HOME > RSS > TECHNOLOGY > hack a day

R S S : hack a day


PageRank : 2 %

VoteRank :
(0 - 0 vote)





tagsTags: , , , , , , ,


English

RSS FEED READER



2017: The Year of the Dishwasher Security Patch

28 March, by Lewin Day[ —]

As if Windows Update wasn’t bad enough, one has to deal with a plethora of attention-hungry programs and utilities all begging for a continual stream of patches from the Internet. It’s exhausting, but unfortunately also par for the course. Many of these updates are to close security vulnerabilities that could otherwise expose your computer to undesirables. The Internet of Things will only expand the amount of hardware and software you need to keep updated and protected on a daily basis. Now, it’s your dishwasher that’s under attack.

The Register reports that Jens Regel discovered the bug in a Miele dishwasher with a webserver. It’s a basic directory traversal attack that can net the intruder the shadow password file. Armed with this, it’s simple to take over the embedded Linux system and wreak havoc on your local network.

It’s not particularly surprising – we’ve talked about IoT security and its pitfalls before. The problem is, a dishwasher is not a computer. Unlike Microsoft, or Google, or even the people behind VLC, Miele don’t have infrastructure in place to push out an update to dishwashers worldwide. This means that as it stands, your only real solutions are to either disconnect the dishwasher from your network, or lock it behind a highly restrictive firewall. Both are likely to impede functionality. Of course, as always, many will ask why a dishwasher needs to be connected to the Internet at all. Why indeed.


Filed under: news

The Midwest RepRap Festival Spectacular

28 March, by Brian Benchoff[ —]

Every year, nestled between a swine auction and beef auction at the fairgrounds in Goshen, Indiana, the world’s greatest 3D-printing meetup happens. The Midwest RepRap Festival draws the greatest minds in 3D printing from around the world, with teams flying in from Prague, Oxford, and Hong Kong. This year was bigger than any other year. Over 1,000 people ventured forth into the sticks to attend this awesome festival dedicated to DIY printers.

What did we see this year? The PartDaddy, SeeMeCNC’s 18-foot-tall delta printer made an appearance. We saw a new extruder from E3D, and an announcement that Open Source filaments will soon be a reality. True color printing with a five filament CMYKW system is weird and cool. DIY resin printers using laser diodes and galvos are now a thing. An Easy Break Oven isn’t broken. Printers with an infinite build volume now exist, and it skirts around a MakerBot patent, too.

There was more to see at MRRF than a single weekend would allow. [Jason Kridner] from BeagleBone was there talking about the latest in fancy single-chip Linux computers. Hackerspaces were there talking about their coolest builds and doing the calculations necessary to strap model rocket engines to 3D printed rockets. A few local colleges sent teams out to talk about their efforts to bring additive manufacturing to their programs. YouTube personalities were there. Check out the rest of the goodies we saw below.

Panoramas while in full swing

Click to embiggen

Double the volume of your $200 Monoprice printer

This weekend, [Bill Steele] brought out his unnamed infinite build volume printer. This was, by far, the most mind-bending innovation we saw at MRRF. This printer was just an experiment, though. [Bill]’s main gig is Polar3D, manufacturers of a printer that isn’t cartesian and isn’t a delta.

[Bill] saw the now-famous $200 Monoprice MP Select Mini printer and figured this was good platform for experimentation. He removed the bed, slapped a gear on the Y-axis motor, and bought a circular mirror at the local craft shop. The result is a Monoprice printer modded to a polar-coordinate printer. It works, and it doubles the build volume of this printer.

The modification to turn the Monoprice printer into a polar printer is actually pretty simple – just a few 3D printed parts are necessary to support the bed, and the drive gear on the bed could probably be a printed part. The hard part is converting normal cartesian G-code into polar G-code, but thanks to the Polar3D printer, [Bill] already has those scripts handy.

The conversion process is relatively simple, and [Bill] says he could sell a kit for about $100. For a $200 printer, that’s not very economical, but it would make a great DIY project.

