Software Driving Hardware

We were talking about [Christopher Barnatt]’s very insightful analysis of what the future holds for the Raspberry Pi single board computers on the Podcast. On the one hand, they’re becoming such competent computers that they are beginning to compete with lightweight desktop machines, instead of just being a hacker curiosity.

On the other hand, especially given the shortage and the increase in price that has come with the Pi’s expanding memory endowments, a lot of people who would “just throw in a Raspberry Pi” are starting to think more carefully about their options. Five years ago, this would have meant looking into what you could whip together on an Arduino-based platform, either on actual Arduino hardware or on an ESP8266 or similar, but that’s a very different beast from a programmer’s perspective. Working with microcontrollers used to be very different from working with even the smallest Linux machines.

These days, there is no shortage of microcontrollers that have enough memory – both flash and RAM – to support a higher-level environment like MicroPython. And if you think about it, MicroPython brings to the microcontrollers a lot of what people were using a Raspberry Pi for in projects anyway: a friendly interactive programming environment that was free of the compile-here, flash-there debug cycle. If you’re happy coding Python on a single-board Linux computer, you’ll be more or less happy coding in MicroPython or Circuit Python on a microcontroller.

And what this leaves us with, as hackers, is a fantastic spectrum of choices. Where before there was a hard edge between programming C on an 8-bit PIC or an AVR and working with something that had a full Linux operating system like a Pi, it’s all blurry now. And as the Pis, the Jetson, and all the other Linux SBCs are blurring the boundary with more traditional computers as they all become more competent and gain more computer-like peripherals. Nowadays your choice is much freer, and the hardware landscape more fluid. You don’t have to let software development concerns drive your hardware choices, and we think that’s a great thing.

Chatting About The State Of Hacker-Friendly AR Gear

There are many in the hacker community who would love to experiment with augmented reality (AR), but the hardware landscape isn’t exactly overflowing with options that align with our goals and priorities. Commercial offerings, from Google’s Glass to the Microsoft HoloLens and Magic Leap 2 are largely targeting medical and aerospace customers, and have price tags to match. On the hobbyist side of the budgetary spectrum we’re left with various headsets that let you slot in a standard smartphone, but like their virtual reality (VR) counterparts, they can hardly compare with purpose-built gear.

But there’s hope — Brilliant Labs are working on AR devices that tick all of our boxes: affordable, easy to interface with, and best of all, developed to be as open as possible from the start. Admittedly their first product, Monocle, it somewhat simplistic compared to what the Big Players are offering. But for our money, we’d much rather have something that’s built to be hacked and experimented with. What good is all the latest features and capabilities when you can’t even get your hands on the official SDK?

This week we invited Brilliant Lab’s Head of Engineering Raj Nakaraja to the Hack Chat to talk about AR, Monocle, and the future of open source in this space that’s dominated by proprietary hardware and software.

Continue reading “Chatting About The State Of Hacker-Friendly AR Gear”

Hackaday Podcast 221: The Future Of The Raspberry Pi, Sniffing A Toothbrush, Your Tactical Tool Threshold

Editors Elliot Williams and Tom Nardi are back in the (virtual) podcast studio to talk the latest phase of the 2023 Hackaday Prize, the past, present, and future of single-board computers, and a modern reincarnation of the Blackberry designed by hardware hackers. They’ll also cover the current state of toothbrush NFC hacking, the possibilities of electric farm equipment, and a privately funded satellite designed to sniff out methane. Stick around till the end to find out if there really is such a thing as having too many tools.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Or download all the things!

Continue reading “Hackaday Podcast 221: The Future Of The Raspberry Pi, Sniffing A Toothbrush, Your Tactical Tool Threshold”

This Week In Security: Barracuda, Zyxel, And The Backdoor

Barracuda’s Email Security Gateway (ESG) has had a vulnerability in it for years. Tracked as CVE-2023-2868, this one was introduced back in version 5.1.3.001, and only got patched during the 9.2 development cycle. Specific build information on patched firmware has not been made available, but a firmware build containing the patch was deployed on May 20.

The flaw was a command injection bug triggered by .tar files attached to incoming emails. The appliance scans attachments automatically, and the file names could trigger the qx operator in a Perl script. It’s a nasty one, ranking a 9.4 on the CVSS scale. But the really bad news is that Barracuda found the vulnerability in the wild, and they have found evidence of exploitation as far back as October 2022.

There have been three malware modules identified on the compromised appliances. SALTWATER is a backdoor trojan, with the ability to transfer files, execute commands, and host network tunnels. SEASPY is a stealthier module, that looks like a legitimate service, and uses PCAP to monitor traffic and receive commands. And SEASIDE is a Lua module for the Barracuda SMTP monitor, and it exists to host a reverse shell on command. Indicators of Compromise (IOCs) have been published, and Barracuda recommends the unplug-and-remove approach to cleaning up an infection. The saving grace is that this campaign seems to have been targeted, and wasn’t launched against every ESG on the Internet, so maybe you’re OK.

Moxa, Too

And speaking of security software that has problems, the Moxa MXsecurity appliance has a pair of problems that could be leveraged together to lead to a complete device takeover. The most serious problem is a hard coded credential, that allows authentication bypass for the web-API. Then the second issue is a command-line escape, where an attacker with access to the device’s Command Line Interface (CLI) can break out and run arbitrary commands. Continue reading “This Week In Security: Barracuda, Zyxel, And The Backdoor”

Books You Should Read: Red Team Blues

Martin Hench really likes playing on the Red Team — being on the attack. He’s a financial geek, understands cryptocurrency, understands how money is moved around to keep it hidden, and is really good at mining data from social media. He puts those skills together as a forensic accountant. Put simply, Martin finds money that people want hidden. Against his better judgment, Marty does the job of a lifetime, and makes an absolute mint. But that job had hair, and he’s got to live through the aftermath. It turns out, that might just be a challenge, as three separate groups want a piece of him.

