Hackaday Columns

4256 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Linux Fu: Miller The Killer Makes CSV No Pest

December 28, 2022 by 27 Comments

Historically, one of the nice things about Unix and Linux is that everything is a file, and files are just sequences of characters. Of course, modern practice is that everything is not a file, and there is a proliferation of files with some imposed structure. However, if you’ve ever worked on old systems where your file access was by the block, you’ll appreciate the Unix-like files. Classic tools like awk, sed, and grep work with this idea. Files are just characters. But this sometimes has its problems. That’s the motivation behind a tool called Miller, and I think it deserves more attention because, for certain tasks, it is a lifesaver.

The Problem

Consider trying to process a comma-delimited file, known as a CSV file. There are a lot of variations to this type of file. Here’s one that defines two “columns.” I’ve deliberately used different line formats as a test, but most often, you get one format for the entire file:

Slot,String 
A,"Hello" 
"B",Howdy 
"C","Hello Hackaday" 
"D","""Madam, I'm Adam,"" he said." 
E 100,With some spaces!
X,"With a comma, or two, even"

Continue reading “Linux Fu: Miller The Killer Makes CSV No Pest”

All About USB-C: Illegal Adapters

December 27, 2022 by 106 Comments

Let’s be clear – it’s not enough to have USB-C to USB-C cables. There’s a lot of cables that we might want to acquire for our day-to-day use, perhaps, for a transition period while we still own some amount of devices not adorned with a USB-C connector. However, the USB-C specification only accounts for a limited amount of kinds of cables, explicitly or implicitly excluding a range of cables that you might want to buy or make.

It’s my firm belief that, as a hacker, you should be able to buy any USB-C contraption that you could ever need. Hackers don’t need restrictions driven by marketing – they need understanding of how a piece of tech can or cannot be used, based on how it operates internally. I would like you to provide with such understanding, so that you can make informed decisions.

On the other hand, USB-C is designed to be used by less-than-skilled people, even if it often fails at that. (Cable labelling, anyone?) Clear definitions of what complies to a standard can help enforce it. Here’s the notorious story of a USB-C cable that killed a Chromebook, and launched a career of explaining USB-C specifics online for [Benson Leung]. There’s many such failure stories, in fact. Today, we’ll go through USB-C contraptions which might or might not fail you, depending on how you use them. Continue reading “All About USB-C: Illegal Adapters”

Hackaday Links Column Banner

Hackaday Links: December 25, 2022

December 25, 2022 by 21 Comments

Looks like it’s lights out on Mars for the InSight lander. The solar-powered lander’s last selfie, sent back in April, showed a thick layer of dust covering everything, including the large circular solar panels needed to power the craft. At the time, NASA warned that InSight would probably give up the ghost sometime before the end of the year, and it looks like InSight is sticking to that schedule. InSight sent back what might be its last picture recently, showing the SEIS seismic package deployed on the regolith alongside the failed HP3 “mole” experiment, which failed to burrow into the soil as planned. But one bad experiment does not a failed mission make — it was wildly successful at most everything it was sent there to do, including documenting the largest marsquake ever recorded. As it usually does, NASA has anthropomorphized InSight with bittersweet sentiments like “Don’t cry, I had a good life,” and we’re not quite sure how we feel about that. On the one hand, it kind of trivializes the engineering and scientific accomplishments of the mission, but then again, it seems to engage the public, so in the final rinse, it’s probably mostly harmless.

Continue reading “Hackaday Links: December 25, 2022”

A Hacker’s Christmas Story

December 24, 2022 by 11 Comments

Twas the night before Christmas, and because I decided to make everyone’s presents myself this year, I’m still working like mad to get everything done before the big deadline. Why do I do this to myself? Well, partly because I enjoy the process.

My wife had this idea that we can make the older folks some fun decorative blinky things, and picked some motives. My son then drew them out on paper, and I scanned those drawings in and traced them over in CAD. We then cut the shapes out of wood on the CNC router, which turned out to be incredibly successful. (Now that I’ve done it, I wouldn’t be surprised if all of those “quirky” decorative objects that the Swedish flat-packers sell aren’t initially sketched out by third graders.)

Then my son painted them, and it’s my job to insert the twinkling. I bought some of those three-wire “fairy lights” for the purpose, and they’re really fun to hack on. They’re like WS2812s, only instead of using four pins and shifting the data downstream, they’re on a bus, each with a hard-coded address – they know where they are in the string and each LED only listens for the Nth set of 24 bits. This means sending 200 color codes just to light up the 4 LEDs in Aunt Micki’s decorative tree, but so be it.

