Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Mouse-cropad

Okay, so you built a macropad or even a keyboard. What now? Well, most people use some kind of mouse to go along with it, but no one uses a mouse like this creation by [Joe_Scotto].

This is the mouse no one asked for, and yet I think it’s pretty awesome for something that’s supposed to be a joke. Maybe it’s in the great execution, I don’t know. I will ignore the suggestion that MX Browns are part of the joke, however. *cries in OG tactility*

Essentially, this is a macropad that uses QMK mouse keys to emulate a mouse. The build itself couldn’t be more straightforward — it’s six MX browns wired up to six pins on a Pico, and they all share a common ground. Keep the joke going by commissioning one from [Joe] or building it yourself.

Via [r/cyberdeck]

News: Microsoft Discontinues Natural Keyboard

Image via Wikipedia

It’s often people’s first ergonomic keyboard — some variation of Microsoft’s Natural keyboard, that 90s split that took up so much real estate on the desk with it’s built-in wrist rest.

I’ll admit that despite using one for years at the office, I went back to whatever clicky rectangles I could get from the IT department. Then came the pain, and I got a Logitech Wave. Then came the surgery, and the Kinesis Advantage.

Well, now it seems that after 30 years and several ergonomic models, Microsoft are exiting the keyboard game. While I don’t personally understand why when there are so many fans, [Jeff Atwood] believes it’s because keyboards are exploding in popularity and tons of people are building their own. While that may be true, there are legions of normies trying to stave off carpal and cubital tunnel syndrome and have absolutely no interest in building anything, much less a keyboard. So, get these things while they’re hot, I guess.

Continue reading “Keebin’ With Kristina: The One With The Mouse-cropad”

DIY Picosatellites Hack Chat

Join us on Wednesday, June 21 at noon Pacific for the DIY Picosatellites Hack Chat with Nathaniel Evry!

Building a satellite and putting it in orbit was until very recently something only a nation had the resources to accomplish, and even then only a select few. Oh sure, there were a few amateur satellites that somehow managed to get built on a shoestring budget and hitch a ride into space, and while their stories are deservedly the stuff of legends, satellite construction took a very long time to be democratized.

Fast forward a half-dozen or so decades, and things have changed dramatically. Satellite launches are still complex affairs — it’s still rocket science, after all — but the advent of the CubeSat format and the increased tempo of launches, both national and commercial, has pushed the barriers to private, low-budget launches way, way down. So much so, in fact, that the phrase “space startup” is no longer something to snicker about.

join-hack-chatOne such group of space entrepreneurs is Quub, Inc., a small company in Lancaster, Pennsylvania which is looking to build and fly a constellation of microsatellites to monitor Earth’s environment in real-time. They’re building sats and signing launch deals using consumer-grade technology and modularized construction, and we’re lucky enough to have Nathaniel Evry, their Chief Research Officer, stop by the Hack Chat. If you’ve ever wondered what it takes to build hardware that can stand the rigors of launch and then perform a task in space, you’ll want to tune in for this one.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, June 21 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter. Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links Column Banner

Hackaday Links: June 18, 2023

Will it or won’t it? That’s the question much on the minds of astronomers, astrophysicists, and the astro-adjacent this week as Betelgeuse continued its pattern of mysterious behavior that might portend a supernova sometime soon. You’ll recall that the red giant star in the constellation Orion went through a “great dimming” event back in 2019, where its brightness dipped to 60% of its normal intensity. That was taken as a sign that perhaps the star was getting ready to explode — or rather, that the light from whatever happened to the star 548 years ago finally reached us — and was much anticipated by skywatchers, yours truly included. As it turned out, the dimming was likely caused by Betelgeuse belching forth an immense plume of dust, temporarily obscuring our view of its light. Disappointing.

Those who gave up on the hope of seeing a supernova might have done so too fast, though, because now, the star seems to be swinging the other way and brightening. It briefly became the brightest star in Orion, nearly outshining nearby Sirius, the brightest star in the sky. So what does all this on-again, off-again business mean? According to Dr. Becky, a new study — not yet peer-reviewed, so proceed with caution — suggests that the star could go supernova in the next few decades. The evidence for this is completely unrelated to the great dimming event, but by analyzing the star’s long history of variable brightness. The data suggest that Betelgeuse has entered the carbon fusion phase of its life, a period that only lasts on the scale of a hundred years for a star that size. So we could be in for the ultimate fireworks show, which would leave us with a star brighter than the full moon that’s visible even in daylight. And who doesn’t want to see something like that?

Continue reading “Hackaday Links: June 18, 2023”

Get In Over Your Head!

When you talk to hackers who’ve just finished an epic project, they’ll often start off with a very familiar refrain: “I had no idea what I was getting into.” And maybe they’ll even follow up with the traditional second line “If I knew how hard this was going to be, I probably wouldn’t have tried.” And that’s from people who have just finished wiping the sweat from their brow.

