Hackaday Columns

4657 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast 184: What Is Art, Bulk Tape Eraser Go Brr, And The Death Of Email

September 9, 2022 by 3 Comments

This week, Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos had a lot of fun discussing the best of the previous week’s hacks in spite of Elliot’s microphone connectivity troubles. News-wise, we busted out the wine and cheese to briefly debate whether a Colorado man should have won an art competition by entering an image created by AI. Afterward, we went around a bit about floppies, which are being outlawed in Japan.

Then it’s on to the What’s That Sound Results Show, but since Elliot can’t find a 14-sided die, he pulled on the Internet for our random number needs. Congratulations to our big winner [D Rex], who will receive one our coveted Hackaday Podcast t-shirts (Ed. note: Heck, I don’t even have one! That’s how special these babies are).

Afterlife for dead floppies.
Make shoes out of this.
Kristina’s Cyberdeck Thoughts

Is the food-safety-of-3D-printing debate over once and for all? It is as far as Elliot’s concerned. You know what else is over? The era of distributed, independent email servers. Bah! We’re not kidding about that last one — and we discuss a lie-detecting app that may or may not prove our innocence.

Finally, we talk active foot cooling, heat barriers for hot shops, and big, strong magnets. What are they for? Fixing floppies, fool!

 

Direct download.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 184: What Is Art, Bulk Tape Eraser Go Brr, And The Death Of Email”

This Week In Security: One-click, UPnP, Mainframes, And Exploring The Fog

September 9, 2022 by 8 Comments

A couple weeks ago we talked about in-app browsers, and the potential privacy issues when opening content in them. This week Microsoft reveals the other side of that security coin — JavaScript on a visited website may be able to interact with the JS embedded in the app browser. The vulnerability chain starts with a link handler published to Android, where any https://m.tiktok[.]com/redirect links automatically open in the TikTok app. The problem here is that this does trigger a redirect, and app-internal deeplinks aren’t filtered out. One of these internal schemes has the effect of loading an arbitrary page in the app webview, and while there is a filter that should prevent loading untrusted hosts, it can be bypassed with a pair of arguments included in the URI call.

Once an arbitrary page is loaded, the biggest problem shows up. The JavaScript that runs in the app browser exposes 70+ methods to JS running on the page. If this is untrusted code, it gives away the figurative keys to the kingdom, as an auth token can be accessed for the current user. Account modification, private video access, and video upload are all accessible. Thankfully the problem was fixed back in March, less than a month after private disclosure. Still, a one-click account hijack is nothing to sneeze at. Thankfully this one didn’t escape from the lab before it was fixed.

UPnP Strikes Again

It’s not an exaggeration to say that Universal Plug and Play (UPnP) may have been the most dangerous feature to be included in routers with the possible exception of open-by-default WiFi. QNAP has issued yet another advisory of ransomware targeting their devices, and once again UPnP is the culprit. Photo Station is the vulnerable app, and it has to be exposed to the internet to get pwned. And what does UPnP do? Exposes apps to the internet without user interaction. And QNAP, in their efforts to make their NAS products more usable, included UPnP support, maybe by default on some models. If you have a QNAP device (or even if you don’t), make sure UPnP is disabled on your router, turn off all port forwarding unless you’re absolutely sure you know what you’re doing, and use Wireguard for remote access. Continue reading “This Week In Security: One-click, UPnP, Mainframes, And Exploring The Fog”

The TAK Ecosystem: Military Coordination Goes Open Source

September 8, 2022 by 38 Comments

In recent years you’ve probably seen a couple of photos of tablets and smartphones strapped to the armor of soldiers, especially US Special Forces. The primary app loaded on most of those devices is ATAK or Android Tactical Assault Kit. It allows the soldier to view and share geospatial information, like friendly and enemy positions, danger areas, casualties, etc. As a way of working with geospatial information, its civilian applications became apparent, such as firefighting and law-enforcement, so CivTAK/ATAK-Civ was created and open sourced in 2020. Since ATAK-Civ was intended for those not carrying military-issued weapons, the acronym magically become the Android Team Awareness Kit. This caught the attention of the open source community, so today we’ll dive into the growing TAK ecosystem, its quirks, and potential use cases.

Tracking firefighting aircraft in 3D space using ADS-B (Credit: The TAK Syndicate)

Continue reading “The TAK Ecosystem: Military Coordination Goes Open Source”

Ask Hackaday: Stripping Wires With Lasers

September 8, 2022 by 22 Comments

Most of us strip the insulation off wires using some form of metal blade or blades. You can get many tools that do that, but you can also get by with skillfully using a pair of cutters, a razor blade or — in a pinch — a steak knife. However, modern assembly lines have another option: laser stripping. Now that many people have reasonable laser cutters, we wonder if anyone is using laser strippers either from the surplus market or of the do-it-yourself variety?

