Ask Hackaday: What’s Linux Anyway?

July 21, 2023 by Al Williams 55 Comments

Any time we mention Linux, it is a fair bet we will get a few comments from people unhappy that we didn’t refer to it as GNU/Linux or with some other appellation. To be fair, they aren’t wrong. Linux is a kernel. Much of what we think of as a Linux desktop OS is really from other sources, including, but not limited to, GNU. We thought about this after reading a report from [The Register] that Linux has nearly half of the desktop OS Linux market. Wait, what?

If you are like us, you probably think that’s a typo. It isn’t. But the more you think about it, the less sense it makes. You know that half of the world’s desktops don’t run Linux. But maybe they mean Unix? Nope. So how can Linux have almost half of the Linux market? That’s like saying nearly half of Hackaday readers read Hackaday, right?

Continue reading “Ask Hackaday: What’s Linux Anyway?” →

Hackaday Podcast 228: Bats, Eggs, Lasers, Duck Tape, And Assembly Language

July 21, 2023 by Dan Maloney 1 Comment

Summer’s in full swing, and this week both Elliot and Dan had to sweat things out to get the podcast recorded. But the hacks were cool — see what I did there? — and provided much-needed relief. Join us as we listen in on the world of bats, look at a laser fit for a hackerspace, and learn how to make an array of magnets greater than — or less than — the sum of its parts. There’ll be flying eggs, keyboards connected to cell phones, and everything good about 80s and 90s cable TV, as well as some of the bad stuff. And you won’t want to miss Elliot putting Dan to shame with the super-size Quick Hacks, either, nor should you skip the Can’t Miss sweep with a pair of great articles by Al Williams.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download a long series of ones and zeroes that, when appropriately interpreted, sound like two people talking about nerdy stuff!

Continue reading “Hackaday Podcast 228: Bats, Eggs, Lasers, Duck Tape, And Assembly Language” →

This Week In Security: Dating App, WooCommerce, And OpenSSH

July 21, 2023 by Jonathan Bennett 4 Comments

Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort of database this was, or how exactly it was accessed. But the result is 2.3 million exposed records, containing email address, photos — sometimes explicit, and more. Apparently also exposed were server backups and logs.

The good news here is that once [Jeremiah Fowler] discovered the database door unlocked and hanging open, he made a disclosure, and the database was secured. We can only hope that it wasn’t discovered by any bad actors in the meantime. The app has now disappeared from the Google Play store, and had just a bit of a sketchy air about it.

WooCommerce Under Siege

Back in March, CVE-2023-28121 was fixed in the WooCommerce plugin for WordPress. The issue here is an authentication bypass that allows an unauthenticated user to commandeer other user accounts.

Within a few months, working exploits had been derived from the details of the patch plugging the hole. It wasn’t hard. A function for determining the current user was explicitly trusting the contents of the X-WCPAY-PLATFORM-CHECKOUT-USER request header. Set that value in a request sent to the server, and ding, you’re administrator.

And now the cows are coming home to roost. Active exploitation started in earnest on July 14, and the folks at Wordfence clocked a staggering 1.3 million exploitation attempts on the 16th. What’s particularly interesting is that the Wordfence data gathering system saw a huge increase in requests for the readme.txt file that indicates the presence of the WooCommerce plugin on a WordPress site. These requests were observed before the attacks got started, making for an interesting early warning system. Continue reading “This Week In Security: Dating App, WooCommerce, And OpenSSH” →

PCIe For Hackers: An M.2 Card Journey

July 20, 2023 by Arya Voronova 22 Comments

I’ve designed a few M.2 adapters for my own and my friends’ use, and having found those designs online, people have asked me for custom-made adapters. One of these requests is quite specific – an adapter that adds one more PCIe link to an E-key M.2 slot, the kind of slot you will see used in laptops for WiFi cards.

See, the M.2 specification allows two separate PCIe links connected to the E-key slot; however, no WiFi cards use this apart from some really old WiGig-capable ones, and manufacturers have long given up on connecting a second link. Nevertheless, there are some cards like the Google Coral M.2 E-key dual AI accelerator and the recently announced uSDR, that do indeed require the second link – otherwise, only half of their capacity is available.

It’s not clear why both Google and WaveletSDR designed for a dual-link E-key socket, since those are a rare occurrence; for the Google card, there are plenty of people complaining that the board they bought just doesn’t fully work. In theory, all you need to do to help such a situation, is getting a second PCIe link from somewhere, then wiring it up to the socket – and a perfect way to do it is to get a PCIe switch chip. You will lose out on some bandwidth because the uplink PCIe connection of the switch can only go so fast; for things like this AI accelerator, it’s not much of a problem since the main point is to get the second device accessible. For the aforementioned SDR, it might turn out useless, or you might win some but lose some – can’t know until you try! Continue reading “PCIe For Hackers: An M.2 Card Journey” →

Hackaday Prize 2023: Meet The Assistive Tech Finalists

July 19, 2023 by Tom Nardi 8 Comments

If you’re still toiling away at your entry for the Gearing Up Challenge of the 2023 Hackaday Prize, don’t panic! No, you haven’t lost track of time — due to some technical difficulties we had to delay the final judging for the Assistive Tech Challenge that ended May 30th.

Today we’re pleased to announce that all the votes are in, and we’re ready to unveil the ten projects that our panel of judges felt best captured the spirit of this very important challenge. Each of these projects will take home $500 and move on to the final round of judging. There are few more noble pursuits than using your talents to help improve the lives of others, so although we could only pick ten finalists, we’d like to say a special thanks to everyone who entered this round.

Continue reading “Hackaday Prize 2023: Meet The Assistive Tech Finalists” →

Smart Assistants Need To Get Smarter

July 19, 2023 by Lewin Day 81 Comments

Science fiction has regularly portrayed smart computer assistants in a fanciful way. HAL from 2001: A Space Odyssey and J.A.R.V.I.S. from the contemporary Iron Man films are both great examples. They’re erudite, wise, and capable of doing just about any reasonable task that is asked of them, short of opening the pod bay doors.

Cut back to reality, and you’ll only be disappointed at how useless most voice assistants are. It’s been twelve long years since Siri burst onto the scene, with Alexa and Google Assistant following years later. Despite years on the market, their capabilities remain limited and uninspiring. It’s time for voice assistants to level up.

Continue reading “Smart Assistants Need To Get Smarter” →

Crab Shells Massively Improve Zinc-Ion Batteries

July 18, 2023 by Lewin Day 32 Comments

In the fast-moving world of battery research, scientists are constantly on the lookout for innovative materials with the right properties to help improve energy storage. Meanwhile, batteries are in greater demand than ever as production of EVs and renewable energy projects ramp up to new heights.

In the hunt for new and better battery materials, scientists found an unexpected hero: crab shells.Researchers at the University of Maryland have uncovered a remarkable breakthrough by exploring their use in battery production.

Continue reading “Crab Shells Massively Improve Zinc-Ion Batteries” →