Featured

3002 Articles

Longform articles, the best of what the Hackaday writing crew has to offer.

The Pros And Cons Of Hydrofoils

October 17, 2023 by 25 Comments

Hydrofoils have fascinated naval architects and marine designers for years. Fitted with underwater wings, these designs traverse the waters at great speed with a minimum of drag. As with many innovative technologies, though, the use of hydrofoils is riddled with challenges that often offset the vast benefits they offer.

While hydrofoils promise a better marine transportation experience, their adoption hasn’t been smooth sailing. In this article, we’ll dive deep into the potential and pitfalls of hydrofoil designs, and look at the unique niches this technology serves today.

Continue reading “The Pros And Cons Of Hydrofoils”

Why The RP1 Is The Most Important Product Raspberry Pi Have Ever Made

October 16, 2023 by 92 Comments

We’ve had about a week to digest the pending arrival of the Raspberry Pi 5, and it’s safe to say that the new board from Cambridge has produced quite some excitement with its enhanced specifications and a few new capabilities not seen in its predecessors. When it goes on general sale we expect that it will power a slew of impressive projects in these pages, and we look forward with keen anticipation to its companion Compute Module 5, and we sincerely hope eventually a Raspberry Pi 500 all-in-one. It’s the latest in a line of incrementally-upgraded single board computers from the company, but we think it conceals something of much greater importance than the improvements that marked previous generations. Where do we think the secret sauce lies in the Pi 5? In the RP1 all-in-one PCIe peripheral chip of course, the chip which provides most of the interfacing on the new board. Continue reading “Why The RP1 Is The Most Important Product Raspberry Pi Have Ever Made”

USB-C For Hackers: Build Your Own PSU

October 12, 2023 by 43 Comments

What if you wanted to build your own USB-C PSU? Good news – it’s easy enough! If you ever wanted to retrofit a decent DC PSU of yours to the USB-C standard, say, you got a Lenovo/HP/Dell 19V-20V charger brick and you’ve ever wished it were USB-C, today is the day when we do exactly that. To be fair, we will cheat a bit – but only a tiny bit, we won’t be deviating too much from the specification! And, to begin with, I’ll show you some exceptionally easy ways that you can turn your DC PSU into a USB-C compatible one, with a simple module or a few.

Turning a 20 V PSU into a USB-C PSU feels natural if you want to charge a laptop – those tend to request 20 V from a USB-C PSU anyway, so what’s the big deal? However, you can’t just put 20 V onto a USB-C connector – you have to add a fair bit of extra logic to make your newly christened USB-C PSU safe to use with 5 V devices, and this logic also requires you go through a few extra steps before 20 V appears on VBUS. Any USB-C PSU has to output 5 V first and foremost whenever a device is connected, up until a higher voltage is negotiated digitally, and the PSU may only switch to a higher voltage output when it’s requested to do so.

Now, for that, a PSU offers a list of profiles, and we looked into those profiles in the Replying PD article – each profile is four bytes that contain information about the profile voltage, maximum current that the device may draw at that voltage, and a few other details. For a PSU to be USB-C compliant, the USB-C specification says that, in addition to 5 V, you may also offer 9 V, 15 V, and 20 V.

Also, the specification says that if a PSU supports certain in-spec voltage like 15 V, it’s also required by the spec to offer all of the spec-defined voltages below the maximum one – for 15 V, that also requires supporting 9 V. Both of these are UX requirements, as opposed to technical requirements – it’s easier for device and PSU manufacturers to work with a small set of pre-defined voltages that majority of the chargers will support, but in reality, you can actually offer any voltage you want in the PSU advertisement; at worst, a device is going to refuse and contend with slowly charging from the 5 V output that you’re required to produce.

I’d like to walk you through how off-the-shelf USB-C PSUs work, all of the options you can use to to create one, and then, let’s build our own USB-C PSU from scratch! Continue reading “USB-C For Hackers: Build Your Own PSU”

You’ve Got Mail: It All Depends On ZIP Code

October 12, 2023 by 26 Comments

Previously on You’ve Got Mail, we looked at a few services that were designed to speed up the mail at various points along the way. But these improvements were all taking place on the USPS’ side of the the fence. Was there anything the customer could be doing to help out?

A post card from my collection.