Don’t get me wrong, sometimes you do get in over your head and take on more than you can chew. But let’s be honest, how often does that really happen relative to how many projects end up looking easy at first, and then end up teaching you a lot along the way, often the hard way? If you’re like me, the latter happens more than the former, and I don’t think I’m particularly clever.

Instead, it’s just the nature of learning. In the beginning, you don’t know something, so you don’t realize how difficult it is, hence the first classic line. And of course it’s going to be hard, because learning is always hard. If you knew it already, it would be easier, but it wouldn’t be learning!

Whether you get through or not depends on your own stubbornness and of course the nature of the hurdles. But whether you learn or not depends entirely on you not knowing what you’re doing in the first place.

Pay good attention to the second line in the post-hack couplet, and heed its advice. Starting off on something that you don’t already know how to do provides you with a fearlessness, and the courage to try something that you might not have otherwise dared. It’s good to get in over your head sometimes. That’s where you learn, and those are the audacious projects that end up being the most successful.

Or they end up as horrendous failures, but we’re crossing our fingers for you. Be brave! And if you can’t be brave, be incompletely informed.

Hackaday Podcast 223: Smoking Smart Meter, 489 Megapixels, And Unshredding Documents

Elliot’s back from vacation, and Dan stepped into the virtual podcast studio with him to uncover all the hacks he missed while hiking in Italy. There was a lot to miss, what with a smart meter getting snuffed by a Flipper Zero — or was it? How about a half-gigapixel camera built out of an old scanner, or a sonar-aimed turret gun? We also looked at a couple of projects that did things the hard way, like a TV test pattern generator that was clearly a labor of love, and an all-transistor HP frequency counter. More plastic welding? Hey, a fix is a fix! Plus, we’ll dive into why all those Alexas are just gathering dust, and look at the really, REALLY hard problems involved in restoring shredded documents.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download a long series of ones and zeroes that, when appropriately interpreted, sound like two people talking about nerdy stuff!

Continue reading “Hackaday Podcast 223: Smoking Smart Meter, 489 Megapixels, And Unshredding Documents”

This Week In Security: ACME.sh, Leaking LEDs, And Android Apps

Let’s Encrypt has made an enormous difference to the landscape of the web. The protocol used for authenticating and receiving certificates, ACME, has spawned quite a few clients of various flavors. Some are written in Rust, some in Python or Go, and a few in straight Bash shell script. One of those last ones, acme.sh, was doing something odd when talking to a particular “Certificate Authority”, HiCA. This pseudo-CA only supports acme.sh, and now we know why. The folks behind HiCA found an RCE exploit in acme.sh, and decided to use that exploit to do certificate issuance with more “flexability”. Oof.

The nuts and bolts here is that HiCA was working as a CA-in-the-Middle, wrapping other CA’s authentication services. Those services don’t support ACME authentication at all, and HiCA used the acme.sh vulnerability to put the authentication token in the place SSL.com expected to find it. So, just a good community member offering a service that ACME doesn’t quite support, right?

Well, maybe not so innocent. The way it appears this works, is that the end user sends a certificate request to HiCA. HiCA takes that information, and initiates a certificate request off to SSL.com. SSL.com sends back a challenge, and HiCA embeds that challenge in the RCE and sends it to the end user. The end user’s machine triggers the RCE, which pushes the challenge token to the well-known location, and bypasses the ACME protection against exactly this sort of CA-in-the-middle situation.

The last piece of the authentication process is that the signing server reaches out over HTTP to the domain being signed, and looks for the token to be there. Once found, it sends the signed certificates to HiCA, who then forward them on to the end user. And that’s the problem. HiCA has access to the key of every SSL cert they handled. This doesn’t allow encryption, but these keys could be used to impersonate or even launch MitM attacks against those domains. There’s no evidence that HiCA was actually capturing or using those keys, but this company was abusing an RCE to put itself in the position to have that ability.

The takeaway is twofold. First, as an end user, only use reputable CAs. And second, ACME clients need to be hardened against potentially malicious CAs. The fact that HiCA only supported the one ACME client was what led to this discovery, and should have been a warning flag to anyone using the service. Continue reading “This Week In Security: ACME.sh, Leaking LEDs, And Android Apps”

Retrotechtacular: Circuit Potting, And PCBs The Hard Way

There was a time when the very idea of building a complex circuit with the intention of destroying it would have been anathema to any electrical engineer. The work put into designing a circuit, procuring the components, and assembling it, generally with point-to-point wiring and an extravagant amount of manual labor, only to blow it up? Heresy!

But, such are the demands of national defense, and as weapons morphed into “weapon systems” after World War II, the need arose for electronics that were not only cheap enough to blow up but also tough enough to survive the often rough ride before the final bang. The short film below, simply titled Potted and Printed Circuits, details the state of the art in miniaturization and modularization of electronics, circa 1952. It was produced by the Telecommunications Research Establishment (TRE), the main electronics R&D entity in the UK during the war which was responsible for inventions such as radar, radio navigation, and jamming technology.

Continue reading “Retrotechtacular: Circuit Potting, And PCBs The Hard Way”