Friday, May 31

Microsoft says it’s confident an exploit exists for wormable BlueKeep flaw

Uber lost another $1 billion last quarter

Amazon cell service? Company reportedly interested in buying Boost Mobile

Dealmaster: One of Dell’s best affordable Chromebooks is on sale for $249

MAME for the masses? “Legends” arcade cabinet could thread that needle

For gamers of a certain age, a real, playable arcade cabinet is one of the ultimate nostalgic conversation pieces/status symbols that you can have in your home. AtGames' newly announced Legends Ultimate cabinet—which promises hundreds of built-in games and more available via download—sounds like it could be the ideal blend of authenticity, expandability, affordability, and convenience for that specific breed of nostalgic arcade fan.

The Legends Ultimate is far from the first "multicade" cabinet to hit the market or aim for home users. But this "all-in-one" cabinet, with pre-orders planned to start in July, differentiates itself in part with a console-level suggested retail price: $599 for a the full-sized 66" cabinet, or $399 for a "compact" 44" tall version. That's a huge step down from existing options that easily cost thousands of dollars for a full-sized upright cabinet.

At its three-digit MSRP, the Legends cabinet is more comparable to the Arcade1UP line, which launched last year as a variety of 3/4 scale arcade reproductions in the $300 to $400 range. But each of those miniature cabinets only contains three to 12 built-in titles, limited control options, and no official options for expanding the lineup (aside from buying an entirely new cabinet).

Read 7 remaining paragraphs | Comments

This Week in Security: Baltimore, MacOS Zipfile Security, and App Store Monopolies

Baltimore. The city was breached, crippled and held for ransom. The ransomware attack was discovered on May 7th, shutting down a major portion of the city’s infrastructure. The latest news is that an NSA-written tool, EternalBlue, is responsible for the attack. Except maybe it isn’t? First off, digging back through the history of an attack is challenging. It’s often hard to determine the initial attack vector with certainty.

The “initial attack vector” is the patient zero of the attack — how the first machine was compromised. An organization generally has a firewall separating the outside internet from the internal network. Once an attacker has sound a way to access a machine inside the network, the separation is not nearly so strict. This takes many forms, but the most common is phishing. Close contenders are RDP and SMB (Remote Desktop and Windows File Sharing). A report at Ars Technica indicates that the initial vector into the Baltimore network was a phishing email.

The second step to consider is what’s called “lateral movement”, which describes an attacker using the compromised machine to target other machines in the organization. Often an attacker will have an entire toolkit of exploits to attempt to compromise other machines. One of the exploits used in this case was the same exploit contained in the NSA tool, EternalBlue. A clever program called psexec is usually part of any lateral movement campaign. While the exploit associated with EternalBlue was probably used to compromise a few of the machines on the Baltimore network, placing all the blame on the shoulders of the NSA is missing the point. The tool is only a small part of this attack.

MacOS and NFS Shares Inside Zipfiles

MacOS has a sometimes irritating feature, Gatekeeper, that only allows running signed binaries by default. The point of Gatekeeper is to prevent a user from running a malicious binary that has been downloaded from the internet. While it is sometimes an annoyance, it is helpful for some users. [Filippo Cavallarin] announced an exploit that completely bypasses Gatekeeper on the 24th. This exploit takes advantage of the fact that Gatekeeper considers network shares to be trustworthy, and doesn’t run the normal check before executing a binary located there. While interesting, this isn’t useful unless there is a way for an attacker to mount a malicious location as a network share. Enter the Mac’s ability to automatically mount network locations through the use of the /net path. The last piece of this puzzle is the fact that zip files can contain symbolic links. A zip file can be built with a link to the /net location, automounting an arbitrary NFS location. If binary files are located in this location, the OS will happily allow the user to execute those binaries whether signed or not.

This exploit may not be the most serious of the year, but it’s still a problem that needs fixing. [Filippo] contacted Apple back in February and disclosed the problem, even getting an assurance that they would fix it within 90 days. 90 days have passed, and Apple has begun ignoring his emails, so he has made the announcement and published steps to reproduce on his website.

There has been discussion in the comments of this column about vulnerability disclosure and publishing proof of concept code. This is a perfect example of why researchers publish their work. As far as [Filippo] knows, Apple has no intention of fixing the issue he discovered. He also has no reason to believe that no one else has stumbled on this discovery before he did. We mentioned EternalBlue above. The NSA discovered the SMB vulnerability that exploit targeted and used it silently for up to five years before it was stolen and finally disclosed to Microsoft and fixed. Make no mistake, public disclosures and proof of concepts get vulnerabilities fixed. For any given vulnerability, there is no guarantee that someone else hasn’t already found it.

