Mechano-Robotic Flute Made From An Old Shotgun

January 1, 2017 by James Hobson 35 Comments

If you take an object and turn it into something else, does that constitute a hack? Can a musical robot call to question the ethics of firearms exports? If you take a disabled shotgun and turn it into a flute, does it become an art piece? Deep questions indeed — and deliberately posed by [Constantine Zlatev] along with his collaborators [Kostadin Ilov] and [Velina Ruseva].

The Last Gun — a mechano-robotic flute, as [Zlatev] calls it — is built from recovered industrial parts, played using compressed air, and controlled by an Arduino and Raspberry Pi. After graphing the annual arms exports from the United States, the installation plays a mournful tune for each year that they rise, and a jubilant theme for each year they fall.

Continue reading “Mechano-Robotic Flute Made From An Old Shotgun” →

2016: As The Hardware World Turns

December 30, 2016 by Brian Benchoff 23 Comments

Soon, the ball will drop in Times Square, someone will realize you can turn ‘2018’ into a pair of novelty sunglasses, and the forgotten mumbled lyrics of Auld Lang Syne will echo through New Year’s Eve parties. It’s time once again to recount the last 366 days, and what a year it’s been.

Arduino got into an argument with Arduino and Arduino won. We got new Raspberry Pis. Video cards are finally getting to the point where VR is practical. The FCC inadvertently killed security in home routers before fixing the problem. All of this is small potatoes and really doesn’t capture the essence of 2016. It’s been a weird year.

Want proof 2016 was different? This year, Microsoft announced they would provide a Linux ‘shim’ with every version of Windows. By definition, 2016 was the year of the Linux desktop. That’s how weird things have been in 2016.

Continue reading “2016: As The Hardware World Turns” →

NES Classic Edition – Controller Mod

December 29, 2016 by Lewin Day 12 Comments

The Nintendo Classic Mini took the world by storm this year — finally, an NES in a cute, tiny package that isn’t 3D printed and running off a Raspberry Pi! It’s resoundingly popular and the nostalgic set are loving it. But what do you do when you’re two hours deep into a hardcore Metroid session and you realize you need to reboot and reload. Get off the couch? Never!

[gyromatical] had already bought an Emio Edge gamepad for his NES Mini. A little poking around inside revealed some unused pads on the PCB. Further investigation revealed that one pad can be used to wire up a reset button, and two others can be used to create a home switch. Combine this with the turbo features already present on the Emio Edge, and you’ve got a pretty solid upgrade over the stock NES Mini pad. Oftentimes, there’s extra functionality lurking inside products that manufacturers have left inactive for the sake of saving a few dollars on switches & connectors. It’s always worth taking a look inside.

Now, back in 2006, the coolest hack was running Linux on everything — and somebody’s already trying to get Linux on the NES Mini.

Continue reading “NES Classic Edition – Controller Mod” →

Little Bobby Tables Just Registered A Company…

December 29, 2016 by Jenny List 33 Comments

Sometimes along comes a tech story that diverges from our usual hardware subject matter yet which just begs to be shared with you because we think you will find it interesting and entertaining.

XKCD 327, Exploits of a Mom (CC BY-NC 2.5).

You will no doubt be familiar with the XKCD cartoon number 327, entitled “Exploits of a Mom”, but familiarly referred to as “[Bobby Tables]”. In it a teacher is ringing the mother of little [Robert’); DROP TABLE Students; –], whose name has caused the loss of a year’s student records due to a badly sanitized database input. We’ve all raised a chuckle at it, and the joke has appeared in other places such as an improbably long car license plate designed to erase speeding tickets.

It's nice to see that Companies House sanitise their database inputs. — It’s nice to see that Companies House sanitise their database inputs.

