Hackaday Columns

4569 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Typewriter Orchestra

January 31, 2024 by 2 Comments

Have you ever wished you had more control over what goes into a kit keyboard build? Like, a whole lot more control? Well, that’s the idea behind the Akruvia 12×4 Playground by [iketsj].

Image by [iketsj] via YouTube

This is a 48-key ortholinear keyboard, but other than that, it’s a complete blank slate. The kit includes the PCB, diodes, RGB LEDs, and Kailh Choc V1 hot swap sockets, which is really the only choice you don’t have in the matter.

All the rest is up to you, thanks to a generous prototyping area that wraps around three sides of the keys. Bring your own microcontroller and anything else that sounds useful, like displays, rotary encoders, gesture sensors, pointing devices, you name it.
You could even magnetically link a macro pad to one side, as [iketsj] teases in the intro video. [iketsj] has made the kit available through links on their website, and you’ll find a product guide there as well.

Continue reading “Keebin’ With Kristina: The One With The Typewriter Orchestra”

Human-Interfacing Devices: The Descriptor Heist

January 30, 2024 by 9 Comments

Today, we’ll build our own input devices. And they will be easy to create and write firmware for, they will work perfectly, and they will be cross-platform. We can do that with help of the Human Interface Device (HID) standard, and by way of introduction, so that you never get confused by what a “descriptor” means, and we’ll build our own HID device — a Human Interface Device device. The way we build them won’t require reading specifications – instead, I’ll teach your how to steal HID descriptors from existing devices, tweak them for our purposes, and use them in our devices to harness the power of HID.

For decades now, it’s been possible to build a HID mouse or keyboard by using a library or two, and it’s been a godsend for hackers all around the world. However, these libraries are typically confined to a certain template and inflexible, and we hackers often go outside of what’s expected. HID allows for much more than a simple keyboard or a mouse. That’s why today we’re building a touchscreen – something not yet covered online or by libraries.

HID lets you build devices that are friendly. They don’t need drivers, they are plug and play, and they do what you expect them to do. At its core, the HID standard is as simple as is ubiquitous. You can tunnel HID over USB, Bluetooth, I2C, and modern-day operating systems support all three of these. Today, let’s go through the basics of HID, and then build a USB touchscreen out of a SPI-connected resistive touchscreen, with help of the usual RP2040+MicroPython combo. I will also give you a toolkit for how to debug a Human Interface Device device as thoroughly as possible – specifically on Linux, showing all the HID debug and introspection capabilities that Linux gives you. But it’ll work on Windows too through the beauty of standardization.

Continue reading “Human-Interfacing Devices: The Descriptor Heist”

Tech In Plain Sight: Escalators

January 29, 2024 by 36 Comments

If you are designing a building and need to move many people up or down, you probably will at least consider an escalator. In fact, if you visit most large airports these days, they even use a similar system to move people without changing their altitude. We aren’t sure why the name “slidewalk” never caught on, but they have a similar mechanism to an escalator. Like most things, we don’t think much about them until they don’t work. But they’ve been around a long time and are great examples of simple technology we use so often that it has become invisible.

Of course, there’s always the elevator. However, the elevator can only service one floor at a time, and everyone else has to wait. Plus, a broken elevator is useless, while a broken escalator is — for most failures — just stairs.

Continue reading “Tech In Plain Sight: Escalators”

Hackaday Links Column Banner

Hackaday Links: January 28, 2024

January 28, 2024 by 16 Comments

From the “No good deed goes unpunished” files, this week came news of a German programmer who probably wishes he had selected better clients. According to Heise Online (English translation), a freelance programmer — referred to only as “defendant” in the article — was retained by a company to look into a database problem in their system. His investigation revealed that the customer’s database was being filled with log messages from a third-party service called Modern Solution GmbH & Co. KG. over a MySQL connection to a remote server. Assuming this connection was dedicated for his client’s use, the programmer looked at the executable used to make the connection with a text editor, which revealed a password in plain text. Upon connecting to the remote database, he found that it not only contained data for all of Modern Solution’s customers, but also data for all the end users of their customers.

