Syndicate content Hackaday
Fresh hacks every day
ถูกปรับปรุง 1 ชั่วโมง 22 sec ก่อน

Popping the Top of A Ceramic IC

เสาร์, 04/08/2017 - 03:00

If you’ve ever wanted to open up an IC to see what’s inside it, you have a few options. The ceramic packages with a metal lid will succumb to a hobby knife. That’s easy. The common epoxy packages are harder, and usually require a mix of mechanical milling and the use of an acid (like fuming nitric, for example). [Robert Baruch] wanted to open a fully ceramic package so he used the “cooler” part of a MAP gas torch. If you like seeing things get hot in an open flame, you might enjoy the video below.

Spoiler alert: [Robert] found out the hard way that dropping the hot part isn’t a great idea. Also, we are not sure what the heat does if you want to do more than just inspect the die. It would be interesting to measure a junction on the die during the process to see how much heat actually goes to the device.

The process is really fast: only about 20 seconds. We wondered if a larger part might take a little longer. However, compared to chemical methods, this looked very fast and easy, as long as you don’t mind the heat.

If you get the urge to start opening parts and want to actually probe the surface of the die, don’t forget there is a thin layer of glass over almost the entire chip. This layer–the passivation–is relatively thick and usually only has cutaways around the bonding pads. Getting rid of that layer requires hydrofluoric acid (nasty stuff). You can tell when you got it all by focusing a microscope up and down the edge of bond pad. When you can’t find the edge of the passivation, you are done.

Some people expose ICs dies to study, and some are looking for fake chips. Other times, it is electronic archeology. The last time we saw [Robert] he was building a CPU on an FPGA, so he’s clearly a hacker of wide-ranging interests.

Filed under: misc hacks

Hackaday Prize Entry: WiFi In Wall Switches

เสาร์, 04/08/2017 - 01:30

The Internet of Things and Home Automation are the next big thing, even though we’ve had X10 switches and controllers for forty years. Why the sudden interest in home automation? Cheap microcontrollers with WiFi, ZigBee, and Z-wave, apparently. For this Hackaday Prize entry, [Knudt] is building a WiFi switch, meant to be retrofitted into any Euro wall switch.

There are three parts of [Knudt]’s WiFi wall switch, each of them with different requirements. The top layer is the switch itself and a small OLED display. These switches are really two small capacitive switches, which means there’s no reason to go through the work of sourcing a proper mechanical switch. Good thinking, there. The second layer of this contraption is basically an ESP8266, providing all the logic for this wall switch. The bottom layer is a bit more interesting, housing the 110-230V input, with a Triac or relay. This is where the fun, burny stuff happens.

Right now, you can go down to your local home supply store and simply buy a device like this. History has shown that’s a terrible idea. With home automation cloud services shutting down and security vulnerabilities abound, a DIY or Open Source home automation project really is the best idea. That makes [Knudt]’s project a great entry for the Hackaday Prize.

The HackadayPrize2017 is Sponsored by:
Filed under: home hacks, The Hackaday Prize

PlatformIO and Visual Studio Take over the World

เสาร์, 04/08/2017 - 00:01

In a recent post, I talked about using the “Blue Pill” STM32 module with the Arduino IDE. I’m not a big fan of the Arduino IDE, but I will admit it is simple to use which makes it good for simple things.

I’m not a big fan of integrated development environments (IDE), in general. I’ve used plenty of them, especially when they are tightly tied to the tool I’m trying to use at the time. But when I’m not doing anything special, I tend to just write my code in emacs. Thinking about it, I suppose I really don’t mind an IDE if it has tools that actually help me. But if it is just a text editor and launches a few commands, I can do that from emacs or another editor of my choice. The chances that your favorite IDE is going to have as much editing capability and customization as emacs are close to zero. Even if you don’t like emacs, why learn another editor if there isn’t a clear benefit in doing so?

There are ways, of course, to use other tools with the Arduino and other frameworks and I decided to start looking at them. After all, how hard can it be to build Arduino code? If you want to jump straight to the punch line, you can check out the video, below.

Turns Out…

It turns out, the Arduino IDE does a lot more than providing a bare-bones editor and launching a few command line tools. It also manages a very convoluted build process. The build process joins a lot of your files together, adds headers based on what it thinks you are doing, and generally compiles one big file, unless you’ve expressly included .cpp or .c files in your build.

That means just copying your normal Arduino code (I hate to say sketch) doesn’t give you anything you can build with a normal compiler. While there are plenty of makefile-based solutions, there’s also a tool called PlatformIO that purports to be a general-purpose solution for building on lots of embedded platforms, including Arduino.

About PlatformIO

Although PlatformIO claims to be an IDE, it really is a plugin for the open source Atom editor. However, it also has plugins for a lot of other IDEs. Interestingly enough, it even supports emacs. I know not everyone appreciates emacs, so I decided to investigate some of the other options. I’m not talking about VIM, either.

I wound up experimenting with two IDEs: Atom and Microsoft Visual Studio Code. Since PlatformIO has their 2.0 version in preview, I decided to try it. You might be surprised that I’m using Microsoft’s Code tool. Surprisingly, it runs on Linux and supports many things through plugins, including an Arduino module and, of course, PlatformIO. It is even available as source under an MIT license. The two editors actually look a lot alike, as you can see.

PlatformIO supports a staggering number of boards ranging from Arduino to ESP82666 to mBed boards to Raspberry Pi. It also supports different frameworks and IDEs. If you are like me and just like to be at the command line, you can use PlatformIO Core which is command line-driven.

In fact, that’s one of the things you first notice about PlatformIO is that it can’t decide if it is a GUI tool or a command line tool. I suspect some of that is in the IDE choice, too. For example, with Code, you have to run the projection initialization tool in a shell prompt. Granted, you can open a shell inside Code, but it is still a command line. Even on the PlatformIO IDE (actually, Atom), changing the Blue Pill framework from Arduino to mBed requires opening an INI file and changing it. Setting the upload path for an FRDM-KL46 required the same sort of change.

