Hackaday Columns

4639 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: 1Password, Polyglots, And Roundcube

October 27, 2023 by 12 Comments

This week we got news of a security incident at 1Password, and we’re certain we aren’t the only ones hoping it’s not a repeat of what happened at LastPass. 1Password has released a PDF report on the incident, and while there are a few potentially worrying details, put into context it doesn’t look too bad.

The first sign that something might be amiss was an email from Okta on September 29th — a report of the current list of account administrators. Okta provides authentication and Single Sign-On (SSO) capabilities, and 1Password uses those services to manage user accounts and authentication. The fact that this report was generated without anyone from 1Password requesting it was a sign of potential problems.

And here’s the point where a 1Password employee was paying attention and saved the day, by alerting the security team to the unrequested report. That employee had been working with Okta support, and sent a browser session snapshot for Okta to troubleshoot. That data includes session cookies, and it was determined that someone unauthorized managed to access the snapshot and hijack the session, Firesheep style.

Okta logs seemed to indicate that the snapshot hadn’t been accessed, and there weren’t any records of other Okta customers being breached in this way. This pointed at the employee laptop. The report states that it has been taken offline, which is good. Any time you suspect malicious action on a company machine, the right answer is power it off right away, and start the investigation.

And here’s the one part of the story that gives some pause. Someone from 1Password responded to the possible incident by scanning the laptop with the free edition of Malwarebytes. Now don’t get us wrong, Malwarebytes is a great product for finding and cleaning the sort of garden-variety malware we tend to find on family members’ computers. The on-demand scanning of Malwarebytes free just isn’t designed for detecting bespoke malicious tools like a password management company should expect to be faced with.

But that turns out to be a bit of a moot point, as the real root cause was a compromised account in the Okta customer support system, as revealed on the 20th. The Okta report talks about stolen credentials, which raises a real question about why Okta support accounts aren’t all using two-factor authentication.

Continue reading “This Week In Security: 1Password, Polyglots, And Roundcube”

Retrotechtacular: Crash Testing Truck Attenuators, For Science

October 27, 2023 by 19 Comments

There are those among us who might bristle at something from the early 1980s qualifying for “Retrotechtacular” coverage, but it’s been more than 40 years since the California Department of Transportation’s truck-mounted attenuators crash testing efforts, so we guess it is what it is.

If you’re worried that you have no idea what a “truck-mounted attenuator” might be, relax — you’ve probably seen these devices attached to the backs of trucks in highway work zones. They generally look like large boxes attached to frames at the rear of the truck which are intended to soften the blow should a car somehow not see the giant orange truck covered with flashing lights and drive into the rear of it at highway speeds. Truck-mounted attenuators are common today, but back in 1982 when this film was produced, the idea was still novel enough to justify crash-testing potential designs.

Continue reading “Retrotechtacular: Crash Testing Truck Attenuators, For Science”

Simple Badge Is Simple, But It’s Yours

October 26, 2023 by 8 Comments

Making conference badges, official or unofficial, has become an art form. It can get pretty serious. #badgelife.

But DEFCON-goers aren’t the only people making fancy personalized nametags. Hams often had callsign badges going back as far as I can remember. Most were made of engraved plastic, but, at some point, it became common to put something like a flashing LED on the top of the engraved antenna tower or maybe something blinking Morse code.

Going back to that simpler time, I wanted to see if I could make my own badge out of easily accessible modules. How easy can it be? Let’s find out. Along the way, we’ll talk about multicore programming, critical sections, namespaces, and jamming images into C++ code. I’ll also show you how to hijack the C preprocessor to create a little scripting language to make the badge easier to configure.

Bottom Line Up Front

The photo shows the Pico badge. It has an RP2040 CPU but not a proper Raspberry Pi Pico. The Waveshare RP2040-Plus clone has a battery connector and charger. It also has a reset button, and this one has 16 MB of flash, but you don’t need that much. The LCD is also a Waveshare product. (This just happened to work out. I bought all of this stuff, and I don’t even know anyone at Waveshare.) The only other thing you need is a USB C cable and a battery with an MX 1.25 connector on it with the correct polarity. Hardware done! Time for software.

