On Vim, Modal Interfaces And The Way We Interact With Computers

September 1, 2023 by 65 Comments

The ways in which we interact with computers has changed dramatically over the decades. From flipping switches on the control panels of room-sized computers, to punching holes into cards, to ultimately the most common ways that we interact with computers today, in the form of keyboards, mice and touch screens. The latter two especially were developed as a way to interact with graphical user interfaces (GUI) in an intuitive way, but keyboards remain the only reasonable way to quickly enter large amounts of text, which raises many ergonomic questions about how to interact with the rest of the user interface, whether this is a command line or a GUI.

For text editors, perhaps the most divisive feature is that of modal versus non-modal interaction. This one point alone underlies most of the Great Editor War that has raged since time immemorial. Practically, this is mostly about highly opiniated people arguing about whether they like Emacs or vi (or Vim) better. Since in August of 2023 we said our final farewell to the creator of Vim – Bram Moolenaar – this might be a good point to put down the torches and pitchforks and take a sober look at why Vim really is the logical choice for fast, ergonomic coding and editing.

Continue reading “On Vim, Modal Interfaces And The Way We Interact With Computers”

Hackaday Podcast 234: Machines On Fire, Old Kinect New Kinect, And Birth Of The Breadboard

September 1, 2023 by 6 Comments

It might sound like a joke, but this week, Elliot Williams and Tom Nardi start things off by asking how you keep a Polish train from running. Like always, the answer appears to be a properly modulated radio signal. After a fiery tale about Elliot’s burned beans, the discussion moves over to the adventure that is home CNC ownership, the final chapter in the saga of the Arecibo Telescope, and the unexpected longevity of Microsoft’s Kinect. Then it’s on to the proper way to cook a PCB, FFmpeg in the browser, and a wooden cyberdeck that’s worth carrying around. Finally, they’ll go over the next generation of diode laser engravers, and take a look back at the origins of the lowly breadboard.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Download it yourself. You don’t need the cloud!

Continue reading “Hackaday Podcast 234: Machines On Fire, Old Kinect New Kinect, And Birth Of The Breadboard”

This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack

September 1, 2023 by 6 Comments

Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice something odd about those two vulnerabilities, but I promise the 2020 date is only the tip of the iceberg here.

Let’s start with PostgreSQL. That vulnerability was only present in version 12.2, which released in February of 2020, and was fixed with the 12.3 release in May of that same year. The problem is a stack buffer overflow, which doesn’t seem to enable code execution, but does cause a denial of service situation. To trigger the bug? Repeatedly send the PostgreSQL daemon the SIGHUP signal.

If you’re familiar with Linux signals, that might sound odd. See, the SIGHUP signal technically indicates the end of a user session, but most daemons use it to indicate a restart or reload request. And to send this signal, a user has to have elevated privileges — elevated enough to simply stop the daemon altogether. Put simply, it’s not a security vulnerability, just a minor bug.

And now on to curl — This one is just bizarre. The issue is a integer overflow in the --retry-delay argument, which specifies in seconds how often curl should retry a failing download. The value is multiplied by 1000 to convert to milliseconds, resulting in an overflow for very large values. The result of that overflow? A smaller value for the retry delay.

[Daniel Stenberg] makes the point that this tale is a wonderful demonstration of the brokenness of the CVE system and NVD’s handling of it. And in this case, it’s hard not to see this as negligence. We have to work really hard to construct a theoretical scenario where this bug could actually be exploited. The best I’ve been able to come up with is an online download tool, where the user can specify part of the target name and a timeout. If that tool had a check to ensure that the timeout was large enough to avoid excess traffic, this bug could bypass that check. Should we be assigning CVEs for that sort of convoluted, theoretical attack?

But here’s the thing, that attack scenario should rate something like a CVSS of 4.8 at absolute worst. NVD assigned this a 9.8. There’s no way you can squint at this bug hard enough to legitimately rank it that severe. At the time of writing, the NVD lists this as “UNDERGOING REANALYSIS”.
Continue reading “This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack”

Logic Analyzers: Tapping Into Raspberry Pi Secrets

August 31, 2023 by 45 Comments

Today, I’d like to highlight a tool that brings your hacking skills to a whole new level, and does that without breaking the bank – in fact, given just how much debugging time you can save, how many fun pursuits you can unlock, and the numerous features you can add, this might be one of the cheapest tools you will get. Whether it’s debugging weird problems, optimizing your code, probing around a gadget you’re reverse-engineering, or maybe trying to understand someone’s open-source library, you are likely missing out a lot if you don’t have a logic analyzer on hand!

It’s heartbreaking to me that some hackers still don’t know the value that a logic analyzer brings. Over and over again, tactical application of a logic analyzer has helped me see an entirely different perspective on something I was hacking on, and that’s just the thing I’d like to demonstrate today.

Diving In

A logic analyzer has a number of digital inputs, and it continuously reads the state of these digital inputs, sending them to your computer or showing them on a screen – it’s like a logic-level-only oscilloscope. If you have an I2C bus with one MCU controlling a sensor, connect a logic analyzer to the clock and data pins, wire up the ground, launch the logic analyzer software on your computer, and see what’s actually happening.

