This Week In Security: IngressNightmare, NextJS, And Leaking DNA

March 28, 2025 by Jonathan Bennett 9 Comments

This week, researchers from Wiz Research released a series of vulnerabilities in the Kubernetes Ingress NGINX Controller that, when chained together, allow an unauthorized attacker to completely take over the cluster. This attack chain is known as IngressNightmare, and it affected over 6500+ Kubernetes installs on the public Internet.

The background here is that web applications running on Kubernetes need some way for outside traffic to actually get routed into the cluster. One of the popular solutions for this is the Ingress NGINX Controller. When running properly, it takes incoming web requests and routes them to the correct place in the Kubernetes pod.

When a new configuration is requested by the Kubernetes API server, the Ingress Controller takes the Kubernetes Ingress objects, which is a standard way to define Kubernetes endpoints, and converts it to an NGINX config. Part of this process is the admission controller, which runs nginx -t on that NGINX config, to test it before actually deploying.

As you might have gathered, there are problems. The first is that the admission controller is just a web endpoint without authentication. It’s usually available from anywhere inside the Kubernetes cluster, and in the worst case scenario, is accessible directly from the open Internet. That’s already not great, but the Ingress Controller also had multiple vulnerabilities allowing raw NGINX config statements to be passed through into the config to be tested. Continue reading “This Week In Security: IngressNightmare, NextJS, And Leaking DNA” →

Supercon 2024: Yes, You Can Use The Controller Area Network Outside Of Cars

March 27, 2025 by Lewin Day 21 Comments

Ah, the CAN bus. It’s become a communication standard in the automotive world, found in a huge swathe of cars built from the mid-1990s onwards. You’ll also find it in aircraft, ships, and the vast majority of modern tractors and associated farm machines, too.

As far as [Randy Glenn] is concerned, though, the CAN bus doesn’t have to be limited to these contexts. It can be useful far beyond its traditional applications with just about any hardware platform you care to use! He came down to tell us all about it at the 2024 Hackaday Supercon.

Continue reading “Supercon 2024: Yes, You Can Use The Controller Area Network Outside Of Cars” →

General Fusion Claims Success With Magnetized Target Fusion

March 27, 2025 by Maya Posch 21 Comments

It’s rarely appreciated just how much more complicated nuclear fusion is than nuclear fission. Whereas the latter involves a process that happens all around us without any human involvement, and where the main challenge is to keep the nuclear chain reaction within safe bounds, nuclear fusion means making atoms do something that goes against their very nature, outside of a star’s interior.

Fusing helium isotopes can be done on Earth fairly readily these days, but doing it in a way that’s repeatable — bombs don’t count — and in a way that makes economical sense is trickier. As covered previously, plasma stability is a problem with the popular approach of tokamak-based magnetic confinement fusion (MCF). Although this core problem has now been largely addressed, and stellarators are mostly unbothered by this particular problem, a Canadian start-up figures that they can do even better, in the form of a nuclear fusion reactors based around the principle of magnetized target fusion (MTF).

Although General Fusion’s piston-based fusion reactor has people mostly very confused, MTF is based on real physics and with GF’s current LM26 prototype having recently achieved first plasma, this seems like an excellent time to ask the question of what MTF is, and whether it can truly compete billion-dollar tokamak-based projects.

Continue reading “General Fusion Claims Success With Magnetized Target Fusion” →

FLOSS Weekly Episode 826: Fedora 42 And KDE

March 26, 2025 by Jonathan Bennett 3 Comments

This week, Jonathan Bennett chats with Neal Gompa about Fedora 42 and KDE! What’s new, what’s coming, and why is flagship status such a big deal?

Continue reading “FLOSS Weekly Episode 826: Fedora 42 And KDE” →

Supercon 2024: A New World Of Full-Color PCBs

March 26, 2025 by Lewin Day 12 Comments

Printed circuit boards were once so simple. One or two layers of copper etched on a rectangular fiberglass substrate, with a few holes drilled in key locations so components could be soldered into place. They were functional objects, nothing more—built only for the sake of the circuit itself.