Today we have a new twist on the Bobby Tables gag, for someone has registered a British company with the name “; DROP TABLE “COMPANIES”;– LTD“. Amusingly the people at Companies House have allowed the registration to proceed, so either they get the joke too or they are unaware of the nuances of a basic SQL exploit. It’s likely that if this name leaves Her Majesty’s civil servants with egg on their faces it’ll be swiftly withdrawn, so if that turns out to be the case then at least we’ve preserved it with a screenshot.

Of course, the chances of such a simple and well-known exploit having any effect is minimal. There will always be poor software out there somewhere that contains badly sanitized inputs, but we would hope that a vulnerability more suited to 1996 would be vanishingly rare in 2016.

If by some chance you haven’t encountered it before we’d recommend you read about database input sanitization, someday it may save you from an embarrassing bit of code. Meanwhile we salute the owner and creator of this new company for giving us a laugh, and wish them every success in their venture.

Improving Raspberry Pi Disk Performance

December 29, 2016 by Al Williams 31 Comments

Usually, you think of solid state storage as faster than a rotating hard drive. However, in the case of the Raspberry Pi, the solid state “disk drive” is a memory card that uses a serial interface. So while a 7200 RPM SATA drive might get speeds in excess of 100MB/s, the Pi’s performance is significantly less.

[Rusher] uses the Gluster distributed file system and Docker on his Raspberry Pi. He measured write performance to be a sluggish 1MB/s (and the root file system was clocking in at just over 40MB/s).

There are an endless number of settings you could tweak, but [Rusher] heuristically picked a few he thought would have an impact. After some experimentation, he managed 5MB/s on Gluster and increased the normal file system to 46 MB/s.

Continue reading “Improving Raspberry Pi Disk Performance” →

Police Want Alexa Data; People Begin To Realize It’s Listening

December 28, 2016 by Mike Szczys 143 Comments

It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

What isn’t being discussed here is more of concern to me. How many of you have a piece of tape over your webcam right now? Why did you do that? It’s because we know there are compromised systems that allow attackers to turn on the camera remotely. Don’t we have to assume that this will eventually happen with the Echo as well? Police warrants likely to affect far less users than account breaches like the massive ones we’ve seen with password data.

All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat. If you could design malware to trigger on the word “Visa” you can probably catch a user giving their credit card number over the phone. This is, of course, a big step beyond the data already stored from normal use of the system.

It’s not surprising that Amazon would be served a warrant for this data. You would expect phone records (although not recordings of the calls) to be reviewed in any murder case. Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.

What’s newsworthy here is that people who don’t normally think about device security are now wondering what their voice-controlled tech actually hears them say. And this is a step in the right direction.

Extracting Sounds With Acid And UV

December 27, 2016 by Brian Benchoff 46 Comments

Toaplan was a Japanese video game developer in the 80s and early 90s, most famous for Zero Wing, the source of the ancient ‘All Your Base’ meme. Memeology has come a long way since the Something Awful forums and a pre-Google Internet, but MAME hasn’t. Despite the completionist nature of MAME aficionados, there are still four Toaplan games with no sound in the current version of MAME.

The sound files for these games is something of a holy grail for connoisseurs of old arcade games, and efforts to extract these sounds have been fruitless for three decades. Now, finally, these sounds have been released with the help of sulfuric acid and microscopes.

The sounds for Fire Shark, Vimana, Teki Paki, and Ghox were stored on their respective arcade boards inside the ROM for a microcontroller, separate from the actual game ROM. Since the fuse bits of this microcontroller were set, the only way to extract the data was decapsulation. This messy and precise work was done by CAPS0ff, who melted away the epoxy coating of the chip, revealing the microcontroller core.

Even without a microscope, the quarry of this hunt was plainly visible, but there was still no way to read out the data. The built-in read prevention bit was set, and the only way to clear that was to un-set a fuse. This was done by masking everything on the chip except the suspected fuse, putting it under UV, and checking if the fuse switched itself to an unburnt state.

The data extraction worked, and now the MAME project has the sound data for games that would have otherwise been forgotten to time. A great success, even if the games are generic top-down shooters.