Come Join Us For Hackaday Berlin!

February 7, 2023 by Elliot Williams 54 Comments

It’s been far too long since we’ve had an event in Europe, and we’re going to fix that right now. Hackaday Berlin 2023 will be a day-long conference full of great talks, badge hacking, music, art, madness, and gathering with your favorite hackers on Saturday, March 25.

But it doesn’t stop there. We’ll have a pre-event party Friday night, and then a bring-a-hack brunch on Sunday with further opportunities to show off whatever projects you’re bringing along, hack some more on the badge, wind down, and/or play together. So if your travel plans allow it, come in Friday mid-day and don’t schedule your return ticket until Sunday evening.

Cutting to the chase: early bird tickets are on sale right now, so go get one! But even if you miss out on those, and they’ll go like hotcakes, the regular tickets are well worth it. Everything is fully catered, the badge and the swag are phenomenal, and the talks will be first-rate.

Last time we were in Europe, the party went on until 2 AM!

Saturday’s main events will include a handful of fantastic invited guest talks, but also a few hours of Lightning Talks given by you – yes, you! If you’ve never attended a lightning talk, you get seven minutes to run through one of your favorite projects. We want to know what’s on your workbench right now, what new skills you’ve been teaching yourself, or the groundwork you’ve been laying for the next big project. It’s your chance to inspire everyone in the room – grab it.

Everyone asked us to do a second run of the 2022 Hackaday Supercon badge, and now we’ve got the perfect excuse! Designed by Voja Antonic, the badge is a standalone retrocomputer in the style of an Altair or similar, but it’s much more. Between blinking LEDs that display everything going on, down to the gates in the ALU, and a trimmed-down machine language, it’s an invitation to get deeply in touch with the machine. If you felt left out because you couldn’t travel to Pasadena last November, here’s your second chance.

And then there’s the crowd. Hackaday really is a global community of hackers, and Hackaday events tend to bring out the best. Even if you’re not planning to give a lightning talk (and you should!) be prepared to talk about what you’re doing, because everyone else there is just as interested in cool projects as you are. Hackaday Berlin will be a great opportunity to connect and reconnect with new and old friends alike. Come join us!

We’ll be following up with a speaker announcement next week, but if you have any questions, let us know in the comments below. Otherwise, we’ll see you in Berlin.

Researchers Find “Inert” Components In Batteries Lead To Cell Self-Discharge

February 6, 2023 by Donald Papp 11 Comments

When it comes to portable power, lithium-ion batteries are where it’s at. Unsurprisingly, there’s a lot of work being done to better understand how to maximize battery life and usable capacity.

Red electrolytic solution, which should normally be clear.

While engaged in such work, [Dr. Michael Metzger] and his colleagues at Dalhousie University opened up a number of lithium-ion cells that had been subjected to a variety of temperatures and found something surprising: the electrolytic solution within was a bright red when it was expected to be clear.

It turns out that PET — commonly used as an inert polymer in cell assembly — releases a molecule that leads to self-discharge of the cells when it breaks down, and this molecule was responsible for the color change. The molecule is called a redox shuttle, because it travels back and forth between the cathode and the anode. This is how an electrochemical cell works, but the problem is this happens all the time, even when the battery isn’t connected to anything, causing self-discharge.

Continue reading “Researchers Find “Inert” Components In Batteries Lead To Cell Self-Discharge” →

Equipping Rats With Backpacks To Find Victims Under Rubble

February 5, 2023 by Maya Posch 20 Comments

When it comes to demining or finding victims after a disaster, dogs are well-known to aid humans by sniffing out threats and trapped humans with ease. Less well-known, but no less impressive are rats, with the African giant pouched rat being the star of the show. Recently a student at the Dutch Technical University of Eindhoven (TU/e) has demonstrated how these rats can sniff out buried victims, aided by a high-tech backpack that gives them a communication link back to their human handler.

All of this is done in association with the Belgian-registered and Tanzania-based NGO APOPO, whose achievements include training gold medal winner Magawa the rat, who helped find 71 landmines and dozens more types of UXO over a 5-year career. These landmine-hunting rats are known as HeroRATs and have been helping demine nations since the 1990s. They may be joined by RescueRats in the near future.

Each RescueRat is equipped with a backpack that contains a camera and battery, as well as GPS and altimeter. Each backpack includes a button that the rat is trained to press when they have found a victim — essentially dropping a pin on their human rescuer’s maps.

Figuring out the location of the victim inside the rubble pile is the real challenge. This is where a (LoRa) radio beacon in the backpack is triangulated using receivers placed around the area, allowing the rescuers to determine with reasonable accuracy where to focus their efforts.

(Thanks to [Roel] for the tip!)

Continue reading “Equipping Rats With Backpacks To Find Victims Under Rubble” →

Smart Ovens Are Doing Dumb Checks For Internet Connectivity

February 3, 2023 by Lewin Day 85 Comments

If you’ve ever worked in IT support, you’ll be familiar with users calling in to check if the Internet is up every few hours or so. Often a quick refresh of the browser is enough to see if a machine is actually online. Alternatively, a simple ping or browsing to a known-working website will tell you what you need to know. The one I use is koi.com, incidentally.

