A couple weeks ago, we had a kerfuffle here on Hackaday: A writer put out a piece with AI-generated headline art. It was, honestly, pretty good, but it was also subject to all of the usual horrors that get generated along the way. If you have played around with any of the image generators you know the AI-art uncanny style, where it looks good enough at first glance, but then you notice limbs in the wrong place if you look hard enough. We replaced it shortly after an editor noticed.

The story is that the writer couldn’t find any nice visuals to go with the blog post, with was about encoding data in QR codes and printing them out for storage. This is a problem we have frequently here, actually. When people write up a code hack, for instance, there’s usually just no good image to go along with it. Our writers have to get creative. In this case, he tossed it off to Stable Diffusion.

Some commenters were afraid that this meant that we were outsourcing work from our fantastic, and very human, art director Joe Kim, whose trademark style you’ve seen on many of our longer-form original articles. Of course we’re not! He’s a genius, and when we tell him we need some art about topics ranging from refining cobalt to Wimshurst machines to generate static electricity, he comes through. I think that all of us probably have wanted to make a poster out of one or more of his headline art pieces. Joe is a treasure.

But for our daily blog posts, which cover your works, we usually just use a picture of the project. We can’t ask Joe to make ten pieces of art per day, and we never have. At least as far as Hackaday is concerned, AI-generated art is just as good as finding some cleared-for-use clip art out there, right?

Except it’s not. There is a lot of uncertainty about the data that the algorithms are trained on, whether the copyright of the original artists was respected or needed to be, ethically or legally. Some people even worry that the whole thing is going to bring about the end of Art. (They worried about this at the introduction of the camera as well.) But then there’s also the extra limbs, and AI-generated art’s cliche styles, which we fear will get old and boring after we’re all saturated with them.

So we’re not using AI-generated art as a policy for now, but that’s not to say that we don’t see both the benefits and the risks. We’re not Luddites, after all, but we are also in favor of artists getting paid for their work, and of respect for the commons when people copyleft license their images. We’re very interested to see how this all plays out in the future, but for now, we’re sitting on the sidelines. Sorry if that means more headlines with colorful code!

A few days ago the source code for the popular Winamp music player was released into the world, with as we reported at the time, a licence that left a lot to be desired. Since then it seems some of the criticism has caught up with the company, for not only have they modified their terms to allow forking, they’ve reacted to a bunch of claimed GPL violations by removing offending files. Perhaps How-To-Geek are right in describing it all as an absolute mess.

The forking amendment means that with luck we’ll start seeing a few modified players descending from the Winamp code, and it seems that the GPL violations are more embarrassing technicalities than show-stoppers, but we have to wornder whether or not this makes for something with any more than historical interest. Perhaps its value stands in a lesson for corporate entities in how not to release their source, which sadly we expect will be taken by other organisations as an excuse not to do so.

If you’re following the Winamp source code saga you can read our coverage from when it came out. It will be interesting to see where this story goes.

[Zibartas] recently created wearable helmets from the game Starfield that look fantastic, and we’re happy to see that he created a video showcasing the whole process of design, manufacture, and assembly. The video really highlights just how much good old-fashioned manual work like sanding goes into getting good results, even in an era where fancy modern equipment like 3D printing is available to just about anyone.

The visor, for example, is one such example. The usual approach to making a custom helmet visor (like for Daft Punk helmet builds) is some kind of thermoforming. However, the Starfield helmet visors were poor candidates due to their shape and color. [Zibartas]’s solution was to 3D print the whole visor in custom-tinted resin, followed by lots and lots of sanding and polishing to obtain a clear and glassy-smooth end product.

A lot of patient sanding ended up being necessary for other reasons as well. Each helmet has a staggering number of individual parts, most of which are 3D printed with resin, and these parts didn’t always fit together perfectly well.

[Zibartas] also ended up spending a lot of time troubleshooting an issue that many of us might have had an easier time recognizing and addressing. The helmet cleverly integrates a faux-neon style RGB LED strip for internal lighting, but the LED strip would glitch out when the ventilation fan was turned on. The solution after a lot of troubleshooting ended up being simple decoupling capacitors, helping to isolate the microcontrollers built into the LED strip from the inductive load of the motors.

