Hackaday Links: November 6, 2022

November 6, 2022 by Dan Maloney 20 Comments

Remember the chip shortage? We sure do, mainly because as far as we can tell, it’s still going on, at least judging by the fact that you can’t get a Raspberry Pi for love or money. But that must just be noise, because according to a report in the Straits Times, the chip shortage is not only over, it’s reversed course enough that there’s now a glut of semiconductors out there. The article claims that the root cause of this is slowing demand for products like smartphones, an industry that’s seeing wave after wave of orders to semiconductor manufacturers like TSMC canceled. Chips for PCs are apparently in abundance now too, as the spasm of panic buying machine for remote working during the pandemic winds down. Automakers are still feeling the pinch, though, so much so that Toyota is now shipping only one smart key with new cars, instead of the usual two. So there seems to be some way to go before balance is restored to the market, but whatever — just call us when Amazon no longer has to offer financing on an 8 GB Pi.

Continue reading “Hackaday Links: November 6, 2022” →

This Week In Security: OpenSSL Fizzle, Java XML, And Nothing As It Seems

November 4, 2022 by Jonathan Bennett 3 Comments

The security world held our collective breaths early this week for the big OpenSSL vulnerability announcement. Turns out it’s two separate issues, both related to punycode handling, and they’ve been downgraded to high severity instead of critical. Punycode, by the way, is the system for using non-ASCII Unicode characters in domain names. The first vulnerability, CVE-2022-3602, is a buffer overflow that writes four arbitrary bytes to the stack. Notably, the vulnerable code is only run after a certificate’s chain is verified. A malicious certificate would need to be either properly signed by a Certificate Authority, or manually trusted without a valid signature.

A couple sources have worked out the details of this vulnerability. It’s an off-by-one error in a loop, where the buffer length is checked earlier in the loop than the length variable is incremented. Because of the logic slip, the loop can potentially run one too many times. That loop processes the Unicode characters, encoded at the end of the punycode string, and injects them in the proper place, sliding the rest of the string over a byte in memory as a result. If the total output length is 513 characters, that’s a single character overflow. A Unicode character takes up four bytes, so there’s your four-byte overflow. Continue reading “This Week In Security: OpenSSL Fizzle, Java XML, And Nothing As It Seems” →

MoCA Networking Is A Niche Solution For Coax Lovers

November 3, 2022 by Zoe Skyforest 63 Comments

When it comes to networking these days, the vast majority of our devices are connected wirelessly. Beyond that, we’re all familiar with the Cat 5 and Cat 6 cables that form the high-capacity Ethernet networks in our homes, schools, and offices.

It’s only if you go back to the very dawn of Ethernet that coaxial cables are relevant… right? Wrong! MoCA networking is all about coaxial cables, designed to hook up devices over cable TV infrastructure!

Continue reading “MoCA Networking Is A Niche Solution For Coax Lovers” →

A Raspberry Pi 3 with a black Raspberry Pi Camera PCB on top of it, looking at the camera taking this picture. There's a Jolly Wrencher in the background.

Make Your Pi Moonlight As A Security Camera

November 2, 2022 by Arya Voronova 22 Comments

A decade ago, I was learning Linux through building projects for my own needs. One of the projects was a DIY CCTV system based on a Linux box – specifically, a user-friendly all-in-one package for someone willing to pay for it. I stumbled upon Zoneminder, and those in the know, already can tell what happened – I’ll put it this way, I spent days trying to make it work, and my Linux skills at the time were not nearly enough. Cool software like Motion was available back then, but I wasn’t up to the task of rolling an entire system around it. That said, it wouldn’t be impossible, now, would it?

Five years later, I joined a hackerspace, and eventually found out that its CCTV cameras, while being quite visually prominent, stopped functioning a long time ago. At that point, I was in a position to do something about it, and I built an entire CCTV network around a software package called MotionEye. There’s a lot of value in having working CCTV cameras at a hackerspace – not only does a functioning system solve the “who made the mess that nobody admits to” problem, over the years it also helped us with things like locating safety interlock keys to a lasercutter that were removed during a reorganization, with their temporary location promptly forgotten.

Being able to use MotionEye to quickly create security cameras became quite handy very soon – when I needed it, I could make a simple camera to monitor my bicycle, verify that my neighbours didn’t forget to feed my pets as promised while I was away, and in a certain situation, I could even ensure mine and others’ physical safety with its help. How do you build a useful always-recording camera network in your house, hackerspace or other property? Here’s a simple and powerful software package I’d like to show you today, and it’s called MotionEye.

Continue reading “Make Your Pi Moonlight As A Security Camera” →

Linux Fu: Easy VMs

November 1, 2022 by Al Williams 34 Comments

It wasn’t long ago that we looked at easily creating Docker containers from the command line so you could just easily spin up a virtual environment for development. Wouldn’t it be nice if you could do the same for virtual machines? You can. Using Multipass from Canonical, the makers of Ubuntu, you can easily spin up virtual machines under Linux, Mac, or Windows. Granted, most of the virtual machines in question are variations of Ubuntu, but there are some additional images available, and you can create your own.

Once you have it installed, starting up a new Ubuntu instance is trivial. If you have a set configuration, you can even set up predefined setups using a YAML file.

Continue reading “Linux Fu: Easy VMs” →

Europe’s Energy Squeeze Pushes Large Hadron Collider To Halt Operations

October 31, 2022 by Zoe Skyforest 45 Comments

Energy prices have been in the news more often than not lately, as has war. The two typically go together, as conflicts tend to impact on the supply and trade of fossil fuels.

With Europe short on gas and its citizens contemplating a cold winter, science is feeling the pinch, too. CERN has elected to shut down the Large Hadron Collider early to save electricity.

Continue reading “Europe’s Energy Squeeze Pushes Large Hadron Collider To Halt Operations” →

Hackaday Links: October 30, 2022

October 30, 2022 by Dan Maloney 7 Comments

Sad news for kids and adults alike as Lego announces the end of the Mindstorms line. The much-wish-listed line of robotics construction toys will be discontinued by the end of this year, nearly a quarter-century after its 1998 introduction, while support for the mobile apps will continue for another couple of years. It’s probably fair to say that Mindstorms launched an entire generation of engineering careers, as it provided a way to quickly prototype ideas that would have been difficult to realize without the snap-fit parts and easily programmed controllers. For our money, that ability to rapidly move from idea to working model was perhaps the strongest argument for using Mindstorms, since it prevented that loss of momentum that so often kills projects. That was before the maker movement, though, and now that servos and microcontrollers are only an Amazon order away and custom plastic structural elements can pop off a 3D printer in a couple of hours, we can see how Mindstorms might no longer be profitable. So maybe it’s a good day to drag out the Mindstorms, or even just that big box of Lego parts, and just sit on the carpet and make something.

Continue reading “Hackaday Links: October 30, 2022” →