Ask Hackaday: Learn Assembly First, Last, Or Never?

July 14, 2023 by 154 Comments

A few days ago, I ran into an online post where someone pointed out the book “Learn to Program with Assembly” and asked if anyone had ever learned assembly language as a first programming language. I had to smile because, if you are a certain age, your first language may well have been assembly, even if it was assembly for machines that never existed.

Of course, that was a long time ago. It is more likely, these days, if you are over 40, you might have learned BASIC first. Go younger, and you start skewing towards Java, Javascript, or even C. It got me thinking, though: should people learn assembly, and if so, when?

Continue reading “Ask Hackaday: Learn Assembly First, Last, Or Never?”

Hackaday Podcast 227: Open Source Software, Decoupling Caps, DIY VR

July 14, 2023 by 1 Comment

Elliot Williams and Tom Nardi start this week’s episode by addressing the ongoing Red Hat drama and the trend towards “renting” software. The discussion then shifts to homebrew VR gear, a particularly impressive solar-powered speaker, and some promising developments in the world of low-cost thermal cameras. Stay tuned to hear about color-changing breadboards, an unofficial logo for repairable hardware, and five lines of Bash that aim to unseat the entrenched power of Slack. Finally, we’ll take the first steps in an epic deep-dive into the world of DisplayPort, and take a journey of the imagination aboard an experimental nuclear ocean liner.

Check out the complete show notes below, and as always, let us know what you think in the comments.

Or download the episode directly in glorious DRM-free MP3.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 227: Open Source Software, Decoupling Caps, DIY VR”

Students 3D Print Low Cost Braille Keypad

July 14, 2023 by 7 Comments

Numerical keypads are common entry devices for everything from home security systems to phones and more. Unfortunately, a great deal of them are difficult to use if you’re visually impaired. This high-contrast Braille keypad aims to solve those issues with simple design choices.

The keypad was developed as a school project by students [Nicholas Nguyen] and [Daniel Wang]. It uses a regular layout, with 1 at the top left and 9 at the bottom right. The keypad itself is 3D printed with large buttons for easier use. Each button has its numeral inlaid on the face which allows it to be easily filled in with paint for high-contrast readability.

The real neat feature, though, is that each individual button features its relevant number in Braille. The pips are directly 3D printed into the shape of each button. For those that familiar with the tactile writing system, this makes the keypad much easier to use. It obviates the need to guess at the keypad’s orientation, and we’re honestly surprised we don’t see this on more devices out in the wild.

We’ve featured a variety of neat Braille hacks over the years, including this neat tactile display.

Continue reading “Students 3D Print Low Cost Braille Keypad”

This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More

July 14, 2023 by 4 Comments

First up, Apple issued an emergency patch, then yanked, and re-issued it. The problem was a Remote Code Execution (RCE) vulnerability in WebKit — the basis of Apple’s cross-platform web browser. The downside of a shared code base,is that bugs too are write-once, exploit-anywhere. And with Apple’s walled garden insisting that every browser on iOS actually run WebKit under the hood, there’s not much relief without a patch like this one.

The vulnerability in question, CVE-2023-37450, is a bit light on further details except to say that it’s known to be exploited in the wild. The first fix also bumped the browser’s user-agent string, adding an (a) to denote the minor update. This was apparently enough to break some brittle user-agent detection code on popular websites, resulting in an unhelpful “This web browser is no longer supported” message. The second patch gets rid of the notification.

Microsoft Loses It

Microsoft has announced that on May 15th, an attack from Storm-0558 managed to breach the email accounts of roughly 25 customers. This was pulled off via “an acquired Microsoft account (MSA) consumer signing key.” The big outstanding question is how Microsoft lost control of that particular key. According to an anonymous source speaking to The Washington Post, some of the targeted accounts were government employees, including a member of cabinet. Apparently the FBI is asking Microsoft this very same question.

Speaking of Microsoft, there’s also CVE-2023-36884, a vulnerability in Microsoft Office. This one appears to be related to the handling of HTML content embedded in Office documents, and results in code execution upon opening the document. This along with another vulnerability (CVE-2023-36874) was being used by storm- another unknown threat actor, Storm-0978 in an ongoing attack.