We are always surprised that thermal strippers are so uncommon since they are decidedly low-tech. Two hot blades and a spring make up the heart of them. Sure, they are usually expensive new, but you can usually pick them up used for a song. The technology for lasers doesn’t seem very difficult, although using the blue lasers most people use in cutters may not be optimal for the purpose. This commercial product, for example, uses infrared, but if you have a CO2 laser, that might be a possibility.

The technique has found use in large-scale production for a while. Of course, if you don’t care about potential mechanical damage, you can get automated stripping equipment with a big motor for a few hundred bucks.

We did find an old video about using a CO2 laser to strip ribbon cable, but nothing lately. Of course, zapping insulation creates fumes, but so does lasering everything, so we don’t think that’s what’s stopping people from this approach.

Continue reading “Ask Hackaday: Stripping Wires With Lasers”

Linux Fu: Eavesdropping On Serial

September 7, 2022 by 21 Comments

In the old days, if you wanted to snoop on a piece of serial gear, you probably had a serial monitor or, perhaps, an attachment for your scope or logic analyzer. Today, you can get cheap logic analyzers that can do the job, but what if you want a software-only solution? Recently, I needed to do a little debugging on a USB serial port and, of course, there isn’t really anywhere to easily tie in a monitor or a logic analyzer. So I started looking for an alternate solution.

If you recall, in a previous Linux Fu we talked about pseudoterminals which look like serial ports but actually talk to a piece of software. That might make you think: why not put a piece of monitor software between the serial port and a pty? Why not, indeed? That’s such a good idea that it has already been done. When it works, it works well. The only issue is, of course, that it doesn’t always work.

Continue reading “Linux Fu: Eavesdropping On Serial”

Retrotechtacular: Oh Boy! We’re Radio Engineers!

September 6, 2022 by 44 Comments

It is a shame that there are fewer and fewer “nerd stores” around. Fry’s is gone. Radio Shack is gone. But the best ones were always the places that had junk. Silicon valley was great for these places, but they were everywhere. Often, they made their money selling parts to the repair trade, but they had a section for people like us. There’s still one of these stores in the Houston, Texas area. One of the two original Electronic Parts Outlets, or EPO. Walking through there is like a museum of old gear and parts and I am not ashamed to confess I sometimes drive the hour from my house just to wander its aisles, needing to buy absolutely nothing. It was on one of those trips that I spied something I hadn’t noticed before. A Remco Caravelle transmitter/receiver.

The box was clearly old and the styling of the radio was decidedly retro. You can tell it wasn’t catering to the modern market because it mentions: “play ham radio operator” which would surely mystify most of today’s kids. The unit was an AM receiver and a transmitter, complete with a morse code key and microphone. You can see a contemporary commercial for a similar unit from Remco, in the video below.

Continue reading “Retrotechtacular: Oh Boy! We’re Radio Engineers!”

Lithium-Ion Batteries Are Your Friends

September 6, 2022 by 56 Comments

Need some kind of battery for a project? You can always find a few Lithium-Ion (LiIon) batteries around! They’re in our phones, laptops, and a myriad other battery-powered things of all forms – as hackers, we will find ourselves working with them more and more. Lithium-Ion batteries are unmatched when it comes to energy capacity, ease of charging, and all the shapes and sizes you can get one in.

There’s also misconceptions about these batteries – bad advice floating around, fearmongering videos of devices ablaze, as well as mundane lack of understanding. Today, I’d like to provide a general overview of how to treat your LiIon batteries properly, making sure they serve you well long-term.

What’s A Battery? A Malleable Pile Of Cells

Lithium-Ion batteries are our friends. Now, there can’t be a proper friendship if you two don’t understand each other. Lithium-Ion batteries are tailored for human needs by the factory that produced them. As for us hackers, we’ll want to learn some things.

First thing to learn – a single LiIon “unit” is called a cell. An average laptop contains three or six Li-Ion cells, a phone will have one, a tablet will have from one to three. What we refer to as “battery” is typically one or multiple cells, together with protection circuitry, casing and a separate connector – most of the time all three of these, but not always. The typical voltage is 3.6 V or 3.7 V, with maximum voltage being 4.2 V – these are chemistry-defined, the same for most kinds of cells and almost always written on the cell. Continue reading “Lithium-Ion Batteries Are Your Friends”