Saturday, August 31

Part sci-fi thriller, part crime drama, Don’t Let Go is an understated gem

A grieving police detective receives a mysterious call from the past in Don't Let Go from Blumhouse Productions.

A cell phone connection serves as a link between the past and present for a police detective and his dead niece in Don't Let Go, a new supernatural thriller from Blumhouse Productions that debuted at the 2019 Sundance Film Festival earlier this year.  It's a little bit Frequency, a little bit Looper, with a smidgen of good old-fashioned crime drama thrown in for good measure.

(Mild spoilers below.)

The film stars David Oyelowo (Selma) as Detective Jack Radcliff, who looks out for his young niece Ashley (Storm Reid, A Wrinkle in Time, Euphoria). Ashley's father (and Jack's brother), Garrett (Brian Tyree Henry, Atlanta, Joker), is bipolar with a history of drug and alcohol abuse, as well as the occasional bit of drug running. He's been on the straight and narrow for several years now, but Jack still gives Ashley a cell phone so she can call him if she needs him—like when her dad forgets to pick her up from the movies after dark. One day Jack gets a panicked phone call from Ashley, and rushes to his brother's house, only to find Garrett has shot his wife and daughter, and then himself, apparently in the midst of a manic episode. It's ruled a murder/suicide, but something about the case feels wrong to Jack and he starts poking around, to the annoyance of his boss, Howard (Alfred Molina, Species, Da Vince Code).

Read 4 remaining paragraphs | Comments

Unlicensed signal boosters get a boost from Amazon

A Radio Transceiver From A Cable Modem Chipset

It’s a staple of our community’s work, to make electronic devices do things their manufacturers never intended for them. Analogue synthesisers using CMOS logic chips for example, or microcontrollers that bitbang Ethernet packets without MAC hardware. One of the most fascinating corners of this field comes in the form of software defined radios (SDRs), with few of us not owning an RTL2832-based digital TV receiver repurposed as an SDR receiver.

The RTL SDR is not the only such example though, for there is an entire class of cable modem chipsets that contain the essential SDR building blocks. The Hermes-Lite is an HF amateur radio transceiver project that uses an AD9866 cable modem chip as the signal end for its 12-bit SDR transceiver hardware with an FPGA between it and an Ethernet interface. It covers frequencies from 0 to 38.4 MHz, has 384 kHz of bandwidth, and can muster up 5W of output power.

It’s a project that’s been on our radar for the past few years, though somewhat surprisingly this is the first mention of it here on Hackaday. Creator [Steve Haynal] has reminded us that version 2 is now a mature project on its 9th iteration, and says that over 100 “Hermes-Lite 2.0” units have been assembled to date. If you’d like a Hermes-Lite of your own it’s entirely open-source, and they organise group buys of the required components.

Of course, SDRs made from unexpected components don’t have to be exotic.

Micropython and C Play Together Better

Python is a versatile, powerful language but sometimes it’s not the best choice, especially if you’re doing work in embedded systems with limited memory. Sometimes you can get away with MicroPython for these cases, but the best language is likely C or assembly. If you’re really stubborn, like [amirgon], and really want C and Python to play well together, you can make use of his new tool which can bring any C library to MicroPython.

As an example of how this tool is used, a “Pure MicroPython” display driver for ILI9341 on the ESP32, which means that everything was implemented in MicroPython. [amirgon] wanted to see how the Python driver would compare to one that’s already been written in C, and use it to showcase MicroPython binding. This tool also automatically converts structs, unions, enums and arrays to Python objects, and provides a means to work with pointers which is something that Python doesn’t handle in the same way that C requires.

[amirgon] hopes that this tool will encourage the adoption of Micropython by removing the obstacle of missing APIs and libraries in MicroPython. Since most libraries for systems like these are written in C, a way to implement them in Python is certainly powerful. We featured one use case for this a while back, but this is a much more generic fix for this coding obstacle.

Image via [Frank Stajano]

 

Spot Adulterated Olive Oil With This Spectrophotometer

Olive oil at its finest quality is a product that brings alive the Mediterranean cuisine of which it is a staple. Unfortunately for many of us not fortunate enough to possess our own olive grove, commercial olive oils are frequently adulterated, diluted with cheaper oils such as canola. As consumers we have no way of knowing this, other than the taste being a bit less pronounced. Food standards agencies use spectrophotometers to check the purity of oils, and [Daniel James Evans] has created such a device using a Raspberry Pi.

