Slider

4786 Articles

Hackaday Podcast Episode 330: Hover Turtles, Dull Designs, And K’nex Computers

July 25, 2025 by 1 Comment

What did you miss on Hackaday last week? Hackaday’s Elliot Williams and Al Williams are ready to catch you up on this week’s podcast. First, though, the guys go off on vibe coding and talk about a daring space repair around Jupiter.

Then it is off to the hacks, including paste extruding egg shells, bespoke multimeters, and an 8-bit mechanical computer made from a construction toy set.

For can’t miss articles, you’ll hear about boring industrial design in modern cell phones and a deep dive into how fresh fruit makes it to your table in the middle of the winter.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

The DRM-free MP3 was stored in a public refrigerated warehouse to ensure freshness. Why not download it and add it to your collection?

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 330: Hover Turtles, Dull Designs, And K’nex Computers”

This Week In Security: Sharepoint, Initramfs, And More

July 25, 2025 by 12 Comments

There was a disturbance in the enterprise security world, and it started with a Pwn2Own Berlin. [Khoa Dinh] and the team at Viettel Cyber Security discovered a pair of vulnerabilities in Microsoft’s SharePoint. They were demonstrated at the Berlin competition in May, and patched by Microsoft in this month’s Patch Tuesday.

This original exploit chain is interesting in itself. It’s inside the SharePoint endpoint, /_layouts/15/ToolPane.aspx. The code backing this endpoint has a complex authentication and validation check. Namely, if the incoming request isn’t authenticated, the code checks for a flag, which is set true when the referrer header points to a sign-out page, which can be set arbitrarily by the requester. The DisplayMode value needs set to Edit, but that’s accessible via a simple URL parameter. The pagePath value, based on the URL used in the call, needs to start with /_layouts/ and end with /ToolPane.aspx. That particular check seems like a slam dunk, given that we’re working with the ToolPane.aspx endpoint. But to bypass the DisplayMode check, we added a parameter to the end of the URL, and hilariously, the pagePath string includes those parameters. The simple work-around is to append another parameter, foo=/ToolPane.aspx.

Putting it together, this means a POST of /_layouts/15/ToolPane.aspx?DisplayMode=Edit&foo=/ToolPane.aspx with the Referrer header set to /_layouts/SignOut.aspx. This approach bypasses authentication, and allows a form parameter MSOTlPn_DWP to be specified. These must be a valid file on the target’s filesystem, in the _controltemplates/ directory, ending with .iscx. But it grants access to all of the internal controls on the SafeControls list.

There’s an entire second half to [Khoa Dinh]’s write-up, detailing the discovery of a deserialization bug in one of those endpoints, that also uses a clever type-confusion sort of attack. The end result was remote code execution on the SharePoint target, with a single, rather simple request. Microsoft rolled out patches to fix the exploit chain. The problem is that Microsoft often opts to fix vulnerabilities with minimal code changes, often failing to fix the underlying code flaws. This apparently happened in this case, as the authentication bypass fix could be defeated simply by adding yet another parameter to the URL.

These bypasses were found in the wild on July 19th, and Microsoft quickly confirmed. The next day, the 20th, Microsoft issued an emergency patch to address the bypasses. The live exploitation appears to be coming from a set of Chinese threat actors, with a post-exploitation emphasis on stealing data and maintaining access. There seem to be more than 400 compromised systems worldwide, with some of those being rather high profile.

Continue reading “This Week In Security: Sharepoint, Initramfs, And More”

Supersonic Flight May Finally Return To US Skies

July 24, 2025 by 51 Comments

After World War II, as early supersonic military aircraft were pushing the boundaries of flight, it seemed like a foregone conclusion that commercial aircraft would eventually fly faster than sound as the technology became better understood and more affordable. Indeed, by the 1960s the United States, Britain, France, and the Soviet Union all had plans to develop commercial transport aircraft capable flight beyond Mach 1 in various stages of development.

