Slider

4830 Articles

Hackaday Links Column Banner

Hackaday Links: September 24, 2023

September 24, 2023 by 3 Comments

Modern video games are almost always written on the backs of a game engine platform, and the two most popular are definitely Unreal Engine and Unity. Some bean counter at Unity decided they essentially wanted a bigger piece of the pie and rolled out new terms of use that would have game development houses paying per Unity install. This was a horrible blow to small indie game development houses, where the fees would end up eating up something like 15% of revenue in an industry that’s already squeezed between the Apple Store and Steam. It caused an absolutely gigantic uproar in the game dev community, and now Unity is walking it back.

We noticed the change first because tons of “migrate from Unity to Godot” tutorials popped up in our YouTube stream. Godot is a free and open-source game engine, and while we’re no game devs, it looks to be at about the level of Blender five years ago – not quite as easy to use or polished as its closed-source equivalents, but just about poised to make the transition to full usability. While we’re sure Unreal Engine is happy enough to see Unity kick some more business their way, we’re crossing our fingers for the open-source underdog.

Amazon’s Kindle Direct Publishing allows independent authors to self-publish. And it’s apparently been awash in prose written by large language models. While it was fun for a while to look through self-published books for the shibboleth phrase “As an AI language model,” Amazon caught on pretty quickly. Of course, that only gets the lowest-hanging fruit. Books like the AI-written guidebook to mushrooms that recommends eating the Death Cap still manage to sneak through, as we mentioned two weeks ago.

Amazon’s solution? Limiting self-published books to three per day. I wrote a book once, and it took me the better part of a year, and Amazon is letting through three per day. If this limit is going to help limit the size of the problem, then we vastly underestimate the problem.

And it’s good news, bad news from space. The good news is that NASA’s OSIRIS-REx mission to return a sample from the asteroid Bennu successfully landed just a few hours ago. As we write this, they’ve sent a team driving around the Utah desert to pick up the capsule. The effort reminds us of retrieving high-altitude balloon capsules after a flight: you know roughly where it is, but you still have to get out there to fetch it.  Only NASA has a helicopter to go out looking for the capsule and a lot more science to do before they can throw it in the back of their car.

On the bad news side, India’s Vikram and Pragyan lunar lander/rover pair wasn’t really expected to make it through the long lunar night and had successfully executed all of its planned mission goals before going into deep sleep mode two weeks ago. But you’ve got to try to wake it up anyway, right? Well, the sun came up on Vikram on Friday, and the Indian space agency tweeted a stoic, “Efforts have been made to establish communication with the Vikram lander and Pragyan rover to ascertain their wake-up condition. As of now, no signals have been received from them. Efforts to establish contact will continue.” We’ve still got our fingers crossed, but at this point it would just be extra icing on the cake.

Confluence Of Nerdery

September 23, 2023 by 10 Comments

You might find yourself, dear Hackaday reader, attracted to some pretty strange corners of the tech world. Who knows when that knowledge of stenography, ancient retrocomputing, and floppy disk internals will all combine to get someone falsely accused out of jail? Go read this story and come on back, but the short version is that [Bloop Museum] helped recover some 40+ year old court evidence off of some floppies to right an old wrong.

If you looked at the combination of extremely geeky topics, you’d say it’s unlikely to find anyone well versed in any one of them, and you’d say that the chances of anyone knowing enough in each these fringe domains to be helpful is exceedingly low. But I’m absolutely sure that the folks at [Bloop Museum] had some more to throw into the mix if they were called for. Or better yet, they might know exactly the right geeks to call in.

And that’s the other heartwarming part of the story. When [Bloop Museum] didn’t know everything about old stenography formats, they knew the right people to reach out to – the Plover open stenography project. Who is going to know more? Nobody! Together, the nerd community is an unstoppable resource.

So remember, when you’re hanging out with your geek friends, to keep a running catalog of everyone’s interests. Because you never know when you’re going to need an expert in re-gilding frames, or relocating bee hives, or restoring 1930’s radio sets. Or decoding obscure data formats to get someone out of jail.

Hackaday Halloween

We’re running the 2023 Halloween Hackfest and it’s your chance to document your Halloween projects, and win fame, fortune, or at least one of three $150 DigiKey gift certificates, plus some Arduino schwag courtesy of the contest’s sponsors! You’ve got until the end of October, so get on it!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 237: Dancing Raisins, Coding On Apples, And A Salad Spinner Mouse

September 22, 2023 by 7 Comments

This week, Editor-in-Chief Elliot Williams and Kristina Panos gathered over the Internet and a couple cups of coffee to bring you the best hacks of the previous week. Well, the ones we liked best, anyhow.

First up in the news, we’ve got a brand-spankin’ new Halloween Hackfest contest running now until 9AM PDT on October 31st! Arduino are joining the fun this year and are offering some spooky treats in addition to the $150 DigiKey gift cards for the top three entrants.

It’s a What’s That Sound Results Show this week, and although Kristina actually got into the neighborhood of this one, she alas did not figure out that it was an MRI machine (even though she spent a week in an MRI one day).

