Hackaday Columns

4433 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Confluence Of Nerdery

September 23, 2023 by 10 Comments

You might find yourself, dear Hackaday reader, attracted to some pretty strange corners of the tech world. Who knows when that knowledge of stenography, ancient retrocomputing, and floppy disk internals will all combine to get someone falsely accused out of jail? Go read this story and come on back, but the short version is that [Bloop Museum] helped recover some 40+ year old court evidence off of some floppies to right an old wrong.

If you looked at the combination of extremely geeky topics, you’d say it’s unlikely to find anyone well versed in any one of them, and you’d say that the chances of anyone knowing enough in each these fringe domains to be helpful is exceedingly low. But I’m absolutely sure that the folks at [Bloop Museum] had some more to throw into the mix if they were called for. Or better yet, they might know exactly the right geeks to call in.

And that’s the other heartwarming part of the story. When [Bloop Museum] didn’t know everything about old stenography formats, they knew the right people to reach out to – the Plover open stenography project. Who is going to know more? Nobody! Together, the nerd community is an unstoppable resource.

So remember, when you’re hanging out with your geek friends, to keep a running catalog of everyone’s interests. Because you never know when you’re going to need an expert in re-gilding frames, or relocating bee hives, or restoring 1930’s radio sets. Or decoding obscure data formats to get someone out of jail.

Hackaday Halloween

We’re running the 2023 Halloween Hackfest and it’s your chance to document your Halloween projects, and win fame, fortune, or at least one of three $150 DigiKey gift certificates, plus some Arduino schwag courtesy of the contest’s sponsors! You’ve got until the end of October, so get on it!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 237: Dancing Raisins, Coding On Apples, And A Salad Spinner Mouse

September 22, 2023 by 7 Comments

This week, Editor-in-Chief Elliot Williams and Kristina Panos gathered over the Internet and a couple cups of coffee to bring you the best hacks of the previous week. Well, the ones we liked best, anyhow.

First up in the news, we’ve got a brand-spankin’ new Halloween Hackfest contest running now until 9AM PDT on October 31st! Arduino are joining the fun this year and are offering some spooky treats in addition to the $150 DigiKey gift cards for the top three entrants.

It’s a What’s That Sound Results Show this week, and although Kristina actually got into the neighborhood of this one, she alas did not figure out that it was an MRI machine (even though she spent a week in an MRI one day).

Then it’s on to the hacks, which had a bit of a gastronomical bent this week. We wondered why normies don’t want to code on their Macs, both now and historically. We also examined the majesty of dancing raisins, and appreciated the intuitiveness of a salad spinner-based game controller.

From there we take a look at nitinol and its fun properties, admire some large, beautiful Nixie tubes, and contemplate a paper punching machine that spits out nonsensical binary. Finally we talk about rocker bogie suspensions and the ponder the death of cursive.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 237: Dancing Raisins, Coding On Apples, And A Salad Spinner Mouse”

This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina

September 22, 2023 by 15 Comments

Last week we covered the latest 0-day from NSO group, BLASTPASS. There’s more details about exactly how that works, and a bit of a worrying revelation for Android users. One of the vulnerabilities used was CVE-2023-41064, a buffer overflow in the ImageIO library. The details have not been confirmed, but the timing suggests that this is the same bug as CVE-2023-4863, a Webp 0-day flaw in Chrome that is known to be exploited in the wild.

The problem seems to be an Out Of Bounds write in the BuildHuffmanTable() function of libwebp. And to understand that, we have to understand libwebp does, and what a Huffman Table has to do with it. The first is easy. Webp is Google’s pet image format, potentially replacing JPEG, PNG, and GIF. It supports lossy and lossless compression, and the compression format for lossless images uses Huffman coding among other techniques. And hence, we have a Huffman table, a building block in the image compression and decompression.

What’s particularly fun about this compression technique is that the image includes not just Huffman compressed data, but also a table of statistical data needed for decompression. The table is rather large, so it gets Huffman compressed too. It turns out, there can be multiple layers of this compression format, which makes the vulnerability particularly challenging to reverse-engineer. The vulnerability is when the pre-allocated buffer isn’t big enough to hold one of these decompressed Huffman tables, and it turns out that the way to do that is to make maximum-size tables for the outer layers, and then malform the last one. In this configuration, it can write out of bounds before the final consistency check.

