Hackaday Columns

4242 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

MXenes Make Faraday Cages You Can Turn On And Off

February 15, 2023 by 13 Comments

Shielding is crucial for all manner of electronic devices. Whether you want to keep power supply noise out of an audio amplifier, or protect ICBMs against an electromagnetic pulse from a nuclear attack, the basic physics behind shielding remains the same. A Faraday cage or shield will do the trick.

At times, though, it would be desirable to shield and unshield a device at will. A new class of materials known as MXenes may be able to offer just that functionality, with microscopically thin films serving as shields that can be switched on and off at will.

Continue reading “MXenes Make Faraday Cages You Can Turn On And Off”

Matt Venn speaking at Supercon 2022

Supercon 2022: Matt Venn’s Tiny Tapeout Brings Chip Design To The Masses

February 14, 2023 by 23 Comments

Not that long ago, rolling your own printed circuit boards was difficult, time-consuming and expensive. But thanks to an army of cheap, online manufacturing services as well as high-quality free design software, any hobbyist can now make boards to rival those made by pros. A similar shift might be underway when it comes to chip design: affordable manufacturing options and a set of free software tools are slowly bringing custom chips into the realm of hackers and hobbyists. One of those working hard to democratize chip design is Matt Venn, who’s been telling us all about his current big project, called Tiny Tapeout, in his talk at Remoticon 2022.

Matt’s quest to bring IC design to the masses started in 2020, when the first open-source compatible Process Design Kit (PDK) was released to the public. A PDK is a collection of files, normally only available under strict non-disclosure agreements, that describe all the features of a specific chip manufacturing process and enable you to make a design. With this free PDK in hand and a rag-tag collection of free software tools, Matt set out to design his first chip, a VGA clock, which he taped out (released to manufacturing) in July 2020. Continue reading “Supercon 2022: Matt Venn’s Tiny Tapeout Brings Chip Design To The Masses”

Ban On Physical Mail Slated For NYC Jails, Which Could Go Digital Instead

February 13, 2023 by 50 Comments

Prison is a scary place, very much by design. It’s a place you end up when convicted of crimes by the judicial system, or in some cases, if you’re merely awaiting trial. Once you go in as a prisoner, general freedom and a laundry list of other rights are denied to you. New York City is the latest in a long list of municipalities looking to expand that list to include a ban on inmates receiving physical mail.

To achieve this, prisons across the US are instead switching to digital-only systems, which would be run by a private entity. Let’s look at the how, what, and why of this contentious new idea.

Continue reading “Ban On Physical Mail Slated For NYC Jails, Which Could Go Digital Instead”

Hackaday Links Column Banner

Hackaday Links: February 12, 2023

February 12, 2023 by 24 Comments

So, maybe right now isn’t the best time to get into the high-altitude ballooning hobby? At least in the US, which with the downing of another — whatever? — over Alaska, seems to have taken a “Sidewinders first, threat identification later” approach to anything that floats by. The latest incident involved an aircraft of unknown type, described as “the size of a small car” — there’s that units problem again — that was operating over Prudhoe Bay off the northern coast of Alaska. The reason that was given for this one earning a Sidewinder was that it was operating much lower than the balloon from last week, only about 40,000 feet, which is well within the ceiling of commercial aviation. It was also over sea ice at the time of the shootdown, making the chance of bothering anyone besides a polar bear unlikely. We’re not taking any political position on this whole thing, but there certainly are engineering and technical aspects of these shootdowns that are pretty interesting, as well as the aforementioned potential for liability if your HAB goes astray. Nobody ever really benefits from having an international incident on their resume, after all.

Continue reading “Hackaday Links: February 12, 2023”

Hackaday Podcast 205: Hackaday Berlin, So Many Sundials, And Ovens Pinging Google

February 10, 2023 by 9 Comments

Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi start this week’s episode off with the announcement of Hackaday Berlin on March 25th. It’s been quite some time since we’ve been on the other side of the pond, because we had to cancel 2020’s Hackaday Belgrade due to COVID-19, so excitement is high for all three days of this “one-day” event.

After a new What’s that Sound, discussion moves on to an impressive collection of DIY sundials, the impact filament color has on the strength of 3D printed parts, the incredible retrocomputer replicas of Michael Gardi, and the Arduino FPGA that you’ve probably never heard of. We’ll wrap things up with the unexpected difficulties of mixing multiple cheap audio sources in Linux, and try to figure out why our kitchen appliances need to be connected to the Internet.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in  the comments!

Download all the bits!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 205: Hackaday Berlin, So Many Sundials, And Ovens Pinging Google”

This Week In Security: ImageMagick, VBulletin, And Dota 2

February 10, 2023 by 3 Comments

There are a few binaries that wind up running in a bunch of places, silently do their jobs, and being easily forgotten about. ImageMagick is used on many servers for image conversion and resizing, and tends to run automatically on uploaded images. Easily forgotten, runs automatically, and with arbitrary inputs. Yep, perfect target for vulnerability hunting. And the good folks at Metabase found two of them.

First up is CVE-2022-44267, a Denial of Service, when ImageMagick tries to process a rigged PNG that contains a textual chunk. This data type is usually used for metadata, and can include a profile entry for something like EXIF data. If this tag is specified inside a text chunk, ImageMagick looks to the given value as a filename for finding that profile data. And notably, if that value is a dash -, it tries to read from standard input. If the server’s image processing flow doesn’t account for that quirk, and virtually none of them likely do, this means the ImageMagick process hangs forever, waiting for the end of input. So while that’s not usually a critical problem, it could be used for a resource exhaustion attack.

But the real problem is CVE-2022-44268. It’s the same trick, but instead of using - to indicate standard input, the processed image refers to a file on the server filesystem. If the file exists, and can be read, the contents are included in the image output. If the attacker has access to the image, it’s a slick data leak — and obviously a real security problem. If a server doesn’t have tight file permissions and isolation, there’s plenty of sensitive information to be found and abused.

The fix landed back in October 2022, and was part of the 7.1.0-52 release. There’s a bit of uncertainty about which versions are vulnerable, but I wouldn’t trust anything older than that version. It’s a pretty straightforward flaw to understand and exploit, so there’s a decent chance somebody figured it out before now. The file exfiltration attack is the one to watch out for. It looks like there’s an Indicator of Compromise (IoC) for those output PNGs: “Raw profile type”. Continue reading “This Week In Security: ImageMagick, VBulletin, And Dota 2”

Ski Season Sees Apple’s Crash Detection System Fire Deluge Of False Positives

February 9, 2023 by 39 Comments

Smartphone features used to come thick and fast. Cameras proliferated, navigation got added, and then Apple changed the game by finally making touch computing just work. Since then, truly new features have slowed to a trickle, but Apple’s innovative crash detection system has been a big deal where safety is concerned.

The problem? It’s got a penchant for throwing false positives when iPhone and Apple Watch users are in no real danger at all. We first covered this problem last year, but since then, the wintery season has brought yet more issues for already-strained emergency responders.

Continue reading “Ski Season Sees Apple’s Crash Detection System Fire Deluge Of False Positives”