Hackaday Columns

4658 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Mommy, Where Do Ideas Come From?

October 8, 2022 by 38 Comments

We wrote up an astounding old use of technology – François Willème’s 3D scanning and modeling apparatus from 1861, over 150 years ago. What’s amazing about this technique is that it used absolutely cutting-edge technology for the time, photography, and the essence of a technique still used today in laser-line 3D scanners, or maybe even more closely related to the “bullet time” effect.

This got me thinking of how Willème could have possibly come up with the idea of taking 24 simultaneous photographs, tracing the outline in wood, and then re-assembling them radially into a 3D model. And all of this in photography’s very infancy.

But Willème was already a sculptor, and had probably seen how he could use photos to replace still models in the studio, at least to solidify proportions. And he was probably also familiar with making cameos, where the profile was often illuminated from behind and carved, often by tracing shadows. From these two, you could certainly imagine his procedure, but there’s still an admirable spark of genius at work.

Could you have had that spark without the existence of photography? Not really. Tracing shadows in the round is impractical unless you can fix them. The existence of photography enabled this idea, and countless others, to come into existence.

That’s what I think is neat about technology, and the sharing of new technological ideas. Oftentimes they are fantastic in and of themselves, like photography indubitably was. But just as often, the new idea is a seed for more new ideas that radiate outward like ripples in a pond.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 188: Zapping Cockroaches, Tricking AIs, Antique 3D Scanning, And Grinding Chips To QFN

October 7, 2022 by 7 Comments

It’s déjà vu all over again as Hackaday Editor-in-Chief Elliot Williams gets together with Staff Writer Dan Maloney to look over the best hacks from the past week. If you’ve got a fear of giant cockroaches, don’t worry; we’ll only mention the regular ones when we talk about zapping them with lasers. What do you need to shrinkify an NES? Just a little sandpaper and a lot of finesse.

Did you know that 3D scanning is (sort of) over a century old? Or that the first real microcomputer dates all the way back to 1972 — and isn’t one of those blinkenlight deals? And watch out for what you tell GPT-3 to ignore — it might just take you very seriously. We’ll touch on solar-powered cameras, a compressor of compressors, and talk about all the unusual places to find lithium batteries for your projects. It’s an episode so good you might just want to listen to it twice!

(In case you’re wondering about all this “twice” stuff — Elliot forgot to hit record on the first take and we had to do the entire podcast over again. Oh, the humanity!)

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download here!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 188: Zapping Cockroaches, Tricking AIs, Antique 3D Scanning, And Grinding Chips To QFN”

This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis

October 7, 2022 by 1 Comment

If you use PHP, you likely use the Composer tool for managing dependencies, at least indirectly. And the good folks at SonarSource found a nasty, potential supply chain attack in this tool, when used in the Packagist repository. The problem is the support for arbitrary README filenames. When a package update shows up on Packagist, that service uses a Version Control Service (VCS) like Git or Mercurial to pull the specified readme location. That pull operation is subject to argument injection. Name your branch --help, and Git will happily run the help argument instead of doing the pull intended. In the case of Git commands, our intrepid researchers were unable to weaponize the issue to achieve code execution.

Composer also supports projects that use Mercurial as their VCS, and Mercurial has a --config option that has… interesting potential. It allows redefining a Mecurial command as a script snippet. So a project just has to contain a malicious payload.sh, and the readme set to --config=alias.cat=!hg cat -r : payload.sh|sh;,txt. For those keeping track at home, the vulnerability is that this cursed string of ugly is accepted by Composer as a valid filename. This uses the --config trick to redefine cat as a bit of script that executes the payload. It ends in .txt because that is a requirement of Composer.

So let’s talk about what this little hack could have been used for, or maybe still used for on an unpatched, private install of Packagist. This is an unattended attack that jumps straight to remote script execution — on an official package repository. If discovered and used for evil, this would have been a massive supply chain attack against PHP deployments. Instead, thanks to SonarSource, it was discovered and disclosed privately back in April. The official Packagist repo at packagist.org was fixed the day after disclosure, and a CVE and updated packages went out six days later. Great work all around.
Continue reading “This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis”

Immersive Cursive: Growing Up Loopy

October 6, 2022 by 28 Comments

Growing up, ours was a family of handwritten notes for every occasion. The majority were left on the kitchen counter next to the sink, or in a particular spot on the all-purpose table in the breakfast nook. Whether one was professing their familial love and devotion on the back of a Valpak coupon, or simply communicating an intent to be home before dinnertime, the words were generally immortalized in BiC on whatever paper was available, and timestamped for the reader’s information. You may have learned cursive in school, but I was born in it — molded by it. The ascenders and descenders betray you because they belong to me.

