This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
What is a photograph? Technically and literally speaking, it’s a drawing (graph) of light (photo). Sentimentally speaking, it’s a moment in time, captured for all eternity, or until the medium itself rots away. Originally, these light-drawings were recorded on film that had to be developed with a chemical process, but are nowadays often captured by a digital image sensor and available for instant admiration. Anyone can take a photograph, but producing a good one requires some skill — knowing how to use the light and the camera in concert to capture an image.
Eye-Dynamic Range
The point of a camera is to preserve what the human eye sees in a single moment in space-time. This is difficult because eyes have what is described as high dynamic range. Our eyes can process many exposure levels in real time, which is why we can look at a bright sky and pick out details in the white fluffy clouds. But a camera lens can only deal with one exposure level at a time.
In the past, photographers would create high dynamic range images by taking multiple exposures of the same scene and stitching them together.Done just right, each element in the image looks as does in your mind’s eye. Done wrong, it robs the image of contrast and you end up with a murky surreal soup.
Most of the time, designing a printed circuit board is a little like one of those problems in an introductory physics course, the ones where you can safely ignore things like air resistance. With PCBs, it’s generally safe to ignore things like trace heating and other thermal considerations in favor of just getting everything placed sensibly and routing all the traces neatly.
But eventually, the laws of physics catch up to you, and you’ll come across a real-world problem where you can’t just hand-wave thermal considerations aside. When that happens, you’ll want to have a really good idea of just how much a trace is going to heat up, and what it’s going to do to the performance of your board, or even if the PCB is going to survive the ordeal.
Digging into the thermal properties of PCBs is something that Mike Jouppi has been doing for years. After working in the aircraft industry as a mechanical engineer, he started Thermal Management LLC, which developed software to make the thermal design of PCBs easier. He’ll stop by the Hack Chat to answer your questions about PCB thermal design considerations, and help us keep all our hard work from going up in smoke.
Remember that time back in 2021 when a huge container ship blocked the Suez Canal and disrupted world shipping for a week? Well, something a little like that is playing out again, this time in the Chesapeake Bay outside of the Port of Baltimore, where the MV Ever Forward ran aground over a week ago as it was headed out to sea. Luckily, the mammoth container ship isn’t in quite as narrow a space as her canal-occluding sister ship Ever Given was last year, so traffic isn’t nearly as impacted. But the recovery operation is causing a stir, and refloating a ship that was drawing 13 meters when it strayed from the shipping channel into a muddy-bottomed area that’s only about 6 meters deep is going to be quite a feat of marine engineering. Merchant Marine YouTuber Chief MAKOi has a good rundown of what’s going on, and what will be required to get the ship moving again.
With the pace of deep-space exploration increasing dramatically of late, and with a full slate of missions planned for the future, it was good news to hear that NASA added another antenna to its Deep Space Network. The huge dish antenna, dubbed DSS-53, is the fourteenth dish in the DSN network, which spans three sites: Goldstone in California; outside of Canberra in Australia; and in Madrid, where the new dish was installed. The 34-meter dish will add 8% more capacity to the network; that may not sound like much, but with the DSN currently supporting 40 missions and with close to that number of missions planned, every little bit counts. We find the DSN fascinating, enough so that we did an article on the system a few years ago. We also love the insider’s scoop on DSN operations that @Richard Stephenson, one of the Canberra operators, provides.
Does anybody know what’s up with Benchy? We got a tip the other day that the trusty benchmarking tugboat model has gone missing from several sites. It sure looks like Sketchfab and Thingiverse have deleted their Benchy files, while other sites still seem to allow access. We poked around a bit but couldn’t get a clear picture of what’s going on, if anything. If anyone has information, let us know in the comments. We sure hope this isn’t some kind of intellectual property thing, where you’re going to have to cough up money to print a Benchy.
Speaking of IP protections, if you’ve ever wondered how far a company will go to enforce its position, look no further than Andrew Zonenberg’s “teardown” of an anti-counterfeiting label that Hewlett Packard uses on their ink cartridges. There’s a dizzying array of technologies embedded inside what appears to be a simple label. In addition to the standard stuff, like the little cuts that make it difficult to peel a tag off one item and place it on another — commonly used to thwart “price swapping” retail thefts — there’s an almost holographic area of the label. Zooming in with a microscope, the color-shifting image appears to be made from tiny hexagonal cells that almost look like the pixels in an e-ink display. Zooming in even further, the pixels offer an even bigger (smaller) surprise. Take a look, and marvel at the effort involved in making sure you pay top dollar for printer ink.
