supply chain

18 Articles

A screenshot of the website, showing various parts from Western manufacturers

How Many Western ICs Are There In Russia’s Weapons?

June 8, 2024 by 60 Comments

Recently, the Ukrainian government has published a database of Western components being used in recently produced Russian armaments, and it’s a fascinating scroll. Just how much does Russia rely on Western manufacturers’ parts? It turns out, a surprising amount. For instance, if you are wondering which ICs are used to build Iran-produced Shahed drones, it seems that it’s a whole bunch of Texas Instruments parts, as well as some Maxim, Intel, and Xilinx ones. Many of the parts in the lists are MCUs and FPGAs, but it’s also surprising how many of the components are jelly bean parts with multiple suppliers.

There appear to be thousands of parts listings, compiled from a good few dozen pieces of equipment that volunteers appear to have taken apart and scrupulously documented – just take a look at the dropdowns at the top of the page. The Ukrainian government is advocating for parts restrictions to be implemented based upon this data – as we all remember, it’s way harder to produce hardware when you can’t buy crucial ICs.

Even for a regular hacker, this database is worth a scroll, if only to marvel at all the regular parts we wouldn’t quite associate with military use. Now, all that’s left is to see whether any of the specific chips pictured have been sold to washing machine manufacturers.

A map of the world with continents in light grey and countries outlined in dark grey. A nuber of yellow and grey circles with cartoon factories on them are connected with curved lines reminiscent of airplane flight paths. The lines have seemingly-arbitrary binary ones and zeros next to them. All of the grey factories are in the Americas, likely since IoP is currently focused on Africa and Europe.

Internet Of Production Alliance Wants You To Think Globally, Make Locally

February 29, 2024 by 19 Comments

With the proliferation of digital fabrication tools, many feel the future of manufacturing is distributed. It would certainly be welcome after the pandemic-induced supply chain kerfuffles from toilet paper to Raspberry Pis. The Internet of Production Alliance (IoP) is designing standards to smooth this transition. [via Solarpunk Presents]

IoP was founded in 2016 to build the infrastructure necessary to move toward a global supply chain based on local production of goods from a global database of designs instead of the current centralized model of production with closed designs. Some might identify this decentralization as part of the Fourth Industrial Revolution. They currently have developed two standards, Open Know-Where [PDF] and Open Know-How.

Open Know-Where is designed to help locate makerspaces, FabLabs, and other spaces with the tools and materials necessary to build a thing. The sort of data collected here is broken down in to five categories: manufacturing facility, people, location, equipment, and materials. Continue reading “Internet Of Production Alliance Wants You To Think Globally, Make Locally”

Hackaday Links Column Banner

Hackaday Links: November 13, 2022

November 13, 2022 by 6 Comments

Talk about playing on hard mode! The news this week was rife with stories about Palmer Luckey’s murder-modified VR headset, which ostensibly kills the wearer if their character dies in-game. The headset appears to have three shaped charges in the visor pointing right at the wearer’s frontal lobe, and would certainly do a dandy job of executing someone. In a blog post that we suspect was written with tongue planted firmly in cheek, Luckey, the co-founder of Oculus, describes that the interface from the helmet to the game is via optical sensors that watch the proceeding on the screen, and fire when a certain frequency of flashing red light is detected. He’s also talking about ways to prevent the removal of the headset once donned, in case someone wants to tickle the dragon’s tail and try to quickly rip off the headset as in-game death approaches. We’re pretty sure this isn’t serious, as Luckey himself suggested that it was more of an office art thing, but you never know what extremes a “three commas” net worth can push someone to.

There’s light at the end of the Raspberry Pi supply chain tunnel, as CEO Eben Upton announced that he foresees the Pi problems resolving completely by this time next year. Upton explains his position in the video embedded in the linked article, which is basically that the lingering effects of the pandemic should resolve themselves over the next few months, leading to normalization of inventory across all Pi models. That obviously has to be viewed with some skepticism; after all, nobody saw the supply chain issues coming in the first place, and there certainly could be another black swan event waiting for us that might cause a repeat performance. But it’s good to hear his optimism, as well as his vision for the future now that we’re at the ten-year anniversary of the first Pi’s release.

Continue reading “Hackaday Links: November 13, 2022”

Hackaday Links Column Banner

Hackaday Links: March 20, 2022

March 20, 2022 by 5 Comments

Well, that de-escalated quickly! It was less than a week ago that the city of Shenzhen, China was put on lockdown due to a resurgence of COVID-19 in the world’s electronics manufacturing epicenter. This obviously caused no small amount of alarm up and down the electronics supply chain, promising to once again upset manufacturers seeking everything from PCBs to components to complete electronic assemblies. But just a few days later, the Chinese government announced that the Shenzhen lockdown was over. At least partially, that is — factories and public transportation have been reopened in five of the city’s districts, with iPhone maker Foxconn, one of the bigger players in Shenzhen, given the green light to partially reopen. What does this mean for hobbyists’ ability to get cheap PCBs made quickly? That’s hard to say, at least at this point. Please feel free to share your experiences with any supply chain disruptions in the comments below.

