Hackaday Columns

4659 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

2022 Supercon: Schedule Released, And [Odd Jayy]

October 26, 2022 by 14 Comments

It’s finally time! We’ve put together the 2022 Supercon Schedule, and you can check out all the talks, workshops, and events in one place – right now.

Badge hacking heating up (photo by @hackerwarehouse)

It all starts off with breakfast on Friday morning to power you up for a full day of badge hacking, workshops, and general mixing and mingling before the Friday night party. Fridays are significantly less formal, but swing by Supplyframe HQ any time to get registered, get your badge, and get a mellow head start on Supercon.

Saturday morning, the talks begin! After a brief introduction and welcome, keynote speaker Joe Grand takes the stage to kick things off. And from then on, it’s two tracks of talks on two stages until your brain explodes. Or at least until the Hackaday Prize Awards ceremony at 7:00 PM, followed by the awards after-party.

Pull yourself out of bed Sunday morning for another full day of stellar talks. And squeeze in some more last minute badge-hacking time somehow, because we close up Sunday evening with the always entertaining badge hacking contest and awards.

Jorvon [Odd Jayy] Moss to Speak

Plus, we’ve got one last bit of great news: Jorvon [Odd Jayy] Moss is giving a talk on his adventures in making companion robots, and his latest forays into adding more intelligence into his animatronic and artistic creations.

So if you haven’t bought your tickets yet, do it. ‘Nuff said. See you at Supercon!

And if you’re not able to make it live, all of the talks on the LACM Stage will be streamed live on our YouTube channel, and you can join in the discussion over at the Hackaday Discord server or on Hackaday.io’s Supercon Chat channel. And all the talks that we can’t stream, we’re recording for later release, so you can always catch up later.

2022 Hackaday Supercon: Joe [Kingpin] Grand Keynote And Workshops Galore

October 25, 2022 by 5 Comments

It’s our great pleasure to announce that Joe [Kingpin] Grand is going to be our keynote speaker at the 2022 Supercon!

If you don’t know Joe, he’s a hacker’s hacker. He’s behind the earliest DEFCON electronic badges, to which we can trace our modern #badgelife creative culture. He was at the l0pht when it became the most publicly visible hackerspace in the USA, at the dawn of what we now think of as cybersecurity. And moreover, he’s a tireless teacher of the art of hardware hacking.

Joe’s talk at DEFCON 22 about reverse engineering PCBs on a hacker budget is on our top-10 must watch playlist, and his JTAGulator debug-port enumeration device has been present at the start of countless hacking sessions. But again, it’s his enthusiasm for creating, his inspiring “what if I poke at this thing this way?” attitude, and overwhelming hacker spirit that make Joe a long-overdue speaker at Supercon! Continue reading “2022 Hackaday Supercon: Joe [Kingpin] Grand Keynote And Workshops Galore”

Bare-Metal STM32: Setting Up And Using SPI

October 24, 2022 by 52 Comments

The Serial Peripheral Interface (SPI) interface was initially standardized by Motorola in 1979 for short-distance communication in embedded systems. In its most common four-wire configuration, full-duplex data transfer is possible on the two data (MOSI, MISO) lines with data rates well exceeding 10 Mb/s. This makes SPI suitable for high-bandwidth, full-duplex applications like SD storage cards and large resolution, high-refresh displays.

STM32 devices come with a variable number of SPI peripherals, two in the F042 at 18 Mb/s and five in the F411. Across the STM32 families, the SPI peripheral is relatively similar, with fairly minor differences in the register layout. In this article we’ll look at configuring an SPI peripheral in master mode.

