More Suspension Than Necessary

The triangular frame of a traditional mountain bike needs to be the most rigid structure, and a triangle can be a very sturdy shape. So [Colin Furze] throws a spanner in the works, or, in this case, a bunch of springs. The video is below the break, but please try to imagine you are at a party, eyeballing some delicious salsa, yet instead of a tortilla chip, someone hands you a slab of gelatin dessert. The bike is kind of like that.

Anyone who has purchased springs knows there are a lot of options and terminology, such as Newton meters of force, extension, compression, and buckling. There is a learning curve to springs so a simple statement, for example “I want to make a bicycle of springs,” doesn’t have any easy answers. It is a lot like saying, “I want to make a microprocessor out of transistors“. This project starts with springs roughly the diameter of the old bike tubes, and it is a colossal failure. Try using cooked spaghetti noodles to make a bridge.

The first set of custom springs are not up to the task, but the third round produces something rideable. The result seems to be a ridiculous way to exercise your abs and is approximately a training unicycle mated with a boat anchor.

What makes this a hack? The video is as entertaining as anything [Colin] has made, but that does not make it a hack by itself. The hack is that someone asked a ridiculous question, possibly within reach of alcohol, and the answer came by building the stupid thing. A spring-bicycle could have been simulated six ways from Sunday on an old Android phone, but the adventure extracted was worth the cost of doing it in real life.

Continue reading “More Suspension Than Necessary”

Fail of the Week: Careful Case Mod is all for Naught

Today’s entry comes to us from [Robert Tomsons], who was kind enough to document this crushing tale of woe so that we might all learn what true heartbreak is. If you’ve ever toiled away at getting that perfect surface finish with body filler, this one is going to hurt. In fact, you might just want to hit that “Back” button and head to safety now. There’s probably a pleasant story about some 3D printed thing being used with a Raspberry Pi of some sort that you can read instead.

For those of you brave enough to continue on, today we’ll be looking at what [Robert] thought would be a simple enough project. Seeing the board from a USB 3.0 external hard drive kicking around his parts bin, he had a rather unusual idea. Wanting to add an extra drive to his computer, but liking the idea of being able to independently control its power, he decided to integrate the external drive into machine’s front panel. This would not only allow him to power off the secondary drive when not in use, but it meant he could just plug his laptop into the front panel if he wanted to pull files off of it.

All [Robert] needed to do was make it look nice. He carefully squared off the edges of the external drive’s back panel to roughly the size of the computer’s 3.5 inch drive bay opening. He then glued the piece in place, and began the arduous task of using body filler to smooth everything out. It’s a dance that many a Hackaday reader will know all too well: filler, sand, primer, sand, filler, sand, primer, sand, so on and so on. In the end, the final result looked perfect; you’d never have thought the front panel wasn’t stock.

It should have been so easy. Just snap the case back together and be done with it. But when [Robert] finally got the machine buttoned back up and looked at the front, well, it’s safe to say his day couldn’t get much worse. Maybe the glue was not up to the task. Perhaps it was how excited he was to get the case put back together; a momentary loss of muscular coordination. A few extra foot-pounds of energy per second, per second. Who can say?

[Robert] says he’ll return to the project, but for now he needs a break. We agree. Interestingly, he mentions in his post that his body filler work was inspired by [Eric Strebel], a name that is well known around these parts. Considering how good it looked before it exploded, we’ll consider that high praise.

Ask Hackaday: Why Did Modular Smart Phones Fail?

Remember all the talk about modular smart phones? They sounded amazing! instead of upgrading your phone you would just upgrade the parts a bit like a computer but more simplistic. Well it seems modular phones are dead (video, embedded below) even after a lot of major phone manufacturers were jumping on the bandwagon. Even Google got on-board with Google Ara which was subsequently cancelled. LG released the G5 but it didn’t fare too well. The Moto Z from Motorola seemed to suffer from the same lack of interest. The buzz was there when the concept of these modular phones was announced, and people were genuinely exited about the possibilities. What went wrong?

