A Poor-Man’s Laser CNC Engraver

July 9, 2017 by Dan Maloney 42 Comments

What do you get when you mix the disappointment that sometimes accompanies cheap Chinese electronics with the childhood fascination of torturing insects with a magnifying glass on a sunny day? You get a solar-powered CNC etcher, that’s what.

We all remember the days of focussing the sun on a hapless insect, or perhaps less sadistically on a green plastic army man or just a hunk of dry wood. The wonder that accompanied that intense white spot instantly charring the wood and releasing wisps of smoke stayed with you forever, as seemingly did the green spots in your vision. [drum303] remembered those days and used them to assuage his buyer’s remorse when the laser module on his brand new CNC engraver crapped out after the first 10 minutes. A cheap magnifying glass mounted to the laser holder and a sunny day, and he don’t need no stinkin’ lasers! The speed needs to be set to a super slow — 100mm per minute — and there’s the problem of tracking the sun, but the results are far finer than any of our childhood solar-artistic attempts ever were.

Do we have the makings of a possible performance art piece here? A large outdoor gantry with a big Fresnel lens that could etch a design onto a large piece of plywood would be a pretty boss beachside attraction. Of course, you’d need a simple solar tracker to keep things in focus.

Continue reading “A Poor-Man’s Laser CNC Engraver” →

Dropping Zip Bombs On Vulnerability Scanners

July 8, 2017 by Elliot Williams 117 Comments

If you’ve ever looked at the server logs of a computer that lives full-time on the Internet, you know it’s a rough world out there. You’ll see hundreds of attempts per day to break in to your one random little box. Are you going to take that sitting down? Christian Haschek didn’t.

Instead of simply banning IPs or closing off services, [Christian] decided to hit ’em where it hurts: in the RAM. Now, whenever a bot hits his server looking for a poorly configured WordPress install, he serves them 10 GB of zeroes, compressed down into 10 MB by gzip:

dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip

The classic trick uses zip multiple times on itself, which lets you compress arbitrarily large files into just a few kB. [Christian] tried this with gzip, and discovered that it didn’t automatically recurse, so he’s taking a small bandwidth hit for the team. If you know how to get more data packed smaller using gzip, leave a note in the comments.

Nobody really knows if this works on the bad guys’ servers, but [Christian] said that they stopped hitting him after downloading a couple payloads. If you want to test out what it does to your system, click this link. If you don’t run a server, but phishing e-mails get you hot under the collar, check out [Robbie Gallagher]’s talk on phishing the phishers from last year’s Schmoocon for cathartic tales of revenge.

DEF CON Badgelife: The Puffy That Runs Linux

July 7, 2017 by Brian Benchoff 9 Comments

DEF CON is canceled again this year, and this time that statement is at least partially true. There will be no special official badges this year. There is no challenge or mystery embedded in the official DC badge. This is the year that unofficial badges from villages and random attendees finally supersedes the official offering. This is badgelife, and for the next few weeks, we’re going to be taking a look at some of the unofficial badges of DEF CON.

The idea for [dorkengine]’s Puffy badge began last year with the so-called Bender badges from AND!XOR. Chalk this up to a story that ends with, ‘but you had to have been there’, but the Bender badges were wildly popular, sold like hotcakes, and were an astonishing success of independent badge craft at DC. [dorkengine] decided to get in on the action and build his own badge for DC 25.

The design of the Puffy badges is based on a highly stylized rendering of the OpenBSD logo and mascot. Why a pufferfish with Kardashian lips? [dorkengine] has a bunch of boxes in a closet running OpenBSD, and that’s a good enough reason for us.

An electronic badge must do something, and the feature list [dorkengine] came up with included some sort of wireless connectivity, hackability, a serial console, blinkenlights, and some sort of *nix-ish OS. OpenBSD didn’t make the cut, but [dorkengine] eventually stumbled upon the VoCore2, a tiny System on Module that runs Linux, has WiFi and a few GPIOs, and is barely an inch on a side.

After getting a good deal on a large order of VoCores, [dorkengine] started on the PCB. The circuit was simple enough with just a VoCore attached to a USB port, power adapter, and a few LEDs. The Puffy rendering translated beautifully into soldermask and silkscreen, and after a prototype from ITEAD Studio, [dorkengine] had 40 PCBs that worked perfectly.

So, what is [dorkengine] going to do with a box full of Puffy badges? He’ll be selling them for $40 around the con. That’s surprisingly inexpensive for a large PCB soldered to a $17 SoC. If you want to get your grubby mitts on one, you could email him or ping him on Twitter. Of course, if you want to make your own, [dorkengine] has the KiCad files and software available, but at this point, you’re looking at a very fast turnaround for a board house.

Gyrators: The Fifth Element

July 6, 2017 by Al Williams 32 Comments

A few years ago, there was a stir about a new fundamental component called a memristor. That wasn’t the first time a new component type was theorized though. In 1948 [Bernard Tellegen] postulated the gyrator. While you can’t buy one as a component, you can build one using other components. In fact, they are very necessary for some types of design. Put simply, a gyrator is a two-terminal device that inverts the current-voltage characteristic of an electrical component. Therefore, you can use a gyrator to convert a capacitor into an inductor or vice versa.

Keep in mind, the conversion is simply the electrical properties. Normally, current leads voltage in a capacitor and lags it in an inductor, and that’s what a gyrator changes. If you use a gyrator and a capacitor to make a virtual inductor, that inductor won’t magnetically couple to another inductor, real or simulated. There’s no magnetic field to do so. You also don’t get big voltage spikes caused by back EMF, which depending on your application could be a plus or a minus. But if you need an ungainly inductor in a circuit for its phase response, a gyrator may be just the ticket.