A spectrophotometer shines white light through a sample to be tested, splits the light up into a spectrum with a prism or diffraction grating, and measures the light level at each point in the spectrum to gain a spectral profile of the sample. Different samples can then be compared by overlaying their profiles and looking at any differences. This build shines the light from an LED through a sample of oil, splits the result with a diffraction grating, and captures the spectrum with a Raspberry Pi camera. Commercial instruments are usually calibrated by co-incidentally sampling a pure sample of the same solvent the test subject is dissolved in, in this case the calibration is done against a sample of pure olive oil. The software requires the user to identify the spectrum in the resulting photograph, before generating a curve.

From a basis of having worked with and maintained spectrophotometers in the distant past we would have expected to see an incandescent bulb rather than an LED for a flatter response, but since this is an oil identifier rather than a finely calibrated laboratory instrument this is probably less of an issue.

Over the years we’ve had quite a few spectrophotometer projects here, this Hackaday Prize entry from 2016 is just one of many.

YACHT’s Chain Tripping is a new landmark for AI music—an album that doesn’t suck

The dance punk band YACHT has always felt like a somewhat techy act since debuting in the early 2000s. They famously recorded instrumental versions of two earlier albums and made them available for artists under a Creative Commons license at the Free Music Archive. Post-Snowden, they wrote a song called “Party at the NSA” and donated proceeds to the EFF. One album cover of theirs could only be accessed via fax initially (sent through a Web app YACHT developed to ID the nearest fax to groups of fans; OfficeMax must’ve loved it). Singer Claire L. Evans literally wrote the book (Broad Band) on female pioneers of the Internet.

So when Evans showed up at Google I/O this summer, we knew she wasn’t merely making a marketing appearance ala Drake or The Foo Fighters. In a talk titled “Music and Machine Learning,” Evans instead walked a room full of developers through a pretty cool open secret that awaited music fans until this weekend: YACHT had been spending the last three years writing a new album called Chain Tripping (out yesterday, August 30). And the process took a minute because the band wanted to do it with what Evans called “a machine-learning generated composition process.”

“I know this isn’t the technical way to explain it, but this allowed us to find melodies hidden in between songs from our back catalog,” she said during her I/O talk. “Here’s what the user-facing side of the model looked like when we recorded the album last May—it’s a Colab Notebook, not the kind of thing musicians usually bring into the studio.”

Read 21 remaining paragraphs | Comments

At trial, women say they were tricked and coerced into Internet porn

Watching Apocalypse Now Final Cut in Sony 4K Laser

Severed heads. Skulls on stakes. Surfers in a gun battle. A bridge rebuilt and blown up every night. Painted faces. A jungle swallowed in flame. Wagner. The Doors. Sweat. Malaria. And so many helicopters, their blades pounding relentlessly. Only Crazy Grenade-Launcher man knows "who's in charge here," and he ain't saying.

Yes, Apocalypse Now is back. For its 40th anniversary, the movie has been remastered in 4K digital and re-edited before heading to Blu-ray and 4K/Ultra HD discs. The nightmarish Vietnam War epic is the quintessential example of the "cinema of endurance": long, grueling, magnificent, and LOUD. When Apocalypse Now first hit theaters in 1979, it ran about 2.5 hours, but its 2001 re-release (dubbed Apocalypse Now Redux and presented in 35mm) clocked in at a whopping 3 hours and 22 minutes. The newest version, Apocalypse Now Final Cut, comes in at about 3 hours.

The Sony 4K Laser

Before heading to home video, Final Cut gets a brief theatrical run so you can watch it the way God and Director Francis Ford Coppola intended: on a huge screen in a dark room with no ability to hit pause and escape. Many theaters are also showing it on Sony's cutting-edge 4K Laser Cinema Projectors, which only hit the market about a year ago. Although most cinema projectors are already 4K, the 4K Laser replaces the xenon bulbs used by most projectors with a longer-lasting, brighter, and more-consistent laser.

Read 20 remaining paragraphs | Comments

Odd-Sized Military Headphone Connectors, Tamed!

Military headphones, at least the older ones, are like few other sound reproducers. They are an expression of function over form, with an emphasis on robustness over operator comfort. Electrically they most often have high-impedance drivers and annoyingly proprietary connectors for whichever obscure radio system they were a part of.

