Featured

2982 Articles

Longform articles, the best of what the Hackaday writing crew has to offer.

Vintage Computer Festival East Was A Retro Madhouse

April 19, 2023 by 36 Comments

The Vintage Computer Festival East took place last weekend at the InfoAge Science and History Museum in New Jersey, and by any metric you care to use, it was a phenomenal success. Everyone you spoke with, from the the exhibitors and attendees, to the veteran volunteers who put this incredible show together, all said the same thing: they’d never seen a turnout like this before.

Of course, such success is not without cost. The exhibit rooms were so packed that moving through them was a challenge, the line to get food or browse the consignment area occasionally stretched outside the building, and at one point the event’s electronic payment system buckled under the pressure.

Some things are worth the wait.

Yet even the folks who waited the better part of an hour to rummage through boxes of dusty treasures, only to find themselves left standing with armfuls of heavy gear they couldn’t pay for until the technical issues were resolved couldn’t really complain. I should know, I was one of them. It would be like going to a concert and getting upset that the music was too loud — the event was advertised as a festival, and that’s exactly what it was.

No matter where you went, you’d find throngs of excited people who were eager to chat about the golden age of computing. So even if you were stuck in a long line, or had to step outside of the exhibit area to get some fresh air, you were always in excellent company. Seeing such a large and diverse number of people come out for what’s ultimately a niche event was exceptionally gratifying. At the end of the day, if the price we have to pay for this kind of community response is a few long lines and tight squeezes, it’s well worth it.

Each time I cover an event like this for Hackaday, I do so with the caveat that there’s really no substitute for being there in person. No matter how many articles you read and YouTube recaps you watch, you’ll never be able to see all the things you would have had you been able to walk the show floor yourself. It’s a bit like exploring the Moon or Mars: remotely controlled robots are capable of capturing terabytes of data and beaming it back to Earth, but even still, there’s the potential to learn so much more by putting boots on the ground.

The same is true of VCF East 2023 — what I bring you here is just the tip of the iceberg in terms of what was on display at this year’s event. On the other hand, you have the advantage of being able to peruse these images without having to stand in line. Is it worth the trade? Only you can be the judge of that. But for my money, I’ll gladly get back in line when VCF East 2024 rolls around.

Continue reading “Vintage Computer Festival East Was A Retro Madhouse”

PUF Away For Hardware Fingerprinting

April 17, 2023 by 9 Comments

Despite the rigorous process controls for factories, anyone who has worked on hardware can tell you that parts may look identical but are not the same. Everything from silicon defects to microscopic variations in materials can cause profoundly head-scratching effects. Perhaps one particular unit heats up faster or locks up when executing a specific sequence of instructions and we throw our hands up, saying it’s just a fact of life. But what if instead of rejecting differences that fall outside a narrow range, we could exploit those tiny differences?

This is where physically unclonable functions (PUF) come in. A PUF is a bit of hardware that returns a value given an input, but each bit of hardware has different results despite being the same design. This often relies on silicon microstructure imperfections. Even physically uncapping the device and inspecting it, it would be incredibly difficult to reproduce the same imperfections exactly. PUFs should be like the ideal version of a fingerprint: unique and unforgeable.

Because they depend on manufacturing artifacts, there is a certain unpredictability, and deciding just what features to look at is crucial. The PUF needs to be deterministic and produce the same value for a given specific input. This means that temperature, age, power supply fluctuations, and radiation all cause variations and need to be hardened against. Several techniques such as voting, error correction, or fuzzy extraction are used but each comes with trade-offs regarding power and space requirements. Many of the fluctuations such as aging and temperature are linear or well-understood and can be easily compensated for.

Broadly speaking, there are two types of PUFs: weak and strong. Weak offers only a few responses and are focused on key generation. The key is then fed into more traditional cryptography, which means it needs to produce exactly the same output every time. Strong PUFs have exponential Challenge-Response Pairs and are used for authenticating. While strong PUFs still have some error-correcting they might be queried fifty times and it has to pass at least 95% of the queries to be considered authenticated, allowing for some error. Continue reading “PUF Away For Hardware Fingerprinting”

This Week In Security: QueueJumper, JS VM2 Escape, And CAN Hacking

April 14, 2023 by 9 Comments

You may not be familiar with the Microsoft Message Queuing (MSMQ) service, a store and forward sort of inter-process and inter-system communication service. MSMQ has become something of a legacy product, but is still available as an optional component in Windows. And in addition to other enterprise software solutions, Microsoft Exchange turns the service on by default. That’s why it’s a bit spooky that there’s a one packet Remote Code Execution (RCE) vulnerability that was just patched in the service.

CVE-2023-21554, also known as QueueJumper, is this unauthenticated RCE with a CVSS score of 9.8. It requires sending a packet to the service on TCP port 1801. The Check Point Research team scanned for listening MSMQ endpoints on the public Internet, and found approximately 360,000 of them. And no doubt far more are listening on internal networks. A one packet exploit is a prime example of a wormable problem, and now that the story has broken, and the patch is available, expect a rapid reverse engineering. Beware, the queue jumpers are coming.

JavaScript VM Escape

The VM2 library is a rather important JavaScript package that sandboxes code, letting a project run untrusted code securely. Or, that’s the idea. CVE-2023-29017 is an example of how hard sandboxing is to get right. It’s another CVSS 9.8 vulnerability, and this one allows a sandbox escape and code execution.

