iPodRPi by production

IPod Mod Puts Pi Zero In New Bod

We sure love to see nicely designed products get a new lease on life. Just as the new Raspberry Pi Zero 2 was being announced, [production] was stuffing an original RPi Zero into an old iPod’s case.

[production] cites several previous, similar projects that showed how to interface with the click-wheel, a perfectly fitting color display from Waveshare, and open-source software called Rockbox to run on the pi. We all stand on the shoulders of giants.

iPodRPi by production interior wiring

Some nice innovations to look for are the Pi Zero’s micro-SD card and a micro-USB charging port aligned to the large slot left from the iPod’s original 40 pin connector. Having access for charging and reflashing the card without opening the case seems quite handy. There’s a nice sized battery too, though we wonder if a smaller battery and a Qi charger could fit in the same space. Check the project’s Hackaday.io for the parts list, and GitHub for the software side of things, and all the reference links you’ll need to build your own. It looks like [production] has plans to turn old iPods into Gameboy clones, you may want to check back for progress on that.

If you just want to rock like it’s 2004, there are options to just upgrade the battery and capacity but keep your vintage iPod too.

Continue reading “IPod Mod Puts Pi Zero In New Bod”

ua-parser-js compromised

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised

Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter?

In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.

For better or worse, repositories of code are now available to do even the smallest of functions so that a developer doesn’t have to write the function from scratch. One such registry is npm (Node Package Manager), who organize a collection of contributed libraries written in JavaScript. One only need to use npm to include a library in their code, and all of the functions of that code are available to the developer. One such example is ua-parser-js which is a User Agent Parser written in JavaScript. This library makes it easy for developers to find out the type of device and software being used to access a web page.

On October 22 2021, the developer of ua-parser-js found that attackers had uploaded a version of his software that contained malware for both Linux and Windows computers. The malicious versions were found to steal data (including passwords and Chrome cookies, perhaps much more) from computers or run a crypto-currency miner. This prompted GitHub to issue a Critical Severity Security Advisory.

What makes this compromise so dangerous is that ua-parser-js is considered to be part of a supply chain, and has been adopted even by Facebook for use in some of its customer facing software. The developer of ua-parser-js has already secured his GitHub account and uploaded new versions of the package that are clean. If you have any software that uses this library, make sure you’ve got the latest version!

Of course this is by no means a unique occurrence. Last month Maya Posch dug into growing issues that come from some flaws of trust in package management systems. The art for that article is a house of cards, an apt metaphor for a system that is only as stable as the security of each and every package being built upon.

Python Provides Classic Basic

Back in the late 1970s and early 1980s when you turned on a PC, more often than not, you’d get a Basic prompt. Most people would then load a game from a tape, but if you were inclined to program you could just start writing. [Richpl] wanted that same experience and thus PyBasic was born. Along with some other Github contributors, the system has grown quite a bit and would be a good start at porting classic games or creating a replica vintage computer.

The interpreter lacks specialized hardware-specific features such as sound and graphics, of course, but then again, you could add them. It does have file I/O and also includes some interesting features like an analog of C’s ternary operator.

Continue reading “Python Provides Classic Basic”

GitHub Copilot And The Unfulfilled Promises Of An Artificial Intelligence Future

In late June of 2021, GitHub launched a ‘technical preview’ of what they termed GitHub Copilot, described as an ‘AI pair programmer which helps you write better code’. Quite predictably, responses to this announcement varied from glee at the glorious arrival of our code-generating AI overlords, to dismay and predictions of doom and gloom as before long companies would be firing software developers en-masse.

As is usually the case with such controversial topics, neither of these extremes are even remotely close to the truth. In fact, the OpenAI Codex machine learning model which underlies GitHub’s Copilot is derived from OpenAI’s GPT-3 natural language model,  and features many of the same stumbles and gaffes which GTP-3 has. So if Codex and with it Copilot isn’t everything it’s cracked up to be, what is the big deal, and why show it at all?

Continue reading “GitHub Copilot And The Unfulfilled Promises Of An Artificial Intelligence Future”


NFC Who’s At The Door

An early prototype that worked on the first try, except for one LED

[RevK] wanted to learn about NFC readers, and we agree that the best way to do so is to dive in and build one yourself.

There are readers available from multiple sources, but [RevK] found them either compact but with no prototyping space or plenty of prototyping space and a large footprint. High-speed UART (HSU) was selected over I2C for communication with an ESP32 as testing showed it was just as fast and more reliable over long distances at the cost of only one additional wire.

After a few versions, the resulting PN532 based NFC reader has just enough GPIO for a doorbell and tamper switch and three status LEDs, with board files and a 3D-printed case design included in the open source project on GitHub. When looking into the project, we appreciated learning about tamper switches that can include closed or open contact status when an NFC is read, most often used in the packaging of high-value and collectible products. If you have worked with this tamper feature of NFCs, let us know about it.

