Hackaday Columns

4694 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Linux Fu: Roll With The Checksums

June 22, 2022 by 14 Comments

We are often struck by how often we spend time trying to optimize something when we would be better off just picking a better algorithm. There is the old story about the mathematician Gauss who, when in school, was given busy work to add the integers from 1 to 100. While the other students laboriously added each number, Gauss realized that 100+1 is 101 and 99 + 2 is also 101. Guess what 98 + 3 is? Of course, 101. So you can easily find that there are 50 pairs that add up to 101 and know the answer is 5,050. No matter how fast you can add, you aren’t likely to beat someone who knows that algorithm. So here’s a question: You have a large body of text and you want to search for it. What’s the best way?

Continue reading “Linux Fu: Roll With The Checksums”

Linux Fu: Docking Made Easy

June 21, 2022 by 20 Comments

Most computer operating systems suffer from some version of “DLL hell” — a decidedly Windows term, but the concept applies across the board. Consider doing embedded development which usually takes a few specialized tools. You write your embedded system code, ship it off, and forget about it for a few years. Then, the end-user wants a change. Too bad the compiler you used requires some library that has changed so it no longer works. Oh, and the device programmer needs an older version of the USB library. The Python build tools use Python 2 but your system has moved on. If the tools you need aren’t on the computer anymore, you may have trouble finding the install media and getting it to work. Worse still if you don’t even have the right kind of computer for it anymore.

One way to address this is to encapsulate all of your development projects in a virtual machine. Then you can save the virtual machine and it includes an operating system, all the right libraries, and basically is a snapshot of how the project was that you can reconstitute at any time and on nearly any computer.

In theory, that’s great, but it is a lot of work and a lot of storage. You need to install an operating system and all the tools. Sure, you can get an appliance image, but if you work on many projects, you will have a bunch of copies of the very same thing cluttering things up. You’ll also need to keep all those copies up-to-date if you need to update things which — granted — is sort of what you are probably trying to avoid, but sometimes you must.

Docker is a bit lighter weight than a virtual machine. You still run your system’s normal kernel, but essentially you can have a virtual environment running in an instant on top of that kernel. What’s more, Docker only stores the differences between things. So if you have ten copies of an operating system, you’ll only store it once plus small differences for each instance.

The downside is that it is a bit tough to configure. You need to map storage and set up networking, among other things. I recently ran into a project called Dock that tries to make the common cases easier so you can quickly just spin up a docker instance to do some work without any real configuration. I made a few minor changes to it and forked the project, but, for now, the origin has synced up with my fork so you can stick with the original link.

Continue reading “Linux Fu: Docking Made Easy”

Automate The Freight: The Convenience Store That Comes To Your Door

June 20, 2022 by 45 Comments

For as popular as they became during the COVID-19 lockdowns, grocery delivery services like InstaCart rely on a basic assumption to work: that customers know exactly what they want when they order. Once that hurdle is overcome, the transaction is simple — the driver accepts the job, drives to the store to pick up the order, and takes it to the customer. It requires the use of a fair amount of technology to coordinate everything, but by and large it works, and customers are generally willing to pay for the convenience.

But what if you could cut out that step where the driver goes to pick up your order? What if instead of paying someone to pick and pack your order and bring it to your front step, you just ordered up the whole store instead? That’s the idea behind Robomart, which seeks to deploy a fleet of mobile stores for when the convenience store isn’t quite convenient enough.  And the way the company is choosing to roll out its service, not to mention the business model itself, may hold key lessons for other delivery automation platforms.

Continue reading “Automate The Freight: The Convenience Store That Comes To Your Door”

Hackaday Links Column Banner

Hackaday Links: June 19, 2022

June 19, 2022 by 11 Comments

The James Webb Space Telescope has had a long and sometimes painful journey from its earliest conception to its ultimate arrival at Lagrange point L2 and subsequent commissioning. Except for the buttery-smooth launch and deployment sequence, things rarely went well for the telescope, which suffered just about every imaginable bureaucratic, scientific, and engineering indignity during its development. But now it’s time to see what this thing can do — almost. NASA has announced that July 12 will be “Image Release Day,” which will serve as Webb’s public debut. The relative radio silence from NASA on Webb since the mirror alignment was completed — apart from the recent micrometeoroid collision, of course — suggests the space agency has been busy with “first light” projects. So there’s good reason to hope that the first released images from Webb will be pretty spectacular. The images will drop at 10:30 AM EDT, so mark your calendars and prepare to be wowed. Hopefully.