Then it’s on to the hacks, which had a bit of a gastronomical bent this week. We wondered why normies don’t want to code on their Macs, both now and historically. We also examined the majesty of dancing raisins, and appreciated the intuitiveness of a salad spinner-based game controller.

From there we take a look at nitinol and its fun properties, admire some large, beautiful Nixie tubes, and contemplate a paper punching machine that spits out nonsensical binary. Finally we talk about rocker bogie suspensions and the ponder the death of cursive.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 237: Dancing Raisins, Coding On Apples, And A Salad Spinner Mouse”

This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina

September 22, 2023 by 15 Comments

Last week we covered the latest 0-day from NSO group, BLASTPASS. There’s more details about exactly how that works, and a bit of a worrying revelation for Android users. One of the vulnerabilities used was CVE-2023-41064, a buffer overflow in the ImageIO library. The details have not been confirmed, but the timing suggests that this is the same bug as CVE-2023-4863, a Webp 0-day flaw in Chrome that is known to be exploited in the wild.

The problem seems to be an Out Of Bounds write in the BuildHuffmanTable() function of libwebp. And to understand that, we have to understand libwebp does, and what a Huffman Table has to do with it. The first is easy. Webp is Google’s pet image format, potentially replacing JPEG, PNG, and GIF. It supports lossy and lossless compression, and the compression format for lossless images uses Huffman coding among other techniques. And hence, we have a Huffman table, a building block in the image compression and decompression.

What’s particularly fun about this compression technique is that the image includes not just Huffman compressed data, but also a table of statistical data needed for decompression. The table is rather large, so it gets Huffman compressed too. It turns out, there can be multiple layers of this compression format, which makes the vulnerability particularly challenging to reverse-engineer. The vulnerability is when the pre-allocated buffer isn’t big enough to hold one of these decompressed Huffman tables, and it turns out that the way to do that is to make maximum-size tables for the outer layers, and then malform the last one. In this configuration, it can write out of bounds before the final consistency check.

An interesting note is that as one of Google’s C libraries, this is an extensively fuzzed codebase. While fuzzing and code coverage are both great, neither is guaranteed to find vulnerabilities, particularly well hidden ones like this one. And on that note, this vulnerability is present in Android, and the fix is likely going to wait til the October security update. And who knows where else this bug is lurking. Continue reading “This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Busy Box Macro Pad

September 21, 2023 by 7 Comments

Well, I must admit that Google Translate completely failed me here, and thus I have no real idea what the trick is to this beautiful, stunning transparent split keyboard by [illness072]. Allegedly, the older tweets (exes?) hold the key to this magic, but again, Google Translate.

Based on top picture, I assume that the answer lies in something like thin white PCB fingers bent to accommodate the row stagger and hiding cleverly behind the keys.

Anyone who can read what I assume is Japanese, please advise what is going on in the comments below.

Continue reading “Keebin’ With Kristina: The One With The Busy Box Macro Pad”

Books You Should Read: David Macaulay’s Architecture Series

September 21, 2023 by 33 Comments

For a lot of us, there’s a bright line separating the books we enjoyed as children from the “real” books of our more mature years. We all eventually age out of the thin, brightly illustrated picture books we enjoyed in our youth, replacing them with thicker, wordier volumes with fewer and fewer illustrations, until they become so dense with information that footnotes and appendices are needed to convey all the information, and a well-written index is a vital necessity to make use of any of it.

Such books seem like a lot less fun than kids’ books, and they probably are, but most of us adjust to the change and accept the fact that the children’s section of the library doesn’t hold much that’ll interest us anymore. But not all the books that get a “JUV” label on their spines are created equal. Some are far more than picture books, even if the pictures are the main attraction. The books of British-born American author David Macaulay come to mind, particularly the books comprising his Architecture Series.

Macaulay’s books were enormously influential in developing my engineering sensibilities, and are still a pleasure to thumb through these many years later. I still learn something about the history of construction and engineering when I pull one of these books off the shelf, which makes them Books You Should Read.

Continue reading “Books You Should Read: David Macaulay’s Architecture Series”

Button, Button, Who’s Got The (Pico) Button?

September 20, 2023 by 26 Comments

There is an episode of Ren and Stimpy with a big red “history eraser’ button that must not be pressed. Of course, who can resist the temptation of pressing the unpressable button? The same goes for development boards. If there is a button on there, you want to read it in your code, right? The Raspberry Pi Pico is a bit strange in that regard. The standard one lacks a reset button, but there is a big tantalizing button to reset in bootloader mode. You only use it when you power up, so why not read it in your code? Why not, indeed?

Turns out, that button isn’t what you think it is. It isn’t connected to a normal CPU pin at all. Instead, it connects to the flash memory chip. So does that mean you can’t read it at all? Not exactly. There’s good news, and then there’s bad news.

The Good News

The official Raspberry Pi examples show how to read the button (you have read all the examples, right?). You can convert the flash’s chip-select into an input temporarily and try to figure out if the pin is low, meaning that the button is pushed. Sounds easy, right?

Continue reading “Button, Button, Who’s Got The (Pico) Button?”