Hackszine.com

Most recent posts: page 1 of 6 1 2 3 4 5 6
Browse the complete archive by category or month.

January 4, 2009

BaR2D2 - mobile droid bartender

After a long day on Tatooine fighting off Sandpeople and haggling over the price of power converters, Obi-Wan and Luke Skywalker walk into a droid...

BaR2D2 is a radio-controlled, mobile bar that features a motorized beer elevator, motorized ice/mixer drawer, six-bottle shot dispenser, and sound activated neon lighting. The robot is driveable so you can take the party on the road! It was created in my garage using standard hand/power tools and readily available parts and materials.

BaR2D2's creator, Jamie Price, sent us a link that includes all the construction details, as well as a few photos of the droid with C3PO, R2, Vader, and some Stormtroopers at the Dragon*con convention.

Build A Mobile Bar - BaR2D2

January 3, 2009

Wikipedia over DNS

David Leadbeater created a service that distributes Wikipedia entries over DNS using TXT records. Simply looking up a TXT record for any subdomain of his service will pull a summary of the Wikipedia entry for the title of the same name.

I had written some code to take wikipedia articles and summarise them. I wanted to offer this for use in various places, now the obvious way to offer it is just a web service (via REST, SOAP, etc), but that's boring and I had a cunning plan. Why not offer it over DNS - it is basically a huge associative array and DNS is designed for this stuff.

So I wrote a little nameserver which returns the results as TXT records. There are some obvious limitations for example responses are limited to around 430 bytes (it only does UDP). It has advantages too, it gets cached at your nameserver and it is also faster than HTTP (no need to setup a TCP session).

Here's an example command line entry that will pull a summary of the Hack article in Wikipedia:

host -t txt hack.wp.dg.cx

hack.wp.dg.cx descriptive text "Hack may refer to: Hack (technology), a term used in the technology and computer science fields, Hack (masonry), a row of stacked unfired bricks protected from the rain, Hack writer, a writer who is paid to write low-quality, quickly put-together articles" " or books, Hack and slash, a genre of video game or a type of gameplay, Life hack, productivity techniques used by... http://a.vu/w:Hack"

Impressive, rolling out a completely distributed, cached utility on existing infrastructure, requiring no end-user software to be installed. It's a testament to versatility and genius of DNS that one of the Internet's original protocols still exists, is as essential as ever, and still has a few tricks up its old sleeves.

Wikipedia over DNS
Slideshow from David's presentation at the London Perl Workshop 2008

January 2, 2009

MD5 collision used to create a forged certificate authority

A group of researchers were recently able to subvert the public key infrastructure used by common web browsers using an MD5 hash collision. The MD5 hash algorithm was proven vulnerable to collisions some time ago, but this is a huge real-world example of the problem being exploited with serious potential consequences.

The best part of this whole story is that the bulk of the work was done over a weekend using a supercomputer made out of 200 PS3s.

The team was able to create a rogue certificate authority certificate that had the same MD5 signature as a legitimately signed certificate. This would allow an attacker to create any number of fake SSL certificates and perform a man in the middle attack on any HTTPS site.

As a result of this successfull attack, we are currently in possession of a rogue Certification Authority certificate. This certificate will be accepted as valid and trusted by all common browsers, because it appears to be signed by one of the root CAs that browsers trust by default. In turn, any website certificate signed by our rogue CA will be trusted as well. If an unsuspecting user is a victim of a man-in-the-middle attack using such a certificate, they will be assured that the connection is secure through all common security indicators: a "https://" url in the address bar, a closed padlock and messages such as "This certificate is OK" if they chose to inspect the certificate.

This successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites.

It appears that with the announcement of the vulnerability, the problem is quickly being dealt with. Verisign has discontinued using MD5-hashed certificates and will replace any MD5 signed certs for free. Even the US Department of Homeland Security's Computer Emergency Readiness Team chimed in:

Do not use the MD5 algorithm
Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use.

Call me paranoid, but this makes me wonder who else may have had their hands on this exploit and for how long.

Creating a Rogue CA Certificate

January 1, 2009

Minty soldering jig

Bob Hickman, Minty Amp maker, sent us a howto on making a jig for small form factor soldering projects.

I often have to solder up a bunch of PCBs that are the same size, but have a bunch of fiddly components on them.

To save time and frustration, I decided to re-purpose a used chewing gum tin to make a jig so I could solder multiple boards at once and keep my components from moving about.

