[Mr. Carlson] Fixes a Fridge

A dead refrigerator is an occurrence determined to frustrate any homeowner. First there’s the discovery of hundreds of dollars in spoiled food, and then the cost of a repair call and the delay of the inevitable wait for parts. It’s clear to see why a hacker like [Mr. Carlson] would seek another way.

Now, normally a fridge repair video would by unlikely fodder for a Hackaday article. After all, there’s generally not much to a fridge, and even with the newer microprocessor-controlled units, diagnosis and repair are usually at the board-level. But [Mr. Carlson] has had this fridge since 2007, and he’s got some history with it. An earlier failure was caused by the incandescent interior lights welding relay contacts closed thanks to huge inrush currents when starting the cold filaments. That left the light on all the time, heating the interior. His fix was a custom solid-state relay using zero-crossing opto-isolators to turn the bulbs on or off only when the AC power was at a minimum.

That repair kept things going for years, but when the latest issue occurred, [Mr. Carlson] took a different tack. He assumed that a board that has been powered 24-7 for the last twelve years is likely to have a bad capacitor or two. He replaced all the caps, threw in a few new relays to be on the safe side, and powered the fridge back up. It whirred back to life, ready for another decade or so of service.

Kudos to [Mr. Carlson] for his great repair tips and his refusal to surrender. The same thing happened when his solder sucker started to give up the ghost and he fixed it by adding a variable-frequency drive.

Posted in appliance, capacitor, refrigerator, relay, repair, repair hacks, teardown, zero crossing | Leave a comment

OpenLeg – The Open Source Robot Leg

There’s an old saying about standing on the shoulders of giants, but how about doing so with an open source leg? Well, your robots might do so at least, thanks to OpenLeg, a new open source project for building robot legs. Created by [Joey Byrnes], this started out as a senior project for a course at the University of Illinois. The idea is to create a robot leg that others can use to build four-legged robots that can amble around the neighborhood, much like those built by Boston Dynamics.

The project is off to a good start: the sample videos that [Joey] has produced show that the prototypes of OpenLeg can produce a variety of motions, from literal kick-boxing moves down to a more conventional walking gait. It is mostly 3D printed, with a few bits of carbon fiber adding strength. The leg is driven by a large 50 Kv motor designed for electric skateboards driven by an ODrive controller that handles most of the complexities of driving a big motor like this and handling the kinematic and other complex stuff. The idea is that you could eventually just plug the design into your own robot and set it walking with a few lines of Python, but that’s still a ways off.

We’ve seen a lot of quadruped robot projects recently, from James Bruton’s OpenDog to Alphred from RoMeLa at UCLA, but more is better for projects like this. Especially with projects that take a more modular approach so you can pick and choose for your own Sarah Connor hunting devices.

Posted in quadruped, robot, robot overlords, robots hacks | Leave a comment

Custom Game Pad Can Reprogram Itself

In the heat of the moment, gamers live and die by the speed and user-friendliness of their input mechanisms. If you’re team PC, you have two controllers to worry about. Lots of times, players will choose a separate gaming keyboard over the all-purpose 104-banger type.

When [John Silvia]’s beloved Fang game pad went to that LAN party in the sky, he saw the opportunity to create a custom replacement exactly as he wanted it. Also, he couldn’t find one with his desired layout. Mechanical switches were a must, and he went with those Cherry MX-like Gaterons we keep seeing lately.

This 37-key game pad, which [John] named Eyetooth in homage to the Fang, has a couple of standout features. For one, any key can be reprogrammed key directly from the keypad itself, thanks to built-in macro commands. It’s keyboard-ception!

One of the macros toggles an optional auto-repeat feature. [John] says this is not for cheating, though you could totally use it for that if you were so inclined. He is physically unable to spam keys fast enough to satisfy some single-player games, so he designed this as a workaround. The auto-repeat’s frequency is adjustable in 5-millisecond increments using the up /down macros. There’s a lot more information about the macros on the project’s GitHub.

Eyetooth runs on an Arduino Pro Micro, so you can either use [John]’s code or something like QMK firmware. This baby is so open source that [John] even has a hot tip for getting quality grippy feet on the cheap: go to the dollar store and look for rubber heel grippers meant to keep feet from sliding around inside shoes.

If [John] finds himself doing a lot of reprogramming, adding a screen with a layout map could help him keep track of the key assignments.

