News

3658 Articles

A Second OctoPrint Plugin Has Been Falsifying Stats

July 4, 2024 by 34 Comments

The ongoing story of bogus analytical data being submitted to the public OctoPrint usage statistics has taken a surprising turn with the news that a second plugin was being artificially pushed up the charts. At least this time, the developer of the plugin has admitted to doing the deed personally.

Just to recap, last week OctoPrint creator [Gina Häußge] found that somebody had been generating fictitious OctoPrint usage stats since 2022 in an effort to make the OctoEverywhere plugin appear to be more popular than it actually was. It was a clever attempt, and if it wasn’t for the fact that the fake data was reporting itself to be from a significantly out of date build of OctoPrint, there’s no telling how long it would have continued. When the developers of the plugin were confronted, they claimed it was an overzealous user operating under their own initiative, and denied any knowledge that the stats were being manipulated in their favor.

Presumably it was around this time that Obico creator [Kenneth Jiang] started sweating bullets. It turns out he’d been doing the same thing, for just about as long. When [Gina] contacted him about the suspicious data she was seeing regarding his plugin, he owned up to falsifying the data and published what strikes us as a fairly contrite apology on the Obico blog. While this doesn’t absolve him of making a very poor decision, we respect that he didn’t try to shift the blame elsewhere.

That said, there’s at least one part of his version of events that doesn’t quite pass the sniff test for us. According to [Kenneth], he first wrote the script that generated the fake data back in 2022 because he suspected (correctly, it turns out) that the developers of OctoEverywhere were doing something similar. But after that, he says he didn’t realize the script was still running until [Gina] confronted him about it.

Now admittedly, we’re not professional programmers here at Hackaday. But we’ve written enough code to be suspicious when somebody claims a script they whipped up on a lark was able to run unattended for two years and never once crashed or otherwise bailed out. We won’t even begin to speculate where said script could have been running since 2022 without anyone noticing…

But we won’t dwell on the minutiae here. [Gina] has once again purged the garbage data from the OctoPrint stats, and hopefully things are finally starting to reflect reality. We know she was already angry about the earlier attempts to manipulate the stats, so she’s got to be seething right about now. But as we said before, these unfortunate incidents are ultimately just bumps in the road. We don’t need any stat tracker to know that the community as a whole greatly appreciates the incredible work she’s put into OctoPrint.

USB And The Myth Of 500 Milliamps

July 3, 2024 by 91 Comments

If you’re designing a universal port, you will be expected to provide power. This was a lesson learned in the times of LPT and COM ports, where factory-made peripherals and DIY boards alike had to pull peculiar tricks to get a few milliamps, often tapping data lines. Do it wrong, and a port will burn up – in the best case, it’ll be your port, in worst case, ports of a number of your customers.

Want a single-cable device on a COM port? You might end up doing something like this.

Having a dedicated power rail on your connector simply solves this problem. We might’ve never gotten DB-11 and DB-27, but we did eventually get USB, with one of its four pins dedicated to a 5 V power rail. I vividly remember seeing my first USB port, on the side of a Thinkpad 390E that my dad bought in 2000s – I was eight years old at the time. It was merely USB 1.0, and yet, while I never got to properly make use of that port, it definitely marked the beginning of my USB adventures.

About six years later, I was sitting at my desk, trying to build a USB docking station for my EEE PC, as I was hoping, with tons of peripherals inside. Shorting out the USB port due to faulty connections or too many devices connected at once was a regular occurrence; thankfully, the laptop persevered as much as I did. Trying to do some research, one thing I kept stumbling upon was the 500 mA limit. That didn’t really help, since none of the devices I used even attempted to indicate their power consumption on the package – you would get a USB hub saying “100 mA” or a mouse saying “500 mA” with nary an elaboration.

Fifteen more years have passed, and I am here, having gone through hundreds of laptop schematics, investigated and learned from design decisions, harvested laptops for both parts and even ICs on their motherboards, designed and built laptop mods, nowadays I’m even designing my own laptop motherboards! If you ever read about the 500 mA limit and thought of it as a constraint for your project, worry not – it’s not as cut and dried as the specification might have you believe.
Continue reading “USB And The Myth Of 500 Milliamps”

A FreeCAD sticker, a FreeCAD pencil, a Hackaday Jolly Wrencher SAO PCB and the board-to-be-encased next to each other

FreeCAD Foray: Shells For All Our PCBs

July 1, 2024 by 58 Comments

Are you the kind of hacker who tries to pick up FreeCAD, but doesn’t want to go through a tutorial and instead pokes around the interface, trying to transfer the skills from a CAD suite you’ve been using before? I’ve been there too, and in my experience, FreeCAD doesn’t treat such forays lightly. It’s a huge package that enables everything from architecture to robotics design, so if you just want a 3D-printed case for a PCB project, the hill can be steep. So let’s take that first simple project as an example, and see if it helps you learn a little bit of FreeCAD.

This board needs a case – badly.

As motivation, I recently built a USB-C PSU board that uses a DC PSU and does the USB-C handshaking to provide 20 V to a laptop. It is currently my only 100 W USB-C PSU, and my 60 W PSU just died, which is why I now use this board 24/7. I have brought it on two different conferences so far, which has highlighted a problem – it’s a board with tons of exposed contacts, which means that it isn’t perfectly travel-friendly, and neither it is airport-friendly – not that I won’t try and bring it anyway. So, currently, I have to watch that nothing shorts out – given the board has 3.3 V close to 20 V at 9 A, it’s a bit of a worry.

