Ask Hackaday: What’s Linux Anyway?

July 21, 2023 by Al Williams 55 Comments

Any time we mention Linux, it is a fair bet we will get a few comments from people unhappy that we didn’t refer to it as GNU/Linux or with some other appellation. To be fair, they aren’t wrong. Linux is a kernel. Much of what we think of as a Linux desktop OS is really from other sources, including, but not limited to, GNU. We thought about this after reading a report from [The Register] that Linux has nearly half of the desktop OS Linux market. Wait, what?

If you are like us, you probably think that’s a typo. It isn’t. But the more you think about it, the less sense it makes. You know that half of the world’s desktops don’t run Linux. But maybe they mean Unix? Nope. So how can Linux have almost half of the Linux market? That’s like saying nearly half of Hackaday readers read Hackaday, right?

Continue reading “Ask Hackaday: What’s Linux Anyway?” →

Hackaday Podcast 228: Bats, Eggs, Lasers, Duck Tape, And Assembly Language

July 21, 2023 by Dan Maloney 1 Comment

Summer’s in full swing, and this week both Elliot and Dan had to sweat things out to get the podcast recorded. But the hacks were cool — see what I did there? — and provided much-needed relief. Join us as we listen in on the world of bats, look at a laser fit for a hackerspace, and learn how to make an array of magnets greater than — or less than — the sum of its parts. There’ll be flying eggs, keyboards connected to cell phones, and everything good about 80s and 90s cable TV, as well as some of the bad stuff. And you won’t want to miss Elliot putting Dan to shame with the super-size Quick Hacks, either, nor should you skip the Can’t Miss sweep with a pair of great articles by Al Williams.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download a long series of ones and zeroes that, when appropriately interpreted, sound like two people talking about nerdy stuff!

Continue reading “Hackaday Podcast 228: Bats, Eggs, Lasers, Duck Tape, And Assembly Language” →

This Week In Security: Dating App, WooCommerce, And OpenSSH

July 21, 2023 by Jonathan Bennett 4 Comments

Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort of database this was, or how exactly it was accessed. But the result is 2.3 million exposed records, containing email address, photos — sometimes explicit, and more. Apparently also exposed were server backups and logs.

The good news here is that once [Jeremiah Fowler] discovered the database door unlocked and hanging open, he made a disclosure, and the database was secured. We can only hope that it wasn’t discovered by any bad actors in the meantime. The app has now disappeared from the Google Play store, and had just a bit of a sketchy air about it.

WooCommerce Under Siege

Back in March, CVE-2023-28121 was fixed in the WooCommerce plugin for WordPress. The issue here is an authentication bypass that allows an unauthenticated user to commandeer other user accounts.

Within a few months, working exploits had been derived from the details of the patch plugging the hole. It wasn’t hard. A function for determining the current user was explicitly trusting the contents of the X-WCPAY-PLATFORM-CHECKOUT-USER request header. Set that value in a request sent to the server, and ding, you’re administrator.

And now the cows are coming home to roost. Active exploitation started in earnest on July 14, and the folks at Wordfence clocked a staggering 1.3 million exploitation attempts on the 16th. What’s particularly interesting is that the Wordfence data gathering system saw a huge increase in requests for the readme.txt file that indicates the presence of the WooCommerce plugin on a WordPress site. These requests were observed before the attacks got started, making for an interesting early warning system. Continue reading “This Week In Security: Dating App, WooCommerce, And OpenSSH” →

TV Typewriter Remembered

July 20, 2023 by Al Williams 23 Comments

With the recent passing of Don Lancaster, I took a minute to reflect on how far things have come in a pretty short period of time. If you somehow acquired a computer in the early 1970s, it was probably some discarded DEC, HP, or Data General machine. A few people built their own, but that was a stout project with no microprocessor chips readily available. When machines like the Mark-8 and, more famously, the Altair appeared, the number of people with a “home computer” swelled — relatively speaking — and it left a major problem: What kind of input/output device could you use?

An ad from Kilobaud offered you a ready-to-go, surely refurbished, ASR33 for $840

At work, you might have TeleType. Most of those were leased, and the price tag of a new one was somewhere around $1,000. Remember, too, that $1,000 in 1975 was a small fortune. Really lucky people had video terminals, but those were often well over $1,500, although Lear Siegler introduced one at the $1,000 price, and it became wildly successful. Snagging a used terminal was not very likely, and surplus TeleType equipment was likely of the 5-bit Baudot variety — not unusable, but not the terminal you really wanted.

