Featured

2985 Articles

Longform articles, the best of what the Hackaday writing crew has to offer.

You’ve Got Mail: It All Depends On ZIP Code

October 12, 2023 by 26 Comments

Previously on You’ve Got Mail, we looked at a few services that were designed to speed up the mail at various points along the way. But these improvements were all taking place on the USPS’ side of the the fence. Was there anything the customer could be doing to help out?

A post card from my collection.

As it turns out, yes. And it was almost too late. Whereas you could once address a letter or postcard simply to “Fred Minke, Somerset, Wis.” and it would reach him, the volume of mail was getting completely out of hand with the rise of computers, automated billing, and advertising. Something was needed to improve routing and speed up delivery.

We all know enough about ZIP codes to use them, but where did they come from? How many types are out there? What do they even mean? Let’s find out.

Continue reading “You’ve Got Mail: It All Depends On ZIP Code”

Meshtastic And Owntracks To Kick Your Google Habit

October 11, 2023 by 20 Comments

I have an admission to make. I have a Google addiction. Not the normal addiction — I have a problem with Google Maps, and the timeline feature. I know, I’m giving my location data to Google, who does who-knows-what-all with it. But it’s convenient to have an easy way to share location with my wife, and very useful to track my business related travel for each month. What we could really use is a self-hosted, open source system to track locations and display location history. And for bonus points, let’s include some extra features, like the ability to track vehicles, kids, and pets that aren’t carrying a dedicated Internet connection.

You can read the title — you know where we’re going with this. We’re setting up an Owntracks service, and then tying it to Meshtastic for off-Internet usability. The backbone that makes this work is MQTT, a network message bus that has really found its niche in the Home Assistant project among others. It’s a simple protocol, where clients send brief messages labeled by topic, and can also subscribe to specific topics. For this little endeavor we’ll use the Mosquito MQTT broker.

One of the nice things about MQTT is that the messages are all text strings, and often take the form of JSON. When trying to get two applications to talking using a shared MQTT server, there may need to be a bit of translation. One application may label a field latitude, and the other shortens it to lat. The glue code to put these together is often known as an MQTT translator, or sometimes an MQTT bridge. This is a program that listens to a given topic, ingests each message, and sends it back to the MQTT server in a different format and topic name.

The last piece is Owntracks, which has a recorder project, which pulls locations from the MQTT server, and stores it locally. Then there’s Owntracks Frontend, which is a much nicer user interface, with some nice features like viewing movement a day at a time. Continue reading “Meshtastic And Owntracks To Kick Your Google Habit”

Could Moon Dust Help Reduce Global Temperatures?

October 10, 2023 by 66 Comments

The impacts of climate change continue to mount on human civilization, with warning signs that worse times are yet to come. Despite the scientific community raising an early warning as to the risks of continued air pollution and greenhouse gas output, efforts to stem emissions have thus far had minimal impact. Continued inaction has led some scientists to consider alternative solutions to stave off the worst from occurring.

Geoengineering has long been touted as a potential solution for our global warming woes. Now, the idea of launching a gigantic dust cloud from the moon to combat Earth’s rising temperatures is under the spotlight. However, this very sci-fi solution has some serious implications if pursued, if humanity can even achieve the feat in the first place.

Continue reading “Could Moon Dust Help Reduce Global Temperatures?”

This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning

October 6, 2023 by 8 Comments

This week starts out with a nifty vulnerability in the glibc dynamic loader. This is an important step in running a binary executable on Linux, as it pulls the list of required shared libraries, and loads those libraries into memory. Glibc also includes a feature to adjust some runtime settings, via the GLIBC_TUNABLES environment variable. That’s where the vulnerability resides, and researchers from Qualsys obviously had a bit of fun in taking inspiration to pick the vulnerability name, “Looney Tunables”.

The problem is memory handling in the sanitizing parser. This function iterates through the environment variable, looking for strings of tunable1=aa, separated by colons. These strings get copied to the sanitized buffer, but the parsing logic goes awry when handling the malformed tunable1=tunable2=AAA. The first equals sign is taken at face value, copying the rest of the string into the buffer. But then the second equals sign is also processed as another key=value pair, leading to a buffer overflow.