Thanks for the tip, [Simon]

Surf’s Up, A Styrofoam Ball Rides The Waves To Create A Volumetric Display

We are big fans of POV displays, particularly ones that move into 3D. To do so, they need to move even faster than their 2D cousins. [danfoisy] built a volumetric display that doesn’t move LEDs or any other digital display through space, or project light onto a moving surface. All that moves here is a bead of styrofoam and does so at up to 1 meter per second. Having low mass certainly helps when trying to hit the brakes, but we’re getting ahead of ourselves.

danfoisy vdatp 3d simulation

[danfoisy] and son built an acoustic levitator kit from [PhysicsGirl] which inspired the youngster’s science fair project on sound. See the video by [PhysicsGirl] for an explanation of levitation in a standing wave. [danfoisy] happened upon a paper in the Journal Nature about a volumetric display that expanded this one-dimensional standing wave into three dimensions. The paper described using a phased array of ultrasonic transducers, each with a 40 kHz waveform.

After reading the paper and determining how to recreate the experiment, [danfoisy] built a 2D simulation and then another in 3D to validate the approach. We are impressed with the level of physics and programming on display, and that the same code carried through to the build.

[danfoisy] didn’t stop with the simulations, designing and building control boards for each 100 x 100 10 x 10 grid of transducers. Each grid is driven by 2 Intel Cyclone FPGAs and all are fed 3D shapes by a Raspberry Pi Zero W. The volume of the display is 100 mm x 100 mm x 145mm and the positioning of the foam ball is accurate down to .01 mm though currently there is considerable distortion in the positioning.

Check out the video after the break to see the process of simulating, designing, and testing the display. There are a number of tips along the way, including how to test for the polarity of the transducers and the use of a Python script to place the grids of transducers and drivers in KiCad.

danfoisy vdatp schematic  danfoisy vdatp board layout

Continue reading “Surf’s Up, A Styrofoam Ball Rides The Waves To Create A Volumetric Display”

Hackaday Links Column Banner

Hackaday Links: December 13, 2020

Our Sun is getting a bit frisky these days, and has rewarded us with perhaps the best screensaver image ever taken. The incredibly detailed photo of a sunspot was actually taken back in January by the Daniel K. Inouye Solar Telescope, a 4-meter instrument with adaptive optics that can image the sun from the near-infrared to visible wavelengths and resolve surface details down to 20 km. The photo, with a distinct “Eye of Sauron” look, shows the massive convection cells surrounding the dark sunspot; an accompanying animation shows the movement of plasmas along the tortured lines of magnetic flux that cause the sunspot to form. It’s fascinating to watch, and even more interesting to mull over the technology that went into capturing it.

With the dustup surrounding the youtube-dl DCMA takedown by GitHub fresh on the open-source community’s minds, GitHub Universe 2020 had an interesting discussion about maintaining open-source software projects that’s worth watching. They focused on the challenges that youtube-dl maintainers face in keeping the tool working, and the impact their effort has on the people and groups that rely on them. To underscore that point, they featured a researcher with Human Rights Watch who depends on youtube-dl in her work, and made it quite clear that keeping up with all the API changes that constantly break open source tools like youtube-dl make the role of the maintainers that much more critical.

Speaking of GitHub, here’s a frightening and fascinating new tool: Depix, the password de-pixelizer. Developer Sipke Mellema noticed that his company often used pixelization to obscure passwords in documentation, and wondered if he could undo the process. He wrote up an article describing the pixelization process using a linear box filter and his method for attacking it, which involves generating a De Bruijn sequence in the same font, text size, and colors as the original document and feeding a screenshot of that and the pixellated password into the tool. We suspect it’ll only work for a subset of obfuscated passwords, but it’s still pretty clever.

‘Tis the season for Advent calendars, and the folks at QEMU have posted theirs. Open each of 24 doors on the calendar and you’re rewarded with a downloadable QEMU disk image that implements something fun. Minesweeper, a ray tracer that fits into a boot loader, and of course Conway’s Game of Life. The GW-BASIC image on Day 3 caught our eye — brings back some memories.

For anyone who has ever watched a Pixar film and wondered how all that animation actually works, here’s a great lesson in making art with math. The video is by Inigo Quilez and goes through the basics of rendering images using raymarching SDFs, or signed distance functions. In the beginning, it seemed like it was going to be a little bit like drawing an owl, but his descriptions of the math involved and how each element of the animation is just another formula is fascinating. What’s more, there’s a real-time rendering tool where you can inspect the code and edit it. Alas, my changes only made things worse, but it was still fun and instructive to play with. Check out the video after the break!

Continue reading “Hackaday Links: December 13, 2020”