Squishier Ninjaflex

If you want a part that’s squishy, you’re probably going to pick up a spool of Ninjaflex. Ninjaflex and other TPE and TPU filaments aren’t that squishy, though, which means there’s a market for a Stretch Armstrong of printable plastics. It was at MRRF, and it’s called X60

From a simple grip strength crush test, the X60 filament is much more compressable. It’s much more satisfying to crush than Ninjaflex, and is what you would expect from a truly flexible filament. The only problem with X60 is printing it. Ninjaflex isn’t easy to print with some extruders, and that’s doubly so with X60. Apparently, you can only print X60 with the Flexion extruder. It’s interesting and squishy, though.

Wubba Lubba Dub Dub

Printed Solid brought out their six foot tall Rick from Rick and Morty. Grass tastes bad.

MRRF has a flea market

Last year we noticed something new at MRRF. People were selling spare parts. It was inevitable that a flea market or swap meet would form spontaneously at a 3D printer convention. There were some great deals here, including a The MP Mini Select for $150, a MendelMax 2.0 for $200, an old i2 for $75, and a few quadcopters. If you’re looking to pick up a good printer cheap, MRRF is a great place to do it. Here are the pics:

The second tallest printer at MRRF

[Joe Spanier] from River City Labs brought a monstrous printer to MRRF. The bed isn’t that big, but the vertical build volume is where this thing really shines. This printer can print something seven or eight feet tall. The printer is made out of MDF, with a huge 2 mm nozzle squirting a lot of filament out at a time. The big print here is [mechg]’s single-perimeter rocket plane, scaled a bit too much in the Z-axis.

Can’t wait until next year

MRRF has nearly doubled in size over last year. The Midwest RepRap festival is quickly becoming the defining event for desktop 3D printing and we’re expecting things to be even bigger. MRRF has outgrown its venue, but don’t worry – the Elkhart Country Fairgrounds has much bigger buildings that are available to rent.

MRRF 17 was great, and next year will be even better. We’ll see you there.


Filed under: 3d Printer hacks, cons

Retrotechtacular: Stereo Records

28 March, by Al Williams[ —]

The 20th century saw some amazing technological developments. We went from airplanes to the moon. We went from slide rules to digital computers. Crank telephones to cell phones. But two of the most amazing feats of that era were ones that non-technical people probably hardly think about. The transformation of radio and TV from mono and black and white, to stereo and color. What was interesting about both of these is that engineers managed to find a way to push the new better result into the same form as the old version and — this is the amazing part — do it in such a way that the old technology still worked. Maybe it is the rate that new technology moves today, but we aren’t doing that today. Digital TV required all-new everything: transmitters, receivers, frequencies, and recording gear. Good luck trying to play the latest video game on your 25-year-old PC.

It is hard to remember when stores were full of all sorts of audio and video media. We’ve noticed that all forms of media are starting to vanish. Everything audio and video are all streamed or downloaded these days. Records, 8-tracks, cassettes, and even CDs and DVDs are vanishing. However, vinyl records have made a come back in the last few years for their novelty or nostalgic value.

Audio recording on wax, foil, or vinyl was more or less the same process perfected by [Thomas Edison] (or, perhaps, people who worked for him) back in 1877 although the flat records we think of didn’t appear until around 1890.

The principle is simple. Air pressure from sound cuts a groove into the recording medium. A piezoelectric stylus (or later, a stylus with a dynamic element) traced the groove and reproduced the same sound. Amplify it, and the phonograph is in business. You might enjoy the gramophone [SynthDan1] restored in the video below.

Stereo

By the 1950s, the hackers of their day were building or buying “hi-fi” equipment, gear that sounded better than the poor-quality audio spewing out of record players and AM radios of the day. Eventually, companies would roll out stereo recordings. But the records didn’t look any different, and they would still play on a standard (mono) record player. How is that possible? No, it isn’t two separate records like the vintage player at the top of this post found in the Museum of Technology in Paris.

We could explain it, but it is more fun to let [Bob Banks] from RCA explain it in this vintage advertisement.

