Hackaday Columns

4618 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Back of Rigol DS1104Z oscilloscope with the Ethernet and USB ports visible.

SCPI: On Teaching Your Devices The Lingua Franca Of Laboratories

November 17, 2021 by 31 Comments

One could be excused for thinking sometimes that the concept of connecting devices with other devices for automation purposes is a fairly recent invention. Yet for all the (relatively) recent hype of the Internet of Things and the ‘smart home’, laboratories have been wiring up their gear to run complicated measurement and test sequences for many decades now, along with factories doing much the same for automating production processes.

Much like the chaotic universe of IoT devices, lab equipment from different manufacturers feature a wide number of incompatible protocol and interface standards. Ultimately these would coalesce into IEEE-488.1 (GPIB) as the physical layer and by 1990 the first Standard Commands for Programmable Instruments (SCPI) standard was released that built on top of IEEE-488.

SCPI defines (as the name suggests) standard commands to interact with instruments. It has over the past decades gone on to provide remote interaction capabilities to everything from oscilloscopes and power supplies to exotic scientific equipment. Many off the shelf devices a hobbyist can buy today feature an SCPI interface via its Ethernet, USB or RS-232C port(s) that combined with software can be used to automate one’s home lab.

Even better is that it’s relatively straightforward to add SCPI functionality to one’s own devices as well, so long as it has at least an MCU and some way to communicate with the outside world.

Continue reading “SCPI: On Teaching Your Devices The Lingua Franca Of Laboratories”

Hackaday Links Column Banner

Hackaday Links: November 14, 2021

November 14, 2021 by 21 Comments

If you’re an infrastructure dweeb, it’s hard to drive past an electrical substation and not appreciate the engineering involved in building something like that. A moment’s thought will also make it hard to miss just how vulnerable a substation is to attack, especially those located way out in the hinterlands. And now we’re learning that late year, someone in Pennsylvania noticed this vulnerability and acted on it by attacking a substation with a commercial drone. Rather than trying to fly explosives over the substation fence, the attacker instead chose to dangle a copper wire tether under the drone, in an attempt to cause a short circuit. The attempt apparently failed when the drone crashed before contacting any conductors, and the attacker appears to have been ignorant of the extensive protective gear employed at substations that likely would have made a successful attack only a temporary outage. But it still points to the vulnerability of the grid to even low-skill, low-cost attacks.

We’ve probably all had the experience of using someone’s janky app and thinking, “Pfft! I could write something better than this!” That’s what a bunch of parents of school-age kids in Sweden thought, and they went ahead and did exactly that. Unfortunately, it didn’t turn out quite the way they expected. The problem app was called Skolplattform, which was supposed to make it easy for Stockholm’s parents to keep track of their kids’ progress at school. The app, which cost 1 billion Swedish Krona to develop, is by all accounts a disaster. But some frustrated parents managed to reverse engineer the API and build a new, better one on top of it. This resulted in Öppna Skolplattformen, an open-source app that actually works. Not to be upstaged, the city of Stockholm accused the parents of cyber crimes and data breaches. They also engaged the parents in an “API war”, constantly changing their system to nerf the new app and forcing the parents to rewrite it. In the end, the parents won, with Stockholm changing its position after a police report found that all data being accessed were voluntarily made public by the city. But it’s still a cautionary tale about the dangers of one-upping The Man.

Sam Battles is in a bit of a moral bind, and it’s something that others in our community may run into. Sam is perhaps better known as “Look Mum, No Computer” on YouTube, and as the proprietor of the “This Museum Is (Not) Obsolete” showcase of retro technology in England. He’s also an avid builder of analog synthesizers, including a world-record synth with a thousand oscillators called the “Megadrone.” He’d like to tackle another build to try to break his own records, but in a time of fragile supply chains and other woes too numerous to mention, doing so would likely require the world’s entire supply of some components. Hence the dilemma: do any of us as hobbyists have a moral obligation to tread lightly when it comes to component selection? It’s an interesting question, and one that’s sure to engender strong opinions, which of course we encourage you to share in the comments section. Please just try to keep it civil.

Continue reading “Hackaday Links: November 14, 2021”

Peek Behind The Curtains: Conference Badge Design

November 13, 2021 by 4 Comments

In the before-times, back when we could have in-person Hackaday Supercons, there was always the problem of the badge. Making a few hundred small electronic thingies, for a smart but broad range of hackers, is tricky. We always want it to do something all on its own, but also ideally to allow enough free range that the motivated badge hacker can make it into something exquisite. Add in the fact that some attendees are hardware types and some are software types, and toss in a price constraint too. Oh, and it has to look good. Tough problem.

Here’s one extreme solution: the badge at the first Supercon. Faced with essentially zero budget and a tight time constraint, the Hackaday team punted — and produced a prototype board, but had tons of parts on hand for everyone to draw from. And the Hackaday crowd delivered. This was the badge that demonstrates what happens if you leave everything open.

Contrast with the 2018 Belgrade and Supercon badges, which were essentially the same except for color. Here, the hardware interface was limited to a 9-pin header, but the badge itself was a fully functional microcomputer, complete with keyboard and screen. Most of the hacks were written in the native BASIC, though a few hearty souls played around with the alternative CP/M system. This was our most software badge.

