The Bluetooth SIG recently released the core specification for version 6.0 of Bluetooth. Compared to 5.x, it contains a number of changes and some new features, the most interesting probably being Channel Sounding. This builds upon existing features found in Bluetooth 5.x to determine the angle to, and direction of another device using Angle of Arrival (AoA) and Angle of Departure (AoD), but uses a new approach to much more precisely determine these parameters. as defined in the Technical Overview document for this feature.

In addition to this feature, there are also new ways to filter advertising packets, to reduce the number of packets to sift through (Decision-Based Advertising Filtering) and to filter out duplicate packets (Monitoring Advertisers). On a fundamental level, the Isochronous Adaptation Layer (ISOAL) received a new framing mode to reduce latency and increase reliability, alongside frame spacing now being negotiable and additional ways to exchange link layer information between devices.

As with any Bluetooth update, it will take a while before chipsets supporting it become widely available, and for the new features to be supported, but it gives a glimpse of what we can likely expect from Bluetooth-enabled devices in the future.

hackaday.com/2024/09/06/blueto…

It’s 2024, and there’s no getting around it. Grid energy is expensive. [Darrell] realized that a lot of his money was going on water heating, and he came up with a neat solution. What if he could hack in some solar power to slash his bills at a minimum of fuss? It worked so well for him, he’s whipped up a calculator to help others do the same.

[Darrell]’s idea was simple enough. He hooked up solar panels to just the bottom heating element of his hot water heater. This cut his power bill in half. His calculator is now up at pvh20.com, and it’s designed to help you figure out if it’s feasible for you. It takes into account your location, local power prices, and the amount of sun your area tends to get on a regular basis. It also takes into account the solar panels you intend to use and your water heater to determine how many panels you’ll need for properly hot water. Key all that in, and you’re well on your way to speccing a decent solar hot water setup. From there you’ll just need to buy the right stuff and wire it all up properly.

If you live in an area where the sun shines freely and the power is more expensive than printer ink, this could be a project well worth pursuing. Cheaper hot water is a grand thing, after all. [Darrell’s] calculator is really only the first step, and it doesn’t deal with the practicalities of installation, but that’s half the fun of a good project, right? Happy hacking!

hackaday.com/2024/09/06/hot-wa…

We’ve seen a great many cat feeders over the years. Some rely on the Internet of Things, and some rely on fancy microcontrollers. [Larry Cook], on the other hand, built his using a simple 4060 binary counter chip.

The feeder is built out of old plywood, and the whole thing runs off an old 12-volt DC wall wart and a lead-acid battery to keep it going in a power outage. The dry cat food is stored in hopper above a drum, with the drum rotated by a 12-volt DC gearmotor. The gearmotor is activated on a schedule—either every 4 hours, or every 5.5 hours, depending on setting. There’s then a four-digit 7-segment display for counting the total number of feedings.

The manner of operation is simple. The 4060 binary counter slowly counts up to 8,196 on a 1.11 Hz or 0.83 Hz clock, for four hour or 5.5 hour operation respectively. When it hits that threshold, it fires the gear motor. The gear motor then rotates the drum for one revolution, dumping a preset amount of food. At the end of a revolution, it triggers a hall sensor which resets the circuit.

The best thing about this design? It’s been in service for ten years. [Larry’s] original video is a big contrast to his latest one, but it shows the same feeder doing the same job, all this time.

We love a good cat feeder, and it’s great to see one built with simple old-school parts, too. Video after the break.

youtube.com/embed/PT58t5Y_sG4?…

youtube.com/embed/rK-8faJf2jY?…

[Thanks to Cprossu for the tip!]

hackaday.com/2024/09/06/an-aut…

Gli analisti di JFrog hanno scoperto un nuovo attacco, a cui hanno dato il nome Revival Hijack . Si è scoperto che gli aggressori registrano nuovi progetti in PyPI utilizzando i nomi di pacchetti precedentemente eliminati per sferrare attacchi alle catene di approvvigionamento.