As it turns out, yes. And it was almost too late. Whereas you could once address a letter or postcard simply to “Fred Minke, Somerset, Wis.” and it would reach him, the volume of mail was getting completely out of hand with the rise of computers, automated billing, and advertising. Something was needed to improve routing and speed up delivery.

We all know enough about ZIP codes to use them, but where did they come from? How many types are out there? What do they even mean? Let’s find out.

Continue reading “You’ve Got Mail: It All Depends On ZIP Code”

Meshtastic And Owntracks To Kick Your Google Habit

October 11, 2023 by 20 Comments

I have an admission to make. I have a Google addiction. Not the normal addiction — I have a problem with Google Maps, and the timeline feature. I know, I’m giving my location data to Google, who does who-knows-what-all with it. But it’s convenient to have an easy way to share location with my wife, and very useful to track my business related travel for each month. What we could really use is a self-hosted, open source system to track locations and display location history. And for bonus points, let’s include some extra features, like the ability to track vehicles, kids, and pets that aren’t carrying a dedicated Internet connection.

You can read the title — you know where we’re going with this. We’re setting up an Owntracks service, and then tying it to Meshtastic for off-Internet usability. The backbone that makes this work is MQTT, a network message bus that has really found its niche in the Home Assistant project among others. It’s a simple protocol, where clients send brief messages labeled by topic, and can also subscribe to specific topics. For this little endeavor we’ll use the Mosquito MQTT broker.

One of the nice things about MQTT is that the messages are all text strings, and often take the form of JSON. When trying to get two applications to talking using a shared MQTT server, there may need to be a bit of translation. One application may label a field latitude, and the other shortens it to lat. The glue code to put these together is often known as an MQTT translator, or sometimes an MQTT bridge. This is a program that listens to a given topic, ingests each message, and sends it back to the MQTT server in a different format and topic name.

The last piece is Owntracks, which has a recorder project, which pulls locations from the MQTT server, and stores it locally. Then there’s Owntracks Frontend, which is a much nicer user interface, with some nice features like viewing movement a day at a time. Continue reading “Meshtastic And Owntracks To Kick Your Google Habit”

Could Moon Dust Help Reduce Global Temperatures?

October 10, 2023 by 66 Comments

The impacts of climate change continue to mount on human civilization, with warning signs that worse times are yet to come. Despite the scientific community raising an early warning as to the risks of continued air pollution and greenhouse gas output, efforts to stem emissions have thus far had minimal impact. Continued inaction has led some scientists to consider alternative solutions to stave off the worst from occurring.

Geoengineering has long been touted as a potential solution for our global warming woes. Now, the idea of launching a gigantic dust cloud from the moon to combat Earth’s rising temperatures is under the spotlight. However, this very sci-fi solution has some serious implications if pursued, if humanity can even achieve the feat in the first place.

Continue reading “Could Moon Dust Help Reduce Global Temperatures?”

This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning

October 6, 2023 by 8 Comments

This week starts out with a nifty vulnerability in the glibc dynamic loader. This is an important step in running a binary executable on Linux, as it pulls the list of required shared libraries, and loads those libraries into memory. Glibc also includes a feature to adjust some runtime settings, via the GLIBC_TUNABLES environment variable. That’s where the vulnerability resides, and researchers from Qualsys obviously had a bit of fun in taking inspiration to pick the vulnerability name, “Looney Tunables”.

The problem is memory handling in the sanitizing parser. This function iterates through the environment variable, looking for strings of tunable1=aa, separated by colons. These strings get copied to the sanitized buffer, but the parsing logic goes awry when handling the malformed tunable1=tunable2=AAA. The first equals sign is taken at face value, copying the rest of the string into the buffer. But then the second equals sign is also processed as another key=value pair, leading to a buffer overflow.

The reason this particular overflow is interesting is that if the binary to be run is a Set-User-ID (SUID) root application, the dynamic loader runs as root, too. If the overflow can achieve code execution, then it’s a straightforward privilege escalation. And since we’re talking about it, you know there’s a way to execute code. It turns out, it’s possible to overwrite the pointer to the library search path, which determines where the dynamic loader will look for libraries. Tell it to look first in an attacker-controlled location, and you can easily load a malicious libc.so for instant code execution.

This vulnerability affects many Linux distros, and there’s already a Proof of Concept (PoC) published. So, it’s time to go check for updates for cve-2023-4911. Continue reading “This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning”