This Week In Security: DEF CON Nonsense, Vibepwned, And 0-days

August 29, 2025 by Jonathan Bennett 5 Comments

DEF CON happened just a few weeks ago, and it’s time to cover some of the interesting talks. This year there were two talks in particular that are notable for being controversial. Coincidentally both of these were from Track 3. The first was the Passkeys Pwned, a talk by SquareX about how the passkey process can be hijacked by malware.

[Dan Goodin] lays out both the details on Passkeys, and why the work from SquareX isn’t the major vulnerability that they claim it is. First, what is a Passkey? Technically it’s a public/private keypair that is stored by the user’s browser. A unique keypair is generated for each new website, and the site stores the public key. To authenticate with the Passkey, the site generates a random string, the browser signs it with the private key, and the site checks it against the public key. I stand by my early opinion, that Passkeys are effectively just passwords, but with all the best-practices mandated.

So what is the claim presented at DEF CON? Malicious code running in the context of the browser tab can hijack the passkey process. In the demonstrated attack flow, a browser extension caused the Passkey login to fail, and prompted the user to generate a new Passkey. This is an interesting observation, and a clever attack against Passkeys, but is not a vulnerability in the Passkey spec. Or more accurately, it’s an accepted limitation of Passkeys, that they cannot guarantee security in the presence of a compromised browser. Continue reading “This Week In Security: DEF CON Nonsense, Vibepwned, And 0-days” →

FLOSS Weekly Episode 844: Simulated Word-of-Mouth

August 27, 2025 by Jonathan Bennett No comments

This week Jonathan, Doc, and Aaron chat about Open Source AI, advertisements, and where we’re at in the bubble roller coaster!

Continue reading “FLOSS Weekly Episode 844: Simulated Word-of-Mouth” →

Picture By Paper Tape

August 26, 2025 by Al Williams 14 Comments

The April 1926 issue of “Science and Invention” had a fascinating graphic. It explained, for the curious, how a photo of a rescue at sea could be in the New York papers almost immediately. It was the modern miracle of the wire photo. But how did the picture get from Plymouth, England, to New York so quickly? Today, that’s no big deal, but set your wayback machine to a century ago.

Of course, the answer is analog fax. But think about it. How would you create an analog fax machine in 1926? The graphic is quite telling. (Click on it to enlarge, you won’t be disappointed.)

If you are like us, when you first saw it you thought: “Oh, sure, paper tape.” But a little more reflection makes you realize that solves nothing. How do you actually scan the photo onto the paper tape, and how can you reconstitute it on the other side? The paper tape is clearly digital, right? How do you do an analog-to-digital converter in 1926? Continue reading “Picture By Paper Tape” →

Debugging The Instant Macropad

August 25, 2025 by Al Williams No comments

Last time, I showed you how to throw together a few modules and make a working macropad that could act like a keyboard or a mouse. My prototype was very simple, so there wasn’t much to debug. But what happens if you want to do something more complex? In this installment, I’ll show you how to add the obligatory blinking LED and, just to make it interesting, a custom macro key.

There is a way to print data from the keyboard, through the USB port, and into a program that knows how to listen for it. There are a few choices, but the qmk software can do it if you run it with the console argument.

The Plan

In theory, it is fairly easy to just add the console feature to the keyboard.json file:

{
...
    "features": {
        "mousekey": true,
        "extrakey": true,
        "nkro": false,
        "bootmagic": false,
        "console": true
    },
...

That allows the console to attach, but now you have to print.

Continue reading “Debugging The Instant Macropad” →

Hackaday Links: August 24, 2025

August 24, 2025 by Dan Maloney 9 Comments

“Emergency Law Enforcement Officer Hologram program activated. Please state the nature of your criminal or civil emergency.” Taking a cue from Star Trek: Voyager, the Seoul Metropolitan Police Agency is testing a holographic police officer, with surprisingly — dare we say, suspiciously? — positive results. The virtual officer makes an appearance every two minutes in the evening hours in a public park, presumably one with a history of criminal activity. The projection is accompanied by a stern warning that the area is being monitored with cameras, and that should anything untoward transpire, meat-based officers, presumably wearing something other than the dapper but impractical full-dress uniform the hologram sports, will be dispatched to deal with the issue.

Continue reading “Hackaday Links: August 24, 2025” →

Who Is Your Audience?

August 23, 2025 by Elliot Williams 32 Comments

Here at Hackaday HQ, we all have opinions about the way we like to do things. And no surprise, this extends to the way we like to lay out circuits in schematics. So when we were discussing our own takes on this piece on suggested schematic standards, it was maybe more surprising how much we did agree on than how much we had different preferred styles. But of course, it was the points where we disagreed that provoked the most interesting discussion, and that’s when I had a revelation.

Besides torturing electronics, we all also write for you all, and one thing we always have in mind is who we’re writing for. The Hackaday audience, not to blow you up, is pretty knowledgeable and basically “full-stack” in terms of the hardware/software spectrum. This isn’t to say that everyone is a specialist in everything, though, and we also have certain archetypes in mind: the software type who is just starting out with hardware, the hardware type who isn’t as savvy about software, etc. So, back to schematic layout: Who is your audience? It matters.

For instance, do you organize the pinout for an IC by pin number or by pin function, grouping the power pins and the ADC pins and so on? If your audience is trying to figure out the circuit logic, you should probably go functional. But if you are trying to debug a circuit, you’re often looking at the circuit diagram to figure out what a given pin does, and the pin-number layout is more appropriate.

Do you lay out the logical flow of the circuit in the schematic, or do you try to mimic the PCB layout? Again, it could depend on how your audience will be using it. If they have access to your CAD tool, and can hop back and forth seamlessly from schematic to PCB, the logical flow layout is the win. However, if they are an audience of beginners, or stuck with a PDF of the schematic, or trying to debug a non-working board, perhaps the physical layout is the right approach.

Al Williams, who has experience with projects of a much larger scale than most of us self-taught hackers, doesn’t even think that a schematic makes sense. He thinks that it’s much easier to read and write the design in a hardware description language like VHDL. Of course, that’s certainly true for IC designs, and probably also for boards of a certain complexity. But this is only true when your audience is also familiar with the HDL in question. Otherwise, you’re writing in Finnish for an audience of Spaniards.

Before this conversation, I was thinking of schematic layout as Tom Nardi described it on the podcast – a step along the way to get to the fun parts of PCB layout and then to getting the boards in hand. But at least in our open-source hardware world, it’s also a piece of the documentation, and a document that has an audience of peers who it pays to keep in mind just as much as when I’m sitting down and writing this very newsletter. In some ways, it’s the same thing.

(And yeah, I know the featured image doesn’t exactly fit the topic, but I love it anyway.)

Hackaday Podcast Episode 334: Radioactive Shrimp Clocks, Funky Filaments, Owning The Hardware

August 22, 2025 by Tom Nardi 4 Comments

In this episode of the Hackaday Podcast, editors Elliot Williams and Tom Nardi start out with a warning about potentially radioactive shrimp entering the American food supply via Walmart, and things only get weirder from there. The extra spicy shrimp discussion makes a perfect segue into an overview of a pair of atomic One Hertz Challenge entries, after which they’ll go over the latest generation of 3D printer filament, using an old Android smartphone as a low-power Linux server, some tips for creating better schematics, and Lorde’s specification-bending transparent CD. Finally, you’ll hear about how the nature of digital ownership influences the hardware we use, and on the other side of the coin, how open source firmware like QMK lets you build input devices on your terms.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Or download in DRM-free MP3 to enjoy with your shrimp.