Just a Little Document Leak

OK, maybe not so little. A Fortune 500 company, First American, managed to host millions of private documents in an accessible format. Imagine you upload a document to a company, and get a confirmation link that looks like “test.com/documents.php?id=0252234”. If you’re like me, you’re very curious what is at id=0252233. [Ben Shoval] is a real estate developer who apparently also wanted to know the answer to that question. To his surprise, millions of uploaded documents were available for anyone to view. He tried reaching out to First American, and when there was no response to his emails, he forwarded his findings on to Krebs on Security. After what was likely years of exposure, the database was finally taken offline Friday the 24th.

Walled Garden Monopolies

Staying on the Apple train, the App Store is pretty obviously a monopoly. Someone has finally asked whether it’s an illegal monopoly. As most of these questions go, it’ll take a drawn out court battle to decide. How is this security news? If the court finds that Apple has been violating antitrust laws, one possible remediation is to allow alternative app stores. While there is always the potential for a high quality alternative store like F-droid, sketchy app stores and downloaded are a real possibility. On the other hand, it would be nice to have an iOS app store that is compatible with the GPL.

The oceans absorbed extra CO₂ in the 2000s

Hackaday Podcast Ep21: Chasing Rockets, Tripping on Vintage Synthesizers, a Spectacular IoT Security Fail, and Early Alzheimer’s Detection via VR

Mike Szczys is on a well-deserved vacation this week, so staff writer Dan Maloney joins managing editor Elliot Williams for a look at all the great hacks of the week. On this episode we’re talking about licensing fees for MIDI 2.0, a two-way fail while snooping on employees, and the potential for diagnosing Alzheimer’s with virtual reality. We also dive into the well-engineered innards of a robotic cheetah, a personal assistant safe enough for kids to use, and how listening to your monitor reveals more about you than you’d think. You don’t want to miss a space nerd’s quest for fire or a hacker’s guide to solder and soldering. And you’ve got to catch the story of a hapless hacker’s contact high from a vintage synthesizer. It’s quite a trip.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (56 MB of sweet, sweet audio)

Places to follow Hackaday podcasts:

Episode 021 Show Notes:

New This Week:

Interesting Hacks of the Week:

Quick Hacks:

Can’t-Miss Articles:

The Moto Z4 is still hooked on MotoMods, but at least it has a headphone jack

Motorola announced its latest flagship smartphone, or at least, the highest-end phone the company bothers to make anymore. The Moto Z4 is a mid-range Snapdragon 675-powered device that will launch June 13 on Verizon for $499.99.

The phone still supports MotoMods. Motorola has been chained to its modular ecosystem for four generations now, which has limited what it can do in terms of phone design. MotoMod compatibility means the phones all have to share, more or less, the same body, so the Z2, Z3, and Z4 are all stuck coloring within the lines set up by the original Moto Z, which were laid out in 2016.

The frozen-in-time design has created an issue in regards to the fingerprint sensor, since the original Moto Z had a front mounted fingerprint reader. As time went by, slimming front bezels and the demand for bigger screens meant fingerprint readers needed to be relocated, but Motorola couldn't put it on the back fo the phone like everyone else, because it would be blocked by the clip-on MotoMods. With the Z3, it finally came up with a creative solution in the form of a side-mounted fingerprint reader. For the Z4, Motorola's strange design problems are solved: it has an optical in-screen fingerprint reader, which is quickly becoming a standard phone feature.

Read 4 remaining paragraphs | Comments

Ohio House passes bill that would allow consumer-funded nuclear and coal subsidies

Flex PCB Saves Lens From The Junk Pile

There’s a piece of tech that many of us own, but very few of us have dissected. This is strange, given our community’s propensity for wielding the screwdriver, but how many of you have taken apart a camera lens. Even though many of us have a decent camera, almost none of us will have taken tits lens to pieces because let’s face it, camera lenses are expensive!

[Anthony Kouttron] has taken that particular plunge though, because in cleaning his Olympus lens he tore its internal ribbon cable  from the camera connector to the PCB. Modern lenses are not merely optics in a metal tube, their autofocus systems are masterpieces of miniaturised electronics that penetrate the entire assembly.

In normal circumstances this would turn the lens from a valued photographic accessory into so much junk, but his solution was to take the bold path of re-creating the torn cable in KiCad and have it made as a flexible PCB, and to carefully solder  it back on to both connector and autofocus PCB. We applaud both the quality of his work, and thank him for the unusual glimpse into a modern lens system.

Lens repairs may be thin on the ground here, but we’ve had another in 2015 with this Nikon aperture fix.

