2024 Hackaday Superconference Speakers, Round Two

September 25, 2024 by Elliot Williams 1 Comment

It’s honestly amazing the range of fascinating talks we have lined up for this year’s Supercon. From art robots that burp and belch to gliders returning from near-space, from hardcore DSP to DIY PCBs, and sketching with machines, Hackaday’s Supercon is like nothing else out there.

And in case you’re already coming, you don’t have a talk slot reserved, but you’ve still got something that you want to say, please sign yourself up for a Lightning Talk! In the spirit of the Lightning, we’ll be taking submissions up to the absolute last minute, and we will fit in as many short talks as possible, but when it does fill up, we’ll be giving priority to those who got in first.

We’ve got one more speaker announce coming up, and of course our keynote speaker and the badge reveal. Supercon will sell out so get your tickets now before it’s too late. So without further ado, here is our next round of stellar speakers!

Continue reading “2024 Hackaday Superconference Speakers, Round Two” →

2024 Hackaday Supercon Workshop Tickets Go On Sale Now

September 24, 2024 by Elliot Williams 8 Comments

Our workshop ticket sales go live today at 8 AM PDT! If you’re coming to Supercon, and you’re interested, go get your workshop ticket before they all sell out!

There will be a change to this year’s workshop ticket limits. We heard our community’s feedback, and in the spirit of giving as many people as possible the opportunity to enjoy a workshop, we are limiting sign up to one workshop per attendee. If there are extra tickets by October 18th, we will allow folks to sign up for additional workshops.

If you register for more than one workshop we will refund you the ticket for the others based on the timestamp that you registered for each ticket (leaving only the ticket for the first workshop you registered for). We hope everyone understands our goal is to allow more people to experience a Supercon workshop due to limited space.

And of course, you can’t join in the workshops at Supercon without coming to Supercon. So get your tickets now if you haven’t already.

Stay tuned tomorrow for more speaker announcements!

Continue reading “2024 Hackaday Supercon Workshop Tickets Go On Sale Now” →

FreeCAD Is Near 1.0

September 21, 2024 by Elliot Williams 48 Comments

The open-source parametric 3D modelling software, FreeCAD, is out in a release candidate for version 1.0. If you’ve tried FreeCAD before and found a few showstoppers, it might be a good time for you to test it out again because the two biggest of them have been solved in this latest version.

First, version 1.0 finally implements a solution to the “topological naming problem”. Imagine you want to put a hole into a surface. The program needs to know on which surface to put the hole, and so it refers to this surface by name / number. Now imagine you subdivide the surface, and both subsections get new names. Where does your hole go now? If you want to dig into the issue, the inimitable [MangoJelly] has a great video about the topo naming problem. Practically, there were workarounds, like only adding chamfers after the main design has stabilized, but frankly it was a hassle to remember all of the tricks. This is a huge fix.

The second big fix concerns assemblies. Older versions of FreeCAD were great for making single parts, but combining them all together inside the CAD program was always janky. Version 1.0 combines the previous two patchwork assembly workbenches into one, and it’s altogether more pleasant to use. The constraints of how two parts move when held together with an axle just works now, and this is a big deal for multi-part models.

If you’re coming from any other parametric CAD program, most of FreeCAD will seem familiar to you, but there will also be workflow differences that will take some getting used to. In trade, what do you get? Scriptability in Python, real open source software, and all of the bells and whistles for free. Now that its two biggest pain points have been addressed, FreeCAD has become a lot easier to love. We’re looking forward to some good V1.0 tutorials in the future, and we’ll keep you posted when we find them.

The Surprising Effects Of Fast Food Kiosks

September 21, 2024 by Al Williams 81 Comments

For as long as there have been machines, there have been fears of machines taking your job. One of the latest incarnations of this phenomenon is the fast-food ordering kiosk. No longer will you have some teenager asking you if you want fries with that. These days, you are more likely going to find the question on a touch screen. So, are those poor kids out of an entry-level job? Apparently not, according to a recent CNN story.

According to McDonald’s, a business that embraces the kiosks, the new technology increases sales and creates more jobs, albeit more jobs further behind the counter. Part of the reason is that while “Do you want fries with that” is a cliche, it is also a sound business practice. Cashiers should try to upsell but don’t always do so. The kiosk always remembers to offer you an apple pie or whatever else they want to move today.