For a start people expect their phones to have everything on board already, whether it be cameras, GPS, WiFi, high-capacity batteries or high-resolution screens. Consumers expect these things to come as standard. Why would they go out and buy a module when other phones on the market already have these things?

Sure you could get some weird and wonderful modules like extra loud speakers or perhaps a projector, but the demand for these items was small. And because these extras are already available as separate accessories not locked down to one device, it was a non starter from the beginning.

When we did our user studies. What we found is that most users don’t care about modularizing the core functions. They expect them all to be there, to always work and to be consistent. — Lead engineer Project Ara

The hackability of these phones would have been interesting to say the least, had they come to the mainstream. It just seems the public want thin sleek aluminum phones that they treat more as a status symbol than anything else. Modular phones have to be more bulky to accommodate the power/data rails and magnets for the modules, so they’ll lose out in pocketability. Still, we hope the idea is revisited in the future and not left on the scrap-heap of obsolescence.

Would you buy a modular smart phone? Even if it is bigger or more expensive? Is that really why they failed?
Continue reading “Ask Hackaday: Why Did Modular Smart Phones Fail?”

Half Baked IoT Stove Could Be Used As A Remote Controlled Arson Device

[Pen Test Partners] have found some really scary vulnerabilities in AGA range cookers. They are connected by SMS by which a mobile app sends an unauthenticated SMS to the AGA to give it commands for instance preheat the oven, You can also just tell your AGA to turn everything on at once.

The problem is with the web interface; it allows an attacker to check if a user’s cell phone is already registered, allowing for a slow but effective enumeration attack. Once the attacker finds a registered device, all they need to do is send an SMS, as messages are not authenticated by the cooker, neither is the SIM card set up to send the messages validated when registered.

This is quite disturbing, What if someone left a tea towel on the hob or some other flammable material before leaving for work, only to come back to a pile of ashes?  This is a six-gazillion BTU stove and oven, after all. It just seems the more connected we are in this digital age the more we end up vulnerable to attacks, companies seem too busy trying to push their products out the door to do simple security checks.

Before disclosing the vulnerability, [Pen Test Partners] tried to contact AGA through Twitter and ended up being blocked. They phoned around trying to get in contact with someone who even knew what IoT or security meant. This took some time but finally they managed to get through to someone from the technical support. Hopefully AGA will roll out some updates soon. The company’s reluctance to do something about this security issue does highlight how sometimes disclosure may not be enough.

[Via Pen Test Partners]

IOT Startup Bricks Customers Garage Door Intentionally

Internet of Things startup Garadget remotely bricked an unhappy customer’s WiFi garage door for giving a bad Amazon review and being rude to company reps. Garadget device owner [Robert Martin] found out the hard way how quickly the device can turn a door into a wall. After leaving a negative Amazon review, and starting a thread on Garadget’s support forum complaining the device didn’t work with his iPhone, Martin was banned from the forum until December 27, 2019 for his choice of words and was told his comments and bad Amazon review had convinced Garadget staff to ban his device from their servers.

The response was not what you would expect a community-funded startup. “Technically there is no bricking, though,” the rep replied. “No changes are made to the hardware or the firmware of the device, just denied use of company servers.” Tell that to [Robert] who can’t get into his garage.

This caused some discontent amoung other customers wondering if it was just a matter of time before more paying customers are subjected to this outlandish treatment. The Register asked Garadget’s founder [Denis Grisak] about the situation, his response is quoted below.

 It was a Bad PR Move, Martin has now had his server connection restored, and the IOT upstart has posted a public statement on the matter.– Garadget

This whole debacle brings us to the conclusion that the IoT boom has a lot of issues ahead that need to be straightened out especially when it comes to ethics and security. It’s bad enough to have to deal with the vagaries of IoT Security and companies who shut down their products because they’re just not making enough money. Now we have to worry about using “cloud” services because the people who own the little fluffy computers could just be jerks.

