The Long And The Short Of It

Last weekend was Hackaday Europe 2024, and it was great. Besides having some time to catch up with everyone, see some fun new badge hacks, and of course all the projects that folks brought along, I also had time to attend most all of the talks. And the talks were split into two distinct sections: long-format talks on Saturday and a two-hour session of seven-minute lightning talks on Sunday.

I don’t know if it’s our short attention spans, or the wide range of topics in a short period of time, but a number of people came up after the fact and said that they really appreciated the short-but-sweet format. One heretic even went so far as to suggest that we only have lightning talks in the future.

Well, we’ve done that before – the Hackaday Unconferences. One year, we even ran three of them simultaneously! I was at Hackaday’s London Unconference the year later, and it was a blast.

But I absolutely appreciate the longer talks too. Sometimes, you just have to give a speaker free rein to dig really deeply into a topic. When the scope of the project warrants it, there’s just no substitute for letting someone tell the whole story. So I see a place for both!

If you were at Hackaday Europe, or any other conference with a lightning talks track, what do you think? Long or short? Or a good mix?

Hackaday Podcast Episode 267: Metal Casting, Plasma Cutting, And A Spicy 555

What were some of the best posts on Hackaday last week? Elliot Williams and Al Williams decided there were too many to choose from, but they did take a sampling of the ones that caught their attention. This week’s picks were an eclectic mix of everything from metal casting and plasma cutters to radio astronomy and space telescope budgets. In between? Some basic circuit design, 3D printing, games, dogs, and software tools. Sound confusing? It won’t be, after you listen to this week’s podcast.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download an audiophile-quality oxygen-free MP3 file here.

Continue reading “Hackaday Podcast Episode 267: Metal Casting, Plasma Cutting, And A Spicy 555”

This Week In Security: Putty Keys, Libarchive, And Palo Alto

It may be time to rotate some keys. The venerable PuTTY was updated to 0.81 this week, and the major fix was a change to how ecdsa-sha2-nistp521 signatures are generated. The problem was reported on the oss-security mailing list, and it’s quite serious, though thankfully with a somewhat narrow coverage.

The PuTTY page on the vulnerability has the full details. To understand what’s going on, we need to briefly cover ECDSA, nonces, and elliptic curve crypto. All cryptography depends on one-way functions. In the case of RSA, it’s multiplying large primes together. The multiplication is easy, but given just the final result, it’s extremely difficult to find the two factors. DSA uses a similar problem, the discrete logarithm problem: raising a number to a given exponent, then doing modulo division.

Yet another cryptography primitive is the elliptic curve, which uses point multiplication as the one-way function. I’ve described it as a mathematical pinball, bouncing around inside the curve. It’s reasonably easy to compute the final point, but essentially impossible to trace the path back to the origin. Formally this is the Elliptic Curve Discrete Logarithm Problem, and it’s not considered to be quantum-resistant, either.

One of the complete schemes is ECDSA, which combines the DSA scheme with Elliptic Curves. Part of this calculation uses a nonce, denoted “k”, a number that is only used once. In ECDSA, k must be kept secret, and any repetition of different messages with the same nonce can lead to rapid exposure of the secret key.

And now we get to PuTTY, which was written for Windows back before that OS had any good cryptographic randomness routines. As we’ve already mentioned, re-use of k, the nonce, is disastrous for DSA. So, PuTTY did something clever, and took the private key and the contents of the message to be signed, hashed those values together using SHA-512, then used modulo division to reduce the bit-length to what was needed for the given k value. The problem is the 521-bit ECDSA, which takes a 521-bit k. That’s even shorter than the output of a SHA-512, so the resulting k value always started with nine 0 bits. Continue reading “This Week In Security: Putty Keys, Libarchive, And Palo Alto”

Human-Interfacing Devices: HID Over I2C

In the previous two HID articles, we talked about stealing HID descriptors, learned about a number of cool tools you can use for HID hacking on Linux, and created a touchscreen device. This time, let’s talk about an underappreciated HID standard, but one that you might be using right now as you’re reading this article – I2C-HID, or HID over I2C.

HID as a protocol can be tunneled over many different channels. If you’ve used a Bluetooth keyboard, for instance, you’ve used tunneled HID. For about ten years now, I2C-HID has been heavily present in laptop space, it was initially used in touchpads, later in touchscreens, and now also in sensor hubs. Yes, you can expose sensor data over HID, and if you have a clamshell (foldable) laptop, that’s how the rotation-determining accelerometer exposes its data to your OS.

This capacitive touchscreen controller is not I2C-HID, even though it is I2C. By [Raymond Spekking], CC-BY-SA 4.0
Not every I2C-connected input device is I2C-HID. For instance, if you’ve seen older tablets with I2C-connected touchscreens, don’t get your hopes up, as they likely don’t use HID – it’s just a complex-ish I2C device, with enough proprietary registers and commands to drive you crazy even if your logic analysis skills are on point. I2C-HID is nowhere near that, and it’s also way better than PS/2 we used before – an x86-only interface with limited capabilities, already almost extinct from even x86 boards, and further threatened in this increasingly RISCy world. I2C-HID is low-power, especially compared to USB, as capable as HID goes, compatible with existing HID software, and ubiquitous enough that you surely already have an I2C port available on your SBC.