This 2,400-year-old bark shield took a beating in an Iron Age fight

See Starlink’s “Space Train” Before it Leaves the Station

How To Splice Animated EL Wire For Your Cosplay

EL wire is amazing, and the “chasing” el wire is even cooler. However, if you want it in several places on the costume, you end up having to figure out how to hide multiple inverters (or buy a more expensive uniit that has multiple taps). The Egg Sisters come to […]

Read more on MAKE

The post How To Splice Animated EL Wire For Your Cosplay appeared first on Make: DIY Projects and Ideas for Makers.

Cadillac repolishes its halo with new CT4-V and CT5-V sedans


DETROIT, Mich.—On Thursday night, Cadillac took the wraps off a pair of new sporty sedans, revamping its V-Series performance lineup. One of the sedans, the CT5-V, is a souped-up variant of the new midsized four-door that launched at this year's New York auto show. The second is the CT4-V, a sporty version of the yet-to-be-seen entry-level CT4. But if you were expecting fire-spitting monsters barely suited for the street, you'll need to reset your expectations; these two new machines are more jalapeño than habanero.

Cadillac's V-Series was born in 2004 when the car maker shoehorned the Corvette's 5.7L V8 engine into its CTS sedan, giving us the CTS-V. Since then, track-focused performance versions of the CTS and ATS sedans (and the CTS-V wagon) have offered an American alternative to cars like the BMW M3 and Alfa Romeo Giulia Quadrifoglio. But rather than turning everything up to 11 on these new models, the dial's been set to somewhere between 8 and 9. "It's a new take on the V-series. The current cars are only accessible to a fraction of the market. Not all customers want track time," said Ken Morris, GM's Vice President of Global Products.

CT5-V

When the regular version of the CT5 debuted in New York, in addition to an all-new electronic architecture it also featured a 2.0L four-cylinder engine. That's been swapped out for a 3.0L twin-turbo V6 for the CT5-V, which provides the car with 335hp (250kW). It will be available with all- or rear-wheel drive, but only with a 10-speed automatic transmission. Its handling has also gotten an upgrade with the introduction of Magnetic Ride 4.0, the latest version of GM's computer-controlled magnetorheological dampers that it says now provide a faster, better damping response no matter where you happen to be in the car's performance envelope.

Read 4 remaining paragraphs | Comments

Rocket Report: Starliner capsule moving ahead, Starship to hop higher soon

A Doppler Radar Module From First Principles

If you’ve ever cast your eyes towards experimenting with microwave frequencies it’s likely that one of your first ports of call was a cheaply-available Doppler radar module. These devices usually operate in the 10 GHz band, and the older ones used a pair of die-cast waveguide cavities while the newer ones use a dielectric resonator and oscillator on a PCB. If you have made your own then you are part of a very select group indeed, as is [Reed Foster] and his two friends who made a Doppler radar module their final project for MIT’s 6.013 Applications of Electromagnetics course.

Their module runs at 2.4 GHz and makes extensive use of the notoriously dark art of PCB striplines, and their write-up offers a fascinating glimpse into the world of this type of design. We see their coupler and mixer prototypes before they combined all parts of the system into a single PCB, and we follow their minor disasters as their original aim of a frequency modulated CW radar is downgraded to a Doppler design. If you’ve never worked with this type of circuitry before than it makes for an interesting read.

We’ve shown you a variety of commercial Doppler modules over the years, of which this teardown is a representative example.

Godzilla: King of the Monsters film review: *Fart noises*

What to expect from Apple’s WWDC 2019 keynote next week

Making Autonomous Racing Drones Lean And Mean

Recently the MAVLab (Micro Air Vehicle Laboratory) at the Technical University of Delft in the Netherlands proudly proclaimed having made an autonomic drone that’s a mere 72 grams in weight. The best part? It’s designed to take part in drone races. What this means is that using a single camera and onboard processing, this little drone with a diameter of 10 centimeters has to navigate the course, while avoiding obstacles.

To achieve this goal, they took an Eachine trashcan drone, replacing its camera with an open source JeVois smart machine vision camera and the autopilot software with the Paparazzi open UAV software. Naturally, scaling a racing drone down to this size came at an obvious cost: with its low-quality sensors, relatively low-quality camera and limited processing power compared to its big brothers it has to rely strongly on algorithms that compensate for drift and other glitches while racing.

Currently the drone is mainly being tested at a four-gate race track at TU Delft’s Cyberzoo, where it can fly multiple laps at a leisurely two meters per second, using its gate-detecting algorithms to zip from gate to gate. By using machine vision to do the gate detection, the drone can deal with gates being displaced from their position indicated on the course map.

While competitive with other, much larger autonomous racing drones, the system is still far removed from the performance of human-controlled racing drones. To close this gap, MAVLab’s [Christophe De Wagter] mentions that they’re looking at improving the algorithms to make them better at predictive control and state estimation, as well as the machine vision side. Ideally these little drones should be able to be far more nimble and quick than they are today.

