Hackaday Podcast Episode 378: C Coders, Ceramic Printers, And Shadow Archives

It’s a hot one at both microphones, as Elliot Williams and Kristina Panos wilt in the heat with ice lollies and freezer packs. But still, we persevered long enough to make a podcast.

In Hackaday news, Supercon is on! It’s going down in Pasadena, California, but the talks will be somewhere slightly larger, with a courtyard instead of an alley. Get your talk proposals in now! In other Hackaday news, we still have our Frikkin’ Lasers Contest going on until Thursday, July 23rd.

Interestingly enough, we got a comment on an older article from none other than [Michael J. Van de Graaff], whose grandfather invented the Van de Graff generator and was “quite upset” when plans for a DIY version appeared in Scientific American. And finally, Google Earth’s desktop client is being discontinued, but you can still travel the globe on your phone, or in your PC’s browser.

Not only do we have another triple mailbag this week, we have another failed attempt at guessing the Sound by Kristina. However, [Alexander] knew that it was CD-ROM drive a-spinnin’. Speaking of What’s That Sound, be sure to let us know your ideas for the new prize.

That sounds like a lot of preamble, but we quickly get to a full slate of hacks, a couple of which are pretty retro in retrospect. Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in lovely MP3.

Continue reading “Hackaday Podcast Episode 378: C Coders, Ceramic Printers, And Shadow Archives”

This Week In Security: Another Record Patch Tuesday, LAME Is More Secure, Secure Boot Is Less Secure, And Milk Malware

Following the reports last week using the Windows Global Device ID (GDID) in tracking a malware operators behavior, here is a comprehensive write-up about what goes into the GDID and how it is used. It’s worth noting that the GDID itself was not used to catch the malware operator, however once a suspect was identified, the GDID was used to correlate behavior across various Microsoft products on the Internet.

The GDID is generated and assigned during a Windows install, but a re-install of Windows will generate a new GDID. Developer [SmtimesIWndr] tracks the generation and tracking of the GDID through the various Windows libraries and services, identifying where it appears to be created and how it is passed to other services like Azure.

Worth noting is your GDID is a unique, personally identifiable piece of information; if you go exploring and extract it from your Windows install, be sure to keep it private!

LAME mp3 updates

Those of us who were around for the dawn of MP3 files may remember the LAME encoder and library. After almost 10 years, there is a new LAME release.

Notably, this includes two security fixes, one for a stack buffer overflow based on malicious input to the Blade encoder, and an integer underflow in the AIFF header parser. Both of the fixed bugs feel very old-school, which seems appropriate given the age of the library and most of the related code.

Buffer overflows impacting the stack are some of the simplest and most direct forms of vulnerabilities, where it is possible to write past the end of a buffer and control how the function returns and instead execute arbitrary code. Integer under-flows, similarly, impact memory management; usually caused by allowing a variable that stores the size of a buffer to go negative. Since sizes are typically unsigned positive numbers, a negative is interpreted as an enormous positive number, writing past the proper buffer length.

Despite the new findings, the LAME codebase has been extremely resilient over the years, and considering the number of programs that likely still use LAME under the covers to process audio, seeing the project wake up with security fixes is great news.

Recovering Passwords from BIOS

Researchers have found a vulnerability in Dell BIOS code that allows extraction of the administrator password from the BIOS flash chips, either with physical access via a flash programmer, or via administrator or root level access to the operating system and reading the contents of the flash chip.

Dell used a 20 byte key to encrypt a 32 byte password field: for any admin password of 12 characters or fewer, the password is stored in completely plaintext. For longer passwords, characters beyond the first 12 are encrypted – but the random bytes are computed from the first character of the password mixed with fixed device data, yielding only 256 possible encryption seeds for the remaining bytes.

Using the BIOS admin password for evil requires local access, so the attack surface is small, however as the researchers note it controls the boot order and may allow an attacker with physical access to then boot an unsigned OS or bypass full-disk encryption, so it’s serious.

Continue reading “This Week In Security: Another Record Patch Tuesday, LAME Is More Secure, Secure Boot Is Less Secure, And Milk Malware”

Hackaday Europe 2026 – Build A Cable Modem For Your Arduino

Even for those of us that are quite technically minded, we spend precious little time thinking about the cables that carry our signals and do all the important work we need them to do on a daily basis. A great deal of theory and engineering goes into making things like telephone lines and HDMI cables work, but we mostly just plug them in and get on with whatever we’re doing.

If this is your experience, you might find the Hackaday Europe talk from [Michael Wiebusch] to be particularly interesting. He dives into transmission line theory from an accessible standpoint, explaining how two disparate signals can go in opposite directions on the very same wire. Then he demonstrates the theory by building a cable modem… well, sort of!