Continue reading “Bare-Metal STM32: Setting Up And Using SPI”

Hackaday Links Column Banner

Hackaday Links: October 23, 2022

October 23, 2022 by 21 Comments

There were strange doings this week as Dallas-Forth Worth Airport in Texas experienced two consecutive days of GPS outages. The problem first cropped up on the 17th, as the Federal Aviation Administration sent out an automated notice that GPS reception was “unreliable” within 40 nautical miles of DFW, an area that includes at least ten other airports. One runway at DFW, runway 35R, was actually closed for a while because of the anomaly. According to GPSjam.org — because of course someone built a global mapping app to track GPS coverage — the outage only got worse the next day, both spreading geographically and worsening in some areas. Some have noted that the area of the outage abuts Fort Hood, one of the largest military installations in the country, but there doesn’t appear to be any connection to military operations. The outage ended abruptly at around 11:00 PM local time on the 19th, and there’s still no word about what caused it. Loss of GPS isn’t exactly a “game over” problem for modern aviation, but it certainly is a problem, and at the very least it points out how easy the system is to break, either accidentally or intentionally.

In other air travel news, almost as quickly as Lufthansa appeared to ban the use of Apple AirTags in checked baggage, the airline reversed course on the decision. The original decision was supposed to have been based on “an abundance of caution” regarding the potential for disaster from its low-power transmitters, or should a stowed AirTag’s CR2032 battery explode. But as it turns out, the Luftfahrt-Bundesamt, the German civil aviation authority, agreed with the company’s further assessment that the tags pose little risk, green-lighting their return to the cargo compartment. What luck! The original ban totally didn’t have anything to do with the fact that passengers were shaming Lufthansa online by tracking their bags with AirTags while the company claimed they couldn’t locate them, and the sudden reversal is unrelated to the bad taste this left in passengers’ mouths. Of course, the reversal only opened the door to more adventures in AirTag luggage tracking, so that’s fun.

Energy prices are much on everyone’s mind these days, but the scale of the problem is somewhat a matter of perspective. Take, for instance, the European Organization for Nuclear Research (CERN), which runs a little thing known as the Large Hadron Collider, a 27-kilometer-long machine that smashes atoms together to delve into the mysteries of physics. In an average year, CERN uses 1.3 terawatt-hours of electricity to run the LHC and its associated equipment. Technically, this is what’s known as a hell of a lot of electricity, and given the current energy issues in Europe, CERN has agreed to shut down the LHC a bit early this year, shutting down in late November instead of the usual mid-December halt. What’s more, CERN has agreed to reduce usage by 20% next year, which will increase scientific competition for beamtime on the LHC. There’s only so much CERN can do to reduce the LHC’s usage, though — the cryogenic plant to cool the superconducting magnets draws a whopping 27 megawatts, and has to be kept going to prevent the magnets from quenching.

And finally, as if the COVID-19 pandemic hasn’t been weird enough, the fact that it has left in its wake survivors whose sense of smell is compromised is alarming. Our daily ritual during the height of the pandemic was to open up a jar of peanut butter and take a whiff, figuring that even the slightest attenuation of the smell would serve as an early warning system for symptom onset. Thankfully, the alarm hasn’t been tripped, but we know more than a few people who now suffer from what appears to be permanent anosmia. It’s no joke — losing one’s sense of smell can be downright dangerous; think “gas leak” or “spoiled food.” So it was with interest that we spied an article about a neuroprosthetic nose that might one day let the nasally challenged smell again. The idea is to use an array of chemical sensors to stimulate an array of electrodes implanted near the olfactory bulb. It’s an interesting idea, and the article provides a lot of fascinating details on how the olfactory sense actually works.

Retrofitting Robots

October 22, 2022 by 27 Comments

Al Williams wrote up a neat thought piece on why we are so fascinated with robots that come in the shape of people, rather than robots that come in the shape of whatever it is that they’re supposed to be doing. Al is partly convinced that sci-fi is partly responsible, and that it shapes people’s expectations of what robots look like.

What sparked the whole thought train was the ROAR (robot-on-a-rail) style robot arms that have been popping up, at least in the press, as robot fry cooks. As the name suggests, it’s a robot arm on a rail that moves back and forth across a frying surface and uses CV algorithms to sense and flip burgers. Yes, a burger-flipping robot arm. Al asks why they didn’t just design the flipper into the stovetop, like you would expect with any other assembly line.