What [Zibartas] may have lacked in the finer points of electronics, he certainly makes up for in practical experience when it comes to wearable pieces like these. The helmets look solid but are in fact full of open spaces and hollow, porous surfaces. This makes them more challenging to design and assemble, but it pays off in spades when worn. The helmets not only look great, but allow a huge amount of airflow. This along with the fans makes them comfortable to wear as well as prevents the face shield from misting up from the wearer’s breathing. It’s a real work of art, so check out the build video, embedded just below.

[Project 326] wanted to know exactly what gas was in some glass tubes. The answer, of course, is to use a spectrometer, but that’s an expensive piece of gear, right? Not really. Sure, these cheap devices aren’t perfect, but they are serviceable and, as the video below shows, there are ways to work around some of the limitations.

The two units in question are “The Little Garden” spectrometer and a TLM-2. Neither are especially sensitive, but both are well under $100, so you can’t expect much. Because the spectrometers were not very sensitive, a 3D printed jig and lens were used to collect more light and block ambient light interference. The jigs also allowed the inclusion of special filters, which enhanced performance quite a bit. The neon bulbs give off the greatest glow when exposed to high voltage. Other bulbs contain things like helium, xenon, and carbon dioxide. There were also tubes with mercury vapor and even deuterium.

We’ll admit it. Not everyone needs a spectrometer, but if you do, there’s a lot of really interesting info on how to get the most out of these cheap devices. Apparently, [Project 326] was frustrated that he couldn’t buy an X-ray spectrometer and has vowed to create one, so we’ll be interested to see how that goes.

Some homebrew spectrometers can get pretty fancy. Of course, there’s more to spectroscopy than just optics.

The software defined radio has opened up unimaginable uses of the radio spectrum for radio enthusiasts, but it’s fair to say that there’s one useful feature of an old-fashioned radio they lack when used via a computer. We’re talking of course about the tuning knob, because it represents possibly the most intuitive way to move across the bands. Never fear though, because [mircemk] has a solution. He’s converted a mouse into a tuning dial.

The scroll wheel on a mouse is nothing more than a rotary encoder, and can easily be used as a sort of tuning knob. Replacing it with a better encoder gives it a much better feel, so that’s what he’s done. An enclosure has the guts of a mouse, with the front-mounted encoder wired into where the scroll wheel would have been. The result, for a relatively small amount of work, is a tuning knob, and a peripheral we’re guessing could also have a lot of uses beyond software defined radio.

It’s not the first knob we’ve seen, for that you might want to start with the wonderfully named Tiny Knob, but it’s quite possibly one of the simplest to build. We like it.

[Ben] may be 15 years old, but he’s got the knack for 3D printing and artistic mechanical design. When you see his 3D-printed mechanical jellyfish lamp, we think you’ll agree. Honestly, it is hardly fair to call it a lamp. It is really — as [Ben] points out — a kinetic sculpture.

One of the high points of the post is the very detailed documentation. Not only is everything explained, but there is quite a bit of background information on jellyfish, different types of gears, and optimizing 3D prints along with information on how to recreate the sculpture.

There is quite a bit of printing, including the tentacles. There are a few options, like Arduino-controlled LEDs. However, the heart of the operation is a geared motor.

All the design files for 3D printing and the Arduino code are in the post. There’s also a remote control. The design allows you to have different colors for various pieces and easily swap them with a screwdriver.

One major concern was how noisy the thing would be with a spinning motor. According to [Ben], the noise level is about 33 dB, which is about what a whisper sounds like. However, he mentions you could consider using ball bearings, quieter motors, or different types of gears to get the noise down even further.

We imagine this jellyfish will come in at well under $6 million. If you don’t want your jellyfish to be art, maybe you’d prefer one that creates art.

These days everything needs to be connected to remote servers via the internet, whether it’s one’s TV, fridge or even that new car you just bought. A recently discovered (and already patched) vulnerability concerning Kia cars was a doozy in this regard, as a fairly straightforward series of steps allowed for any attacker to obtain the vehicle identification number (VIN) from the license plate, and from there become registered as the car’s owner on Kia’s network. The hack and the way it was discovered is described in great detail on [Sam Curry]’s website, along with the timeline of its discovery.

Notable is that this isn’t the first vulnerability discovered in Kia’s HTTP-based APIs, with [Sam] this time taking a poke at the dealer endpoints. To his surprise, he was able to register as a dealer and obtain a valid session ID using which he could then proceed to query Kia’s systems for a user’s registered email address and phone number.

