Hackaday Columns

4565 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Farewell Shunsaku Tamiya: The Man Who Gave Us The Best Things To Build

July 31, 2025 by 36 Comments

In the formative experiences of most Hackaday readers there will almost certainly be a number of common threads, for example the ownership of a particular game console, or being inspired into engineering curiosity by the same TV shows. A home computer of a TV show may mark you as coming from a particular generation, but there are some touchstones which cross the decades.

Of those, we are guessing that few readers will not at some point have either built, owned, or lusted after a Tamiya model kit at some point over the last many decades, so it’s with some sadness that we note the passing of Mr. Tamiya himself, Shunsaku Tamiya, who has died at the age of 90.

Continue reading “Farewell Shunsaku Tamiya: The Man Who Gave Us The Best Things To Build”

Linux Fu: The Cheap Macropad Conundrum

July 30, 2025 by 9 Comments

You can get cheap no-brand macropads for almost nothing now. Some of them have just a couple of keys. Others have lots of keys, knobs, and LEDs. You can spring for a name brand, and it’ll be a good bet that it runs QMK. But the cheap ones? Get ready to download Windows-only software from suspicious Google Drive accounts. Will they work with Linux? Maybe.

Of course, if you don’t mind the keypad doing whatever it normally does, that’s fine. These are little more than HID devices with USB or Bluetooth. But what do those keys send by default? You will really want a way to remap them, especially since they may just send normal characters. So now you want to reverse engineer it. That’s a lot of work. Luckily, someone already has, at least for many of the common pads based around the CH57x chips.

Continue reading “Linux Fu: The Cheap Macropad Conundrum”

Be More Axolotl: How Humans May One Day Regrow Limbs And Organs

July 28, 2025 by 26 Comments

Although often glossed over, the human liver is a pretty amazing organ. Not just because it’s pretty much the sole thing that prevents our food from killing us, but also because it’s the only organ in our body that is capable of significant regeneration. This is a major boon in medicine, as you can remove most of a person’s liver and it’ll happily regrow back to its original volume. Obviously this is very convenient in the case of disease or when performing a liver transplant.

Despite tissue regeneration being very common among animals, most mammalian species have only limited regenerative ability. This means that while some species can easily regrow entire limbs and organs including eyes as well as parts of their brain, us humans and our primate cousins are lucky if we can even count on our liver to do that thing, while limbs and eyes are lost forever.

This raises many questions, including whether the deactivation of regenerative capabilities is just an evolutionary glitch, and how easily we might be able to turn it back on.

Continue reading “Be More Axolotl: How Humans May One Day Regrow Limbs And Organs”

Hackaday Links Column Banner

Hackaday Links: July 27, 2025

July 27, 2025 by 9 Comments

Sad breaking news late this Sunday afternoon of the passing of nerd icon Tom Lehrer at 97. Coming up through the culture, knowing at least a few of Tom’s ditties, preferably “The Elements” or “Poisoning Pigeons in the Park,” was as essential to proving one’s bona fides as committing most Monty Python bits to memory. Tom had a way with words that belied his background as a mathematician, spicing his sarcastic lyrics with unusual rhymes and topical references that captured the turbulence of the late 50s and early 60s, which is when he wrote most of his well-known stuff. First Ozzy, then Chuck Mangione, now Tom Lehrer — it’s been a rough week for musicians.

Here we go again. It looks like hams have another spectrum grab on their hands, but this time it’s the popular 70-cm band that’s in the crosshairs. Starlink wannabe AST SpaceMobile, which seeks to build a constellation of 248 ridiculously large communication satellites to offer direct-to-device service across the globe, seeks a substantial chunk of the 70-cm band, from 430 to 440 MHz, to control the satellites. This is smack in the middle of the 70-cm amateur radio band allocation here in the US, but covers the entire band for unlucky hams in Europe and the UK. The band is frequently used for repeaters, which newbie hams can easily access using a cheap hand-held radio to start learning the ropes.

Continue reading “Hackaday Links: July 27, 2025”

Personalization, Industrial Design, And Hacked Devices

July 26, 2025 by 28 Comments

[Maya Posch] wrote up an insightful, and maybe a bit controversial, piece on the state of consumer goods design: The Death Of Industrial Design And The Era Of Dull Electronics. Her basic thesis is that the “form follows function” aesthetic has gone too far, and all of the functionally equivalent devices in our life now all look exactly the same. Take the cellphone, for example. They are all slabs of screen, with a tiny bezel if any. They are non-objects, meant to disappear, instead of showcases for cool industrial design.