See a video of the drone in action after the link.

glScopeClient: A Permissively-Licensed Remote Oscilloscope Utility

One of the most convenient things about modern digital oscilloscopes is that you can access the recorded data on a computer for later analysis, advanced protocol debugging, or simply the convenience of remote capture. The problem is that the software isn’t always ideal. Vendor-supplied utilities are typically closed-source and they try to nickel-and-dime you for every a-la-carte protocol and/or feature. The open-source options come with their own issues, from performance-limiting designs, to incomplete features, to license constraints. Faced with these issues, [Andrew Zonenberg] decided to take matters into his own hands and create glscopeclient, a permissively-licensed open-source remote oscilloscope utility.

The eventual goal is to allow you to do remotely anything you would normally do using the scope’s front panel, plus capture and analyze data on the computer side. The code uses a modular architecture that allows for various backends to talk to different scopes. At the moment, the only backend fully implemented is for LeCroy scopes, although this is enough to demonstrate the power of the idea. The obvious “gl” in the name gives away the secret — the code uses OpenGL for rendering, which allows for some very fancy graphics at high frame rates.

Behind the slick look, however, are some serious debugging tools. Protocol analyzers include USB, UART, JTAG, eye pattern analysis, plus FFT-based spectra with waterfall displays. The code is in GitHub, and most of the announcements and discussion seem to happen on [Andrew]’s twitter account, which you can follow @azonenberg. It’s a work-in-progress, but a serious one, and something we’re going to keep our eyes on.

You can check out a video of the program after the break.

Now, if you want to literally talk to your oscilloscope, we covered that, too.

The Motor Synth Is What You Get When You Forget Hammond Organs Exist

There’s nothing new, ever. It’s all been done. But that doesn’t mean you can’t invent something interesting. A case in point is the Motor Synth, a crowdfunding project from Gamechanger Audio. It’s what you get when you combine advanced quadcopter technology with the market for modular and semi-modular synthesizers.

The core feature of the Motor Synth is an octet of brushless motors tucked behind a plexiglass window. These (either through an electromagnetic pickup or something slightly more clever) produce a tone, giving the Motor Synth four-note polyphony with two voices per key. On top of these motors are reflective optical discs sensed with infrared detectors. These are mixed as harmonics to the fundamental frequency. The result? Well, they got an endorsement from [Jean-Michel Jarre] at Superbooth earlier this month (see video below). That’s pretty impressive.

While using rotating wheels and motors might seem like a novel way to generate sounds, this is actually the way the first ‘synthesizer’ generated sound. A tonewheel organ is effectively a metal wheel with bumps on the rim (think something like a gear) rotating next to a magnetic pickup. As the wheel rotates, these bumps induce a current in the pickup, which is sent to an amplifier and out to a speaker, producing a single tone. This was invented around the beginning of the last century, and saw remarkable use in the Hammond organ. There are absolutely limitations of a tonewheel; each wheel only produces one frequency and cannot be varied outside of tuning the entire apparatus to a standard pitch. The Motor Synth is getting around this limitation by using standard brushless motors and tacking on a reflective disc to each motor for infrared sensors so harmonics of each ‘wheel’ are produced. These harmonics can be combined and mixed with the fundamental ‘motor’ tone.

While this is absolutely the next generation of ‘rotating discs producing audio frequencies’ technology, the striking thing about the Motor Synth is the novelty. Why hasn’t anyone put a guitar pickup next to a brushless motor until now? Anyone could have slapped a quadcopter motor and a coil of wire into a Eurorack module and reaped the praises of The Verge or Motherboard. Just because there’s nothing new to be invented doesn’t mean you can’t create something interesting, we guess.

Some US officials looking to ways to counter China’s rare-earths dominance

Sonic Screwdriver Shuts Off Mains

In the world of Doctor Who, the sonic screwdriver is a versatile tool with a wide range of capabilities. [Hartley] wanted some of that action for himself, and built a device of his own.

Unable to recreate the broad swathe of features from the show, he settled on something easier. The device is fitted with an ATTiny85, and a 433MHz transmitter. It’s programmed to switch wirelessly controlled mains sockets on and off. This lets him control appliances in his house with a flick of a screwdriver. Power is supplied by the classic AA battery, with a boost converter stepping it up to 5V to run the electronics.

It’s all wrapped up in a 3D printed case, that was carefully designed to fit all the parts inside. A paper mockup of the PCB layout was also used in the design phase. [Hartley] took full advantage of CAD software, to ensure everything fit correctly first time.

It’s a fun project, as sonic screwdrivers often are. Video after the break.

Thursday, May 30

Hawaii warns tourists of parasitic worm that can burrow into human brains

Here’s how I accidentally inspired an electric car record attempt

It's not often you get to inspire an electric car speed record attempt, but it seems I've inadvertently done just that.

