Hackaday Columns

4636 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Links Column Banner

Hackaday Links: April 28, 2024

April 28, 2024 by 24 Comments

Well, it’s official — AI is ruining everything. That’s not exactly news, but learning that LLMs are apparently being used to write scientific papers is a bit alarming, and Andrew Gray, a librarian at University College London, has the receipts. He looked at a cross-section of scholarly papers from 2023 in search of certain words known to show up more often in LLM-generated text, like “commendable”, “intricate”, or “meticulous”. Most of the words seem to have a generally positive tone and feel a little fancier than everyday speech; one rarely uses “lucidly” or “noteworthy” unless you’re trying to sound smart, after all. He found increases in the frequency of appearance of these and other keywords in 2023 compared to 2022, when ChatGPT wasn’t widely available.

Continue reading “Hackaday Links: April 28, 2024”

Welcome Back, Voyager

April 27, 2024 by 59 Comments

In what is probably the longest-distance tech support operation in history, the Voyager mission team succeeded in hacking their way around some defective memory and convincing their space probe to send sensor data back to earth again. And for the record, Voyager is a 46-year old system at a distance of now 24 billion kilometers, 22.5 light-hours, from the earth.

While the time delay that distance implies must have made for quite a tense couple days of waiting between sending the patch and finding out if it worked, the age of the computers onboard probably actually helped, in a strange way. Because the code is old-school machine language, one absolutely has to know all the memory addresses where each subroutine starts and ends. You don’t call a function like do_something(); but rather by loading an address in memory and jumping to it.

This means that the ground crew, in principle, knows where every instruction lives. If they also knew where all of the busted memory cells were, it would be a “simple” programming exercise to jump around the bad bits, and re-write all of the subroutine calls accordingly if larger chunks had to be moved. By “simple”, I of course mean “incredibly high stakes, and you’d better make sure you’ve got it right the first time.”

In a way, it’s a fantastic testament to simpler systems that they were able to patch their code around the memory holes. Think about trying to do this with a modern operating system that uses address space layout randomization, for instance. Of course, the purpose there is to make hacking directly on the memory harder, and that’s the opposite of what you’d want in a space probe.

Nonetheless, it’s a testament to careful work and clever software hacking that they managed to get Voyager back online. May she send for another 46 years!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 268: RF Burns, Wireless Charging Sucks, And Barnacles Grow On Flaperons

April 26, 2024 by 4 Comments
Not necessarily the easy way to program an EPROM

Elliot and Dan got together to enshrine the week’s hacks in podcast form, and to commiserate about their respective moms, each of whom recently fell victim to phishing attacks. It’s not easy being ad hoc tech support sometimes, and as Elliot says, when someone is on the phone telling you that you’ve been hacked, he’s the hacker. Moving on to the hacks, we took a look at a hacking roadmap for a cheap ham radio, felt the burn of AM broadcasts, and learned how to program old-school EPROMs on the cheap.

We talked about why having a smart TV in your house might not be so smart, especially for Windows users, and were properly shocked by just how bad wireless charging really is. Also, cheap wind turbines turn out to be terrible, barnacles might give a clue to the whereabouts of MH370, and infosec can really make use of cheap microcontrollers.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 268: RF Burns, Wireless Charging Sucks, And Barnacles Grow On Flaperons”

This Week In Security: Cisco, Mitel, And AI False Flags

April 26, 2024 by 3 Comments

There’s a trend recently, of big-name security appliances getting used in state-sponsored attacks. It looks like Cisco is the latest victim, based on a report by their own Talos Intelligence.

This particular attack has a couple of components, and abuses a couple of vulnerabilities, though the odd thing about this one is that the initial access is still unknown. The first part of the infection is Line Dancer, a memory-only element that disables the system log, leaks the system config, captures packets and more. A couple of the more devious steps are taken, like replacing the crash dump process with a reboot, to keep the in-memory malware secret. And finally, the resident installs a backdoor in the VPN service.