Is it Easy?

Don’t get me wrong. I personally don’t mind editing a file or issuing a command from a prompt. However, it seems like this kind of tool will mostly appeal to someone who does. I like that the command line tools exist. But it does make it seem odd when some changes are done in a GUI and some are done from the command line.

That’s fixable, of course. However, I do have another complaint that I feel bad for voicing because I don’t have a better solution. PlatformIO does too much. In theory, that’s the strength of it. I can write my code and not care how the mBed libraries are written or the Arduino tools munge my source code. I don’t even have to set up a tool chain because PlatformIO downloads everything I need the first time I use it.

When that works it is really great. The problem is when it doesn’t. For example, on the older version of PlatformIO, I had trouble getting the mBed libraries to build for a different target. I dug around and found the issue but it wasn’t easy. Had I built the toolchain and been in control of the process, I would have known better how to troubleshoot.

In the end, too, you will have to troubleshoot. PlatformIO aims at moving targets. Every time the Arduino IDE or the mBed frameworks or anything else changes, there is a good chance it will break something. When it does, you are going to have to work to fix it until the developers fix it for you. If you can do that, it is a cost in time. But I suspect the people who will be most interested in PlatformIO will be least able to fix it when it breaks.

Bottom Line

If you want to experiment with a different way of building programs — and more importantly, a single way to create and build — you should give PlatformIO a spin. When it works, it works well. Here are a few links to get you started:

Bottom line, when it works, it works great. When it doesn’t it is painful. Should you use it? It is handy, there’s no doubt about that. The integration with Code is pretty minimal. The Atom integration — while not perfect — is much more seamless. However, if you learn to use the command line tools, it almost doesn’t matter. Use whatever editor you like, and I do like that. If you do use it, just hope it doesn’t break and maybe have a backup plan if it does.

Filed under: Arduino Hacks, ARM, Hackaday Columns, reviews, Skills

Drinkable Clouds Get You Second-Hand Drunk

ศุกร์, 04/07/2017 - 22:31

While the rise of electronic cigarettes and vaping has led to many aggravated bystanders, an installation in Germany may have found a vapor of a different ilk. Rather than nicotine, this cloud of vapors is full of tequila which precipitates out into glasses (or people) who happen to be nearby.

The cloud generator uses ultrasonic devices to vibrate the tequila molecules until they form a fine mist. The mist is delivered outward towards the sculpture, where a delicious cloud forms. From there, the cloud literally rains tequila out into its original, drinkable tequila form. It appears to take a while to gather enough tequila from the cloud, though, so there is a convenient tap on the side that will dispense it without all the rigmarole.

Basically this is a nebulizer which is using tequila and dispersing the output rather than directing it. You’re unlikely to get a large enough gasp for inebriation, but technically there is an opportunity a risk here of becoming second-hand drunk.

The installing is an effort by the Mexican Tourism Board to encourage Germans to take a break from the rain in favor of visiting sunny Mexico, we’d have to say that the effort seems to be a success. Once there, hopefully any visitors will be able to enjoy a perfect margarita or two as well.

Filed under: misc hacks

Is My Password Safe? Practices for People Who Know Better

ศุกร์, 04/07/2017 - 21:01

A couple of weeks back a report came out where [Tavis Ormandy], a widely known security researcher for Google Project-Zero, showed how it was possible to abuse Lastpass RPC commands and steal user passwords. Irony is… Lastpass is a software designed to keep all your passwords safe and it’s designed in a way that even they can’t access your passwords, the passwords are stored locally using strong cryptography, only you can access them via a master-key. Storing all your passwords in only place has its downfalls. By the way, there is no proof or suggestion that this bug was abused by anyone, so if you use Lastpass don’t worry just yet.

But it got me thinking, how worried and how paranoid should a regular Internet user should be about his password? How many of us have their account details exposed somewhere online? If you’ve been around long enough, odds are you have at least a couple of accounts on some major Internet-based companies. Don’t go rushing into the Dark Web and try to find if your account details are being sold. The easiest way to get your paranoia started is to visit Have I Been Pwned. For those who never heard about it, it’s a website created by [Troy Hunt], a well-known security professional. It keeps track of all known public security breaches he can get his hands on and provides an answer to a simple question: “Was my account in any major data leak?” Let’s take a look.

Yes. Yes it was. One of my oldest accounts was already involved in 5 major leaks and 1 minor leak. Some of them contain pretty sensitive information (no, I did not have an Ashley Madison account). The website claims to have logged over a staggering 2.6 Billion accounts. Notice the B in Billion. That’s more accounts than the entire human population in 1950. Of course, a lot of those accounts overlap and some that I examined are not 100% accurate but it is still a very high number.

Here you can see the top ten sites to leak passwords.

Does Someone Know My Password?

Notice that the Yahoo breach is not there, add 1 Billion accounts more, plus another 500 Million on another Yahoo breach. Does this mean that the attackers automatically have my password? Well, it’s not that easy.

When you create an account somewhere and send in your data, your password is not (hopefully) stored in clear text. Usually it is not stored at all, only an irreversible hash representation of it. In a nutshell, instead of storing the plain text password, a cryptographic hash function is used to calculate a value based on your password and this is value is what gets stored. There is no way to reverse the process and get the password from the stored value. This is the good news.

The bad news is that the hash function chosen by the website can be critical for your security in the event of a data leak and you have no control over that. Despite the fact there is no way for an attacker to reverse a cryptographic hash function, it is pretty easy to test if a given password matches a given hash function output value. This is a process known as brute-forcing; a program runs every possible combination of passwords through the algorithm and compares it to the leaked hash value. If they match, they know your password. This is why longer passwords with more character variety (punctuation, capitalization, etc.) is universally recommended — it’s harder to brute force.

Just as a reference, an attacker with an already outdated AMD HD 5970 graphics card could brute force different hash function implementations at the speeds shown here in millions of tries per second.

