Hackaday Columns

4582 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Links Column Banner

Hackaday Links: June 26, 2022

June 26, 2022 by 13 Comments

Head for the hills!! We’re all doomed! At least that’s the impression you might get from the headlines about the monster Earth-facing sunspot this week. While any sunspot that doubles in size within a matter of days as AR3038 has done is worth looking at, chances are pretty low that it will cause problems here on Earth. About the best this class of sunspot can manage is an M-class solar flare, which generally cause radio blackouts only at the poles, and may present a radiation problem for the crew of the ISS. So no, this sunspot is probably not going to kill us all. But then again, this is the 2020s, and pretty much everything bad seems like it’s possible.

Speaking of bad outcomes, pity the poor Sonos customers and their ongoing battle with the company’s odd “glitches.” For whatever reason, customers have been getting shipments of Sonos products they never ordered, with at least one customer getting over $15,000 worth of products shipped. The customer reports ordering five Sonos items, but the company saw fit to fill the order six times, stuffing their apartment with goods. Sonos doesn’t appear to be doing much to make it right; while offering the customer free shipping labels to return the goods, they were expected to schlep the packages to a UPS store. And then there’s the money — Sonos charged the customer for all the unordered goods, and won’t issue a refund till it’s all returned.

If you’ve ever wondered exactly what the signals going up and down your cable line look like, you’ll want to check out this video from Double A Labs. Using an RTL-SDR dongle and some spectrum analyzer software they probed the RF signals on the cable, with some fascinating results. The first 11 minutes or so of the video are devoted to setting up the hardware and software, although there is some interesting stuff about broadband network architecture right up at the start. The scans are interesting — you can clearly see the 6-MHz quadrature amplitude modulation (QAM) digital channels. We were surprised to learn that these start at just about the FM broadcast band — about 108 MHz. There were a couple of little surprises hiding in the spectrum, like two unmodulated analog TV carriers in one spot, and the fact that there are over 400 virtual channels jammed into 41 6-MHz QAM channels. Broadband indeed.

Continue reading “Hackaday Links: June 26, 2022”

Hackaday Podcast 174: Breaking Into The Nest, The Cheapest 3D Printer, A Spy In Your HDMI, And AI All Over The Place

June 24, 2022 by 2 Comments

Fresh from vacation, Editor-in-Chief Elliot Williams makes his triumphant return to the Hackaday Podcast! He’s joined this week by Managing Editor Tom Nardi, who’s just happy he didn’t have to do the whole thing by himself again. In this episode we’ll talk about tackling BGA components in your custom PCBs, a particularly well executed hack against Google’s Nest Hub, and why you probably don’t really want the world’s cheapest 3D printer. We’ll also take a look at an incredible project to turn the Nokia 1680 into a Linux-powered handheld computer, a first of its kind HDMI firewall, and a robot that’s pretty good at making tacos. Listeners who are into artificial intelligence will be in for quite a treat as well, as is anyone who dreams of elevating the lowly automotive alternator to a more prominent position in the hacker world.

By the way, it seems nobody has figured out the hidden message in last week’s podcast yet. What are you waiting for? One of you out there has to be bored enough to give it a shot.

Direct download, and play it offline. You don’t need no stinkin’ cloud.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 174: Breaking Into The Nest, The Cheapest 3D Printer, A Spy In Your HDMI, And AI All Over The Place”

This Week In Security: IoT In The Hot Tub, App Double Fail, And FreeBSD BadBeacon

June 24, 2022 by 3 Comments

[Eaton Zveare] purchased a Jacuzzi hot tub, and splurged for the SmartTub add-on, which connects the whirlpool to the internet so you can control temperature, lights, etc from afar. He didn’t realize he was about to discover a nightmare of security problems. Because as we all know, in IoT, the S stands for security. In this case, the registration email came from smarttub.io, so it was natural to pull up that URL in a web browser to see what was there. The page presented a login prompt, so [Eaton] punched in the credentials he had just generated. “Unauthorized” Well that’s not surprising, but what was very odd was the flash of a dashboard that appeared just before the authorization complaint. Could that have been real data that was unintentionally sent? A screen recorder answered that question, revealing that there was indeed a table loaded up with valid-looking data.

Digging around in the page’s JavaScript comes up with the login flow. The page uses the Auth0 service to handle logins, and that service sends back an access token. The page sends that access token right back to the Auth0 service to get user privileges. If the logged in user isn’t an admin, the redirect happens. However, we already know that some real data gets loaded. It appears that the limitations to data is all implemented on the client side, and the backend only requires a valid access token for data requests. What would happen if the response from Auth0 were modified? There are a few approaches to accomplish this, but he opted to use Fiddler. Rewrite the response so the front-end believes you’re an admin, and you’re in.