And finally, we got a tip a couple of weeks ago on a video about jerry cans. If that sounds boring, stop reading right now — this one won’t reach you. But if you’re even marginally interested in engineering design and military history, make sure you watch this video. What is now known to the US military as “Can, Gasoline, Military 5-Gallon (S/S by MIL-C-53109)” and colloquially known as the NATO jerry can, started life as the Wehrmacht-Einheitskanister, a 20-liter jug whose design addresses a long list of specifications, from the amount of liquid it could contain to how the cans would be carried. The original could serve as a master class in good design, and some of the jugs that were built in the 1940s are still in service and actively sought by collectors of militaria. Cheap knockoffs are out there, of course, but after watching this video, we’ve developed a taste for jerry cans that only the original will sate.
We got a tip this week, and the tipster’s comments were along the lines of “this doesn’t look like it’s a finished work yet, but I think it’s pretty cool anyway”. And that was exactly right. The work in question is basically attaching a simple webcam to a CNC router and then having at it with OpenCV, and [vector76]’s application was cutting out freeform hand-drawn curves from wood. To amuse his daughter.
But there’s no apology necessary for presenting a work in progress. Unfinished hacks are awesome! They leave room for further improvement and interpretation. They are like an unfinished story, inviting the hacker to dream up their own end. At least that’s how this one worked on me.
My mind went racing — adding smart and extensible computer vision to a CNC router enables not only line tracing, but maybe smarter edge finding, broken tool detection, and who knows what else. With the software end so flexible these days, and the additional hardware demands so minimal, it’s an invitation. It’s like Pavlov ringing that bell, and I’m the dog-hacker. Or something.
So remember this when you get half done with a project, get to a workable first-stage demo, but you haven’t chased down each and every possibility. Leaving something up to other hackers’ imagination can be just as powerful. Your proof of concept doesn’t have to be the mother of all demos — sometimes just a working mouse will suffice.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.
Want this type of article to hit your inbox every Friday morning? You should sign up!
Join Hackaday Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney for an audio tour of the week’s top stories and best hacks. We’ll look at squeezing the most out of a coin cell, taking the first steps towards DIY MEMS fabrication, and seeing if there’s any chance that an 80’s-vintage minicomputer might ride again. How small is too small when it comes to chip packages? We’ll find out, and discover the new spectator sport of microsoldering while we’re at it. Find out what’s involved in getting a real dead-tree book published, and watch a hacker take revenge on a proprietary memory format — and a continuous glucose monitor, too.
For every very clever security protocol that keeps people safe, there’s a stupid hack that defeats it in an unexpected way. Take OAuth for instance. It’s the technology that sites are using when they offer to “log in with Facebook”. It’s a great protocol, because it lets you prove your identity using a trusted third party. You don’t have to use a password at whatever site you’re trying to use, you just to be logged in to your Google/Facebook/Apple account, and click the button to allow access. If you’re not logged in, the pop-up window prompts for your username and password, which of course is one way phishing attacks try to steal passwords. So we tell people to look at the URL, and make sure they are actually signing in to the proper site.
An OAuth pop-up window
The stupid hack that isn’t stupid, because it works: Recreating the browser window in HTML/CSS. Yep, it’s pretty straightforward to add a div to your site, and decorate it to look just like a browser window, just like an OAuth pop-up. In the appropriate place goes an iframe pointing to the actual phishing form. It looks convincing, but once you’re aware of the game, there’s a dead giveaway — try to move the OAuth window outside the browser window that spawned it. Websites can’t draw outside the browser window or over its window decorations, so this limitation makes it easy to confirm whether this hack is in play. The other saving grace is that a password manager isn’t fooled by this trick at all.
There’s a typo-squatting campaign going on at NPM, primarily targeted at Azure users. NPM has a packaging feature called “scoped packages”. A scope starts with the at sign, and indicates packages intentionally grouped together. In this case the scope is @azure, including packages like @azure/core-tracing, with over 1.5 million weekly downloads. The typo? Just drop the scope. NPM considers it completely acceptable to have both the @azure/core-tracing and core-tracing packages — in fact, it’s a feature of the scoping system. But forget to include the scope, and you may get a malicious package instead. Over 200 packages were targeted in this way, but have since been pulled by NPM.
The payload was strictly reconnaissance, grabbing directory listings, IP addresses, and the like. It’s likely that the information would be used to craft more malicious future updates, though no such behavior has been observed. This is likely due to how rapidly these packages were caught and removed — after only about two days. The domain used for data collection is 425a2.rt11.ml, so that string showing up in a DNS log somewhere is an indicator that one of these packages were installed.
Lapsus$ Strikes Again, Again
The loose collection of hackers knows as Lapsus$ have potentially scored breaches at both Microsoft and Okta. KrebsonSecurity has a bit more information about the group and the Microsoft case. The group seems to be doing some of their coordination over a Telegram channel, which is open for anyone to join. The group boasted of their exploits on this channel, and Microsoft respondents found and cut their access during the data exfiltration. A 10 GB file has been released containing partial source to Bing search, Bing Maps, and Cortana.
