Teardown: KC Bearifone Could Talk Circles Around Teddy Ruxpin

At the risk of dating myself, I will tell you that grew up in the 80s — that decade of excess that was half drab and half brightly colored, depending on where you looked, and how much money you had for stuff like Memphis design. Technology seemed to move quickly in almost every aspect of life as the people of the Me decade demanded convenience, variety, and style in everything from their toilet paper (remember the colors?) to their telephones. Even though long distance cost a fortune back then, we were encouraged to ‘reach out and touch someone’.

A Healthy Fear of Bears

Looking back, it’s easy to see how all that advanced technology and excess filtered down to children. I may be biased, but the 80s were a pretty awesome time for toys, and for children’s entertainment in general. Not only were the toys mostly still well-made, even those that came in quarter machines — many of them were technologically amazing.

Take Teddy Ruxpin, which debuted in 1985. Teddy was the world’s first animatronic children’s toy, a bear that would read stories aloud from special cassette tapes, which moved his eyes and mouth along with the words. One track contained the audio, and the other controlled three servos in his face.

I remember watching the commercials and imagining Teddy suddenly switching from some boring bedtime story over to a rockin’ musical number a là the animatronic Rock-afire Explosion band at ShowBiz Pizza (a Chuck E. Cheese competitor). That’s the kind of night I wanted to be having.

The current lineup of the Rock-afire Explosion. Image via Servo Magazine

Although I went to ShowBiz a fair number of times to play Skee-Ball and stare at the Rock-afire Explosion animals and their cool set pieces, I never did have a Teddy Ruxpin. I remember being torn between wanting one and thinking they were kind of scary, which in turn made me a bit tangentially afraid of the Snuggle bear. When it came down to it, Teddy simply cost too much — $69.99 for the bear alone, and another $20 for a single cassette with storybook. And that’s 1985 dollars — according to my favorite inflation calculator, that’s $250 in today’s money for a talking bear and one lousy story.

Which brings us to KC Bearifone, an animatronic teddy bear telephone. Honestly, part of the reason I bought the Bearifone was some sort of false nostalgia for Teddy. The main reason is that I wanted to own a Teleconcepts unit of some kind, and this one seemed like the most fun to mess around with. A robot teddy bear that only does speakerphone? Yes, please.

Continue reading “Teardown: KC Bearifone Could Talk Circles Around Teddy Ruxpin”

Hackaday Podcast 174: Breaking Into The Nest, The Cheapest 3D Printer, A Spy In Your HDMI, And AI All Over The Place

Fresh from vacation, Editor-in-Chief Elliot Williams makes his triumphant return to the Hackaday Podcast! He’s joined this week by Managing Editor Tom Nardi, who’s just happy he didn’t have to do the whole thing by himself again. In this episode we’ll talk about tackling BGA components in your custom PCBs, a particularly well executed hack against Google’s Nest Hub, and why you probably don’t really want the world’s cheapest 3D printer. We’ll also take a look at an incredible project to turn the Nokia 1680 into a Linux-powered handheld computer, a first of its kind HDMI firewall, and a robot that’s pretty good at making tacos. Listeners who are into artificial intelligence will be in for quite a treat as well, as is anyone who dreams of elevating the lowly automotive alternator to a more prominent position in the hacker world.

By the way, it seems nobody has figured out the hidden message in last week’s podcast yet. What are you waiting for? One of you out there has to be bored enough to give it a shot.

Direct download, and play it offline. You don’t need no stinkin’ cloud.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Continue reading “Hackaday Podcast 174: Breaking Into The Nest, The Cheapest 3D Printer, A Spy In Your HDMI, And AI All Over The Place”

This Week In Security: IoT In The Hot Tub, App Double Fail, And FreeBSD BadBeacon

[Eaton Zveare] purchased a Jacuzzi hot tub, and splurged for the SmartTub add-on, which connects the whirlpool to the internet so you can control temperature, lights, etc from afar. He didn’t realize he was about to discover a nightmare of security problems. Because as we all know, in IoT, the S stands for security. In this case, the registration email came from smarttub.io, so it was natural to pull up that URL in a web browser to see what was there. The page presented a login prompt, so [Eaton] punched in the credentials he had just generated. “Unauthorized” Well that’s not surprising, but what was very odd was the flash of a dashboard that appeared just before the authorization complaint. Could that have been real data that was unintentionally sent? A screen recorder answered that question, revealing that there was indeed a table loaded up with valid-looking data.

Digging around in the page’s JavaScript comes up with the login flow. The page uses the Auth0 service to handle logins, and that service sends back an access token. The page sends that access token right back to the Auth0 service to get user privileges. If the logged in user isn’t an admin, the redirect happens. However, we already know that some real data gets loaded. It appears that the limitations to data is all implemented on the client side, and the backend only requires a valid access token for data requests. What would happen if the response from Auth0 were modified? There are a few approaches to accomplish this, but he opted to use Fiddler. Rewrite the response so the front-end believes you’re an admin, and you’re in.