Secondo i ricercatori, questa tecnica “avrebbe potuto essere utilizzata per dirottare 22.000 pacchetti PyPI, portando successivamente a centinaia di migliaia di download di pacchetti dannosi”.

Tali attacchi sono possibili perché i nomi dei pacchetti rimossi da PyPI diventano nuovamente disponibili per la registrazione. Cioè, gli sviluppatori che decidono di rimuovere il proprio progetto da PyPI ricevono solo un avvertimento sulle possibili conseguenze.

“L’eliminazione di questo progetto renderà il suo nome disponibile a qualsiasi altro utente PyPI”, si legge nell’avviso. “Gli utenti potranno creare nuove versioni utilizzando questo nome di progetto purché i nomi dei file distribuiti non corrispondano ai nomi dei file precedentemente distribuiti.”

Si segnala che PyPI dispone di una blacklist chiusa che contiene i nomi dei pacchetti per i quali non è possibile registrare nuovi progetti. Tuttavia, la maggior parte dei pacchetti rimossi non sono inclusi in questo elenco.

Secondo JFrog, più di 22.000 pacchetti vulnerabili al Revival Hijack sono già stati rimossi da PyPI, alcuni dei quali erano piuttosto popolari. Pertanto, in media, 309 pacchetti vengono rimossi da PyPI al mese, il che significa che si aprono costantemente nuove opportunità per gli aggressori.

I ricercatori citano ad esempio il caso del pacchetto pingdomv3, che è stato rimosso da PyPI il 30 marzo 2024. Il nome del pacchetto è stato intercettato lo stesso giorno e gli aggressori hanno immediatamente pubblicato un aggiornamento in cui è stato aggiunto al pacchetto un trojan Python, offuscato tramite Base64 e destinato all’ambiente CI/CD Jenkins.

Per mitigare i rischi derivanti dal Revival Hijack, gli specialisti di JFrog sono intervenuti e hanno creato nuovi progetti Python, utilizzando un account denominato security_holding per “assumere” i nomi dei pacchetti remoti più popolari. I ricercatori hanno anche cambiato i numeri di versione in 0.0.0.1 per garantire che gli utenti attivi non potessero ricevere l’aggiornamento.

Tre mesi dopo, JFrog scoprì che questi pacchetti erano stati scaricati quasi 200.000 volte, grazie a script automatizzati ed errori degli utenti.

Per proteggersi da tali attacchi, gli esperti raccomandano che gli utenti e le organizzazioni utilizzino il blocco dei pacchetti per rimanere su determinate versioni note e affidabili, nonché per verificare l’integrità dei pacchetti, verificarne i contenuti, monitorare i cambiamenti di proprietà e l’attività di aggiornamento atipica.

L'articolo La fantasia dell’Hacking non ha confini! Revival Hijack: sfrutta pacchetti PyPI eliminati per attacchi alla supply chain proviene da il blog della sicurezza informatica.

Have you ever scanned old negatives or print photographs? Then you’ve probably wondered about the resolution of your scanner, versus the resolution of what you’re actually scanning. Or maybe, you’ve looked at digital cameras, and wondered how many megapixels make up that 35mm film shot. Well [ShyStudios] has been pondering these very questions, and they’ve shared some answers.

The truth is that film doesn’t really have a specific equivalent resolution to a digital image, as it’s an analog medium that has no pixels. Instead, color is represented by photoreactive chemicals. Still, there are ways to measure its resolution—normally done in lines/mm, in the simplest sense.

[ShyStudios] provides a full explanation of what this means, as well as more complicated ways of interpreting analog film resolution. Translating this into pixel equivalents is messy, but [ShyStudios] does some calculations to put a 35mm FujiColor 200 print around the 54 megapixel level. Fancier films can go much higher.

Of course, there are limitations to film, and you have to use it properly. But still, it gives properly impressive resolution even compared to modern cameras. As it turns out, we’ve been talking about film a lot lately! Video after the break.

youtube.com/embed/Ch_1_f4K78w?…

Thanks to [Stephen Walters] for the tip!

hackaday.com/2024/09/06/how-mu…

Writing for Hackaday involves drinking from the firehose of tech news, and seeing the latest and greatest of new projects and happenings in the world of hardware. But sometimes you sit back in a reflective mood, and ask yourself: didn’t this all used to be more exciting? If you too have done that, perhaps it’s worth considering how our world of hardware hacking is fueled, and what makes stuff new and interesting.