His hack allows you to place all of the components and then solder them all at once, which is pretty handy even if you're not soldering a bunch of boards at the same time. The trick is to cram a bunch of flame retardant foam inside and close the top cover, sandwiching the components onto the PCB. You can then move things around as you please and your hands are free to work the solder and iron.

Simple Soldering Jig

December 31, 2008

Selecting row number in MySQL

Michael Yakobi sent us this clever use of MySQL's user defined variable syntax to return row numbers in a result set:

Occasionally, one wants to execute a query and have the rows in the results set numbered. This could be done using a variable. For example:

SELECT @row := @row + 1 as row, t.* FROM some_table t, (SELECT @row := 0) r

I haven't used this feature of MySQL before, but it looks like it could be pretty useful. The user defined variables are scoped to a connection but persist between statements, so you can use them to store intermediate state information between queries or even perform iterative calculation within a single query, as was done in the example above.

MySQL User-Defined Variables

December 30, 2008

iPhone 3G software unlock

The friendly iPhone Dev Team hackers have been hard at work over the holidays and have promised to release the iPhone 3G software unlocking utility, called yellowsn0w, sometime tomorrow for New Year's Eve.

A few details from the iPhone Dev Team blog:

We have been working hard on a few other things. The main one being the 3G unlock codenamed "yellowsn0w". This is now completed and is currently being packaged into a user-friendly application with the simplicity that you see in QuickPwn or BootNeuter.
The target release date for the unlock is New Year's Eve 2008.
This unlock method is available to iPhone 3Gs that have 2.11.07 baseband or earlier, we did warn you.
You can tell what version baseband you have by going to Settings->General->About->Modem Firmware
The unlock requires a jailbroken 3G iPhone. It'll be installable via Cydia and so it doesn't matter if you have a Mac or PC.
Please refrain from updating your baseband, regardless of what version you're at.
We'll have complete directions on New Year's Eve.
We'll stream a live demo of the unlock before Christmas (see the update at the end of this post)

The software exists, as you can see from the video above, which was released last week, so I'm pretty confident we'll see the release as promised. From what I understand, the software is non-invasive and needs to be run every time the phone is booted, which will be executed during boot and invisible to the end user.

You do need an un-upgraded <2.11.07 version of the baseband, and for the near future you'll have to be careful not to upgrade it if you want to keep your phone unlockable. If you want to upgrade your phone but not kill the possibility of unlocking it, the team has some information on using PwnageTool to upgrade the iPhone firmware while keeping the baseband firmware intact. If you've already updated your baseband, consider yourself stuck with AT&Tuntil a new hack comes along.

Dev Team Blog (watch here for updates)
Original yellowsn0w Announcement
yellowsn0w Preview Demo

December 29, 2008

Python on Android

If you have the Google Phone and prefer hacking Python over Java, this is just what you've been waiting for:

Here's an early Christmas present for all those Python fanatics (self included) out there! With a lot of help from my friends (thanks Manuel and Thomas!) I managed to install Python 2.4.5 on my G1. It's still rough around the edges, but I think it's a good start. Klaus Reimer has a nice overview of how to cross-compile Python. My instructions borrow a lot from his.

You'll need to do a bit of patching and cross compilation, but Damon's instructions are thorough enough to get you through it.

Python on Android

December 28, 2008

Controlling Sony camcorders with the Arduino

The Local Application Control Bus System (LANC) is the protocol used by Sony camcorders (and some other brands as well) that allows external accessories to control the camera remotely. On most cameras, you'll find a LANC port next to your camera's other IO jacks—it's usually a 2.5mm headphone-style jack, or a 5 pin mini-DIN.

If you're an Arduino fan, you can easily create your own custom devices that can interact with your camcorder using the LANC protocol, allowing you to control zoom and record functions from your own programs. Goose wrote about his own project and example Arduino source:

I found source code to do LANC control with the Arduino board. It was written quite well - it worked the first time out. I made a few changes though, specifically changing it from being controlled by a serial port to being controlled by a potentiometer. I plan to build my own zoom controller with it, using an Arduino Mini.

The original code comes from Brady Marks. Make sure to check out the README and other documentation inside the source zip file. Along with the Arduino source, there's a bunch of LANC protocol documentation as well as some collected emails and mailing list discussion on the topic.

Zoomduino - Arduino Zoom Controller
SONY LANC Protocol Details
Brady Marks' Arduino LANC Source

December 27, 2008

Gradient text effect in CSS

Using a 1px gradient PNG image and a solid background, you can create a snazzy gradient text effect. It looks pretty, but the real beauty is that you don't need to cut custom titles, and the markup is simple and search friendly. The trick isn't limited to just gradients, but can be used for a number of different patterns. As long as you have a solid background, you can overlay the text with any semi-transparent image pattern that matches the background.

