Hackaday Columns

4779 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Getting Started In Ham Hack Chat

June 5, 2023 by 41 Comments

Join us on Wednesday, June 7 at noon Pacific for the Getting Started in Ham Hack Chat with Mark Hughes and Beau Ambur!

If you were to scratch any random hacker from the last 100 years, chances are pretty good you’d find an amateur radio operator just beneath the surface. Radio is the first and foremost discipline where hacking was not only welcomed, but required. If you wanted to get on the air, you sat down with some coils of wire, a few random parts — as often as not themselves homemade — and a piece of an old breadboard, and you got to work. Build it yourself or do without, and when it broke down or you wanted to change bands or add features, that was all on you too.

Like everything else, amateur radio has changed dramatically over the decades, and rolling your own radio isn’t exactly a prerequisite for entry into the ham radio club anymore. Cheap but capable handheld radios are available for a pittance, better quality radios are well within most people’s budget, and commercially available antennas have reduced the need to dabble in that particular black art. The barrier to entry for amateur radio has never been lower; you don’t even have to learn Morse anymore! So why haven’t you gotten a license?

join-hack-chatWhatever your reason for putting off joining the club of licensed amateur radio operators, we’re going to do our best to change your mind. And to help us do that, we’ve asked Mark Hughes (KE6WOB) and Beau Ambur (K6EAU) to swing by the Chat and share their experiences with getting on the air. Both are relatively recent licensees, and they’ll do their best to answer your questions about getting on the air for the first time, to get on your way to building that first radio.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, June 7 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links Column Banner

Hackaday Links: June 4, 2023

June 4, 2023 by 9 Comments

A report released this week suggests that 50 flights into its five-flight schedule, the Mars helicopter might be starting to show its age. The report details a protracted communications outage Ingenuity’s flight controllers struggled with for six sols after flight 49 back in April. At first attributed to a “communications shadow” caused by the helicopter’s robotic buddy, Perseverance, moving behind a rocky outcrop and denying line of sight, things got a little dicey once the rover repositioned and there was still no joy. Since the helicopter has now graduated from “technology demonstration” to a full-fledged member of the team tasked with scouting locations for the rover while respecting the no-fly zone around it, it was essential to get it flying again. Several attempts to upload a flight plan failed with nothing but an acknowledgment signal from the helicopter, but a final attempt got the program uploaded and flight 50 was a complete if belated success. So that’s good, but the worrying news is that since Sol 685, the helicopter has been switching in and out of nighttime survival mode. What that portends is unclear, but no matter how amazing the engineering is, there’s only so much that can be asked on Ingenuity before something finally gives.

Continue reading “Hackaday Links: June 4, 2023”

Software Driving Hardware

June 3, 2023 by 69 Comments

We were talking about [Christopher Barnatt]’s very insightful analysis of what the future holds for the Raspberry Pi single board computers on the Podcast. On the one hand, they’re becoming such competent computers that they are beginning to compete with lightweight desktop machines, instead of just being a hacker curiosity.

On the other hand, especially given the shortage and the increase in price that has come with the Pi’s expanding memory endowments, a lot of people who would “just throw in a Raspberry Pi” are starting to think more carefully about their options. Five years ago, this would have meant looking into what you could whip together on an Arduino-based platform, either on actual Arduino hardware or on an ESP8266 or similar, but that’s a very different beast from a programmer’s perspective. Working with microcontrollers used to be very different from working with even the smallest Linux machines.

These days, there is no shortage of microcontrollers that have enough memory – both flash and RAM – to support a higher-level environment like MicroPython. And if you think about it, MicroPython brings to the microcontrollers a lot of what people were using a Raspberry Pi for in projects anyway: a friendly interactive programming environment that was free of the compile-here, flash-there debug cycle. If you’re happy coding Python on a single-board Linux computer, you’ll be more or less happy coding in MicroPython or Circuit Python on a microcontroller.

And what this leaves us with, as hackers, is a fantastic spectrum of choices. Where before there was a hard edge between programming C on an 8-bit PIC or an AVR and working with something that had a full Linux operating system like a Pi, it’s all blurry now. And as the Pis, the Jetson, and all the other Linux SBCs are blurring the boundary with more traditional computers as they all become more competent and gain more computer-like peripherals. Nowadays your choice is much freer, and the hardware landscape more fluid. You don’t have to let software development concerns drive your hardware choices, and we think that’s a great thing.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Chatting About The State Of Hacker-Friendly AR Gear

June 2, 2023 by 13 Comments

There are many in the hacker community who would love to experiment with augmented reality (AR), but the hardware landscape isn’t exactly overflowing with options that align with our goals and priorities. Commercial offerings, from Google’s Glass to the Microsoft HoloLens and Magic Leap 2 are largely targeting medical and aerospace customers, and have price tags to match. On the hobbyist side of the budgetary spectrum we’re left with various headsets that let you slot in a standard smartphone, but like their virtual reality (VR) counterparts, they can hardly compare with purpose-built gear.