With a specially crafted tool to automate the entire process, this information was then used to demote the car’s owner and register the attacker as the primary owner. After this the attacker was free to lock/unlock the doors, honk to his heart’s content, locate the car and start/stop the vehicle. The vulnerability affected all Kia cars made after 2013, with the victim having no indication of their vehicle having been hijacked in this manner. Aside from the doors randomly locking, the quaint honking and engine turning on/off at a whim, of course.

Perhaps the scariest part about this kind of vulnerability is that it could have allowed an attacker to identify a vulnerable parked car, gained access, before getting into the car, starting the engine and driving away. As long as these remote APIs allow for such levels of control, one might hope that one day car manufacturers will take security somewhat more serious, as this is only the latest in a seemingly endless series of amusingly terrifying security vulnerabilities that require nothing more than some bored hackers with HTTP query crafting tools to discover.

It looks like there’s finally hope for sane password policies. The US National Institue of Standards and Technology, NIST, has released a draft of SP 800-63-4, the Digital Identity Guideline.

There’s password guidance in there, like “SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords” and “SHALL NOT require users to change passwords periodically.” NIST approved passwords must be at least 8 characters long, with a weaker recommendation of at least 15 characters. Security questions like name of first pet get the axe. And it’s strongly recommended that all ASCII and Unicode characters should be acceptable for passwords.

This is definitely moving in the right direction. NIST guidelines are only binding for government services and contractors, though they do eventually get picked up by banks and other industries. So there’s hope for sane password policies eventually.

Tank Hacking

Researchers at Bitsight are interested in infrastructure security, and they opted to take a closer look at Automatic Tank Gauging (ATG) systems. Those are found at gas stations, as well as any other facility that needs automated monitoring of liquids or gasses in a tank. There is an actual ATG message format, originally designed for RS-232 serial, and woefully unprepared for the interconnected present. The protocol allows for an optional security code, but it maxes out at only six alpha-numeric characters.

Among the vulnerabilities getting announced today, we have a pair of CVSS 10 command injection flaws, a quartet of 9.8 authentication bypass flaws, with one of those being a hardcoded credential — AKA a backdoor. The other CVSS9+ flaw is a SQL injection, with a trio of slightly less serious flaws.

The really interesting question is what could theoretically be done with admin access and escape to shellcode in one of these systems? There’s the obvious path of Denial of Service. Once you have root, just delete files, flash random noise over the firmware, and walk away. The more interesting approach is to make changes that have physical consequences. If a fuel tank is reprogrammed to indicate that holds twice the volume, will it overflow? Researchers realized that relays have a maximum operation rate, and driving them on and off at faster rates has interesting effects — glowing and letting the magic smoke out.

More Tank Hacking?

Also this week is the story of a Kansas water treatment plant that has gone to manual mode after a cyberattack. It’s not clear whether this was actually an aimed attack at infrastructure, or just a ransomware attack that is impacting the water treatment facility as a side-effect.

The Linux Mystery 9.9 CVE

This week we’ve been watching a story develop after [Simone Margaritelli] sounded the warning about a very serious GNU/Linux vulnerabiltiy on Twitter/X. The claim was a CVSS 9.9 in all Linux systems. Well apparently it’s time, because the details have dropped, and it’s a wild ride.

* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and… pic.twitter.com/N2d1rm2VeR

— Simone Margaritelli (@evilsocket) September 23, 2024

So first, the actual vulnerabilities: Part of the Common Unix Printing System (now just CUPS) is cups-browsed, a helper daemon that automatically installs printers discovered on the local network. This binds to all IP addresses on UDP port 631, and an incoming UDP packet will trigger a printer install. The quirk here is that this incoming request can include an arbitrary URL as the source of the IPP printer driver information. That IPP data isn’t sanitized, allowing for arbitrary information upload and subsequent file creation with that arbitrary data. The cherry on top is the foomatic-rip driver that includes the helpful feature of running a shell command as part of the printing process. Oh, and to be clear, the CVSS 9.9 isn’t strictly accurate, because it does require a user interaction to print to the malicious printer, to trigger the code execution.

Now here’s the tricky question: How many of those quirks are vulnerabilities? Cups-browsed seems obviously architected without an authentication layer, and therefore not at all intended to be exposed to the Internet. Downloading an arbitrary IPP file seems to be working as intended, and the FoomaticRIPCommandLine is a documented feature, not a vulnerability.

