Hackaday Columns

4597 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast 243: Supercon, Super Printing, And Super Gyros

November 10, 2023 by No comments

With solder fumes from Supercon still in the air, Hackaday’s Elliot Williams and Al Williams met to compare notes about the conference talks, badge hacking, and more. Tom Nardi dropped by, too.

Did you miss Supercon? It isn’t quite the whole experience, but most of the talks are on our YouTube channel, with more coming in the weeks ahead. Check out the live tab for most of the ones up now. You can even watch the badge hacking celebration. We’ll be writing up more in the following weeks.

Al nailed What’s That Sound, as did many others, except Elliot. [Jacx] gets a T-shirt, and you get a chance to play again next week.

The hacks this week range from a pair of posts pertaining to poop — multi-color 3D printer poop, that is. We wondered if you could print rainbow filament instead of a purge tower. The Raspberry Pi 5 draws a lot of excess power when in standby. Turns out, thanks to the Internet, the easy fix for that is already in. Other hacks range from EMI test gear to portable antennas with excursions into AI, biomedical sensors, and retrocomputing.

In the Can’t Miss category, we discussed Maya Posch’s post, which could just as easily be titled: Everything You Ever Wanted to Know about CAT Cable (But Were Afraid to Ask). Last, but not least, you’ll hear about Lewin Day’s round up of exotic gyroscope technology, including some very cool laser pictures.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download for listening or for a very long ringtone.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 243: Supercon, Super Printing, And Super Gyros”

This Week In Security: Find My Keylogger, Zephyr, And Active Exploitation

November 10, 2023 by 7 Comments

Keyloggers. Such a simple concept — you secretly record all the characters typed on a keyboard, and sort through it later for interesting data. That keyboard sniffer could be done in software, but a really sneaky approach is to implement the keylogger in hardware. Hardware keyloggers present a unique problem. How do you get the data back to whoever’s listening? One creative solution is to use Apple’s “Find My” tracking system. And if that link won’t let you read the story, a creative solution for that issue is to load the page with javascript disabled.

This is based on earlier work from [Fabian Bräunlein], dubbed “Send My”. As an aside, this is the worst naming paradigm, and Apple should feel bad for it. At the heart of this cleverness is the fact that Apple used the standard Bluetooth Low Energy (BLE) radio protocol, and any BLE device can act like an Apple AirTag. Bits can be encoded into the reported public key of the fake AirTag, and the receiving side can do a lookup for the possible keys.

A fake AirTag keylogger manages to transfer 26 characters per second over the “Find My” system, enough to keep up with even the fastest of typists, given that no keyboard is in use all the time. Apple has rolled out anti-tracking protections, and the rolling key used to transmit data also happens to completely defeat those protections. Continue reading “This Week In Security: Find My Keylogger, Zephyr, And Active Exploitation”

2G Or Not 2G, That Is The Question

November 8, 2023 by 66 Comments

Since the very early 1990s, we have become used to ubiquitous digital mobile phone coverage for both voice and data. Such has been their success that they have for many users entirely supplanted the landline phone, and increasingly their voice functionality has become secondary to their provision of an always-on internet connection. With the 5G connections that are now the pinnacle of mobile connectivity we’re on the fourth generation of digital networks, with the earlier so-called “1G” networks using an analogue connection being the first. As consumers have over time migrated to the newer and faster mobile network standards then, the usage of the older versions has reduced to the point at which carriers are starting to turn them off. Those 2G networks from the 1990s and the 2000s-era 3G networks which supplanted them are now expensive to maintain, consuming energy and RF spectrum as they do, while generating precious little customer revenue.

Tech From When Any Phone That Wasn’t A Brick Was Cool

A 1990s Motorola phone
If this is your phone, you may be in trouble. Digitalsignal, CC BY-SA 3.0.

All this sounds like a natural progression of technology which might raise few concerns, in the same way that nobody really noticed the final demise of the old analogue systems. There should be little fuss at the 2G and 3G turn-off. But the success of these networks seems to in this case be their undoing, as despite their shutdown being on the cards now for years, there remain many devices still using them.