Our last in-person badge, the 2019 Supercon badge, was free rein for both hardware and software hackers. The whole thing was based on an FPGA, with completely custom gateware written by Sprite_tm running RISC-V, but based loosely on the Z80 architecture. This was probably also the badge with the highest hurdle to hackers, but you all came through with inventive hardware add-ons, but also a team that came through with a custom Linux OS running on this never-before-seen virtual environment, enabled by a hardware SDRAM cartridge hack.

And finally, even before the global supply crisis, even a tight-knit conference like ours could stock-out the world’s supply of a given component. The untold story of the 2016 Belgrade badge is that Voja Antonic bought out the world’s supply of Kingbright 8×8 common-cathode LED matrixes, and had to redesign the board in the last minute to incorporate the common-anode parts too. (Or was it vice-versa?) Lesson learned, the 2016 Supercon badge traded out the LED modules for discrete LEDs. Not gonna stock out on red LEDs.

So that’s a long-winded introduction to Thomas Flummer’s unofficial Remoticon 2 badges. With the parts crisis and a virtual conference, you’re on your own to source the badge. Splitting the freedom vs. in-built functionality problem like Samson, he’s got two boards — one a breadboard and the other fully populated. And like all his badges, they both look great. If you manage to get one made by Remoticon next week, be sure to show it off in the Bring-a-Hack. And if you don’t get it in time, bring it by in person to the 2022 Supercon!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 144: Jigs Jigs Jigs, Fabergé Mic, Paranomal Electronics, And A 60-Tube Nixie Clock

November 12, 2021 by 2 Comments

Hackaday editors Elliot Williams and Mike Szczys get caught up on the week that was. Two builds are turning some heads this week; one uses 60 Nixie tube bar graphs to make a clock that looks like the sun’s rays, the other is a 4096 RGB LED Cube (that’s 12,288 total diodes for those counting at home) that leverages a ton of engineering to achieve perfection. Speaking of perfection, there’s a high-end microphone built on a budget but you’d never know from the look and the performance — no wonder the world is now sold out of the microphone elements used in the design. After perusing a CNC build, printer filament dryer, and cardboard pulp molds, we wrap the episode talking about electronic miniaturization, radionic analyzers, and Weird Al’s computer.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (55 MB)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 144: Jigs Jigs Jigs, Fabergé Mic, Paranomal Electronics, And A 60-Tube Nixie Clock”

This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack

November 12, 2021 by 33 Comments

Maybe we really were better off with ASCII. Back in my day, we had space for 256 characters, didn’t even use 128 of them, and we took what we got. Unicode opened up computers to the languages of the world, but also opened an invisible backdoor. This is a similar technique to last week’s Trojan Source story. While Trojan Source used right-to-left encoding to manipulate benign-looking code, this hack from Certitude uses Unicode characters that appear to be whitespace, but are recognized as valid variable names.

const { timeout,ㅤ} = req.query;
Is actually:
const { timeout,\u3164} = req.query;

The extra comma might give you a clue that something is up, but unless you’re very familiar with a language, you might dismiss it as a syntax quirk and move on. Using the same trick again allows the hidden malicious code to be included on a list of commands to run, making a hard-to-spot backdoor.

The second trick is to use “confusable” characters like ǃ, U+01C3. It looks like a normal exclamation mark, so you wouldn’t bat an eye at if(environmentǃ=ENV_PROD){, but in this case, environmentǃ is a new variable. Anything in this development-only block of code is actually always enabled — imagine the chaos that could cause.

Neither of these are ground-breaking vulnerabilities, but they are definitely techniques to be wary of. The authors suggest that a project could mitigate these Unicode techniques by simply restricting their source code to containing only ASCII characters. It’s not a good solution, but it’s a solution. Continue reading “This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack”

NFC Performance: It’s All In The Antenna

November 10, 2021 by 15 Comments

NFC tags are a frequent target for experimentation, whether simply by using an app on a mobile phone to interrogate or write to tags, by incorporating them in projects by means of an off-the-shelf module, or by designing a project using them from scratch. Yet they’re not always easy to get right, and can often give disappointing results. This article will attempt to demystify what is probably the most likely avenue for an NFC project to have poor performance, the pickup coil antenna in the reader itself.

A selection of the NFC tags on my desk
A selection of the NFC tags on my desk

The tags contain chips that are energised through the RF field that provides enough power for them to start up, at which point they can communicate with a host computer for whatever their purpose is.

“NFC” stands for “Near Field Communication”, in which data can be exchanged between physically proximate devices without their being physically connected.  Both reader and tag achieve this through an antenna, which takes the form of a flat coil and a capacitor that together make a resonant tuned circuit. The reader sends out pulses of RF which is maintained once an answer is received from a card, and thus communication can be established until the card is out of the reader’s range. Continue reading “NFC Performance: It’s All In The Antenna”

Teardown: Analog Radionic Analyzer

November 9, 2021 by 67 Comments

Have you ever looked up a recipe online, and before you got to the ingredients, you had to scroll through somebody’s meandering life story? You just want to know how many cans of tomato paste to buy, but instead you’re reading about cozy winter nights at grandma’s house? Well, that’s where you are right now, friend. Except instead of wanting to know what goes in a lasagna, you just want to see the inside of some weirdo alternative medicine gadget. I get it, and wouldn’t blame you for skipping ahead, but I would be remiss to start this month’s teardown without a bit of explanation as to how it came into my possession.

So if you’ll indulge me for a moment, I’ll tell you a story about an exceptionally generous patron, and the incredible wealth of sham medical hokum that they have bestowed upon the Hackaday community…

Continue reading “Teardown: Analog Radionic Analyzer”