CSS Gradient Text Effect

Retro gaming emulators that include (legal) ROMs?

Tunnels of Doom

The holiday break is a good time for 30/40/50/etc.-somethings to take trips down memory lane and dig up games from their childhood. For those of us who either don't have old systems in their attics/basements or who have grown bored with their contents, there are always emulators.

The hassle with emulators is finding games to play on them: if you have the original disks, you can, with some effort, transfer them to your computer. There's also the path of least resistance, downloading ROMs, but that opens up complicated set of legal and ethical issues. Another option is to find emulators that include the ROMs--legally. Here are a couple I've found:

Miner 2049er and Bounty Bob Strikes Back
Big Five Software, makers of two of the best old-school platform games, released a dedicated emulator that plays the 8-bit Atari computer versions of both.

Classic99
Harmless Lion obtained permission to include the TI-99/4a system ROMs and many TI classics, including Hunt the Wumpus, Parsec, and Tunnels of Do... (OK, I just lost about half the readers of the blog here. Oh, back so soon? I know you are just looking for info on how to play Tunnels of Doom).

(These two bundles are Windows-only, but they played fine for me under VMware Fusion.)

Parabellum's Java Vectrex Emulator
The Vectrex Game ROMs are available for free, which makes it possible for Vectrex emulator developers to include the games along with their emulators. This emulator is cross-platform; you can download versions for Windows, Linux, and Mac OS X.

PDRoms
Be sure to check out the wealth of homebrew ROMs available. These are created by the community, and although they aren't the games you remember from your youth, they have an old-school feel and many are as good as the best from the old days.

Know of any other legal emulator/ROM combos out there? I'm sure there are more; post them up in the comments, please! My wish? Shamus.

Gaming Hacks
It doesn't take long for an avid or just wickedly clever gamer to be chafed by the limitations of videogame software or hardware. If you want to go far beyond the obvious, there's an awful lot of free fun you can have, using the creative exploits of the gaming gurus. Gaming Hacks is the indispensable guide to cool things gamers can do to create, modify, and hack videogame hardware and software.

Retro Gaming Hacks
Whether you're just discovering Tetris or you've been a Pong junkie since puberty, Chris Kohler's Retro Gaming Hacks is your indispensable new guide to classic games. Kohler has compiled the how-to information that used to take weeks of web surfing to find and presents it in highly readable Hacks style.

December 26, 2008

Das DereLicht - ham radio transmitter from a CFL bulb

They usually work so well, it's easy to forget about all the electronics crammed inside a compact fluorescent light bulb. MAKE reader Ollie AJ1O sent us a link to ham Michael J. Rainey's (AA1TJ) "Das DereLicht" radio, a transmitter made almost completely from the parts of a defective CFL bulb.

This electronic puzzle was a result of my changing a defective compact fluorescent lamp (CFL) in my kitchen. For some reason, I began to wonder if it would be possible to build a QRP CW transmitter using the electronic components salvaged from this derelict lamp.

Indeed, I'm pleased to report that a perfectly serviceable transmitter may be constructed! The only additional components required were the quartz crystal, and four of the five components needed for the output lowpass filter. The resulting transmitter produces up to 1.5 watts on 80m.

For all the hams out there: what's the coolest radio hack you've created or heard of? Send us a shout in the comments.

Das DereLicht - Ham Radio From A CFL Bulb

December 25, 2008

Using Google App Engine as a personal CDN

Distributing a website over a content delivery network is typically an expensive proposition, but since the release of the Google App Engine beta program, there's an option for small to medium sized sites to easily distribute content on Google's infrastructure. Putting the application SDK aside, Matt Riggott wrote a decent howto on using the service simply as a free CDN:

A content delivery network, or CDN, is a system of servers spread around the world, serving files from the nearest physical location. Instead of waiting for a file to find its way from a server farm in Silicon Valley 8,000 kilometres away, I can receive it from London, Dublin, or Paris, cutting down the time I wait. The big names -- Google, Yahoo, Amazon, et al -- use CDNs for their sites, but they've always been far too expensive for us mere mortals. Until now.

There's a service out there ready for you to use as your very own CDN. You have the company's blessing, you won't need to write a line of code, and -- best of all -- it's free.

There are limitations to the service, of course. You can't host any files larger than 1MB, and you're limited to 650,000 requests a day and 10GB of downloads. That said, there are a lot of sites that fit within these parameters and could offload the static portion of their content to see a large reduction in bandwidth and provide faster load times to end users.

