Hackaday Columns

4582 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Striping A Disk Drive The 1970 Way

May 16, 2022 by 38 Comments

These days, mass storage for computers is pretty simple. It either uses a rotating disk or else it is solid state. There are a few holdouts using tape, too, but compared to how much there used to be, tape is all but dead. But it wasn’t that long ago that there were many kinds of mass storage. Tapes, disks, drums, punched cards, paper tape, and even stranger things. Perhaps none were quite so strange though as the IBM 2321 Data Cell drive — something IBM internally called MARS.

What is a data cell you might ask? A data cell was a mass storage device from IBM in 1964 that could store about 400 megabytes using magnetic strips that looked something like about a foot of photographic film. The strips resided inside a drum that could rotate. When you needed a record, the drum would rotate the strip you needed to the working part and an automated process would remove the strip in question, wrap it around a read/write head and then put it back when it was done.

Continue reading “Striping A Disk Drive The 1970 Way”

Hackaday Links Column Banner

Hackaday Links: May 15, 2022

May 15, 2022 by 7 Comments

It may be blurry and blotchy, but it’s ours. The first images of the supermassive black hole at the center of the Milky Way galaxy were revealed this week, and they caused quite a stir. You may recall the first images of the supermassive black hole at the center of the M87 galaxy from a couple of years ago: spectacular images that captured exactly what all the theories said a black hole should look like, or more precisely, what the accretion disk and event horizon should look like, since black holes themselves aren’t much to look at. That black hole, dubbed M87*, is over 55 million light-years away, but is so huge and so active that it was relatively easy to image. The black hole at the center of our own galaxy, Sagittarius A*, is comparatively tiny — its event horizon would fit inside the orbit of Mercury — a much closer at only 26,000 light-years or so. But, our black hole is much less active and obscured by dust, so imaging it was far more difficult. It’s a stunning technical achievement, and the images are certainly worth checking out.

Another one from the “Why didn’t I think of that?” files — contactless haptic feedback using the mouth is now a thing. This comes from the Future Interfaces Group at Carnegie-Mellon and is intended to provide an alternative to what ends up being about the only practical haptic device for VR and AR applications — vibrations from off-balance motors. Instead, this uses an array of ultrasonic transducers positioned on a VR visor and directed at the user’s mouth. By properly driving the array, pressure waves can be directed at the lips, teeth, and tongue of the wearer, providing feedback for in-world events. The mock game demonstrated in the video below is a little creepy — not sure how many people enjoyed the feeling of cobwebs brushing against the face or the splatter of spider guts in the mouth. Still, it’s a pretty cool idea, and we’d like to see how far it can go.

Continue reading “Hackaday Links: May 15, 2022”

Who Is Thinking About Open Source Firmware?

May 14, 2022 by 23 Comments

Yesterday, we ran a post on NVIDIA’s announcement of open-source drivers for some of its most recent video cards. And Hackaday being huge proponents of open-source software and hardware, you’d think we’d be pouring the champagne. But it’s trickier than that.

Part of the reason that they are able to publish a completely new, open-source driver is that the secrets that they’d like to keep have moved into the firmware. So is the system as a whole more or less open? Yeah, maybe both.

With a more open interface between the hardware and the operating system, the jobs of people porting the drivers to different architectures are going to be easier. Bugs that are in what is now the driver layer should get found and fixed faster. All of the usual open-source arguments apply. But at the same time, the system as a whole isn’t all that much more transparent. The irony about the new NVIDIA drivers is that we’ve been pushing them to be more open for decades, and they’ve responded by pushing their secrets off into firmware.

Secrets that move from software to firmware are still secrets, and even those among us who are the most staunch proponents of open source have closed hardware and firmware paths in our computers. Take the Intel Management Engine, a small computer inside your computer that’s running all the time — even while the computer is “off”. You’d like to audit the code for that? Sorry. And it’s not like it hasn’t had its fair share of security relevant bugs.

And the rabbit hole goes deeper, of course. No modern X86 chips actually run the X86 machine language instructions — instead they have a microcode interpreter that reads the machine language and interprets it to what the chip really speaks. This is tremendously handy because it means that chip vendors can work around silicon bugs by simple pushing out a firmware update. But this also means that your CPU is running a secret firmware layer at core. This layer is of course not without bugs, some of which can have security relevant implications.

