Featured

3025 Articles

Longform articles, the best of what the Hackaday writing crew has to offer.

Could Moon Dust Help Reduce Global Temperatures?

October 10, 2023 by 66 Comments

The impacts of climate change continue to mount on human civilization, with warning signs that worse times are yet to come. Despite the scientific community raising an early warning as to the risks of continued air pollution and greenhouse gas output, efforts to stem emissions have thus far had minimal impact. Continued inaction has led some scientists to consider alternative solutions to stave off the worst from occurring.

Geoengineering has long been touted as a potential solution for our global warming woes. Now, the idea of launching a gigantic dust cloud from the moon to combat Earth’s rising temperatures is under the spotlight. However, this very sci-fi solution has some serious implications if pursued, if humanity can even achieve the feat in the first place.

Continue reading “Could Moon Dust Help Reduce Global Temperatures?”

This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning

October 6, 2023 by 8 Comments

This week starts out with a nifty vulnerability in the glibc dynamic loader. This is an important step in running a binary executable on Linux, as it pulls the list of required shared libraries, and loads those libraries into memory. Glibc also includes a feature to adjust some runtime settings, via the GLIBC_TUNABLES environment variable. That’s where the vulnerability resides, and researchers from Qualsys obviously had a bit of fun in taking inspiration to pick the vulnerability name, “Looney Tunables”.

The problem is memory handling in the sanitizing parser. This function iterates through the environment variable, looking for strings of tunable1=aa, separated by colons. These strings get copied to the sanitized buffer, but the parsing logic goes awry when handling the malformed tunable1=tunable2=AAA. The first equals sign is taken at face value, copying the rest of the string into the buffer. But then the second equals sign is also processed as another key=value pair, leading to a buffer overflow.

The reason this particular overflow is interesting is that if the binary to be run is a Set-User-ID (SUID) root application, the dynamic loader runs as root, too. If the overflow can achieve code execution, then it’s a straightforward privilege escalation. And since we’re talking about it, you know there’s a way to execute code. It turns out, it’s possible to overwrite the pointer to the library search path, which determines where the dynamic loader will look for libraries. Tell it to look first in an attacker-controlled location, and you can easily load a malicious libc.so for instant code execution.

This vulnerability affects many Linux distros, and there’s already a Proof of Concept (PoC) published. So, it’s time to go check for updates for cve-2023-4911. Continue reading “This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning”

Robotic Mic Swarm Helps Pull Voices Out Of Crowded Room Of Multiple Speakers

October 4, 2023 by 27 Comments

One of the persistent challenges in audio technology has been distinguishing individual voices in a room full of chatter. In virtual meeting settings, the moderator can simply hit the mute button to focus on a single speaker. When there’s multiple people making noise in the same room, though, there’s no easy way to isolate a desired voice from the rest. But what if we ‘mute’ out these other boisterous talkers with technology?

Enter the University of Washington’s research team, who have developed a groundbreaking method to address this very challenge. Their innovation? A smart speaker equipped with self-deploying microphones that can zone in on individual speech patterns and locations, thanks to some clever algorithms.

Continue reading “Robotic Mic Swarm Helps Pull Voices Out Of Crowded Room Of Multiple Speakers”

Chip Shortage Engineering: Misusing DIP Packages

October 3, 2023 by 57 Comments

After years of seeing people showing off and trading their badge Simple Add-Ons (SAOs) at Supercon, this year I finally decided to make one myself. Now for a first attempt, it would have been enough to come up with some cool PCB art and stick a few LEDs on it. But naturally I started with a concept that was far more ambitious than necessary, and before long, had convinced myself that the only way to do the thing justice was to have an onboard microcontroller.

My first thought was to go with the venerable ATtiny85, and since I already had a considerable stock of the classic eight-pin DIP MCUs on hand, that’s what I started prototyping with. After I had something working on the breadboard, the plan was to switch over to the SOIC-8 version of the chip which would be far more appropriate for something as small as an SAO.

Unfortunately, that’s where things got tricky. I quickly found that none of the major players actually had the SMD version of the chip in stock. Both DigiKey and Mouser said they didn’t expect to get more in until early 2024, and while Arrow briefly showed around 3,000 on hand, they were all gone by the time I checked back. But that was only half the problem — even if they had them, $1.50 a piece seems a hell of a lot of money for an 8-bit MCU with 8K of flash in 2023.