For instance, have you ever noticed the ID_SC and ID_SD pins on the Raspberry Pi GPIO connector? Are you wondering what they’re for? Don’t you want to check what actually happens on these pins? Let’s do that right now! Continue reading “Logic Analyzers: Tapping Into Raspberry Pi Secrets”

Review: WAINLUX K8, A Diode Laser That’s Ready To Work

August 28, 2023 by 24 Comments

Rarely a week goes by that some company doesn’t offer to send us their latest and greatest laser. You know the type — couple of aluminum extrusions, Class 4 diode flopping around in the breeze, and no enclosure to speak of unless you count the cardboard box they shipped it in. In other words, an accident waiting to happen. Such gracious invitations get sent to the trash without a second thought.

Now don’t get me wrong, I have no doubt that the average Hackaday reader would be able to render such a contraption (relatively) safe for use around the shop. Build a box around it, bolt on a powerful enough fan to suck the smoke out through the window, and you’ve turned a liability into a legitimate tool. But the fact remains that we simply can’t put our stamp on something that is designed with such a blatant disregard for basic safety principles.

The earlier WAINLUX JL4 — lucky rabbit foot not included.

That being the case, a recent email from WAINLUX nearly met the same fate as all those other invitations. But even at a glance it was clear that this new machine they wanted to send out, the K8, was very different from others we’d seen. Different even from what the company themselves have put out to this point. This model was fully enclosed, had a built-in ventilation fan, an optional air filter “sidecar”, and yes, it would even turn off the laser if you opened the door while it was in operation. After reading through the promotional material they sent over, I had to admit, I was intrigued.

It seemed like I wasn’t the only one either; it was only a matter of days before the Kickstarter for the WAINLUX K8 rocketed to six figures. At the time of this writing, the total raised stands at just under $230,000 USD. There’s clearly a demand for this sort of desktop laser, the simplicity of using a diode over a laser tube is already appealing, but one that you could actually use in a home with kids or pets would be a game changer for many people.

But would the reality live up to the hype? I’ve spent the last couple of weeks putting a pre-production WAINLUX K8 through its paces, so let’s take a look and see if WAINLUX has a winner on their hands.

Continue reading “Review: WAINLUX K8, A Diode Laser That’s Ready To Work”

Text Compression Gets Weirdly Efficient With LLMs

August 27, 2023 by 65 Comments

It used to be that memory and storage space were so precious and so limited of a resource that handling nontrivial amounts of text was a serious problem. Text compression was a highly practical application of computing power.

Today it might be a solved problem, but that doesn’t mean it doesn’t attract new or unusual solutions. [Fabrice Bellard] released ts_zip which uses Large Language Models (LLM) to attain text compression ratios higher than any other tool can offer.

LLMs are the technology behind natural language AIs, and applying them in this way seems effective. The tradeoff? Unlike typical compression tools, the lossless decompression part isn’t exactly guaranteed when an LLM is involved. Lossy compression methods are in fact quite useful. JPEG compression, for example, is a good example of discarding data that isn’t readily perceived by humans to make a smaller file, but that isn’t usually applied to text. If you absolutely require lossless compression, [Fabrice] has that covered with NNCP, a neural-network powered lossless data compressor.

Do neural networks and LLMs sound far too serious and complicated for your text compression needs? As long as you don’t mind a mild amount of definitely noticeable data loss, check out [Greg Kennedy]’s Lossy Text Compression which simply, brilliantly, and amusingly uses a thesaurus instead of some fancy algorithms. Yep, it just swaps longer words for shorter ones. Perhaps not the best solution for every need, but between that and [Fabrice]’s brilliant work we’re confident there’s something for everyone who craves some novelty with their text compression.

[Photo by Matthew Henry from Burst]

Bypassing Bitlocker With A Logic Analzyer

August 25, 2023 by 27 Comments

Security Engineer [Guillaume Quéré] spends the day penetration testing systems for their employer and has pointed out and successfully exploited a rather obvious weakness in the BitLocker full volume encryption system, which as the linked article says, allows one to simply sniff the traffic between the discrete TPM chip and CPU via an SPI bus. The way Bitlocker works is to use a private key stored in the TPM chip to encrypt the full volume key that in turn was used to encrypt the volume data. This is all done by low-level device drivers in the Windows kernel and is transparent to the user.

TPM chip pins too small? Just find something else on the bus!

The whole point of BitLocker was to prevent access to data on the secured volume in the event of a physical device theft or loss. Simply pulling the drive and dropping it into a non-secured machine or some other adaptor would not provide any data without the key stored by the TPM. However, since that key must pass as plaintext from the TPM to the CPU during the boot sequence, [Guillaume] shows that it is quite straightforward — with very low-cost tools and free software — to simply locate and sniff out this TPM-to-CPU transaction and decode the datastream and locate the key. Using little more than a cheapo logic analyser hooked up to some conveniently large pins on a nearby flash chip (because the SCK, MISO, and MOSI pins are shared with the TPM) the simple TIS was decoded enough to lock onto the bytes of the TPM frame. This could then be decoded with a TPM stream decoder web app, courtesy of the TPM2-software community group. The command to look for is the TPM_CC.Unseal which is the request from the CPU to the TPM to send over that key we’re interested in. After that just grabbing and decoding the TPM response frame will immediately reveal the goods.

Continue reading “Bypassing Bitlocker With A Logic Analzyer”