Concorde on its final flight

Yet today, the few examples of supersonic transport (SST) planes that actually ended up being built are in museums, and flight above Mach 1 is essentially the sole domain of the military. There’s an argument to be made that it’s one of the few areas of technological advancement where the state-of-the-art not only stopped moving forward, but actually slid backwards.

But that might finally be changing, at least in the United States. Both NASA and the private sector have been working towards a new generation of supersonic aircraft that address the key issues that plagued their predecessors, and a recent push by the White House aims to undo the regulatory roadblocks that have been on the books for more than fifty years.

Continue reading “Supersonic Flight May Finally Return To US Skies”

The Death Of Industrial Design And The Era Of Dull Electronics

July 23, 2025 by 189 Comments

It’s often said that what’s inside matters more than one’s looks, but it’s hard to argue that a product’s looks and its physical user experience are what makes it instantly recognizable. When you think of something like a Walkman, an iPod music player, a desktop computer, a car or a TV, the first thing that comes to mind is the way  that it looks along with its user interface. This is the domain of industrial design, where circuit boards, mechanisms, displays and buttons are put into a shell that ultimately defines what users see and experience.

Thus industrial design is perhaps the most important aspect of product development as far as the user is concerned, right along with the feature list. It’s also no secret that marketing departments love to lean into the styling and ergonomics of a product. In light of this it is very disconcerting that the past years industrial design for consumer electronics in particular seems to have wilted and is now practically on the verge of death.

Devices like cellphones and TVs are now mostly flat plastic-and-glass rectangles with no distinguishing features. Laptops and PCs are identified either by being flat, small, having RGB lighting, or a combination of these. At the same time buttons and other physical user interface elements are vanishing along with prominent styling, leaving us in a world of basic geometric shapes and flat, evenly colored surfaces. Exactly how did we get to this point, and what does this mean for our own hardware projects?

Continue reading “The Death Of Industrial Design And The Era Of Dull Electronics”

The Epochalypse: It’s Y2K, But 38 Years Later

July 22, 2025 by 44 Comments

Picture this: it’s January 19th, 2038, at exactly 03:14:07 UTC. Somewhere in a data center, a Unix system quietly ticks over its internal clock counter one more time. But instead of moving forward to 03:14:08, something strange happens. The system suddenly thinks it’s December 13th, 1901. Chaos ensues.

Welcome to the Year 2038 problem. It goes by a number of other fun names—the Unix Millennium Bug, the Epochalypse, or Y2K38. It’s another example of a fundamental computing limit that requires major human intervention to fix. 

Continue reading “The Epochalypse: It’s Y2K, But 38 Years Later”

Power Grid Stability: From Generators To Reactive Power

July 22, 2025 by 41 Comments

It hasn’t been that long since humans figured out how to create power grids that integrated multiple generators and consumers. Ever since AC won the battle of the currents, grid operators have had to deal with the issues that come with using AC instead of the far less complex DC. Instead of simply targeting a constant voltage, generators have to synchronize with the frequency of the alternating current as it cycles between positive and negative current many times per second.

Complicating matters further, the transmission lines between generators and consumers, along with any kind of transmission equipment on the lines, add their own inductive, capacitive, and resistive properties to the system before the effects of consumers are even tallied up. The result of this are phase shifts between voltage and current that have to be managed by controlling the reactive power, lest frequency oscillations and voltage swings result in a complete grid blackout.

Continue reading “Power Grid Stability: From Generators To Reactive Power”

Fixing Human Sleep With Air Under Pressure

July 21, 2025 by 68 Comments

By and large, the human body is designed to breathe from birth, and keep breathing continuously until death. Indeed, if breathing stops, lifespan trends relatively rapidly towards zero. There’s a whole chunk of the brain and nervous system dedicated towards ensuring oxygen keeps flowing in and carbon dioxide keeps flowing out.

Unfortunately, the best laid plans of our body often go awry. Obstructive sleep apnea is a condition in which a person’s airways become blocked by the movement of soft tissues in the throat, preventing the individual from breathing. It’s a mechanical problem that also has a mechanical solution—the CPAP machine.

Continue reading “Fixing Human Sleep With Air Under Pressure”