The reason this particular overflow is interesting is that if the binary to be run is a Set-User-ID (SUID) root application, the dynamic loader runs as root, too. If the overflow can achieve code execution, then it’s a straightforward privilege escalation. And since we’re talking about it, you know there’s a way to execute code. It turns out, it’s possible to overwrite the pointer to the library search path, which determines where the dynamic loader will look for libraries. Tell it to look first in an attacker-controlled location, and you can easily load a malicious libc.so for instant code execution.

This vulnerability affects many Linux distros, and there’s already a Proof of Concept (PoC) published. So, it’s time to go check for updates for cve-2023-4911. Continue reading “This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning”

Robotic Mic Swarm Helps Pull Voices Out Of Crowded Room Of Multiple Speakers

October 4, 2023 by 27 Comments

One of the persistent challenges in audio technology has been distinguishing individual voices in a room full of chatter. In virtual meeting settings, the moderator can simply hit the mute button to focus on a single speaker. When there’s multiple people making noise in the same room, though, there’s no easy way to isolate a desired voice from the rest. But what if we ‘mute’ out these other boisterous talkers with technology?

Enter the University of Washington’s research team, who have developed a groundbreaking method to address this very challenge. Their innovation? A smart speaker equipped with self-deploying microphones that can zone in on individual speech patterns and locations, thanks to some clever algorithms.

Continue reading “Robotic Mic Swarm Helps Pull Voices Out Of Crowded Room Of Multiple Speakers”

Chip Shortage Engineering: Misusing DIP Packages

October 3, 2023 by 57 Comments

After years of seeing people showing off and trading their badge Simple Add-Ons (SAOs) at Supercon, this year I finally decided to make one myself. Now for a first attempt, it would have been enough to come up with some cool PCB art and stick a few LEDs on it. But naturally I started with a concept that was far more ambitious than necessary, and before long, had convinced myself that the only way to do the thing justice was to have an onboard microcontroller.

My first thought was to go with the venerable ATtiny85, and since I already had a considerable stock of the classic eight-pin DIP MCUs on hand, that’s what I started prototyping with. After I had something working on the breadboard, the plan was to switch over to the SOIC-8 version of the chip which would be far more appropriate for something as small as an SAO.

Unfortunately, that’s where things got tricky. I quickly found that none of the major players actually had the SMD version of the chip in stock. Both DigiKey and Mouser said they didn’t expect to get more in until early 2024, and while Arrow briefly showed around 3,000 on hand, they were all gone by the time I checked back. But that was only half the problem — even if they had them, $1.50 a piece seems a hell of a lot of money for an 8-bit MCU with 8K of flash in 2023.

The whole thing was made all the more frustrating by the pile of DIP8 ATtiny85s sitting on the bench, mocking me. Under normal circumstances, using them in an SAO wouldn’t really be a problem, but eight hand-soldered leads popping through the front artwork would screw up the look I had in mind.

While brooding over the situation my eyes happened to fall on one of the chips I had been fiddling with, it’s legs badly bent from repeated trips through the programmer. Suddenly it occurred to me that maybe there was a way to use the parts I already had…

Continue reading “Chip Shortage Engineering: Misusing DIP Packages”

Why Walking Tanks Never Became A Thing

October 2, 2023 by 67 Comments

The walking tank concept has always captured imaginations. Whether you’re talking about the AT-AT walkers of Star Wars, or the Dreadnoughts from Warhammer 40,000, they are often portrayed in fiction as mighty and capable foes on the battlefield. These legged behemoths ideally combine the firepower and defense of traditional tanks with the versatility of a legged walking frame.

Despite their futuristic allure, walking tanks never found a practical military application. Let’s take a look at why tracks still rule, and why walking combat machines are going to remain firmly in the realm of fiction for the foreseeable future.

Continue reading “Why Walking Tanks Never Became A Thing”