Posted in arduino, Arduino Hacks, cherry mx, Gateron, keyboard, keypad | Leave a comment

Flux Gate Magnetometers Make A Special Current Probe

There are moments when current measurement is required on conductors that can’t be broken to insert a series resistor, nor encircled with a current transformer. These measurements require a completely non-invasive technique, and to satisfy that demand there are commercial magnetometer current probes. These probes are however not for the light of wallet, so [ensgoldmine] has created a much cheaper alternative.

The Texas Instruments GRV425 flux gate magnetometer integrated circuit on its TI evaluation module provides the  measuring element placed at the tip of a probe as close as possible to the conductor to be measured, with another GRV425 module at the head of the probe to measure ambient magnetic field for calibration purposes.  An Arduino Due measures and processes the readings, chosen due to its higher-resolution ADC than the more ubiquitous Arduino Uno.

The write-up is interesting even if you have no need for a current probe, because of its introduction to these sensing elements. Because it’s a rare first for Hackaday, we’ve never taken a close look at them before other than as an aside when talking about a scientific instrument on Mars.

Posted in current, current probe, flux gate magnetometer, magnetometer, parts | Leave a comment

Steam Bike Rocks It Old-School

Petrol engines dominate the world of the automobile, while electric propulsion races to take an ever larger market share. Despite this, some still hold a flame for steam power. Such aficionados would hold this build in high regard, from the recent past of 2014.

In steampunk, finish is everything.

The bike is of a recumbent design, featuring a relaxed riding position well suited to the sophisticated nature of a steam-powered vehicle. Sporting a wooden frame, the build carries a strong steampunk aesthetic. The flash boiler packs 100 feet of copper pipe, and there’s an electric pump and controller to handle water delivery from the stylish brass tank. The setup is capable of producing steam within 30 seconds of startup. Motive power is courtesy of a 1.5 inch bore single-cylinder steam engine, connected to the rear wheel via a belt drive.

There’s something intoxicating about the sounds and smells of a working steam engine, though the threat of catastrophic burns does temper the excitement just a touch. Steam power isn’t going away any time soon – and it’s not just limited to transport applications, either. Video after the break.

[Thanks to sangimmie for the tip!]

Posted in bicycle, bike, recumbent, steam, steam power, steam-powered, transportation hacks | Leave a comment

Hackaday Podcast 036: Camera Rig Makes CNC Jealous, Become Your Own Time Transmitter, Pi HiFi with 80s Vibe, DJ Xiaomi

Hackaday Editors Elliot Williams and Mike Szczys work their way through a fantastic week of hacks. From a rideable tank tread to spoofing radio time servers and from tune-playing vacuum cleaners to an epic camera motion control system, there’s a lot to get caught up on. Plus, Elliot describes frequency counting while Mike’s head spins, and we geek out on satellite optics, transistor-based Pong, and Jonathan Bennett’s weekly security articles.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Direct download (54 MB)

Places to follow Hackaday podcasts:

Episode 036 Show Notes:

New This Week:

  • Elliot’s working on the audio compression algorithms originally used by the Speak & Spell

Interesting Hacks of the Week:

Quick Hacks:

  • Mike’s Picks:
  • Elliot’s Picks:

Can’t-Miss Articles:

Posted in cnc, dcf77, frequency counter, Hackaday Columns, podcast, Podcasts, pong, Satellites, speak & spell, xiaomi | Leave a comment

Homemade Wall Stops Roomba and Other Vacuum Tricks

If you have a Roomba, you know they are handy. However, they do have a habit of getting into places you’d rather they avoid. You can get virtual walls which are just little IR beacons, but it is certainly possible to roll your own. That’s what [MKme] did and it was surprisingly simple, although it could be the springboard to something more complicated. You can see a video about the build below.

As Arduino projects go, this could hardly be more simple. An IR LED, a resistor and a handfull of code that calls into an IR remote library. If that’s all you wanted, the Arduino is a bit overkill, although it is certainly easy enough and cheap.

We know that’s not much, but we were impressed with some of the other information associated with the project for future directions. For example, there’s this project that adds an ultrasonic sensor to a Roomba using the serial port built under the handle. The interface and protocol for that port is even nicely documented.

That got us thinking. You could probably use some ultrasonic sensors for two-way communication to do custom walls. For example, you could use one to send a set number of pulses per second and have another device on the Roomba to receive them and count. You could program rules like a particular wall is only really a wall between 8 AM and 5 PM, for example.

We’ve seen some people use the Roomba as a general-purpose robot platform. We still wish we could find a sensor in the DigiKey catalog to help avoid this common problem.