Continue reading “Hackaday Links: June 19, 2022”

Hackaday Podcast 173: EMF Camp Special Edition

June 17, 2022 by No comments

With Editor-in-Chief Elliot Williams enjoying some time off, Managing Editor Tom Nardi is flying solo for this special edition of the Hackaday Podcast. Thanks to our roving reporter Jenny List, we’ll be treated to several interviews conducted live from EMF Camp — a European outdoor hacker camp the likes of which those of us in the United States can only dream of. After this special segment, Hackaday contributors Al Williams and Ryan Flowers will stop by to talk about their favorite stories from the week during what may be the longest Quick Hacks on record. There’s a few extra surprises hidden in this week’s program…but if we told you everything, it would ruin the surprise. Listen closely, you never know what (or who) you might hear.

Direct Download link

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 173: EMF Camp Special Edition”

This Week In Security: Pacman, Hertzbleed, And The Death Of Internet Explorer

June 17, 2022 by 25 Comments

There’s not one, but two side-channel attacks to talk about this week. Up first is Pacman, a bypass for ARM’s Pointer Authentication Code. PAC is a protection built into certain ARM Processors, where a cryptographic hash value must be set correctly when pointers are updated. If the hash is not set correctly, the program simply crashes. The idea is that most exploits use pointer manipulation to achieve code execution, and correctly setting the PAC requires an explicit instruction call. The PAC is actually indicated in the unused bits of the pointer itself. The AArch64 architecture uses 64-bit values for addressing, but the address space is much less than 64-bit, usually 53 bits or less. This leaves 11 bits for the PAC value. Keep in mind that the application doesn’t hold the keys and doesn’t calculate this value. 11 bits may not seem like enough to make this secure, but keep in mind that every failed attempt crashes the program, and every application restart regenerate the keys.

What Pacman introduces is an oracle, which is a method to gain insight on data the attacker shouldn’t be able to see. In this case, the oracle works via speculation attacks, very similar to Meltdown and Spectre. The key is to attempt a protected pointer dereference speculatively, and to then observe the change in system state as a result. What you may notice is that this requires an attack to already be running code on the target system, in order to run the PAC oracle technique. Pacman is not a Remote Code Execution flaw, nor is it useful in gaining RCE.

One more important note is that an application has to have PAC support compiled in, in order to benefit from this protection. The platform that has made wide use of PAC is MacOS, as it’s a feature baked in to their M1 processor. The attack chain would likely start with a remote execution bug in an application missing PAC support. Once a foothold is established in uprivileged userspace, Pacman would be used as part of an exploit against the kernel. See the PDF paper for all the details.

Continue reading “This Week In Security: Pacman, Hertzbleed, And The Death Of Internet Explorer”

Mining And Refining: Helium

June 15, 2022 by 46 Comments

With a seemingly endless list of shortages of basic items trotted across newsfeeds on a daily basis, you’d be pardoned for not noticing any one shortage in particular. But in among the shortages of everything from eggs to fertilizers to sriracha sauce has been a growing realization that we may actually be running out of something so fundamental that it could have repercussions that will be felt across all aspects of our technological society: helium.

The degree to which helium is central to almost every aspect of daily life is hard to overstate. Helium’s unique properties, like the fact that it remains liquid at just a few degrees above absolute zero, contribute to its use in countless industrial processes. From leak detection and welding to silicon wafer production and cooling the superconducting magnets that make magnetic resonance imaging possible, helium has become entrenched in technology in a way that belies its relative scarcity.

But where does helium come from? As we’ll see, the second lightest element on the periodic table is not easy to come by, and considerable effort goes into extracting and purifying it enough for industrial use. While great strides are being made toward improved methods of extraction and the discovery of new deposits, for all practical purposes helium is a non-renewable resource for which there are no substitutes. So it pays to know a thing or two about how we get our hands on it.

Continue reading “Mining And Refining: Helium”