that “The report did not find any technical vulnerabilities in OmniBallot”. Since the researchers did not examine the OmniBallot code itself that is technically true, but misses the larger point of the lack of guarantee of every single voter’s device being secured, as well as every AWS, CloudFlare and Google instance involved in the voting process.

As a result, the recommended use of OmniBallot is to use it for the aforementioned printing out of blank ballots, to save half of the trip time of the usual mail-in voting.