It began on Twitter, when I saw that there was an electric charging station in the parking lot at John O' Groats in Scotland, (almost) the most northern point of the Scottish mainland. The village is about as far from the most south-westerly point in the UK, Lands End in England, as it's possible to get without leaving the mainland: 874 miles (1.407km) to be precise. So, I idly wondered what the fastest journey time was for an electric vehicle. The idea then caught the eye of a TV presenter named Gareth Jones, host of the eponymous podcast Gareth Jones on Speed.

"Absolutely, it's all your fault," he told me when we spoke last week. "When you tweeted—I think it was March 7—a picture of the recharging point in John O' Groats, which has an Ecotricity charger, you said, 'I wonder what the record is from Lands End to John O' Groats?' I thought, that sounds like a plan. So I fairly casually, without much forethought, retweeted it, mentioning anyone who sells EVs in the UK asking if any of them wanted to give us a car."

Read 13 remaining paragraphs | Comments

Advanced Linux backdoor found in the wild escaped AV detection

How Qualcomm shook down the cell phone industry for almost 20 years

Keeping Birds At Bay With An Automated Spinning Owl

There’s nothing wrong with building something just to build it, but there’s something especially satisfying about being able to solve a real-world problem with a piece of gear you’ve designed and fabricated. When all the traditional methods to keep birds from roosting on his mother’s property failed, [MNMakerMan] decided to come up with a more persuasive option: a solar powered spinning owl complete with expandable batons.

We imagine the owl isn’t strictly necessary when you’re whacking the birds with a metal bar to begin with, but it does add a nice touch. Perhaps it will even serve to deter some of the less adventurous birds before they get within clobbering distance, which is probably in their best interest. [MNMakerMan] says the rotation speed of the bars seems low enough that he doesn’t think it will do the birds any physical harm, but it’s still got to be fairly unpleasant.

At first glance you might think that this contraption simply spins when the small 10 watt photovoltaic panel next to it catches the sun, but there’s actually a bit more to it than that. Sure he probably could just have it spin constantly whenever the sun is up, but instead [MNMakerMan] is using a ATtiny85 to control the 11 RPM geared DC motor with a IRF540 MOSFET. By adding a DS3231 RTC module into the mix, he’s able to not only accurately control when the spinner begins and ends its bird-busting shift, but implement timed patterns rather than running it the whole time. All of which can of course be fine-tuned by adjusting a couple variables and reflashing the chip.

We’ve seen plenty of automated systems for keeping cats away, and of course squirrels are a common target for such builds as well, but devices to deter birds are considerably less common among these pages. So it would seem that, at least for now, [MNMakerMan] has the market cornered on solar bird smashing gadgets. We’re sure Mom’s very proud.

Google’s AI group moves on from Go, tackles Quake III Arena

Linear CCDs Make For Better Cameras

Digital cameras have been around for forty years or so, and the first ones were built around CCDs. These were two-dimensional CCDs, and if you’ve ever looked inside a copier, scanner, or one of those weird handheld scanners from the 90s, you’ll find something entirely unlike what you’d see in a digital camera. Linear CCDs are exactly what they sound like — a single line of pixels. It’s great if you’re into spectroscopy, but these linear CCDs also have the advantage of having some crazy resolutions. A four-inch wide linear CCD will have thousands of pixels, and if you could somehow drag a linear CCD across an image, you would have a fantastic camera.

Many have tried, few have succeeded, and [heye.everts]’ linear CCD camera is the best attempt at making a linear CCD camera yet. It took a fuzzy picture of a tree, which is good enough for a proof of concept.

The linear CCD used in this project works something like an analog shift register. With a differential clock, you simply push values out of the CCD and feed them into an ADC. The driver board for this CCD uses a lot of current and the timings are a bit tricky but it does work with a Teensy 3.6. But that’s only one line of an image, you need to move that CCD too. For that, this project uses something resembling a homebrew CD drive. There’s a tiny stepper motor and a leadscrew dragging the CCD across the image plane. All of this is attached to the back of a Mamiya RZ67 camera body.

Does it work? Yes. Surprisingly yes. After a lot of work, an image of a tree was captured. This is an RGB CCD, and at the moment it’s only using one color channel, but it does work. It’s a proof of concept rendered in a 2000 x 3000 grayscale bitmap. The eventual goal is to build a 37.5 Megapixel medium format camera around this CCD, and the progress is looking great.

Report: Samsung will strip the Galaxy Note of its headphone jack and buttons

Call of Duty: Modern Warfare reveal: Old name, new campaign, new brutality

WOODLAND HILLS, Calif.—The rumors are all true. The next AAA military shooter from Activision and Infinity Ward, coming to PCs and consoles on October 25, will be titled Call of Duty: Modern Warfare. Don't let the name fool you: some of its content is decidedly unfamiliar.