Last stop, and still to do as of the 23rd, route out some kind of wooden battery case, wedge in the LiPo and the charging circuits, and solder on an on/off switch. It’s down to the last minute, but isn’t that always the way?

Definitely would have been easier just to order something online. But is that the spirit of giving? No! The DIY way brings the family together, gets me some quality time with the CNC machine, and tones up my FreeCAD skills. My son even looked over my shoulder as we were coding some of the LED animations. And nothing says Christmas like hand-coded blinkies.

Happy Holidays, y’all!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 198: Major Tom On The ISS, 3DP Ovals And Overhangs, Inside A Mini Cheetah Clone

December 23, 2022 by No comments

As we slide into the Christmas break, Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney look at the best and brightest of this week’s hacks. It wasn’t an easy task — so much good stuff to choose from! But they figured it out, and talked about everything from impossible (and semi-fractal) 3D printing overhangs and the unfortunate fishies of Berlin’s ex-aquarium, to rolling your own FM radio station and how a spinning Dorito of doom is a confusing way to make an electric vehicle better.

Think it’s no fun when your friend forgets to pick you up at the airport? Wait until you hear about what it’s like to get stuck on the ISS, and the incredibly risky way you might have to get home. Interested in the anatomy and physiology of a cloned robo-dog? Then let the master do a teardown and give you his insight. We’ll make some time for tea, cross our eyes for stereo photos, and dive into the mechanics of the USB-C.

Download the podcast and put it on a minidisc for the reindeer.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 198: Major Tom On The ISS, 3DP Ovals And Overhangs, Inside A Mini Cheetah Clone”

This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability

December 23, 2022 by 6 Comments

It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever a pull request is opened. But that pull request is run in some part of the target’s development environment, and there’s been a few clever attacks found over the years that take advantage of that. There’s now another one, what Legit Security calls Github Environment Injection, and there were some big-name organizations vulnerable to it.

The crux of the issue is the $GITHUB_ENV file, which contains environment variables to be set in the Actions environment. Individual variables get added to this file as part of the automated action, and that process needs to include some sanitization of data. Otherwise, an attacker can send an environment variable that includes a newline and completely unintended environment variable. And an unintended, arbitrary environment variable is game over for the security of the workflow. The example uses the NODE_OPTIONS variable to dump the entire environment to an accessible output. Any API keys or other secrets are revealed.

This particular attack was reported to GitHub, but there isn’t a practical way to fix it architecturally. So it’s up to individual projects to be very careful about writing untrusted data into the $GITHUB_ENV file.

Continue reading “This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability”

Arduboy Mini Is A Fresh Take On An 8-bit Favorite

December 22, 2022 by 8 Comments

We’ve always been big fans of the Arduboy here at Hackaday. When creator Kevin Bates showed us the original prototype back in 2014, the idea was to use his unique method of mounting components inside routed holes in the PCB to produce an electronic business card that was just 1.6 mm thick. But the Internet quickly took notice of the demos he posted online, and what started as a one-off project led to a wildly successful Kickstarter for a sleek handheld gaming system that used modern components and manufacturing techniques to pay homage to the 8-bit retro systems that came before it.

The original Arduboy prototype in 2014

It’s the sort of hacker success story that we live for around here, but it didn’t end there. After the Kickstarter, the Arduboy community continued to grow, thanks in no small part to Kevin never forgetting the open source principles the product was built on.

He took an active role in the growing community, and when some Arduboy owners started tinkering with adding external storage to their systems so they could hold hundreds of games at a time, he didn’t chastise them for exploring. Instead, he collaborated with them to produce not only a fantastic add-on modification for the original Arduboy, but a new version of the Arduboy that had the community-inspired modifications built in.

Now Kevin is back with the Arduboy Mini, which not only retains everything that made the original a success, but offers some exciting new possibilities. There’s little doubt that he’s got another success on his hands as well as the community’s backing — at the time of this writing, the Kickstarter campaign for the $29 USD Mini has nearly quadrupled its funding goal.

But even still, Kevin offered us a chance to go hands-on with a prototype of the Arduboy Mini so that anyone on the fence can get a third party’s view on the new system. So without further ado, let’s take a look at how this micro machine stacks up to its full-sized counterparts.

Continue reading “Arduboy Mini Is A Fresh Take On An 8-bit Favorite”