This goes double for your smartphone, which is chock-full of multiple processors that work more or less together to get the job done. So while Android users live in a more open environment than their iOS brethren, when you start to look down at the firmware layer, everything is the same. The top layer of the OS is open, but it’s swimming on top of an ocean of binary blobs.

How relevant any of this is to you might depend on what you intend to do with the device. If you’re into open source because you like to hack on software, having open drivers is a fantastic resource. If you’re looking toward openness for the security guarantees it offers, well, you’re out of luck because you still have to trust the firmware blindly. And if you’re into open source because the bugs tend to be found quicker, it’s a mix — while the top level drivers are made more inspectable, other parts of the code are pushed deeper into obscurity. Maybe it’s time to start paying attention to open source firmware?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 168: Math Flattens Spheres, FPGAs Emulate Arcades, And We Can’t Shake Polaroid Pictures

May 13, 2022 by 5 Comments

Join Hackaday Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney as they review the top hacks for the week. It was a real retro-fest this time, with a C64 built from (mostly) new parts, an Altoids Altair, and learning FPGAs via classic video games. We also looked at LCD sniffing to capture data from old devices, reimagined the resistor color code, revisited the magic of Polaroid instant cameras, and took a trip down television’s memory lane. But it wasn’t all old stuff — there’s flat-packing a sphere with math, spraying a fine finish on 3D printed parts, a DRM-free label printer, and a look at what’s inside that smartphone in your pocket — including some really weird optics.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments below!

Direct Download link.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 168: Math Flattens Spheres, FPGAs Emulate Arcades, And We Can’t Shake Polaroid Pictures”

This Week In Security: F5 Twitter PoC, Certifried, And Cloudflare Pages Pwned

May 13, 2022 by 7 Comments

F5’s BIG-IP platform has a Remote Code Execution (RCE) vulnerability: CVE-2022-1388. This one is interesting, because a Proof of Concept (PoC) was quickly reverse engineered from the patch and released on Twitter, among other places.

HORIZON3.ai researcher [James Horseman] wrote an explainer that sums up the issue nicely. User authentication is handled by multiple layers, one being a Pluggable Authentication Modules (PAM) module, and the other internally in a Java class. In practice this means that if the PAM module sees an X-F5-Auth-Token, it passes the request on to the Java code, which then validates the token to confirm it as authentic. If a request arrives at the Java service without this header, and instead the X-Forwarded-Host header is set to localhost, the request is accepted without authentication. The F5 authentication scheme isn’t naive, and a request without the X-F5-Auth-Token header gets checked by PAM, and dropped if the authentication doesn’t check out.

So where is the wiggle room that allows for a bypass? Yet another HTTP header, the Connection header. Normally this one only comes in two varieties, Connection: close and Connection: keep-alive. Really, this header is a hint describing the connection between the client and the edge proxy, and the contents of the Connection header is the list of other headers to be removed by a proxy. It’s essentially the list of headers that only apply to the connection over the internet. Continue reading “This Week In Security: F5 Twitter PoC, Certifried, And Cloudflare Pages Pwned”

Can You Help NASA Build A Mars Sim In VR?

May 12, 2022 by 40 Comments

No matter your project or field of endeavor, simulation is a useful tool for finding out what you don’t know. In many cases, problems or issues aren’t obvious until you try and do something. Where doing that thing is expensive or difficult, a simulation can be a low-stakes way to find out some problems without huge costs or undue risks.

Going to Mars is about as difficult and expensive as it gets. Thus, it’s unsurprising that NASA relies on simulations in planning its missions to the Red Planet. Now, the space agency is working to create a Mars sim in VR for training and assessment purposes. The best part is that you can help!

Continue reading “Can You Help NASA Build A Mars Sim In VR?”

Bare-Metal STM32: Using The I2C Bus In Master-Transceiver Mode

May 11, 2022 by 34 Comments

As one of the most popular buses today for on- and inter-board communication within systems, there’s a good chance you’ll end up using it with an embedded system. I2C offers a variety of speeds while requiring only two wires (clock and data), which makes it significantly easier to handle than alternatives, such as SPI. Within the STM32 family of MCUs, you will find at least one I2C peripheral on each device.

As a shared, half-duplex medium, I2C uses a rather straightforward call-and-response design, where one device controls the clock, and other devices simply wait and listen until their fixed address is sent on the I2C bus. While configuring an STM32 I2C peripheral entails a few steps, it is quite painless to use afterwards, as we will see in this article. Continue reading “Bare-Metal STM32: Using The I2C Bus In Master-Transceiver Mode”