Hackaday Columns

4574 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Don’t Give Up

December 30, 2023 by 29 Comments

I’m at Chaos Communication Congress this weekend, and it’s like being surrounded by the brightest, most creative, and being honest, nerdiest crowd imaginable. And that’s super invigorating.

But because of the pandemic, this is the first in-person conference in four years, and it’s been a rather unsettling time in-between. There are tons of unknowns and issues confronting us all, geeks or otherwise, at the moment. I know some people who have fallen prey to this general malaise, and become more or less cynical.

Especially in this context, watching a talk about an absolutely bravado hack, or falling into a conversation that sparks new ideas, can be inspiring in just the right way to pull one out of the slump. Every talk is naturally a success story — of course they are, otherwise they wouldn’t be up there presenting.

But all of the smaller interactions, the hey-why-didn’t-I-think-of-that moments or the people helping each other out with just the right trick, that give me the most hope. That’s because they are all around, and I’m sure that what I’m seeing is just the tip of the iceberg. So stick together, nerds, share your work, and don’t give up!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 250: Trains, RC Planes, And EEPROMS In Flames

December 29, 2023 by 1 Comment

This week in the Podcast, Elliot Williams is off at Chaos Communication Congress, hearing tales of incredible reverse engineering that got locomotives back up and running, while Al Williams is thinking over what happened in 2023. There’s a lot of “how things work” in this show, from data buoys to sewing machines to the simulated aging of ICs.

Whether you’re into stacking bricks, stacking Pi Picos, or stacking your 3D prints to make better use of precious bed space, this episode is for you. Enjoy.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

This is your last chance to download a new podcast this year. Take it!

Continue reading “Hackaday Podcast Episode 250: Trains, RC Planes, And EEPROMS In Flames”

This Week In Security: Triangulation, ProxyCommand, And Barracuda

December 29, 2023 by 6 Comments

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly dedicated researchers at Kaspersky, which just happens to be headquartered in Moscow, that’s exactly what we have today. The name Operation Triangulation was picked, based off part of the device fingerprinting code that rendered a yellow triangle on an HTML canvas.

The entire talk is available, given this week at the 37th Chaos Communication Congress, 37c3. The exploit starts with an iMessage attachment, delivered silently, that exploits an undocumented TrueType font instruction. Looking at the source code implies that it was a copy-paste error where a programmer didn’t quite get the logic right for a pointer calculation. That vulnerability gives a memory write primitive that pivots into code execution. What’s particularly interesting is that Apple silently fixed this bug January 2023, and didn’t make any public statements. Presumably there were an uptick of crash logs that pointed to this problem, but didn’t conclusively show attempted exploitation.

The exploits then moves to using NSExpression as a next stage. NSExpression is an ugly way to write code, but it does allow the exploit chain to get to the next stage, running JavaScript as an application, without Just In Time compilation. The JS payload is quite a beast, weighing in at 11,000 lines of obfuscated code. It manages to call native APIs directly from JS, which then sets up a kernel exploit. This is multiple integer overflow flaws that result in essentially arbitrary system memory reads and writes. Continue reading “This Week In Security: Triangulation, ProxyCommand, And Barracuda”

Linux Fu: Preprocessing Beyond Code

December 28, 2023 by 15 Comments

If you glanced at the title and thought, “I don’t care — I don’t write C code,” then hang on a minute. While it is true that C has a preprocessor and you can notoriously do strange and — depending on your point of view — horrible or wonderful things with it, there are actually other options and you don’t have to use any of them with a C program. You can actually use the C preprocessor with almost any kind of text file. And it’s not the only preprocessor you can abuse this way. For example, the m4 preprocessor is wildly complex, vastly underused, and can handle C source code or anything else you care to send to it.