Better news from a million miles away, as NASA announced that the James Webb Space Telescope finished the first part of its complex mirror alignment procedure. The process, which uses the complex actuators built into each of the 18 hexagonal mirror segments, slightly moves each mirror to align them all into one virtual optical surface. The result is not only the stunning “selfie” images we’ve been seeing, but also a beautiful picture of the star Webb has been focusing on as a target. The video below explains the process in some detail, along with sharing that the next step is to move the mirrors in and out, or “piston” them, so that the 18 separate wavefronts all align to send light to the instruments in perfect phase. Talk about precision!

Is a bog-standard Raspberry Pi just not tough enough for your application? Do you need to run DOOM on a  platform that can take a few g of vibration and still keep working? Sick of your Pi-based weather station breaking own when it gets a little wet or too hot? Then you’ll want to take a look at the DuraCOR Pi, a ruggedized chassis containing a Pi CM4 that’s built for extreme environments. The machine is in a tiny IP67-rated case and built to MIL-STD specs with regard to vibration, temperature, humidity, and EMI conditions. This doesn’t really seem like something aimed at the hobbyist market — it’s marketed by Curtiss-Wright Defense Solutions, a defense contractor that traces its roots all the way back to a couple of bicycle mechanics from Ohio that learned how to fly. So this Pi is probably more like something you’d spec if you were building a UAV or something like that. Still, it’s cool to know such things are out there.

BrainLubeOnline has a fun collection of X-rays. With the exception of a mouse — the other kind — everything is either electronic or mechanical, which makes for really interesting pictures. Seeing the teeth on a gear or the threads on a screw, and seeing right through the object, shows the mechanical world in a whole new light — literally.

And finally, would you buy a car that prevents you from opening the hood? Most of us probably wouldn’t, but then again, most of us probably wouldn’t buy a Mercedes EQS 580 electric sedan. Sarah from Sarah -n- Tuned on YouTube somehow got a hold of one of these babies, which she aptly describes as a “German spaceship,” and took it for a test drive, including a “full beans” acceleration test. Just after that neck-snapping ride, at about the 7:20 mark in the video below, she asks the car’s built-in assistant to open the hood, a request the car refused by saying, “The hood may only be opened by a specialist workshop.”  Sarah managed to get it open anyway, and it’s not a frunk — it’s home to one of the two motors that power the car, along with all kinds of other goodies.

Hackers Beware: Shenzhen Is Closing

March 14, 2022 by 43 Comments

If you’re among those of us with immediate plans for a PCB or parts order from China, watch out – Shenzhen just recently got put on a week-long lockdown. Factories, non-essential stores and public places are closed, and people are required to spend time at home – for a city that makes hardware thrive, this sounds like a harsh restriction. Work moves to remote where possible, but some PCB fabs and component warehouses might not be at our service for at least a week.

It might be puzzling to hear that the amount of cases resulting in closures is as low as 121, for a city of 12.6 million people. The zero-tolerance policy towards COVID has been highly effective for the city, with regular testing, adhered-to masking requirements and vaccinations – which is how we’ve been free to order any kinds of boards and components we needed throughout the past two years. In fact, 121 cases in one day is an unprecedented number for Shenzhen, and given their track record and swift reaction, it is reasonable to expect the case count dropping back to the regular (under 10 cases per day) levels soon.

Not all manufacturing facilities are located in Shenzhen, either. Despite what certain headlines might have you believe, supply chain shortages aren’t a certainty from here. A lot of the usual suspects like PCBWay and JLCPCB are merely reporting increased lead times as they reallocate resources, and while some projects are delayed for now, a lot of fabs you’d use continue operating with minor delays at most. SeeedStudio has its operations impacted more severely, and your Aliexpress orders might get shipped a bit later than usual – but don’t go around calling this a Chinese New Year v2 just yet. For those who want to keep a closer eye on the situation and numbers, the [Shenzhen Pages] Twitter account provides from-the-ground updates on the situation.

Wondering how your supply chain might be affected? We’ve talked about this way back in February 2020, addressing then-warranted worries that Chinese New Year would grow into a longer disruption than planned due to COVID becoming into a factor to manage. If you’re yet to discover the significance of Shenzhen, books have been written on this marvellous city, where you can build a successful hardware company in a week’s time. We’ve even had a meetup there once!

Header image: Charlie fong, CC BY-SA 4.0.

