Hackszine.com

Most recent posts: page 1 of 6 1 2 3 4 5 6
Browse the complete archive by category or month.

January 8, 2009

Evaporation fridge

This solar refrigerator, invented by Emily Cummins, is a brilliantly simple solution for keeping food cool in a hot, dry environment. It's basically a metal cylinder surrounded by wet material, surrounded by a mesh sleeve to hold it all together.

Between the outer cylinder and the inner cylinder is an open compartment where any medium capable of holding water can be placed. The medium would usually be sand, wool or soil and is packed into the gap and then water is added.

When the fridge is placed in a warm environment, the sun's energy causes the water to evaporate from the medium. As the water/medium mix is held against the inner cylinder, heat is removed in the form of energy. Due to heat transfer the inner cylinder becomes cooler. The reduced temperature and completely dry environment of the inner chamber makes it perfect for the storage of perishables as it will allow items to be kept fresh for longer.

It's encouraging to think that important, real-world problems are still out there to be solved with a bit of ingenuity and the sort of materials that are taking up space in the corner of your garage.

Emily Cummins' Site (flash)
Amazing solar-powered fridge invented by British student in a potting shed helps poverty-stricken Africans [via MashupMark]

January 7, 2009

Using memcached to rate-limit dictionary attacks

Earlier this week, there were a number of high profile Twitter account compromises that were made possible using a common dictionary attack technique. Basically, nothing was in place to keep an attacker from quickly submitting thousands of login attempts against an account, cracking the password in an evening of work.

One tool that can be used to prevent this sort of attack is to rate-limit login attempts, allowing only a few failed attempts per minute, for instance. One problem with this, however, is that it requires tracking login attempts. This is essentially a write operation, and doing this to a database on a high volume site is a major performance bottleneck.

Simon Willison came up with a nice solution to the problem that uses memcached. You can track a counter for requests from an IP and for login attempts against a particular account. Just create the key using a combination of the item you are tracking and the date it is being tracked against:

Let's say we want to limit a user to 10 hits every minute. A naive implementation would be to create a memcached counter for hits from that user's IP address in a specific minute. The counter key might look like this:
ratelimit_72.26.203.98_2009-01-07-21:45

Increment that counter for every hit, and if it exceeds 10 block the request.

According to a comment on Simon's blog, this is essentially the strategy that's been employed by the Twitter team to rate limit API requests.

Rate Limiting With Memcached

January 6, 2009

Use Google Maps to view high-res photos

In order to present a high resolution map of the entire globe inside an ordinary web browser, programs like Google Maps employ the use of tiles. When the map is prepared, it's rendered out at each available zoom level, and each zoom level is divided up into a number of small 256x256 pixel squares. When the map is viewed in a browser, the map display code takes care of loading in just the tiles that are visible in the current map view, sparing the download time and processing power required to load in the entire world's map imagery.

You can think of the Google Maps display engine as a photo viewer for really, really high res photos.

In fact, you can use the mapping software to display your own high res photography. By tiling different zoom levels of any high resolution photograph, and replacing the default map set with your own custom tiles, you can use the Google Maps interface to zoom and pan any image you like. The UCL Centre for Advanced Spatial Analysis created a program called Google Maps Image Cutter that makes this process very easy:

The Google Maps Image Cutter takes a large image and cuts it into lots of 256x256 pixel images. At the top level there is only one 256 pixel square which is a smaller copy of the original image. At the next level, there are four 256 pixel squares, then sixteen, sixty four and two hundred and fifty six. This corresponds to 256, 512, 1024, 2048 and 4096 pixel square images spread over the map tiles. The application automatically chooses the depth of the maximum zoom level to correspond to the original size of the image, so zooming in any further would make the image bigger and cause it to pixelate.

The image cutter will render all of these tiles to a subfolder and generate an HTML file with all the necessary Google Maps embed code built-in. You simply insert your API key into this file, and then use an IFRAME tag in your site to embed the map HTML. The end result is an image viewer that fits your site layout, without sacrificing the detail or quality of the original photo.