As you can see, a website that chooses the right hash function to store its passwords can dramatically reduce the speed at which a brute force attack can run by several orders of magnitude (in case of a leak). These numbers represent the attacker using just one, fan cooled, graphics card. Imagine using a data center, refrigerated by 1.7 Million gallons of water, like NSA Utah Data Center. But let’s not dwell into state sponsored attacks.

The hash function can (and should) be complemented by using what is called a salt. A salt is essentially a random number ‘added’ to the password before the hash function runs. This ensures that the same passwords result in a different hash output values, so that if an attacker cracks any given password in a list other users that share that password are not affected since their salt is different. This adds an additional layer of security.

Not all leaks are alike in severity. For example, The NetEase leak contained clear-text passwords, pretty much as bad as it gets. The Yahoo leak contained some MD5 hashes. The LinkedIn leak contained SHA-1 hashed passwords in which no salt was used. The following days more than 90% of all passwords had been cracked. The Dropbox leak had usernames and salted hashes of passwords, half of them SHA1, half of them bcrypt, which is pretty good given the circumstances. Leaks security impact mileage varies a lot.

So What Can You Do? Trust No One.

It’s clear that you cannot trust any website when providing your password since you usually have no choice or knowledge on how they will handle it. Since you can’t enforce any website into safely storing your password, what can you effectively do? Well, you can stop using 123456 as a password. And I don’t mean use the more secure version, 123456789, either. You! Yes, you!

I know, I know, Hackaday readers are an informed audience and surely have not chosen any password in the 2016 most common passwords but if this warning worked for one person that’s already worth the pun. There is just no way to believe that 17% of the folks reading this right now use them. Right?

No matter how good the algorithms are and how they are used, no security can protect the users from their own selfs. Can you answer this in all honesty that you have never had a Top 25 password?

  • Don’t choose obvious passwords. Really don’t. Even if you think no one cares about you or your particular account and you’ll never be a target of a malicious attacker. This include words, names, dates, phone numbers. Ideally use lower/upper case letters with numbers with 10 or more chars.
  • Don’t choose obvious security answers either. What good is it a 30 chars long password when your security question is your mothers maiden name?

Since you can’t control how passwords are stored, don’t use the same password for all your accounts. This one can get tricky. It can be hard to remember that extra secure password, but chose one different for every account? That’s just too hard. In case you don’t happen to have photographic memory, you can reduce the number of passwords you need to remember by categorizing your accounts into different types. Less sensitive accounts can have an easier to remember password, but this does not mean 123456 is acceptable.

  • When possible, use two factor authentication (2FA). An increasing number of websites already provide 2FA, either via email or SMS. This can drastically reduce the impact of a stolen/leaked password. Consider using a hardware token in critical accounts, like Yubikey.
  • Check online for any leaks that might have affected you. Change your passwords accordingly. If you used it on multiple websites, they too must be changed.

Some say to use a password manager.  I must admit I dislike putting all my eggs in the same basket. It has advantages and disadvantages, you should definitely think about it and make an informed decision if this is right for you.

My Advice: Do Your Own Thing

When writing this article I keep thinking common sense. But common sense is not enough. Working in the security industry I know how hard it can be implementing an effective password policy in a company. It’s easy to talk about in theory, and a pain to approach in practice. If you make it too complicated, you’ll start seeing post-it notes appearing everywhere. Make it too simple, and successful brute-force attacks start showing up like mushrooms.

My advice is to spend some time thinking about your passwords and find your own thing. What’s your own thing? For some it can be the way that they pronounce their password letters. Despite being random, choosing passwords with some rhyme or musicality when read results in something that sticks in your head. For others it might be invented words from childhood. Throw in some numbers you know but aren’t public or attached to your person. Choose your own sign or punctuation char(s) to mix in.

I understand that this might sound a bit vague but it works. For this to work, it has to be vague, otherwise it’s my thing, not yours (and will probably end up coded somewhere in John-the-Ripper rules). I’ve seen this method turn a room of people into random password generators in less than half an hour but, as everything, it’s takes some persistence. Anyway, my advice is my own, I’m pretty sure a lot of you disagree with the method.

Goldfish Memory

“Good passwords are hard to memorize. I’ll just write them down on a piece of paper.”

Well, there are worst things to do. I mean, where do you put your credit card? If you really can’t memorize it, sure, write it down and keep it safe, like in your wallet. The keep it safe part is important, you don’t leave your credit card around in public places right? I bet you don’t tape it underneath your keyboard either. Over fifteen years ago [Bruce Schneier] saw this coming. Keep a duplicate copy somewhere really safe, like an actual safe. Plan ahead so that if someone steals your wallet or wherever you keep your passwords, you can rapidly change them.

The Future

The future of passwords and overall authentication mechanisms is widely debated. Some say passwords are dead and the future is biometrics. Hackaday has been known to argue against that. Some, like PayPal, say traditional biometrics aren’t the way but an easier to use, “Embeddable, Injectable and Ingestible Device” solution is ideal. What if you could authenticate just by thinking about it? And how would that unique identifiable data would be stored? Would we gain security or just trade the challenges we face now for another set of challenges?

In any case, remember, “password” is not a good password.

Filed under: Featured, Interest, security hacks, slider

Propeller Backpack for Lazy Skiers

ศุกร์, 04/07/2017 - 18:01

At first glance, it looks eerily similar to Inspector Gadget’s Propeller Cap, except it’s a backpack. [Samm Sheperd] built a Propeller Backpack (video, embedded after the break) which started off as a fun project but almost ended up setting him on fire.

Finding himself snowed in during a spell of cold weather, he found enough spare RC and ‘copter parts to put his crazy idea in action. He built a wooden frame, fixed the big Rimfire 50CC outrunner motor and prop to it, slapped on a battery pack and ESC, and zip-tied it all on to the carcass of an old backpack.

Remote control in hand, and donning a pair of Ski’s, he did a few successful trial runs. It looks pretty exciting watching him zip by in the snowy wilderness. Well, winter passed by, and he soon found himself in sunny California. The Ski’s gave way to a bike, and a local airfield served as a test track. He even manages to put in some exciting runs on the beach. But the 10S 4000 mAH batteries seem to be a tad underpowered to his liking, and the motor could do with a larger propeller. He managed to source a 12S 10,000 mAH battery pack, but that promptly blew out his Aerostar ESC during the very first static trial.