Hackaday Links Column Banner

Hackaday Links: October 31, 2021

October 31, 2021 by 17 Comments

Global supply chain issues are beginning to hit closer to home for the hacker community, as Raspberry Pi has announced their first-ever price increase on their flagship Pi 4. The move essentially undoes the price drop on the 2GB version of the Pi 4 that was announced in February, and sets the price back up from $35 to $45. Also rolled back is the discontinuation of the 1GB version, which will now be available at the $35 price point. The announcements come from Eben Upton himself, who insists the price increase is only temporary. We applaud his optimism, but take it with a grain of salt since he also said that 2021 production across the board will stay at the seven million-unit level, which is what they produced in 2020. That seems to speak to deeper issues within the supply chain, but more immediately, it’s likely that the supply of Pi products will be pinched enough that you’ll end up paying above sticker price just to get the boards you need. Hope everyone is stocked up.

On the topic of supply chain issues and their threat to Christmas gift-giving, here’s one product we hope is stranded in a container off Long Beach or better still, bobbing along in the Strait of Juan De Fuca: a toddler’s toy telephone that actually makes and receives calls. Anyone born in the last 60 years probably had one of the Fisher-Price Chatter telephone, a toy that in its original form looked like a desk telephone on wheels that was dragged behind the child, popping along and providing endless hours of clicky amusement as kids twisted the dial and lifted the receiver. Come to think of it, the Chatter telephone may be as close to a dial phone as anyone born since 1990 may have come. Anyway, some genius stuck a Bluetooth module into the classic phone to let it hook up to an app on an actual phone, allowing kids (or more likely their nostalgia-soaked parents) to make and receive calls. It’s actually priced at a reasonable $60, so there might be some hacking potential here.

Also tangential to supply chains, we stumbled across a video guide to buying steel that might interest readers. Anyone who has seen the displays of steel and other metals at the usual big-box retailers might wonder what the fuss is, but buying steel that way or ordering online is a great way to bust a project’s budget. Fabricator and artist Doug Boyd insists that finding a local steel supplier is the best bang for your buck, and has a bunch of helpful tips for not sounding like a casual when you’re ordering. It’s all good advice, and would have helped us from looking foolish a time or two at the metal yard; just knowing that pipe is measured by inside diameter while tubing is measured by outside dimensions is worth the price of admission alone.

With all the money you save on steel and by not buying Raspberry Pis, perhaps you’ll have a couple of hundred thousand Euros lying around to bid on this authentic 1957 Sputnik I satellite. The full-scale model of Earth’s first artificial satellite — manhole covers excluded — was a non-flown test article, but externally faithful to the flown hardware that kicked off the first Space Race. The prospectus says that it has a transmitter and a “modern power supply”; it’s not clear if the transmitter was originally part of the test article or added later. The opening bid is €85,000 and is expected to climb considerably.

And finally, there’s something fascinating about “spy radios,” especially those from the Cold War era and before, when being caught with one in your possession was probably going to turn out to be a very bad day. One such radio is the Radio Orange “Acorn” receiver, which is in the collection of the Crypto Museum. The radio was used by the Dutch government to transmit news and information into the occupied Netherlands from their exile in London. Built to pass for a jewelry box, the case for the radio was made from an old cigar box and is a marvel of 1940s miniaturization. The radio used three acorn-style vacuum tubes and was powered by mains current; another version of the Radio Orange receiver was powered by a bike dynamo or even a water-powered turbine, which could be run from a tap or garden hose. The video below shows the water-powered version in action, but the racket it made must have been problematic for its users, especially given the stakes.

Continue reading “Hackaday Links: October 31, 2021”

ua-parser-js compromised

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised

October 22, 2021 by 26 Comments

Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter?

In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.

For better or worse, repositories of code are now available to do even the smallest of functions so that a developer doesn’t have to write the function from scratch. One such registry is npm (Node Package Manager), who organize a collection of contributed libraries written in JavaScript. One only need to use npm to include a library in their code, and all of the functions of that code are available to the developer. One such example is ua-parser-js which is a User Agent Parser written in JavaScript. This library makes it easy for developers to find out the type of device and software being used to access a web page.

On October 22 2021, the developer of ua-parser-js found that attackers had uploaded a version of his software that contained malware for both Linux and Windows computers. The malicious versions were found to steal data (including passwords and Chrome cookies, perhaps much more) from computers or run a crypto-currency miner. This prompted GitHub to issue a Critical Severity Security Advisory.

What makes this compromise so dangerous is that ua-parser-js is considered to be part of a supply chain, and has been adopted even by Facebook for use in some of its customer facing software. The developer of ua-parser-js has already secured his GitHub account and uploaded new versions of the package that are clean. If you have any software that uses this library, make sure you’ve got the latest version!

Of course this is by no means a unique occurrence. Last month Maya Posch dug into growing issues that come from some flaws of trust in package management systems. The art for that article is a house of cards, an apt metaphor for a system that is only as stable as the security of each and every package being built upon.