Hackaday Columns

4676 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

To Give Is Better Than To Receive

September 2, 2023 by 24 Comments

Better to give a talk at a hacker event, that is. Or in your hackerspace, or even just to a bunch of fellow nerds whenever you can. When you give the talk, don’t be afraid to make it too “easy” to understand. Making a tough topic comprehensible is often the sign that you really understand it, after all, and it’s also a fantastic service to the audience. And also don’t be afraid that your talk isn’t “hard core” enough, because with a diverse enough crowd, there will absolutely be folks for whom it’s still entirely new, and they’ll be thankful.

These were the conclusions I got from talking to a whole range of people at Chaos Communication Camp the weekend before last, and it’s one of the great opportunities when you go to an event like this. At Camp, there were a number of simultaneous stages, and with so many talks that new ones are still being released. That meant that everyone had their chance to say their bit, and many many did.

And that’s great. Because it’s obvious that getting the work done, or diving deep into a particular topic, is part of the hacker experience, but it’s also equally important to share what you’ve gained with the rest of the community. The principle of spreading the knowledge is a cornerstone of our culture, and getting people up to talk about what they’ve learned is the manifestation of this cultural value. If you know something, say something!

Of course, when you’re not at a conference, you could be writing up your hacks and sending them in to the tips line (hint, hint!). That’ll work too.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 234: Machines On Fire, Old Kinect New Kinect, And Birth Of The Breadboard

September 1, 2023 by 6 Comments

It might sound like a joke, but this week, Elliot Williams and Tom Nardi start things off by asking how you keep a Polish train from running. Like always, the answer appears to be a properly modulated radio signal. After a fiery tale about Elliot’s burned beans, the discussion moves over to the adventure that is home CNC ownership, the final chapter in the saga of the Arecibo Telescope, and the unexpected longevity of Microsoft’s Kinect. Then it’s on to the proper way to cook a PCB, FFmpeg in the browser, and a wooden cyberdeck that’s worth carrying around. Finally, they’ll go over the next generation of diode laser engravers, and take a look back at the origins of the lowly breadboard.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Download it yourself. You don’t need the cloud!

Continue reading “Hackaday Podcast 234: Machines On Fire, Old Kinect New Kinect, And Birth Of The Breadboard”

This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack

September 1, 2023 by 6 Comments

Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice something odd about those two vulnerabilities, but I promise the 2020 date is only the tip of the iceberg here.

Let’s start with PostgreSQL. That vulnerability was only present in version 12.2, which released in February of 2020, and was fixed with the 12.3 release in May of that same year. The problem is a stack buffer overflow, which doesn’t seem to enable code execution, but does cause a denial of service situation. To trigger the bug? Repeatedly send the PostgreSQL daemon the SIGHUP signal.

If you’re familiar with Linux signals, that might sound odd. See, the SIGHUP signal technically indicates the end of a user session, but most daemons use it to indicate a restart or reload request. And to send this signal, a user has to have elevated privileges — elevated enough to simply stop the daemon altogether. Put simply, it’s not a security vulnerability, just a minor bug.

And now on to curl — This one is just bizarre. The issue is a integer overflow in the --retry-delay argument, which specifies in seconds how often curl should retry a failing download. The value is multiplied by 1000 to convert to milliseconds, resulting in an overflow for very large values. The result of that overflow? A smaller value for the retry delay.

[Daniel Stenberg] makes the point that this tale is a wonderful demonstration of the brokenness of the CVE system and NVD’s handling of it. And in this case, it’s hard not to see this as negligence. We have to work really hard to construct a theoretical scenario where this bug could actually be exploited. The best I’ve been able to come up with is an online download tool, where the user can specify part of the target name and a timeout. If that tool had a check to ensure that the timeout was large enough to avoid excess traffic, this bug could bypass that check. Should we be assigning CVEs for that sort of convoluted, theoretical attack?

But here’s the thing, that attack scenario should rate something like a CVSS of 4.8 at absolute worst. NVD assigned this a 9.8. There’s no way you can squint at this bug hard enough to legitimately rank it that severe. At the time of writing, the NVD lists this as “UNDERGOING REANALYSIS”.
Continue reading “This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack”

Logic Analyzers: Tapping Into Raspberry Pi Secrets

August 31, 2023 by 46 Comments

Today, I’d like to highlight a tool that brings your hacking skills to a whole new level, and does that without breaking the bank – in fact, given just how much debugging time you can save, how many fun pursuits you can unlock, and the numerous features you can add, this might be one of the cheapest tools you will get. Whether it’s debugging weird problems, optimizing your code, probing around a gadget you’re reverse-engineering, or maybe trying to understand someone’s open-source library, you are likely missing out a lot if you don’t have a logic analyzer on hand!