He then decided to rebuild it from ground up. A ten week welding course that he took to gain some college credits proved quite handy. He built a new TiG welded Aluminium frame which was stronger and more lightweight than the earlier wooden one. He even thoughtfully added a propeller safety guard after some of his followers got worried, although it doesn’t look very effective to us. A bigger propeller was added and the old burnt out ESC was replaced with a new one. It was time for another static trial before heading out in to the wide open snow again. And that’s when things immediately went south. [Samm] was completely unaware as the new ESC gloriously burst in to flames (8:00 into the third video), and it took a while for him to realize why his video recording friend was screaming at him. Check out the three part video series after the break to follow the story of this hack. For a bonus, check out the 90 year old gent who stops by for a chat on planes and flying (8:25 in the third video).

But [Samm] isn’t letting this setback pin him down. He’s promised to take this to a logical finish and build a reliable, functional Propeller Backpack some time soon. This isn’t his first rodeo building oddball hacks. Check out his experiment on Flying Planes With Squirrel Cages.

We seem to be catching a wave of wind-powered transportation hacks these days. Hackaday’s own [James Hobson] spent time in December on a similar, arguably safer, concept. He attached ducted fans to the back of a snowboard. We like this choice since flailing limbs won’t get caught in these types of fans.



Thanks [Itay], for the tip.

Filed under: drone hacks, transportation hacks

File Format Posters

ศุกร์, 04/07/2017 - 15:01

It’s not uncommon for hackers to have a particular delectation for unusual interior decoration. Maybe it’s a Nixie tube clock, or a vacuum fluorescent display reading out the latest tweets from a favorite chatbot. If this sounds like your living room already, perhaps you’d like some of these file format posters to adorn your walls.

The collection of images includes all kinds of formats — GIF, ZIP and WAV are all represented, but it even gets into some real esoterica — DOLphin format executables are here if you’re a total GameCube fanatic. Each poster breaks down the format into parts, such as the header, metadata and descriptor sections, and come in a variety of formats themselves — most available in SVG, PDF and PNG.

If we’re totally honest, these aren’t all designed for hanging on your wall as-is — we’d consider putting some work into to optimize the color palettes and layouts before putting these to print. But regardless, they’re an excellent visual representation of data structures that you might find particularly useful if you need to do some reverse engineering down the track.

If you still have wall space available after seeing this, here’s the electronic reference poster that should fill it.

[Thanks to JD for the tip!]

Filed under: misc hacks, slider

Vintage Telegraph Sounder Clicks Again

ศุกร์, 04/07/2017 - 12:00

It’s sad, when you think about it: a retired railroad telegraph operator, who probably once pounded out code at 40 words per minute, with a collection of vintage sounders silently gathering dust on a shelf. [kthrace] decided to do something about that, and built this Morse sender to bring those old sounders back to life.

As archaic as Morse might seem, it’s a life skill, one the 92-year old former brass-pounder for whom this was built was eager to practice again. There are code practice oscillators, of course, but dits and dahs are no substitutes for the electromagnetic clicks and clacks that once filled this old fellow’s days. There’s not much information on the circuit, but it looks like [kthrace] chose a RedBoard to read Morse from an SD card and drive some relays to support up to four sounders; that’ll make a racket! The case is custom made and nicely complements the wood and brass of the J.H. Bunnell and Co. sounder, which still sounds great after all these years.

Test your Morse skills in the video below – copying code is a lot harder from a sounder than from an oscillator. Find yourself in need of practice? We’ve got you covered.

[via r/DIY]

Filed under: classic hacks

That Sucks! Death of a Tesla Coil

ศุกร์, 04/07/2017 - 09:00

[Electroboom] always has some entertaining videos. He recently tried to run his Tesla coil in a vacuum. The video shows some interesting results, along with his usual bleeped out expletives as he drills into his hand and suffers other indignities in the name of electronics.

Unfortunately, a bit of extra bolt caused the coil to arc internally, eventually leading to the impressive device shuffling off its mortal… um, well, let’s just say its untimely demise. Along the way, though, you get to see some interesting techniques for building a silicone seal for the vacuum chamber, and some neat Tesla coil tricks with a closed off syringe.

We were a little concerned for [Electroboom’s] safety when he calculated the force on his bell jar was about 6,000 pounds. After all, he’s not known for a stellar safety record. However, he surmised that the symmetry of the jar caused most of the force to cancel out. He even tested the theory. Still, if you try this, be sure to be careful. He could have probably stood at least eye protection, just in case.

[Electroboom] isn’t the first person to have put a coil in a vacuum chamber, but he may be the most humorously injured person to attempt it. If the high input voltages worry you, perhaps you can try this variation. Or, if you don’t want to build such a large vacuum chamber, you could do always get small or even go solid state, for the best of both worlds. On the other hand, if you have a coil, there’s a lot of fun you can have with them, without melting it down in a vacuum.

Filed under: classic hacks

Two-Piece Boxes Thanks to Laser-Cut Flex Hinges

ศุกร์, 04/07/2017 - 06:00

It sounds like a challenge from a [Martin Gardner] math puzzle from the Scientific American of days gone by: is it possible to build a three-dimensional wooden box with only two surfaces? It turns out it is, if you bend the rules and bend the wood to make living hinge boxes with a laser cutter.

[Martin Raynsford] clearly wasn’t setting out to probe the limits of topology with these boxes, but they’re a pretty neat trick nonetheless. The key to these boxes is the narrow to non-existent kerf left by a laser cutter that makes interference fits with wood a reality. [Martin]’s design leverages the slot and tab connection we’re used to seeing in laser-cut boxes, but adds a living flex-hinge to curve each piece of plywood into a U-shape. The two pieces are then nested together like those old aluminum hobby enclosures from Radio Shack. His GitHub has OpenSCAD scripts to parametrically create two different styles of two-piece boxes so you can scale it up or (somewhat) down according to your needs. There’s also a more traditional three-piece box, and any of them might be a great choice for a control panel or small Arduino enclosure. And as a bonus, the flex-hinge provides ventilation.

