Hackfest, A New Event For Your European Calendar

September 22, 2024 by 8 Comments

Our community’s events are something special, bringing as they do an opportunity to meet and mingle with other hackers whether their field be hardware, software, or security, to share ideas, and to see some very cool projects. Here at Hackaday aside from our own Supercon and Hackaday Europe events we try to take in as many as we can over the year, and thus it’s always interesting to sot a new one. If you’re in north-west Europe next weekend, consider dropping by Hackfest, in the Dutch city of Enschede, right on the German border.

Looking at the program and the projects and workshops  listed on the website we can see robotics, lockpicking, demoscene, retrocomputing, and plenty of open source. There are quite a few names which have featured at times here on these pages, something which certainly piqued our interest. Finding that it’s only 15 Euros for a weekend’s admission sealed the deal, and thus it’s time for Hackaday to break out the trusty Interrail pass once more and make the trek. Sadly many of Hackaday’s community will be too far away to join us, but if you’re close enough to make it then it’s one to consider.

This is a part of the world it’s fair to say isn’t often featured on Hackaday, but some of you might remember the city as being at the centre of a Wi-Fi tracking scandal.

Get Your Lisp On With The Dune Shell

September 20, 2024 by 10 Comments

Lisp is one of those programming languages that seems to keep taunting us for not learning it properly. It is still used for teaching functional languages today. [Adam McDaniel] has an obvious fondness for this fifty-year-old language and has used it in several projects, including their own shell, Dune.

Dune is a shell designed for powerful scripting. Think of it as an unholy combination of bash and Lisp.

Dune is designed to be highly customisable, allowing you to create a super-optimised workstation for your admin and programming tasks. [Adam] describes the front end for Dune as having turned up the cosiness dial to eleven, and we can see that. A cosy home is personalised, and Dune lets you customise everything.

Dune is a useable functional programming environment with a reasonably complete standard library to back it up, which should simplify some of the more complicated sysadmin tasks. [Adam] says the language also supports a few metaprogramming concepts, such as a quote operator, operator overloading, and macro programming. It’s difficult to describe much more about what you can do with Dune, as it’s a general-purpose programming language wrapped in a shell. The possibilities are endless, and [Adam] is looking forward to seeing what you lot out there do with his project!

The shell can be personalised by editing the prelude file, which allows you to overload functions for the prompt text, the incomplete prompt text (so you can implement intelligent completion options), and a function that deals with the formatting of the command response text. [Adam] gives us his personal prelude file, which defines many helper functions displaying useful things such as the current weather, a calendar, and an ASCII art cat. You never know when that might come in handy. This file is written in Lisp, so we reckon that’s where many people will start as they come up the Lisp (re)learning curve before embarking on more involved automation. Dune was written in Rust, so you need that infrastructure to install it with Cargo.

As we said earlier, Lisp is not a new language. We found a hack for porting a Lisp interpreter to any old language and also running Lisp bare metal on a Lisp machine. Finally, [Al] takes a look at some alternative shells.

This Week In Security: Open Source C2, Raptor Trains, And End To End Encryption

September 20, 2024 by 14 Comments

Open Source has sort of eaten everything in software these days. And that includes malware, apparently, with open source Command and Control (C2) frameworks like Sliver and Havoc gaining traction. And of course, this oddball intersection of Open Source and security has intrigued at least one security researcher who has found some interesting vulnerabilities.

Before we dive into what was found, you may wonder why open source malware tools exist. First off, trustworthy C2 servers are quite useful for researchers, who need access to such tools for testing. Then there is Red Teaming, where a security professional launches a mock attack against a target to test its defenses. A C2 is often useful for education and hobby level work, and then there are the true criminals that do use these Open Source tools. It takes all types.

A C2 system consists of an agent installed on compromised systems, usually aiming for stealth. These agents connect to a central server, sending information and then executing any instructions given. And finally there’s a client, which is often just a web interface or even a command line interface.

Now what sort of fun is possible in these C2 systems? Up first is Sliver, written in Go, with a retro command line interface. Sliver supports launching Metasploit on compromised hosts. Turns out, it accidentally supported running Metasploit modules against the server’s OS itself, leading to an easy remote shell from an authenticated controller account.

Havoc has a fancy user interface for the clients, and also a command injection flaw. A service name field gets used to generate a shell command, so you’re only a simple escape away from running commands. That’s not quite as useful as the API that failed open when a bad username/password was given. Oops. Continue reading “This Week In Security: Open Source C2, Raptor Trains, And End To End Encryption”

Design And The Golden Rule

September 19, 2024 by 36 Comments

You often learn the golden rule or some variation of it as early as kindergarten. There are several ways to phrase it, but you most often hear: “Do unto others as you would have them do unto you.” While that’s catchy, it is really an aphorism that encourages us to consider the viewpoints of others. As people who design things, this can be tricky. Sometimes, what you want isn’t necessarily what most people want, and — conversely — you might not appreciate what most people want or need.