The whole thing was made all the more frustrating by the pile of DIP8 ATtiny85s sitting on the bench, mocking me. Under normal circumstances, using them in an SAO wouldn’t really be a problem, but eight hand-soldered leads popping through the front artwork would screw up the look I had in mind.

While brooding over the situation my eyes happened to fall on one of the chips I had been fiddling with, it’s legs badly bent from repeated trips through the programmer. Suddenly it occurred to me that maybe there was a way to use the parts I already had…

Continue reading “Chip Shortage Engineering: Misusing DIP Packages”

Why Walking Tanks Never Became A Thing

October 2, 2023 by 67 Comments

The walking tank concept has always captured imaginations. Whether you’re talking about the AT-AT walkers of Star Wars, or the Dreadnoughts from Warhammer 40,000, they are often portrayed in fiction as mighty and capable foes on the battlefield. These legged behemoths ideally combine the firepower and defense of traditional tanks with the versatility of a legged walking frame.

Despite their futuristic allure, walking tanks never found a practical military application. Let’s take a look at why tracks still rule, and why walking combat machines are going to remain firmly in the realm of fiction for the foreseeable future.

Continue reading “Why Walking Tanks Never Became A Thing”

A Raspberry Pi 5 Is Better Than Two Pi 4s

September 28, 2023 by 192 Comments

What’s as fast as two Raspberry Pi 4s? The brand-new Raspberry Pi 5, that’s what. And for only a $5 upcharge (with an asterisk), it’s going to the new go-to board from the British House of Fruity Single-Board Computers. But aside from the brute speed, it also has a number of cool features that will make using the board easier for a number of projects, and it’s going to be on sale in October. Raspberry Pi sent us one for review, and if you were just about to pick up a Pi 4 for a project that needs the speed, we’d say that you might wait a couple weeks until the Raspberry Pi 5 goes on sale.

Twice as Nice

On essentially every benchmark, the Raspberry Pi 5 comes in two to three times faster than the Pi 4. This is thanks to the new Broadcom BCM2712 system-on-chip (SOC) that runs four ARM A76s at 2.4 GHz instead of the Pi 4’s ARM A72s at 1.8 GHz. This gives the CPUs a roughly 2x – 3x advantage over the Pi 4. (Although the Pi 4 was eminently overclockable in the CM4 package.)

The DRAM runs at double the clock speed. The video core is more efficient and pushes pixels about twice as fast. The new WiFi controller in the SOC allows about twice as much throughput to the same radio. Even the SD card interface is capable of running twice as fast, speeding up boot times to easily under 10 sec – maybe closer to 8 sec, but who’s counting?

Heck, while we’re on factors of two, there are now two MIPI camera/display lines, so you can do stereo imaging straight off the board, or run a camera and external display simultaneously. And it’s capable of driving two 4k HDMI displays at 60 Hz.

There are only two exceptions to the overall factor-of-two improvements. First, the Gigabyte Ethernet remains Gigabyte Ethernet, so that’s a one-ex. (We’re not sure who is running up against that constraint, but if it’s you, you’ll want an external network adapter.) But second, the new Broadcom SOC finally supports the ARM cryptography extensions, which make it 45x faster at AES, for instance. With TLS almost everywhere, this keeps crypto performance from becoming the bottleneck. Nice.

All in all, most everything performance-related has been doubled or halved appropriately, and completely in line with the only formal benchmarks we’ve seen so far, it feels about twice as fast all around in our informal tests. Compared with a Pi 400 that I use frequently in the basement workshop, the Pi 5 is a lot snappier.

Continue reading “A Raspberry Pi 5 Is Better Than Two Pi 4s”

Do Bounties Hurt FOSS?

September 27, 2023 by 17 Comments

As with many things in life, motivation is everything. This also applies to the development of software, which is a field that has become immensely important over the past decades. Within a commercial context, the motivation  to write software is primarily financial, in that a company’s products are developed by individuals who are being financially compensated for their time. This is often different with Free and Open Source Software (FOSS) projects, where the motivation to develop the software is in many cases derived more out of passion and sometimes a wildly successful hobby rather than any financial incentives.

Yet what if financial incentives are added by those who have a vested interest in seeing certain features added or changed in a FOSS project? While with a commercial project it’s clear (or should be) that the paying customers are the ones whose needs are to be met, with a volunteer-based FOSS project the addition of financial incentives make for a much more fuzzy system. This is where FOSS projects like the Zig programming language have put down their foot, calling FOSS bounties ‘damaging’.

Continue reading “Do Bounties Hurt FOSS?”