Need slots and tabs for boxes but you’re more familiar with FreeCAD? These parametric scripts will get you started, and we’ll bet you can port the flex-hinge bit easily, too.

Filed under: laser hacks, misc hacks

Remotely Get Root On Most Smart TVs With Radio Signals

ศุกร์, 04/07/2017 - 03:00

[Rafael Scheel] a security consultant has found that hacking smart TVs takes nothing much more than an inexpensive DVB-T transmitter, The transmitter has to be in range of the target TV and some malicious signals. The hack works by exploiting hybrid broadcast broadband TV signals and widely known about bugs in web browsers commonly run on smart TVs, which seem run in the background almost all the time.

Scheel was commissioned by Cyber security company Oneconsult, to create the exploit which once deployed, gave full root privileges enabling the attacker to setup and SSH into the TV taking complete control of the device from anywhere in the world. Once exploited the rogue code is even unaffected by device reboots and factory resets.

Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways, Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone. – Rafael Scheel

Smart TV’s seem to be suffering from  IoT security problems. Turning your TV into an all-seeing, all-hearing surveillance device reporting back to it’s master is straight out of 1984.

A video of a talk about the exploit along with all the details is embedded below.

Filed under: Network Hacks, security hacks

Hackaday Prize Entry: Pocket Serial Terminal

ศุกร์, 04/07/2017 - 01:30

When you have a microcontroller or other microcomputer on the bench in front of you and it lacks the familiar keyboard and display of a modern desktop computer, what do you do when you wish to program it or otherwise issue commands? Unless you are a retro computer enthusiast who longs for a set of Altair-style toggle switches, the chances are you’ll find its serial port and attach a terminal.

Serial terminals, devices containing a screen and keyboard hooked up to send and display text from a serial port, used to be a staple of computing, but as standalone devices, they’re now rather rare. In most cases nowadays using a serial terminal will mean opening up a terminal emulator in your modern OS, Linux, Windows, or MacOS, but there is still a use for standalone hardware. [Kuldeep Singh Dhaka] certainly thinks so, because he’s making an extremely nice portable terminal with an LCD screen.

The terminal emulates a venerable DEC VT-100 terminal, but since it’s built around an STM32F105 ARM microcontroller we’re sure it could emulate other models with appropriate software. It takes either a USB or a PS/2 keyboard, so we’d expect to see it paired with a suitably tiny portable keyboard when it in use. There is no source code available for it yet since this is very much still a project in development that we’re featuring now because it is a 2017 Hackaday Prize entry, but he assures us that code will be on its way and it will be GPL licenced.

He’s even posted a video that we’ve placed below the break of the device in operation, connected to a machine running MicroPython. We’d probably turn off that beep, though.

If you’d like to see a real VT100, here’s one we showed you receiving a BeagleBone. But if home-made terminals are your thing, then a LED screen is where it’s really at.

The HackadayPrize2017 is Sponsored by:
Filed under: ARM, The Hackaday Prize

The Best Of VCF East

ศุกร์, 04/07/2017 - 00:01

Last weekend was the Vintage Computer Festival East in Wall, New Jersey. While this yearly gathering of nerds nerding out on old computers might be a bit too obscure for some, there are always amazing exhibits of actual historical importance. A few Enigma machines showed up, and the rarest Commodore goodies made an appearance. We saw the pre-history of Hackaday and ‘maker’ culture with Southwest Technical Products Corporation, and found out it was probably, possible to build a RepRap in the 80s. You can’t know where you’re going unless you know where you came from, and even though the old timers were a bit more grizzled than us the Vintage Computer Festival shows how little things have actually changed.

What was the coolest and weirdest stuff at VCF? What does the Silverball pinball museum look like? Check that out below.

Weird Inductive Mice

The consignment/vendor area is always a great place to check out the also-rans of computing history. Before everyone had a mouse, CAD designers, and artists needed a way to precisely map an absolute position on a piece of paper to an absolute position in a design program. The solution was the Numonics Grid Master and other inductive/electromagnetic mice. Instead of wheels and balls and optical sensors, these mice use a coil and an active mouse pad to precisely map a cursor to real-world dimensions. Now we have Wacoms and scanners and such, but this is one of those technologies I really wish was still around. I found two inductive mice in the consignment shop, twenty bucks would have taken them both home.

Other Consignment Goodies

Offered with minimal comment.

Two Million Dollars Worth Of Apples

If you want to see something spectacular, here’s two million dollars worth of Apple computers. There were three Apple I computers on display at VCF East, one a Mimeo replica (you can build your own for less than $2k), and two originals, one a Byte Shop board, another an NTI model. Only about 200 original Apple Is were ever produced, and the auction prices are consummate with the rarity. Basically, these computers are worth about a million dollars apiece. Why are they worth that much, when [Bil Herd] has rarer and much more interesting tech in his basement? The cult of the turtleneck, or something like that.

Silverball and Tillies

While this isn’t directly related to vintage computers or the Vintage Computer Federation, there is a really neat museum of sorts just a few miles away from VCF East. The Silverball Museum Arcade is a 10-minute drive from VCF, and oh boy is this thing a blast. There are dozens of pinball machines from the 50s to the glory days of the 90s packed into an arcade on the boardwalk. Ten bucks gets you an hour of free play on all the machines, twenty-five gets you in all day, and the entire place smells of funnel cakes.

The curation of this museum/arcade is rather interesting, and it seems like someone at the Silverball museum knows what they’re doing. There are pinball machines from almost every era, and all the machines are very good examples of the state of pinball at the time. There are, of course, a few informational signs placing all the machines in context.