Definitions

I’ll define a preprocessor as a program that transforms its input file into an output file, reacting to commands that are probably embedded in the file itself. Most often, that output is then sent to some other program to do the “real” work. That covers cpp, the C preprocessor. It also covers things like sed. Honestly, you can easily create custom preprocessors using C, awk, Python, Perl, or any other programming language. There are many other standard programs that you could think of as preprocessors, for example, tr. However, one of the most powerful is made to preprocess complex input files called m4. For some reason — maybe because of its complexity — you don’t see much m4 in the wild.

Continue reading “Linux Fu: Preprocessing Beyond Code”

FLOSS Weekly Episode 763: Fedora Fixes Everything

December 27, 2023 by 18 Comments

This week Jonathan Bennett and Dan Lynch talk once again with Neal Gompa of Fedora, CentOS, openSUSE and more. This time the focus is Fedora, with sprinklings of Immutable Linux, KDE 6, and the new Linux stack of Pipewire, Portals, and Wayland. Neal gives us a rundown of what exactly makes Fedora Atomic so interesting, and why you probably don’t want it running on your desktop. But in a computer lab, or on a public machine? Fedora Atomic might be exactly what you need.

Up next there’s Pipewire, the userspace sound server that replaces Pulseaudio and Jack. Should we think of Pipewire as Jack 3.0? And what’s the secret to getting really reliable low-latency performance for Pipewire in Fedora? It might not be what you expect.

There’s a popular rant online, that Wayland breaks everything. And for years, that’s been a relatively accurate statement, in that Wayland hasn’t been ready for prime-time. Fedora 40 has gone all in on the belief that Wayland’s time has come, with KDE and Gnome no longer having an X11 native option. It’s Wayland all the way. And as one that has run Rawhide, I can say that the future there is bright. Literally, if you have an HDR capable monitor.

Continue reading “FLOSS Weekly Episode 763: Fedora Fixes Everything”

Beyond The Basics: Exploring More Exotic Scope Trigger Modes

December 27, 2023 by 2 Comments

Last time, we looked at some powerful trigger modes found on many modern scopes, including the Rigol DHO900 series we used as an example. Those triggers were mostly digital or, at least, threshold-based. This time, we’ll look at some more advanced analog triggers as well as a powerful digital trigger that can catch setup and hold violations. You can find the Raspberry Pi code to create the test waveforms online.

In addition to software, you’ll need to add some simple components to generate the analog waveform. In particular, pin 21 of the Pi connects to  2uF capacitor through a 10K resistor. The other side of the capacitor connects to ground. In addition, pin 22 connects directly to the capacitor, bypassing the 10K resistor. This allows us to discharge the capacitor quickly. The exact values are not especially important.

Runt Triggers

A runt pulse is one that doesn’t have the same voltage magnitude as surrounding pulses. Sometimes, this is due to a bus contention, for example. Imagine if you have some square waves that go from 0 to 5V. But, every so often, one pulse doesn’t make it to 5V. Instead, it stops at 3V.

Continue reading “Beyond The Basics: Exploring More Exotic Scope Trigger Modes”

Hackaday Links Column Banner

Hackaday Links: December 24, 2023

December 24, 2023 by 10 Comments

Back near the beginning of the current Solar Cycle 25, we penned an article on what the whole deal is with solar cycles, and what could potentially lie in store for us as the eleven-year cycle of sunspot population developed. Although it doesn’t really come across in the article, we remember being somewhat pessimistic about things, thinking that Solar Cycle 25 would be somewhat of a bust in terms of increased solar activity, given that the new cycle was occurring along with other, longer-period cycles that tend to decrease solar output. Well, looks like we couldn’t have gotten that more wrong if we tried, since the Sun lashed out with a class X solar flare last week that really lit things up. The outburst came from a specific sunspot, number 3514, and clocked in at X2.8, the most powerful flare since just before the end of the previous solar cycle. To put that into perspective, X-class flares have a peak X-ray flux of 10-4 watts/m², which when you think about it is a lot of energy. The flare resulted in a strong radio blackout; pretty much everything below 30 MHz was unusable for a while.

Continue reading “Hackaday Links: December 24, 2023”