Hardware projects are like startup fads

When AliExpress has hundreds of kits for them, Nixie clocks are a mature project sector, by any measure.
Hardware projects are like startup fads, they follow the hype cycle. Take Nixie clocks for instance, they’re cool as heck, but here in 2024 there’s not so much that’s exciting about them. If you made one in 2010 you were the talk of the town, in 2015 everyone wanted one, but perhaps by 2020 yours was simply Yet Another Nixie Clock. Now you can buy any number of Nixie clock kits on Ali, and their shine has definitely worn off. Do you ever have the feeling that the supply of genuinely new stuff is drying up, and it’s all getting a bit samey? Perhaps it’s time to explore this topic.

I have a theory that hardware hacking goes in epochs, each one driven by a new technology. If you think about it, the Arduino was an epoch-defining moment in a readily available and easy to use microcontroller board; they may be merely a part and hugely superseded here in 2024 but back in 2008 they were nothing short of a revolution if you’d previously has a BASIC Stamp. The projects which an Arduino enabled produced a huge burst of creativity from drones to 3D printers to toaster oven reflow and many, many, more, and it’s fair to say that Hackaday owes its early-day success in no small part to that little board from Italy. To think of more examples, the advent of affordable 3D printers around the same period as the Arduino, the Raspberry Pi, and the arrival of affordable PCB manufacture from China were all similar such enabling moments. A favourite of mine are the Espressif Wi-Fi enabled microcontrollers, which produced an explosion of cheap Internet-connected projects. Suddenly having Wi-Fi went from a big deal to built-in, and an immense breadth of new projects came from those parts.

Tell us then, What’s new?

So back to 2024, and a Hackaday writer at her desk in the English countryside. 3D printers are still our bread and butter, but they’re on Amazon special offer these days. Small Linux boards are ten a penny, and microcontrollers that put the Arduino’s ATmega in the shade are only a few cents from China. It almost feels as though everything is mainstream, and all we’re getting are increments rather than huge leaps. I want new stuff again, I want exciting stuff!

Happily, the world of technology doesn’t stand still. We all know that the Next Big Thing is just around the corner, and our desire to make cool new stuff will be revitalised by it. But what will it be? My eyes are on ASIC fabrication, I think Tiny Tapeout must only be the start of perhaps the most exciting epoch of them all. But what do you think on the matter, where will your Next Big Thing come from? We’re really interested to hear your views in the comments.

Header image: The RepRap Mendel 3D printer, one of the more successful early affordable designs. Dkoukoul, CC BY-SA 3.0.

hackaday.com/2024/09/06/ask-ha…

What’s a dog to do if they want to do some accessible skateboarding? [Simone Giertz]’s three-legged pup, [Scraps], got the chance to try a LEGO Technic board for her thrills.

This electric LEGO skateboard features six motors and paw pedals to let [Scraps] steer while [Giertz] remotely controls the speed of the board. While it’s not a particularly fast ride, it does let [Scraps] live out her dreams of being a YouTube dog skateboard celebrity.

A video from [Giertz] wouldn’t be complete without a life lesson, and this time it was the importance of rest to the creative process. Sometimes when a solution eludes you, it’s just time to take a break. The steering mechanism, in particular, was giving her trouble but became simple the next morning. We’re also treated to an adorable shot of [Scraps] napping when the initial shoot of her riding the board wasn’t going as planned.

Want to try your hand at making your own skateboard? How about a deck from recycled plastic, tank treads instead of wheels, or is a rocket-powered skateboard more your speed?

youtube.com/embed/N1eo5bXtZeM?…

hackaday.com/2024/09/06/an-ele…

Estonia has revealed that Moscow was behind a series of cyber attacks targeting of several Estonian ministries in 2020, in a rare move that publically accuses another state actor of a cyber-attack.

euractiv.com/section/defence-a…