Slider

4220 Articles

Hackaday Podcast Episode 266: A Writer’s Deck, Patching Your Battleship, And Fact-Checking The Eclipse

April 12, 2024 by No comments

Before Elliot Williams jumps on a train for Hackaday Europe, there was just enough time to meet up virtually with Tom Nardi to discuss their favorite hacks and stories from the previous week. This episode’s topics include the potential benefits of having a dual-gantry 3D printer, using microcontrollers to build bespoke note taking gadgets, the exciting world of rock tumbling, and the proper care and maintenance required to keep your World War II battleship in shape. They’ll also go over some old school keyboard technologies, DIP chip repairs, and documenting celestial events with your home solar array. By the end you’ll hear about the real-world challenges of putting artificial intelligence to work, and how you can safely put high-power lithium batteries to work in your projects without setting your house on fire.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download for off-line listening.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 266: A Writer’s Deck, Patching Your Battleship, And Fact-Checking The Eclipse”

This Week In Security: BatBadBut, DLink, And Your TV Too

April 12, 2024 by 23 Comments

So first up, we have BatBadBut, a pun based on the vulnerability being “about batch files and bad, but not the worst.” It’s a weird interaction between how Windows uses cmd.exe to execute batch files and how argument splitting and character escaping normally works. And what is apparently a documentation flaw in the Windows API.

When starting a process, even on Windows, the new executable is handed a set of arguments to parse. In Linux and friends, that is a pre-split list of arguments, the argv array. On Windows, it’s a single string, left up to the program to handle. The convention is to follow the same behavior as Linux, but the cmd.exe binary is a bit different. It uses the carrot ^ symbol instead of the backslash \ to escape special symbols, among other differences. The Rust devs took a look and decided that there are some cases where a given string just can’t be made safe for cmd.exe, and opted to just throw an error when a string met this criteria.

And that brings us to the big questions. Who’s fault is it, and how bad is it? I think there’s some shared blame here. The Microsoft documentation on CreateProcess() strongly suggests that it won’t execute a batch file without cmd.exe being explicitly called. On the other hand, This is established behavior, and scripting languages on Windows have to play the game by Microsoft’s rules. And the possible problem space is fairly narrow: Calling a batch file with untrusted arguments.

Almost all of the languages with this quirk have either released patches or documentation updates about the issue. There is a notable outlier, as the Java language will not receive a fix, not deeming it a vulnerability. It’s rather ironic, given that Java is probably the most likely language to actually find this problem in the wild. Continue reading “This Week In Security: BatBadBut, DLink, And Your TV Too”

FLOSS Weekly Episode 778: OctoPrint — People Are Amazing At Breaking Things

April 10, 2024 by 7 Comments

This week Jonathan Bennett and Katherine Druckman sit down with Gina Häußge to talk OctoPrint! It’s one of our favorite ways to babysit our 3D printers, and the project has come a long way in the last 12 years! It’s a labor of love, primarily led by Gina, who has managed to turn it into a full time job. Listen in to hear that story and more, including how to run an Open Source project without losing your sanity, why plugins are great, and how to avoid adding a special services employee as a co-maintainer!

Continue reading “FLOSS Weekly Episode 778: OctoPrint — People Are Amazing At Breaking Things”

Chandra X-ray Observatory Threatened By Budget Cuts

April 10, 2024 by 39 Comments

Launched aboard the Space Shuttle Columbia in July of 1999, the Chandra X-ray Observatory is the most capable space telescope of its kind. As of this writing, the spacecraft is in good health and is returning valuable scientific data. It’s currently in an orbit that extends at its highest point to nearly one-third the distance to the Moon, which gives it an ideal vantage point from which to make its observations, and won’t reenter the Earth’s atmosphere for hundreds if not thousands of years.

Yet despite this rosy report card, Chandra’s future is anything but certain. Faced with the impossible task of funding all of its scientific missions with the relative pittance they’re allocated from the federal government, NASA has signaled its intent to wind down the space telescope’s operations over the next several years. According to their latest budget request, the agency wants to slash the program’s $41 million budget nearly in half for 2026. Funding would remain stable at that point for the next two years, but in 2029, the money set aside for Chandra would be dropped to just $5.2 million.