Despite reusing the old series name without a number attached, this game is neither a remake nor a remaster. CoD:MW hits reset on the series' timeline. Infinity Ward has rewound a few of its familiar characters and concepts, then placed them in an entirely new, "current-day" storyline. The development team is doing this in part to usher in a first for the series: an entire half of the campaign played from the perspective of an Arab soldier.

This woman character, hailing from an unnamed Middle Eastern country, was introduced to a select group of journalists earlier this month at Infinity Ward's Los Angeles-area headquarters, and her military allegiance was left unclear. At this "pre-E3" event, we watched "real-time gameplay" from two missions, and both emphasized a level of realistic rendering and brutality comparable to the visceral Last of Us series.

Read 28 remaining paragraphs | Comments

Hackaday Superconference: Pushing The Boundaries Of PCB Artwork With Brian Benchoff

Tiny Forklift Makes Unusable Space Usable

Houses with crawlspaces are fairly common in some geographic regions. The crawlspace can make it easier to access things like plumbing and electrical wiring, and can even be used as storage in homes that don’t (or can’t) have a basement. Along with improved building ventilation, these some of the perks compared to homes built on a solid slab of concrete. These crawlspaces aren’t exactly easy to get around in, though, but [Dave] has an easier way to get stuff in and out of these useful, but small, spaces.

Enter the crawl space forklift. Made with largely off-the-shelf components, the robot includes a few standard motors and linear actuators to move around and operate the front fork. That’s all pretty standard, but this build really shines with its use of FPV camera, monitor, and transmitter that allow the pilot to navigate the robot in the small space using remote control. For those safety-conscious among us, there is also a fire extinguisher ball on board which self-activates in case the robot catches on fire under his house.

This is a great, high-quality build that shows how common parts can make something revolutionary with the right idea. Identifying a problem and then building a solution, while not forgetting to spring for some safety equipment, can really make a difference even with something as simple as unoccupied space in a home. They can tackle tasks around the home, too.

War Stories: How This War of Mine manipulates your emotions

This video contains some minor spoilers for a non-critical location in the game.

Video shot by Dawid Kurowski, edited by John Cappello. Click here for transcript.

Chances are good that you already have This War of Mine in your Steam library. The side-view, survival-horror adventure game is a perennial favorite on various Steam sales, and at least 4.5 million people have picked up a copy since its release in 2014. But as with many Steam sale titles, it's perhaps a bit less likely that you've played the game—and if you haven't, that's a shame, because it's damn good.

But it's also a hard game to experience—and I'm not talking about the difficulty level. This War of Mine's developers are Polish, and they come from a country and a culture that still bears the scars of post-war Nazi occupation. Lead programmer Aleksander Kauch explained that one of the primary things developer 11 Bit Studios wanted to do with TWoM was to bring the stories of his grandparents to life—to put players into a place where joy and normalcy have been replaced by starvation and bleakness, where there are no good choices, and where the biggest and best thing you have to hope for is that you might scavenge enough supplies to live a few more days.

Read 8 remaining paragraphs | Comments

Physicists spot “Hawking radiation” in analogue black hole experiment

The Fascinating World Of Solder Alloys And Metallurgy

Recreate your own Apollo 11 Moon landing with a new LEGO set

We are now just a matter of weeks away from the 50th anniversary of Apollo 11 landing on the Moon, and the people at LEGO know a good marketing opportunity when they see one.

On June 1, the company will release a new set of 1,087 pieces that recreates the Apollo 11 Lunar Lander that touched down in the Sea of Tranquility on July 20, 1969. The set includes two astronaut minifigures—presumably Neil Armstrong and Buzz Aldrin, although their helmet faceplates are golden.

Ars has not been able to review this set yet, but it is hard to resist building a Lunar Descent Module and an Ascent Module to recreate the Moon magic of 50 years ago. (Especially since most of us missed one of the 20th century's greatest achievements in real time.) However, this bit of nostalgia does not come particularly cheap, as LEGO has set a US price of $99.

Read 2 remaining paragraphs | Comments

Xbox Game Pass is coming to Windows 10, but many questions remain

GameBender Lets Kids Hack Games To Learn Code

The creative geniuses behind the Drawdio and Makey Makey have announced a new kickstarter. This is GameBender, a game console that lets kids experiment and hack code in new and creative ways. Kids can start simply, by playing a game or enjoying an augmented reality experience, and with the press […]

Read more on MAKE

The post GameBender Lets Kids Hack Games To Learn Code appeared first on Make: DIY Projects and Ideas for Makers.