This approach seems to gain admin access to all of the SmartTub admin controls, though [Eaton] didn’t try actually making changes to see if he had write access, too. This was enough to demonstrate the flaw, and making changes would be flirting with that dangerous line that separates research from computer crime. The real problem started when he tried to disclose the vulnerability. SmartTub didn’t have a security contact, but an email to their support email address did elicit a reply asking for details. And after details were supplied, complete radio silence. Exasperated, he finally turned to Auth0, asking them to intervene. Their solution was to pull the plug on one of the two URL endpoints. Finally, after six months of trying to inform Jacuzzi and SmartTub of their severe security issues, both admin portals were secured.

Continue reading “This Week In Security: IoT In The Hot Tub, App Double Fail, And FreeBSD BadBeacon”

Sea Level Rise From Melting Ice Sheets Could Soon Be Locked In

Where today we talk broadly of climate change and it’s various effects, the conversation was once simpler. We called it “global warming” and fretted about cooking outside in the summer and the sea level rise that would claim so many of our favorite cities.

Scientists are now concerned that sea level rises could be locked in, as ice sheets and glaciers pass “tipping points” beyond which their loss cannot be stopped. Research is ongoing to determine how best we can avoid these points of no return.

Continue reading “Sea Level Rise From Melting Ice Sheets Could Soon Be Locked In”

Grain Stuck In Ukraine: The Fragmented Nature Of Modern-Day Railways

The war in Ukraine has upset the global food market, and the surprising reason is not that Ukrainian wheat isn’t being harvested, but rather that it can’t leave the country. With Russia blockading sea ports, the only way out for Ukrainian grain is by train. And this exposes the long-hidden patchwork of railway tracks and train standards: trains can’t simply cross the border from Ukraine to Poland on their way to a sea port because the tracks don’t match.

Even beyond the obvious issues of connecting differently sized physical railway tracks — the track gauge — there  are different signaling systems, different voltages for electrical trains, different loading and structural gauges, and so on. In Europe today, the political history of the past few hundred years can still be traced back using its railroads, with some parts of the European Union still on 1,520 mm Soviet-standard gauge, rather than the 1,435 mm Standard Gauge, which is also known as Stephenson Gauge, European Gauge, etc.

These complications explain why for example with the current war in Ukraine its railways into the rest of Europe aren’t used more for transporting grain and other cargo: with Ukraine using 1,520 mm gauge, all cargo has to be transferred to different trains at the Ukraine-EU border or have bogies swapped. Although some variable gauge systems exist, these come with their own set of limitations.

In light of this it’s not hard to see why standardizing on a single international or even European track gauge is complicated due to having to replace or adapt all tracks and rolling stock, even before considering the aforementioned voltage and signaling differences. All which may lead one to wonder whether we’ll ever see a solution to this historically grown problem.

Continue reading “Grain Stuck In Ukraine: The Fragmented Nature Of Modern-Day Railways”

How Far Can You Push A £500 Small Electric Car; Four Years Of The Hacky Racer

Four years ago when the idea of a pandemic was something which only worried a few epidemiologists, a group of British hardware hackers and robotic combat enthusiasts came up with an idea. They would take inspiration from the American Power Racing Series to create their own small electric racing formula. Hacky Racers became a rougher version of its transatlantic cousin racing on mixed surfaces rather than tarmac, and as an inaugural meeting that first group of racers convened on a cider farm in Somerset to give it a try. Last weekend they were back at the same farm after four years of Hacky Racer development with racing having been interrupted by the pandemic, and Hackaday came along once more to see how the cars had evolved. Continue reading “How Far Can You Push A £500 Small Electric Car; Four Years Of The Hacky Racer”

Edging Ahead When Learning On The Edge

“With the power of edge AI in the palm of your hand, your business will be unstoppable.

That’s what the marketing seems to read like for artificial intelligence companies. Everyone seems to have cloud-scale AI-powered business intelligence analytics at the edge. While sounding impressive, we’re not convinced that marketing mumbo jumbo means anything. But what does AI on edge devices look like these days?

Being on the edge just means that the actual AI evaluation and maybe even fine-tuning runs locally on a user’s device rather than in some cloud environment. This is a double win, both for the business and for the user. Privacy can more easily be preserved as less information is transmitted back to a central location. Additionally, the AI can work in scenarios where a server somewhere might not be accessible or provide a response quickly enough.

Google and Apple have their own AI libraries, ML Kit and Core ML, respectively. There are tools to convert Tensorflow, PyTorch, XGBoost, and LibSVM models into formats that CoreML and ML Kit understand. But other solutions try to provide a platform-agnostic layer for training and evaluation. We’ve also previously covered Tensorflow Lite (TFL), a trimmed-down version of Tensorflow, which has matured considerably since 2017.

For this article, we’ll be looking at PyTorch Live (PTL), a slimmed-down framework for adding PyTorch models to smartphones. Unlike TFL (which can run on RPi and in a browser), PTL is focused entirely on Android and iOS and offers tight integration. It uses a react-native backed environment which means that it is heavily geared towards the node.js world.

Continue reading “Edging Ahead When Learning On The Edge”