Well, this is it. The end of the decade. In a few days the 2010s will be behind us, and a lot of very smug people will start making jokes on social media about how we’re back in the “Roaring 20s” again. Only this time around there’s a lot more plastic, and drastically less bathtub gin. It’s still unclear as to how much jazz will be involved.
Around this time we always say the same thing, but once again it bears repeating: it’s been a fantastic year for Hackaday. Of course, we had our usual honor of featuring literally thousands of incredible creations from the hacking and making community. But beyond that, we also bore witness to some fascinating tech trends, moments that could legitimately be called historic, and a fair number of blunders which won’t soon be forgotten. In fact, this year we’ve covered a wider breadth of topics than ever before, and judging by the record setting numbers we’ve seen in response, it seems you’ve been just as excited to read it as we were to write it.
To close out the year, let’s take a look at a few of the most popular and interesting stories of 2019. It’s been a wild ride, and we can’t wait to do it all over again in 2020.
Continue reading “2019: As The Hardware World Turns”
Programming is a valuable skill, though one that can be daunting to learn. Throw hardware in the mix, and things ratchet up another level again. However, there are many projects that have sought to reduce the level of difficulty for newcomers. HeyTeddy is a new project that allows users to program an Arduino with voice commands, and the help of on-screen tutorials.
It’s a system that initially sounds cumbersome, but through smart design, is actually quite streamlined. Users can talk to the system, which uses an Amazon Alexa device for natural language voice recognition. This enables HeyTeddy to respond to questions like “how do I use a flex sensor?” as well as direct commands, such as “Set pin 10 to 250”.
The demo video does a great job of demonstrating the system. While the system is not suited to professional development tasks, its has value as an educational tool for beginners. The system is able to guide users through both hardware setup on a breadboard, as well as guide them through tests when things don’t work. Once their experience level builds, code can be exported to the Arduino IDE for direct editing.
It’s a great tool that has plenty of promise to bring many more users into the hardware hacking fold. It’s out of the workshop of [MAKInteract], whose work we’ve seen before. Video after the break.
Continue reading “Programming Arduinos With Voice Commands”
Now that November of 2019 has passed, it’s a shame that some of the predictions made in Blade Runner for this future haven’t yet come true. Oh sure, 109 million people living in Los Angeles would be fun and all, but until we get our flying cars, we’ll just have to console ourselves with the ability to “Enhance!” photographs. While the new service, AI Image Enlarger, can’t tease out three-dimensional information, the app is intended to sharpen enlargements of low-resolution images, improving the focus and bringing up details in the darker parts of the image. The marketing material claims that the app uses machine learning, and is looking for volunteers to upload high-resolution images to improve its training set.
We’ve been on a bit of a nano-satellite bender around here lately, with last week’s Hack Chat discussing simulators for CubeSats, and next week’s focusing on open-source thrusters for PocketQube satellites. So we appreciated the timing of a video announcing the launch of the first public LoRa relay satellite. The PocketCube-format satellite, dubbed FossaSat-1, went for a ride to space along with six other small payloads on a Rocket Lab Electron rocket launched from New Zealand. Andreas Spiess has a short video preview of the FossaSat-1 mission, which was designed to test the capabilities of a space-based IoT link that almost anyone can access with cheap and readily available parts; a ground station should only cost a couple of bucks, but you will need an amateur radio license to uplink.
We know GitHub has become the de facto standard for source control and has morphed into a collaboration and project management platform used by everybody who’s anybody in the hacking community. But have you ever wished for a collaboration platform that was a little more in tune with the needs of hardware designers? Then InventHub might be of interest to you. Currently in a limited beta – we tried to sign up for the early access program but seem to have been put on a waiting list – it seems like this will be a platform that brings versioning directly to the ECAD package of your choice. Through plugins to KiCad, Eagle, and all the major ECAD players you’ll be able to collaborate with other designers and see their changes marked up on the schematic — sort of a visual diff. It seems interesting, and we’ll be keeping an eye on developments.
Amazon is now offering a stripped-down version of their Echo smart speaker called Input, which teams up with speakers that you already own to satisfy all your privacy invasion needs on the super cheap — only $10. At that price, it’s hard to resist buying one just to pop it open, which is what Brian Dorey did with his. The teardown is pretty standard, and the innards are pretty much what you’d expect from a modern piece of surveillance apparatus, but the neat trick here involved the flash memory chip on the main board. Brian accidentally overheated it while trying to free up the metal shield over it, and the BGA chip came loose. So naturally, he looked up the pinout and soldered it to a micro-SD card adapter with fine magnet wire. He was able to slip it into a USB SD card reader and see the whole file system for the Input. It was a nice hack, and a good teardown.