Posted in arduino, Arduino Hacks, robots hacks, roomba, virtual wall | Leave a comment

This Week in Security: Zeroconf Strikes Again, Lastpass Leaks your Last Password, And All Your Data is Belong to Us

VoIP cameras, DVRs, and other devices running the Web Services Dynamic Discovery (WSDD) protocol are being used in a new type of DDoS attack. This isn’t the first time a zeroconf service has been hijacked as part of a DDoS, as UPnP has also been abused in similar ways.

Feel like alphabet soup yet? A Denial of Service attack is one where the target is simply made unavailable, rather than actually compromised. The classic example of this is the SYN flood, where an attacker would open hundreds of connections to a web server at once, exhausting the server’s resources and interrupting legitimate use of that server. As mitigations for these attacks were developed (SYN Cookies, for example), DoS attacks were replaced by Distributed Denial of Service (DDOS) attacks. Rather than attack a weakness on the target machine, like available RAM or CPU cycles, a DDoS generally targets available network bandwidth by hitting the target website from many, many locations at once. No clever software tricks can help when your Internet connection is fully saturated with junk traffic.

And one way to get many, many computers to send traffic to the same IP is to run a botnet. Your five megabit upload bandwidth might not seem like much, but if a thousand computers are each saturating their 5 megabits, the resulting 5 gigabit attack is nothing to sneeze at. DDoS amplification is when a third party service is used as a part of an attack. Imagine sending a DNS request with a spoofed source IP address. A UDP connection doesn’t have the initial handshake of a TCP packet, so detecting a spoof of this sort is much more difficult. You send a relatively small DNS request, and a DNS server responds by sending a larger reply — not to your IP, but to the target IP that you spoofed. This sort of amplification is usually done as part of a botnet DDoS attack, resulting in even more attack bandwidth. The largest confirmed DDoS attack on record is a staggering 1.3 Terabytes per second, was aimed at Github, and used Memcached as the amplification vector.

Now back to Zeroconf. Zero-configuration networking is the idea that things should “just work” when plugged into a network together. When you have the option to send video to your Chromecast, or Windows shows you the list of all the other devices on your network, you’re seeing zeroconf in action. Zeroconf protocols like UPnP and WSDD are intended to run only over the local network, but vendors are notorious for mis-implementing standards, and here is no exception. WSDD as defined should only respond to multicast requests on UDP port 3702. Many vendors have built their WSDD support in such a way that devices will respond to WSDD requests from any IP address, multicast or not. The last key to this amplification technique is the actual amplification. How small of a packet can an attacker send, vs how big of a packet can this trigger in response. Researchers at Akamai identified an eighteen byte message that triggers a much larger response. They managed a 153x amplification factor, which is terrifying. Thankfully, active attacks are running something more like 10x amplification factors.

Lastpass Reveals Your Last Pass

Sometimes software names and the bugs that affect them are downright uncanny. The Lastpass plugin had an issue where a website could run some clever Javascript and retrieve the last password that Lastpass auto-filled. This worked because the Lastpass plugin uses Javascript on the web pages you visit, watching for password prompts to fill. It was discovered that the JS code of a malicious website could interact with the plugin’s code in unintended ways. Because the Lastpass pop-up could be referenced without calling an initialization function, data was still present from the last time that pop-up was shown. Lastpass fixed the problem in release 4.33.0.

More Data Breaches

This week there were two separate stories about very large data breaches. Though technically, neither is a breach so much as passwordless databases carelessly exposed to the internet. First is the more than 100 medical databases being served on the internet without proper security. So far there seems to be plenty of finger-pointing, but with that many security fails, there is plenty of blame to go around. It’s worth noting that each of those exposed databases is a HIPAA violation, and each carries the potential for a sizable fine.

The second is the records of essentially every citizen of Ecuador. An Elasticsearch instance was misconfigured and publicly accessible. While at first glance, this seemed to be yet another government database exposed to the Internet, there was something strange about this database. There was data from multiple sources. About half of the database was consistent with the idea of a government database, but the rest seemed to come from private entities. The researchers working on this story determined an Ecuadorian company named Novaestrat was hosting the vulnerable database.

The database was secured, and Novaestrat’s website has disappeared. There are still more questions than answers concerning this story. Was this database the combined storage for other data breaches? Regardless, the personal data of millions of Ecuadorians was exposed. Interestingly, Julian Assange was among the people with entries in this Database, as a result of his Ecuadorian asylum.