Gigabytes the Dust with UEFI Vulnerabilities

At this year’s BlackHat Asia security conference, researchers from Cylance disclosed two potentially fatal flaws in the UEFI firmware of Gigabyte BRIX small computers which allow a would-be attacker unfettered low-level access to the computer.

Gigabyte has been working on a fix since the start of 2017. Gigabyte are preparing to release firmware updates as a matter of urgency to only one of the affected models — GB-BSi7H-6500 (firmware vF6), while leaving the — GB-BXi7-5775 (firmware vF2) unpatched as it has reached it’s end of life. We understand that support can’t last forever, but if you sell products with such a big fault from the factory, it might be worth it to fix the problem and keep your reputation.

The two vulnerabilities that have been discovered seem like a massive oversight from Gigabyte, They didn’t enable write protection for their UEFI (CVE-2017-3197), and seem to have thrown cryptography out of the window when it comes to signing their UEFI files (CVE-2017-3198). The latter vulnerability is partly due to not verifying a checksum or using HTTPS in the firmware update process, instead using its insecure sibling HTTP. CERT has issued an official vulnerability note (VU#507496) for both flaws.

Attackers may exploit the vulnerabilities to execute unsigned code in System Management Mode (SMM), planting whatever malware they like into the low level workings of the computer. Cylance explain a possible scenario as follows:

The attacker gains user-mode execution through an application vulnerability such as a browser exploit or a malicious Word document with an embedded script. From there, the attacker elevates his privileges by exploiting the kernel or a kernel module such as Capcom.sys to execute code in ring 0. A vulnerable SMI handler allows the attacker to execute code in SMM mode (ring -2) where he finally can bypass any write protection mechanisms and install a backdoor into the system’s firmware.

With all this said, it does raise some interesting opportunities for the hacker community. We wonder if anyone will come up with a custom UEFI for the Brix since Gigabyte left the keys in the door.

Fail of the Week: NASA Edition

There’s a reason we often use the phrase “It ain’t Rocket Science”. Because real rocket science IS difficult. It is dangerous and complicated, and a lot of things can and do go wrong, often with disastrous consequences. It is imperative that the lessons learned from past failures must be documented and disseminated to prevent future mishaps. This is much easier said than done. There’s a large number of agencies and laboratories working on multiple projects over long periods of time. Which is why NASA has set up NASA Lessons Learned — a central, online database of issues documented by contributors from within NASA as well as other organizations.

The system is managed by a steering committee consisting of members from all NASA centers. Public access is limited to a summary of the original driving event, lessons learned and recommendations. But even this information can be quite useful for common folks. For example, this lesson on Guidance for NASA Selection & Application of DC-DC Converters contains several bits of useful wisdom. Or this one about IC’s being damaged due to capacitor residual discharge during assembly. If you ever need to add a conformal coating to your hardware, check how Glass Cased Components Fractured as a Result of Shrinkage in Coating/Bonding Materials Applied in Excessive Amounts. Finally, something we have all experienced when working with polarized components — Reverse Polarity Concerns With Tantalum Capacitors. Here is a more specific Technical Note on polarized capacitors (pdf): Preventing Incorrect Installation of Polarized Capacitors.

Unfortunately, all of this body of past knowledge is sometimes still not enough to prevent problems. Case in point is a recently discovered issue on the ISS — a completely avoidable power supply mistake. Science payloads attach to the ISS via holders called the ExPRESS logistics carriers. These provide mechanical anchoring, electrical power and data links. Inside the carriers, the power supply meant to supply 28V to the payloads was found to have a few capacitors mounted the other way around. This has forced the payloads to use the 120V supply instead, requiring them to have an additional 120V to 28V converter retrofit. This means modifying the existing hardware and factoring in additional weight, volume, heat, cost and other issues when adding the extra converter. If you’d like to dig into the details, check out this article about NASA’s power supply fail.

Thanks to [Jarek] for tipping us about this.