EDIT/1000

HP/1000 CC-BY-SA-3.0 by [Autopilot]
I learned this lesson many years ago when I used to babysit a few HP/1000 minicomputers. Minicomputer sounds grand, but, honestly, a Raspberry Pi of any sort would put the old HP to shame. Like a lot of computers in those days, it had a text editor that was arcane even by the standards of vi or emacs. EDIT/1000 couldn’t be sure you weren’t using a printing terminal, and the commands reflect that.

For example, printing a few lines around the current line requires the command: “/-2,L,5” which isn’t that hard, I suppose. To delete all lines that contain a percent sign, “1$ D/%/A/” assuming you don’t want to be asked about each deletion.

Sure, sure. As a Hackaday reader, you don’t find this hard to puzzle out or remember. But back in the 1980s, a bunch of physicists and chemical engineers had little patience for stuff like that. However, the editor had a trick up its sleeve.

Continue reading “Design And The Golden Rule”

Embossing Graphics By 3D Printing On Wood

September 19, 2024 by 9 Comments

Embossing (making raised shapes) and debossing (making sunken shapes) on 3D-printed surfaces is not a new idea; we do it all the time. [Cory] from Vancouver Hack Space was playing around with 3D printing on wood, and came up with the idea of creating raised tactile surfaces using a simple transfer process.

We don’t often try to print directly onto a wooden surface for various reasons, but [Cory] wanted to give it a go. They hoped to get some grain patterns to transfer to the surface, but as they say in the blog entry, the beauty of wood patterns is in the colouration, which doesn’t transfer. Next, they laser etched a logo into the wood surface to see how well that would transfer. It did create a discernable raised impression, but they forgot to mirror the image (oops!) and relevel the bed, so the results are less impressive than they could be. Still, it’s another useful technique to consider.

Embossing is the process by which braille sheets are made. This DIY braille encoder is pretty sweet. Of course, the process can simply be decorative. Here’s how to use a laser cutter to create your own embossing seals. The traditional way to emboss paper for a fancy effect was to use embossing powder to selectively change the properties of drying paper. But how can you make the stuff for cheap?

Catching The BOAT: Gamma-Ray Bursts And The Brightest Of All Time

September 18, 2024 by 12 Comments

Down here at the bottom of our ocean of air, it’s easy to get complacent about the hazards our universe presents. We feel safe from the dangers of the vacuum of space, where radiation sizzles and rocks whizz around. In the same way that a catfish doesn’t much care what’s going on above the surface of his pond, so too are we content that our atmosphere will deflect, absorb, or incinerate just about anything that space throws our way.

Or will it? We all know that there are things out there in the solar system that are more than capable of wiping us out, and every day holds a non-zero chance that we’ll take the same ride the dinosaurs took 65 million years ago. But if that’s not enough to get you going, now we have to worry about gamma-ray bursts, searing blasts of energy crossing half the universe to arrive here and dump unimaginable amounts of energy on us, enough to not only be measurable by sensitive instruments in space but also to effect systems here on the ground, and in some cases, to physically alter our atmosphere.

Gamma-ray bursts are equal parts fascinating physics and terrifying science fiction. Here’s a look at the science behind them and the engineering that goes into detecting and studying them.

Continue reading “Catching The BOAT: Gamma-Ray Bursts And The Brightest Of All Time”

Thermal Runaway: Solving The Bane Of Electric Vehicles

September 17, 2024 by 86 Comments

Although battery fires in electric cars and two-wheeled vehicles are not a common phenomenon, they are notoriously hard to put out, requiring special training and equipment by firefighters. Although the full scope of the issue is part of a contentious debate, [Aarian Marshall] over at Wired recently wrote an article about how the electric car industry has a plan to make a purportedly minor issue even less of an issue. Here the questions seem to be mostly about what the true statistics are for battery fires and what can be done about the primary issue with batteries: thermal runaway.

While the Wired article references a study by a car insurance company about the incidence of car fires by fuel type (gas, hybrid, electric), its cited sources are dubious as the NTSB nor NHTSA collect statistics on these fires. The NFPA does, but this only gets you up to 2018, and they note that the data gathering here is spotty. Better data is found from European sources, which makes clear that battery electric vehicles (BEVs) catch fire less often than gasoline cars at 25 per 100,000 cars sold vs 1529/100k for ICE cars, but when BEVs do burn it’s most often (60%) from thermal runaway, which can be due to factors like a short circuit in a cell, overcharging and high ambient temperatures (including from arson or after-effects of a car crash). Continue reading “Thermal Runaway: Solving The Bane Of Electric Vehicles”