Continue reading “Simple Badge Is Simple, But It’s Yours”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Foot Keyboard

October 25, 2023 by 12 Comments

[crispernaki]’s opening comments to this VCR head scroll wheel project lament that overall technical details aren’t “complex, ground-breaking, or even exciting.” Since when does that matter? The point is that not only did the thing finally, eventually get built, it gets daily use and it sparks joy in its owner.

This feel-good story is one of procrastination, laziness, and one aha! moment, and it’s roughly twelve years in the making. Inspired by an Instructable from long ago, [crispernaki] ran straight to the thrift store to get a VCR and take it apart.

The original plan was to just reuse the VCR head’s PCB and hide it in an enclosure, and then figure out way to block and unblock the path between an IR emitter/receiver pair. After many disemboweled mice and fruitless attempt, the project was once again shelved.

But then, [crispernaki] remembered the magnetic rotary encoder demo board that was just sitting around, along with various microcontrollers and Altoids tins. And it all quickly came together with a Teensy 2.0 and some bits and bobs, including a magnet glued on the shaft of the VCR head. A chip on the demo board does all the heavy lifting, and of course, the Teensy does the work of emulating an HID.

Continue reading “Keebin’ With Kristina: The One With The Foot Keyboard”

Linux Fu: Customizing Printf

October 24, 2023 by 13 Comments

When it comes to programming in C and, sometimes, C++, the printf function is a jack-of-all-trades. It does a nice job of quickly writing output, but it can also do surprisingly intricate formatting. For debugging, it is a quick way to dump some data. But what if you have data that printf can’t format? Sure, you can just write a function to pick things apart into things printf knows about. But if you are using the GNU C library, you can also extend printf to use custom specifications. It isn’t that hard, and it makes using custom data types easier.

An Example

Suppose you are writing a program that studies coin flips. Even numbers are considered tails, and odd numbers are heads. Of course, you could just print out the number or even mask off the least significant bit and print that. But what fun is that?

Here’s a very simple example of using our new printf specifier “%H”:

printf("%H %H %H %H\n",1,2,3,4);
printf("%1H %1H\n",0,1);

When you have a width specification of 1 (like you do in the second line) the output will be H or T. If you have anything else, the output will be HEADS or TAILS.

Continue reading “Linux Fu: Customizing Printf”

Retrotechtacular: The $175,000 Laser Printer

October 23, 2023 by 38 Comments

Laser printers today are cheap and readily available. But in 1976, they were the height of printing technology. The IBM 3800 was the $175,000 printer to have in that year. (Video, embedded below.) But you couldn’t have one on your desktop. Even if you could afford it, the thing is the size of a car, and we don’t even want to guess what it weighs. The printer took tractor-fed continuous form paper and could do 167 pages a minute at about 150 dots per inch (actually 180 x 144). For the record, that was as much as 1.7 miles of paper an hour!

In those days, people who would use this printer traditionally had massive banks of noisy impact printers. We imagine this device saved many data processing person’s hearing. Compared to a modern laser printer, though, it needed a lot of maintenance. For example, the initial models needed a xenon flash lamp replaced every month, although later models could go years on one bulb. Looking at some of the hardware in the video, it was probably made closer to the end of life for these printers which were made through 1999.

Continue reading “Retrotechtacular: The $175,000 Laser Printer”

Hackaday Links Column Banner

Hackaday Links: October 22, 2023

October 22, 2023 by 9 Comments

The second of three major solar eclipses in a mere six-year period swept across the United States last week. We managed to catch the first one back in 2017, and still have plans for the next one in April of 2024. But we gave this one a miss, mainly because it was “just” an annular eclipse, promising a less spectacular presentation than a total eclipse.

Looks like we were wrong about that, at least judging by photographs of last week’s “Ring of Fire” eclipse. NASA managed to catch a shot of the Moon’s shadow over the middle of the US from the Deep Space Climate Observer at Lagrange Point 1. The image, which shows both the compact central umbra of the shadow and the much larger penumbra, which covers almost the entire continent, is equal parts fascinating and terrifying. Ground-based photographers were very much in the action too, turning in some lovely shots of the eclipse. We particularly like this “one-in-a-million” shot of a jet airliner photobombing the developing eclipse. Shots like these make us feel like it was a mistake to skip the 10-hour drive to the path of annularity.

Continue reading “Hackaday Links: October 22, 2023”