The Real Story

Pretty impressive special effects for the time. [Bob] did oversimplify a few things, though. First, the groove can have a vertical component and a horizontal component. But the resolution on the vertical isn’t nearly as good, so that means one channel would be disadvantaged. Instead, the two tracks in the single groove are spun 45 degrees so that each channel has some horizontal and some vertical component.

[Bob] wants you to think RCA invented this, although he never actually says that flat out. In fact, [Alan Blumlein] of EMI patented the scheme back in 1931. The first commercial stereo records, which were not from RCA either, would not appear until 1957.

Because of how the groove was rotated, the movement of the stylus horizontally was the combination of the left and right tracks — the same as the mono signal. The vertical motion carried the difference: the left channel minus the right channel, or L-R.

That’s how a mono record could play back normally on a stereo player. The horizontal motion on the track will reproduce the same sound on both channels. Conversely, a mono stylus reading a stereo track would only pick up the horizontal part of the track and play both channels together. Unfortunately, many mono players didn’t move up and down very well and could wear a stereo record, so users learned not to play stereo records on mono players, even though it would work. Of course, that assumes you have the same-sized grooves. Older records had wider grooves and wider needles.

If you want to see how a stereo cutter works, check out [EpicenterBryan’s] video below.

Compatibility

In a market where Elvis Presley was still selling 78 RPM records because his fans couldn’t afford new record players, this compatibility was very important. We imagine [Alan Blumlein] would be horrified to see how we routinely tell everyone to throw away their tapes for CDs and their CDs for digital music. TV was the same. Making a signal with color that black and white sets could still receive was quite the marvel (and a topic for a future Retrotechtacular). The idea of making everyone throw out their sets for new ones or buy government-subsidized converters would have been poorly received, indeed.

We can’t help but wonder if we are doing all we can on compatibility. Do we really have to trash operating systems and CPUs every few years? Do we really need to double the memory in our phones every time our contracts run out? Or is it a clever planned obsolescence ploy? As people who create things, how are we doing on compatibility? We’ll see how history judges.

Featured image by [ParameterBond], Public Domain


Filed under: Hackaday Columns, History

Next Weekend: The Vintage Computer Festival East

28 March, by Brian Benchoff[ —]

Next weekend is the Vintage Computer Festival East in Wall, New Jersey. We’re going, and you should be there too.

The VCF East is the largest gathering of retrocomputing aficionados on the east coast. It’s three days of talks, exhibits, a flea market, and a pow-wow of the greatest minds buried under obsolete technology. No VCF is complete without a few talks, and this year is shaping up to be great. Keynotes will include [Bjarne Stroustrup], designer / implementor / inventor of C++. Computer historian [Bill Degnan] will give a review of 40 years of ‘appliance computers’, and [Tom Perera], Ph.D. will be giving a talk on the Enigma machine.

The exhibits at VCF are always the star of the show, and this year is no different. Highlights include mechanical computers, the finest from Silicon Graphics, and a version of Unix published by Microsoft. The individual exhibits are always great; last year the world’s first digital camera made an appearance. If you’re in the area, this isn’t an event to miss. VCF is going down at InfoAge, a science center at the former Camp Evans — a military installation that is best described as, ‘DARPA before World War II’.

Hackaday is proud to once again sponsor VCF East. This has been going on for a couple of years now and our Art Director, [Joe Kim] has created some incredible art as part of the sponsorship. Click on the thumbnail of this year’s art to embiggen. The VCF West art from last year is a stunning take on the Macintosh and last year’s VCF East art reflected the retro hackathon we sponsored.


Filed under: cons, Original Art

Russian Hackers Domain Fronting

28 March, by Elliot Williams[ —]

FireEye just put out a report on catching the Russian hacker group “Advanced Persistent Threat 29” (APT29, for lack of a better code name) using the meek plugin for TOR to hide their traffic. If you’re using meek with meek-reflect.appspot.com, you’ll find it’s been shut down. If all of this is gibberish to you, read on for a breakdown.

meek is a clever piece of software. Imagine that you wanted to communicate with the Tor anonymizing network, but that you didn’t want anyone to know that you were. Maybe you live in a country where a firewall prevents you from accessing the full Web, and blocks Tor entry nodes as part of their Great Firewall. You’d want to send traffic somewhere innocuous first, and then bounce it over to Tor, in order to communicate freely.