In this particular case, I think it’s a matter of economics. The burger chains already have an environment that’s designed around human operators flipping the burgers. A robot arm on a rail is simply the cheapest way of automating the task that fits in with the current ergonomics. The robot arm works like a human arm because it has to work in an environment designed for the human arm.

Could you redesign a new automatic burger-flipping system to be more space efficient or more reliable? Probably. If you did, would you end up with a humanoid arm? Not necessarily. But this is about patching robotics into a non-robotic flow, and that means they’re going to have to play by our rules. I’m not going to deny the cool factor of having a robot arm flip burgers, but my guess is that it’s actually the path of least resistance.

It feels kind of strange to think of a sci-fi timeline where the human-looking robots come first, and eventually get replaced by purpose-built intelligent machines that look nothing like us as the environments get entire overhauls, but that may be the way it’s going to play out. Life doesn’t always imitate art.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 190: Fun With Resin Printing, Tiny Tanks, Lo-Fi Orchestra, And Deep Thoughts With Al Williams

October 21, 2022 by 3 Comments

This week, Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos rendezvoused in yet another secret, throwaway location to rap about the hottest hacks from the previous week. We start off by gushing about the winners of the Cyberdeck Contest, and go wild over the Wildcard round winners from the Hackaday Prize.

It’s the What’s That Sound? results show, and Kristina was ultimately stumped by the sound of the Kansas City Standard, though she should have at least ventured a guess after shooting down both modem and fax machine noises.

Then it’s on to the hacks, which feature an analog tank-driving simulator from the 1970s, much ado about resin printing, and one cool thing you can do with the serial output from your digital calipers, (assuming you’re not a purist). And of course, stay tuned for the Can’t-Miss Article discussion, because we both picked one of resident philosopher Al Williams’ pieces.

Direct download.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 190: Fun With Resin Printing, Tiny Tanks, Lo-Fi Orchestra, And Deep Thoughts With Al Williams”

This Week In Security: Linux WiFi, Fortinet, Text4Shell, And Predictable GUIDs

October 21, 2022 by 18 Comments

Up first this week is a quintet of vulnerabilities in the Linux kernel’s wireless code. It started with [Soenke Huster] from TU Darmstadt, who found a buffer overwrite in mac80211 code. The private disclosure to SUSE kernel engineers led to a security once-over of this wireless framework in the kernel, and some other nasty bugs were found. A couple result in Denial-of-Service (DOS), but CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720 are Remote Code Execution vulnerabilities. The unfortunate bit is that these vulnerabilities are triggered on processing beacon frames — the wireless packets that announce the presence of a wireless network. A machine doesn’t have to be connected or trying to connect to a network, but simply scanning for networks can lead to compromise.

The flaws were announced on the 13th, and were officially fixed in the mainline kernel on the 15th. Many distros shipped updates on the 14th, so the turnaround was quite quick on this one. The flaws were all memory-management problems, which has prompted a few calls for the newly-merged Rust framework to get some real-world use sooner rather than later.

Fortinet

Much of Fortinet’s lineup, most notable their Fortigate firewalls, has a pre-auth authentication bypass on the administrative HTTP/S interface. Or plainly, if you can get to the login page, you can break in without a password. That’s bad, but at this point, you *really* shouldn’t have any administrative interfaces world-accessible on any hardware. Updated firmware is available.

More than just a couple days have passed, so we have some idea of the root problem and how it was fixed. It’s a simple one — the Forwarded HTTP headers on an incoming request are unintentionally trusted. So just send a request with Forwarded:for and Forwarded:by set to 127.0.0.1, and it falls through into code logic intended for internal API calls. Add a trusted SSH key, and pop, you’re in. Whoops. Continue reading “This Week In Security: Linux WiFi, Fortinet, Text4Shell, And Predictable GUIDs”