The current state of virtual personal assistants — Alexa, Cortana, Google, and Siri — leaves something to be desired. The speech recognition is mostly pretty good. However, customization options are very limited. Beyond that, many people are worried about the privacy of their data when using one of these assistants. Stanford Open Virtual Assistant Lab has rolled out Almond, which is open and is reported to have better privacy features.
Like most other virtual assistants, Almond has skills that determine what it can do. You can use Almond in a browser, on a Google phone, or as a command line application. It all lives on GitHub, so if you don’t like something you are free to fix it.
Continue reading “Almond: Open Personal Assistant From Stanford”
Smart speakers have proliferated since their initial launch earlier this decade. The devices combine voice recognition and assistant functionality with a foreboding sense that paying corporations for the privilege of having your conversations eavesdropped upon could come back to bite one day. For this reason, [Yihui] is attempting to build an open-source smart speaker from scratch.
The initial prototype uses a Raspberry Pi 3B and a ReSpeaker microphone array. In order to try and bring costs down, development plans include replacing these components with a custom microphone array PCB and a NanoPi board, then implementing basic touch controls to help interface with the device.
There’s already been great progress, with the build showing off some nifty features. Particularly impressive is the ability to send WiFi settings to the device using sound, along with the implementation of both online and offline speech recognition capabilities. This is useful if your internet goes down but you still want your digital pal to turn out the lights at bed time.
It’s not the first time we’ve seen a privacy-focused virtual assistant, and we hope it’s not the last. Video after the break.
Continue reading “Building A Smart Speaker From Scratch”
Let’s get caught up on computer security news! The big news is Shadowhammer — The Asus Live Update Utility prompted users to download an update that lacked any description or changelog. People thought it was odd, but the update was properly signed by Asus, and antivirus scans reported it as safe.
Nearly a year later, Kaspersky Labs announced they had confirmed this strange update was indeed a supply chain attack — one that attacks a target by way of another vendor. Another recent example is the backdoor added to CCleaner, when an unknown actor compromised the build system for CCleaner and used that backdoor to target other companies who were using CCleaner. Interestingly, the backdoor in CCleaner has some similarities to the backdoor in the Asus updater. Combined with the knowledge that Asus was one of the companies targeted by this earlier breach, the researchers at Kaspersky Lab suggest that the CCleaner attack might have been the avenue by which Asus was compromised.
Shadowhammer sits quietly on the vast majority of machines it infects. It’s specifically targeted at a pool of about 600 machines, identified by their network card’s MAC address. We’ve not seen any reporting yet on who was on the target list, but Kaspersky is hosting a service to check whether your MAC is on the list.
While we’re still waiting for the full technical paper, researchers gave a nearly 30 minute presentation about Shadowhammer, embedded below the break along with news about Dragonblood, Amazon listening to your conversations, and the NSA delivering on Ghidra source code. See you after the jump!
Continue reading “Shadowhammer, WPA3, And Alexa Is Listening: This Week In Computer Security”
Amazon’s Dash Buttons are useful little devices, that let you automatically order a wide variety of common household goods at the press of a button. They’re cheap and wireless and readily available, and that makes them ripe for hacking. In just this vein, [Inbar] and [Ezra] found a way to make the Dash buttons update their to-do list.
[Inbar] uses Any.do to manage his to-do list. There’s no public API, but the service can be configured to respond to Alexa commands. Naturally, this meant that if a Dash Button could be configured to trigger a voice command, Alexa would then make the necessary additions to the list.
This was achieved with lashings of Python, a Raspberry Pi, and Apple’s text-to-speech engine. The Raspberry Pi is set up as a wireless hotspot, to which the Dash Buttons are connected. When the button is pressed, a DHCP request goes out as the button tries to phone home. By scraping the MAC address from this request, the Raspberry Pi can identify which button has been pressed, and then plays a recorded voice sample of Apple’s Samantha voice. This voice was specifically chosen to be the one most reliably understood by Alexa, which is responsible for parsing the voice command and updating the list on Any.do.
It’s a cheeky hack that doesn’t bother itself with the nitty-gritty of interfacing with various services and tools. Instead, it laces up a bunch of easy-to-use software and hardware, and gets the job done just as well.
As we’ve seen, Amazon’s Dash Button has been thoroughly pwned. Video after the break. Continue reading “Making A Dash Button Update Your To-do List”