That’s what meek does, but it goes one step further. The reflector server is hosted using the same content-delivery network (CDN) as a popular service, say Google’s search engine. The CDN has an IP address, like every other computer on the Internet, but it delivers content for any of the various services it hosts. Traffic to the CDN, encrypted with TLS, looks the same whether it’s going to the meek reflector or to Google, so nobody on the outside can tell whether it is a search query or packets destined for Tor. Inside the CDN, it’s unencrypted and passed along to the reflector.

Anyway, meek was invented to help bring the uncensored Internet to people who live in oppressive regimes, and now cybersecurity researchers have observed it being used by Russian state hackers to hide their tracks. Sigh. Technology doesn’t know which side it’s on — the same backdoor that the FBI wants to plant in all our communications can be used by the mafia just as easily. Plugins that are meant to bring people freedom of speech can just as easily be used to hide the actions of nation-state hackers.

What a strange world we live in.


Filed under: news, security hacks

Source Parts on TaoBao: An Insider’s Guide

28 March, by Mike Szczys[ —]

For hardware aficionados and Makers, trips to Shenzhen’s Huaqiangbei have become something of a pilgrimage. While Huaqiangbei is a tremendous and still active resource, increasingly both Chinese and foreign hardware developers do their sourcing for components on TaoBao. The selection is vastly greater and with delivery times rarely over 48 hours and frequently under 24 hours for local purchases it fits in nicely with the high-speed pace of Shenzhen’s hardware ecosystem.

For overseas buyers, while the cost of Taobao is comparable to, or slightly less than AliExpress and Chinese online stores, the selection is again, many, many times the size. Learning how to effectively source parts from Taobao will be both entertaining and empowering.

XKCD: Up Goer Five

Understanding How Chinese Works is Helpful

You can find nearly anything on TaoBao, if you know the Chinese name for it. This doesn’t mean you need to speak Chinese, but you should understand how it works. While the site can be navigated using Google Translate, it can’t accept English language searches. Figuring out what an object or part is called in Chinese is therefore the first and largest challenge. Once you find that string of characters you don’t need to be able to read it any more than any other snippet of code needs to be human readable in order to be manipulated. So long as you know roughly what the code represents that’s all that you need.

In Bunnie Huang’s Essential Guide to Electronics in Shenzhen (yes, it is (absolutely essential), Bunnie compares Chinese to XKCD’s Up Goer Five. This installment of the comic uses “only the ten hundred words people use the most often” to explain all the parts of a rocket. It’s a very accurate analogy, and once non-Chinese speakers grasp this they are able to more accurately define their search terms when sourcing online. A few thousand words are used to describe a huge number of components. Often in a pretty intuitive way if you break it down.

A 电脑 (Diànnǎo), directly translates as “Electric Brain” or a computer in English. While most Chinese characters have diverged so far from their origins to be unrecognizable — 电 (Diàn) or “electric” is one you’ll see a lot. This character is a representation of a cloud with a lightning bolt going to ground. Likewise, a 手机 Shǒujī or “Hand Machine” is a mobile phone, and 手 still looks a bit like fingers on a hand.

If you keep this structure in mind — that Chinese part names are rarely one dedicated word, and more of a semi-intuitive set of keywords — it will make finding those names much easier.

Finding Your Part by Name

Some parts you can simply use Google Translate, but sometimes it’s not specific enough or returns the wrong context for that word. In that case, it’s best to use technical websites that have been localized into Chinese as a resource.

For electronic parts the .com and .cn versions of the Mouser site are interchangeable. Mostly just the category names are translated but that can get you very close and is useful for working with Chinese engineers. You can send them the URL of the type of part you want, there is a picture and no confusion. They can do the same for English speakers but in reverse.

