Hackaday Columns

4639 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Samba, Wormhole Crypto Heist, And A Bogus CVE

February 4, 2022 by 6 Comments

Samba has a very serious vulnerability, CVE-2021-44142, that was just patched in new releases 4.13.17, 4.14.12, and 4.15.5. Discovered by researchers at TrendMicro, this unauthenticated RCE bug weighs in at a CVSS 9.9. The saving grace is that it requires the fruit VFS module to be enabled, which is used to support MacOS client and server interop. If enabled, the default settings are vulnerable. Attacks haven’t been seen in the wild yet, but go ahead and get updated, as PoC code will likely drop soon.

Crypto Down the Wormhole

One notable selling point to cryptocurrencies and Web3 are smart contracts, little computer programs running directly on the blockchain that can move funds around very quickly, without intervention. It’s quickly becoming apparent that the glaring disadvantage is these are computer programs that can move money around very quickly, without intervention. This week there was another example of smart contracts at work, when an attacker stole $326 million worth of Ethereum via the Wormhole bridge. A cryptocurrency bridge is a service that exists as linked smart contracts on two different blockchains. These contracts let you put a currency in on one side, and take it out on the other, effectively transferring currency to a different blockchain. Helping us make sense of what went wrong is [Kelvin Fichter], also known appropriately as [smartcontracts].

When the bridge makes a transfer, tokens are deposited in the smart contract on one blockchain, and a transfer message is produced. This message is like a digital checking account check, which you take to the other side of the bridge to cash. The other end of the bridge verifies the signature on the “check”, and if everything matches, your funds show up. The problem is that one one side of the bridge, the verification routine could be replaced by a dummy routine, by the end user, and the code didn’t catch it.

It’s a hot check scam. The attacker created a spoofed transfer message, provided a bogus verification routine, and the bridge accepted it as genuine. The majority of the money was transferred back across the bridge, where other user’s valid tokens were being held, and the attacker walked away with 90,000 of those ETH tokens. Continue reading “This Week In Security: Samba, Wormhole Crypto Heist, And A Bogus CVE”

Retrotechtacular: Understanding The Strength Of Structural Shapes

February 3, 2022 by 13 Comments

Strength. Rigidity. Dependability. The ability to bear weight without buckling. These are all things that we look for when we build a mechanical structure. And in today’s Retrotechtacular we take a closer look at the answer to a question: “What’s in A Shape?”

As it turns out, quite a lot. In a wonderful film by the prolific Jam Handy Organization in the 1940’s, we take a scientific look at how shape affects the load bearing capacity of a beam. A single sided piece of metal, angle iron, C-channel, and boxed tubing all made of the same thickness metal are compared to see not just just how much load they can take, but also how they fail.

The concepts are then given practical application in things that we still deal with on a daily basis: Bridges, cars, aircraft, and buildings. Aircraft spars, bridge beams, car frames, and building girders all benefit from the engineering discussed in this time capsule of film.

None of the concepts in this video are suddenly out of date, because while our understanding of engineering has certainly progressed since this film was made, these basic concepts remain the same. As such, they will apply to any structural or mechanical devices that we make, be it 3d printed, CNC routed, welded, glued, vacuum formed, zip tied, duct taped, bailing wired, or hot glued.

Keep your eyes open for a wonderful sights and sounds of a rare Boeing 314 Clipper landing on water and a 1920’s Buffalo Springfield Steam Roller demonstrating how wonderful the film’s sponsor, Chevrolet, makes their automobile frames.

Continue reading “Retrotechtacular: Understanding The Strength Of Structural Shapes”

Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)

February 3, 2022 by 5 Comments

One of the many fascinating fields that’s covered by Hackaday’s remit lies in the world of hardware security, working with physical electronic hardware to reveal inner secrets concealed in its firmware. Colin O’Flynn is the originator of the ChipWhisperer open-source analysis and fault injection board, and he is a master of the art of glitching chips. We were lucky enough to be able to welcome him to speak at last year’s Remoticon on-line conference, and now you can watch the video of his talk below the break. If you need to learn how to break RSA encryption with something like a disposable camera flash, this is the talk for you.