Both of these databases contained personal information, which is of course unchangeable. Millions of people have been doxxed by carelessness, and short of witness-protection-plan level measures, there is no undo button.

Windows Defender

Using Windows Defender? You might be in for a surprise next time you manually run a scan. Since the update this Tuesday, Windows Defender only scans a handful of files when manually running a quick or full scan. As is often the case, this bug was introduced when another problem was being fixed. If you use Windows Defender and want to run a manual scan, the custom scan does still work correctly.

Posted in ddos, elasticsearch, Hackaday Columns, lastpass, security hacks, This Week in Security | Leave a comment

3D Printed VirtuScope is a Raspberry Pi 4 Cyberdeck with a Purpose

William Gibson might have come up with the idea for the cyberdeck in 1984, but it’s only recently that technology like desktop 3D printing and powerful single board computers have enabled hackers and makers to assemble their own functional versions of these classic cyberpunk devices. Often the final product is little more than a cosplay prop, but when [Joe D] (better known on the tubes as [bootdsc]) started designing his VirtuScope, he wanted to create something that was actually practical enough to use. So far, it looks like he’s managed to pull it off.

Many of the cyberdeck builds we see are based around the carcass of a era-appropriate vintage computer, which looks great and really helps sell the whole retro-future vibe. Unfortunately, this can make the projects difficult and expensive to replicate. Plus there’s plenty of people who take offense to gutting a 30+ year old piece of hardware just so you can wear it around your neck at DEF CON.

[bootdsc] deftly avoided this common pitfall by 3D printing the entire enclosure for the VirtuScope, and since he’s shared all of the STLs, he’s even made it so anyone can run off their own copy. The majority of the parts can be done on any FDM printer with a 20 x 20 x 10cm build area, though there are a few detail pieces that need the resolution of an SLA machine.

Under the hood the VirtuScope is using the Raspberry Pi 4, which [bootdsc] says is key to the build’s usability as the latest version of the diminutive Linux SBC finally has enough computational muscle to make it a viable for daily computing. Granted the seven inch LCD might be a tad small for marathon hacking sessions, but you could always plug in an external display when you don’t need to be mobile. For your wireless hacking needs, the VirtuScope features an internal NooElec SDR (with HF upconverter) and a AWUS036AC long-range WiFi adapter; though there’s plenty of room to outfit it with whatever kind of payload you’d find useful while on the go.

Documentation for this project is still in the early stages, but [bootdsc] has already provided more than enough to get you started. He tells us that there are at least two more posts coming that will not only flesh out how he built the VirtuScope, but explain why it’s now become his portable SDR rig of choice. We’re excited to see more details about this build, and hope somebody out there is willing to take on the challenge of building their own variant.

In the past we’ve seen partially 3D printed cyberdecks, and at least one that also went the fully-printed route, but none of them have been quite as accessible as the VirtuScope. By keeping the geometry of the printed parts simple and utilizing commonly available components, [bootdsc] may well have laid the groundwork for hackerdom’s first “mass produced” cyberdeck.

Posted in cyberdeck, cyberpunk, portable, Raspberry Pi, Raspberry Pi 4, sdr, William Gibson | Leave a comment

British Cops Catch Shooter-Printing Villain

It’s a perennial of breathless British tabloid scare reporting that 3D printers will unleash a tide of weapons upon the streets. But perhaps it might actually be time for Brits lock up their children, because London’s Metropolitan Police have announced their first prosecution for 3D printing a handgun. The gun pictured appears to be a Repringer 5-shot .22 revolver, and was found by police during a drugs raid.

The UK has significantly restrictive firearms legislation and shooting incidents are extremely rare in the country, so while this might not raise any eyebrows on the other side of the Atlantic it’s an extremely unusual event for British police. It appears that the builder was not the type of libre firearms enthusiast who has made the news with similar work in the USA, so it has to be assumed that it was printed purely as a means to secure an illegal firearm however rough-and-ready or indeed dangerous it might be.

Stepping aside from the firearm aspect of the story, it should be of concern for any British 3D printer enthusiasts. As we’ve reported over the years with respect to drone incidents they can sometimes throw reason to the wind when faced with unfamiliar technology, indeed we’ve already seen them imagining RepRap parts to be for a firearm. We’d counsel all parties to keep sane heads, and hope that both the sentence for today’s criminal proves to be a suitable deterrent, and that no clueless fool decides to download and print another weapon for the hell of it. As always, we’ll bring you developments as they happen.

Posted in 3d printed firearm, 3d Printer hacks, firearm, uk, weapons hacks | Leave a comment