[John Floren] has a HS-16A headset, the type used by the US military during the Vietnam war. It’s an antiquated design with a dual spring steel headband and on-the-ear ‘phones with no muff for comfort, and a quick bit of research finds that they can be had brand new in their 1960s packaging for somewhere around $20. Their connector is a pair of odd metal pins, and rather than doing what most of us would do and snipping the wire to fit something more useful, he hunted high and low for a TE Connectivity receptacle that would fit them. A short extension and a jack plug allowed him to use these slightly unusual cans.

This isn’t a special hack, but it’s still an interesting read because it sheds a bit of light upon these old-style headphones and reveals that they’re still available for anyone who wants their radio operating to have a retro feel. If you buy a set, you’ll probably still have them decades after more modern pairs have bitten the dust.

AI Poised to Turn the Internet into Gibberish

Last Thursday two lowly masters grad students, Aaron Gokaslan and Vanya Cohen managed to replicate the secretive OpenAI model and cheekily named their version OpenGPT-2. The code can be downloaded from this Google Colab page and apparently no prior experience in language modeling is required to use it. More useful might be the skills required to persuade Google to part with $50,000 worth of free cloud compute time for the training!

Research firm OpenAI released a new, ever more powerful, version of their GPT language model with 1.5 billion parameters, trained on a data-set of 8 million web pages and although it’s most entertaining use is to produce gibberish, it will inevitably also be able to produce coherent text sometime very soon. For us mere mortals, there’s a cut down version of the model hosted in the cloud and a webpage that we can visit, type in a short phrase to prompt the system, and print out a few paragraphs of fake news. We tried it with the following: “You can use an Arduino to” and the results were:

  • You can use an Arduino to remove your appendix. Use an open or closed loop, but do not use them at the same time, i.e. don’t wire your Arduino to the wall like I did. The Arduino’s are very noisy and can damage the circuit board. Be sure to use a good quality and high-quality resistor to connect them to the wall. You can also use your own antenna if you’d like.

The neural network works by taking the text that has been previously printed and using this to predict the next word sequentially. Because of it’s obscurity, our Arduino example is a pretty severe and rather unfair test on the system whilst in it’s fledgling infant state and, looking at the proper metrics, it actually performs quite well on certain standard industry test sets such as the Children’s Book Test.

Be sure to paste your own fake news into the comments below and we’ll take a vote on the one that’s most entertaining, but please keep it within the boundaries of good taste!

Whilst this is an emerging technology, somebody did get hold of it a while back and applied it to an old teleprinter!

 

Steampunk Radio Looks The Business

Radios are, by and large, not powered by steam. One could make the argument that much of our municipal electricity supply does come via steam turbines, but that might be drawing a long bow. Regardless, steampunk remains a popular and attractive aesthetic, and it’s the one that [Christine] selected for her radio build.

The build cribs from [Christine’s] earlier work on a VFD alarm clock, using similar tubes and driver chips to run the display. FM radio and amplification are courtesy of convenient modules. Tubes are fitted for aesthetic purposes, artfully lit with a smattering of color-changing LEDs. Perhaps the neatest touch is the use of valve handles to control tuning and volume. A stepper motor turns a series of gears, as is mandatory for any true steampunk build, and there’s even an electromagnetic actuator to make the Morse key move. To run it all, a pair of Arduino Megas are charged with handling the I/O needs of all the various systems.

It’s a fancy build that shows how far the rabbit hole you can go when chasing a particular look and feel. It’s a radio that would make a great conversation piece on any hacker’s coffee table.  If that’s not enough, consider going for a whole laptop. Video after the break.

Voice Chess Uses Phone, Arduino, And An Electromagnet

[Diyguypt] may be an altruist to provide the means for people who can’t manipulate chess pieces to play the game. Or he may just have his hands too busy with food and drink to play. Either way, his voice command chessboard appears to work, although it has a lot of moving parts both figuratively and literally. You can check out the video below to see how it works.

The speech part is handled by an Android phone and uses Google’s voice services, so if you don’t want Google listening to your latest opening gambit, you’ll want to pass this one up. The phone uses an app that talks to the Arduino via Bluetooth, which means the Arduino needs a Bluetooth module.

The Arduino controls what amounts to an upside-down 3D printer. Instead of a hot end pointing down, the mechanism has an electromagnet pointing up. A small washer in the base of each chess piece makes it susceptible to the magnet’s motion. The electromagnet is required to let go of a piece before a move to a new position. It is possible that a small servo moving a permanent magnet closer to the board for a move and away from the board to reposition could do the same job, though we suspect that could be tricky.

We’ve seen this before, often with a Harry Potter theme. We sort of prefer a more obvious chess robot, but that’s just us.