The collection of video games is where this place really stands out. MAME machines are a dime a dozen, and a well-built cabinet can recreate most of the classic arcade games. However, there are a few games with weird controls (the trackball for Centipede, the rotary controller for missile command, and whatever Asteroids is trying to be). MAME machines usually don’t bother with these early experiments in user input. Most of the arcade games in the Silverball museum use these strange control schemes, making this one of the best hands-on museums for vintage arcade tech.

This is not the best Jersey boardwalk arcade I’ve ever been to. That title goes to Seaside Heights before MTV, Sandy, and a fire tore through the place. I’m not sure those arcades even exist anymore (Hackaday meetup idea?), but the Silverball museum is an awesome way to blow an hour and ten bucks.

VCFs Of The Future

The first Vintage Computer Festival of the year is over, and there’s more to come. Last year, VCF West was on DEF CON weekend, but since that’s been bumped up a week we’ll probably end up in Mountain View during the first weekend in August. VCF Southeast is in Hotlanta at the end of this month, and the midwest con is happening in September.

Filed under: classic hacks, cons, Featured, roundup

Hacking a Vintage TV into an Oscilloscope

พฤ, 04/06/2017 - 22:31

Do you still have an old analog CRT  television lying around? With the advent of digital signals, analog TV´s are going to the dumpster or the recycling center. But you can still put them to good use, just as [GreatScott!] did, by converting the TV into a crude oscilloscope.

The trick is to take control of the two deflection coils that move the electron beam inside the CRT in the horizontal and vertical directions. The video describes in detail the process of identifying the coils and using an Arduino nano in combination with a DAC to amplify the input signal in order to get the waveform in the TV screen. Step by step explanations and great editing make this project delightful to watch.

Even if you do not follow [GreatScott!]´s steps to build a simple oscilloscope, don´t throw away that vintage TV!, it is a great source of analog parts. The flyback transformer can be used to make a high voltage power supply, and you also get some nice high voltage capacitors (both electrolytic and mylar ones), the horizontal output transistor which is a high voltage one, ferrite transformers, magnet wire, plus a lot of other small parts. Other uses for old TV sets that you may want to try is to convert your TV into a gaming console, or  an audio synthesizer controlled by drawing with a light-sensitive pen on a CRT television.

Filed under: classic hacks, tool hacks

Tracking Index Test

พฤ, 04/06/2017 - 21:01

In an earlier article, I covered Fire Hazard Tests that form an important part of safety testing for electronic/electrical products. We looked at the standards and equipment used for abnormal heat, glowing wire and flame tests. A typical compliance test report for an appliance, such as a toaster, will be a fairly long document reporting the results for a large number of tests. Among these, the section for “Heat and Fire” will usually have the results of a third test – Tracking. It’s a phenomena most of us have observed, but needs some explanation to understand what it means.

What is Tracking ?

Tracking is a surface phenomena on an insulating material. When you have two conducting terminals or tracks at a high voltage (higher than 100 VAC) separated by an insulator, a combination of environmental factors such as dust, moisture and thermal cycling could cause minute leakage currents to flow on the surface between the conductors. Over time, the deposits carbonize and the surface current increases. Eventually, a carbon track forms over the surface of the insulator making it conductive at a particular “tracking” voltage. Finally, a short circuit is created between the two conductors which may also lead to fire. Worse, it’s possible that the tracking current could be lower than the rating of the protective fuse in the appliance, which will prevent the electrical supply from being cut off, creating a fire hazard. Tracking can be avoided by using the right kind of insulating materials and adequate creepage and clearance distances. One of the reasons for adding a slot between adjacent high voltage terminations or tracks on a PCB is to take care of tracking.

Test Standards

It’s impossible to conduct such tests according to real world conditions, so a standardized procedure is needed which can produce results that allow different materials to be compared. The IEC’s Technical sub-committee 15E was previously entrusted with the work of creating and maintaining tracking index methods and standards. Considering the importance of this standard and its wide implications, this work is now handled by TC 112 — Evaluation and qualification of electrical insulating materials and systems.

TC 112’s document IEC 60112 defines a “standardized method for the determination of the proof and the comparative tracking indices of solid insulating materials” for voltages up to 600 VAC, and provides information on how to design a suitable test equipment. The ASTM has an equivalent document — ASTM D3638 as does the UL — UL 746A-24. A more severe test is covered under IEC 60587 — “Electrical insulating materials used under severe ambient conditions – Test methods for evaluating resistance to tracking and erosion”. This test is often referred as the inclined plane tracking and erosion test and specifies test voltages up to 6 kV. But for now, let’s just look at the low voltage test as per IEC 60112.


A sample of at least 20 mm x 20 mm with a minimum thickness of 3 mm is required for testing, with a set of five samples being tested each time. If the test product cannot provide a sample of these dimensions, then tiles of the insulating material need to be specifically produced using the same moulding process as used in actual production. The sample is supported on a horizontal glass platform. Two chisel-edged platinum electrodes are placed over the sample, separated by a gap of 4 mm. A voltage adjustable between 100 to 600 VAC is applied to these electrodes. The electrodes weigh down on the sample with a force of 1 N via dead weights.

The electrical supply to the electrodes needs to be current limited. For all voltages between 100 V to 600 V, the short circuit current across the electrodes must be limited to 1 A. This is usually done by means of a series variable resistor (rheostat). In some equipment designs, the Variac (variable auto-transformer) for adjusting the voltage is mechanically coupled to the rheostat ensuring the short circuit current is always limited to 1 A. An additional, smaller value rheostat is used for minor trimming. The standard further specifies that after setting the open circuit voltage, the measured voltage at 1 A current should not drop by more than 10% (load regulation). This makes transformer design a bit tricky. At low voltages, there isn’t enough magnetic coupling between the windings, causing higher drops at lower voltages. One solution is to use two secondary windings of about 350 V each which are connected in parallel for test voltage below 300 V, and in series for higher voltages. But there are other ways of satisfying this requirement too. It’s just one example of how the designer needs to look at every requirement in the standard and then figure out how to implement it in the test equipment.

