Hackaday Columns

4685 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast Episode 360: Cool Rubber Bands, Science-y Stuff, And The Whys Of Office Supplies

March 6, 2026 by 2 Comments
An early print of the linoleum block that Kristina started carving during the podcast. (It’s the original Cherry MX patent drawing, re-imagined for block printing.)

This week, Hackaday’s Elliot Williams and Kristina Panos met up over assorted beverages to bring you the latest news, mystery sound results show, and of course, a big bunch of hacks from the previous seven days or so.

In the news, we’ve launched a brand-new contest! Yes, the Green-Powered Challenge is underway, and we need your entry to truly make it a contest. You have until April 24th to enter, so show us what you can do with power you scrounge up from the environment around you!

On What’s That Sound, Kristina was leaning toward some kind of distant typing sounds, but [Konrad] knew it was our own Tom Nardi’s steam heat radiator pinging away.

After that, it’s on to the hacks and such, beginning with an exploration of all the gross security vulnerabilities in a cheap WiFi extender, and we take a look inside a little black and white pay television like you’d find in a Greyhound station in the 80s and 90s.

We also discuss the idea of mixing custom spray paint colors on the fly, a pen clip that never bends out of shape, and running video through a guitar effects pedal. Finally, we discuss climate engineering with disintegrating satellites, and the curse of everything device.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3 and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 360: Cool Rubber Bands, Science-y Stuff, And The Whys Of Office Supplies”

This Week In Security: Getting Back Up To Speed

March 6, 2026 by 8 Comments

Editor’s Note: Over the course of nearly 300 posts, Jonathan Bennett set a very high bar for this column, so we knew it needed to be placed in the hands of somebody who could do it justice. That’s why we’re pleased to announce that Mike Kershaw AKA [Dragorn] will be taking over This Week In Security! Mike is a security researcher with decades of experience, a frequent contributor to 2600, and perhaps best known as the creator of the Kismet wireless scanner.

He’ll be bringing the column to you regularly going forward, but given the extended period since we last checked in with the world of (in)security, we thought it would be appropriate to kick things off with a review of some of the stories you may have missed.

Hacking like it’s 2009, or 1996

Hello all!  It’s a pleasure to be here, and it already seems like a theme of the new year so far has bringing in the old bugs – what’s old is new again, and 2026 has seen several fixes to some increasingly ancient bugs.

Telnet

Reported on the OpenWall list, the GNU inetd suite brings an update to the telnet server (yes, telnet) that closes a login bug present since 2015 linked to environment variable sanitization.

Under the covers, the telnet daemon uses /bin/login to perform user authentication, but also has the ability to pass environment variables from the client to the host. One of these variables, USER, is passed directly to login — unfortunately this time with no checking to see what it contains. By simply passing a USER variable of “-froot”, login would accept the “-f” argument, or “treat this user as already logged in”. Instant root!

If this sounds vaguely familiar, it might be because the exact same bug was found in the Solaris telnetd service in 2007, including using the “-f” argument in the USER variable. An extremely similar bug targeting other variables (LD_PRELOAD) was found in the FreeBSD telnetd service in 2009, and other historical similar bugs have afflicted AIX and other Unix systems in the past.

Of course, nobody in 2026 should be running a telnet service, especially not exposed to the Internet, but it’s always interesting to see the old style of bugs resurface.

Glibc

Also reported on the OpenWall list, glibc — the GNU LibC library which underpins most binaries on Linux systems, providing kernel interfaces, file and network I/O, string manipulation, and most other common functions programmers expect — has killed another historical bug, present since 1996 in the DNS resolver functions which could be used to expose some locations in the stack.

Although not exploitable directly, the getnetbyaddr resolution functions could still ease in breaking ASLR, making other exploits viable.

Address Space Layout Randomization (ASLR) is a common method of randomizing where in memory a process and its data are loaded, making trivial exploits like buffer overflows much harder to execute. Being able to expose the location of the binary in memory by leaking stack locations weakens this mechanism, possibly exposing a vulnerable program to more traditional attacks.

MSHTML

In February, Microsoft released fixes under CVE-2026-21513 for the MSHTML Trident renderer – the one used in Internet Explorer 5. Apparently still present in Windows, and somehow still accessible through specific shortcut links, it’s the IE5 and Active-X gift that keeps giving, being actively exploited.

Continue reading “This Week In Security: Getting Back Up To Speed”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Beginner’s Guide To Split Keyboards

March 5, 2026 by 10 Comments

Curious about split keyboards, but overwhelmed by the myriad options for every little thing? You should start with [thehaikuza]’s excellent Beginner’s Guide to Split Keyboards.

Three different split keyboards.
Image by [thehaikuza] via reddit
Your education begins with the why, so you can skip that if you must, but the visuals are a nice refresher on that front.

He then gets into the types of keyboards — you got your standard row-staggered rectangles that we all grew up on, column-staggered, and straight-up ortholinear, which no longer enjoy the popularity they once did.

At this point, the guide becomes a bit of a Choose Your Own Adventure story. If you want a split but don’t want to learn to change much if at all about your typing style, keep reading, because there are definitely options.

But if you’re ready to commit to typing correctly for the sake of ergonomics, you can skip the Alice and other baby ergo choices and get your membership to the light side. First are features — you must decide what you need to get various jobs done. Then you learn a bit about key map customization, including using a non-QWERTY layout. Finally, there’s the question of buying versus DIYing. All the choices are yours, so go for it!