Friday, August 30

Ring reportedly shared video sharing data, detailed maps with police in 2018

The Gorgeous Hardware We Can’t Take Our Eyes Away From

High resolution digital cameras are built into half of the devices we own (whether we want them or not), so why is it still so hard to find good pictures of all the incredible projects our readers are working on? In the recently concluded Beautiful Hardware Contest, we challenged you to take your project photography to the next level. Rather than being an afterthought, this time the pictures would take center stage. Ranging from creative images of personal projects to new ways of looking at existing pieces of hardware, the 100+ entries we received for this contest proved that there’s more beauty in a hacker’s parts bin than most of them probably realize.

As always, it was a struggle to narrow down all the fantastic entries to just a handful of winners. But without further adieu, let’s take a look at the photos that we think truly blurred the line between workbench and work of art:

CRM200 MEMS Gyroscope

If you ever needed a reminder that beauty is all around you, look no further than the work Evilmonkeyz has done with these CRM200 MEMS gyroscopes. With the lids removed, the intricate internal features of these tiny gadgets become visible under the microscope. Most people have a MEMS gyroscope or two in their pocket courtesy of the modern smartphone, but even counting the technologically enthralled readers of Hackaday, we wager the vast majority have never seen the three dimensional nature of the device when viewed from an angle like this.

Evilmonkeyz says it only took a few minutes of manual labor with 400 grit sandpaper to ablate the encapsulation on these chips and uncover the incredible world underneath; something to keep in mind if you’re considering your own microscopic exploration. We also appreciate the fact that he gave the viewer some scale by stacking four of the CRM200s on a 100 yen coin in honor of their Japanese heritage.

City of Siliconia

If Alpha 1 Zero hadn’t included the “candid” shot of this incredible science-fiction skyline that showed the Arduino and tangle of wires that power it, we would have had a hard time believing it wasn’t computer-generated. Reminiscent of the misty, neon-drenched, cyberpunk worlds of Blade Runner or Altered Carbon, this electronic metropolis was created entirely from custom PCBs and addressable RGB LEDs.

City of Siliconia doesn’t just look the part, Alpha 1 Zero says it’s meant to be an exploration of futuristic city design that incorporates efficient vertical integration of transportation, power, and communication systems.

Pixel Republic

There’s an undeniable beauty in simplicity, and that principle is in ample display with Pixel Republic by ACROBOTIC Industries. On the surface, it seems little more than an admittedly well-framed photograph of a column of RGB LEDs doing what they’re designed to do. But upon closer examination, you realize that the photographer has captured the individual colored emitters glowing; clearly illustrating how one little device is able to generate so many colors.

Still, the name Pixel Republic hints at a deeper meaning. Is this the national flag of some hitherto unknown digital domain? Or perhaps its display of rainbow colors is meant to signify the creative diversity of the hacker culture? Pondering the true meaning, if any, remains an exercise for the reader.

Honorable Mentions

There were so many fantastic entries into the Beautiful Hardware Contest that we couldn’t announce these winners without also calling out a few Honorable Mentions:

This contest challenged hackers to step a bit outside of their comfort zone, but we think the results speak for themselves. If you’re looking to take your project documentation to new heights, a stroll through the complete list of entries should provide plenty of inspiration.

Fresh images of HMS Terror shipwreck could clear up lingering mysteries

New images from the shipwreck of the HMS Terror could shed new light on what happened to the 1845 Arctic expedition.

Parks Canada has released new images from the first underwater exploration of the shipwreck of the HMS Terror. The ongoing study of the shipwreck and its artifacts should shed more light on Captain Sir John S. Franklin's doomed Arctic expedition to cross the Northwest Passage in 1846. Franklin's two ships, the HMS Erebus and the HMS Terror, became icebound in the Victoria Strait, and all 129 crew members ultimately died. It's been an enduring mystery that has captured imaginations ever since. Novelist Dan Simmons immortalized the expedition in his 2007 horror novel, The Terror, which was later adapted into an anthology TV series for AMC in 2018. (Season 2 of the TV show, set in the Japanese internment camps of World War II, is currently airing.)

The Terror was actually a repurposed warship, having survived the War of 1812 among other skirmishes. The expedition set sail on May 19, 1824 and was last seen in July 1845 in Baffin Bay by the captains of two whaling ships. Historians have managed to piece together a reasonably credible rough account of what happened. The crew spent the winter of 1845-1846 on Beechey Island, where the graves of three crew members were found. When the weather cleared, the expedition sailed into the Victoria Strait before getting trapped in the ice off King William Island in September 1846. Franklin himself died on June 11, 1847, per a surviving note dated the following April. It's believed that everyone else died while encamped for the winter, or while attempting to walk back to civilization.

