Hackaday Podcast Episode 289: Tiny Games, Two Modern Modems, And The Next Big Thing

September 20, 2024 by Kristina Panos 9 Comments

This week on the Podcast, Hackaday’s Elliot Williams and Kristina Panos joined forces to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous week.

First up in the news: we’ve announced the 2024 Tiny Games Contest winners! We asked you to show us your best tiny game, whether that means tiny hardware, tiny code, or a tiny BOM, and you did so in spades. Congratulations to all the winners and Honorable Mentions, and thanks to DigiKey, Supplyframe, and all who entered!

We also announced the first round of Supercon speakers, so if you haven’t gotten your ticket yet, now’s the second best time.

But wait, there’s more! We’re already a few weeks into the next contest, where we want you to show us your best ~~Simple~~ Supercon Add-On. We love to see the add-ons people make for the badge every year, so this time around we’re really embracing the standard. The best SAOs will get a production run and they’ll be in the swag bag at Hackaday Europe 2025.

Then it’s on to What’s That Sound, which completely stumped Kristina once again. Can you get it? Can you figure it out? Can you guess what’s making that sound? If you can, and your number comes up, you get a special Hackaday Podcast t-shirt.

Now it’s on to the hacks, beginning with non-planar ironing for smooth prints, and a really neat business card that also plays tiny games. Then we’ll discuss USB modems, cool casts for broken wrists, and archiving data on paper. Finally, we ask two big questions — where do you connect the shield, and what’s the Next Big Thing gonna be? Inquiring minds want to know.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3 and savor at your leisure.

Continue reading “Hackaday Podcast Episode 289: Tiny Games, Two Modern Modems, And The Next Big Thing” →

This Week In Security: Open Source C2, Raptor Trains, And End To End Encryption

September 20, 2024 by Jonathan Bennett 14 Comments

Open Source has sort of eaten everything in software these days. And that includes malware, apparently, with open source Command and Control (C2) frameworks like Sliver and Havoc gaining traction. And of course, this oddball intersection of Open Source and security has intrigued at least one security researcher who has found some interesting vulnerabilities.

Before we dive into what was found, you may wonder why open source malware tools exist. First off, trustworthy C2 servers are quite useful for researchers, who need access to such tools for testing. Then there is Red Teaming, where a security professional launches a mock attack against a target to test its defenses. A C2 is often useful for education and hobby level work, and then there are the true criminals that do use these Open Source tools. It takes all types.

A C2 system consists of an agent installed on compromised systems, usually aiming for stealth. These agents connect to a central server, sending information and then executing any instructions given. And finally there’s a client, which is often just a web interface or even a command line interface.

Now what sort of fun is possible in these C2 systems? Up first is Sliver, written in Go, with a retro command line interface. Sliver supports launching Metasploit on compromised hosts. Turns out, it accidentally supported running Metasploit modules against the server’s OS itself, leading to an easy remote shell from an authenticated controller account.

Havoc has a fancy user interface for the clients, and also a command injection flaw. A service name field gets used to generate a shell command, so you’re only a simple escape away from running commands. That’s not quite as useful as the API that failed open when a bad username/password was given. Oops. Continue reading “This Week In Security: Open Source C2, Raptor Trains, And End To End Encryption” →

Design And The Golden Rule

September 19, 2024 by Al Williams 36 Comments

You often learn the golden rule or some variation of it as early as kindergarten. There are several ways to phrase it, but you most often hear: “Do unto others as you would have them do unto you.” While that’s catchy, it is really an aphorism that encourages us to consider the viewpoints of others. As people who design things, this can be tricky. Sometimes, what you want isn’t necessarily what most people want, and — conversely — you might not appreciate what most people want or need.

EDIT/1000

I learned this lesson many years ago when I used to babysit a few HP/1000 minicomputers. Minicomputer sounds grand, but, honestly, a Raspberry Pi of any sort would put the old HP to shame. Like a lot of computers in those days, it had a text editor that was arcane even by the standards of vi or emacs. EDIT/1000 couldn’t be sure you weren’t using a printing terminal, and the commands reflect that.

