Hackaday Podcast 036: Camera Rig Makes CNC Jealous, Become Your Own Time Transmitter, Pi HiFi With 80s Vibe, DJ Xiaomi

Hackaday Editors Elliot Williams and Mike Szczys work their way through a fantastic week of hacks. From a rideable tank tread to spoofing radio time servers and from tune-playing vacuum cleaners to an epic camera motion control system, there’s a lot to get caught up on. Plus, Elliot describes frequency counting while Mike’s head spins, and we geek out on satellite optics, transistor-based Pong, and Jonathan Bennett’s weekly security articles.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 036: Camera Rig Makes CNC Jealous, Become Your Own Time Transmitter, Pi HiFi With 80s Vibe, DJ Xiaomi”

DJ Xiaomi Spins Beats And Brushes At The Same Time

Direct from the “Just Because I Can” department, this blog post by [Eddie Zhang] shows us how easy it is to get the Xiaomi robotic vacuum cleaner working as what might be the world’s most unnecessary Spotify Connect speaker. Will your home be the next to play host to an impromptu performance by DJ Xiaomi? Judging by the audio quality demonstrated in the video after the break, we doubt it. But this trick does give us a fascinating look at the current state of vacuum hacking.

For the first phase of this hack, [Eddie] makes use of Dustcloud, an ongoing project to document and reverse engineer various Xiaomi smart home gadgets. Using the information provided there you can get root-level SSH access to your vacuum cleaner and install your own software. There’s a sentence you never thought you’d read, right?

With the vacuum rooted, [Eddie] then installs a Spotify Connect client intended for the Raspberry Pi. As they’re both ARM devices, the software will run on the Xiaomi bot well enough, but the Linux environment needs a little tweaking. Namely, you need to manually create an Upstart .conf file for the service, as the vacuum doesn’t have systemd installed. There goes another one of those unexpected sentences.

We’re certainly no stranger to robotic vacuum hacking, though historically the iRobot Roomba has been the target platform for such mischief. Other players entering the field can only mean good things for those of us who get a kick out of seeing home appliances pushed outside of their comfort zones.

Continue reading “DJ Xiaomi Spins Beats And Brushes At The Same Time”

Security Engineering: Inside The Scooter Startups

A year ago, ridesharing scooter startups were gearing up for launch. Workers at Bird, Lime, Skip, and Spin were busy improving their app, retrofitting scooters, and most importantly, figuring out the logistics of distributing thousands of electronic scooters along the sidewalks of the Bay Area. These companies were gearing up for a launch in early summer, but one company — nobody can remember exactly who — decided to launch early. First mover advantage, and all. Overnight, these scooter companies burst into overdrive, chucking scooters out of panel vans onto the sidewalk simply to keep up with the competition.

The thing about San Francisco, and California in general, is that it’s a very direct democracy masquerading as a representative government. Yes, there are city council members and a state legislature, but the will of the people will rule. No one liked tripping over the scooters littering the sidewalks, so the scooters ended up at the bottom of a lake. Or in trees. Or in the trash. In time, city permits were issued, just like a hot dog cart or any other business operating on a public sidewalk, and the piles of electric scooters disappeared. Not before hundreds of scooters were vandalized, that is.

It’s still early in the electric scooter rental startup space, but if there’s one company leading the pack, It’s Bird. they’re getting the most press, the CEO was formerly at Lyft and Uber (which explains the press), and they’ve raised nearly a half Billion dollars in funding (which explains the press). Bird is valued at two Billion dollars, and it’s one of four major ridesharing scooter startups. Pets.com had nothing on this.

Despite how overvalued you think a scooter startup might be, they’re still a business, and they’re ruled by the bottom line. Bird has grown a lot in the past year, and with that comes engineering challenges. The Bird scooters must be more resistant to vandalism. The Bird scooters must be harder to steal. Above all else, they must remain in service longer. This is the teardown of how Bird managed to improve their bottom line and engineer a better scooter.

Continue reading “Security Engineering: Inside The Scooter Startups”

The Bedside Light App That Phones Home

Desiring a bedside lamp with a remote control, [Peadar]’s wife bought a Xiaomi Yeelight, an LED model with an accompanying Android app. And since he’s a security researcher by trade, he subjected the app to a close examination and found it to be demanding permissions phoning home to a far greater extent than you’d expect from a bedside light.

His write-up is worth a read for its fascinating run-through of the process for investigating any Android app, as it reveals the level to which the software crosses the line from simple light-controller into creepy data-slurper. The abilities to create accounts on your device, download without notification, take your WiFi details and location, and record audio are not what you’d expect to be necessary in this application. He also looks into the Xiaomi web services the app uses to phone home, revealing some interesting quirks along the way.

This story has received some interest across the Internet, quite rightly so since it represents a worrying over-reach of corporate electronic intrusion. It is interesting though to see commentary whose main concern is that the servers doing the data-slurping are in China, as though somehow in this context the location is the issue rather than the practice itself. We’ve written before about how some mildly sinister IoT technologies seem to bridge the suspicion gap while others don’t, it would be healthy to see all such services subjected to the same appraisal.

As a postscript, [Peadar] couldn’t get the app to find his wife’s Yeelight, let alone control it. That the spy part of the app works while the on-the-surface part doesn’t speaks volumes about the development priorities of its originator.

Image: Xiaomi Yeelight website.

Move Over Baofeng, Xiaomi Want To Steal Your Thunder

To a radio amateur who received their licence decades ago there is a slightly surreal nature to today’s handheld radios. A handheld radio should cost a few hundred dollars, or such was the situation until the arrival of very cheap Chinese radios in the last few years.

The $20 Baofeng or similar dual-bander has become a staple of amateur radio. They’re so cheap, you just buy one because you can, you may rarely use it but for $20 it doesn’t matter. Most radio amateurs will have one lying around, and many newly licensed amateurs will make their first contacts on one. They’re not even the cheapest option either, if you don’t mind the absence of an LCD being limited to UHF only, then the going rate drops to about $10.

The Baofengs and their ilk are great radios for the price, but they’re not great radios. The transmitter side can radiate a few too many harmonics, and the receivers aren’t the narrowest bandwidth or the sharpest of hearing. Perhaps some competition in the market will cause an upping of the ante, and that looks to be coming from Xiaomi, the Chinese smartphone manufacturer. Their Mijia dual-band walkie-talkie product aims straight for the Baofeng’s jugular at only $35, and comes in a much sleeker and more contemporary package as you might expect from a company with a consumer mobile phone heritage. Many radio amateurs are not known for being dedicated followers of fashion, but for some operators the sleek casing of the Mijia will be a lot more convenient than the slightly more chunky Baofeng.

This class of radio offers more to the hardware hacker than just an off-the-shelf radio product, at only a few tens of dollars they become almost a throwaway development system for the radio hacker. We’ve seen interesting things done with the Baofengs, and we look forward to seeing inside the Xiaomi.

We brought you a look at the spurious emissions of this class of radio last year, and an interesting project with a Baofeng using GNU Radio in a slightly different sense to its usual SDR function.

[via Southgate ARC]