The Google Maps Image Cutter
Put Your Large Pictures in Web Pages without Resizing Them - Google Maps Image Viewer

Get your T-Mobile G1 to show up correctly in iPhoto

G1 and iPhoto

Every time I plug my G1 phone into my Mac to download photos, iPhoto shows me only the videos that are on the phone, and I have to manually drag the photos from the Finder to iPhoto. It's only a minor annoyance,but fortunately the fix is very simple. If you navigate to your G1 in the Mac OS X Finder, you'll see that the DCIM folder (the usual home of photos on a digital camera) is titled "dcim" (lowercase). I made it uppercase, unmounted and remounted it, and iPhoto popped up with a list of the photos on the phone, ready to import.

January 5, 2009

Take a 6-month exposure photo

Pocket-Sized sent in a link to this article about the photography of Justin Quinnell. Using a pinhole camera made from an aluminum can, Justin was able to take super-long exposure, 160 degree angle photos over a 6 month period. The photo above was exposed from the 2007 winter solstice to the following summer solstice.

In the photos, you can clearly see the path taken by the sun each day, marking the passage of time. Justin has dedicated the project to his father, who passed away on the 116th sunrise that was captured.

You can make your own pinhole camera to take long exposure shots like this. Justin put together a howto that documents his own method. The hardest part is finding a good solid place to mount the camera where it won't be disturbed for months at a time.

One interesting thing that he mentions is scanning the film at high-res without even developing it. I've never heard of doing this, but I presume that if it works, it's a one time shot. Does anyone have experience with this that would care to comment?

Pinhole Photography By Justin Quinnell
How To Create 6 Month Exposures

January 4, 2009

BaR2D2 - mobile droid bartender

After a long day on Tatooine fighting off Sandpeople and haggling over the price of power converters, Obi-Wan and Luke Skywalker walk into a droid...

BaR2D2 is a radio-controlled, mobile bar that features a motorized beer elevator, motorized ice/mixer drawer, six-bottle shot dispenser, and sound activated neon lighting. The robot is driveable so you can take the party on the road! It was created in my garage using standard hand/power tools and readily available parts and materials.

BaR2D2's creator, Jamie Price, sent us a link that includes all the construction details, as well as a few photos of the droid with C3PO, R2, Vader, and some Stormtroopers at the Dragon*con convention.

Build A Mobile Bar - BaR2D2

January 3, 2009

Wikipedia over DNS

David Leadbeater created a service that distributes Wikipedia entries over DNS using TXT records. Simply looking up a TXT record for any subdomain of his service will pull a summary of the Wikipedia entry for the title of the same name.

I had written some code to take wikipedia articles and summarise them. I wanted to offer this for use in various places, now the obvious way to offer it is just a web service (via REST, SOAP, etc), but that's boring and I had a cunning plan. Why not offer it over DNS - it is basically a huge associative array and DNS is designed for this stuff.

So I wrote a little nameserver which returns the results as TXT records. There are some obvious limitations for example responses are limited to around 430 bytes (it only does UDP). It has advantages too, it gets cached at your nameserver and it is also faster than HTTP (no need to setup a TCP session).

Here's an example command line entry that will pull a summary of the Hack article in Wikipedia:

host -t txt hack.wp.dg.cx

hack.wp.dg.cx descriptive text "Hack may refer to: Hack (technology), a term used in the technology and computer science fields, Hack (masonry), a row of stacked unfired bricks protected from the rain, Hack writer, a writer who is paid to write low-quality, quickly put-together articles" " or books, Hack and slash, a genre of video game or a type of gameplay, Life hack, productivity techniques used by... http://a.vu/w:Hack"

Impressive, rolling out a completely distributed, cached utility on existing infrastructure, requiring no end-user software to be installed. It's a testament to versatility and genius of DNS that one of the Internet's original protocols still exists, is as essential as ever, and still has a few tricks up its old sleeves.

Wikipedia over DNS
Slideshow from David's presentation at the London Perl Workshop 2008

January 2, 2009

MD5 collision used to create a forged certificate authority

A group of researchers were recently able to subvert the public key infrastructure used by common web browsers using an MD5 hash collision. The MD5 hash algorithm was proven vulnerable to collisions some time ago, but this is a huge real-world example of the problem being exploited with serious potential consequences.

The best part of this whole story is that the bulk of the work was done over a weekend using a supercomputer made out of 200 PS3s.

The team was able to create a rogue certificate authority certificate that had the same MD5 signature as a legitimately signed certificate. This would allow an attacker to create any number of fake SSL certificates and perform a man in the middle attack on any HTTPS site.