For example, printing a few lines around the current line requires the command: “/-2,L,5” which isn’t that hard, I suppose. To delete all lines that contain a percent sign, “1$ D/%/A/” assuming you don’t want to be asked about each deletion.

Sure, sure. As a Hackaday reader, you don’t find this hard to puzzle out or remember. But back in the 1980s, a bunch of physicists and chemical engineers had little patience for stuff like that. However, the editor had a trick up its sleeve.

Continue reading “Design And The Golden Rule” →

FLOSS Weekly Episode 801: JBang — Not Your Parents Java Anymore

September 18, 2024 by Jonathan Bennett 12 Comments

This week Jonathan Bennett and Jeff Massie chat with Max Rydahl Andersen about JBang, the cross-platform tool to run Java as a system scripting language. That’s a bit harder than it sounds, particularly to take advantage of Java’s rich debugging capabilities and the ecosystem of libraries that are available. Tune in to get the details, as well as how polyglot files are instrumental to making JBang work!

Continue reading “FLOSS Weekly Episode 801: JBang — Not Your Parents Java Anymore” →

Meet The Winners Of The 2024 Tiny Games Contest

September 18, 2024 by Tom Nardi 12 Comments

Over the years, we’ve figured out some pretty sure-fire ways to get hackers and makers motivated for contests. One of the best ways is to put arbitrary limits on different aspects of the project, such as how large it can be or how much power it can consume. Don’t believe us? Then just take a look at the entries of this year’s Tiny Games Contest.

Nearly 80 projects made it across the finish line this time, and our panel of judges have spent the last week or so going over each one to try and narrow it down to a handful of winners. We’ll start things off with the top three projects, each of which will be awarded a $150 gift certificate from our friends at DigiKey.

First: Sub-Surface Simon

While this contest saw a lot of excellent entries, we don’t think anyone is going to be surprised to see this one take the top spot. Earning an exceptionally rare perfect ten score from each of our judges, Sub-Surface Simon from [alnwlsn] grabbed onto the theme of this contest and ran like hell with it. Continue reading “Meet The Winners Of The 2024 Tiny Games Contest” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The (Mc)Cool Typewriter

September 16, 2024 by Kristina Panos 2 Comments

A hand and wrist with a gesture detection ring and a control box on the wrist. — Image by [ambrush] via Hackaday.IO

Okay, so this isn’t a traditional keyboard, but you can probably figure out why the RuneRing is here. Because it’s awesome! Now, let me give you the finer points.

Hugely inspired by both ErgO and Somatic, RuneRing is a machine learning-equipped wearable mouse-keyboard that has a configurable, onboard ML database that can be set up to detect any gesture.

Inside the ring is a BMI160 6-axis IMU that sends gesture data to the Seeed Studio nRF52840 mounted on the wrist. Everything is powered with an 80mAh Li-Po lifted from a broken pair of earbuds.

Instead of using a classifier neural network, RuneRing converts IMU data to points in 24-dimensional space. Detecting shapes is done with a statistical check. The result is a fast and highly versatile system that can detect a new shape with as few as five samples.

Continue reading “Keebin’ With Kristina: The One With The (Mc)Cool Typewriter” →

Hackaday Links: September 15, 2024

September 15, 2024 by Dan Maloney 10 Comments

A quick look around at any coffee shop, city sidewalk, or sadly, even at a traffic light will tell you that people are on their phones a lot. But exactly how much is that? For Americans in 2023, it was a mind-boggling 100 trillion megabytes, according to the wireless industry lobbying association CTIA. The group doesn’t discuss their methodology in the press release, so it’s a little hard to make judgments on that number’s veracity, or the other numbers they bandy about, such as the 80% increase in data usage since 2021, or the fact that 40% of data is now going over 5G connections. Some of the numbers are more than a little questionable, too, such as the claim that 330 million Americans (out of a current estimate of 345.8 million people) are covered by one or more 5G networks. Even if you figure that most 5G installations are in densely populated urban areas, 95% coverage seems implausible given that in 2020, 57.5 million people lived in rural areas of the USA. Regardless of the details, it remains that our networks are positively humming with data, and keeping things running is no mean feat.

Continue reading “Hackaday Links: September 15, 2024” →