This talk is an introduction to signal sniffing and fault injection techniques. It’s well-presented and not presented as some unattainable wizardry, and as his power analysis demo shows a clearly different trace on the correct first letter of a password attack the viewer is left with an understanding of what’s going on rather than hoping for inspiration in a stream of the incomprehensible. The learning potential of being in full control of both instrument and target is evident, and continues as the talk moves onto fault injection with an introduction to power supply glitching as a technique to influence code execution.

Schematic of an EM injector built from a camera flash.
Schematic of an EM injector built from a camera flash.

Continue reading “Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)”

Know Audio: A Mess Of Cables

February 2, 2022 by 101 Comments

We’ve now spent several months in this series journeying through the world of audio, and along the way we’ve looked at the various parts of a Hi-Fi system from the speaker backwards to the source. It’s been an enjoyable ride full of technical detail and examining Hi-Fi myths in equal measure, but now it’s time to descend into one of the simplest yet most controversial areas of audio reproduction. Every audio component, whether digital or analogue, must be connected into whatever system it is part of, and this is the job of audio cables, sometimes referred to as interconnects. They are probably the single component most susceptible to tenuous claims about their performance, with audiophiles prepared to spend vast sums on cables claimed to deliver that extra bit of listening performance. Is there something in it, or are they all the same bits of wire with the expensive ones being a scam? Time to take a look.

What Makes A Nearly Good Cable

In a typical domestic audio system with digital and analogue signals you might expect to find two types of cable, electrical interconnects that could carry either analogue or digital signals, and optical ones for digital signals. We’re here to talk about the electrical cables here as they’re the ones used for analogue signals, so lets start with a little transmission line theory. Continue reading “Know Audio: A Mess Of Cables”

A pinout diagram of the new Pi 4, showing all the alternate interfaces available.

Did You Know That The Raspberry Pi 4 Has More SPI, I2C, UART Ports?

February 1, 2022 by 35 Comments

We’ve gotten used to the GPIO-available functions of Raspberry Pi computers remaining largely the same over the years, which is why it might have flown a little bit under the radar: the Raspberry Pi 4 has six SPI controllers, six I2C controllers, and six UARTs – all on its 40-pin header. You can’t make use of all of these at once, but with up to four different connections wired to a single pin you can carve out a pretty powerful combination of peripherals for your next robotics, automation or cat herding project.

The datasheet for these peripherals is pleasant to go through, with all the register maps nicely laid out – even if you don’t plan to work with the register mappings yourself, the maintainers of your preferred hardware enablement libraries will have an easier time! And, of course, these peripherals are present on the Compute Module 4, too. It might feel like such a deluge of interfaces is excessive, however, it lets you achieve some pretty cool stuff that wouldn’t be possible otherwise.

Having multiple I2C interfaces helps deal with various I2C-specific problems, such as address conflicts, throughput issues, and mixing devices that support different maximum speeds, which means you no longer need fancy mux chips to run five low-resolution Melexis thermal camera sensors at once. (Oh, and the I2C clock stretching bug has been fixed!) SPI interfaces are used for devices with high bandwidth, and with a few separate SPI ports, you could run multiple relatively high-resolution displays at once, No-Nixie Nixie clock style.

As for UARTs, the Raspberry Pi’s one-and-a-half UART interface has long been an issue in robotics and home automation applications. With a slew of devices like radio receivers/transmitters, LIDARs and resilient RS485 multi-drop interfaces available in UART form, it’s nice that you no longer have to sacrifice Bluetooth or a debug console to get some fancy sensors wired up to your robot’s brain. You can enable up to six UARTs. Continue reading “Did You Know That The Raspberry Pi 4 Has More SPI, I2C, UART Ports?”