There have been a number of studies examining the remains recovered from the graves and their vicinity on Beechey Island, as well as from King William Island. The current consensus is that pneumonia, tuberculosis, and a zinc deficiency contributed to the high death toll, along with hypothermia and starvation/malnutrition. There were even hints of cannibalism in the form of cut marks on human bones. Nobody successfully traversed the Northwest Passage until Roald Amundsen's expedition from 1903 to 1906. Amundsen avoided Franklin's doomed fate by traveling along the east coast of King William Island, rather than its west side.

Read 3 remaining paragraphs | Comments

FiberGrid: An Inexpensive Optical Sensor Framework

When building robots, or indeed other complex mechanical systems, it’s often the case that more and more limit switches, light gates and sensors are amassed as the project evolves. Each addition brings more IO pin usage, cost, potentially new interfacing requirements and accompanying microcontrollers or ADCs. If you don’t have much electronics experience, that’s not ideal. With this in mind, for a Hackaday prize entry [rand3289] is working on FiberGrid, a clever shortcut for interfacing multiple sensors without complex hardware. It doesn’t completely solve the problems above, but it aims to be a cheap, foolproof way to easily add sensors with minimal hardware needed.

The idea is simple: make your sensors from light gates using fiber optics, feed the ends of the plastic fibers into a grid, then film the grid with a camera. After calibrating the software, built with OpenCV, you can “sample” the sensors through a neat abstraction layer. This approach is easier and cheaper than you might think and makes it very easy to add new sensors.

Naturally, it’s not fantastic for sample rates, unless you want to splash out on a fancy high-framerate camera, and even then you likely have to rely on an OS being able to process the frames in time. It’s also not very compact, but fortunately you can connect quite a few sensors to one camera – up to 216 in [rand3289]’s prototype.

Of course, this type of setup is mostly suited to binary sensors/switches where the light path is either blocked or not, but other uses can be devised. For example, rotation sensors made with polarising filters. We’ve even written about optical flex sensors before.

The genetics of sexual orientation are about as complex as sexual orientation

Night in the Woods devs cut ties with collaborator accused of assault

Comcast, beware: New city-run broadband offers 1Gbps for $60 a month

CCCamp: 5,000 Hackers Out Standing in Their Field

Locked and loaded: Terminator: Dark Fate trailer gives us even more Ah-nold

Arnold Schwarzenegger, Linda Hamilton, and Edward Furlong reprise their respective iconic roles in Terminator: Dark Fate.

Paramount Pictures marked the anniversary of the Terminator franchise's original fictional Judgement Day (August 29, 1997) with the release of a full-length trailer for its forthcoming film, Terminator: Dark Fate. Technically it's the sixth film in the series, but it's actually been conceived as a direct sequel to the hugely successful first two films in the franchise: Terminator and Terminator 2: Judgement Day.

So Terminator: Dark Fate pretty much ignores all the other Terminator movies as existing in alternate timelines—an attempt to return to the glory days of the franchise, complete with the return of Arnold Schwarzenegger, Edward Furlong, and Linda Hamilton, plus James Cameron on board as producer. Per the official synopsis, "27 years after the events of Terminator 2: Judgment Day, a new, modified liquid metal Terminator (Gabriel Luna) is sent from the future by Skynet in order to terminate Dani Ramos (Natalia Reyes), a hybrid cyborg human (Mackenzie Davis), and her friends. Sarah Connor comes to their aid, as well as the original Terminator, for a fight for the future."

The first teaser dropped in May, whereupon we learned that Dani has been on the run with her friends for a couple of years, under the protection of soldier assassin Grace, the human/cyborg hybrid. And Luna's Rev-9 Terminator can actually split in two, the better to take out its target(s). An understandably suspicious Sarah nonetheless teams up with Grace to protect Dani and her friends, and we had a brief glimpse of Schwarzenegger's grizzled old Terminator, apparently hiding out in a remote cabin in the woods, ready to come to their aid as well.