So:

http://www.mouser.com/Sensors/Capacitive-Touch-Sensors/_/N-1b8oy/

becomes

http://www.mouser.cn/Sensors/Capacitive-Touch-Sensors/_/N-1b8oy/

For mechanical parts, Misumi offers similar functionality by replacing “us” with “cn”.

https://us.misumi-ec.com/vona2/mech/M1500000000/M1501000000/M1501030000/M1501030100/

becomes

http://cn.misumi-ec.com/vona2/mech/M1500000000/M1501000000/M1501030000/M1501030100/

Refining your search

Google Translating “switch” will get you “开关” You can paste that into the TaoBao search field and get a large and somewhat random collection of mostly AC light switches. But if we make the string “开关 DPDT” things start to get more useful. When possible add the numbers for the voltage, amperage etc. required and it will get you a lot closer.

If we see something pretty close to what we want we have two options, the first is to mouse-over the product image. An orange bar will come up, it may give you the option to “找相似” or “Find Similar”. Clicking on this will bring up things that are close, but not identical to that product.

If there is no option to “Find Similar” you can copy the Chinese description into Google Translate for more useful keywords.

6只脚DPDT蓝色MINI小型SMTS-202双刀双通钮子开关 YW2-102

and Google Translate tells us the string “双刀双通钮子开关” is “Double pole double button switch”. A search using that string gets us a large number of similar switches to choose from.

Finding Your Part by Image

Taobao has a very clever search-by-image function. If you have an image of the part you want you can use that to search. It’s the little camera icon on the right hand side of the search bar.

This has a number of uses: finding the upstream distributors of products, finding unauthorized copies of products, and seeing if new Crowdfunding campaigns are based on pre-existing Chinese products.

Making Your Order

Unlike Amazon, the “Buy” button on Taobao is more an invitation to chat about buying with the store owner. There’s usually a certain amount of required conversation. Some non-Chinese speakers copy and paste a “sorry I don’t speak Chinese” boilerplate but many stores won’t fulfill an order based on this because they are concerned that miscommunication will lead to a bad review which will cost them more than the profit on the item.

This process of chatting for more than half of all orders and lack of a straightforward shopping-cart-and-buy-it process means it can be difficult for those who can’t read Chinese to make TaoBao purchases. They also don’t accept PayPal and while supposedly there is a process to accept Western credit cards I don’t know anyone who’s set it up successfully.

Fortunately, there are services that will simply take care of this on you behalf. You send them links to the products you want and for a modest fee they take care of the rest. These brokers buy the items, charge it to your PayPal or credit card, accept the packages on your behalf, consolidate them and then forward them to you. Usually, the cost of the item plus this service fee is still less than purchasing the same items through AliExpress and gives you access to a far larger selection.

Some TaoBao brokers (in no order):

When in Shenzhen, Ringy provides translation services for free over WeChat and can have the packages sent to your hotel.

  • WeChat: ringyringy

Things to Avoid

“Will it be ready by Monday”

Never ask if it will be ready by a specific date, the answer will almost always be “yes”. There’s nothing much you can do if it’s not, so they have no reason to lose the sale. So when dealing with your TaoBao broker don’t ask “Can they have it ready by Monday?”, instead ask “What day do they say it will be ready?” and you get a much more accurate answer.

In general, this pattern should be followed when sourcing in China. Ask “What colors does it come in?” before the much more problematic “can they make it in pink?”. It’s far easier to be successful when working within the supplier’s established timeline and product range then starting out with something new.

“What do you want it for?”

Never answer this question from a store owner. This means they want to know if they can substitute something else based on what imagine will suffice for your requirements. Why would a 3D printer heated bed need an expensive sheet of PEI? Acrylic should be fine. You’ll get a very nice sheet of PEI colored acrylic for a bit less than the cost of PEI but a lot more than what acrylic costs. Stick with the item as listed on the BOM, if they don’t know what it’s for there is more risk of a substitution failing immediately and a poor review.

Avoid buying anything that has not been reviewed by other buyers.

