Hackaday Links: March 16, 2025

March 16, 2025 by Dan Maloney 2 Comments

“The brickings will continue until the printer sales improve!” This whole printer-bricking thing seems to be getting out of hand with the news this week that a firmware update caused certain HP printers to go into permanent paper-saver mode. The update was sent to LaserJet MFP M232-M237 models (opens printer menu; checks print queue name; “Phew!) on March 4, and was listed as covering a few “general improvements and bug fixes,” none of which seem very critical. Still, some users reported not being able to print at all after the update, with an error message suggesting printing was being blocked thanks to non-OEM toner. This sounds somewhat similar to the bricked Brother printers we reported on last week (third paragraph).

Continue reading “Hackaday Links: March 16, 2025” →

Hackaday Podcast Episode 312: Heart Attacks, The Speed Of Light, And Self-balancing

March 14, 2025 by Al Williams 5 Comments

Elliot does the podcast on the road to Supercon Europe, and Al is in the mood for math and nostalgia this week. Listen in and find out what they were reading on Hackaday this week.

The guys talked about the ESP-32 non-backdoor and battery fires. Then it was on to the hacks.

Self-balancing robots and satellite imaging were the appetizers, but soon they moved on to Kinect cameras in the modern day. Think you can’t travel at the speed of light? Turns out that maybe you already are.

Did you know there was a chatbot in 1957? Well, sort of. For the can’t miss stories: watches monitor your heart and what does the number e really mean?

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3 and stream it on the big speakers.

Continue reading “Hackaday Podcast Episode 312: Heart Attacks, The Speed Of Light, And Self-balancing” →

This Week In Security: The X DDoS, The ESP32 Basementdoor, And The CamelCase RCE

March 14, 2025 by Jonathan Bennett 9 Comments

We would be remiss if we didn’t address the X Distributed Denial of Service (DDoS) attack that’s been happening this week. It seems like everyone is is trying to make political hay out of the DDoS, but we’re going to set that aside as much as possible and talk about the technical details. Elon made an early statement that X was down due to a cyberattack, with the source IPs tracing back to “the Ukraine area”.

The latest reporting seems to conclude that this was indeed a DDoS, and a threat group named “Dark Storm” has taken credit for the attack. Dark Storm does not seem to be of Ukrainian origin or affiliation.

We’re going to try to read the tea leaves just a bit, but remember that about the only thing we know for sure is that X was unreachable for many users several times this week. This is completely consistent with the suspected DDoS attack. The quirk of modern DDoS attacks is that the IP addresses on the packets are never trustworthy.

There are two broad tactics used for large-scale DDoS attacks, sometimes used simultaneously. The first is the simple botnet. Computers, routers, servers, and cameras around the world have been infected with malware, and then remote controlled to create massive botnets. Those botnets usually come equipped with a DDoS function, allowing the botnet runner to task all the bots with sending traffic to the DDoS victim IPs. That traffic may be UDP packets with spoofed or legitimate source IPs, or it may be TCP Synchronization requests, with spoofed source IPs.

The other common approach is the reflection or amplification attack. This is where a public server can be manipulated into sending unsolicited traffic to a victim IP. It’s usually DNS, where a short message request can return a much larger response. And because DNS uses UDP, it’s trivial to convince the DNS server to send that larger response to a victim’s address, amplifying the attack.

Put these two techniques together, and you have a botnet sending spoofed requests to servers, that unintentionally send the DDoS traffic on to the target. And suddenly it’s understandable why it’s so difficult to nail down attribution for this sort of attack. It may very well be that a botnet with a heavy Ukrainian presence was involved in the attack, which at the same time doesn’t preclude Dark Storm as the originator. The tea leaves are still murky on this one.

Continue reading “This Week In Security: The X DDoS, The ESP32 Basementdoor, And The CamelCase RCE” →

Linux Fu: Use The Source (Command), Luke

March 13, 2025 by Al Williams 11 Comments

You can argue if bash is a good programming language or not, but you can’t argue that it is a programming language. However, there are a few oddities about it that make it different from most other languages you probably know. For one thing, variables are dynamically scoped. Second, you can easily change variables in an upper scope. This leads to a problem when you want to do something like reset your path:

#!/bin/bash
#: This does NOT work
PATH=/usr/bin:/bin

Well, actually, it does work; it just doesn’t work the way you imagine it might. The key is to realize that when you execute our script (say, resetpath), a new copy of bash runs. It inherits all the variables from your shell. Now the script sets PATH for the new copy of bash. Anything else you run in that script will see your change. But when the script exits, the new copy of bash is gone and the old copy sees the same old PATH it always did.

Continue reading “Linux Fu: Use The Source (Command), Luke” →

Hackaday Europe 2025: Speaker Schedule And Official Event Page

March 13, 2025 by Tom Nardi No comments

Hackaday Europe 2025 is just days away, and we’ve got the finalized speaker schedule hot off the digital press. We’re also pleased to announce that the event page is now officially live, where you can find all the vital information about the weekend’s festivities in one place.

Whether you’ll be joining the fun in Berlin, or watching the live stream from home, we’ve got a fantastic lineup of speakers this year who are eager to tell us all about the projects that have been keeping them up at night recently:

Continue reading “Hackaday Europe 2025: Speaker Schedule And Official Event Page” →

FLOSS Weekly Episode 824: Gratuitous Navel Gazing

March 12, 2025 by Jonathan Bennett 2 Comments

This week, Jonathan Bennett chats with Doc Searls about SCaLE and Personal AI! What’s the vision of an AI that consumers run themselves, what form factor might that take, and how do we get there?

Continue reading “FLOSS Weekly Episode 824: Gratuitous Navel Gazing” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Batwing Typewriter

March 11, 2025 by Kristina Panos 7 Comments

[Alex] of YouTube channel [EastMakes] wrote into tell me about his fantastic QWERTY ‘hexpansion’ board for the 2024 EMF Tildagon badge, and [Alex], I’m super glad you did. The system works!

Let’s back up a bit. Essentially, the idea is to have a badge that can be used beyond a single camp, with the creation of expansion boards being the other main attraction. Our own [Jenny List] covered the badge in detail back in June 2024 when she got her hands on one.

A pair of hands holds the 2024 EMF Tildagon badge with a QWERTY keyboard Hexpansion built by [EastMakes]. — Image by [EastMakes] via YouTube

[Alex] started by importing the Tildagon into Fusion360 and designing a way for the keyboard to attach to it physically. He then modeled the keyboard after the Blackberry types that can be found on Ali using the official EMF buttons established in earlier badges.

This QWERTY hexpansion is based on the RP2040, which is soldered around back and visible through the 3D-printed backplate. In order for the 90°-oriented board to align with the… not-90° connector, [Alex] built a little meander into the PCB.

The default OS on the Tildagon doesn’t know natively what to do with the serial messages from the keyboard, so [Alex] wrote an application that reads them in and decodes them. Be sure to check out the build and walk-through video after the break.

Continue reading “Keebin’ With Kristina: The One With The Batwing Typewriter” →