It’s heartbreaking to me that some hackers still don’t know the value that a logic analyzer brings. Over and over again, tactical application of a logic analyzer has helped me see an entirely different perspective on something I was hacking on, and that’s just the thing I’d like to demonstrate today.

Diving In

A logic analyzer has a number of digital inputs, and it continuously reads the state of these digital inputs, sending them to your computer or showing them on a screen – it’s like a logic-level-only oscilloscope. If you have an I2C bus with one MCU controlling a sensor, connect a logic analyzer to the clock and data pins, wire up the ground, launch the logic analyzer software on your computer, and see what’s actually happening.

For instance, have you ever noticed the ID_SC and ID_SD pins on the Raspberry Pi GPIO connector? Are you wondering what they’re for? Don’t you want to check what actually happens on these pins? Let’s do that right now! Continue reading “Logic Analyzers: Tapping Into Raspberry Pi Secrets”

Retro Gadgets: The 1974 Breadboard Project

August 29, 2023 by 36 Comments

It is hard to imagine experimenting with electronics without the ubiquitous solderless breadboard. We are sure you have a few within arm’s reach. The little plastic wonders make it easy to throw together a circuit, try it, and then tear it down again. But, surprisingly, breadboards of that type haven’t always been around, and — for a while — they were also an expensive item. Maybe that’s what motivated [R. G. Cooper] to build Slip-n-Clip — his system for quickly building circuits that he published in a 1974 edition of the magazine Elementary Electronics.

The system isn’t really what you would think of as a breadboard today, but it was effective and certainly cheap to build. The biggest problem? It wasn’t something you’d use with DIP ICs. But in the early 1970s, you might not be building very much with ICs, and the ones you used might be in oddball transistor-like packages. Things were strange in the 70s!

A Brief History of Breadboards

In the very old days, people built radios and such on wooden substrates that were actually bread-cutting boards. That’s where the name came from. It was common to draw a diagram with the physical layout you had in mind, glue it to the board, and use it as a guide for building and troubleshooting. Wood was easy to drill and cut. A nail or a thumbtack would make dandy terminals. Probably the last time we saw that done was about a dozen years ago in Make Magazine. Even then, it was only a novelty — few people still build circuits like this, but you can see how [Colin] did it in the video below.

Continue reading “Retro Gadgets: The 1974 Breadboard Project”

Maker Faire Hannover: The Right Way To Do It

August 28, 2023 by 16 Comments

On these pages we bring you plenty of reports from events, most of which are from the hacker or hardware communities. These can be great fun to attend, but they’re not the only game in town when looking at things adjacent to our community. At what you might describe as the consumer end of the market there are the Maker Faires, which bring a much more commercial approach to a tech event. While so many of us are in Germany for Chaos Communication Camp there’s a maker faire ideally placed to drop in on the way back. We took the trip to Hannover, a large and rather pleasant city just off the Berlin to Amsterdam motorway roughly central to the top half of the country. It’s got one of the German emissions zones so without the green tax sticker in the car we took a park-and-ride on one of their clean and efficient trams to alight a short walk from the congress centre.

Plenty To See, And It’s Not All For Kids

An array of European electronic conference badges on show
Outside, a working forge
Face it, we all want a clock like this one!
Vintage test equipment
You may know Bitluni from many featured projects here.
A group of Germans who maintain a 1990s TV studio.
Hackaday’s first post, courtesy of the Wayback Machine and Makerspace Minden.

Continue reading “Maker Faire Hannover: The Right Way To Do It”

Hackaday Links Column Banner

Hackaday Links: August 27, 2023

August 27, 2023 by 26 Comments

We mentioned last week how robotaxi provider Cruise was having a no-good, very bad week, after one of their driverless taxis picked a fight with a semi, and it was revealed that amorous San Franciscans were taking advantage of the privacy afforded by not having a driver in the front seat. It appears that we weren’t the only ones to notice all the bad news, since California’s Department of Motor Vehicles issued an order to the company to cut its robotaxi fleet in half. The regulatory move comes after a recent Cruise collision with a fire truck, which injured a passenger in the taxi. Curiously, the DMV order stipulates that Cruise can only operate 50 vehicles during the day, while allowing 150 vehicles at night. We’d have thought the opposite would make more sense, since driving at night is generally more difficult than during daylight hours. But perhaps the logic is that the streets are less crowded at night, whereas daytime is a more target-rich environment.

Continue reading “Hackaday Links: August 27, 2023”