When it comes to engineers coding firmware for smart devices, you would assume they have more straightforward and rigorous ways of determining connectivity. In the case of certain smart ovens, it turns out they’re making the same dumb checks as everyone else.

Continue reading “Smart Ovens Are Doing Dumb Checks For Internet Connectivity” →

Showing two MCP23017 expanders soldered onto a PCB

MCP23017 Went Through Shortage Hell, Lost Two Inputs

February 3, 2023 by Arya Voronova 68 Comments

The MCP23017, a 16-bit I2C GPIO expander, has always been a tasty chip. With 16 GPIOs addressable over I2C, proper push/pull outputs, software-enabled pull-ups, eight addresses, maskable interrupts for all pins, and reasonably low price, there’s a reason it’s so popular. No doubt due in part to that popularity, it’s been consistently out of stock during the past year and a half, as those of us unlucky enough to rely on it in our projects will testify.

Now, the chip is back in stock, with 23,000 of them to go around on Mouser alone, but there’s a catch. Apparently, the lengthy out-of-stock period has taken a heavy toll on the IC. Whether it’s the recession or perhaps the gas shortages, the gist is — the MCP23017 now a 14/16-bit expander, with two of the pins (GPA7 and GPB7) losing their input capabilities. The chips look the same, are called the same, and act mostly the same — if you don’t download the latest version of the datasheet (Revision D), you’d never know that there’s been a change. This kind of update is bound to cause a special kind of a debugging evening for a hobbyist, and makes the chip way less suitable for quite a few applications.

It’s baffling to think about such a change happening nearly 20 years after the chip was initially released, and we wonder what could have caused it. This applies to the I2C version specifically — the SPI counterpart, MCP23S17, stays unaffected. Perhaps, using a microcontroller or shift registers for your GPIO expansion isn’t as unattractive of an option after all. Microcontroller GPIO errata are at least expected to happen, and shift registers seem to have stayed the same since the dawn of time.

The reasons for MCP23017 silicon getting cut in such a way, we might never know. At least now, hopefully, this change will be less of a bitter surprise to those of us happy to just see the chip back in stock — and for hackers who have already restocked their MCP23017 hoards, may your shelved boards magically turn out to have a compatible pinout.

This Week In Security: Github, Google, And Realtek

February 3, 2023 by Jonathan Bennett 4 Comments

GitHub Desktop may have stopped working for you yesterday, Febuary 2nd. The reason was an unauthorized access to some decidedly non-public repositories. The most serious bit of information that escaped was code signing certificates, notably used for GitHub Desktop and Atom. Those certificates were password protected, so it’s unlikely they’ve been abused yet. Even so, Github is taking the proper steps of revoking those certificates.

The only active certificate that was revoked was used for signing the Mac releases of GitHub Desktop, so quite a few older versions of that software is no longer easily installed. If nothing else, it’s a reminder that even a project with a well run security team can have problems.

Sh1mmer-ing Chromebooks

There’s a new, clever attack on the Chromebook, specifically with the goal of unenrolling the device from an educational organization. And the “vulnerability” is a documented feature, the RMA Shim. That’s a special boot loader target that contains a valid signature, but allows the booting of other code, intended for troubleshooting and fixing devices in a repair center. Quite a few of those images have leaked, and Sh1mmer combines the appropriate image with a boot menu with some interesting options.

The first is unenrolling, so the device will act like a privately owned computer. This gets rid of content blocks and allows removing extensions. But wait, there’s more. Like rooting the device, a raw Bash terminal, and re-enabling developer mode. Now, as far as we can tell, this doesn’t *directly* break device encryption, but it’s likely that the RMA shim could be abused to tamper with the device’s filesystem. Meaning that the leak of a bunch of signed shims is a big problem for device security. If you use a Chromebook, it might be time to do some research on whether that model’s shim has been leaked. Continue reading “This Week In Security: Github, Google, And Realtek” →

End Of An Automation Era As Twitter Closes Its Doors To Free API Access

February 3, 2023 by Jenny List 40 Comments

Over the last few months since Elon Musk bought Twitter there has been a lot of comment and reaction, but not much with relevance to Hackaday readers. Today though that has changed, with an announcement from the company that as of February 9th they will end their free API tier. It’s of relevance here because Twitter has become one of those glue items for connected projects and has appeared in many featured works on this site. A week’s notice of a service termination is exceptionally short, so expect to see a lot of the Twitter bots you follow disappearing.

Twitter bot owners have the option of paying to continue with Twitter, or rebuilding their service to use a Mastodon instance such as botsin.space. If the fediverse is new to you, then the web is not short of tutorials on how to do this.

We feel that Twitter will be a poorer place without some of the creative, funny, or interesting bots which have enriched our lives over the years, and we hope that the spam bots don’t remain by paying for API access. We can’t help feeling that this is a misguided step though, because when content is the hook to bring in the users who are the product, throwing out an entire category of content seems short-sighted. We’re not so sure about it as a move towards profitability either, because the payback from a successful social media company is never profit but influence. In short: social media companies don’t make money but the conversation itself, and that can sometimes be worth more than money if you can avoid making a mess of it.

If the bots from our field depart for Mastodon, we look forward to seeing whether the new platform offers any new possibilities. Meanwhile if your projects don’t Toot yet, find out how an ESP32 can do it.

Header: D J Shin, CC BY-SA 3.0.