Hackaday Links Column Banner

Hackaday Links: July 16, 2023

Last week, we noted an attempt to fix a hardware problem with software, which backfired pretty dramatically for Ford when they tried to counter the tendency for driveshafts to fall out of certain of their cars by automatically applying the electric parking brake.

This week, the story is a little different, but still illustrates how software and hardware can interact unpredictably, especially in the automotive space. The story centers on a 2015 Optima recall for a software update for the knock sensor detection system. We can’t find the specifics, but if this recall on a similar Kia model in the same model year range and a class-action lawsuit are any indication, the update looks like it would have made the KSDS more sensitive to worn connecting rod damage, and forced the car into “limp home mode” to limit damage to the engine if knocking is detected.

A clever solution to a mechanical problem? Perhaps, but because the Kia owner in the story claims not to have received the snail-mail recall notice, she got no warning when her bearings started wearing out. Result: a $6,000 bill for a new engine, which she was forced to cover out of pocket. Granted, this software fix isn’t quite as egregious as Ford’s workaround for weak driveshaft mounting bolts, and there may very well have been a lack of maintenance by the car’s owner. But if you’re a Kia mechanical engineer, wouldn’t your first instinct have been to fix the problem causing the rod bearings to wear out, rather than papering over the problem with software?

Continue reading “Hackaday Links: July 16, 2023”

Sweet Hacks

While talking about a solar powered portable Bluetooth speaker project on the podcast, I realized that I have a new category of favorite hacks: daily-use hacks.

If you read Hackaday long enough, you’ll start to categorize everything. There are the purely technical hacks, beautiful hacks, minimalist hacks, maximalist hacks, and then the straight-up oddball hacks. Sometimes what strikes us is the beauty of the execution. Sometimes it’s clever choice of parts that were designed to do exactly the right thing, and simply watching them do their job well is satisfying, and other times we like to see parts fooled into doing something they have no right to.

While I really like the above speaker build because it’s beautiful, and because it uses a clever choice of audio amplifier to work with the supercapacitors’ wild voltage swings, what really struck me about the project is that [Jamie Matthews] has been using it every day for the last nine months. It’s on his desk and he uses it to listen to music.

That’s a simple feat in a way, but it’s a powerful one. Some of my absolutely favorite projects of my own are similar – they are ones that I use all the time. Not the cliche “life hack”, which are usually like a clever way to peel a grapefruit, but rather hacks that become part of daily life. So look around you, and if you’re anything like me, you’ll find a number of these “daily driver” hacks. And if you do, celebrate them.

(And maybe even send ’em in to the tips line to share!)

Ask Hackaday: Learn Assembly First, Last, Or Never?

A few days ago, I ran into an online post where someone pointed out the book “Learn to Program with Assembly” and asked if anyone had ever learned assembly language as a first programming language. I had to smile because, if you are a certain age, your first language may well have been assembly, even if it was assembly for machines that never existed.

Of course, that was a long time ago. It is more likely, these days, if you are over 40, you might have learned BASIC first. Go younger, and you start skewing towards Java, Javascript, or even C. It got me thinking, though: should people learn assembly, and if so, when?

Continue reading “Ask Hackaday: Learn Assembly First, Last, Or Never?”

Hackaday Podcast 227: Open Source Software, Decoupling Caps, DIY VR

Elliot Williams and Tom Nardi start this week’s episode by addressing the ongoing Red Hat drama and the trend towards “renting” software. The discussion then shifts to homebrew VR gear, a particularly impressive solar-powered speaker, and some promising developments in the world of low-cost thermal cameras. Stay tuned to hear about color-changing breadboards, an unofficial logo for repairable hardware, and five lines of Bash that aim to unseat the entrenched power of Slack. Finally, we’ll take the first steps in an epic deep-dive into the world of DisplayPort, and take a journey of the imagination aboard an experimental nuclear ocean liner.

Check out the complete show notes below, and as always, let us know what you think in the comments.

Or download the episode directly in glorious DRM-free MP3.

