Hackaday Columns

4587 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: NPM, Kerbroasting, And The Rest Of The Story

September 12, 2025 by 9 Comments

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this week. Ninety-nine percent of the cloud depends on one of the packages, and one-in-ten cloud environments actually included malicious code as a result of the hack. Take a moment to ponder that. In a rough estimate, ten percent of the Internet was pwned by a single attack.

What extremely sophisticated technique was used to pull off such an attack? A convincing-looking phishing email sent from the newly registered npmjs.help domain. [qix] is the single developer of many of these packages, and in the midst of a stressful week, fell for the scam. We could refer to the obligatory XKCD 2347 here. It’s a significant problem with the NPM model that a single developer falling for a phishing email can expose the entire Internet to such risk. Continue reading “This Week In Security: NPM, Kerbroasting, And The Rest Of The Story”

FreeCAD Foray: Good Practices

September 11, 2025 by 26 Comments

Last time, we built a case for a PCB that handles 100 W of USB-C power, an old project that I’ve long been aiming to revive. It went well, and I’d like to believe you that the article will give you a much-needed easy-to-grasp FreeCAD introduction, Matrix knowledge upload style, having you designing stuff in no time.

Apart from my firm belief in the power of open-source software, I also do believe in social responsibilities, and I think I have a responsibility to teach you some decent FreeCAD design practices I’ve learned along the way. Some of them are going to protect your behind from mistakes, and some of them will do that while also making your project way easier to work with, for you and others.

You might not think the last part about “others” matters, but for a start, it matters in the ideal world that we’re collectively striving towards, and also, let’s be real, things like documentation are half intended for external contributors, half for you a year later. So, here’s the first FreeCAD tip that will unquestionably protect you while helping whoever else might work with the model later.

Okay, we’re all hackers, so I’ll start with zero-th FreeCAD tip – press Ctrl+S often. That’ll help a ton. Thankfully, FreeCAD’s autorecovery system has made big leaps, and it’s pretty great in case FreeCAD does crash, but the less you have to recover, the better. Now, onto the first tip.

Continue reading “FreeCAD Foray: Good Practices”

FLOSS Weekly Episode 846: Mastering Embedded Linux Programming

September 10, 2025 by 2 Comments

This week Jonathan and Dan chat with Frank Vasquez and Chris Simmonds about Embedded Linux, and the 4th edition of the Mastering Embedded Linux Programming book. How has this space changed in the last 20 years, and what’s the latest in Embedded Linux?

Continue reading “FLOSS Weekly Episode 846: Mastering Embedded Linux Programming”

The Android Linux Commander

September 9, 2025 by 7 Comments

Last time, I described how to write a simple Android app and get it talking to your code on Linux. So, of course, we need an example. Since I’ve been on something of a macropad kick lately, I decided to write a toolkit for building your own macropad using App Inventor and any sort of Linux tools you like.

I mentioned there is a server. I wrote some very basic code to exchange data with the Android device on the Linux side. The protocol is simple:

  • All messages to the ordinary Linux start with >
  • All messages to the Android device start with <
  • All messages end with a carriage return

Security

You can build the server so that it can execute arbitrary commands. Since some people will doubtlessly be upset about that, the server can also have a restrictive set of numbered commands. You can also allow those commands to take arguments or disallow them, but you have to rebuild the server with your options set.

There is a handshake at the start of communications where Android sends “>.” and the server responds “<.” to allow synchronization and any resetting to occur. Sending “>#x” runs a numbered command (where x is an integer) which could have arguments like “>#20~/todo.txt” for example, or, with no arguments, “>#20” if you just want to run the command.

If the server allows it, you can also just send an entire command line using “>>” as in: “>>vi ~/todo.txt” to start a vi session.

Continue reading “The Android Linux Commander”

Retrotechtacular: The Noisy Home Computer From 1967

September 8, 2025 by 22 Comments

[Rex Malik] didn’t need an alarm clock. That’s because he had one of two “home computer terminals” next to his bed and, as you can see in the video below, it made quite a racket. The terminal looks like an ASR33 with some modifications. In 1967, it was quite a novelty and, of course, it didn’t have any real processing power. It connected to an “invisible brain” ten miles away.

What do you do with a computer in 1967? Well, it looks like you could trade stocks. It also apparently managed his shopping list and calendar. His young son also learned some letters and numbers. We’d love to hear from the young [Mr. Malik] today to find out what kind of computer he’s using now.

Continue reading “Retrotechtacular: The Noisy Home Computer From 1967”

Ore Formation Processes, Part Two: Hydrothermal Boogaloo

September 8, 2025 by 2 Comments

There’s a saying in mine country, the kind that sometimes shows up on bumper stickers: “If it can’t be grown, it has to be mined.” Before mining can ever start, though, there has to be ore in the ground. In the last edition of this series, we learned what counts as ore (anything that can be economically mined) and talked about the ways magma can form ore bodies. The so-called magmatic processes are responsible for only a minority of the mines working today. Much more important, from an economic point of view, are the so-called “hydrothermal” processes.

Come back in a few million years, and Yellowstone will be a great mining province.
Image: “Gyser Yellowstone” by amanderson2, CC BY 2.0

When you hear the word “hydrothermal” you probably think of hot water; in the context of geology, that might conjure images of Yellowstone and regions like it : Old Faithful geysers and steaming hot springs. Those hot springs might have a role to play in certain processes, but most of the time when a geologist talks about a “hydrothermal fluid” it’s a lot hotter than that.

Is there a point on the phase diagram that we stop calling it water? We’re edging into supercritical fluid territory, here. The fluids in question can be hundreds of degrees centigrade, and can carry things like silica (SiO2) and a metal more famous for not dissolving: gold. Perhaps that’s why we prefer to talk about a “fluid” instead of “water”. It certainly would not behave like water on surface; on the surface it would be superheated steam. Pressure is a wonderful thing.

Let’s return to where we left off last time, into a magma chamber deep underground. Magma isn’t just molten rock– it also contains small amounts of dissolved gasses, like CO2 and H2O. If magma cools quickly, the water gets trapped inside the matrix of the new rock, or even inside the crystal structure of certain minerals. If it cools slowly, however? You can get a hydrothermal fluid within the magma chamber.

Continue reading “Ore Formation Processes, Part Two: Hydrothermal Boogaloo”

Hackaday Links Column Banner

Hackaday Links: September 7, 2025

September 7, 2025 by 7 Comments

Two weeks ago, it was holographic cops. This week, it’s humanoid robot doctors. Or is it? We’re pretty sure it’s not, as MediBot, supposedly a $10,000 medical robot from Tesla, appears to be completely made up. Aside from the one story we came across, we can’t find any other references to it, which we think would make quite a splash in the media if it were legit. The article also has a notable lack of links and no quotes at all, even the kind that reporters obviously pull from press releases to make it seem like they actually interviewed someone.

Continue reading “Hackaday Links: September 7, 2025”