Hackaday Columns

4658 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Who Is Responsible For Your Safety?

September 10, 2022 by 182 Comments

We recently posted a video where some ingenious metal-shop hackers made a simple jig to create zig-zag oil grooves on the inside of a cylinder, and the comment section went wild. What ensued was a flood of complaints that the video displayed unsafe shop practices, from lack of safety glasses to wearing flip-flops while operating a lathe.

Where the comments went off the rails were people asking Hackaday to remove our discussion of the video, because the commenters thought that we were somehow implicitly encouraging open-toed footwear in the presence of machine tools. We certainly weren’t! We wanted you all to see the clever machining hack, and be inspired to build your own. We figure that you’ve got the safety angle covered.

Now don’t get me wrong – there were safety choices made in the video that I would not personally make. But it also wasn’t my shop and I wasn’t operating the machines. And you know who is ultimately responsible for the safety in my basement shop? Me! And guess who is responsible for safety in your shop.

But of course, none of us know everything about every possible hazard. (Heck, I wrote just that a few weeks ago!) So while we’re sympathetic with the “that’s not safe!” crew, we’re not going to censor inspiring hacks just because something done along the way wasn’t done in the way we would do it. Instead, it’s our job, in the comment section as in Real Life™, to help each other out and share our good safety tips when we can.

You’ll see some crazy stuff in videos, and none of it is to be repeated without thinking. And if you do see something dodgy, by all means point it out, and mention how you would do it better. Turn the negative example around for good, rather than calling for its removal. Use the opportunity to help, rather than hide.

But also remember that when the chips are flying toward your personal eyeballs, it’s up to you to have glasses on. We all do potentially hazardous things all the time, and it’s best to be thinking about the risks and their mitigation. So stay safe out there. Keep on learning and keep on hacking!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 184: What Is Art, Bulk Tape Eraser Go Brr, And The Death Of Email

September 9, 2022 by 3 Comments

This week, Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos had a lot of fun discussing the best of the previous week’s hacks in spite of Elliot’s microphone connectivity troubles. News-wise, we busted out the wine and cheese to briefly debate whether a Colorado man should have won an art competition by entering an image created by AI. Afterward, we went around a bit about floppies, which are being outlawed in Japan.

Then it’s on to the What’s That Sound Results Show, but since Elliot can’t find a 14-sided die, he pulled on the Internet for our random number needs. Congratulations to our big winner [D Rex], who will receive one our coveted Hackaday Podcast t-shirts (Ed. note: Heck, I don’t even have one! That’s how special these babies are).

Afterlife for dead floppies.
Make shoes out of this.
Kristina’s Cyberdeck Thoughts

Is the food-safety-of-3D-printing debate over once and for all? It is as far as Elliot’s concerned. You know what else is over? The era of distributed, independent email servers. Bah! We’re not kidding about that last one — and we discuss a lie-detecting app that may or may not prove our innocence.

Finally, we talk active foot cooling, heat barriers for hot shops, and big, strong magnets. What are they for? Fixing floppies, fool!

 

Direct download.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 184: What Is Art, Bulk Tape Eraser Go Brr, And The Death Of Email”

This Week In Security: One-click, UPnP, Mainframes, And Exploring The Fog

September 9, 2022 by 8 Comments

A couple weeks ago we talked about in-app browsers, and the potential privacy issues when opening content in them. This week Microsoft reveals the other side of that security coin — JavaScript on a visited website may be able to interact with the JS embedded in the app browser. The vulnerability chain starts with a link handler published to Android, where any https://m.tiktok[.]com/redirect links automatically open in the TikTok app. The problem here is that this does trigger a redirect, and app-internal deeplinks aren’t filtered out. One of these internal schemes has the effect of loading an arbitrary page in the app webview, and while there is a filter that should prevent loading untrusted hosts, it can be bypassed with a pair of arguments included in the URI call.

Once an arbitrary page is loaded, the biggest problem shows up. The JavaScript that runs in the app browser exposes 70+ methods to JS running on the page. If this is untrusted code, it gives away the figurative keys to the kingdom, as an auth token can be accessed for the current user. Account modification, private video access, and video upload are all accessible. Thankfully the problem was fixed back in March, less than a month after private disclosure. Still, a one-click account hijack is nothing to sneeze at. Thankfully this one didn’t escape from the lab before it was fixed.