Continue reading “Hackaday Europe 2026 – Build A Cable Modem For Your Arduino”

FLOSS Weekly Episode 875: JavaScript As A Systems Language

This week Jonathan chats with Nariman Jelveh about Puter! It’s the project that takes the idea of the Browser-as-the-OS seriously. Why did a simulated desktop on the web take off, what the story of making it Open Source, and what’s coming next? Watch to find out!

Continue reading “FLOSS Weekly Episode 875: JavaScript As A Systems Language”

2026 Hackaday Supercon: Call For Proposals

We are absolutely stoked to announce that the Hackaday Superconference is taking place this year November 6th through 8th in glorious Pasadena California, and we want to see you there!

If you’ve been to any of the previous nine Supercons, you know that it’s a fantastic gathering of the most motivated and interesting hackers around — but it’s also been a relatively small gathering. And while we love the very high signal-to-noise ratio of folks who show up, we’re always a little bit sad when the tickets sell out because it represents hackers who couldn’t be there.

So this year, we’re celebrating Supercon Ten by expanding out of our traditional location at the Design Lab so that we can accommodate 20% more hackers, while still keeping the cozy nature of the event intact. So if you’ve been wanting to come to Supercon, but procrastinated the ticket sales every year, this year is looking 20% better.

Continue reading “2026 Hackaday Supercon: Call For Proposals”

Hackaday Links Column Banner

Hackaday Links: July 12, 2026

Although we’d rather bring you news of clever modifications and repairs down on the farm, more often than not, the name “John Deere” has appeared on the pages of Hackaday because of their opposition to farmers actually being able to work on the machines their livelihoods depend on. But thanks to a settlement reached between the company and the Federal Trade Commission this week, farmers seem to have been handed a much-needed win in the Right to Repair battle.

When a lawsuit against a company ends in a settlement, it usually means spending money they would rather pay than go to court. Indeed, earlier cases against John Deere have resulted in plenty of checks being written. But this time around, the FTC agreement requires Deere to make its diagnostic and repair software available to owners and independent shops. It also has a clause that prevents them from retaliating against owners who want to handle their own repairs rather than going through the company’s official service channels — hard to believe that’s something that actually needs to be specified, but it does give you a hint as to just how bad the situation has been. We’ll definitely be keeping an eye on this story.

Sounds like the Feds were busy this week, as the Federal Communications Commission also gave the green light to Reflect Orbital to launch a prototype satellite for their controversial “sunlight as a service” concept. The company plans to put the spacecraft into a roughly 600 km orbit around the planet, where it will deploy its 324-square-meter reflector and angle itself to illuminate a spot on the ground. It might sound like something a Bond villain would come up with, but Reflect Orbital says the capability will be used to beam sunlight directly onto solar panels at night and to provide light for search-and-rescue operations.

As you might expect, providing such a service on a global scale would require many such reflectors, which is where the concern really comes in. Critics note that a sky full of literal mirrors can cause all sorts of issues, ranging from the scientific to the scenic. The American Astronomical Society points out that each satellite in the constellation could appear to be four times as bright as the full Moon, and that it’s possible an amateur sky watcher could get an eyeball full of redirected sunlight should one of them unexpectedly zip past the aperture of their backyard telescope.

Continue reading “Hackaday Links: July 12, 2026”

When Changing Scale Isn’t Just More Of The Same

[Jenny] and I were talking about [Bitluni]’s experiment in scale, where he will take 65,536 cheap microcontrollers, network them all together, and give each one an RGB pixel. From there, antics will surely ensue. Right now, he’s only got 8,192 of them up and running, and already the novel problems and opportunities are rearing their heads.

We all know it from our own hacking. In theory, doing something ten times is ten times doing it once. But then in practice, entirely new phenomena appear as you scale up that were simply not there in the small. Maybe it happens when you repeat it one hundred times, or a thousand.

Viewed positively, this is the property of emergence: how the whole can be more than the sum of its parts, and how biology isn’t just chemistry multiplied by a few million interactions. In our blinky world, a massive wall of LEDs is a display, not just a bunch of pixels.

On the flip side, going from one microcontroller with a 10 mA current draw to 64 Ki controllers, with 655 A, is more than just a difference in scale. You need to learn a new skill set to handle the problem. Making a single prototype is a different problem from making a run of badges for a conference of 5,000 – you’ll need a team, and won’t be able to just hack it alone – not to even mention the parts sourcing woes.

So I loved watching [Bitluni] going through the upscaling. He certainly had an idea of what he was getting himself into, but as with the emerging properties of a big system, there are often emerging problems, and those you can’t always see ahead of time. Have you gotten into a project that scaled itself into something qualitatively different? Tell us about it.