Are their fake reviews? Sure, tons of them (although it’s getting better). But they cost money for the store owners to purchase and usually there are authentic ones as well — that’s cost sunk into that listing. If a listing has no feedback, a store owner loses nothing by simply taking it down in the event that you (or the agent on your behalf) gives it a bad review.

Don’t Bargain Hunt

The “get it cheaper” part is already done with when you made your choice to use TaoBao instead of a distributor back in the West. Further attempts to save money will result in problems. Everyone on Taobao sources from the same factories, if an identical or very similar product is much cheaper there’s a reason for it. Look at the top five most popular listings for a part, the average price of those or higher is what you can expect to pay.

While there are certainly challenges to sourcing on TaoBao, for any hardware enthusiast the vast, and frequently customizable selection available make it a very useful resource and skill set to have should the need arise.


Naomi Wu is a hardware enthusiast and Shenzhen native. The above guide was compiled with the generous assistance of the Shenzhen hardware community.


Filed under: Business, Featured, how-to

Arch Your Eyebrow at Impression Products V. Lexmark International

28 March, by Jenny List[ —]

When it comes to recycled printer consumables, the world seems to divide sharply into those who think they’re great, and those who have had their printer or their work ruined by a badly filled cartridge containing cheaper photocopy toner, or God knows what black stuff masquerading as inkjet ink. It doesn’t matter though whether you’re a fan or a hater, a used printer cartridge is just a plastic shell with its printer-specific ancilliaries that you can do with what you want. It has performed its task the manufacturer sold it to you for and passed its point of usefulness, if you want to fill it up with aftermarket ink, well, it’s yours, so go ahead.

There is a case approaching the US Supreme Court though which promises to change all that, as well as to have ramifications well beyond the narrow world of printer cartridges. Impression Products, Inc. v. Lexmark International, Inc. pits the printer manufacturer against a small cartridge recycling company that refused to follow the rest of its industry and reach a settlement.

At issue is a clause in the shrink-wrap legal agreement small print that comes with a new Lexmark cartridge that ties a discounted price to an agreement to never offer the cartridge for resale or reuse. They have been using it for decades, and the licence is deemed to have been agreed to simply by opening the cartridge packaging. By pursuing the matter, Lexmark are trying to set a legal precedent allowing such licencing terms to accompany a physical products even when they pass out of the hands of the original purchaser who accepted the licence.

There is a whole slew of concerns to be addressed about shrink-wrap licence agreements, after all, how many Lexmark owners even realise that they’re agreeing to some legal small print when they open the box? But the concern for us lies in the consequences this case could have for the rest of the hardware world. If a precedent is set such that a piece of printer consumable hardware can have conditions still attached to it when it has passed through more than one owner, then the same could be applied to any piece of hardware. The prospect of everything you own routinely having restrictions on the right to repair or modify it raises its ugly head, further redefining “ownership” as  “They really own it”. Most of the projects we feature here at Hackaday for example would probably be prohibited were their creators to be subject to these restrictions.

We’ve covered a similar story recently, the latest twist in a long running saga over John Deere tractors. In that case though there is a written contract that the farmer buying the machine has to sign. What makes the Lexmark case so much more serious is that the contract is being applied without the purchaser being aware of its existence.

We can’t hold out much hope that the Supreme Court understand the ramifications of the case for our community, but there are other arguments within industry that might sway them against it. Let’s hope Impression Products v. Lexmark doesn’t become a case steeped in infamy.

Thanks to [Greg Kennedy] for the tip.

Lexmark sign by CCC2012 [CC0].


Filed under: Current Events, hardware, news









mirPod.com is the best way to tune in to the Web.

Search, discover, enjoy, news, english podcast, radios, webtv, videos. You can find content from the World & USA & UK. Make your own content and share it with your friends.


HOME add podcastADD PODCAST FORUM By Jordi Mir & mirPod since April 2005....
ABOUT US SUPPORT MIRPOD TERMS OF USE BLOG OnlyFamousPeople MIRTWITTER