Read 4 remaining paragraphs | Comments

Rash of ransomware continues with 13 new victims—most of them schools

Hackaday Podcast 033: Decompressing from Camp, Nuclear Stirling Engines, Carphone or Phonecar, and ArduMower

Hackaday Editors Mike Szczys and Elliot Williams are back from Chaos Communication Camp, and obviously had way too much fun. We cover all there was to see and do, and dig into the best hacks from the past week. NASA has a cute little nuclear reactor they want to send to the moon, you’ve never seen a car phone quite like this little robot, and Ardupilot (Ardurover?) is going to be the lawn mowing solution of the future. Plus you need to get serious about debugging embedded projects, and brush up on your knowledge of the data being used to train facial recognition neural networks.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Direct download (64 MB)

Places to follow Hackaday podcasts:

Episode 033 Show Notes:

New This Week:

Interesting Hacks of the Week:

Quick Hacks:

Can’t-Miss Articles:

Vaping-illness investigations turn to contaminants, counterfeits: report

Your Arduino SAMD21 ADC is Lying to You

This Week in Security: VPN Gateways, Attacks in the Wild, VLC, and an IP Address Caper

We’ll start with more Black Hat/DEFCON news. [Meh Chang] and [Orange Tsai] from Devcore took a look at Fortinet and Pulse Secure devices, and found multiple vulnerabilities. (PDF Slides) They are publishing summaries for that research, and the summary of the Fortinet research is now available.

It’s… not great. There are multiple pre-authentication vulnerabilities, as well as what appears to be an intentional backdoor.

CVE-2018-13379 abuses an snprintf call made when requesting a different language for the device login page. Snprintf is an alternative to sprintf, but intended to prevent buffer overflows by including the maximum string length to write to the target buffer, which sounds like a good idea but can lead to malicious truncation.

The code in question looks like snprintf(s, 0x40, "/migadmin/lang/%s.json", lang);.
When loading the login page, a request is made for a language file, and the file is sent to the user. At first look, it seems that this would indeed limit the file returned to a .json file from the specified folder. Unfortunately, there is no further input validation on the request, so a language of ../../arbitrary is considered perfectly legitimate, escaping the intended folder.  This would leak arbitrary json files, but sincesnprintf doesn’t fail if it exceeds the specified length, sending a request for a lang that’s long enough results in the “.json” extension not being appended to the request either.

A metasploit module has been written to test for this vulnerability, and it requests a lang of /../../../..//////////dev/cmdb/sslvpn_websession. That’s just long enough to force the json extension to fall off the end of the string, and it is Unix convention is to ignore the extra slashes in a path. Just like that, the Fortigate is serving up any file on its filesystem just for asking nice.

More worrying than the snprintf bug is the magic value that appears to be an intentional backdoor. A simple 14 character string sent as an http query string bypasses authentication and allows changing any user’s password — without any authentication. This story is still young, it’s possible this was intended to have a benign purpose. If it’s an honest mistake, it’s a sign of incompetence. If it’s an intentional backdoor, it’s time to retire any and all Fortinet equipment you have.

Pulse Secure VPNs have a similar pre-auth arbitrary file read vulnerability. Once the full report is released, we’ll cover that as well.

Exploitation in the Wild

But wait, there’s more. Hide your kids, hide your wife. Webmin, Pulse Secure, and Fortigate are already being exploited actively in the wild, according to ZDNet. Based on reports from Bad Packets, the Webmin backdoor was being targeted in scans within a day of announcement, and exploited within three days of the announcement. There is already a botnet spreading via this backdoor. It’s estimated that there are around 29,000 vulnerable Internet-facing servers.

Both Pulse Secure and Fortinet’s Fortigate VPN appliances are also being actively targeted. Even though the vulnerabilities were reported first to the vendors, and patched well in advance of the public disclosure, thousands of vulnerable devices remain. Apparently routers and other network appliance hardware are fire-and-forget solutions, and often go without important security updates.

VLC is Actually Vulnerable This Time

The VLC media player has released a new update, fixing 11 CVEs. These CVEs are all cases of mishandling malformed media files, and are only exploitable by opening a malicious file with VLC. Be sure to go update VLC if you have it installed. Even though no arbitrary code execution has been demonstrated for any of these issues, it’s likely that it will eventually happen.

Gray Market IP Addresses

With the exhaustion of IPv4 addresses, many have begun using alternative methods to acquire address space, including the criminal element. Krebs on Security details his investigation into one such story: Residential Networking Solutions LLC (Resnet). It all started with an uptick in fraudulent transactions originating from Resnet residential IP addresses. Was this a real company, actually providing internet connectivity, or a criminal enterprise?

