Slider

4786 Articles

This Week In Security: Spilling Tea, Rooting AIs, And Accusing Of Backdoors

August 1, 2025 by 4 Comments

The Tea app has had a rough week. It’s not an unfamiliar story: Unsecured Firebase databases were left exposed to the Internet without any authentication. What makes this story particularly troubling is the nature of the app, and the resulting data that was spilled.

Tea is a “dating safety” application strictly for women. To enforce this, creating an account requires an ID verification process where prospective users share their government issued photo IDs with the platform. And that brings us to the first Firebase leak. 59 GB of photo IDs and other photos for a large subset of users. This was not the only problem.

There was a second database discovered, and this one contains private messages between users. As one might imagine, given the topic matter of the app, many of these DMs contain sensitive details. This may not have been an unsecured Firebase database, but a separate problem where any API key could access any DM from any user.

This is the sort of security failing that is difficult for a company to recover from. And while it should be a lesson to users, not to trust their sensitive messages to closed-source apps with questionable security guarantees, history suggests that few will learn the lesson, and we’ll be covering yet another train-wreck of similar magnitude in another few months.

Continue reading “This Week In Security: Spilling Tea, Rooting AIs, And Accusing Of Backdoors”

When Online Safety Means Surrendering Your ID, What Can You Do?

July 31, 2025 by 108 Comments

A universal feature of traveling Europe as a Hackaday scribe is that when you sit in a hackerspace in another country and proclaim how nice a place it all is, the denizens will respond pessimistically with how dreadful their country really is. My stock response is to say “Hold my beer” and recount the antics of British politicians, but the truth is, the grass is always greener on the other side.

There’s one thing here in dear old Blighty that has me especially concerned at the moment though, and perhaps it’s time to talk about it here. The Online Safety Act has just come into force and is the UK government’s attempt to deal with what they perceive as the nasties on the Internet, and while some of its aspirations may be honourable, its effects are turning out to be a little chilling.

As might be expected, the Act requires providers to ensure their services are free of illegal material, and it creates some new offences surrounding sharing images without consent, and online stalking. Where the concern lies for me is in the requirement for age verification to ensure kids don’t see anything the government things they shouldn’t, which is being enforced through online ID verification. There are many reasons why this is of concern, but I’ll name the three at the top of my list.
Continue reading “When Online Safety Means Surrendering Your ID, What Can You Do?”

Hands On: The Hacker Pager

July 31, 2025 by 27 Comments

It should come as no surprise that the hacker community has embraced the Meshtastic project. It’s got a little bit of everything we hold dear: high quality open source software, fantastic documentation, a roll-your-own hardware ethos, and just a dash of counterculture. An off-grid communications network cobbled together from cheap parts, some of which being strategically hidden within the urban sprawl by rogue operators, certainly sounds like the sort of thing you’d read about it in a William Gibson novel.

But while the DIY nature of Meshtastic is one of its most endearing features for folks like us, it can also be seen as one of its weak spots. Right now, the guidance for those looking to get started is to pick a compatible microcontroller development board, 3D print a case for it, screw on an antenna from AliExpress, flash your creation with the latest firmware, and then spend some quality time with the documentation and configuration tools to actually get it on the air. No great challenge for the average Hackaday reader, but a big ask for the weekend adventurer that’s just looking for a way to keep in touch with their friends while camping.

Quality hardware that offers a turn-key experience will be critical to elevating Meshtastic from a hobbyist’s pastime to something that could actually be fielded for applications such as search and rescue. Plus, let’s be honest, even those of us who like to put together our own gadgets can appreciate a more consumer-oriented piece of hardware from time to time. Especially if that hardware happens to be open source and designed to empower the user rather than hold them back.

Enter the Hacker Pager from exploitee.rs. As the name implies, it’s still very much a device intended for hackers — a piece of hardware designed for the halls of DEF CON rather than trekking through the wilderness. But it’s also an important step towards a new generation of Meshtastic hardware that meets the high standard of quality set by the software itself.

Continue reading “Hands On: The Hacker Pager”

Farewell Shunsaku Tamiya: The Man Who Gave Us The Best Things To Build

July 31, 2025 by 36 Comments

In the formative experiences of most Hackaday readers there will almost certainly be a number of common threads, for example the ownership of a particular game console, or being inspired into engineering curiosity by the same TV shows. A home computer of a TV show may mark you as coming from a particular generation, but there are some touchstones which cross the decades.

Of those, we are guessing that few readers will not at some point have either built, owned, or lusted after a Tamiya model kit at some point over the last many decades, so it’s with some sadness that we note the passing of Mr. Tamiya himself, Shunsaku Tamiya, who has died at the age of 90.