There is a second element, Line Runner, that uses a vulnerability to arbitrary code from disk on startup, and then installs itself onto the device. That one is a long term command and control element, and seems to only get installed on targeted devices. The Talos blog makes a rather vague mention of a 32-byte token that gets pattern-matched, to determine an extra infection step. It may be that Line Runner only gets permanently installed on certain units, or some other particularly fun action is taken.

Fixes for the vulnerabilities that allowed for persistence are available, but again, the initial vector is still unknown. There’s a vulnerability that just got fixed, that could have been such a vulnerability. CVE-2024-20295 allows an authenticated user with read-only privileges perform a command injection as root. Proof of Concept code is out in the wild for this one, but so far there’s no evidence it was used in any attacks, including the one above. Continue reading “This Week In Security: Cisco, Mitel, And AI False Flags”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Transmitting Typewriter

April 25, 2024 by 5 Comments

Image by [SrBlonde] via Hackaday.IO
Okay, so we’re opening with more than just a keyboard, and that’s fine. In fact, it’s more than fine, it’s probably the cutest lil’ ZX Spectrum you’ll see today.

[SrBlonde]’s wonderful micro Spectrum project has only the essential inputs, which makes for an interesting-looking keyboard for sure. Inside you’ll find an Orange Pi Zero 2 board loaded with Batocera so [SrBlonde] can play all their favorite childhood games on the 5″ IPS display.

Something else that’s interesting is that the switches are a mix of blues and blacks — clickies and linears. I can’t figure out how they’re distributed based on the numbers in the components list, but I could see using clickies on the alphas and linears everywhere else (or vice versa). At any rate, it’s a great project, and you can grab the STL files from Thingiverse if you’re so inclined.

Continue reading “Keebin’ With Kristina: The One With The Transmitting Typewriter”

Supercon 2023: Alex Lynd Explores MCUs In Infosec

April 24, 2024 by 9 Comments

The average Hackaday reader hardly needs to be reminded of the incredible potential of the modern microcontroller. While the Arduino was certainly transformative when it hit the scene, those early 8-bit MCUs were nothing compared to what’s on the market now. Multiple cores with clock speeds measured in the hundreds of megahertz, several MB of flash storage, and of course integrated WiFi capability mean today’s chips are much closer to being fully-fledged computers than their predecessors.

It’s not hard to see the impact this has had on the electronics hobby. In the early 2000s, getting your hardware project connected to the Internet was a major accomplishment that probably involved bringing some hacked home router along for the ride. But today, most would consider something like an Internet-connected remote environmental monitor to be a good starter project. Just plug in a couple I2C sensors, write a few lines of Python, and you’ve got live data pouring into a web interface that you can view on your mobile device — all for just a few bucks worth of hardware.

But just because we’re keenly aware of the benefits and capabilities of microcontrollers like the ESP32 or the Pi Pico, doesn’t mean they’ve made the same impact in other tech circles. In his talk Wireless Hacking on a $5 Budget, Alex Lynd goes over some examples of how he’s personally put these devices to work as part of his information security (infosec) research.

Continue reading “Supercon 2023: Alex Lynd Explores MCUs In Infosec”

FLOSS Weekly Episode 780: Zoneminder — Better Call Randal

April 23, 2024 by 3 Comments

This week Jonathan Bennett and Aaron Newcomb chat with Isaac Connor about Zoneminder! That’s the project that’s working to store and deliver all the bits from security cameras — but the CCTV world has changed a lot since Zoneminder first started, over 20 years ago. The project is working hard to keep up, with machine learning object detection, WebRTC, and more. Isaac talks a bit about developer burnout, and a case or two over the years where an aggressive contributor seems suspicious in retrospect. And when is the next stable version of Zoneminder coming out, anyway?

Continue reading “FLOSS Weekly Episode 780: Zoneminder — Better Call Randal”