There’s an interesting note that this vulnerability can be mitigated by an Attack Surface Reduction (ASR) rule, that blocks Office from launching child processes. This might be a worthwhile mitigation step for this and future vulnerabilities in office. Continue reading “This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More”

How Does Your McDonald’s Burger Get To You?

July 14, 2023 by 32 Comments

Table service and McDonalds sound as though they should be mutually exclusive as a fundamental of the giant chain’s fast food business model, but in many restaurants there’s the option of keying in the number from a plastic beacon when you order, placing the beacon on the table, and waiting for a staff member to bring your food. How does the system work? [Whiterose Infosec] scored one of the beacons, and subjected it to a teardown and some probing.

The beacon in question has the look of being an older model judging by the 2009 date codes on its radio module and the evident corrosion on its battery terminals. Its Bluetooth 4 SoC is end-of-life, so it’s possible that this represents a previous version of the system. It has a few other hardware features, including a magnet and a sensor designed to power the board down when it is stacked upon another beacon.

Probing its various interfaces revealed nothing, as did connecting to the device via Bluetooth. However some further research as well as asking some McD’s employees revealed some of its secret. It does little more than advertise its MAC address, and an array of Bluetooth base stations in the restaurant use that to triangulate its approximate position.

If you’ve ever pondered how these beacons work while munching on your McFood, you might also like to read about McVulnerabilities elsewhere in the system.

Sloth Door Greeter Uses Neat Fold-Up Electronics Enclosures

July 14, 2023 by 3 Comments

[Alan Reiner] is building a sloth-like door greeter for his house. Sloxel, as he is affectionately known, can move around and even talk, with [Alan] using some nifty tricks in the design process

Sloxel’s job is to vet visitors to [Alan’s] house, before inviting them to knock on the door or to leave their details and go away. There’s still plenty of work to do on that functionality, which [Alan] plans to implement using ChatGPT. In the meantime, though, he’s been working hard on the hardware platform that will power Sloxel. A Raspberry Pi 3B+ is charged with running the show, including talking to the ChatGPT API and handling Sloxel’s motion along a linear rail with a number of stepper motors.

What we really love about this build, though, is the enclosure. [Alan] designed a housing for everything that can be 3D printed as a single part with print-in-place hinges. The four sides of the enclosure can then be folded up and into place with a minimum of fuss. Plus, the enclosure has plenty of nifty features that makes it easy to mount all the required hardware. It’s a neat design that we’d love to repurpose for some of our own projects.

We’ve seen other neat ideas in this area before, like using PCBs themselves as an enclosure. Video after the break.

Continue reading “Sloth Door Greeter Uses Neat Fold-Up Electronics Enclosures”

At Last, A Beagle V In The Wild

July 13, 2023 by 41 Comments

The RISC-V ISA specification contains the recipe for everything from the humblest of microcontrollers to the most accomplished of high-end application processors, but it’s fair to say that at our end of the market it’s mostly been something for the lower end. There are plenty of inexpensive small RISC-V microcontrollers, but so far not much powerful enough for example to run a Linux-based operating system.

It’s a situation that’s slowly changing though, and it looks as though things may have taken a turn for the better as a new BeagleBoard has appeared using a RISC-V chip. The BeagleV-Ahead has a BeagleBone form factor and packs an Alibaba T-Head TH1520 SoC, a 2GHz quad-core part with a GPU and DSP components on-board. They link to a selection of distributors, from which one can seemingly be bought for about $170.

It’s a departure from the ARM chips that have until now powered the BeagleBoard line, but its appearance shouldn’t come as a surprise to seasoned Beagle watchers as they announced their RISC-V developments back in 2021. We’re guessing they too had to contend with the chip shortage which hit other players such as Raspberry Pi, so we’re pleased to see a product on the market. In particular though we’re pleased to see one on a BeagleBoard. because unlike a random no-name single board computer they’re a manufacturer who supports their products.

There’s a page with a good choice of operating systems for the board, and we hope that this means they provide kernel support for this SoC. This is the real benefit of buying a BeagleBoard or a Raspberry Pi, because cheap competitors will typically support only one kernel version compared with their years of support. So while this board is by no means cheap, we’re hoping it heralds a new wave of powerful RISC-V computers. Something to look forward to indeed.