Fast forward to today, and so much has changed. Boards sprout so many layers, often more than 10, and all kinds of fancy geometric features for purposes both practical and pretty. But what catches they eye more than that, other than rich, saturated color? [Joseph Long] came to the 2024 Hackaday Supercon to educate us on the new world of full color PCBs.

Continue reading “Supercon 2024: A New World Of Full-Color PCBs” →

Tech In Plain Sight: Hearing Aids

March 26, 2025 by Al Williams 38 Comments

You might think you don’t need a hearing aid, and you might be right. But in general, hearing loss eventually comes to all of us. In fact, you progressively lose hearing every year, which is why kids can have high-pitched ringtones their parents can’t hear.

You’d think hearing aids would be pretty simple, right? After all, we know how to pick up sounds, amplify them, and play them back. But there’s a lot more to it. Hearing aids need to be small, comfortable, have great battery life, and cram a microphone and speaker into a small area. That also can lead to problems with feedback, which can be very uncomfortable for the user. In addition, they need to handle very soft and loud sounds and accommodate devices like telephones.

Although early hearing aids just made sound louder and, possibly, blocked unwanted sound, modern devices will try to increase volume only in certain bands where the user has hearing loss. They may also employ sophisticated methods to block or reduce noise. Continue reading “Tech In Plain Sight: Hearing Aids” →

Supercon 2024: Killing Mosquitoes With Freaking Drones, And Sonar

March 25, 2025 by Elliot Williams 51 Comments

Suppose that you want to get rid of a whole lot of mosquitoes with a quadcopter drone by chopping them up in the rotor blades. If you had really good eyesight and pretty amazing piloting skills, you could maybe fly the drone yourself, but honestly this looks like it should be automated. [Alex Toussaint] took us on a tour of how far he has gotten toward that goal in his amazingly broad-ranging 2024 Superconference talk. (Embedded below.)

The end result is an amazing 380-element phased sonar array that allows him to detect the location of mosquitoes in mid-air, identifying them by their particular micro-doppler return signature. It’s an amazing gadget called LeSonar2, that he has open-sourced, and that doubtless has many other applications at the tweak of an algorithm.

Rolling back in time a little bit, the talk starts off with [Alex]’s thoughts about self-guiding drones in general. For obstacle avoidance, you might think of using a camera, but they can be heavy and require a lot of expensive computation. [Alex] favored ultrasonic range finding. But then an array of ultrasonic range finders could locate smaller objects and more precisely than the single ranger that you probably have in mind. This got [Alex] into beamforming and he built an early prototype, which we’ve actually covered in the past. If you’re into this sort of thing, the talk contains a very nice description of the necessary DSP.

[Alex]’s big breakthrough, though, came with shrinking down the ultrasonic receivers. The angular resolution that you can resolve with a beam-forming array is limited by the distance between the microphone elements, and traditional ultrasonic devices like we use in cars are kinda bulky. So here comes a hack: the TDK T3902 MEMS microphones work just fine up into the ultrasound range, even though they’re designed for human hearing. Combining 380 of these in a very tightly packed array, and pushing all of their parallel data into an FPGA for computation, lead to the LeSonar2. Bigger transducers put out ultrasound pulses, the FPGA does some very intense filtering and combining of the output of each microphone, and the resulting 3D range data is sent out over USB.

After a marvelous demo of the device, we get to the end-game application: finding and identifying mosquitoes in mid-air. If you don’t want to kill flies, wasps, bees, or other useful pollinators while eradicating the tiny little bloodsuckers that are the drone’s target, you need to be able to not only locate bugs, but discriminate mosquitoes from the others.

For this, he uses the micro-doppler signatures that the different wing beats of the various insects put out. Wasps have a very wide-band doppler echo – their relatively long and thin wings are moving slower at the roots than at the tips. Flies, on the other hand, have stubbier wings, and emit a tighter echo signal. The mosquito signal is even tighter.

If you told us that you could use sonar to detect mosquitoes at a distance of a few meters, much less locate them and differentiate them from their other insect brethren, we would have thought that it was impossible. But [Alex] and his team are building these devices, and you can even build one yourself if you want. So watch the talk, learn about phased arrays, and start daydreaming about what you would use something like this for.

Continue reading “Supercon 2024: Killing Mosquitoes With Freaking Drones, And Sonar” →