As a result of this successfull attack, we are currently in possession of a rogue Certification Authority certificate. This certificate will be accepted as valid and trusted by all common browsers, because it appears to be signed by one of the root CAs that browsers trust by default. In turn, any website certificate signed by our rogue CA will be trusted as well. If an unsuspecting user is a victim of a man-in-the-middle attack using such a certificate, they will be assured that the connection is secure through all common security indicators: a "https://" url in the address bar, a closed padlock and messages such as "This certificate is OK" if they chose to inspect the certificate.

This successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites.

It appears that with the announcement of the vulnerability, the problem is quickly being dealt with. Verisign has discontinued using MD5-hashed certificates and will replace any MD5 signed certs for free. Even the US Department of Homeland Security's Computer Emergency Readiness Team chimed in:

Do not use the MD5 algorithm
Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use.

Call me paranoid, but this makes me wonder who else may have had their hands on this exploit and for how long.

Creating a Rogue CA Certificate

January 1, 2009

Minty soldering jig

Bob Hickman, Minty Amp maker, sent us a howto on making a jig for small form factor soldering projects.

I often have to solder up a bunch of PCBs that are the same size, but have a bunch of fiddly components on them.

To save time and frustration, I decided to re-purpose a used chewing gum tin to make a jig so I could solder multiple boards at once and keep my components from moving about.

His hack allows you to place all of the components and then solder them all at once, which is pretty handy even if you're not soldering a bunch of boards at the same time. The trick is to cram a bunch of flame retardant foam inside and close the top cover, sandwiching the components onto the PCB. You can then move things around as you please and your hands are free to work the solder and iron.

Simple Soldering Jig

December 31, 2008

Selecting row number in MySQL

Michael Yakobi sent us this clever use of MySQL's user defined variable syntax to return row numbers in a result set:

Occasionally, one wants to execute a query and have the rows in the results set numbered. This could be done using a variable. For example:

SELECT @row := @row + 1 as row, t.* FROM some_table t, (SELECT @row := 0) r

I haven't used this feature of MySQL before, but it looks like it could be pretty useful. The user defined variables are scoped to a connection but persist between statements, so you can use them to store intermediate state information between queries or even perform iterative calculation within a single query, as was done in the example above.

MySQL User-Defined Variables

December 30, 2008

iPhone 3G software unlock

The friendly iPhone Dev Team hackers have been hard at work over the holidays and have promised to release the iPhone 3G software unlocking utility, called yellowsn0w, sometime tomorrow for New Year's Eve.

A few details from the iPhone Dev Team blog:

We have been working hard on a few other things. The main one being the 3G unlock codenamed "yellowsn0w". This is now completed and is currently being packaged into a user-friendly application with the simplicity that you see in QuickPwn or BootNeuter.
The target release date for the unlock is New Year's Eve 2008.
This unlock method is available to iPhone 3Gs that have 2.11.07 baseband or earlier, we did warn you.
You can tell what version baseband you have by going to Settings->General->About->Modem Firmware
The unlock requires a jailbroken 3G iPhone. It'll be installable via Cydia and so it doesn't matter if you have a Mac or PC.
Please refrain from updating your baseband, regardless of what version you're at.
We'll have complete directions on New Year's Eve.
We'll stream a live demo of the unlock before Christmas (see the update at the end of this post)

The software exists, as you can see from the video above, which was released last week, so I'm pretty confident we'll see the release as promised. From what I understand, the software is non-invasive and needs to be run every time the phone is booted, which will be executed during boot and invisible to the end user.

You do need an un-upgraded <2.11.07 version of the baseband, and for the near future you'll have to be careful not to upgrade it if you want to keep your phone unlockable. If you want to upgrade your phone but not kill the possibility of unlocking it, the team has some information on using PwnageTool to upgrade the iPhone firmware while keeping the baseband firmware intact. If you've already updated your baseband, consider yourself stuck with AT&Tuntil a new hack comes along.

Dev Team Blog (watch here for updates)
Original yellowsn0w Announcement
yellowsn0w Preview Demo

December 29, 2008

Python on Android

If you have the Google Phone and prefer hacking Python over Java, this is just what you've been waiting for:

Here's an early Christmas present for all those Python fanatics (self included) out there! With a lot of help from my friends (thanks Manuel and Thomas!) I managed to install Python 2.4.5 on my G1. It's still rough around the edges, but I think it's a good start. Klaus Reimer has a nice overview of how to cross-compile Python. My instructions borrow a lot from his.