Continue reading “Gyrators: The Fifth Element” →

Free As In Beer, Or The Story Of Windows Viruses

July 5, 2017 by Elliot Williams 211 Comments

Whenever there’s a new Windows virus out there wreaking global havoc, the Linux types get smug. “That’ll never happen in our open operating system,” they say. “There are many eyes looking over the source code.” But then there’s a Heartbleed vulnerability that keeps them humble for a little while. Anyway, at least patches are propagated faster in the Linux world, right?

While the Linuxers are holier-than-thou, the Windows folks get defensive. They say that the problem isn’t with Windows, it’s just that it’s the number one target because it’s the most popular OS. Wrong, that’d be Android for the last few years, or Linux since forever in the server space. Then they say it’s a failure to apply patches and upgrade their systems, because their users are just less savvy, but that some new update system will solve the problem.

There’s some truth to the viruses and the patching, but when WannaCry is taking over hospitals’ IT systems or the radiation monitoring network at Chernobyl, it’s not likely to be the fault of the stereotypical naive users, and any automatic patch system is only likely to help around the margins.

So why is WannaCry, and variants, hitting unpatched XP machines, managed by professionals, all over the world? Why are there still XP machines in professional environments anyway? And what does any of this have to do with free software? The answer to all of these questions can be found in the ancient root of all evil, the want of money. Linux is more secure, ironically, at least partly because it’s free as in beer, and upgrading to a newer version is simply cheaper.

Continue reading “Free As In Beer, Or The Story Of Windows Viruses” →

London Gatwick Airport Closes Runway In Alleged Drone Strike

July 4, 2017 by Jenny List 118 Comments

London is one of those cities with an identity problem when it comes to airports. There is no one London airport, instead a group of airports serve the city at various distances from it. London Gatwick is the second largest of these, and sits with its single runway in the Sussex countryside about 30 miles south of the city.

If you follow British news sources, you may have heard a little about Gatwick in the last couple of days. Its runway was closed for two short periods and a selection of flights were diverted, because of what is being reported as a drone sighting. This is an extremely serious matter, responsible multirotor owners will be painfully aware of the distance and altitude regulations surrounding flights near airports.

An oft-shared drone identification guide for airline pilots, of uncertain provenance. — An oft-shared drone identification guide for airline pilots, of uncertain provenance (phantompilots.com).

If you are familiar with the way that drone stories are reported by the mass media, you will probably not need to click on the link above to the BBC reporting to find out its tone. There is significant concern within the multirotor community that it presents a very one-sided view, and takes at face value the assertion that the sighting was a drone, when in fact there is no proof at all of that being the case. For those of us who have seen many such stories come and go it is difficult not to agree with the drone pilots, there is at best some lazy reporting in the air, and at worst some outright journalistic irresponsibility.

As Hackaday readers, you are used to writers with an in-depth knowledge of the subjects upon which they write. We don’t know all possible facets of technology and we occasionally get things wrong, but we all have very strong backgrounds in the tech, hacker, and maker industries and communities we write about. We have engineering education, we’ve worked in a wide variety of technology industries, we build our own stuff for fun, and we’ve founded and run hackspaces.

By comparison the journalists whose work you will read in the mainstream media are generalists. They will have a specific educational background and a particular set of interests, but in their work they cover whatever stories tumble off the endless conveyor belt of events. Thus when a drone story appears, they find themselves out of their normal comfort zone of politics or local news, and can not rely on their experience to inform their coverage of it. The responsible journalistic approach is to do a little research and ask the pertinent questions asking for concrete proof of drone involvement. We’re still waiting for that to happen in these allege drone encounters.

Multirotor building and flying is a significant feature of our community, and anything that brings the attention of law enforcement to the kind of work we do should be a worry to us all. Multirotors are not the only things covered by Hackaday that could be misrepresented in the same way. We’ve visited this topic before, take a look at our analysis of a series of air proximity reports blamed on drones. Some of them, you couldn’t make up.

Gatwick airport image: Andre Wadman [GFDL 1.2].

Softly To Sleep, My Raspberry Pi

July 4, 2017 by James Hobson 45 Comments

For all their capacity, shutting down a Raspberry Pi can be a bothersome routine depending on how you have it set up — historically and abrupt cut to the power risks corrupting the SD card. [madlab5] had to make a few changes to a Pi running in headless mode, requiring them to access it externally to shut it down to prevent any damage from pulling the plug. So, why not take the opportunity to whip up a soft shut-down switch?

This is a great beginner project to get one accustomed to working with a Pi. With this in mind, [madlab5] went through two revisions of this idea: the simple way, and the fun way. For the simple way just press the button and the Pi activates a script which shuts it down in thirty seconds. Job done. But, realizing there may be a few circumstances where they’d need more functionality, [madlab5] decided to take a second swing at this.

[madlab5]’s fun way involves a button with a built-in LED and a speaker to blare an announcement that the Pi will ~~self destruct~~ shut down after a short time. Setting the switch up this way takes a little more doing, but you get to add a little more character to your Pi with a custom shutdown report, as well as the option to cancel an accidental button-press.

For any newbies out there, [madlab5] is kind enough to provide their code and diagrams in their blog post. If remotes are more your thing, we have also featured a similar beginner project to shut down your Pi.

[via /r/Raspberry_Pi_Projects]