Continue reading “Farewell Shunsaku Tamiya: The Man Who Gave Us The Best Things To Build”

Power Line Patrols: The Grid’s Eye In The Sky

July 29, 2025 by 18 Comments

Those of us who like to monitor air traffic with ADS-B aggregators such as FlightAware and ADS-B Exchange tend to see some interesting flight paths. I’m not talking about the truly ambitious pictures drawn by pilots, or even the more ribald ones, but rather flights that follow paths that seem to make little sense from either a commercial or leisure standpoint.

Most of these mystery flights have long straight stretches interrupted by occasional tight loops, and often cover great distances across rural and urban landscapes alike. A glance at the ADS-B data indicates that these flights are usually pretty close to the ground, and are often completed by helicopters. Occasionally, the registration of the aircraft will even indicate ownership by some “three-letter” federal agency.

Although mystery helicopters flying odd patterns in the sky seems like a good excuse to don a tinfoil hat and head to one’s bunker, chances are pretty good that these aircraft are engaged in a far less nefarious and far more useful endeavour: aerial transmission line patrols. These flights are key to keeping the transmission lines that form the backbone of the grid in tip-top shape, especially at a time of unprecedented growth in load and a shift in the generation profile away from fossil fuels towards renewables.

Continue reading “Power Line Patrols: The Grid’s Eye In The Sky”

Hackaday Links Column Banner

Hackaday Links: July 27, 2025

July 27, 2025 by 9 Comments

Sad breaking news late this Sunday afternoon of the passing of nerd icon Tom Lehrer at 97. Coming up through the culture, knowing at least a few of Tom’s ditties, preferably “The Elements” or “Poisoning Pigeons in the Park,” was as essential to proving one’s bona fides as committing most Monty Python bits to memory. Tom had a way with words that belied his background as a mathematician, spicing his sarcastic lyrics with unusual rhymes and topical references that captured the turbulence of the late 50s and early 60s, which is when he wrote most of his well-known stuff. First Ozzy, then Chuck Mangione, now Tom Lehrer — it’s been a rough week for musicians.

Here we go again. It looks like hams have another spectrum grab on their hands, but this time it’s the popular 70-cm band that’s in the crosshairs. Starlink wannabe AST SpaceMobile, which seeks to build a constellation of 248 ridiculously large communication satellites to offer direct-to-device service across the globe, seeks a substantial chunk of the 70-cm band, from 430 to 440 MHz, to control the satellites. This is smack in the middle of the 70-cm amateur radio band allocation here in the US, but covers the entire band for unlucky hams in Europe and the UK. The band is frequently used for repeaters, which newbie hams can easily access using a cheap hand-held radio to start learning the ropes.

Continue reading “Hackaday Links: July 27, 2025”

Personalization, Industrial Design, And Hacked Devices

July 26, 2025 by 28 Comments

[Maya Posch] wrote up an insightful, and maybe a bit controversial, piece on the state of consumer goods design: The Death Of Industrial Design And The Era Of Dull Electronics. Her basic thesis is that the “form follows function” aesthetic has gone too far, and all of the functionally equivalent devices in our life now all look exactly the same. Take the cellphone, for example. They are all slabs of screen, with a tiny bezel if any. They are non-objects, meant to disappear, instead of showcases for cool industrial design.

Of course this is an extreme example, and the comments section went wild on this one. Why? Because we all want the things we build to be beautiful and functional, and that has always been in conflict. So even if you agree with [Maya] on the suppression of designed form in consumer goods, you have to admit that it’s not universal. For instance, none of our houses look alike, even though the purpose is exactly the same. (Ironically, architecture is the source of the form follows function fetish.) Cars are somewhere in between, and maybe the cellphone is the other end of the spectrum from architecture. There is plenty of room for form and function in this world.

But consider the smartphone case – the thing you’ve got around your phone right now. In a world where people have the ultimate homogeneous device in their pocket, one for which slimness is a prime selling point, nearly everyone has added a few millimeters of thickness to theirs, aftermarket, in the form of a decorative case. It’s ironically this horrendous sameness of every cell phone that makes us want to ornament them, even if that means sacrificing on the thickness specs.

Is this the same impetus that gave us the cyberdeck movement? The custom mechanical keyboard? All kinds of sweet hacks on consumer goods? The need to make things your own and personal is pretty much universal, and maybe even a better example of what we want out of nice design: a device that speaks to you directly because it represents your work.

Granted, buying a phone case isn’t necessarily creative in the same way as hacking a phone is, but it at least lets you exercise a bit of your own design impulse. And it frees the designers from having to make a super-personal choice like this for you. How about a “nothing” design that affords easy personalized ornamentation? Has the slab smartphone solved the form-versus-function fight after all?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!