Hackaday Columns

4657 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: CVSS 0, Chwoot, And Not In The Threat Model

October 3, 2025 by 4 Comments

This week a reader sent me a story about a CVE in Notepad++, and something isn’t quite right. The story is a DLL hijack, a technique where a legitimate program’s Dynamic Link Library (DLL) is replaced with a malicious DLL. This can be used for very stealthy persistence as well as escalation of privilege. This one was assigned CVE-2025-56383, and given a CVSS score of 8.4.

The problem? Notepad++ doesn’t run as a privileged user, and the install defaults to the right permissions for the folder where the “vulnerable” DLL is installed. Or as pointed out in a GitHub issue on the Proof of Concept (PoC) code, why not just hijack the notepad++ executable?

This is key when evaluating a vulnerability write-up. What exactly is the write-up claiming? And what security boundary is actually being broken? The Common Weakness Enumeration (CWE) list can be useful here. This vulnerability is classified as CWE-427, an uncontrolled search path element — which isn’t actually what the vulnerability claims, and that’s another clue that something is amiss here. In reality this “vulnerability” applies to every application that uses a DLL: a CVSS 0.

Continue reading “This Week In Security: CVSS 0, Chwoot, And Not In The Threat Model”

How Hydraulic Ram Pumps Push Water Uphill With No External Power Input

October 2, 2025 by 33 Comments

Imagine you have a natural stream running through a low-lying area on your farm. It’s a great source of fresh water, only you really need it to irrigate some crops sitting at a higher elevation. The area is quite remote from fixed utilities, complicating the problem.

Your first thought might be to grab a commercial off-the-shelf pump of some sort, along with a fancy solar power system to provide the necessary power to run it. But what if there were a type of pump that could do the job with no external power input at all? Enter the hydraulic ram pump.

Continue reading “How Hydraulic Ram Pumps Push Water Uphill With No External Power Input”

FLOSS Weekly Episode 849: Veilid: Be A Brick

October 1, 2025 by No comments

This week Jonathan talks with Brandon and TC about Veilid, the peer-to-peer networking framework that takes inspiration from Tor, and VeilidChat, the encrypted messenger built on top of it. What was the inspiration? How does it work, and what can you do with it? Listen to find out!

Continue reading “FLOSS Weekly Episode 849: Veilid: Be A Brick”

Lost Techniques: Bond-out CPUs And In Circuit Emulation

October 1, 2025 by 21 Comments

These days, we take it for granted that you can connect a cheap piece of hardware to a microcontroller and have an amazing debugging experience. Stop the program. Examine memory and registers. You can see and usually change anything. There are only a handful of ways this is done on modern CPUs, and they all vary only by detail. But this wasn’t always the case. Getting that kind of view to an actual running system was an expensive proposition.

Today, you typically have some serial interface, often JTAG, and enough hardware in the IC to communicate with a host computer to reveal and change internal state, set breakpoints, and the rest. But that wasn’t always easy. In the bad old days, transistors were large and die were small. You couldn’t afford to add little debugging pins to each processor you produced.

This led to some very interesting workarounds. Of course, you could always run simulators on a larger computer. But that might not work in real time, and almost certainly didn’t have all the external things you wanted to connect to, unless you also simulated them. Continue reading “Lost Techniques: Bond-out CPUs And In Circuit Emulation”

2025 Hackaday Speakers, Round One! And Spoilers

September 30, 2025 by 4 Comments

Supercon is the Ultimate Hardware Conference and you need to be there! Just check out this roster of talks that will be going down. We’ve got something for everyone out there in the Hackday universe, from poking at pins, to making things beautiful, to robots, radios, and FPGAs. And this isn’t even half of the list yet.

We’ve got a great mix of old favorites and new faces this year, and as good as they are, honestly the talks are only half of the fun. The badge hacking, the food, the brainstorming, and just the socializing with the geekiest of the geeky, make it an event you won’t want to miss. If you don’t have tickets yet, you can still get them here.

Plus, this year, because Friday night is Halloween, we’ll be hosting a Sci-Fi-themed costume party for those who want to show off their best props or most elaborate spacesuits. And if that is the sort of thing that you’re into, you will absolutely want to stay tuned to our Keynote Speaker(s) announcement in a little while. (Spoiler number one.) Continue reading “2025 Hackaday Speakers, Round One! And Spoilers”

Ask Hackaday: How Do You Distro Hop?

September 29, 2025 by 36 Comments

If you read “Jenny’s Daily Drivers” or “Linux Fu” here on Hackaday, you know we like Linux. Jenny’s series, especially, always points out things I want to try on different distributions. However, I have a real tendency not to change my distro, especially on my main computer. Yet I know people “distro hop” all the time. My question to you? How do you do it?

The Easy but Often Wrong Answer

Sure, there’s an easy answer. Keep your /home directory on a separate disk and just use it with a new boot image. Sounds easy. But the truth is, it isn’t that easy. I suppose if you don’t do much with your system, that might work. But even if you don’t customize things at the root level, you still have problems if you change desktop environments or even versions of desktop environments. Configuration files change over time. Good luck if you want to switch to and from distros that are philosophically different, like systemd vs old-school init; apparmor vs SELinux. So it isn’t always as simple as just pointing a new distro at your home directory.

One thing I’ve done to try out new things is to use a virtual machine. That’s easy these days. But it isn’t satisfying if your goal is to really switch to a new distro as your daily driver. Continue reading “Ask Hackaday: How Do You Distro Hop?”

Hackaday Links Column Banner

Hackaday Links: September 28, 2025

September 28, 2025 by 14 Comments

In today’s “News from the Dystopia” segment, we have a story about fighting retail theft with drones. It centers on Flock Safety, a company that provides surveillance technologies, including UAVs, license plate readers, and gunshot location systems, to law enforcement agencies. Their flagship Aerodome product is a rooftop-mounted dock for a UAV that gets dispatched to a call for service and acts as an eye-in-the-sky until units can arrive on scene. Neat idea and all, and while we can see the utility of such a system in a first responder situation, the company is starting to market a similar system to retailers and other private sector industries as a way to contain costs. The retail use case, which the story stresses has not been deployed yet, would be to launch a drone upon a store’s Asset Protection team noticing someone shoplifting. Flock would then remotely pilot the drone, following the alleged thief back to their lair or hideout and coordinating with law enforcement, who then sweep in to make an arrest.

Continue reading “Hackaday Links: September 28, 2025”