Continue reading “The Surprising Effects Of Fast Food Kiosks” →

Raspberry Pi RP2350-E9 Erratum Redefined As Input Mode Leakage Current

September 20, 2024 by Maya Posch 34 Comments

Although initially defined as an issue with GPIO inputs when configured with the internal pull-downs enabled, erratum RP2350-E9 has recently been redefined in the datasheet (page 1341) as a case of increased leakage current. As it is now understood since we previously reported, the issue occurs when a GPIO (0 – 47) is configured as input, the input buffer is enabled, and the pad voltage is somewhere between logic LOW and HIGH. In that case leakage current can be as high as 120 µA with IO_VDD = 3.3 V. This leakage current is too much for the internal pull-up to overcome, ergo the need for an external pull-down: 8.2 kΩ or less, per the erratum. Disabling the input buffer will stop the leakage current, but reading the input requires re-enabling the buffer.

GPIO Pad leakage for IOVDD=3.3 V (Credit: Raspberry Pi)

The upshot of this issue is that for input applications, the internal pull-downs are useless, and since PIO applications cannot toggle pad controls, the input buffer toggling workaround is not an option. ADC usage requires one to clear the GPIO input enable. In general any circuit that relies on floating pins or an internal pull-down resistor will be affected.

Although this should mean that the affected A2 stepping of the RP2350 MCU can still be used for applications where this is not an issue, and external pull-downs can be used as a ‘fix’ at the cost of extra power usage, it makes what should have been a drop-in replacement a troubled chip at best. At this point there have still been no definite statements from Raspberry Pi regarding a new (B0) stepping, leaving RP MCU users with the choice between the less flashy RP2040 and the buggy RP2350 for the foreseeable future.

Header: Thomas Amberg, CC BY-SA 2.0.

This Week In Security: Open Source C2, Raptor Trains, And End To End Encryption

September 20, 2024 by Jonathan Bennett 14 Comments

Open Source has sort of eaten everything in software these days. And that includes malware, apparently, with open source Command and Control (C2) frameworks like Sliver and Havoc gaining traction. And of course, this oddball intersection of Open Source and security has intrigued at least one security researcher who has found some interesting vulnerabilities.

Before we dive into what was found, you may wonder why open source malware tools exist. First off, trustworthy C2 servers are quite useful for researchers, who need access to such tools for testing. Then there is Red Teaming, where a security professional launches a mock attack against a target to test its defenses. A C2 is often useful for education and hobby level work, and then there are the true criminals that do use these Open Source tools. It takes all types.

A C2 system consists of an agent installed on compromised systems, usually aiming for stealth. These agents connect to a central server, sending information and then executing any instructions given. And finally there’s a client, which is often just a web interface or even a command line interface.

Now what sort of fun is possible in these C2 systems? Up first is Sliver, written in Go, with a retro command line interface. Sliver supports launching Metasploit on compromised hosts. Turns out, it accidentally supported running Metasploit modules against the server’s OS itself, leading to an easy remote shell from an authenticated controller account.

Havoc has a fancy user interface for the clients, and also a command injection flaw. A service name field gets used to generate a shell command, so you’re only a simple escape away from running commands. That’s not quite as useful as the API that failed open when a bad username/password was given. Oops. Continue reading “This Week In Security: Open Source C2, Raptor Trains, And End To End Encryption” →

COBB Tuning Hit With $2.9 Million Fine Over Emissions Defeat Devices

September 20, 2024 by Maya Posch 110 Comments

Recently, the EPA and COBB Tuning have settled after the latter was sued for providing emissions control defeating equipment. As per the EPA’s settlement details document, COBB Tuning have since 2015 provided customers with the means to disable certain emission controls in cars, in addition to selling aftermarket exhaust pipes with insufficient catalytic systems. As part of the settlement, COBB Tuning will have to destroy any remaining device, delete any such features from its custom tuning software and otherwise take measures to fully comply with the Clean Air Act, in addition to paying a $2,914,000 civil fine.

The tuning of cars has come a long way from the 1960s when tweaking the carburetor air-fuel ratios was the way to get more power. These days cars not only have multiple layers of computers and sensor systems that constantly monitor and tweak the car’s systems, they also have a myriad of emission controls, ranging from permissible air-fuel ratios to catalytic converters. It’s little surprise that these systems can significantly impact the raw performance one might extract from a car’s engine, but if the exhaust of nitrogen-oxides and other pollutants is to be kept within legal limits, simply deleting these limits is not a permissible option.

COBB Tuning proclaimed that they weren’t aware of these issues, and that they never marketed these features as ’emission controls defeating’. They were however aware of issues regarding their products, which is why they announced ‘Project Green Speed’ in 2022, which supposedly would have brought COBB into compliance. Now it would seem that the EPA did find fault despite this, and COBB was forced to making adjustments.

Although perhaps not as egregious as modifying diesel trucks to ‘roll coal’, federal law has made it abundantly clear that if you really want to have fun tweaking and tuning your car without pesky environmental laws getting in the way, you could consider switching to electric drivetrains, even if they’re mind-numbingly easy to make performant compared to internal combustion engines.