In modern world of input devices, I2C-HID is spreading, and the coolest thing is that it’s standardized. The standardization means a lot of great things for us hackers. For one, unlike all of those I2C touchscreen controllers, HID-I2C devices are easier to reuse; as much as information on them might be lacking at the moment, that’s what we’re combating right now as we speak! If you are using a recent laptop, the touchpad is most likely I2C-HID. Today, let’s take a look at converting one of those touchpads to USB HID.

A Hackable Platform

Continue reading “Human-Interfacing Devices: HID Over I2C”

Fail Of The Week: Can An Ultrasonic Cleaner Remove Bubbles From Resin?

[Wendy] asked a very good question. Could putting liquid resin into an ultrasonic cleaner help degas it? Would it help remove bubbles, resulting in a cleaner pour and nicer end product? What we love is that she tried it out and shared her results. She purchased an ultrasonic cleaner and proceeded to mix two batches of clear resin, giving one an ultrasonic treatment and leaving the other untouched as a control.

Sadly, the test piece had considerably more surface bubbles than the untreated control, as well as a slight discoloration.

The results were interesting and unexpected. Initially, the resin in the ultrasonic bath showed visible bubbles rising to the surface which seemed promising. Unfortunately, this did not lead to fewer bubbles in the end product.

[Wendy]’s measurements suggest that the main result of putting resin in an ultrasonic bath was an increase in its temperature. Overheating the resin appears to have led to increased off-gassing and bubble formation prior to and during curing, which made for poor end results. The untreated resin by contrast cured with better color and much higher clarity. If you would like to skip directly to the results of the two batches, it’s right here at 9:15 in.

Does this mean it’s a total dead end? Maybe, but even if the initial results weren’t promising, it’s a pretty interesting experiment and we’re delighted to see [Wendy] walk through it. Do you think there’s any way to use the ultrasonic cleaner in a better or different way? If so, let us know in the comments.

This isn’t the first time people have tried to degas epoxy resin by thinking outside the box. We’ve covered a very cheap method that offered surprising results, as well as a way use a modified paint tank in lieu of purpose-made hardware.

Linux Fu: Stupid Systemd Tricks

Last time, I gave a whirlwind introduction to a very small slice of systemd. If you aren’t comfortable with systemd services, timers, and mounts, you might want to read that now. Otherwise, press on to see a few interesting uses for custom systemd units, including running a few things on a schedule and automatically mounting a Raspberry Pi Zero.

Can you do every one of these things in a different way? Of course you can. I’m not debating the relative merits of using or not using systemd. However, unless you totally control your own environment, good chance you are going to have to interact with systemd at some point.

Stupid Trick #1: Update Your IP Address

A few years ago, I talked about updating your remote DNS server with your public IP address. This lets you refer to a hostname like snoopy.hackaday.com and get back to your computer that often changes IP addresses. Sure, you can get services to do that for you, but you must either pay or agree to read ads on their site to keep your hostname going. This is all under your control. In the original post, I suggested using cron or NetworkManager to run the update script. I also hinted you could do it with systemd, but I didn’t tell you how. Let’s fix that.

Continue reading “Linux Fu: Stupid Systemd Tricks”

Retrotechtacular: The Other Kind Of Fallout Show

Thanks to the newly released Amazon Prime series, not to mention nearly 30 years as a wildly successful gaming franchise, Fallout is very much in the zeitgeist these days. But before all that, small-F fallout was on the minds of people living in countries on both sides of the Iron Curtain who would have to deal with the aftermath of a nuclear exchange.

Uwaga! Pył promieniotwórczy  (“Beware! Radioactive Dust”) is a 1965 Polish civil defense film from film studio Wytwórnia Filmów Oświatowych. While the Cold War turning hot was not likely to leave any corner of the planet unscathed, Poland was certainly destined to bear the early brunt of a nuclear exchange between the superpowers, and it was clear that the powers that be wanted to equip any surviving Polish people with the tools needed to deal with their sudden change in circumstances.

The film, narrated in Polish but with subtitles in English, seems mainly aimed at rural populations and is mercifully free of the details of both fallout formation and the potential effects of contact with radioactive dust, save for a couple of shots of what looks like a pretty mild case of cutaneous radiation syndrome.

Defense against fallout seems focused on not inhaling radioactive dust with either respirators or expedient facemasks, and keeping particles outside the house by wearing raincoats and boots, which can be easily cleaned with water. The fact that nowhere in the film is it mentioned that getting fallout on your clothes or in your lungs could be largely avoided by not going outside is telling; farmers really can’t keep things running from the basement.

A lot of time in this brief film is dedicated to preventing food and water from becoming contaminated, and cleaning it off if it does happen to get exposed. We thought the little tin enclosures over the wells were quite clever, as were the ways to transfer water from the well to the house without picking up any contamination. The pros and cons of different foods are covered too — basically, canned foods dobry, boxed foods zły. So, thumbs up for Cram, but you might want to skip the YumYum deviled eggs.

Dealing with the potential for a nuclear apocalypse is necessarily an unpleasant subject, and it’s easy to dismiss the advice of the filmmakers as quaint and outdated, or just an attempt to give the Polish people a sense of false hope. And that may well be, but then again, giving people solid, practical steps they can take will at least give them some agency, and that’s rarely a bad thing.

Continue reading “Retrotechtacular: The Other Kind Of Fallout Show”