This one now has public Proof of Concept code, and this package has over 16 million monthly installs, so the attack surface is potentially pretty wide. The flaw is fixed in version 3.9.15. Continue reading “This Week In Security: QueueJumper, JS VM2 Escape, And CAN Hacking”

Tinkercad Gets A Move On

April 13, 2023 by 22 Comments

Going to the movies is an experience. But how popular do you think they’d be if you went in, bought your popcorn, picked your seat, and the curtain would rise on a large still photograph? Probably not a great business model. If a picture is worth 1,000 words, then a video is worth at least a million, and that’s why we thought it was awesome that Tinkercad now has a physics simulator built right in.

Look for this icon on the top right toolbar.

It all starts with your 3D model or models, of course. Then there’s an apple icon. (Like Newton, not like Steve Jobs.) Once you click it, you are in simulation mode. You can select objects and make them fixed or movable. You can change the material of each part, too, which varies its friction, density, and mass. There is a play button at the bottom. Press it, and you’ll see what happens. You can also share and you have the option of making an MP4 video like the ones below.

We, of course, couldn’t resist. We started with a half-sphere and made it larger. We also rotated it so the flat side was up. We then made a copy that would become the inside of our bowl. Using the ruler tool, we shaved about 2 mm off the length and width (X and Y) of the inner sphere. We also moved it 2 mm up without changing the size.

Using the alignment tools, you can then center the inner piece in the X and Y axis. Change the inner color to a hole and group the objects. This forms a simple bowl shape. Then we moved the workplane to a random part of the inner surface of our bowl and dropped a sphere. Nothing complicated.

Continue reading “Tinkercad Gets A Move On”

Signed Distance Functions: Modeling In Math

April 12, 2023 by 13 Comments

What if instead of defining a mesh as a series of vertices and edges in a 3D space, you could describe it as a single function? The easiest function would return the signed distance to the closest point (negative meaning you were inside the object). That’s precisely what a signed distance function (SDF) is. A signed distance field (also SDF) is just a voxel grid where the SDF is sampled at each point on the grid. First, we’ll discuss SDFs in 2D and then jump to 3D.

SDFs in 2D

A signed distance function in 2D is more straightforward to reason about so we’ll cover it first. Additionally, it is helpful for font rendering in specific scenarios. [Vassilis] of [Render Diagrams] has a beautiful demo on two-dimensional SDFs that covers the basics. The naive technique for rendering is to create a grid and calculate the distance at each point in the grid. If the distance is greater than the size of the grid cell, the pixel is not colored in. Negative values mean the pixel is colored in as the center of the pixel is inside the shape. By increasing the size of the grid, you can get better approximations of the actual shape of the SDF. So, why use this over a more traditional vector approach? The advantage is that the shape is represented by a single formula calculated at many points. Most modern computers are extraordinarily good at calculating the same thing thousands of times with slightly different parameters, often using the GPU. GLyphy is an SDF-based text renderer that uses OpenGL ES2 as a shader, as discussed at Linux conf in 2014. Freetype even merged an SDF renderer written by [Anuj Verma] back in 2020. Continue reading “Signed Distance Functions: Modeling In Math”

A Miniature MNT For Every Pocket

April 11, 2023 by 35 Comments

Last time Hackaday went hands on with a product from German company MNT, it was the Reform laptop; a full size computer with a full feature set and fully open source design. Now they’re back with the same value proposition and feature set crammed into a much more adorable (and colorful!) package with the MNT Pocket Reform. If you want the big Reform’s open source philosophy in a body fit for a coat pocket, this might be the computing device for you.

To refresh your memory, MNT is a company that specializes in open source hardware and the software to support it. They are probably best known for the Reform, their first laptop. Its marquis feature is a fully open design, from the mechanical components (designed with OSS tools) to the PCBAs (designed with KiCad) to the software (designed with, uh, software). When originally shipped that product packed a DIMM-style System On Module (SOM) with a default configuration containing a quad core NXP i.MX8M Quad and 4GB of RAM, as well as mini PCIe Card and M key m.2 2280 slots on the motherboard for storage and connectivity. That computer was designed to be easily serviceable and included a plethora of full sized ports along with easy to source cylindrical battery cells. The Pocket Reform takes the same intent and channels it into a much smaller package.

Continue reading “A Miniature MNT For Every Pocket”

The Real John Wick-Style Bullet Proof Suit

April 10, 2023 by 55 Comments

If you’ve seen the John Wick movies, you’ve probably had to suspend your disbelief about many things, but the bulletproof suits are perhaps the hardest thing to swallow. They look like stylish suits but are impervious to just about anything at any range. What’s more is when you are hit, they seem to absorb all impact with no effect on the wearer at all.

You can keep running, firing, or karate kicking while the suit takes all of the bullets. You can even pull your jacket up over your face if you want to protect that million-dollar smile. Physics, of course, tells us that a suit like this is pretty much impossible. Except that they actually exist. Granted, the real-life suits don’t have the magic physics-defying powers of Mr. Wick’s suit, but if you have the cash, you can get a smart-looking suit that protects you from getting killed by a bullet.

Real Life, Part I

In the movies, the suits supposedly have Kevlar in them just like a real piece of ballistic body armor. The problem is, Kevlar is bulky. However, most of the real body armor you see — like a vest on a SWAT team operative — is made from Kevlar or similar ballistic fibers like Twaron, Goldflex, or Dyneema. They also have plates made of metal or ceramic. Continue reading “The Real John Wick-Style Bullet Proof Suit”