Art of 3D printer in the middle of printing a Hackaday Jolly Wrencher logo

3D Printering: Water-Cooled Hotends

January 31, 2022 by 33 Comments

There’s an old joke about the Thermos bottle that keeps things hot and cold, so someone loaded it with soup and ice cream. That joke is a little close to home when it comes to FDM 3D printers.

You want to melt plastic, of course, or things won’t print, so you need heat. But if the plastic filament gets hot too early, it will get soft, expand, and jam. Heat crawling up the hot end like this is known as heat creep and there are a variety of ways that hot ends try to cope with the need to be hot and cold at the same time. Most hotends today are air-cooled with a small fan. But water-cooled hotends have been around for a while and are showing up more and more. Is it a gimmick? Are you using, planning to use, or have used (and abandoned) water cooling on your hot end?

Heat Break

The most common method is to use a heat-break between the heating block and the rest of the filament path. The heat-break is designed to transfer as little heat as necessary, and it usually screws into a large heat sink that has a fan running over it. What heat makes it across the break should blow away with the fan cooling.

From Thomas Sanladerer’s review of the Copperhead hotend. Heat break in the middle.

High tech solutions include making heat-breaks out of titanium or even two dissimilar metals, all with the aim of transferring less heat into the cooler part of the hot end. More modern hot ends use support structures so the heatbreak doesn’t need mechanical rigidity, and they can make very thin-walled heatbreaks that don’t transmit much heat. Surely, then, this is case closed, right? Maybe not.

While it is true that a standard heat-break and a fan can do the job for common 3D printing tasks, there can be problems. First, if you want to print fast — time is money, after all — you need more power to melt more filament per second. If a heatbreak transfers 10% of the heat, this increases demands on the upstream cooling. Some engineering materials want to print at higher temperatures, so you can have the same problem there as well. If you want to heat the entire print chamber, which can help with certain printing materials, that can also cause problems since the ambient air is now hotter. Blowing hot air around isn’t going to cool as effectively. Not to mention, fans that can operate at high temperatures are notoriously expensive.

There are other downsides to fans. Over a long print, a marginal system might eventually let enough heat creep up. Then there’s the noise of a fan blowing during operation. True, you probably have other fans and noisy parts, but it is still one more noise source. With water cooling, you can move the radiator outside a heated enclosure and use larger, slower, and quieter fans while getting more cooling right where you want it. Continue reading “3D Printering: Water-Cooled Hotends”

Floppy disks

Floppy Interfacing Hack Chat With Adafruit

January 31, 2022 by 44 Comments

Join us on Wednesday, February 2 at noon Pacific for the Floppy Interfacing Hack Chat with Adafruit’s Limor “Ladyada” Fried and Phillip Torrone!

When a tiny fleck of plastic-covered silicon can provide enough capacity to store a fair percentage of humanity’s collected knowledge, it may seem like a waste of time to be fooling around with archaic storage technology like floppy disks. With several orders of magnitude less storage capacity than something like even the cheapest SD card or thumb drive, and access speeds that clock in somewhere between cold molasses and horse and buggy, floppy drives really don’t seem like they have any place on the modern hacker’s bench.

join-hack-chatOr do they? Learning the ins and out of interfacing floppy drives with modern microcontrollers is at least an exercise in hardware hacking that can pay dividends in other projects. A floppy drive is, after all, a pretty complex little device, filled with electromechanical goodies that need to be controlled in a microcontroller environment. And teasing data from a stream of magnetic flux changes ends up needing some neat hacks that might just serve you well down the line.

So don’t dismiss the humble floppy drive as a source for hacking possibilities. The folks at Adafruit sure haven’t, as they’ve been working diligently to get native floppy disk support built right into CircuitPython. To walk us through how they got where they are now, Ladyada and PT will drop by the Hack Chat. Be sure to come with your burning questions on flux transitions, MFM decoding, interface timing issues, and other arcana of spinning rust drives.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, February 2 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Continue reading “Floppy Interfacing Hack Chat With Adafruit”