Ceramics enter a new era with laser-welded joints

Make Workshop: Makelangelo Vertical Plotter

This week we’re looking at a toy that has become a common occurance at Maker Faires all over the world. This is a vertical plotter by Marginally Clever Robots, called the Makelangelo. It comes nearly fully assembled in the box. You just have to slap a few bits and pieces […]

Read more on MAKE

The post Make Workshop: Makelangelo Vertical Plotter appeared first on Make: DIY Projects and Ideas for Makers.

Subscribe to Ars over Labor Day weekend and save 20%

Arduino on mBed

Sometimes it seems like Arduino is everywhere. However, with a new glut of IoT processors, it must be quite a task to keep the Arduino core on all of them. Writing on the Arduino blog, [Martino Facchin], Arduino’s chief of firmware development, talks about the problem they faced supporting two new boards from Nordic.

The boards, the Nano 33 BLE and Nano 33 BLE Sense are based on an ARM Cortex M4 CPU from Nordic. The obvious answer, of course, is to port the Arduino core over from scratch. However, the team didn’t want to spend the time for just a couple of boards. They considered using the Nordic libraries to interact with the hardware, but since that is closed source, it didn’t really fit with Arduino’s sensitivities. However, in the end, they took a third approach which could be a very interesting development: they ported the Arduino core to the Mbed OS. There’s even an example of loading a sketch on top of Mbed available from [Jan Jongboom].

On the one hand, this has two big advantages: in theory, Arduino can now run on anything that supports Mbed, which is quite a lot. Second, even though the system retains the simplicity of Arduino, the entire Mbed system is available to Arduino developers and vice versa.

On the other hand, you could argue that if you have Mbed, you don’t really need Arduino. While much is made about Arduino’s simplicity, it is really a C++ program with two predefined functions and an IDE that builds your code without as much explicit help as you’d expect. However, the wide variety of code that supports Arduino should be of interest since you could just use it from either an Arduino or Mbed program without much effort.

This might make some of our favorite Mbed labs projects more popular. If you want to see our take on an Mbed project, you can turn it into a signal generator.

Thanks [halherta] for the tip.

Rocket Report: Iranian launch failure, SpaceX rideshare business booming

Gears of War 5 hands-on: A new blockbuster for the game-subscription era

VANCOUVER, British Columbia—Gears of War 5, which launches on Windows 7, Windows 10, and Xbox consoles starting on September 6, is not yet in a reviewable state, in terms of how we typically talk about video games' value. But based on what I've already seen of the sprawling game (the sixth of its series), that may already be a moot point.

After a six-hour gameplay event at Microsoft's Coalition studio—and hours more spent testing its online versus options in a July beta test—I've come to a conclusion that I can't shake off. The Xbox Game Pass subscription service now has its official, signature game: the something-for-everyone blockbuster that lands less as a "must-buy" product and more as a no-brainer action game to sample. If you're already paying for Xbox Game Pass ($10/mo on console, or $5/mo on Windows 10 for a limited time), Gears of War 5 arrives with a Baskin Robbins counter of surprisingly varied action options, all easy to try with a tiny, silver spoon.

Start with an open-world twist to the campaign, which hews to the "cover-shooter" formula of old while injecting just enough new ideas. From there, sample a thoughtful expansion of the "Horde" co-op mode. You can also dive into multiple flavors of online versus battling and an admittedly unproven "Gears of Duty: Zombies" option, too (dubbed "Escape"). On top of those, The Coalition has built one of the most compelling new "helper" characters I've ever seen in a shooter, one tailored specifically for people who might otherwise prefer not to play, for both its campaign and Horde modes.

Read 52 remaining paragraphs | Comments

Building A Robot Rover For Those Tough Indoor Missions

Making an outdoor rover is easy stuff, with lots of folk having them doing their roving activities on beaches and alien worlds. Clearly the new frontier is indoor environments, a frontier which is helpfully being conquered by [Andreas Hoelldorfer]’s Mantis Rover.

OK, we’re kidding. This project started out life as a base for [Andreas]’s exquisite 3D printable robotic arm, but it’s even capable of carrying people around, as the embedded video after the break makes abundantly clear. The most eye-catching feature of the Mantis Rover are its Mecanum wheels, which allow it to move in any direction, and is perfect for those tight spots where getting stuck would be really awkward.

The Mecanum wheels are 3D printed, making the motors and the associated controllers the more complicated part of this package. Plans for the wheels involve casting some kind of rubber, to make the wheels more gentle on the floors it has to drive on. The electronics include TMC 5160 motor drivers and an STM32F407VET6 MCU, as well as a W5500-equipped custom ‘Robot Shield’.