But there’s hope — Brilliant Labs are working on AR devices that tick all of our boxes: affordable, easy to interface with, and best of all, developed to be as open as possible from the start. Admittedly their first product, Monocle, it somewhat simplistic compared to what the Big Players are offering. But for our money, we’d much rather have something that’s built to be hacked and experimented with. What good is all the latest features and capabilities when you can’t even get your hands on the official SDK?

This week we invited Brilliant Lab’s Head of Engineering Raj Nakaraja to the Hack Chat to talk about AR, Monocle, and the future of open source in this space that’s dominated by proprietary hardware and software.

Continue reading “Chatting About The State Of Hacker-Friendly AR Gear”

Hackaday Podcast 221: The Future Of The Raspberry Pi, Sniffing A Toothbrush, Your Tactical Tool Threshold

June 2, 2023 by 2 Comments

Editors Elliot Williams and Tom Nardi are back in the (virtual) podcast studio to talk the latest phase of the 2023 Hackaday Prize, the past, present, and future of single-board computers, and a modern reincarnation of the Blackberry designed by hardware hackers. They’ll also cover the current state of toothbrush NFC hacking, the possibilities of electric farm equipment, and a privately funded satellite designed to sniff out methane. Stick around till the end to find out if there really is such a thing as having too many tools.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Or download all the things!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 221: The Future Of The Raspberry Pi, Sniffing A Toothbrush, Your Tactical Tool Threshold”

This Week In Security: Barracuda, Zyxel, And The Backdoor

June 2, 2023 by 12 Comments

Barracuda’s Email Security Gateway (ESG) has had a vulnerability in it for years. Tracked as CVE-2023-2868, this one was introduced back in version 5.1.3.001, and only got patched during the 9.2 development cycle. Specific build information on patched firmware has not been made available, but a firmware build containing the patch was deployed on May 20.

The flaw was a command injection bug triggered by .tar files attached to incoming emails. The appliance scans attachments automatically, and the file names could trigger the qx operator in a Perl script. It’s a nasty one, ranking a 9.4 on the CVSS scale. But the really bad news is that Barracuda found the vulnerability in the wild, and they have found evidence of exploitation as far back as October 2022.

There have been three malware modules identified on the compromised appliances. SALTWATER is a backdoor trojan, with the ability to transfer files, execute commands, and host network tunnels. SEASPY is a stealthier module, that looks like a legitimate service, and uses PCAP to monitor traffic and receive commands. And SEASIDE is a Lua module for the Barracuda SMTP monitor, and it exists to host a reverse shell on command. Indicators of Compromise (IOCs) have been published, and Barracuda recommends the unplug-and-remove approach to cleaning up an infection. The saving grace is that this campaign seems to have been targeted, and wasn’t launched against every ESG on the Internet, so maybe you’re OK.

Moxa, Too

And speaking of security software that has problems, the Moxa MXsecurity appliance has a pair of problems that could be leveraged together to lead to a complete device takeover. The most serious problem is a hard coded credential, that allows authentication bypass for the web-API. Then the second issue is a command-line escape, where an attacker with access to the device’s Command Line Interface (CLI) can break out and run arbitrary commands. Continue reading “This Week In Security: Barracuda, Zyxel, And The Backdoor”

Books You Should Read: Red Team Blues

June 1, 2023 by 12 Comments

Martin Hench really likes playing on the Red Team — being on the attack. He’s a financial geek, understands cryptocurrency, understands how money is moved around to keep it hidden, and is really good at mining data from social media. He puts those skills together as a forensic accountant. Put simply, Martin finds money that people want hidden. Against his better judgment, Marty does the job of a lifetime, and makes an absolute mint. But that job had hair, and he’s got to live through the aftermath. It turns out, that might just be a challenge, as three separate groups want a piece of him.

Red Team Blues, a work of fiction by [Cory Doctorow] about cryptocurrency, trust, finance, and society as a whole. When [Doctorow] offered to send us a copy to review, we jumped at the chance, and can give it a hearty recommendation as a fun and thoughtful tale. The moral seems to be that while everyone plays the sordid finance game, the government should really work harder to disentangle the mess, but maybe we would do better if more people opted for integrity. There is also a real point to be made about the dark side of cryptocurrency, in that it enables crime, ransomware, and money laundering on a global scale. For all the pluses for privacy and anonymity, there’s some real downsides. The characters spend most of the book wrestling with that dichotomy in the background.

The book took something of a moralizing turn just over halfway through. Which, depending on your viewpoint, you’ll either really appreciate, or have to hold your nose a bit to get through. But the suspense pulls the reader through it, making for an overall enjoyable read. As an added bonus, you might end up with a better mental image of how the pieces of digital privacy, finance, and the real world all fit together.

The book has all the fun references to Tor, Signal, Bitcoin, and computer history you could want. And the central MacGuffin is an interesting one: a cryptocurrency that runs on proof-of-secure-enclave, eliminating the ridiculous power consumption of proof-of-work schemes. All of this with some rich Silicon Valley lore setting up the background. Our conclusion? Two wrenches up.