Drastically reducing Chandra’s budget by the end of the decade wouldn’t be so unexpected if its successor was due to come online in a similar time frame. Indeed, it would almost be expected. But despite being considered a high scientific priority, the x-ray observatory intended to replace Chandra isn’t even off the drawing board yet. The 2019 concept study report for what NASA is currently calling the Lynx X-ray Observatory estimates a launch date in the mid-2030s at the absolute earliest, pointing out that several of the key components of the proposed telescope still need several years of development before they’ll reach the necessary Technology Readiness Level (TRL) for such a high profile mission.

With its replacement for this uniquely capable space telescope decades away even by the most optimistic of estimates, the  potential early retirement of the Chandra X-ray Observatory has many researchers concerned about the gap it will leave in our ability to study the cosmos.

Continue reading “Chandra X-ray Observatory Threatened By Budget Cuts”

In A Twist, Humans Take Jobs From AI

April 9, 2024 by 41 Comments

Back in the 1970s, Rockwell had an ad that proudly proclaimed: “The best electronic brains are still human.” They weren’t wrong. Computers are great and amazing, but — for now — seemingly simple tasks for humans are out of reach for computers. That’s changing, of course, but computers are still not good at tasks that require a little judgment. Suppose you have a website where people can post things for sale, including pictures. Good luck finding a computer that can reliably reject items that appear to be illegal or from a business instead of an individual. Most people could easily do that with a far greater success rate than a computer. Even more so than a reasonable-sized computer.

Earlier this month, we reported on Amazon stepping away from the “just walk out” shopping approach. You know, where you just grab what you want and walk out and they bill your credit card without a checkout line. As part of the shutdown, they revealed that 70% of the transactions required some human intervention which means that a team of 1,000 people were behind the amazing technology.

Humans in the Loop

That’s nothing new. Amazon even has a service called Mechanical Turk that lets you connect with people willing to earn a penny a picture, for example, to identify a picture as pornographic or “not a car” or any other task you really need a human to do. While some workers make up to $6 an hour handling tasks, the average worker makes a mere $2 an hour, according to reports. (See the video below to see how little you can make!) The name comes from an infamous 200-year-old chess-playing “robot.” It played chess as well as a human because it was really a human hiding inside of it.

Continue reading “In A Twist, Humans Take Jobs From AI”

Heating Mars On The Cheap

April 8, 2024 by 78 Comments

Mars is fairly attractive as a potential future home for humanity. It’s solid, with firm land underfoot. It’s able to hang on to a little atmosphere, which is more than you can say about the moon. It’s even got a day/night cycle remarkably close to our own. The only problem is it’s too darn cold, and there’s not a lot of oxygen to breathe, either.

Terraforming is the concept of fixing problems like these on a planet-wide scale. Forget living in domes—let’s just make the whole thing habitable!

That’s a huge task, so much current work involves exploring just what we could achieve with today’s technology. In the case of Mars, [Casey Handmer] doesn’t have a plan to terraform the whole planet. But he does suggest we could potentially achieve significant warming of the Red Planet for $10 billion in just 10 years. Continue reading “Heating Mars On The Cheap”

Hackaday Links Column Banner

Hackaday Links: April 7, 2024

April 7, 2024 by 12 Comments

Folks with a bit of knowledge about network security commonly use virtual private networks (VPNs) when out and about. Whether you’re connecting to public WiFi or somebody passes you a questionable Ethernet cable at a hacker con, it’s nice to have a secure endpoint to tunnel all of your traffic. As a secondary bonus, connecting through a VPN can obscure your physical location. It’s that second feature that has a bunch of people jumping on the VPN bandwagon as they try to dodge the recent porn age checks that have gone into effect in a number of states. According to a recent article in PopSci, one particular VPN provider saw a 275% jump in demand on the same day that PornHub cut off access to users in Texas. While the debate over underage users accessing adult content is far outside of our wheelhouse, anything that gets more users connecting to the Internet via encrypted means is arguably a net positive.

If you wanted somebody from the Geek Squad to set up that VPN so you can get back on PornHub to work securely from the local coffee shop, you might be out of luck. Reports have been coming in that Best Buy’s mobile nerd division is seeing sweeping layoffs. Geeks were told to stay home on Tuesday and await a call from corporate, at which point many got the surprising news that they no longer had a job. The /r/GeekSquad subreddit has been a rallying point for staff who got the axe, with the user [jaym026] posting what we assume is an AI-generated inspirational speech from Optimus Prime. Of course, it sucks for anyone to lose their job, especially with the way things are these days. Still, we’re willing to bet almost none of those affected will look back on the day they were let go from an increasingly irrelevant brick-and-mortar electronics store as a low point in their professional careers.

Continue reading “Hackaday Links: April 7, 2024”