And yet, pretty obviously, a printer on the local network shouldn’t be able to trigger arbitrary code execution when printing to it, especially when it’s so easy for any computer to fake being a printer. It’s very surprising that there are over 100,000 systems that expose UDP port 631 and the cups-browsed service to the Internet. I look forward to other researchers double-checking that claim. If it wasn’t obvious, don’t expose CUPS to the Internet. It shouldn’t have taken a CVE to make that abundantly clear. That is probably why it was so hard for [Simone] to get the CUPS developers to take this seriously.

As per the Red Hat notice, you can check your Linux systems for this issue by running sudo systemctl status cups-browsed and check a remote machine using sudo nmap -sU -p 631 -v ip.address.of.machine watching for “631/udp open|filtered ipp” in the output. There is already a Proof of Concept that has leaked, so do check and pull the plug on any systems that expose this service.

The Other One

The “9.9” CVE was just a bit of a letdown, but we do have CVE-2024-20017, a confirmed high severity vulnerability in MediaTek’s wappd daemon that seems to weigh in at 9.8.

The vulnerability is specifically in the handling of the Security Block message that’s part of WiFi roaming handoffs. wappd allocates a fixed-size buffer, and doesn’t validate the actual message size before copying that data. This can overflow by up to 1433 bytes, and that’s certainly enough to trigger full RCE. There’s Proof of Concept code available, so watch for updates for Wireless gear.

Bits and Bytes

Kaspersky has done something unexpected, pulling a switcheroo. Users who still had Kaspersky installed have found UltraAV now automatically installed on their machines. It’s reported that Kaspersky was sending email notices out earlier this month that the update was coming.

There’s a really impressive chain of tricks that redirects from a Youtube URL to an arbitrary Google Docs URL. That may not sound particularly interesting, but the whole chain of redirects means that a page that looks like a Google Form with a simple poll could actually grant permissions to arbitrary Google Drive files on submit. Google paid a juicy $4133.70 for the find, and rolled the fix out on the same day.

ChatGPT has a new feature, long-term memory. The idea is that your conversations with the LLM can become part of the training data, making the model even more useful as you use it. There is a really powerful feature available in ChatGPT now, that the LLM can pull data from the Internet in real time. Turns out if you can get one of these instances to pull some manipulated data, the model can keep it in long term storage. The real trick is that this injection can convince the model to keep revisiting an arbitrary URL, leaking data. Impressive.

And finally, the Kia dealer and owners websites leak a bit too much data. With nothing more than the car’s VIN, an attacker can generate a fake dealer token, and demote and replace the previous owner. From there, it’s trivial to remote start, honk, or otherwise mess with the vehicle. It wasn’t great, but Kia got it fixed over a month ago.

As if there weren’t enough worrying global news stories already, today the British press and media have been full of a story involving the public WiFi networks at some major railway stations. Instead of being faced with the usual don’t-be-naughty terms and conditions page, commuters were instead faced with a page that definitely shouldn’t have been there.

Hackaday readers will immediately have guessed what is likely to have happened. This is probably more of a compromise of the page than of the network itself, and, indeed, the BBC are reporting that it may have come via an administrator account at Network Rail’s er… network provider. Fortunately, it seems the intent was to spread a political message rather than malware, so perhaps those travelers got off lightly. The various companies involved have all got the proverbial egg on their faces, and we’re glad we don’t work in the IT department concerned.

The question we find ourselves asking as we reflect upon this is: In crowded European commuter zones such as southern and central England, should events such as this come as a wake-up call to forgo WiFi and use a cellular data plan instead? Gone are the days when finding public WiFi was like having your own private high-speed connection, in a country blanketed by 4G and 5G networks using your phone as a hotspot is simply much faster as well as offering some security. Hackaday is written and edited on the road using a hotspot in all sorts of unlikely places. Do you do the same? Are Hackaday readers up for free public WiFi, or do you jealously guard your own connections? Let us know in the comments.

You can probably figure out how to share your network connection among friends. Network security, of course, is always robust until it isn’t.

header: Biblola, CC BY-SA 3.0 .