Of course this is an extreme example, and the comments section went wild on this one. Why? Because we all want the things we build to be beautiful and functional, and that has always been in conflict. So even if you agree with [Maya] on the suppression of designed form in consumer goods, you have to admit that it’s not universal. For instance, none of our houses look alike, even though the purpose is exactly the same. (Ironically, architecture is the source of the form follows function fetish.) Cars are somewhere in between, and maybe the cellphone is the other end of the spectrum from architecture. There is plenty of room for form and function in this world.

But consider the smartphone case – the thing you’ve got around your phone right now. In a world where people have the ultimate homogeneous device in their pocket, one for which slimness is a prime selling point, nearly everyone has added a few millimeters of thickness to theirs, aftermarket, in the form of a decorative case. It’s ironically this horrendous sameness of every cell phone that makes us want to ornament them, even if that means sacrificing on the thickness specs.

Is this the same impetus that gave us the cyberdeck movement? The custom mechanical keyboard? All kinds of sweet hacks on consumer goods? The need to make things your own and personal is pretty much universal, and maybe even a better example of what we want out of nice design: a device that speaks to you directly because it represents your work.

Granted, buying a phone case isn’t necessarily creative in the same way as hacking a phone is, but it at least lets you exercise a bit of your own design impulse. And it frees the designers from having to make a super-personal choice like this for you. How about a “nothing” design that affords easy personalized ornamentation? Has the slab smartphone solved the form-versus-function fight after all?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 330: Hover Turtles, Dull Designs, And K’nex Computers

July 25, 2025 by 1 Comment

What did you miss on Hackaday last week? Hackaday’s Elliot Williams and Al Williams are ready to catch you up on this week’s podcast. First, though, the guys go off on vibe coding and talk about a daring space repair around Jupiter.

Then it is off to the hacks, including paste extruding egg shells, bespoke multimeters, and an 8-bit mechanical computer made from a construction toy set.

For can’t miss articles, you’ll hear about boring industrial design in modern cell phones and a deep dive into how fresh fruit makes it to your table in the middle of the winter.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

The DRM-free MP3 was stored in a public refrigerated warehouse to ensure freshness. Why not download it and add it to your collection?

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 330: Hover Turtles, Dull Designs, And K’nex Computers”

This Week In Security: Sharepoint, Initramfs, And More

July 25, 2025 by 12 Comments

There was a disturbance in the enterprise security world, and it started with a Pwn2Own Berlin. [Khoa Dinh] and the team at Viettel Cyber Security discovered a pair of vulnerabilities in Microsoft’s SharePoint. They were demonstrated at the Berlin competition in May, and patched by Microsoft in this month’s Patch Tuesday.

This original exploit chain is interesting in itself. It’s inside the SharePoint endpoint, /_layouts/15/ToolPane.aspx. The code backing this endpoint has a complex authentication and validation check. Namely, if the incoming request isn’t authenticated, the code checks for a flag, which is set true when the referrer header points to a sign-out page, which can be set arbitrarily by the requester. The DisplayMode value needs set to Edit, but that’s accessible via a simple URL parameter. The pagePath value, based on the URL used in the call, needs to start with /_layouts/ and end with /ToolPane.aspx. That particular check seems like a slam dunk, given that we’re working with the ToolPane.aspx endpoint. But to bypass the DisplayMode check, we added a parameter to the end of the URL, and hilariously, the pagePath string includes those parameters. The simple work-around is to append another parameter, foo=/ToolPane.aspx.

Putting it together, this means a POST of /_layouts/15/ToolPane.aspx?DisplayMode=Edit&foo=/ToolPane.aspx with the Referrer header set to /_layouts/SignOut.aspx. This approach bypasses authentication, and allows a form parameter MSOTlPn_DWP to be specified. These must be a valid file on the target’s filesystem, in the _controltemplates/ directory, ending with .iscx. But it grants access to all of the internal controls on the SafeControls list.

There’s an entire second half to [Khoa Dinh]’s write-up, detailing the discovery of a deserialization bug in one of those endpoints, that also uses a clever type-confusion sort of attack. The end result was remote code execution on the SharePoint target, with a single, rather simple request. Microsoft rolled out patches to fix the exploit chain. The problem is that Microsoft often opts to fix vulnerabilities with minimal code changes, often failing to fix the underlying code flaws. This apparently happened in this case, as the authentication bypass fix could be defeated simply by adding yet another parameter to the URL.

These bypasses were found in the wild on July 19th, and Microsoft quickly confirmed. The next day, the 20th, Microsoft issued an emergency patch to address the bypasses. The live exploitation appears to be coming from a set of Chinese threat actors, with a post-exploitation emphasis on stealing data and maintaining access. There seem to be more than 400 compromised systems worldwide, with some of those being rather high profile.

Continue reading “This Week In Security: Sharepoint, Initramfs, And More”