When it comes to repairing human bodies, there’s one major difficulty: spare parts are hard to come by. It’s simply not possible to buy a knee joint or a new lung off the shelf.
At best, doctors and surgeons have made do with transplants from donors where possible. However, these are always in short supply, and come with a risk of rejection by the patient’s body.
The 2022 Hackaday Prize is focused on taking care of the planet. The theme of our second challenge round, “Reduce, Recycle, Revamp” is all about tailoring your projects to make use of existing resources and keeping material out of the landfill rather than contributing to it. Our judges have scrutinized the entries and handed me the sealed envelope. All of these ten projects will receive $500 right now and are eligible for the Grand Prize of $50,000, to be announced in November.
We were looking for two broad types of recycling projects in this round, either projects that incorporate a significant recycled component in their build, or projects that facilitate recycling themselves, and frankly we got a good mix of both! Continue reading “2022 Hackaday Prize: Reuse, Recycle, Revamp Finalists”→
Needless to say, the views we get through modern lenses are a lot more realistic. So how did we get from simple magnifying systems to the complex lens systems we see today? We start with a quick journey through the history of the camera and the lens, and we’ll end up with the cutting edge in lens design for smartphone cameras and VR headsets.
At the risk of dating myself, I will tell you that grew up in the 80s — that decade of excess that was half drab and half brightly colored, depending on where you looked, and how much money you had for stuff like Memphis design. Technology seemed to move quickly in almost every aspect of life as the people of the Me decade demanded convenience, variety, and style in everything from their toilet paper (remember the colors?) to their telephones. Even though long distance cost a fortune back then, we were encouraged to ‘reach out and touch someone’.
A Healthy Fear of Bears
Looking back, it’s easy to see how all that advanced technology and excess filtered down to children. I may be biased, but the 80s were a pretty awesome time for toys, and for children’s entertainment in general. Not only were the toys mostly still well-made, even those that came in quarter machines — many of them were technologically amazing.
Take Teddy Ruxpin, which debuted in 1985. Teddy was the world’s first animatronic children’s toy, a bear that would read stories aloud from special cassette tapes, which moved his eyes and mouth along with the words. One track contained the audio, and the other controlled three servos in his face.
I remember watching the commercials and imagining Teddy suddenly switching from some boring bedtime story over to a rockin’ musical number a là the animatronic Rock-afire Explosion band at ShowBiz Pizza (a Chuck E. Cheese competitor). That’s the kind of night I wanted to be having.
The current lineup of the Rock-afire Explosion. Image via Servo Magazine
Which brings us to KC Bearifone, an animatronic teddy bear telephone. Honestly, part of the reason I bought the Bearifone was some sort of false nostalgia for Teddy. The main reason is that I wanted to own a Teleconcepts unit of some kind, and this one seemed like the most fun to mess around with. A robot teddy bear that only does speakerphone? Yes, please.
Fresh from vacation, Editor-in-Chief Elliot Williams makes his triumphant return to the Hackaday Podcast! He’s joined this week by Managing Editor Tom Nardi, who’s just happy he didn’t have to do the whole thing by himself again. In this episode we’ll talk about tackling BGA components in your custom PCBs, a particularly well executed hack against Google’s Nest Hub, and why you probably don’t really want the world’s cheapest 3D printer. We’ll also take a look at an incredible project to turn the Nokia 1680 into a Linux-powered handheld computer, a first of its kind HDMI firewall, and a robot that’s pretty good at making tacos. Listeners who are into artificial intelligence will be in for quite a treat as well, as is anyone who dreams of elevating the lowly automotive alternator to a more prominent position in the hacker world.
By the way, it seems nobody has figured out the hidden message in last week’s podcast yet. What are you waiting for? One of you out there has to be bored enough to give it a shot.
[Eaton Zveare] purchased a Jacuzzi hot tub, and splurged for the SmartTub add-on, which connects the whirlpool to the internet so you can control temperature, lights, etc from afar. He didn’t realize he was about to discover a nightmare of security problems. Because as we all know, in IoT, the S stands for security. In this case, the registration email came from smarttub.io, so it was natural to pull up that URL in a web browser to see what was there. The page presented a login prompt, so [Eaton] punched in the credentials he had just generated. “Unauthorized” Well that’s not surprising, but what was very odd was the flash of a dashboard that appeared just before the authorization complaint. Could that have been real data that was unintentionally sent? A screen recorder answered that question, revealing that there was indeed a table loaded up with valid-looking data.
Digging around in the page’s JavaScript comes up with the login flow. The page uses the Auth0 service to handle logins, and that service sends back an access token. The page sends that access token right back to the Auth0 service to get user privileges. If the logged in user isn’t an admin, the redirect happens. However, we already know that some real data gets loaded. It appears that the limitations to data is all implemented on the client side, and the backend only requires a valid access token for data requests. What would happen if the response from Auth0 were modified? There are a few approaches to accomplish this, but he opted to use Fiddler. Rewrite the response so the front-end believes you’re an admin, and you’re in.
This approach seems to gain admin access to all of the SmartTub admin controls, though [Eaton] didn’t try actually making changes to see if he had write access, too. This was enough to demonstrate the flaw, and making changes would be flirting with that dangerous line that separates research from computer crime. The real problem started when he tried to disclose the vulnerability. SmartTub didn’t have a security contact, but an email to their support email address did elicit a reply asking for details. And after details were supplied, complete radio silence. Exasperated, he finally turned to Auth0, asking them to intervene. Their solution was to pull the plug on one of the two URL endpoints. Finally, after six months of trying to inform Jacuzzi and SmartTub of their severe security issues, both admin portals were secured.
Where today we talk broadly of climate change and it’s various effects, the conversation was once simpler. We called it “global warming” and fretted about cooking outside in the summer and the sea level rise that would claim so many of our favorite cities.
Scientists are now concerned that sea level rises could be locked in, as ice sheets and glaciers pass “tipping points” beyond which their loss cannot be stopped. Research is ongoing to determine how best we can avoid these points of no return.