It is a pretty common first project to use an Arduino (or similar) to blink an LED. Which, of course, brings taunts of: you could have used a 555! You can, of course, also use any sort of oscillator, but [Mustafa] has a different approach. Blinking an LED with three resistors and a capacitor. Ok, ok… one of the resistors is a light-dependent resistor, but still.

In reality, this is a classic relaxation oscillator. The capacitor charges until the LED lights. This, however, causes the capacitor to discharge, which eventually turns off the LED, and the process starts again.

There is one wrinkle that could be considered a feature. In daylight, the capacitor will stay in the off state, so the blinking only occurs in darkness. Of course, the resistor also has to have a sufficient view of the LED. You might use this as a safety light that only works in the dark.

A simple circuit, but it just goes to show that we tend to forget the simple solutions in a world where a computer costs less than a dollar.

Of course, you can get a chip whose sole purpose is to blink LEDs. We always like examples of doing more with less.

The Faboratory at Yale University has set a number of stretch goals. We don’t mean that in the usual sense. They’ve been making, as you can see in the video below, clones of commercial devices that can stretch over 300%. They’ve done Ardunios and similar controllers along with sensors. The idea is to put computer circuits in flexible robots and other places where flexibility is key, like wearable electronics.

If you are interested in details, you’ll want to read the paper in Science Robotics. They take the existing PCB layout and use a laser to cut patterns in a paper mask over the stretchable substrate. They then apply oxidized gallium-indium to build conductors.

We aren’t sure what we want with a stretchable Arduino, but we are sure someone wants them. We also wonder how much stretching these devices will survive before something happens. In the video, some of the motion looked pretty violent! There are also pictures of the circuits twisting in strange ways, too.

The starfish-like robot shows the controlling Arduino bucking like a faux cowboy on a mechanical horse. On the other hand, a full-sized Arduino wouldn’t have been practical. However, you might consider using tiny circuits, which are certainly possible these days.

Want to build your own? You are in luck, as the Faboratory has instructions and details on GitHub about how you can make your own flex circuit. Perhaps we will see a flexible SAO badge at Supercon this year? You’d think these were totally unique, but there have been many attempts at making stretchy circuits, including some other DIY guides for different techniques.

Do you live in the UK, have a VCR and capture card, and an interest in Teletext? [James O’Malley] needs your help! Teletext was, for many people around the world, their first experience of an electronic information system. The simple text and block graphics were transmitted on rotation as data bursts in the frame blanking periods of analogue TV broadcasts, and in an era of printed newspapers, they became compulsory reading. The UK turned off its old-style teletext over a decade ago with the switch to digital, but fragments of the broadcasts remain and can be painstakingly revived from period video recordings with the appropriate software.

This is where [James’] problem begins. Having recovered a very large archive of 1980s and 1990s VHS tapes, he’s come to the realisation that he’s bitten off more than he can chew, and that the archive needs to be in the hands of an individual, entity, or organisation which can give it the resources necessary to archive both the teletext and the programming that it contains. Can you help? Give the article linked above a read.

Meanwhile, you can wallow in a bit of nostalgia by browsing the archive of recovered pages, and while you’re at it, take a minute to envy the French.

If you need an amplifier, [Hans Rosenberg] has some advice. Don’t design your own; grab cheap and tiny RF amplifier modules and put them on a PCB that fits your needs. These are the grandchildren of the old mini circuits modules that were popular among hams and RF experimenters decades ago. However, these are cheap, simple, and tiny.

You only need a handful of components to make them work, and [Hans] shows you how to make the selection and what you need to think about when laying out the PC board. Check out the video below for a very detailed deep dive.

To get the best performance, the PCB layout is at least as important as the components. [Hans] shows what’s important and how to best work out what you need using some online calculators.

Using a NanoVNA and a USB spectrum analyzer, [Hans] makes some measurements on the devices using different components, which is very instructive. The measurements lined up fairly well with the theory, and you can see the effects of changing key components in the design.

[Hans] has a lot to say about RF PCB design. If you want to get into a lot of details, don’t forget to check out [Michael Ossmann’s] Supercon workshop on RF design.

While Texas Instruments maintains dominance in the calculator market (especially graphing calculators), there was a time when this wasn’t the case. HP famously built the first portable scientific calculator, the HP-35, although its reverse-Polish notation (RPN) might be a bit of a head-scratcher to those of us who came up in the TI world of the last three or four decades. Part of the reason TI is so dominant now is because they were the first to popularize infix notation, making the math on the calculator look much more like the math written on the page, especially when compared to the RPN used by HP calculators. But if you want to step into a time machine and see what that world was like without having to find a working HP-35, take a look at [Jeroen]’s DIY RPN calculator.

