Alexa Controls This Projector Thanks to ESP8266

[jfessard] doesn’t have extra-sensory perception, but does have an ESP8266. The little board seems to pop up in every hack these days. Inspired by not wanting to get up from the bean-bag chair or leave the electronics-housing cabinet wide open to use an HDMI switcher, [jfessard] hacked together an Alexa-compatible projector control via the ESP8266!

The core functionality here is the ability to turn the projector on and off, and to switch the HDMI source. [jfessard] connected the Panasonic PT-AE3000U projector to a Monoprice HDX-401TA 4×1 HDMI switcher. Tucked away in the cabinet below the projector, it is controlled using a IR LED transmitter breakout board sitting at the end of a fairly long set of jumper wire. The projector control itself is through a RS232 interface.

To make this easy to use with Amazon’s Alexa, [jfessard] turned to some libraries for the ESP8266 D1 Mini. The fauxmoesp library makes it look like a WeMo device, and the IRemoteESP8266 library made remote control code cloning a snap. One really frustrating part of this hack was the MAX232-style breakout board; getting a board to work when it’s labelled backwards takes a bit of head-scratching to figure out.

If the the projector ever gets too noisy, we suggest this hack that shushes the machine. For the moment, we’d rather take another look at this laser projector that mimics a cool ‘laser sky’ effect.

Meltdown Code Proves Concept

If you’ve read about Meltdown, you might have thought, “how likely is that to actually happen?” You can more easily judge for yourself by looking at the code available on GitHub. The Linux software is just proof of concept, but it both shows what could happen and — in a way — illustrates some of the difficulties in making this work. There are also two videos in the repository that show spying on password input and dumping physical memory.

The interesting thing is that there are a lot of things that will stop the demos from working. For example a slow CPU, a CPU without out-of-order execution, or an imprecise high-resolution timer. This is apparently especially problematic in virtual machines.

Continue reading “Meltdown Code Proves Concept”

Turn Command Lines into Web Apps

Even if you like using a graphical user interface, you can probably agree that writing a graphical program is usually harder than writing an old-fashioned text-based program. Putting that GUI into an online format means even more to think about. [Adam Kewley] has the answer to that problem: Jobson. As you can see in the video below, the program is a web server that runs command line programs as jobs.

Simply write a YAML file to describe the program’s inputs and outputs and Jobson will create input fields for arguments and display the output in a web page. Any files the program creates are available to download. Basically any command line program can be quickly and easily pulled into one web interface to rule them.

If a program takes a long time to run, Jobson will let you switch away and then later resume looking at the output. You can also abort a job or look at the arguments it received. Jobson can also authenticate users with several different methods to prevent just anyone from executing jobs.

If you really want to write a graphical program, try QTCreator. Or, you can get a shell in a web browser if you want to go that route. But this is the smoothest method we’ve seen for gathering command line programs into one place for monitoring and control. Neat!

Continue reading “Turn Command Lines into Web Apps”

Ad Hoc MIDI to Music Box Project Shows Power of Hacker Community

Fair warning: when you post a video of you doing an incredibly tedious process like manually punching holes in a paper tape to transfer a MIDI file to a music box, don’t be surprised when a bunch of hackers automates the process in less than a week.

The back story on this should be familiar to even casual Hackaday readers. [Martin] from the Swedish group “Wintergatan” is a prolific maker of unusual musical instruments. You’ll no doubt recall his magnificent marble music machine, a second version of which is currently in the works. But he’s also got a thing for music boxes that are programmed by paper tape, and recently posted a video showing his time-consuming and totally manual process for punching the holes in the tape. Since his source material was already in a MIDI file, a bunch of his fans independently came up with ways to automate the process.

The video below shows what he learned from his fans about automating his programming, but also what he learned about the community we all work and play in. Without specifically asking for help, random strangers brought together by common interests identified the problems, came up with solutions, sorted through the good and the bad ideas, and made the work publically available. Not bad for less than a week’s work.

Continue reading “Ad Hoc MIDI to Music Box Project Shows Power of Hacker Community”

File Format Posters

It’s not uncommon for hackers to have a particular delectation for unusual interior decoration. Maybe it’s a Nixie tube clock, or a vacuum fluorescent display reading out the latest tweets from a favorite chatbot. If this sounds like your living room already, perhaps you’d like some of these file format posters to adorn your walls.

The collection of images includes all kinds of formats — GIF, ZIP and WAV are all represented, but it even gets into some real esoterica — DOLphin format executables are here if you’re a total GameCube fanatic. Each poster breaks down the format into parts, such as the header, metadata and descriptor sections, and come in a variety of formats themselves — most available in SVG, PDF and PNG.

If we’re totally honest, these aren’t all designed for hanging on your wall as-is — we’d consider putting some work into to optimize the color palettes and layouts before putting these to print. But regardless, they’re an excellent visual representation of data structures that you might find particularly useful if you need to do some reverse engineering down the track.

If you still have wall space available after seeing this, here’s the electronic reference poster that should fill it.

[Thanks to JD for the tip!]

Grant Anyone Temporary Permissions to Your Computer with SSH

This is a super cute hack for you Linux users out there. If you have played around with SSH, you know it’s the most amazing thing since sliced bread. For tunneling in, tunneling out, or even just to open up a shell safely, it’s the bees knees. If you work on multiple computers, do you know about ssh-copy-id? We had been using SSH for years before stumbling on that winner.

Anyway, [Felipe Lavratti]’s ssh-allow-friend script is simplicity itself, but the feature it adds is easily worth the cost of admission. All it does is look up your friend’s public key (at the moment only from GitHub) and add it temporarily to your authorized_keys file. When you hit ctrl-C to quit the script, it removes the keys. As long as your friend has the secret key that corresponds to the public key, he or she will be able to log in as your user account.

Continue reading “Grant Anyone Temporary Permissions to Your Computer with SSH”

TruffleHog Sniffs Github for Secret Keys

Secret keys are quite literally the key to security in software development. If a malicious actor gains access to the keys securing your data, you’re toast. The problem is, to use keys, you’ve got to write them down somewhere – oftentimes in the source code itself. TruffleHog has come along to sniff out those secret keys in your Github repository.

It’s an ingenious trick — a Python script goes through the commit history of a repository, looking at every string of text greater than 20 characters, and analyzing its Shannon entropy. This is a mathematical way of determining if it looks like a relatively random string of numbers and letters. If it has high entropy, it’s probably a key of some sort.

Sharing source code is always a double-edged sword for security. Any flaws are out for all to see, and there are both those who will exploit the flaws and those who will help fix them. It’s a matter of opinion if the benefits outweigh the gains, but it’s hard to argue with the labor benefits of getting more eyes on the code to hunt for bugs. It’s our guess though, that a lot of readers have accidentally committed secret keys in a git repository and had to revert before pushing. This tool can crawl any publicly posted git repo, but might be just as useful in security audits of your own codebase to ensure accidentally viewable keys are invalidated and replaced.

For a real world example of stolen secret keys, read up on this HDMI breakout that sniffs HDCP keys.