Using Google App Engine as Your Own Content Delivery Network
Google App Engine

December 24, 2008

Route-me - Open Source mapping library for iPhone

Route-me is an Open Source (BSD license) mapping library for the iPhone. It's written in native Objective C and can use the OpenStreetMap data layer, among others. If you're an iPhone developer, this gives you an easy way to add high-quality mapping functionality, similar to that of the built in Google Maps client, to your own applications. There's a discussion over on Slashdot of one such application, GPS Mission, which uses the route-me library to create a multiplayer location-based scavenger hunt.

This is pretty exciting—hopefully it will help enable a whole new class of location-aware apps. If you know of any other apps based on the route-me library, or if you have a good idea you'd like to share for a map based application, send us a line in the comments.

Route-me - Open Source iPhone-native Slippy Map
How To Make an App Using the Route-me Library

December 23, 2008

Gravitron - ping pong ball LED toy

Marcus wrote in to tell us about his latest ping pong ball electronics project, the Gravitron. In half of a ping pong ball, he's crammed 12 LEDs, an accelerometer, and an ATmega168 for a brain. If you pick it up and tilt it, it will light the highest LED. It's sort of poetic.

If you're as impressed as I am with his efficiency of space, check out Marcus' other ping pong ball experiments on his blog.

Gravitron - Playing around with gravity

December 22, 2008

Pixastic - Javascript image processing library

PIxastic is a Javascript library that provides low level image processing capabilities to your web applications. Jacob Seidelin has been working on this as part of an all-Javascript image editor, and he decided to release the library under the MIT license earlier this month:

Pixastic works by utilizing the HTML5 Canvas element which provides access to raw pixel data, thereby opening up for more advanced image effects. This is where the "experimental" part comes into play. Canvas is only supported by some browsers and unfortunately Internet Explorer is not one of them. It is however well supported in both Firefox and Opera and proper support is hopefully coming for Safari soon (Safari currently only works with the WebKit nightly builds). A few of the effects have been simulated in IE using the age old proprietary filters. While these filters are much faster than their Canvas friends, they are few and limited. Hopefully we will one day have real Canvas on IE as well.

The ability to manipulate image data directly is one of the more compelling features of the next generation of web browsers. I'm looking forward to the day when I can cut and paste an image directly into a blog post, adjust its color and crop it, all without jumping back and forth to an image editor.

Check the Pixastic site for more details on the supported browsers and available filters. There's also a small snippet of code that shows you how to use Pixastic with jQuery.

Pixastic Image Processing Library
Picastic Documentation

December 21, 2008

CMU Snackbot

Travis Deyle wrote in about Snackbot, an in-progress human-robot interaction project at Carnegie Mellon:

Back in May 2008 it was announced that CMU professors Sara Kiesler and Jodi Forlizzi (from the HCI Institute) and Paul Rybski (from the Robotics Institute) were awarded $500k in Microsoft's Human-Robot Interaction funding to develop a social, snack-selling robot to traverse Newell-Simon and Wean halls (press release). After seeing a prototype appear on Flickr in July, we've all been waiting patiently to see pictures of the final version. Well, the wait is over -- photos of the new CMU snackbot, conceptual designs, and construction photos are contained below! It appears that the CMU team is progressing nicely.

What impresses me most is that the physical design of the robot manages to express its function so clearly. The posture is helpful, but not servile. The spacing between the eyes and the shape of the mouth is attentive and non-threatening, a combination that seems difficult to achieve in most humanoid robots. It's really a smart design.

Jodi Forlizzi has a few of photos posted to Flickr (shown above), and the team's industrial designers Erik Glaser and Josh Finkle have a number of images of the design process posted on their sites. It's well worth checking out, as you can see a number of concept sketches, as well as a bunch of gratuitous robot guts.

Snackbot! -- A Social, Snack-Fetching Robot
Jodi Forlizzi's Snackbot Photos
Erik Glaser's Snackbot Photos
Josh Finkle's Design Sketches (click Industrial Design -> Snackbot)

December 20, 2008

DIY USB microscope for $15

You can make your own USB microscope using an old webcam and a cheap toy microscope. All it takes is a soldering iron, some hot glue, and an hour of your time. Instructables user moris_zen has the details, which basically involves a little focusing trial and error before gluing things together:

While you view the image via the SW used for the webcam - position it so you get a clear image. You may need to play with it for a while. After you find the exact location use a hot glue gun to fix it to that position. Then tape the wires tidily to the microscope and start taking pictures...