Fail of the Week: How Not to do IoT Security

There are a lot of bad days at work. Often it’s the last day, especially when it’s unexpected. For the particularly unlucky, the first day on a new job could be a bad day. But the day you find an unknown wireless device attached to the underside of your desk has to rank up there as a bad day, or at least one that raises a lot of serious questions.

As alarming as finding such a device would be, and for as poor as the chain of decisions leading these devices being attached to the workstations of the employees at a mercifully unnamed company, that’s not the story that [Erich Styger] seeks to tell. Rather, this is a lesson in teardown skills – for few among us would not channel the anger of finding something like this is into a constructively destructive teardown – and an investigation into the complete lack of security consideration most IoT devices seem to be fielded with these days.

Most of us would recognize the device as some kind of connected occupancy sensor; the PIR lens being the dead giveaway there. Its location under a single person’s desk makes it pretty clear who’s being monitored.

The teardown revealed that the guts of the sensor included a LoRa module, microcontroller, a humidity/temperature sensor, and oddly for a device apparently designed to stick in one place with magnets, an accelerometer. Gaining access to the inner workings was easy through the UART on the microcontroller, and through the debug connectors and JTAG header on the PCB. Everything was laid out for all to see – no firmware protection, API keys in plain text, and trivially easy to reflash. The potential for low-effort malfeasance by a compromised device designed to live under a desk boggles the mind.

The whole article is worth a read, if only as a lesson in how not to do security on IoT devices. We know that IoT security is hard, but that doesn’t make it optional if you’re deploying out in the big wide world. And there’s probably a lot to learn about properly handling an enterprise rollout too. Spoiler alert: not like this.

SerialPlot Does Exactly What You Think It Does

The serial port remains a hacker staple, being one of the easiest ways to move a little bit of data from one machine to another. All manner of projects use the interface, and often, sensors are connected and their data read over such connections. In these cases, it can be useful to plot said data, and SerialPlot is a tool that can do just that.

SerialPlot is capable of reading data over several serial ports at once, and plotting it for your viewing pleasure. It’s capable of interpreting data in a variety of integer and float formats, and plotting multiple channels in a synchronised manner. It’s also capable of sending basic commands out over the serial port, which can be used to trigger or control attached equipment.

Overall, it’s a useful utility for anyone with an array of sensor’s connected over the most classic of interfaces. Of course, if you’re having trouble keeping track of all your serial ports, there’s a utility to help with that, too.

Visualizing How Signals Travel In A PCB

If you play with high speed design for long enough, eventually you’re going to run into clock skew and other weird effects. [Robert Feranec] recently ran into this problem and found an interesting solution to visualizing electric fields in a PCB.

A word of warning before we dig into this, for most of the projects we see on Hackaday something like this is completely superfluous. There aren’t many people dealing with high speed interfaces here, and there aren’t many people dealing with 100 Gigabit per second data links, period. That said, it’s not unheard of, and at the very least it’s interesting to look at.

The basics of this video is simulating the signals visually in a differential pair on a (virtual) printed circuit board. The software for this is Simbeor, and [Robert] talked to the founder of the company behind this software after watching a video on simulating electric fields in differential traces. This software does what it says, and is a great illustration of why differential pairs must have the same length.

While this might not be for everyone, it is a fantastic visualization of signals in high-speed design that goes above and beyond what you would expect from a Spice simulation. Even if you’re not doing high-speed design, you may someday and it’s never too soon to get an intuitive understanding of how electrons work.

Drag And Drop Files On Select Arduino Boards

Historically, getting files on to a microcontroller device was a fraught process. You might have found yourself placing image data manually into arrays in code, or perhaps repeatedly swapping SD cards in and out. For select Arduino boards, that’s no longer a problem – thanks to the new TinyUSB library from Adafruit (Youtube link, embedded below).

The library is available on Github, and is compatible with SAMD21 and SAMD51 boards, as well as Nordic’s NRF52840. It allows the Arduino board to appear as a USB drive, and files can simply be dragged and dropped into place. The library can set up to use SPI flash, SD cards, or even internal chip memory as the storage medium.

Potential applications include images, audio files, fonts, or even configuration files. Future plans include porting the TinyUSB library to the ESP32-S2 as well. Being able to drag a settings file straight on to a board could make getting WiFi boards online much less of a hassle.

We’ve seen other nifty USB libraries before, VUSB is a great option if you need USB on your AVR microcontroller. Video after the break.

Hackers actively exploit WordPress plugin flaw to send visitors to bad sites

Tiny Two-Digit Thermometer Has Long Battery Life

Like most of his work, this tiny two-digit thermometer shows that [David Johnson-Davies] has a knack for projects that make efficient use of hardware. No pin is left unused between the DS18B20 temperature sensor, the surface mount seven-segment LED displays, and the ATtiny84 driving it all. With the temperature flashing every 24 seconds and the unit spending the rest of the time in a deep sleep, a good CR2032 coin cell should power the device for nearly a year. The board itself measures only about an inch square.