This means I have to design some sort of case for it. I was taught SolidWorks in the half a year that I spent in a university, and honestly, I’m tired of the licensing and proprietary format stuff. When it comes to more hobbyist-accepted tools like Fusion360, I just don’t feel like exchanging one proprietary software for another. So, FreeCAD is the obvious choice – apart from OpenSCAD, which I know and love, but I don’t always want to think up fifteen variable names for every silly little feature. That, and I also want to fillet corners every now and then.

For a full-open-source workflow, today’s PCB is designed with KiCad, too. Let’s see about installing FreeCAD, and the few things you need to import a KiCad board file into FreeCAD.

Continue reading “FreeCAD Foray: Shells For All Our PCBs”

Swapping Vinyl For Cardboard With This ESP32 Turntable

June 30, 2024 by 15 Comments

Cardboard is a surprisingly durable material, especially in its corrugated form. It’s extremely lightweight for its strength, is easy to work, can be folded and formed into almost any shape, is incredibly inexpensive, and when it has done its duty it can be recycled back into more paper. For these reasons, it’s often used in packaging material but it can be used to build all kinds of things outside of ensuring that products arrive at their locations safely. This working cardboard record player is one example.

While the turntable doesn’t have working records in the sense that the music is etched into them like vinyl, each has its own RFID chip embedded that allows the ESP32 in the turntable’s body to identify them. Each record corresponds to a song stored on an SD card that instructs the ESP32 to play the appropriate song. It also takes care of spinning the record itself with a small stepper motor. There are a few other details on this build that tie it together too, including a movable needle arm held on with a magnet and a volume slider.

As far as a building material goes, cardboard is fairly underrated in our opinion. Besides small projects like this turntable, we’ve also seen it work as the foundation for a computer, and it even has the strength and durability to be built into a wall or even used as shelving material. And, of course, it’s a great material to use when prototyping new designs.

Continue reading “Swapping Vinyl For Cardboard With This ESP32 Turntable”

Apple May Use Electrical Debonding For Battery Replacement

June 29, 2024 by 21 Comments

As a result of the European Union’s push for greater repairability of consumer devices like smartphones, Apple sees itself forced to make the batteries in the iPhone user-replaceable by 2027. Reportedly, this has led Apple to look at using electroadhesion rather than conventional adhesives which require either heat, isopropyl alcohol, violence, or all of the above to release. Although details are scarce, it seems that the general idea would be that the battery is wrapped in metal, which, together with the inside of the metal case, would allow for the creation of a cationic/anionic pair capable of permanent adhesion with the application of a low-voltage DC current.

This is not an entirely wild idea. Tesa has already commercialized it in the electrical debonding form of its Debonding on Demand product. This uses a tape that’s applied to one side of the (metal) surfaces, with a 5 bar pressure being applied for 5 seconds. Afterwards, the two parts can be released again without residue as shown in the above image. This involves applying a 12V DC voltage for 60 seconds, with the two parts afterward removable without force.

Continue reading “Apple May Use Electrical Debonding For Battery Replacement”

Long-Term OctoPrint Stat Manipulation Uncovered

June 29, 2024 by 31 Comments

Developing free and open source software can be a thankless experience. Most folks do it because it’s something they’re passionate about, with the only personal benefit being the knowledge that there are individuals out there who found your work useful enough to download and install. So imagine how you’d feel if it turns out somebody was playing around with the figures, and the steady growth in the number of installs you thought your software had turned out to be fake.

That’s what happened just a few days ago to OctoPrint developer [Gina Häußge]. Although there’s no question that her software for remotely controlling and monitoring 3D printers is immensely popular within the community, the fact remains that the numbers she’s been using to help quantify that popularity have been tampered with by an outside party. She’s pissed, and has every right to be.

Continue reading “Long-Term OctoPrint Stat Manipulation Uncovered”

This Week In Security: Kaspersky Ban, Project Naptime, And More

June 28, 2024 by 11 Comments

The hot news this week is that Kaspersky is banned in the USA. More specifically, Kaspersky products will be banned from sale in the US starting on September 29. This ban will extend to blocking software updates, though it’s unclear how that will actually be accomplished. It’s reasonable to assume that payment processors will block payments to Kaspersky, but will ISPs be required to block traffic that could contain antivirus updates?

WordPress Plugin Backdoor

A Quartet of WordPress plugins have been found to have recently included backdoor code. It’s a collection of five Open Source plugins, seemingly developed by unrelated people. Malicious updates first showed up on June 21st, and it appears that all five plugins are shipping the same malicious code.

Rabbit AI API

The Rabbit R1 was released to less than thunderous applause. The idea is a personal AI device, but the execution has been disappointing, to the point of reviewers suggesting some of the earlier claims were fabricated. Now it seems there’s a serious security issue, in the form of exposed API keys that have *way* too many privileges.

The research seems to be done by the rabbitude group, who found the keys back in May. Of the things allowed by access to the API keys, the most worrying for user privacy was access to every text-to-speech call. Rabbitude states in their June 25 post, that “rabbit inc has known that we have had their elevenlabs (tts) api key for a month, but they have taken no action to rotate the api keys.” On the other hand, rabbit pushed a statement on the 26th, claiming they were just then made aware of the issue, and made the needed key rotations right away.

Continue reading “This Week In Security: Kaspersky Ban, Project Naptime, And More”