A lot of the cost of a video terminal was the screen. Yet nearly everyone had a TV, and used TVs have always been fairly cheap, too. That’s where Don Lancaster came in. His TV Typewriter Cookbook was the bible for homebrew video displays. The design influenced the Apple 1 computer and spawned a successful kit for a company known as Southwest Technical Products. For around $300 or so, you could have a terminal that uses your TV for output. Continue reading “TV Typewriter Remembered” →

Hackaday Prize 2023: Meet The Assistive Tech Finalists

July 19, 2023 by Tom Nardi 8 Comments

If you’re still toiling away at your entry for the Gearing Up Challenge of the 2023 Hackaday Prize, don’t panic! No, you haven’t lost track of time — due to some technical difficulties we had to delay the final judging for the Assistive Tech Challenge that ended May 30th.

Today we’re pleased to announce that all the votes are in, and we’re ready to unveil the ten projects that our panel of judges felt best captured the spirit of this very important challenge. Each of these projects will take home $500 and move on to the final round of judging. There are few more noble pursuits than using your talents to help improve the lives of others, so although we could only pick ten finalists, we’d like to say a special thanks to everyone who entered this round.

Continue reading “Hackaday Prize 2023: Meet The Assistive Tech Finalists” →

Discussing The Finer Points Of Space-Worthy Software

July 17, 2023 by Tom Nardi 28 Comments

At the dawn of the Space Race, when computers were something that took up whole rooms, satellites and probes had to rely on analog electronics to read from their various sensors and transmit the resulting data to the ground. But it wasn’t long before humanity’s space ambitions outgrew these early systems, which lead to vast advancements in space-bound digital computers in support of NASA’s Gemini and Apollo programs. Today, building a spacecraft without an onboard computer (or even multiple redundant computers) is unheard of. Even the smallest of CubeSats is likely running Linux on a multi-core system.

As such, software development has now become part an integral part of spacecraft design — from low-level code that’s responsible for firing off emergency systems to the 3D graphical touchscreen interfaces used by the crew to navigate the craft. But as you might expect, the stakes here are higher than any normal programming assignment. If your code locks up here on Earth, it’s an annoyance. If it locks up on a lunar lander seconds before it touches down on the surface, it could be the end of the mission.

To get a bit more insight into this fascinating corner of software development, we invited Jacob Killelea to host last week’s
Software for Satellites Hack Chat. Jacob is an engineer with a background in both aero and thermodynamics, control systems, and life support. He’s written code for spacecraft destined for the Moon, and perhaps most importantly, is an avid reader of Hackaday.

Continue reading “Discussing The Finer Points Of Space-Worthy Software” →

Hackaday Links: July 16, 2023

July 16, 2023 by Dan Maloney 26 Comments

Last week, we noted an attempt to fix a hardware problem with software, which backfired pretty dramatically for Ford when they tried to counter the tendency for driveshafts to fall out of certain of their cars by automatically applying the electric parking brake.

This week, the story is a little different, but still illustrates how software and hardware can interact unpredictably, especially in the automotive space. The story centers on a 2015 Optima recall for a software update for the knock sensor detection system. We can’t find the specifics, but if this recall on a similar Kia model in the same model year range and a class-action lawsuit are any indication, the update looks like it would have made the KSDS more sensitive to worn connecting rod damage, and forced the car into “limp home mode” to limit damage to the engine if knocking is detected.

A clever solution to a mechanical problem? Perhaps, but because the Kia owner in the story claims not to have received the snail-mail recall notice, she got no warning when her bearings started wearing out. Result: a $6,000 bill for a new engine, which she was forced to cover out of pocket. Granted, this software fix isn’t quite as egregious as Ford’s workaround for weak driveshaft mounting bolts, and there may very well have been a lack of maintenance by the car’s owner. But if you’re a Kia mechanical engineer, wouldn’t your first instinct have been to fix the problem causing the rod bearings to wear out, rather than papering over the problem with software?

Continue reading “Hackaday Links: July 16, 2023” →