You may think that a display that flashes only once every 24 seconds might be difficult to actually read in practice, and you’d be right. [David] found that it was indeed impractical to watch the display, waiting an unknown amount of time to read some briefly-flashed surprise numbers. To solve this problem, the decimal points flash shortly before the temperature appears. This countdown alerts the viewer to an incoming display, at the cost of a virtually negligible increase to the current consumption.

[David]’s project write-up explains how everything functions. He also steps through the different parts of the source code to explain how everything works, including the low power mode. The GitHub repository holds all the source files, and the board can also be ordered direct from OSH Park via their handy shared projects feature.

Low power consumption adds complexity to projects, but the payoffs can easily be worth the time spent implementing them. We covered a detailed look into low power WiFi microcontrollers that is still relevant, and projects like this weather station demonstrate practical low power design work.

Wednesday, May 29

Turbo Subaru Gets DIY Gauges

For the average motorist, the speedometer and the fuel indicator are the primary gauges of interest. Owners of performance or modified cars tend to like having more information on the way the car is running. [JustinN1] is firmly in that camp, and built some WiFi-enabled gauges for his Subaru WRX STi.

The gauges run on the ESP32 platform, chosen for its WiFi hardware and its ease of use with the Arduino platform. This makes programming a snap, and interfacing to a smartphone easy. OLED displays were chosen for their good visibility in both day and night conditions, which is important for automotive applications.

[JustinN1] developed both a boost/vacuum gauge and an oil pressure gauge, both useful for keeping an eye on what the engine is doing. Measuring boost is as simple as using an off-the-shelf analog air pressure sensor. The oil pressure sensor is a resistive part, and must is hooked up through a resistor divider to create an analog voltage for the ESP32 to read.

Code is on Github, and there’s even a version that displays a grinning face when you get into higher boost levels. There are also a series of housings to suit various mounting choices, to help give the gauges a more finished look. We’ve seen other gauge builds too, like this gear indicator for a Suzuki motorcycle. Video after the break.

Augmented reality changes how people interact and communicate, study finds

Kojima’s Death Stranding gets November 8 release date, wackadoo trailer

Video game auteur Hideo Kojima's first game since leaving Konami, Death Stranding, finally has a release date: November 8 for PlayStation 4 consoles. The news came at the end of the game's most revealing "gameplay" trailer yet, though as you might expect from the enigmatic Kojima, Wednesday's trailer raised more questions than it answered.

Yes, we've seen long and utterly confusing trailers for this game before, but this one comes with a semblance of a plot anchor. From what we can tell, the game revolves around a United States that has been torn asunder by some kind of plague or extinction event. The hero, Sam, played by actor Norman Reedus, is asked by the president "to help us reconnect, to make America whole." To which the character Sam replies, "You're the President of jack shit."

Yet clearly Sam is compelled to do something. This trailer shows him generating ladders and ropes to scale rocky cliffsides, getting into melee fisticuffs, hopping on a stylish, three-wheeled military vehicle, stealth-crawling through tall grass and alongside giant tanks, shooting guns, and scanning environments to discover, and stealth-sneak around, spooky creatures made of dust.

Read 3 remaining paragraphs | Comments

US Department of Energy is now referring to fossil fuels as “freedom gas”

A Stylish Solution for Bike Navigation

[André Biagioni] is developing an open hardware bicycle navigation device called Aurora that’s so gorgeous it just might be enough to get you pedaling your way to work. This slick frame-mounted device relays information to the user through a circular array of SK6812 RGB LEDs, allowing you to find out what you need to know with just a quick glance down. No screen to squint at or buttons to press.

The hardware has already gone through several revisions, which is exactly what we’d expect to see for an entry into the 2019 Hackaday Prize. The proof of concept that [André] zip-tied to the front of his bike might have worked, but it wasn’t exactly the epitome of industrial design. It was enough to let him see that the idea had merit, and from there he’s been working on miniaturizing the design.

So how does it work? The nRF52832-powered Aurora connects to your phone over Bluetooth, and relays turn-by-turn navigation information to you via the circular LED array. This prevents you from having to fumble with your phone, which [André] hopes will improve safety. When you’re not heading anywhere specific, Aurora can also function as a futuristic magnetic compass.

With what appears to be at least three revisions of the Aurora hardware already completed by the time [André] put the project up on Hackaday.io, we’re very interested in seeing where it goes from here. The theme for this year’s Hackaday Prize is moving past the one-off prototype stage and designing something that’s suitable for production, and so far we’d say the Aurora project is definitely rising to the challenge.