Hackaday Columns

4697 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More

July 14, 2023 by 4 Comments

First up, Apple issued an emergency patch, then yanked, and re-issued it. The problem was a Remote Code Execution (RCE) vulnerability in WebKit — the basis of Apple’s cross-platform web browser. The downside of a shared code base,is that bugs too are write-once, exploit-anywhere. And with Apple’s walled garden insisting that every browser on iOS actually run WebKit under the hood, there’s not much relief without a patch like this one.

The vulnerability in question, CVE-2023-37450, is a bit light on further details except to say that it’s known to be exploited in the wild. The first fix also bumped the browser’s user-agent string, adding an (a) to denote the minor update. This was apparently enough to break some brittle user-agent detection code on popular websites, resulting in an unhelpful “This web browser is no longer supported” message. The second patch gets rid of the notification.

Microsoft Loses It

Microsoft has announced that on May 15th, an attack from Storm-0558 managed to breach the email accounts of roughly 25 customers. This was pulled off via “an acquired Microsoft account (MSA) consumer signing key.” The big outstanding question is how Microsoft lost control of that particular key. According to an anonymous source speaking to The Washington Post, some of the targeted accounts were government employees, including a member of cabinet. Apparently the FBI is asking Microsoft this very same question.

Speaking of Microsoft, there’s also CVE-2023-36884, a vulnerability in Microsoft Office. This one appears to be related to the handling of HTML content embedded in Office documents, and results in code execution upon opening the document. This along with another vulnerability (CVE-2023-36874) was being used by storm- another unknown threat actor, Storm-0978 in an ongoing attack.

There’s an interesting note that this vulnerability can be mitigated by an Attack Surface Reduction (ASR) rule, that blocks Office from launching child processes. This might be a worthwhile mitigation step for this and future vulnerabilities in office. Continue reading “This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More”

How Duck Tape Became Famous

July 13, 2023 by 81 Comments

If you hack things in the real world, you probably have one or more rolls of duck tape. Outside of the cute brand name, many people think that duck tape is a malapropism, but in truth it is the type of cloth traditionally used in our favorite tape: cotton duck. However, as we’ll see, it’s not entirely wrong to call it duct tape either. Whatever you call it, a cloth material has an adhesive backing and is coated with something like polyethylene.

Actually, the original duck tape wasn’t adhesive at all. It was simply strips of cotton duck used for several purposes, including making shoes and wrapping steel cables like the ones placed in 1902 at the Manhattan Bridge. By 1910, the tape was made with adhesive on one side and soaked in rubber, found use in hospitals for binding wounds. In May 1930, Popular Mechanics advised melting rubber from an old tire and adding rosin to create a compound to coat cotton tape, among other things.

Continue reading “How Duck Tape Became Famous”

Discussing The Tastier Side Of Desktop 3D Printing

July 12, 2023 by 20 Comments

Not long after the first desktop 3D printers were created, folks started wondering what other materials they could extrude. After all, plastic is only good for so much, and there’s plenty of other interesting types of goop that lend themselves to systematic squirting. Clay, cement, wax, solder, even biological material. The possibilities are vast, and even today, we’re still exploring new ways to utilize additive manufacturing.

Ellie Weinstein

But while most of the research has centered on the practical, there’s also been interest in the tastier applications of 3D printing. Being able to print edible materials offers some fascinating culinary possibilities, from producing realistic marbling in artificial steaks to creating dodecahedron candies with bespoke fillings. Unfortunately for us, the few food-safe printers that have actually hit the market haven’t exactly been intended for the DIY crowd.

That is, until now. After nearly a decade in development, Ellie Weinstein’s Cocoa Press chocolate 3D printer kit is expected to start shipping before the end of the year. Derived from the Voron 0.1 design, the kit is meant to help those with existing 3D printing experience expand their repertoire beyond plastics and into something a bit sweeter.

So who better to host our recent 3D Printing Food Hack Chat? Ellie took the time to answer questions not just about the Cocoa Press itself, but the wider world of printing edible materials. While primarily designed for printing chocolate, with some tweaks, the hardware is capable of extruding other substances such as icing or peanut butter. It’s just a matter of getting the printers in the hands of hackers and makers, and seeing what they’ve got an appetite for.