UPnP Strikes Again

It’s not an exaggeration to say that Universal Plug and Play (UPnP) may have been the most dangerous feature to be included in routers with the possible exception of open-by-default WiFi. QNAP has issued yet another advisory of ransomware targeting their devices, and once again UPnP is the culprit. Photo Station is the vulnerable app, and it has to be exposed to the internet to get pwned. And what does UPnP do? Exposes apps to the internet without user interaction. And QNAP, in their efforts to make their NAS products more usable, included UPnP support, maybe by default on some models. If you have a QNAP device (or even if you don’t), make sure UPnP is disabled on your router, turn off all port forwarding unless you’re absolutely sure you know what you’re doing, and use Wireguard for remote access. Continue reading “This Week In Security: One-click, UPnP, Mainframes, And Exploring The Fog”

The TAK Ecosystem: Military Coordination Goes Open Source

September 8, 2022 by 38 Comments

In recent years you’ve probably seen a couple of photos of tablets and smartphones strapped to the armor of soldiers, especially US Special Forces. The primary app loaded on most of those devices is ATAK or Android Tactical Assault Kit. It allows the soldier to view and share geospatial information, like friendly and enemy positions, danger areas, casualties, etc. As a way of working with geospatial information, its civilian applications became apparent, such as firefighting and law-enforcement, so CivTAK/ATAK-Civ was created and open sourced in 2020. Since ATAK-Civ was intended for those not carrying military-issued weapons, the acronym magically become the Android Team Awareness Kit. This caught the attention of the open source community, so today we’ll dive into the growing TAK ecosystem, its quirks, and potential use cases.

Tracking firefighting aircraft in 3D space using ADS-B (Credit: The TAK Syndicate)

Continue reading “The TAK Ecosystem: Military Coordination Goes Open Source”

Ask Hackaday: Stripping Wires With Lasers

September 8, 2022 by 22 Comments

Most of us strip the insulation off wires using some form of metal blade or blades. You can get many tools that do that, but you can also get by with skillfully using a pair of cutters, a razor blade or — in a pinch — a steak knife. However, modern assembly lines have another option: laser stripping. Now that many people have reasonable laser cutters, we wonder if anyone is using laser strippers either from the surplus market or of the do-it-yourself variety?

We are always surprised that thermal strippers are so uncommon since they are decidedly low-tech. Two hot blades and a spring make up the heart of them. Sure, they are usually expensive new, but you can usually pick them up used for a song. The technology for lasers doesn’t seem very difficult, although using the blue lasers most people use in cutters may not be optimal for the purpose. This commercial product, for example, uses infrared, but if you have a CO2 laser, that might be a possibility.

The technique has found use in large-scale production for a while. Of course, if you don’t care about potential mechanical damage, you can get automated stripping equipment with a big motor for a few hundred bucks.

We did find an old video about using a CO2 laser to strip ribbon cable, but nothing lately. Of course, zapping insulation creates fumes, but so does lasering everything, so we don’t think that’s what’s stopping people from this approach.

Continue reading “Ask Hackaday: Stripping Wires With Lasers”

Linux Fu: Eavesdropping On Serial

September 7, 2022 by 21 Comments

In the old days, if you wanted to snoop on a piece of serial gear, you probably had a serial monitor or, perhaps, an attachment for your scope or logic analyzer. Today, you can get cheap logic analyzers that can do the job, but what if you want a software-only solution? Recently, I needed to do a little debugging on a USB serial port and, of course, there isn’t really anywhere to easily tie in a monitor or a logic analyzer. So I started looking for an alternate solution.

If you recall, in a previous Linux Fu we talked about pseudoterminals which look like serial ports but actually talk to a piece of software. That might make you think: why not put a piece of monitor software between the serial port and a pty? Why not, indeed? That’s such a good idea that it has already been done. When it works, it works well. The only issue is, of course, that it doesn’t always work.

Continue reading “Linux Fu: Eavesdropping On Serial”

Retrotechtacular: Oh Boy! We’re Radio Engineers!

September 6, 2022 by 44 Comments

It is a shame that there are fewer and fewer “nerd stores” around. Fry’s is gone. Radio Shack is gone. But the best ones were always the places that had junk. Silicon valley was great for these places, but they were everywhere. Often, they made their money selling parts to the repair trade, but they had a section for people like us. There’s still one of these stores in the Houston, Texas area. One of the two original Electronic Parts Outlets, or EPO. Walking through there is like a museum of old gear and parts and I am not ashamed to confess I sometimes drive the hour from my house just to wander its aisles, needing to buy absolutely nothing. It was on one of those trips that I spied something I hadn’t noticed before. A Remco Caravelle transmitter/receiver.

The box was clearly old and the styling of the radio was decidedly retro. You can tell it wasn’t catering to the modern market because it mentions: “play ham radio operator” which would surely mystify most of today’s kids. The unit was an AM receiver and a transmitter, complete with a morse code key and microphone. You can see a contemporary commercial for a similar unit from Remco, in the video below.

Continue reading “Retrotechtacular: Oh Boy! We’re Radio Engineers!”