Red Team Blues, a work of fiction by [Cory Doctorow] about cryptocurrency, trust, finance, and society as a whole. When [Doctorow] offered to send us a copy to review, we jumped at the chance, and can give it a hearty recommendation as a fun and thoughtful tale. The moral seems to be that while everyone plays the sordid finance game, the government should really work harder to disentangle the mess, but maybe we would do better if more people opted for integrity. There is also a real point to be made about the dark side of cryptocurrency, in that it enables crime, ransomware, and money laundering on a global scale. For all the pluses for privacy and anonymity, there’s some real downsides. The characters spend most of the book wrestling with that dichotomy in the background.

The book took something of a moralizing turn just over halfway through. Which, depending on your viewpoint, you’ll either really appreciate, or have to hold your nose a bit to get through. But the suspense pulls the reader through it, making for an overall enjoyable read. As an added bonus, you might end up with a better mental image of how the pieces of digital privacy, finance, and the real world all fit together.

The book has all the fun references to Tor, Signal, Bitcoin, and computer history you could want. And the central MacGuffin is an interesting one: a cryptocurrency that runs on proof-of-secure-enclave, eliminating the ridiculous power consumption of proof-of-work schemes. All of this with some rich Silicon Valley lore setting up the background. Our conclusion? Two wrenches up.

Hackaday Prize 2023: This Challenge Makes It So Easy Being Green

This year’s Hackaday Prize is our first nice round number – number ten! We thought it would be great to look back on the history of the Prize and cherry-pick our favorite themes from the past. Last year’s entire theme was sustainable hacking, and we challenged you to come up with ways to generate or save power, keep existing gear out of the landfill, find clever ways to encourage recycling or build devices to monitor the environment and keep communities safer during weather disasters, and you all came through. Now we’re asking you to do it again.

There are hundreds of ways that we can all go a little bit lighter on this planet, and our Green Hacks Challenge encourages you to make them real. Whether you want to focus on clean energy, smarter recycling, preventing waste, or even cleaning up the messes that we leave behind, every drop of oil left unburned or gadget kept out of the landfill helps keep our world running a little cleaner. Here’s your chance to hack for the planet.

Inspiration

One thing we really loved about last year’s Green Hacks was that it encouraged people to think outside the box. For instance, we got some solar power projects as you’d expect, but we also got a few really interesting wind power entries, ranging from the superbly polished 3D Printed Portable Wind Turbine that won the Grand Prize to the experimental kite turbine in Energy Independence While Travelling, to say nothing of the offbeat research project toward making a Moss Microbial Fuel Cell.

Plastic was also in the air last year, as we saw a number of projects to reuse and recycle this abundant element of our waste stream. From a Plastic Scanner that uses simple spectroscopy to determine what type of plastic you’re looking at, to filament recyclers and trash-based 3D printers to make use of shredded plastic chips.

Finally, you all really put the science into citizen science with projects like OpenDendrometer that helps monitor a single tree’s health, and the Crop Water Stress Sensor that does the same for a whole field. Bees didn’t get left out of the data collection party either, with the Beehive Monitoring and Tracking project. And [Andrew Thaler]’s tremendously practical Ocean Sensing for Everyone: The OpenCTD brought the basics of oceanic environmental monitoring down to an affordable level.

Now It’s Your Turn to be Green

If any of the above resonates with your project goals, it’s time to put them into action! Start up a new project over on Hackaday.io, enter it into the Prize, and you’re on your way. Ten finalists will receive $500 and be eligible to win the Grand Prizes ranging from $5,000 to $50,000. But you’ve only got until Tuesday, July 4th to enter, so don’t sleep.

As always, we’d like to thank our sponsors in the Hackaday Prize, Supplyframe and DigiKey, but we’d also like to thank Protolabs for sponsoring the Green Hacks challenge specifically, and for donating a $5,000 manufacturing grant for one finalist. Maybe that could be you?

Supercon 2022: [Jorvon Moss] Gives His Robots A Soul

How do you approach your robot designs? Maybe, you do it from a ‘oh, I have these cool parts’ position, or from a ‘I want to make a platform on wheels for my experiments’ perspective. In that case, consider that there’s a different side to robot building – one where you account for your robot’s influence on what other people around feel about them, and can get your creations the attention they deserve. [Jorvon ‘Odd-Jayy’ Moss]’s robots are catchy in a way that many robot designs aren’t, and they routinely go viral online. What are his secrets to success? A combination of an art background, a Bachelor of Fine Arts in illustration, and a trove of self-taught electronics skills helped him develop a standout approach to robot building.

Now, [Jorvon] has quite a few successful robot projects under his belt, and at Supercon 2022, he talks about how our robots’ looks and behaviour shapes their perception. How do your own robots look to others, and what feelings do they evoke? With [Jorvon], you will go through fundamentals of what makes a robot look lively, remarkable, catchy or creepy, and it’s his unique backgrounds that let him give you a few guidelines on what you should and should not do when building a certain kind of robot.

You’ll do good watching this video – it’s short and sweet, and shows you a different side to building robots of your dreams; plus, the robot riding around on the stage definitely makes this presentation one of a kind. No matter your robot’s technical complexity, it’s significant that it can make people go ‘wow’ when they see it. Not all robots are there to single-mindedly perform a simple task, after all – some are meant to travel around the world.

Continue reading “Supercon 2022: [Jorvon Moss] Gives His Robots A Soul”