The short-circuit current is just a limiting requirement of the electrical source connected to the electrodes. The more critical setting is the “tripping” current which needs to be set to 0.5 A above which the source must be disconnected from the electrodes. The tripping sensor needs to have a time delay of two seconds before it trips and the reason for this setting will become clear a bit later.

Environmental contamination is simulated by a salt solution — usually ammonium chloride having a concentration of 0.1%. An alternate solution is prescribed for more stringent testing. While applying the test voltage across the electrodes, one drop of the electrolyte is dropped over the test sample between the electrodes every 30 seconds for a total of 50 drops. The size of each drop needs to be adjusted such that 50 drops weigh roughly 1.075 grams and 20 drops weigh 0.430 grams. This can be achieved by careful selection of the needle diameter used for the drops as well as the delivery mechanism. Some designs use a gravity feed, solenoid operated device while others use a peristaltic pump. Another way is to use an air pump which forces the liquid out of its container by forcing air in to it. The test sample passes if it survives 50 drops without triggering the over current sensor. The sample fails if the over-current sensor gets triggered or if it catches fire, at which point the electrical supply needs to be disconnected immediately.

When a drop falls over the sample across the electrodes, most of the electrical current flows through the liquid since it is conductive. This causes a current spike that quickly boils off most of the salt solution, and generally lasts for a second or two. During this two-second duration, the over-current device is programmed not to trip. With most of the water having evaporated, some of the salt is left behind as a deposit over the sample, which causes “tracking” current to flow over its surface. A while later, you will also notice some scintillation effect (sparking) as the leftover salt crystals burn out when the current flows through them.

The results of a tracking test are reported in two different ways. A Proof Tracking Index test (PTI) is usually carried out at 175 V to confirm that the sample can survive 50 drops. On the other hand, a Comparative Tracking Index test is performed over a range of voltages, incrementing the test voltage by 25 V for each succeeding test. The number of drops is always set at 50. The CTI value is determined as the highest voltage at which the sample withstands 50 drops. In some cases, the sample must also pass the test at 25 V less than the CTI voltage for a duration of 100 drops. Depending on the CTI value, the insulator is assigned a Performance Level Category with PLC0 being the highest and PLC5 being the lowest.

It’s always fascinating looking at a sample undergoing the Tracking Index Test — check out the video below. When you look at data sheets for plastic materials, the Tracking Index value will always be reported under it’s electrical properties. Paper Phenolic, which was the PCB substrate used before the advent of fibreglass, usually has a very low tracking index value (depending on its composition), ranging between 100 V to 175 V. On the other hand, depending on composition and filler materials, fibreglass substrates such as FR4 can have CTI values ranging from 175 V up to about 300 V or higher.

If you have ever seen a PCB (not the components on it), give off Magic Smoke, then you’ve seen the effects of Tracking in action. With good design, taking into consideration proper creepage and clearance distances, it is one of the failure modes which can be prevented.

Filed under: Curated, Engineering, Hackaday Columns

3D Printed Key-Code is Plastic Digital Logic

พฤ, 04/06/2017 - 18:01

3D printers are great for creating static objects, but if you’re clever, it’s possible to print functional devices. If you’re absolutely brilliant you can go far beyond that, which is the case here. This door handle with a key-code lock does it all with 3D printing using mechanism designs that look like alien technology. This is just one application of a much more interesting mechanical digital logic they’re developing (PDF).

Working from the [Hasso-Plattner-Institut], the research team is focusing on metamaterials as mechanisms in and of themselves. The crux of this lock is a series of bistable springs that — if the correct code is entered — will trigger in series to unlock the door. The project builds on the grid of shearing cells seen in the door handle we featured last year. It happens quickly in the video, but the intricate cascade of the handle unlocking is a treat to witness.

It’s a fascinating show of mechanical design. The common elements of digital electronics are all present: set or unset bits, logic gates, propagation issues, the whole works. But there are added challenges in this system, like the need for special cells that can turn the logic chain by 90 degrees and split the signal into more than one part.

This signal splitting is seen in the upper right (bifurcation) and leads into what is in effect an amplifier. The locking bolt must be moved twice the distance of a normal cell, so a dual-cell input is necessary to offset the loss of force from the incoming smaller cells. Cognitively we understand this, but we’re still trying to gain an intuitive sense of the amplifer mechanism.

One thing’s for sure, the overall concept is far cooler than this admittedly awesome door lock mechanism. The paper is worth your time for a deep dive. It mentions their design editor software. You can play with it online but we don’t think it’s been updated to include the new logic cells yet.

[Thanks for the tip, Itay!]

Filed under: 3d Printer hacks, computer hacks, slider

Build Your Own In-Fridge Soda Fountain

พฤ, 04/06/2017 - 15:01

Who doesn’t love an ice cold soda? Lots of people, probably. This one’s not for them. It’s for those of us that are tired of having to go through the arduous process of manually opening a bottle and pouring a drink. Wouldn’t it be cool if you could have your own soda fountain at home? [Kedar Nimbalkar] thought so, and built a soda fountain that you can install right inside a fridge.

The system is based around using small pumps marketed as “6V DC air pumps” on Amazon. [Kedar] uses an indirect method of pumping the soda in this project. It’s a sad fact that it’s hard to find a cheap pump that’s safe to use with fluids for human consumption, and on top of that, many types of pump out there aren’t self-priming. This means the pump needs to be charged with fluid to work, which can make changing empty bottles a real pain.

Instead of pumping the fluid directly, the pumps instead push air into the top of the sealed soda bottles, which forces soda out of another tube in the bottle. This means that the pumps themselves don’t have direct contact with the soda which is a great design when working with stuff you’re going to put in your body. Following on from this careful design, the tubing selected is food safe. Unfortunately, even though the pumps don’t directly touch the soda itself, it’s highly unlikely the pumps chosen (designed for aquariums) are genuinely food-safe themselves.