Via reddit

Continue reading “Keebin’ With Kristina: The One With The Beginner’s Guide To Split Keyboards”

SpyTech: The Underwater Wire Tap

March 5, 2026 by 17 Comments

In the 1970s, the USSR had an undersea cable connecting a major naval base at Petropavlovsk to the Pacific Fleet headquarters at Vladivostok. The cable traversed the Sea of Okhotsk, which, at the time, the USSR claimed. It was off limits to foreign vessels, heavily patrolled, and laced with detection devices. How much more secure could it be? Against the US Navy, apparently not very secure at all. For about a decade starting in 1972, the Navy delivered tapes of all the traffic on the cable to the NSA.

Top Secret

You need a few things to make this a success. First, you need a stealthy submarine. The Navy had the USS Halibut, which has a strange history. You also need some sort of undetectable listening device that can operate on the ocean floor. You also need a crew that is sworn to secrecy.

That last part was hard to manage. It takes a lot of people to mount a secret operation to the other side of the globe, so they came up with a cover story: officially, the Halibut was in Okhotsk to recover parts of a Soviet weapon for analysis. Only a few people knew the real mission. The whole operation was known as Operation Ivy Bells.

The Halibut

The Halibut is possibly the strangest submarine ever. It started life destined to be a diesel sub. However, before it launched in 1959, it had been converted to nuclear power. In fact, the sub was the first designed to launch guided missiles and was the first sub to successfully launch a guided missile, although it had to surface to launch.

Oddly enough, the sub carried nuclear cruise missiles and its specific target, should the world go to a nuclear war, was the Soviet naval base at Petropavolvsk.

Continue reading “SpyTech: The Underwater Wire Tap”

FLOSS Weekly Episode 865: Multiplayer Firewall

March 4, 2026 by 1 Comment

This week Jonathan chats with Philippe Humeau about Crowdsec! That company created a Web Application Firewall as on Open Source project, and now runs it as a Multiplayer Firewall. What does that mean, and how has it worked out as a business concept? Watch to find out!

Continue reading “FLOSS Weekly Episode 865: Multiplayer Firewall”

Linux Fu: The USB WiFi Dongle Exercise

March 4, 2026 by 18 Comments
The TX50U isn’t very Linux-friendly

If you’ve used Linux for a long time, you know that we are spoiled these days. Getting a new piece of hardware back in the day was often a horrible affair, requiring custom kernels and lots of work. Today, it should be easier. The default drivers on most distros cover a lot of ground, kernel modules make adding drivers easier, and dkms can automate the building of modules for specific kernels, even if it isn’t perfect.

So ordering a cheap WiFi dongle to improve your old laptop’s network connection should be easy, right? Obviously, the answer is no or this would be a very short post.

Plug and Pray

The USB dongle in question is a newish TP-Link Archer TX50U. It is probably perfectly serviceable for a Windows computer, and I got a “deal” on it. Plugging it in caused it to show up in the list of USB devices, but no driver attached to it, nor were any lights on the device blinking. Bad sign. Pro tip: lsusb -t will show you what drivers are attached to which devices. If you see a device with no driver, you know you have a problem. Use -tv if you want a little more detail.

The lsusb output shows the devices as a Realtek, so that tells you a little about the chipset inside. Unfortunately, it doesn’t tell you exactly which chip is in use.

Continue reading “Linux Fu: The USB WiFi Dongle Exercise”

Get Your Green Power On!

March 3, 2026 by 7 Comments

Nobody likes power cords, and batteries always need recharging or replacing. What if your device could run on only the power it could gather together by itself from the world around it? It would be almost like free energy, although without breaking the laws of physics.

Hackaday’s 2026 Green-Powered Challenge asks you to show us your devices, contraptions, and hacks that can run on the power they can harvest. Whether it’s heat, light, vibration, or any other source of energy that your device gathers to keep running, we’d like to see it.

The top three entries will receive $150 shopping sprees courtesy of the contest’s sponsor, DigiKey, so get your entry in before April 24, 2026, to be eligible to win.

Honorable Mentions

As always, we have several honorable mention categories to get your creative juices flowing:

  • Solar: In terms of self-powered anything, photovoltaic cells are probably the easiest way to go, but yet good light-harvesting designs aren’t exactly trivial either. Let’s see what you can run on just the sun. (Or even room lighting?)
  • Anything But PV: Harnessing the light is too easy for you, then? How about piezo-electric power or a heat generator? Show us your best self-powering projects that work even when it’s dark out.
  • Least Power: Maybe the smartest way to make your project run forever is to just cut down on the juice. If your project can run on its own primarily because of clever energy savings, it’s eligible for this mention.
  • Most Power: How much of a challenge is building a solar-powered desk calculator in 2026? How about pushing it to the other extreme? Let’s see how much power you can consume while still running without batteries or cords. Does your off-grid shack count here? Let’s see it!

Prior Art

We’ve seen a lot of green-powered projects on Hackaday over the years, ranging from a solar-powered web server to a microcontroller powered by a BPW34 photodiode. Will your entry run off the juice harvested by an LED? It’s not inconceivable!

Solar cells only work when the sun shines, though. As long as your body is putting out heat, this Seebeck-effect ring will keep on running. (Matrix vibes notwithstanding!) Or maybe you want to go straight from heat to motion with a Stirling engine. And our favorite environmental-energy-harvester of all has to be the Beverly Clock and its relatives, running on the daily heat cycles and atmospheric pressure changes.

Your Turn

So what’s your energy-harvesting project? Batteries are too easy. Take it to the next level! All you have to do to enter is put your project up on Hackaday.io, pull down the “Submit Project to…” widget on the right, and you’re in. It’s that easy, and we can’t wait to see what you are all up to.

And of course, stay tuned to Hackaday, as we pick from our favorites along the way.