There can’t be many consumers still using an early-2000s Motorola Flip as their daily driver, but the proliferation of remotely connected IoT devices means that there are still many millions of 2G and 3G modems using those networks. This presents a major problem for network operators, utilities, and other industrial customers, and raises one or two questions here at Hackaday which we’re wondering whether our readers could shed some light on. Who is still using, or trying to use, 2G and 3G networks, why do they have to be turned off in the first place, and what if any alternatives are there when no 4G or 5G coverage is available? Continue reading “2G Or Not 2G, That Is The Question”

Jenny’s Daily Drivers: RiscOS 5.28

November 8, 2023 by 35 Comments

On a mundane day at some point in late 1987, though I didn’t grasp exactly what it would become at the time, I sat in front of the future. My school had a lab full of BBC Micros which I’d spent the previous few years getting to know, but on that day there was a new machine in one corner. It was a brand-new Acorn Archimedes, probably an A300, and it was the first time I had used an operating system with a desktop GUI. The computer was the first consumer application of the ARM processor architecture which has since gone on to conquer the world, and the operating system was called Arthur, which hasn’t. That’s not to say that Arthur is forgotten though, because it was soon renamed as RiscOS, managed to outlive both Acorn and the Archimedes, and still survives as a maintained though admittedly niche operating system to this day. So my Daily Driver this month is the current generation of RiscOS, version 5.28, and the machine I’m running it on is a Raspberry Pi 4. For a computer with an ARM core that’s designed and sold by a company based in Cambridge just like the original Acorn, it’s the most appropriate pairing I can think of.

Probably the Smallest OS In This Series

A beige desktop with no monitor, keyboard and mouse in front. It shows signs of yellowing with age.
The first ARM product, an Acorn Archimedes A310. mikkohoo, CC BY-SA 4.0.

At one point the Raspberry Pi folks even featured the Pi version of RiscOS on their website, but for those missing it there it’s freely downloadable as a disk image from the RiscOS Open site. Having spent most of its life as a closed-source product it’s been opened up over the last decade, and you can grab the source if you’re interested. When it’s normal for an OS download to run into the many gigabytes, it’s a bit of a shock to grab one that’s a shade under 140 megabytes and can be written to a 2 gigabyte SD card. This makes it probably one of the quickest operating system installs I have ever done, with all steps completed in a very short time. Sticking the SD card into the Pi it boots to a desktop in about 32 seconds which is only 5 seconds less than the latest Raspberry Pi OS image, so sadly that compactness doesn’t net you any extra speed. Continue reading “Jenny’s Daily Drivers: RiscOS 5.28”

Hackaday Links Column Banner

Hackaday Links: November 5, 2023

November 5, 2023 by 5 Comments

As I write this, Supercon 2023 is in full swing down in Pasadena — 80 degrees and sunny at the moment, as opposed to 50 and pouring rain where I am, not that I’m bitter. Luckily, though, we can all follow along with the proceedings thanks to the livestreams on the Hackaday channel, which of course will all be available once they’re edited in case you miss anything live. There are a ton of interesting talks coming up, so there’ll be a lot to catch up on when the dust settles. And that won’t be far from now; by the time this post publishes, Supercon will be all but over, which makes it the Thanksgiving dinner of cons — all that work and it’s over in just a few minutes.

Continue reading “Hackaday Links: November 5, 2023”

This Week In Security: CVSS 4, OAuth, And ActiveMQ

November 3, 2023 by 4 Comments

We’ve talked a few times here about the issues with the CVSS system. We’ve seen CVE farming, where a moderate issue, or even a non-issue, gets assigned a ridiculously high CVSS score. There are times a minor problem in a library is a major problem in certain use cases, and not an issue at all in others. And with some of those issues in mind, let’s take a look at the fourth version of the Common Vulnerability Scoring System.

One of the first tweaks to cover is the de-emphasis of the base score. Version 3.1 did have optional metrics that were intended to temper the base score, but this revision has beefed that idea up with Threat Metrics, Environmental Metrics, and Supplemental Metrics. These are an attempt to measure how likely it is that an exploit will actually be used. The various combinations have been given names. Where CVSS-B is just the base metric, CVSS-BT is the base and threat scores together. CVSS-BE is the mix of base and environmental metrics, and CVSS-BTE is the combination of all three.

Another new feature is multiple scores for a given vulnerability. A problem in a library is first considered in a worst-case scenario, and the initial base score is published with those caveats made clear. And then for each downstream program that uses that library, a new base score should be calculated to reflect the reality of that case. Continue reading “This Week In Security: CVSS 4, OAuth, And ActiveMQ”

2000-Year Old Charred Manuscripts Reveal Their Secrets

November 2, 2023 by 38 Comments

Imagine trying to read a 2000-year old scroll from an ancient civilization. Now imagine that scroll is rolled up, and in a delicate, charred, carbonized form, having been engulfed by the fiery eruption of a volcano. The task would seem virtually impossible, and the information in the scroll lost forever. Right?|

As it turns out, new developments are changing that. Modern scanning techniques and machine learning tools have made it possible to read fragments of the heavily-damaged Herculaneum scrolls. Hopes are now that more of the ancient writings will be salvaged, giving us a new insight into the ancient past.

Continue reading “2000-Year Old Charred Manuscripts Reveal Their Secrets”