When you’re building a beer funnel setup for Australia Day/4th of July/Other, using all manner of industrial or agricultural fittings may be a relatively low risk, as it’s a one-off exposure. But if you’re building a system handling products for human ingestion that you’re using on a regular basis, you really do want to make sure that the parts you use aren’t slowly poisoning you. There’s many ways this can happen — parts may corrode or react with substances in the food, plastics may outgas, or there may be lubricants in the parts that have toxic compounds in them. Just look what can happen if you drink wine out of a gun barrel — and that was from a single exposure!

Overall it’s a cool project, and one that would be especially fun and educational to do with children. Young humans are well known for their predilection towards sugary beverages, and have minds ready to be filled with knowledge about pumps, safe food handling practices, and of course, electronics. We also like [Kedar]’s use of commonly available materials, like a plastic food container for the enclosure. The project would be a great starter on your way to building a more complicated cocktail-mixing barbot. Video after the break.

We know peristaltic pumps are the go-to for safe liquid pumping. Anyone know a hacker friendly way of pumping air while ensuring all parts of the system are food safe? The most creative solution we’ve seen is to use breast pumps but it wasn’t ideal. Let us know your own tricks in the comments!

Filed under: cooking hacks, home hacks

A Walk-In Broadcast Transmitter

พฤ, 04/06/2017 - 12:00

[Mr. Carlson] likes electronics gear. Mostly old gear. The grayer the case, the greener the phosphors, and the more hammertone, the better. That’s why we’re not surprised to see him with a mammoth AM radio station transmitter in his shop. That it’s a transmitter that you can walk into while it’s energized was a bit of a surprise, though.

As radio station transmitters go, [Mr. Carlson]’s Gates BC-250-GY broadcast transmitter is actually pretty small, especially for 1940s-vintage gear. It has a 250 watt output and was used as a nighttime transmitter; AM stations are typically required to operate at reduced power when the ionosphere is favorable for skip on the medium frequency bands. Stations often use separate day and night transmitters rather than just dialing back the daytime flamethrower; this allows plenty of time for maintenance with no interruptions to programming.

If you enjoy old broadcast gear, the tour of this transmitter, which has been rebuilt for use in the ham bands, will be a real treat. Feast your eyes on those lovely old bakelite knobs and the Simpson and Westinghouse meters, and picture a broadcast engineer in white short sleeves and skinny tie making notations on a clipboard. The transmitter is just as lovely on the inside — once the plate power supply is shut down, of course, lest [Mr. Carlson] quickly become [the former late Mr. Carlson] upon stepping inside. Honestly, there aren’t that many components inside, but what’s there is big – huge transformer, giant potato slicer variable caps, wirewound resistors the size of paper towel tubes, and five enormous, glowing vacuum tubes.

It’s a pretty neat bit of broadcasting history, and it’s a treat to see it so lovingly restored. [Mr. Carlson] teases us with other, yet larger daytime transmitters he has yet to restore, and we can’t wait for that tour. Until then, perhaps we can just review [Mr. Crosley]’s giant Cincinnati transmitter from the 1920s and wait patiently.

Filed under: classic hacks, radio hacks

Flux Capacitor Prop With Christopher Lloyd’s Stamp Of Approval

พฤ, 04/06/2017 - 09:00

We love our props here at Hackaday, and whenever we come across a piece from the Back To The Future fandom, it’s hard to resist showcasing it. In this case, [Xyster101] is showing of his build of Doc Brown’s Flux Capacitor.

[Xyster101] opted for a plywood case — much more economical than the $125 it would have cost him for a proper electrical box. Inside, there’s some clever workarounds to make this look as close as possible to the original. Acrylic rods and spheres were shaped and glued together to replicate the trinity of glass tubes, 3/4″ plywood cut by a hole saw mimicked the solenoids, steel rods were sanded down for the trio of points in the centre of the device and the spark plug wires and banana connectors aren’t functional, but complete the look. Including paint, soldering and copious use of hot glue to hold everything in place, the build phase took about thirty hours.

The LEDs have multiple modes, controlled by DIP switches hidden under a pipe on the side of the box. There’s also motion sensor on the bottom of the case that triggers the LEDs to flicker when you walk by. And, if you want to take your time-travel to-go, there’s a nine volt plug to let you show it off wherever — or whenever — you’re traveling to. Check out the build video after the break.

With this flux capacitor in hand, grab this time circuit display and cram them both into eD, the electric DeLorean, and you’re well on your way to living in the future.

[Via Imgur]

Filed under: Arduino Hacks

VCF: Popular Electronics And Southwest Technical Products Corporation

พฤ, 04/06/2017 - 06:01

Hackaday owes a lot to the hobbyist electronics magazines of yesteryear. Back in the day, Popular Electronics and Radio-Electronics would publish projects and articles about DIY electronics – more or less the same editorial purview we hold today. Some of these projects would become full-fledged products, and you need only look at the Altair for what can happen at this confluence of publishing and engineering.

One of the more popular companies to come out of these hobbyist trade magazines was SWTPC, or Southwest Technical Products Corporation. This was the company that brought one of the first microcomputers to the masses with the SWTPC 6800. This wasn’t just a homebrew microcomputer company – there were Nixie clocks, test gear, and stereo preamplifiers – all things that could easily find a place on the pages of Hackaday today.

This year at the Vintage Computer Festival East, [Michael Holley] brought out the test gear he’s been collecting for the past few decades. These are machines that wouldn’t be out of place on any DIY electronics blog today. This is by all accounts the pre-history of the maker movement.

Interesting items in the exhibit include the Popular Electronics Digi-Vista, a digital clock laden with Nixie tubes from the December 1970 edition. The construction of this clock seems bizarre today – the Nixies are mounted at a right angle to individual boards connected to a backplane. Today, when you can build a Nixie clock as an example of how to lay out a PCB. Back when you could buy traces at Radio Shack, not so much.

But of course the most well-known product from SWTPC was the 6800, a backplane microcomputer based on the Motorola 6800. Combine this with SWTPC’s improvement on the TV Typewriter from a few years before, and you had a complete computer system a year before the Apple I was available. This was the height of consumer technology at the time.

Filed under: classic hacks, cons