Realizing he’d unintentionally wandered into verboten territory, the programmer immediately backed out and contacted Modern Solutions. They quickly fixed the issue, and then just as quickly reported him to the police. Their “investigation” revealed that the programmer had “decompiled” the executable to obtain the password, in violation of German law. The judge agreed, stating that merely looking at and using the password constituted a criminal offense, regardless of intent and despite the fact that Modern Solution had provided the password to the programmer’s client when they sold them the software. The upshot of all of this nonsense? A €3,000 fine for the programmer, if the verdict stands on appeal. It could have been worse, though; German law allows for up to three years in prison for such offenses.

Continue reading “Hackaday Links: January 28, 2024”

In Praise Of “Simple” Projects

January 27, 2024 by 9 Comments

When I start off on a “simple” project, experience shows that it’s got about a 10% chance of actually remaining simple. Sometimes it’s because Plan A never works out the way I think it will, due to either naivety or simply the random blockers that always get in the way and need surmounting. But a decent percentage of the time, it’s because something really cool happens along the way. Indeed, my favorite kind of “simple” projects are those that open up your eyes to a new world of possibilities or experiments that, taken together, are nothing like simple anymore.

Al Williams and I were talking about water rockets on the podcast the other day, and I realized that this was a perfect example of an open-ended simple project. It sounds really easy: you put some water in a soda bottle, pressurize it a bit with air, and then let it go. Water gets pushed down, bottle flies up. Done?

Oh no! The first step into more sophistication is the aerodynamics. But honestly, if you make something vaguely rocket-shaped with fins, it’ll probably work. Then you probably need a parachute release mechanism. And then some data logging? An accelerometer and barometer? A small video camera? That gets you to the level of [ARRO]’s work that spawned our discussion.

But it wasn’t ten minutes into our discussion that Al had already suggested making the pressure vessel with carbon fiber and doctoring the water mix to make it denser. You’d not be surprised that these and other elaborations have been tried out. Or you could go multi-stage, or vector-thrust, or…

In short, water rockets are one of those “simple” projects. You can get one basically working in a weekend day, and then if you’re so inclined, you could spend an entire summer of weekends chasing down the finer points, building larger and larger tubes, and refining payloads. What’s your favorite “simple” project?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 254: AI, Hijack Guy, And Water Rockets Fly

January 26, 2024 by 1 Comment

This week Hackaday Editors Elliot Williams and Al Williams chew the fat about the Haier IOT problem, and all other top Hackaday stories of the week. Want to prove your prowess at C programming? Take a quiz! Or marvel at some hairy display reverse engineering or 3D-printed compressor screws. On the lighter side, there’s an immense water rocket.

After Al waxes nostalgic about the world of DOS Extenders and extended memory, the guys talk about detective work: First detecting AI-written material, and finally, a great detective story about using science to finally (maybe) crack the infamous DB Cooper hijacking case.

Follow along with the links below. Don’t forget to tell us what you think about this episode in the comments!

Here’s a string of bits containing the podcast that looks suspiciously like an MP3!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 254: AI, Hijack Guy, And Water Rockets Fly”

This Week In Security: MOAB, Microsoft, And Printers

January 26, 2024 by 15 Comments

This week, news has broken of the Mother of All Breaches, MOAB. It’s 12 terabytes and 26 billion records, averaging about 500 bytes each. Now note that a record here is likely not a discrete email address, but simply a piece of data — a row on the database.

Now before we all lose our minds over this, there’s an important detail to take note of: These aren’t new leaks. This is a compilation of leaks, and as far as researchers have checked, there aren’t any new leaks disclosed here. This was someone’s database of accumulated leak data, accidentally re-leaked via an unsecured database. [Troy Hunt] goes so far as to speculate that it could be from a breach search service, which sounds pretty plausible.

There was yet another release of credentials late last week that hasn’t attracted as much attention, but seems to represent a much bigger issue. The Naz.api data set isn’t a breach where a company was hacked, and their entire user database was stolen. Instead, this one is combination of a credential stuffing list and stealer logs.

Credential stuffing is basically a smarter brute force attack, where the credentials from one breach are tried on multiple other sites. Such a list is just the results where guesses were successful. The really interesting bit is that this dataset seems to include stealer logs. Put simply, that’s the results of malware that scrapes victim machines for credentials.

Naz.api has over 70 million unique email addresses, and it looks like about a third of them are new, at least according to the Haveibeenpwned dataset. Now that’s significant, though not really worthy of the MOAB title, either. Continue reading “This Week In Security: MOAB, Microsoft, And Printers”