It is hard to remember that practical computers haven’t been around for even a century, yet. Modern computers have been around an even shorter period. Yet somehow people computed tables, kept ledgers, and even wrote books without any help from computers at all. Sometimes they just used brute force but sometimes they used little tricks that we’ve almost forgotten. For example, only a few of us remember how to use slide rules, but they helped send people to the moon. But what did database management look like in, say, 1925? You might think it was nothing but a filing cabinet and someone who knew how to find things in it. But there was actually a better system that had fairly wide use.
Join us Wednesday at 5:00 PM Pacific time for the Easy EDA Hack Chat with Dillon He!
Note the different time than our usual Hack Chat slot! Dillon will be joining us from China.
Since the birth of electronic design automation in the 1980s, the universe of products to choose from has grown tremendously. Features from schematic editing to circuit simulation to PCB design and autorouting can be found in every permutation imaginable, and you’re sure to find something that fits your needs, suits your budget, and works on your platform.
Dillon He started EasyEDA back in 2010 with Eric Cui, and since then the cloud-based EDA tool has become a popular choice. From working across teams to its “run anywhere” capabilities, EasyEDA has become the go-to tool for hundred of thousands of designers. Dillon will drop by the Hack Chat to answer all your questions about EasyEDA — how it started, where it is now, and what we can expect in the future.
Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, June 19 at 5:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
It should come as no surprise that we here at Hackaday are big boosters of autonomous systems like self-driving vehicles. That’s not to say we’re without a healthy degree of skepticism, and indeed, the whole point of the “Automate the Freight” series is that economic forces will create powerful incentives for companies to build out automated delivery systems before they can afford to capitalize on demand for self-driving passenger vehicles. There’s a path to the glorious day when you can (safely) nap on the way to work, but that path will be paved by shipping and logistics companies with far deeper pockets than the average commuter.
So it was with some interest that we saw a flurry of announcements in the popular press recently regarding automated deliveries. Each by itself wouldn’t be worthy of much attention; companies are always maneuvering to be seen as ahead of the curve on coming trends, and often show off glitzy, over-produced videos and well-crafted press releases as a low-effort way to position themselves as well as to test markets. But seeing three announcements at one time was unusual, and may point to a general feeling by manufacturers that automated deliveries are just around the corner. Plus, each story highlighted advancements in areas specifically covered by “Automate the Freight” articles, so it seemed like a perfect time to review them and perhaps toot our own horn a bit.
Most people who are serious about designing, building, or improving 3D printers see the Midwest Reprap Festival as the place where the latest and greatest is on show for all to see. But if you live on the other side of the world as I do, chances are slim that you’ll be able to attend.
I live in the UK, and there haven’t traditionally been any events quite like MRRF, but that may be changing. The 3D Meetup UK in Birmingham is a community-organised event bringing together the 3D printing maker and hacker community for a couple of days of talks, demonstrations, and tours. I went along this year to see what was going on, and to take the temperature of the British side of this community.
Mike Szczys and Elliot Williams talk news and great hacks from the past seven days. Sad word this week as Maker Media, the company behind Make Magazine and Maker Faire, have closed their doors. There seems to be a lot of news about broken hardware and software to discuss, with ADS-B problems grounding hundreds of flights in the US, Hackaday itself having a site outage, the Raspberry Pi 3 B+ can be bricked with a really easy mistake, and Lewin wrote a great overview of the Takata airbag debacle. Don’t worry there are still plenty of hacks as we look at old computers that sing, microcontrollers that chiptune, beat boxes that are actually boxes, and some very neat cartridge hacks for NES and Arduboy.
Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!
Direct download (60 MB)
Places to follow Hackaday podcasts:
It looks like Al was right, we should all be using Emacs. On the 4th of June, [Armin Razmjou] announced a flaw in Vim that allowed a malicious text file to trigger arbitrary code execution. It’s not every day we come across a malicious text file, and the proof of concept makes use of a clever technique — escape sequences hide the actual payload. Printing the file with cat returns “Nothing here.” Cat has a “-v” flag, and that flag spills the secrets of our malicious text file. For simplicity, we’ll look at the PoC that doesn’t include the control characters. The vulnerability is Vim’s modeline function. This is the ability to include editor options in a text file. If a text file only works with 80 character columns, a modeline might set “textwidth=80”. Modeline already makes use of a sandbox to prevent the most obvious exploits, but [Armin] realized that the “:source!” command could run the contents of a file outside that sandbox. “:source! %” runs the contents of the current file — the malicious text file.
:!uname -a||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="
Taking this apart one element at a time, the “:!” is the normal mode command to run something in the shell, so the rest of the line is what gets run. “uname -a” is the arbitrary command, benign in this case. Up next is the OR operator, “||” which fully evaluates the first term first, and only evaluates what comes after the operator if the first term returns false. In this case, it’s a simple way to get the payload to run even though the rest of the line is garbage, as far as bash is concerned. “vi:” informs Vim that we have a modeline string. “:fen” enables folding, and “:fdm=expr” sets the folding method to use an expression. This feature is usually used to automatically hide lines matching a regular expression. “:fde=” is the command to set the folding expression. Here’s the exploit, the folding expression can be a function like “execute()” or “assert_fails()”, which allows calling the :source! command. This pops execution out of the sandbox, and begins executing the text file inside vim, just as if a user were typing it in from the keyboard. Continue reading “This Week In Security: Use Emacs, Crash A Windows Server, And A Cryptocurrency Heist”
Throughout the six years of the Hackaday Prize we have seen a stream of projects tackling all manner of applications and challenges. Many of them have a goal of addressing issues faced by people in developing countries, and this was the topic upon which Rob Ryan Silva spoke at the Hackaday Superconference.
Rob’s perspective is an interesting one: he runs the maker lab at Development Alternatives Incorporated, or DAI, who are best described as a specialist contractor in the international development sector. Thus while many of the Prize entrants are hardware hackers who have become involved in development related projects, he is a development specialist who has made the opposite journey to becoming a hardware hacker.
Join me below for the video of Rob’s talk and a deep dive into it. Also of note, tickets for the 2019 Hackaday Superconference are now available, the Call for Proposals is now open, and of course, the 2019 Hackaday Prize is ready for your entry! Okay, now onto Rob’s talk.