Since the calculator is going to be RPN-based, it needs to have a classic feel. For that, mechanical keyboard keys are used for the calculator buttons with a custom case to hold it all together. It uses two rows of seven-segment displays to show the current operation and the results. Programming the Arduino Nano to work as an RPN calculator involved a few tricks, though. [Jeroen] wanted a backspace button, but this disrupts the way that the Arduino handles the input and shows it on the display but it turns out there’s an Arudino library which solves some of these common problems with RPN builds like this.

One of the main reasons that RPN exists at all is that it is much easier for the processor in the calculator to understand the operations, even if it makes it a little bit harder for the human. This is because early calculators made much more overt use of a stack for performing operations in a similar way to Assembly language. Rather than learning Assembly, an RPN build like this can be a great introduction to this concept. If you want to get into the weeds of Assembly programming this is a great place to go to get started.

There are a lot of fantastic things about Hackaday Supercon, but for me personally, the highlight is always seeing the dizzying array of electronic bits and bobs that folks bring with them. If you’ve never had the chance to join us in Pasadena, it’s a bit like a hardware show-and-tell, where half the people you meet are eager to pull some homemade gadget out of their bag for an impromptu demonstration. But what’s really cool is that they’ve often made enough of said device that they can hand them out to anyone who’s interested. Put simply, it’s very easy to leave Supercon with a whole lot more stuff than when you came in with.

Most people would look at this as a benefit of attending, which of course it is. But in a way, the experience bummed me out for the first couple of years. Sure, I got to take home a literal sack of incredible hardware created by members of our community, and I’ve cherished each piece. But I never had anything to give them in return, and that didn’t quite sit right with me.

So last year I decided to be a bit more proactive and make my own Simple Add-On (SAO) in time for Supercon 2023. With a stack of these in my bag, I’d have a personalized piece of hardware to hand out that attendees could plug right into their badge and enjoy. From previous years I also knew there was something of an underground SAO market at Supercon, and that I’d find plenty of people who would be happy to swap one for their own add-ons for mine.

To say that designing, building, and distributing my first SAO was a rewarding experience would be something of an understatement. It made such an impression on me that it ended up helping to guide our brainstorming sessions for what would become the 2024 Supercon badge and the ongoing SAO Contest. Put simply, making an SAO and swapping it with other attendees adds an exciting new element to a hacker con, and you should absolutely do it.

So while you’ve still got time to get PCBs ordered, let’s take a look at some of the unique aspects of creating your own Simple Add-On.

Low Barrier to Entry

To start with, let’s cover what’s probably the biggest benefit of making an SAO versus pretty much any other kind of electronic device: essentially all the hard work has been done for you, so you’re free to explore and get creative.

Consider the SAO standard, such as it is. You know there’s going to be 3.3 volts, you know physically how your device will interface with the host badge, and should you decide to utilize it, there’s an incredibly common and well-supported protocol (I2C) in place for communication with other devices.

There’s even a pair of GPIO pins thrown in for good measure, which more nuanced versions of the SAO spec explain can be used as the clock and data pins for addressable LEDs. In either event, they provide an even easier way to get your SAO talking to whatever it’s plugged into than I2C if that’s what you’re after.

Not having to worry about power is a huge weight off your shoulders. Voltage regulation — whether it’s boosting the output from a battery, or knocking down a higher voltage to something that won’t fry your components — can be tricky, and has been known to trip up even experienced hardware hackers. There’s admittedly some ambiguity about how much current an SAO can draw, but unless you’re looking to push the envelope, it’s unlikely anything that fits in such a small footprint could pull enough juice to actually become a problem.

Minimal Investment

Another thing to consider is the cost. While getting PCBs made today is cheaper than ever, the cost still goes up with surface area. Especially for new players, the cost of ordering larger boards can trigger some anxiety. Luckily, the traditional SAO is so small that having 20, 30, or even 50 of them made won’t hit you too hard in the wallet. Just as an example, having 30 copies of the PCB for my first SAO fabricated overseas cost me around $12 (shipping is the expensive part).

