Hackaday Columns

4659 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

ERRF 22: After Two Years, Back And Better Than Ever

October 14, 2022 by 5 Comments

When the COVID-19 pandemic hit, it became clear that organizers would have to pull the plug on any large social events they had planned. Many organizers decided to take their events online, but blurry web streams and meme-filled Discord channels can only get you so far. At this point we’re all keenly aware that, while they do have some advantages, virtual events are not the same as the real thing.

Which is why I was looking forward to making the trip down to Bel Air, Maryland for the first in-person East Coast RepRap Festival (ERRF) since 2019. I’m happy to report that the event, which was still in its infancy prior to the pandemic, was just as lively this year as it was doing my previous trips. Perhaps even more so, as local hackers and makers were eager for an outlet to show of their latest creations.

I’ll admit that part of me was concerned the two-year shutdown would have robbed ERRF of the momentum organizers had worked so hard to build. But judging by what I saw over the weekend, it seems even a global pandemic couldn’t slow down this fantastic event.

Continue reading “ERRF 22: After Two Years, Back And Better Than Ever”

Hackaday Podcast 189: Seven Segments Three Ways, Candle Code, DIY E-Readers, And The Badge Reveal

October 14, 2022 by 4 Comments

This week Hackaday Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi will discuss the return of the East Coast RepRap Festival, the scientific application of slices of baloney, and the state of the art in homebrew e-readers. The discussion weaves its way through various reimaginings of the seven (or more) segment display, an impressive illuminated headboard that comes with its own science-fiction film, and the surprising difficulty of getting a blinking LED to actually look like a flame. Stick around to the end to find out why iPhones are freaking out on amusement park rides, and to hear all the details about this year’s Supercon badge.

Direct download your own!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 189: Seven Segments Three Ways, Candle Code, DIY E-Readers, And The Badge Reveal”

This Week In Security: Npm Timing Leak, Siemens Universal Key, And PHP In PNG

October 14, 2022 by 12 Comments

First up is some clever wizardry from the [Aqua Nautilus] research team, who discovered a timing attack that leaks information about private npm packages. The setup is this, npm hosts both public and private node.js packages. The public ones are available to everyone, but the private packages are “scoped”, meaning they live within a private namespace, “@owner/packagename” and are inaccessible to the general public. Trying to access the package results in an HTTP 404 error — the same error as trying to pull a package that doesn’t exist.


The clever bit is to keep trying, and really pay attention to the responses. Use npm’s API to request info on your target package, five times in a row. If the package name isn’t in use, all five requests will take the expected amount of time. That request lands at the service’s backend, a lookup is performed, and you get the response. On the flipside if your target package does exist, but is privately scoped, the first request returns with the expected delay, and the other four requests return immediately. It appears that npm has front-end that can cache a 404 response for a private package. That response time discrepancy means you can map out the private package names used by a given organization in their private scope.

Now this is all very interesting, but it turns into a plausible attack when combined with typosquatting and dependency confusion issues. Those attacks are two approaches to the same goal, get a node.js deployment to run a malicious package instead of the legitimate one the developer intended. One depends on typos, but dependency confusion just relies on a developer not explicitly defining the scope of a package.

Continue reading “This Week In Security: Npm Timing Leak, Siemens Universal Key, And PHP In PNG”

Publish Or Perish: Data Storage And Civilization

October 13, 2022 by 120 Comments

Who do you think of when you think of ancient civilizations? Romans? Greeks? Chinese? India? Egyptians?  What about the Scythians, the Muisca, Gana, or the Kerma? You might not recognize that second group as readily because they all didn’t have writing systems. The same goes, to a lesser extent, for the Etruscans, the Minoans, or the inhabitants of Easter Island where they wrote, but no one remembers how to read their writing. Even the Egyptians were mysterious until the discovery of the Rosetta stone. We imagine that an author writing in Etruscan didn’t think that no one would be able to read the writing in the future–they probably thought they were recording their thoughts for all eternity. Hubris? Maybe, but what about our documents that are increasingly stored as bits somewhere?

Continue reading “Publish Or Perish: Data Storage And Civilization”

The 2022 Supercon Badge Is A Handheld Trip Through Computing History

October 12, 2022 by 73 Comments

Over the last several years, there’s been a trend towards designing ever more complex and powerful electronic event badges. Color displays, sensors, WiFi, USB, Bluetooth — you name it, and there’s probably a con badge out there that has packed it in. Even our own 2019 Supercon broke new ground with the inclusion of a Lattice LFE5U-45F FPGA running a RISC-V core. Admittedly, observing this unofficial arms race has been fascinating. But as we all know, a hacker isn’t defined by the tools at their disposal, but rather the skill and imagination with which they wield them.

So this year, we’ve taken a slightly different approach. Rather than try and cram the badge with even more state of the art hardware than we did in 2019, we’ve decided to go back to the well. The 2022 Supercon badge is a lesson in what it means to truly control a piece of hardware, to know what each bit of memory is doing, and why. Make no mistake, it’s going to be a challenge. In fact, we’d wager most of the people who get their hands on the badge come November 4th will have never worked on anything quite like it before. Folks are going to get pulled out of their comfort zones, but of course, that’s the whole idea.

Continue reading “The 2022 Supercon Badge Is A Handheld Trip Through Computing History”

2022 Supercon: More Talks, More Speakers!

October 11, 2022 by 3 Comments

Round two of the 2022 Supercon talks is out, and it’s another superb lineup. This round is full of high voltage, art, and science. If you’ve ever dreamed of starting up your own hacker company, making your own refrigerator, teaching your toaster to think, or just making your breath glow, then Supercon is where you want to be Nov. 4-6!

Supercon will sell out, so get your tickets now before it’s too late. And stay tuned for the next and final round of talk reveals next week! Plus the keynote speaker reveal. Plus workshops. Oh my. Continue reading “2022 Supercon: More Talks, More Speakers!”

RF Hacking Hack Chat

October 10, 2022 by 15 Comments

Join us on Wednesday, October 12 at noon Pacific for the RF Hacking Hack Chat with Christopher Poore!

On the time scale of technological history, it really wasn’t all that long ago that radio was — well, boring. We’re not talking about the relative entertainment value of the Jack Benny Show or listening to a Brooklyn Dodgers game, but about the fact that for the most part, radio was a one-dimensional medium: what you heard was pretty much all there was to a signal, and radio was rarely used for anything particularly hackable.

Not so today, of course, where anything electronic seems to have at least one radio stuffed into it, and the space around us is filled with a rich soup of fascinating RF signals. For hackers, this is where radio gets interesting — listening in on those signals, exploring their nature, and figuring out how to put them to use are like red meat for most of us.

join-hack-chatHacking and reverse engineering opportunities abound in the RF realm, but can sometimes be a bit difficult. What’s needed is a framework for pulling those signals out of the ether and putting them into some kind of context. Fortunately, there are plenty of tips and tricks in this space; we talked about one of them, FISSURE, not too long ago. The acronym — “Frequency Independent SDR-Based Signal Understand and Reverse Engineering” — about sums up what this framework is all about. But to bring it into further focus, we’re lucky enough to have Chris Poore, a Senior Reverse Engineer at Assured Information Security, drop by the Hack Chat. We’ll talk about RF reverse engineering in general and FISSURE in particular. Be sure to stop by with your RF hacking and reverse engineering questions and war stories!

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, October 12 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.