You'll need to do a bit of patching and cross compilation, but Damon's instructions are thorough enough to get you through it.

Python on Android

December 28, 2008

Controlling Sony camcorders with the Arduino

The Local Application Control Bus System (LANC) is the protocol used by Sony camcorders (and some other brands as well) that allows external accessories to control the camera remotely. On most cameras, you'll find a LANC port next to your camera's other IO jacks—it's usually a 2.5mm headphone-style jack, or a 5 pin mini-DIN.

If you're an Arduino fan, you can easily create your own custom devices that can interact with your camcorder using the LANC protocol, allowing you to control zoom and record functions from your own programs. Goose wrote about his own project and example Arduino source:

I found source code to do LANC control with the Arduino board. It was written quite well - it worked the first time out. I made a few changes though, specifically changing it from being controlled by a serial port to being controlled by a potentiometer. I plan to build my own zoom controller with it, using an Arduino Mini.

The original code comes from Brady Marks. Make sure to check out the README and other documentation inside the source zip file. Along with the Arduino source, there's a bunch of LANC protocol documentation as well as some collected emails and mailing list discussion on the topic.

Zoomduino - Arduino Zoom Controller
SONY LANC Protocol Details
Brady Marks' Arduino LANC Source

December 27, 2008

Gradient text effect in CSS

Using a 1px gradient PNG image and a solid background, you can create a snazzy gradient text effect. It looks pretty, but the real beauty is that you don't need to cut custom titles, and the markup is simple and search friendly. The trick isn't limited to just gradients, but can be used for a number of different patterns. As long as you have a solid background, you can overlay the text with any semi-transparent image pattern that matches the background.

CSS Gradient Text Effect

Retro gaming emulators that include (legal) ROMs?

Tunnels of Doom

The holiday break is a good time for 30/40/50/etc.-somethings to take trips down memory lane and dig up games from their childhood. For those of us who either don't have old systems in their attics/basements or who have grown bored with their contents, there are always emulators.

The hassle with emulators is finding games to play on them: if you have the original disks, you can, with some effort, transfer them to your computer. There's also the path of least resistance, downloading ROMs, but that opens up complicated set of legal and ethical issues. Another option is to find emulators that include the ROMs--legally. Here are a couple I've found:

Miner 2049er and Bounty Bob Strikes Back
Big Five Software, makers of two of the best old-school platform games, released a dedicated emulator that plays the 8-bit Atari computer versions of both.

Classic99
Harmless Lion obtained permission to include the TI-99/4a system ROMs and many TI classics, including Hunt the Wumpus, Parsec, and Tunnels of Do... (OK, I just lost about half the readers of the blog here. Oh, back so soon? I know you are just looking for info on how to play Tunnels of Doom).

(These two bundles are Windows-only, but they played fine for me under VMware Fusion.)

Parabellum's Java Vectrex Emulator
The Vectrex Game ROMs are available for free, which makes it possible for Vectrex emulator developers to include the games along with their emulators. This emulator is cross-platform; you can download versions for Windows, Linux, and Mac OS X.

PDRoms
Be sure to check out the wealth of homebrew ROMs available. These are created by the community, and although they aren't the games you remember from your youth, they have an old-school feel and many are as good as the best from the old days.

Know of any other legal emulator/ROM combos out there? I'm sure there are more; post them up in the comments, please! My wish? Shamus.

Gaming Hacks
It doesn't take long for an avid or just wickedly clever gamer to be chafed by the limitations of videogame software or hardware. If you want to go far beyond the obvious, there's an awful lot of free fun you can have, using the creative exploits of the gaming gurus. Gaming Hacks is the indispensable guide to cool things gamers can do to create, modify, and hack videogame hardware and software.

Retro Gaming Hacks
Whether you're just discovering Tetris or you've been a Pong junkie since puberty, Chris Kohler's Retro Gaming Hacks is your indispensable new guide to classic games. Kohler has compiled the how-to information that used to take weeks of web surfing to find and presents it in highly readable Hacks style.

December 26, 2008

Das DereLicht - ham radio transmitter from a CFL bulb

They usually work so well, it's easy to forget about all the electronics crammed inside a compact fluorescent light bulb. MAKE reader Ollie AJ1O sent us a link to ham Michael J. Rainey's (AA1TJ) "Das DereLicht" radio, a transmitter made almost completely from the parts of a defective CFL bulb.