An interesting note is that as one of Google’s C libraries, this is an extensively fuzzed codebase. While fuzzing and code coverage are both great, neither is guaranteed to find vulnerabilities, particularly well hidden ones like this one. And on that note, this vulnerability is present in Android, and the fix is likely going to wait til the October security update. And who knows where else this bug is lurking. Continue reading “This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Busy Box Macro Pad

September 21, 2023 by 7 Comments

Well, I must admit that Google Translate completely failed me here, and thus I have no real idea what the trick is to this beautiful, stunning transparent split keyboard by [illness072]. Allegedly, the older tweets (exes?) hold the key to this magic, but again, Google Translate.

Based on top picture, I assume that the answer lies in something like thin white PCB fingers bent to accommodate the row stagger and hiding cleverly behind the keys.

Anyone who can read what I assume is Japanese, please advise what is going on in the comments below.

Continue reading “Keebin’ With Kristina: The One With The Busy Box Macro Pad”

Button, Button, Who’s Got The (Pico) Button?

September 20, 2023 by 26 Comments

There is an episode of Ren and Stimpy with a big red “history eraser’ button that must not be pressed. Of course, who can resist the temptation of pressing the unpressable button? The same goes for development boards. If there is a button on there, you want to read it in your code, right? The Raspberry Pi Pico is a bit strange in that regard. The standard one lacks a reset button, but there is a big tantalizing button to reset in bootloader mode. You only use it when you power up, so why not read it in your code? Why not, indeed?

Turns out, that button isn’t what you think it is. It isn’t connected to a normal CPU pin at all. Instead, it connects to the flash memory chip. So does that mean you can’t read it at all? Not exactly. There’s good news, and then there’s bad news.

The Good News

The official Raspberry Pi examples show how to read the button (you have read all the examples, right?). You can convert the flash’s chip-select into an input temporarily and try to figure out if the pin is low, meaning that the button is pushed. Sounds easy, right?

Continue reading “Button, Button, Who’s Got The (Pico) Button?”

Hello, Halloween Hackfest!

September 19, 2023 by 1 Comment

Halloween is possibly the hackiest of holidays. Think about it: when else do you get to add animatronic eyes to everyday objects, or break out the CNC machine to cut into squashes? Labor day? Nope. Proximity-sensing jump-scare devices for Christmas? We think not. But for Halloween, you can let your imagination run wild!

Jump Scare Tombstone by [Mark]
We’re happy to announce that DigiKey and Arduino have teamed up for this year’s Hackaday Halloween Contest. Bring us your best costume, your scariest spook, your insane home decorations, your wildest pumpkin, or your most kid-pleasing feat!

We’ll be rewarding the top three with a $150 gift certificate courtesy of DigiKey, plus some Arduino Halloween treats if you use a product from the Arduino Pro line to make your hair-raising fantasy happen.

We’ve also got five honorable mention categories to inspire you to further feats of fancy.

  • Costume: Halloween is primarily about getting into outrageous costumes and scoring candy. We don’t want to see the candy.
  • Pumpkin: Pumpkin carving could be as simple as taking a knife to a gourd, but that’s not what we’re after. Show us the most insane carving method, or the pumpkin so loaded with electronics that it makes Akihabara look empty in comparison.
  • Kid-Pleaser: Because a costume that makes a kid smile is what Halloween is really all about. But games or elaborate candy dispensers, or anything else that helps the little ones have a good time is fair game here.
  • Hallowed Home: Do people come to your neighborhood just to see your haunted house? Do you spend more on light effects than on licorice? Then show us your masterpiece!
  • Spooky: If your halloween build is simply scary, it belongs here.

Head on over to Hackaday.io for the full details. And get working on your haunts, costumes, and Rube Goldberg treat dispensers today.

2023 Halloween Hackfest

What Is Killing Cursive? Ballpoints. Probably.

September 18, 2023 by 225 Comments

I get it — you hate writing by hand. But have you ever considered why that is? Is it because typing is easier, faster, and more convenient here in 2023? Maybe so. All of those notwithstanding, I honestly think there’s an older reason: it’s because of the rise of ballpoint pens. And I’m not alone.

Bear with me here. Maybe you think you hate writing because you were forced to do it in school. While that may very well be, depending on your age, you probably used a regular wood-case pencil before graduating to the ballpoint pen, never experiencing the joys of the fountain pen. Well, it’s never too late.

Continue reading “What Is Killing Cursive? Ballpoints. Probably.”