Continue reading “Hackaday Podcast 227: Open Source Software, Decoupling Caps, DIY VR”

This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More

First up, Apple issued an emergency patch, then yanked, and re-issued it. The problem was a Remote Code Execution (RCE) vulnerability in WebKit — the basis of Apple’s cross-platform web browser. The downside of a shared code base,is that bugs too are write-once, exploit-anywhere. And with Apple’s walled garden insisting that every browser on iOS actually run WebKit under the hood, there’s not much relief without a patch like this one.

The vulnerability in question, CVE-2023-37450, is a bit light on further details except to say that it’s known to be exploited in the wild. The first fix also bumped the browser’s user-agent string, adding an (a) to denote the minor update. This was apparently enough to break some brittle user-agent detection code on popular websites, resulting in an unhelpful “This web browser is no longer supported” message. The second patch gets rid of the notification.

Microsoft Loses It

Microsoft has announced that on May 15th, an attack from Storm-0558 managed to breach the email accounts of roughly 25 customers. This was pulled off via “an acquired Microsoft account (MSA) consumer signing key.” The big outstanding question is how Microsoft lost control of that particular key. According to an anonymous source speaking to The Washington Post, some of the targeted accounts were government employees, including a member of cabinet. Apparently the FBI is asking Microsoft this very same question.

Speaking of Microsoft, there’s also CVE-2023-36884, a vulnerability in Microsoft Office. This one appears to be related to the handling of HTML content embedded in Office documents, and results in code execution upon opening the document. This along with another vulnerability (CVE-2023-36874) was being used by storm- another unknown threat actor, Storm-0978 in an ongoing attack.

There’s an interesting note that this vulnerability can be mitigated by an Attack Surface Reduction (ASR) rule, that blocks Office from launching child processes. This might be a worthwhile mitigation step for this and future vulnerabilities in office. Continue reading “This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More”

How Duck Tape Became Famous

If you hack things in the real world, you probably have one or more rolls of duck tape. Outside of the cute brand name, many people think that duck tape is a malapropism, but in truth it is the type of cloth traditionally used in our favorite tape: cotton duck. However, as we’ll see, it’s not entirely wrong to call it duct tape either. Whatever you call it, a cloth material has an adhesive backing and is coated with something like polyethylene.

Actually, the original duck tape wasn’t adhesive at all. It was simply strips of cotton duck used for several purposes, including making shoes and wrapping steel cables like the ones placed in 1902 at the Manhattan Bridge. By 1910, the tape was made with adhesive on one side and soaked in rubber, found use in hospitals for binding wounds. In May 1930, Popular Mechanics advised melting rubber from an old tire and adding rosin to create a compound to coat cotton tape, among other things.

Continue reading “How Duck Tape Became Famous”

Discussing The Tastier Side Of Desktop 3D Printing

Not long after the first desktop 3D printers were created, folks started wondering what other materials they could extrude. After all, plastic is only good for so much, and there’s plenty of other interesting types of goop that lend themselves to systematic squirting. Clay, cement, wax, solder, even biological material. The possibilities are vast, and even today, we’re still exploring new ways to utilize additive manufacturing.

Ellie Weinstein

But while most of the research has centered on the practical, there’s also been interest in the tastier applications of 3D printing. Being able to print edible materials offers some fascinating culinary possibilities, from producing realistic marbling in artificial steaks to creating dodecahedron candies with bespoke fillings. Unfortunately for us, the few food-safe printers that have actually hit the market haven’t exactly been intended for the DIY crowd.

That is, until now. After nearly a decade in development, Ellie Weinstein’s Cocoa Press chocolate 3D printer kit is expected to start shipping before the end of the year. Derived from the Voron 0.1 design, the kit is meant to help those with existing 3D printing experience expand their repertoire beyond plastics and into something a bit sweeter.

So who better to host our recent 3D Printing Food Hack Chat? Ellie took the time to answer questions not just about the Cocoa Press itself, but the wider world of printing edible materials. While primarily designed for printing chocolate, with some tweaks, the hardware is capable of extruding other substances such as icing or peanut butter. It’s just a matter of getting the printers in the hands of hackers and makers, and seeing what they’ve got an appetite for.

Continue reading “Discussing The Tastier Side Of Desktop 3D Printing”