I imagine you'd get even more interesting results substituting the old 320x240 web cam for an old 2 megapixel digital camera.

Also worth checking out would be to skip the optics entirely, positioning the CCD right up against the sample with a proper light source. I believe this is the technique being used in the UCLA cellphone microscope. The output is supposedly low-res and blurry, but it's decent enough to capture the shadows of individual cells, making cellcount-based diagnoses possible.

Build a USB Digital Microscope
Aydogan Ozcan, UCLA Lensless Imaging System

December 19, 2008

DNS Dead Drop - send secret messages with DNS

Landon Fuller put together a secret message passing system that exploits a feature of DNS servers. It's based on a hack first conceived by Dan Kaminsky, which allows you to set a single bit of data by caching a wildcard zone on a cache server:

In each DNS query, 7 bits are reserved for a number of flags, one of which is the Recursion Desired (RD) flag. If set to 0, the queried DNS server will not attempt to recurse -- it will only provide answers from its cache.

Combine this with a wildcard zone and it's possible to signal bits (RD on), and read them (RD off). To set a bit to 1 the sender issues a query with the RD bit on. The wildcard zone resolves all requests, including this query. The receiver then issues a query for the same hostname, with the RD bit off. If the bit is 1, the query will return a valid record. If the bit is 0, no record will be returned.

To send the message, the sender and receiver agree on a DNS server and a big list of secret words. A unique hostname is generated for each word in the list, each of which is used to set one bit of data in a remote DNS server. The receiver can come along at a later date and extract the message from the dead drop by querying those same names. It's a pretty inefficient way to transfer data, but who ever said secret spy messages needed to be efficient?

You can download Landon's program from his site. If you want to play with it, I'd recommend either just testing it with a short message or two, or using your own server. As you can imagine, it's a bit of a resource hog, since it requires a full lookup just to communicate a single bit.

The DNS Dead Drop
Attacking Distributed Systems: The DNS Case Study (PDF)

December 18, 2008

Zero downtime server restarts with HAProxy

HAProxy is a high availability, software-based HTTP load balancing tool that I've seen gaining a lot of traction in large server cluster and cloud computing environments. I'm currently using it as part of a pre-built, cluster image that a third party vendor is maintaining, and it's performance impressed me enough that I've started to look into its capabilities further. Because it's a software solution, it gives you a lot of flexibility to customize it's configuration.

One of the neat features I came across is a configuration that will allow you to reboot servers in a cluster without a single user experiencing a 404 error, down-time, or lost sessions. The trick is to use an iptables rule to have Apache respond to two ports, say 80 and 81. Apache really runs on port 80, and then port 81 is configured to forward to port 80. HAProxy is then configured to use the application server's port 81, and the same server at port 80 is defined as the hot backup.

The igvita.com blog has a good howto on doing just this:

Instead of specifying a physically different app server, we're going to define our backup instance to be the exact same application server in each case, but with one minor difference: the status port, for the main app server will be different from the one we use on the backup.

...

Now, if we want to put the server into maintenance mode, we remove the IPTables rule for the forwarded port, and wait a few seconds so that our upstream HAProxy instance recognizes that the server is no longer available for new connections - this is key, it means that no client is dropped in the process. Now, once the server is out of rotation in HAProxy, we can do a graceful restart, add the IPTables rule back in, and we're live!

What's cool is that without any reconfiguration on the proxy, you can pull a machine offline gracefully. You simply disable the iptables port forward, HAProxy will notice that port 81 went offline and start sending existing users to port 80 with their current cookies. In reality, it's the exact same Apache instance, so all session information remains intact. New sessions will all be sent to your other servers, and you can wait until nobody is left using the maintenance-mode machine before taking it offline.

HAProxy
Zero-Downtime Restarts with HAPRoxy
Official HAProxy Documentation (see section 4.2, soft-stop using backup servers)

December 17, 2008

CS 193P - Stanford's iPhone application programming course

Stanford released their iPhone programming course—syllabus, lecture notes, assignments, and all—online. It's what you'd find in any serious software engineering and object oriented design program, but it's been designed around the iPhone target platform, with Objective C as the instruction language.

There are lectures and assignments on a number of topics, including the MVC pattern as it pertains to Cocoa development, UI and Multitouch considerations, OpenGL, and even going through the rigamarole of publishing your work to the App Store. The assignments seem to be really practical and fun. The price is right. I think I'll be taking the virtual course, starting this weekend.

CS 193P - iPhone Application Programming