This electronic puzzle was a result of my changing a defective compact fluorescent lamp (CFL) in my kitchen. For some reason, I began to wonder if it would be possible to build a QRP CW transmitter using the electronic components salvaged from this derelict lamp.

Indeed, I'm pleased to report that a perfectly serviceable transmitter may be constructed! The only additional components required were the quartz crystal, and four of the five components needed for the output lowpass filter. The resulting transmitter produces up to 1.5 watts on 80m.

For all the hams out there: what's the coolest radio hack you've created or heard of? Send us a shout in the comments.

Das DereLicht - Ham Radio From A CFL Bulb

December 25, 2008

Using Google App Engine as a personal CDN

Distributing a website over a content delivery network is typically an expensive proposition, but since the release of the Google App Engine beta program, there's an option for small to medium sized sites to easily distribute content on Google's infrastructure. Putting the application SDK aside, Matt Riggott wrote a decent howto on using the service simply as a free CDN:

A content delivery network, or CDN, is a system of servers spread around the world, serving files from the nearest physical location. Instead of waiting for a file to find its way from a server farm in Silicon Valley 8,000 kilometres away, I can receive it from London, Dublin, or Paris, cutting down the time I wait. The big names -- Google, Yahoo, Amazon, et al -- use CDNs for their sites, but they've always been far too expensive for us mere mortals. Until now.

There's a service out there ready for you to use as your very own CDN. You have the company's blessing, you won't need to write a line of code, and -- best of all -- it's free.

There are limitations to the service, of course. You can't host any files larger than 1MB, and you're limited to 650,000 requests a day and 10GB of downloads. That said, there are a lot of sites that fit within these parameters and could offload the static portion of their content to see a large reduction in bandwidth and provide faster load times to end users.

Using Google App Engine as Your Own Content Delivery Network
Google App Engine

December 24, 2008

Route-me - Open Source mapping library for iPhone

Route-me is an Open Source (BSD license) mapping library for the iPhone. It's written in native Objective C and can use the OpenStreetMap data layer, among others. If you're an iPhone developer, this gives you an easy way to add high-quality mapping functionality, similar to that of the built in Google Maps client, to your own applications. There's a discussion over on Slashdot of one such application, GPS Mission, which uses the route-me library to create a multiplayer location-based scavenger hunt.

This is pretty exciting—hopefully it will help enable a whole new class of location-aware apps. If you know of any other apps based on the route-me library, or if you have a good idea you'd like to share for a map based application, send us a line in the comments.

Route-me - Open Source iPhone-native Slippy Map
How To Make an App Using the Route-me Library

December 23, 2008

Gravitron - ping pong ball LED toy

Marcus wrote in to tell us about his latest ping pong ball electronics project, the Gravitron. In half of a ping pong ball, he's crammed 12 LEDs, an accelerometer, and an ATmega168 for a brain. If you pick it up and tilt it, it will light the highest LED. It's sort of poetic.

If you're as impressed as I am with his efficiency of space, check out Marcus' other ping pong ball experiments on his blog.

Gravitron - Playing around with gravity

December 22, 2008

Pixastic - Javascript image processing library

PIxastic is a Javascript library that provides low level image processing capabilities to your web applications. Jacob Seidelin has been working on this as part of an all-Javascript image editor, and he decided to release the library under the MIT license earlier this month:

Pixastic works by utilizing the HTML5 Canvas element which provides access to raw pixel data, thereby opening up for more advanced image effects. This is where the "experimental" part comes into play. Canvas is only supported by some browsers and unfortunately Internet Explorer is not one of them. It is however well supported in both Firefox and Opera and proper support is hopefully coming for Safari soon (Safari currently only works with the WebKit nightly builds). A few of the effects have been simulated in IE using the age old proprietary filters. While these filters are much faster than their Canvas friends, they are few and limited. Hopefully we will one day have real Canvas on IE as well.

The ability to manipulate image data directly is one of the more compelling features of the next generation of web browsers. I'm looking forward to the day when I can cut and paste an image directly into a blog post, adjust its color and crop it, all without jumping back and forth to an image editor.

Check the Pixastic site for more details on the supported browsers and available filters. There's also a small snippet of code that shows you how to use Pixastic with jQuery.

Pixastic Image Processing Library
Picastic Documentation