This approach seems to gain admin access to all of the SmartTub admin controls, though [Eaton] didn’t try actually making changes to see if he had write access, too. This was enough to demonstrate the flaw, and making changes would be flirting with that dangerous line that separates research from computer crime. The real problem started when he tried to disclose the vulnerability. SmartTub didn’t have a security contact, but an email to their support email address did elicit a reply asking for details. And after details were supplied, complete radio silence. Exasperated, he finally turned to Auth0, asking them to intervene. Their solution was to pull the plug on one of the two URL endpoints. Finally, after six months of trying to inform Jacuzzi and SmartTub of their severe security issues, both admin portals were secured.

Continue reading “This Week In Security: IoT In The Hot Tub, App Double Fail, And FreeBSD BadBeacon”

Sea Level Rise From Melting Ice Sheets Could Soon Be Locked In

June 23, 2022 by 124 Comments

Where today we talk broadly of climate change and it’s various effects, the conversation was once simpler. We called it “global warming” and fretted about cooking outside in the summer and the sea level rise that would claim so many of our favorite cities.

Scientists are now concerned that sea level rises could be locked in, as ice sheets and glaciers pass “tipping points” beyond which their loss cannot be stopped. Research is ongoing to determine how best we can avoid these points of no return.

Continue reading “Sea Level Rise From Melting Ice Sheets Could Soon Be Locked In”

Linux Fu: Roll With The Checksums

June 22, 2022 by 14 Comments

We are often struck by how often we spend time trying to optimize something when we would be better off just picking a better algorithm. There is the old story about the mathematician Gauss who, when in school, was given busy work to add the integers from 1 to 100. While the other students laboriously added each number, Gauss realized that 100+1 is 101 and 99 + 2 is also 101. Guess what 98 + 3 is? Of course, 101. So you can easily find that there are 50 pairs that add up to 101 and know the answer is 5,050. No matter how fast you can add, you aren’t likely to beat someone who knows that algorithm. So here’s a question: You have a large body of text and you want to search for it. What’s the best way?

Continue reading “Linux Fu: Roll With The Checksums”

Linux Fu: Docking Made Easy

June 21, 2022 by 20 Comments

Most computer operating systems suffer from some version of “DLL hell” — a decidedly Windows term, but the concept applies across the board. Consider doing embedded development which usually takes a few specialized tools. You write your embedded system code, ship it off, and forget about it for a few years. Then, the end-user wants a change. Too bad the compiler you used requires some library that has changed so it no longer works. Oh, and the device programmer needs an older version of the USB library. The Python build tools use Python 2 but your system has moved on. If the tools you need aren’t on the computer anymore, you may have trouble finding the install media and getting it to work. Worse still if you don’t even have the right kind of computer for it anymore.

One way to address this is to encapsulate all of your development projects in a virtual machine. Then you can save the virtual machine and it includes an operating system, all the right libraries, and basically is a snapshot of how the project was that you can reconstitute at any time and on nearly any computer.

In theory, that’s great, but it is a lot of work and a lot of storage. You need to install an operating system and all the tools. Sure, you can get an appliance image, but if you work on many projects, you will have a bunch of copies of the very same thing cluttering things up. You’ll also need to keep all those copies up-to-date if you need to update things which — granted — is sort of what you are probably trying to avoid, but sometimes you must.

Docker is a bit lighter weight than a virtual machine. You still run your system’s normal kernel, but essentially you can have a virtual environment running in an instant on top of that kernel. What’s more, Docker only stores the differences between things. So if you have ten copies of an operating system, you’ll only store it once plus small differences for each instance.

The downside is that it is a bit tough to configure. You need to map storage and set up networking, among other things. I recently ran into a project called Dock that tries to make the common cases easier so you can quickly just spin up a docker instance to do some work without any real configuration. I made a few minor changes to it and forked the project, but, for now, the origin has synced up with my fork so you can stick with the original link.

Continue reading “Linux Fu: Docking Made Easy”

Automate The Freight: The Convenience Store That Comes To Your Door

June 20, 2022 by 45 Comments

For as popular as they became during the COVID-19 lockdowns, grocery delivery services like InstaCart rely on a basic assumption to work: that customers know exactly what they want when they order. Once that hurdle is overcome, the transaction is simple — the driver accepts the job, drives to the store to pick up the order, and takes it to the customer. It requires the use of a fair amount of technology to coordinate everything, but by and large it works, and customers are generally willing to pay for the convenience.

But what if you could cut out that step where the driver goes to pick up your order? What if instead of paying someone to pick and pack your order and bring it to your front step, you just ordered up the whole store instead? That’s the idea behind Robomart, which seeks to deploy a fleet of mobile stores for when the convenience store isn’t quite convenient enough.  And the way the company is choosing to roll out its service, not to mention the business model itself, may hold key lessons for other delivery automation platforms.

Continue reading “Automate The Freight: The Convenience Store That Comes To Your Door”