In fact, an SAO is usually small enough that a quick-turn prototype run with one of the domestic board houses might be within your budget. I’ve been playing around with a new SAO design, and both DigiKey and OSH Park quoted me around $40 to have a handful of boards produced and at my doorstep within 5 to 7 days.

Now assembly of your SAOs, should you outsource that, can still be expensive. Even though they’re small, it’s all going to come down to what kind of parts you’re using in the design. I was recently talking to Al Williams around the Hackaday Virtual Water Cooler, and he mentioned the cost to have just a handful of his SAO made was in the three figures. Then you look at the parts he used in the design, and it was clear this was never going to be a cheap build.

But even if you’ve got deep enough pockets to pay for it, I’d personally recommend against professional assembly in most cases. Which leads nicely into my next point…

A Taste of Mass Production

Being hobbyists, the reality is that most of us never get the opportunity to build more than a few copies of the same thing. For a personal project, there’s rarely the need to build more than one — and even if you count the early prototypes or failed attempts, it’s unlikely you’d hit the double digits.

But for an SAO, the more the merrier. If you’re planning on swapping with others or giving them away, you’ll obviously want quite a few of them. There’s no “right” number here, but for an event the size of Supercon, having 50 copies of your SAO on-hand would be reasonable. As mentioned earlier, I went with 30 (in part due to the per-unit cost) and in the end felt I should have bumped it up a bit more.

But even at 30, it was far and away the largest run of any single thing I’d ever done. After assembling the third or fourth one, I started to pick up on tricks that would speed up the subsequent builds. Where applicable, hand-soldering quickly gave way to reflowing. After some initial struggling, I realized taking the time to make a jig to hold the more fiddly bits would end up saving me time in the long run. Once ten or so were in various states of completion, it became clear I needed some way to safely hold them while in production, so I ended up cutting a couple board holders out of wood on the laser cutter.

Looking back, this part of the process was perhaps what I enjoyed the most. As you might expect, I’ve been involved with  badge production at significant scales in the past. If you have a Supercon badge from the last several years, there’s an excellent chance I personally handled it in some way before you received it. But this was an opportunity to do everything myself, to solve problems and learn some valuable lessons.

Finding a New Community

Finally, the most unique part of making your own SAO is that it’s a ticket to a whole new subculture of hardware hacking.

There are some incredibly talented people making badges and add-ons for the various hacker cons throughout the year, and there’s nothing they like better than swapping their wares and comparing notes. These folks are often pushing the very limits on what the individual hacker and maker is capable of, and can be a wealth of valuable information on every aspect of custom hardware design and production.

When you put your creation up on the SAO Wall at Supercon, or exchange SAOs with somebody, you’re officially part of the club, and entitled to all the honors and benefits occurring thereto. Don’t be surprised if you soon find yourself on a private channel in an invite-only chat server, pitching ideas for what your next project might be.

With a little over a month to go before the 2024 Hackaday Supercon kicks off in Pasadena, and a couple weeks before the deadline on submissions for the Supercon Add-On Contest, there’s still time to throw your six-pin hat into the ring. We can’t wait to see what you come up with.

Watch out, Gen X-ers — there’s a nostalgia overload heading your way, courtesy of this over-the-air TV simulator. And it has us feeling a little Saturday morning cartoon-ish, or maybe even a bit Afterschool Special.

[Shane C Mason]’s “FieldStation42” build centers around a period-correct color TV, and rightly so — a modern TV would be jarring here, and replacing the CRT in this irreplaceable TV would be unthinkable. Programming comes via painstakingly collected sitcoms, dramas, news broadcasts, and specials, all digitized and stored on disk and organized by the original networks the programs came from. Python running on a Raspberry Pi does the heavy lifting here, developing a schedule of programs for the week that makes sense for the time of day — morning news and talk, afternoon soaps, the usual family hour and prime time offerings, and finally [Carson] rounding out the day, because that’s all we had for late night.

As for switching between stations, rather than risk damaging the old TV, [Shane] really upped his nostalgia game and found an old antenna rotator control box. These were used to steer the directional antenna toward different transmitters back in the day, especially in fringe areas like the one he grew up in. He added a set of contacts to the knob and a Pi Pico, which talks to the main Pi and controls which “channel” is being viewed. He also added an effect of fading and noise in the video and audio between channels, simulating the antenna moving. The video below shows it in action.