Both of my parents always seemed to be incapable of printing in anything other than all caps, so I actually preferred to see their cursive most of the time. As a result, I could copy read it quite easily from an early age. Well, I don’t think I ever had any hope of imitating Dad’s signature. But Mom’s on the other hand — like I said in the first installment, it was important for my signature to be distinct from hers, given that we have the same name — first, middle, and last. But I could probably still bust out her signature if it came down to something going on my permanent record.

While my handwriting was sort of naturally headed towards Mom’s, I was more interested in Dad’s style and that of my older brother. He had small caps handwriting down to an art, and my attempts to copy it have always looked angry and stilted by comparison. In addition, my brother’s cursive is lovely and quick, while still being legible.

Continue reading “Immersive Cursive: Growing Up Loopy”

The State Of The SBC Interface Ecosystem, Is It Time To Design A Standard?

October 5, 2022 by 132 Comments

We are spoiled for choice when it comes to single board computers, whether they be based around a microcontroller or a more capable SoC capable of running an operating system such as GNU/Linux. They can be had from well-established brands such as Arduino, Adafruit, or Raspberry Pi, or from a Wild West of cheaper Far Eastern modules carrying a plethora of different architectures.

Everyone has their own favourite among them, and along with that comes an ecosystem of operating systems and software development environments. There’s another aspect to these boards which has evolved; certain among them have become de facto interface connector standards for hardware peripherals. Do these standards make any sense? Let’s talk about that.

Continue reading “The State Of The SBC Interface Ecosystem, Is It Time To Design A Standard?”

2022 Hackaday Supercon Speakers Will Inspire You

October 4, 2022 by 10 Comments

The return of Supercon is taking place in just a month. We’ve got 45 fantastic talks and workshops planned for the three-day weekend, and they are as varied and inspiring as the Hackaday community itself. From molecules to military connectors, here’s an even dozen talks to whet your appetite.

Supercon is the Ultimate Hardware Conference and you need to be there! We’ll continue to announce speakers and workshops over the next couple weeks. Supercon will sell out so get your tickets now before it’s too late. And stay tuned for the next round of talk reveals next week! Continue reading “2022 Hackaday Supercon Speakers Will Inspire You”

Big Brother Or Dumb Brother? Bus Drivers In Beijing Are Forced To Wear “Emotional Monitors”

October 3, 2022 by 64 Comments

Humans aren’t always great at respecting each other’s privacy. However, common sense says there’s a clear boundary when it comes to the thoughts in one’s own head and the feelings in one’s heart.

For bus drivers in Beijing though, it seems that’s no longer the case. These professional drivers are now being asked to wear emotional monitors while on the job, raising concerns from both legal and privacy advocates. But the devices aren’t really anything more than workout monitors, and whether they can actually make good on their Orwellian promise remains to be seen.

In Your Head, In Your Head!

The monitoring wristbands have been rolled out to some of Beijing’s long-distance bus drivers. Credit: Cypp0847, CC-BY-SA-4.0

When George Orwell wrote 1984, it was only 1949. However, he was able to foresee a world in which surveillance was omnipresent and inescapable. He also envsioned the concept of thoughtcrime, where simply contemplating the wrong things could get you in serious trouble with the authorities.

As we all know, Orwell was way off – these predictions didn’t become reality until well into the 2000s. In the latest horrifying development, technologies now exist that claim to be able to monitor one’s emotional state. Now, China’s transportation sector is rushing to push them on their workforces.

Long-distance bus drivers in Beijing are now being told to wear electronic wristbands when on the job. These wristbands claim to be able to capture the wearer’s emotional state, monitoring it on behalf of the employer. The scheme was the idea of the Beijing Public Transport Holding Group. The state-run organization claims the technology is intended for the safety of the public, and a trial of the wristbands began in July this year. Continue reading “Big Brother Or Dumb Brother? Bus Drivers In Beijing Are Forced To Wear “Emotional Monitors””