The Okta situation is even murkier, as the released screenshots indicate access back in late January. The access seems to have been limited to a administrative portal, via a Support Engineer’s account. Okta has gone out of their way to assure everyone that there was no actual breach, and the rogue access was quickly dealt with. This seems to be a bit disingenuous, as Lapsus$ was after companies making use of Okta services, and didn’t need to compromise their systems any further. Okta provides access management for other companies, like Cloudflare. There’s likely been some quiet infiltration happening in the months since this happened.
Linux Gets More Random
[Jason Donenfeld], kernel hacker and main developer of Wireguard, has worked recently on the Linux random number generator. A few changes landed in release 5.17, and more are coming in 5.18. He was kind enough to write up some of the interesting changes for our education. He considers his most important contribution to be documentation. I can confirm, among the most frustrating problems a programmer can face is when the documentation has bit-rotted to uselessness.
One of the biggest user-facing changes was the attempt to unify /dev/random and /dev/urandom. We say attempt, because this change caused multiple failures to boot on the kernel’s test setup. Apparently some architectures, specifically when being virtualized, have no method of generating high quality randomness during boot. There next killer feature is the new add_vmfork_randomness() call, that allows a newly cloned virtual machine to request a regeneration of its randomness pool. Without a call like this, the first few random numbers generated by the kernel after a VM fork would be identical — obviously a problem.
Internally, the randomness code retires the venerable SHA-1 algorithm, replacing it with the more modern BLAKE2 hash function. An interesting advantage is that BLAKE2 is intentionally a very fast algorithm, so the kernel gains a bit of performance when generating random numbers. The rest of the changes delve into more complicated cryptography considerations. Definitely worth reading if you’re interested.
Western Digital NAS RCE
We’ve covered plenty of vulnerabilties and attacks in NAS boxes from QNAP and Synology, but this week it’s Western Digital getting in on the action. Thankfully it’s research from NCC Group, demonstrated at Pwn2Own 2021, and fixed in a January update. This Remote Code Execution (RCE) vulnerability is in how the NAS handles the Apple Filing Protocol (AFP), and was actually a problem in the Netatalk project. AFP supports storing file metadata as a separate file, for the sake of compatibility. These files are in the AppleDouble format, are take the name of their parent file, prepended with a ._. The kicker is that these files can also be accessed using the Windows SMB protocol, allowing direct manipulation of the metadata file. The function that parses the metadata file does indeed detect a malformed data structure, and logs an error to that effect, but fails to fail — it goes ahead and processes the bad data.
This continue-on-error is the central flaw, but actually building an exploit required a data leak to defeat the address layout randomization in place on the device. A simpler first step was to write memory locations into the AppleDouble file, and use SMB access to read it. With the leaked address in hand, the full exploit was easy. This would be bad enough, but these devices ship with a “Public” share world-accessible over SMB and AFP. This configuration makes it a pre-auth RCE. And this demonstrates the purpose of Pwn2Own — it was discovered, made the researchers a bit of money, and was fixed before the details were made public.
We invited [Jay Doscher] to give us a view into his process designing 3D printed parts for the impressive array of cyberdecks we’ve covered since 2019.
[Jay] got his start as a maker through woodworking in high school, getting satisfaction from bringing something from idea to reality. After a more recent class in blacksmithing and ax-making showed him what he could do when really focused, his hardware hacking really took off and his line of cyberdecks and other portable computers was born.
If you’ve heard of Tinkercad, you probably think it’s just for kids. While designed as an educational tool, [Jay] found that Autodesk’s younger sibling to the professionally powered (and priced) Fusion 360 had everything needed for making cyberdecks. If you’re willing to work around a few limitations, at the low-low price of free, Tinkercad might be right for you too.
What limitations? To start, Tinkercad is only available in a browser and online. There’s also no guarantee that it will remain free, but [Jay] notes that with its educational focus that is likely to remain the case. There is no library of common components to import while modeling. And, when your model is complete the options for exporting are limited to 2D SVGs and 3D STL, OBJ, and gaming-focused GBL formats. [Jay] has converted those to other formats for laser cutting and the STEP file a machine shop is expecting but admits that it’s something that adds complexity and is an annoyance.
In the talk, [Jay] discusses moving from his initial “cringy” explorations with Tinkercad, to his first cyberdeck, a little history on that term, and the evolution of his craft. It’s mostly a hands-on demo of how to work with Tinkercad, full of tips and tricks for the software itself and implications for 3D printing yourself, assembly, and machining by others.
While quite limited, Tinkercad still allows for boolean operations to join two volumes or the subtraction of one from another. [Jay] does a wonderful job of unpeeling the layers of operations, showing how combinations of “solids” and “holes” generated a complex assembly with pockets, stepped holes for fasteners, and multiple aligned parts for his next cyberdeck. Even if you already have a favorite CAD tool, another approach could expand your mind just like writing software in Strange Programming Languages can.