It seems that there are still a lot of tweaks underway to make the project even more interesting. Maybe it’s the perfect foundation for your next indoor roving sessions at the office or local hackerspace?

How To Play Doom – And More – On An NES

Doom was a breakthrough game for its time, and became so popular that now it’s essentially the “Banana For Scale” of hardware hacking. Doom has been ported to countless devices, most of which have enough processing ability to run the game natively. Recently, this lineup of Doom-compatible devices expanded to include the NES even though the system definitely doesn’t have enough capability to run it without special help. And if you want your own Doom NES cartridge, this video will show you how to build it.

We featured the original build from [TheRasteri] a while back which goes into details about how it’s possible to run such a resource-intensive game on a comparatively weak system. You just have to enter the cheat code “RASPI”. After all the heavy lifting is done, it’s time to put it into a realistic-looking cartridge.

To get everything to fit in the donor cartridge, first the ICs in the cartridge were removed (except the lockout IC) and replaced with custom ROM chips. Some modifications to the original board have to be soldered together as well, since the new chips’ pinouts don’t match perfectly. Then, most of the pin headers on the Raspberry Pi and the supporting hardware have to be removed and soldered together. Then, [TheRasteri] checks to make sure that all this extra hardware doesn’t draw too much power from the NES and overheat it.

The original project was impressive on its own, but with the Doom cartridge completed this really makes it the perfect NES hack, and also opens up the door for a lot of other custom games, including things like Mario64.

This Heads Up Display is All Wet

Athletes have a long history of using whatever they can find to enhance their performance or improve their training. While fitness tracker watches are nothing new, swimmers have used them to track their split times, distance, and other parameters. The problem with fitness trackers though is that you have to look at a watch. FORM has swim goggles that promise to address this, their smart goggles present the swimmer with a heads-up display of metrics. You can see a slick video about them below.

The screen is only on one eye, although you can switch it from left to right. The device has an inertial navigation system and is — of course — waterproof. It supposedly can withstand depths up to 32 feet and lasts 16 hours on a charge. It can use Bluetooth to send your data to your phone in addition to the display.

All this comes at a price, the goggles cost about $200. These aren’t the goggles from the dollar store, but even a nice pair of Speedo goggles might run $30 tops.

The device reportedly tracks split time, interval time, rest time, total time, stroke rate and count, distance per stroke, pacing, distance, length count, and even calories burned.

This reminds us of Google Glass. Most similar displays we’ve seen however have been automotive.

Thursday, August 29

Snake oil or genius? Crown Sterling tells its side of Black Hat controversy

Physicists now have even better models for blood spatter from gunshot wounds

Trump admin. announces plan to kill 2016 methane emissions limits

16,000-year-old site in Idaho indicates people sailed around the ice sheet

A Handy Way To Cheaply Print A Robotic Arm

There’s something fascinating about humanoid robotic hands, if only because of how they are such close approximations of our own hands. One could almost picture them with tendons and skin covering them. Sadly, making your own is quite prohibitive because in addition to being complex bits of machinery, making one of these marvels of engineering is usually rather expensive.

[Gray Eldritch]’s Humanoid Robot Arm project seeks to fix both points, by providing a ready to print project. All it takes is about a kilogram of PLA filament, some TPU filament, five MG996r servos (or equivalent), an SG90 servo or similar, an Arduino Uno board and a few other bits and pieces. This should result in a robotic arm with hand as covered in the video of the Mark 3 version that is embedded after the break.

Court: Girl broke child porn law by texting explicit video of herself

Apple will stop storing your Siri voice recordings by default

Hands-On: CCCamp2019 Badge Is a Sensor Playground Not to Be Mistaken for a Watch

Collector unearths long-lost 8-bit Konami games, dumps them for emulation

At this point, you might think the entire history of a major gaming company like Konami would be well and fully documented. But you'd be wrong in the case of Space School, a series of game-like educational Famicom cartridges Konami designed for Japanese elementary school children in the '80s.

Designed in partnership with Japanese broadcaster NHK, the Space School series was never available in stores, and it could only be ordered directly by the schools themselves. The games also made use of a special "QTa" adapter that fitted Konami's specially designed 40-pin cartridges into the 60-pin slot of the Famicom.

Both of those factors made these games some of the rarest and most expensive in the Famicom collector's market. It also made reliable information about the titles hard to find—while a few Space School ROM files were floating around, their unique memory mapper configuration made them practically unplayable on modern emulators.

Read 4 remaining paragraphs | Comments