Continue reading “Discussing The Tastier Side Of Desktop 3D Printing”

Retrotechtacular: Better Living Through A-Bombs

July 11, 2023 by 42 Comments

Usually, if you are listening to people debate about nuclear issues, it is one of two topics: how to deal with nuclear weapon stockpiles or if we want nuclear power plants in our backyard. But there was a time when the US and the USSR had more peaceful plans for nuclear bombs. While peaceful plans for nuclear bombs might sound like an oxymoron, there was somewhat of a craze for all things nuclear at some point, and it wasn’t clear that nuclear power and explosives wouldn’t take over many industries as the transistor did, or the vacuum tube before it.

You may have heard about Project (or Operation) Plowshare, the US effort to find a peaceful use for all those atom bombs. The Atomic Energy Commission video below touts the benefits “for all nations.” What benefits? Mostly moving earth, including widening the Panama Canal or creating a new canal, cutting highways through mountains, assisting mining and natural gas production, and creating an artificial harbor. There was also talk of using atomic blasts to create new materials and, of course, furthering the study of the atom.

Continue reading “Retrotechtacular: Better Living Through A-Bombs”

Testing the World's Thinnest Boombox with a modular setup containing the basic components.

Supercon 2022: Joe Grand And The Thinnest Boombox

July 10, 2023 by 4 Comments

Boomboxes are one of those status symbols that define the 1980s and part of the 1990s, being both a miracle of integration and the best way to share your love of music with as many people as possible. Naturally, this led Joe Grand to figure that it would make it a perfect subject for a modern take on such an iconic device. The primary inspiration for this came from a piezo speaker developed by TDK called the ‘PiezoListen’. These are piezo devices that can be less than a millimeter thick, while still claiming to reproduce a broad range of audio frequencies.

Just having these speakers is only part of the solution, of course, which led Joe down the rabbithole of not only figuring out the components that should go into the system, but also how to get it all on a single PCB and see how far one can push different solder mask colors with an appropriately boombox-like design. At its core is a Raspberry Pi Zero 2 W that runs Mopidy, to provide music server functionality. Also added are some RGB lighting and touch controls.

Continue reading “Supercon 2022: Joe Grand And The Thinnest Boombox”

Software For Satellites Hack Chat

July 10, 2023 by 3 Comments

Join us on Wednesday, July 12 at noon Pacific for the Software for Space Hack Chat with Jacob Killelea!

In space, everything is harder. Hardware has to be built to withstand not only the harshest possible regimes of temperature and radiation but the rigors of launch. Power is at a premium, things that are supposed to stay cool get too hot, and things you want to keep warm freeze solid. It seems like everything you “send upstairs” has to be over-engineered compared with the stuff that stays down the gravity well.

join-hack-chatBut what about software? Yep, that needs special engineering too — after all, one little mistake, one uncaught exception, and millions or even billions of exquisitely crafted space hardware could become as useful as a brick. Jacob Killelea is an aerospace engineer who has done the rounds of a number of space concerns, and he’s worked on a number of space software projects, including a pulsed laser system with the potential for lunar orbital communications. He knows what it takes to write software that keeps space hardware ticking, and we’re excited to have him log into the Chat to talk about it.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 12 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

[Banner image: NASA’s GPM satellite.]

Hackaday Links Column Banner

Hackaday Links: July 9, 2023

July 9, 2023 by 8 Comments

Good news this week from Mars, where Ingenuity finally managed to check in with its controllers after a long silence. The plucky helicopter went silent just after nailing the landing on its 52nd flight back on April 26, and hasn’t been heard from since. Mission planners speculated that Ingenuity, which needs to link to the Perseverance rover to transmit its data, landed in a place where terrain features were blocking line-of-sight between the two. So they weren’t overly concerned about the blackout, but still, one likes to keep in touch with such an irreplaceable asset. The silence was broken last week when Perseverance finally made it to higher ground, allowing the helicopter to link up and dump the data from the last flight. The goal going forward is to keep Ingenuity moving ahead of the rover, acting as a scout for interesting places to explore, which makes it possible that we’ll see more comms blackouts. Ingenuity may be more than ten-fold over the number of flights that were planned, but that doesn’t mean it’s ready for retirement quite yet.

Continue reading “Hackaday Links: July 9, 2023”