For those who missed the Golden Age of TV, relax; as [Shane] correctly surmises after going through this whole project, Golden Ages only exist in your mind. Things were certainly different with 70s mass media, a fact which this build captures neatly, but that doesn’t mean they were better. Other than Saturday mornings, of course — those were objectively better in every way.

Although not as prevalent as Flash memory storage, ferroelectric RAM (FeRAM) offers a range of benefits over the former, mostly in terms of endurance and durability, which makes it popular for a range of (niche) applications. Recently [Ken Shirriff] had a look inside a Ramtron FM24C64 FeRAM IC from 1999, to get an idea of how it works. The full die photo can be seen above, and it can store a total of 64 kilobit.

One way to think of FeRAM is as a very small version of magnetic core memory, with lead-zirconate-titanate (PZT) ferroelectric elements making up the individual bits. These PZT elements are used as ferroelectric capacitors, i.e. the ferroelectric material is the dielectric between the two plates, with a positive voltage storing a ‘1’, and vice-versa.

In this particular FeRAM chip, there are two capacitors per bit, which makes it easier to distinguish the polarization state and thus the stored value. Since the distinction between a 0 and a 1 is relatively minor, the sense amplifiers are required to boost the signal. After a read action, the stored value will have been destroyed, necessitating a write-after-read action to restore the value, all of which adds to the required logic to manage the FeRAM. Together with the complexity of integrating these PZT elements into the circuitry this makes these chips relatively hard to produce and scale down.

You can purchase FeRAM off-the-shelf and research is ongoing, but it looks to remain a cool niche technology barring any kind of major breakthrough. That said, the Sega Sonic the Hedgehog 3 cartridges which used an FeRAM chip for save data are probably quite indestructible due to this technology.

While normally more comfortable with a soldering iron, [LucidScience] recently took a dive into woodworking and hardware store electronics to build a DIY proofing box. It’s a clever design that doubles as furniture, with some cool problem-solving along the way. While it might not be your typical hack, repurposing seedling heat mats and working with insulation makes it a neat project for anyone who likes to tinker. Plus, the whole thing cranks out two loaves of sourdough bread each week!

The setup includes an 8 watt heat mat, typically used for aquariums or seedlings, and a temperature control box, so no complicated wiring is needed. The entire box is insulated with rigid foam, which makes it energy efficient—once the foam was installed, the heat mat only needed to turn on about a quarter of the time. To give it a more polished look, [LucidScience] hid the raw plywood edges with oak trim, and even added an adjustable vent for moisture control. Pretty slick for something built from basic materials and a few tools!

While this proofing box isn’t a groundbreaking electronics project, it shows how even simple hardware can be repurposed for entirely new applications. The combination of woodworking and basic electronics makes it an approachable project for DIYers looking to stretch their skills. Whether you’re into hacking, woodworking, or just love good bread, this build has something for everyone. [LucidScience]’s clear instructions and simple materials make this a great weekend project that can upgrade your baking game.

Long before the advent of the Internet and the World Wide Web, there were other ways to go online, with Ohio-based CompuServe being the first to offer a consumer-oriented service on September 24, 1979. In an article by [Michael De Bonis] a listener-submitted question to WOSU’s Curious Cbus is answered, interspersed with recollections of former users of the service. So what was CompuServe’s contribution to society that was so important that the state of Ohio gave historical status to the building that once housed this company?

The history of CompuServe and the consumer-facing services which it would develop started in 1969, when it was a timesharing and remote access service for businesses who wanted to buy some time on the PDP-10s that Golden United Life Insurance as the company’s subsidiary used. CompuServe divested in 1975 to become its own, NASDAQ-listed company. As noted in the article, while selling timeshares to businesses went well, after business hours they would have these big computer systems sitting mostly idly. This was developed by 1979 into a plan to give consumers with their newfangled microcomputers like the TRS-80 access.

Originally called MicroNet and marketed by Radio Shack, the service offered the CompuServe menu to users when they logged in, giving access to features like email, weather, stock quotes, online shipping and booking of airline tickets, as well as online forums and interactive text games.

Later renamed to CompuServe Information Service (CIS), it remained competitive with competitors like AOL and Prodigy until the mid-90s, even buying one competitor called The Source. Ultimately it was the rise of Internet and the WWW that would close the door on this chapter of computing history, even as for CompuServe users this new Internet age would have felt very familiar, indeed.