Hackaday Columns

4609 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast 126: Cable 3D-Scanner, Tesla Charger Robot, Ultrasonic Anemometer, And A Zoetrope

July 9, 2021 by No comments

Hackaday editors Elliot Williams and Mike Szczys dive into a week of exceptional hacks. Tip-top of the list has to be the precision measuring instrument that uses a cable spooling mechanism. There’s news that the Starlink base station firmware has been dumped and includes interesting things like geofencing for the developer modes. We saw a garage robot that will plug in your electric vehicle if you’re the forgetful sort. And we close up by talking about heavier-than-air helium airships and China’s Mars rover.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (55 MB or so.)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 126: Cable 3D-Scanner, Tesla Charger Robot, Ultrasonic Anemometer, And A Zoetrope”

This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!

July 9, 2021 by 29 Comments

For the second time, Microsoft has attempted and failed to patch the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We warned you about this last week, but a few more details are available now. The original reporter, [Yunhai Zhang] confirms our suspicions, stating on Twitter that “it seems that they just test with the test case in my report”.

Microsoft has now shipped an out-of-band patch to address the problem, with the caveat that it’s known not to be a perfect fix, but should eliminate the RCE element of the vulnerability. Except … if the server in question has the point and print feature installed, it’s probably still vulnerable. And to make it even more interesting, Microsoft says they have already seen this vulnerability getting exploited in the wild. Continue reading “This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!”

Tech Hidden In Plain Sight: Cruise Control

July 8, 2021 by 29 Comments

The advent of the microcontroller changed just about everything. Modern gadgets often have a screen-based interface that may hide dozens or hundreds of functions that would have been impractical and confusing to do with separate buttons and controls. It also colors our thinking of what is possible. Imagine if cars didn’t have cruise control and someone asked you if it were possible. Of course. Monitor the speed and control the gas using a PID algorithm. Piece of cake, right? Except cruise control has been around since at least 1948. So how did pre-microcontroller cruise control work? Sure, in your modern car it might work just like you think. But how have we had seventy-plus years of driving automation?

A Little History

A flyball governor from a US Navy training film.

Controlling the speed of an engine is actually not a very new idea. In the early 1900s, flyball governors originally designed for steam engines could maintain a set speed. The idea was that faster rotation caused the balls would spread out, closing the fuel or air valve while slower speeds would let the balls get closer together and send more fuel or air into the engine.

The inventor of the modern cruise control was Ralph Teetor, a prolific inventor who lost his sight as a child. Legend has it that he was a passenger in a car with his lawyer driving and grew annoyed that the car would slow down when the driver was talking and speed up when he was listening. That was invented in 1948 and improved upon over the next few years.

Continue reading “Tech Hidden In Plain Sight: Cruise Control”

Electric Land Speed Racing Can Be Lightning Fast

July 8, 2021 by 4 Comments

Land speed racing is a pursuit of ultimate speed above all else. Most cars typically run on huge, flat salt pans, and racers run flat out for miles in a straight line, attempting to push their machines to the limit. Like most motorsports, the history of land speed racing has traditionally been centred around internal combustion, but electric racers have long been out there chasing land speed records as well.

The Need For Speed

At the most famous land speed trials, such as Bonneville’s Speed Week, speed runs take place over miles and miles of open salt, with timing traps along the way to determine competitor’s speeds. These tracks are long enough that acceleration is of little concern, which is of great benefit to electric runners. Additionally, only one or two runs is required to set a record. This means that heavy batteries aren’t always needed, as the distance a competitor must travel is short, and even if the batteries are heavy, it doesn’t excessively affect top speed.

With an eye to that, land speed competitors in electric classes are typically classified into weight classes. This is due to the fact that bigger, heavier battery packs can deliver more current, and thus potentially have a performance advantage over lighter vehicles. Thus, typical classes run by most salt flats competitions involve the E1 class, which allows for vehicles under 1100 lbs, the E2 class, for vehicles up to 2200 lbs, and the E3 class, which is for anything 2200 lbs and above. The FIA also publish their own set of classes, again separated by weight, though to a much more granular degree.

Procedures for setting records vary depending on the venue and the record in question. Local records at salt venues like El Mirage can typically be broken with a single run faster than the standing record, while Bonneville Speed Week competitors must set a higher average speed across two runs on two consecutive days. FIA records differ again, and are perhaps the most stringent, requiring competitors to set a faster average across two runs in opposite directions, set within an hour of each other, to attempt to minimise the effect of wind on the result. Things can sometimes get confusing, as many FIA records, for example, are set at the Bonneville salt flats, but not actually in Speed Week competition or by Speed Week rules. Continue reading “Electric Land Speed Racing Can Be Lightning Fast”

Linux Fu: PDF For Penguins

July 6, 2021 by 44 Comments

PostScript started out as a programming language for printers. While PostScript printers are still a thing, there are many other ways to send data to a printer. But PostScript also spawned the Portable Document Format or PDF and that has been crazy successful. Hardly a day goes by that you don’t see some kind of PDF document come across your computer screen. Sure, there are other competing formats but they hold a sliver of market share compared to PDF. Viewing PDFs under Linux is no problem. But what about editing them? Turns out, that’s easy, too, if you know how.

GUI Tools

You can use lots of tools to edit PDF files, but the trick is how good the results will look. Anything will work for this: LibreOffice Draw, Inkscape, or even GIMP. If all you want to do is remove something with a white box or make an annotation, these tools are usually great, but for more complicated changes, or pixel-perfect output, they may not be the right tool.

The biggest problem is that most of these tools deal with the PDF as an image or, at least, a collection of objects. For example, columns of text will probably turn into a collection of discrete lines. Changing something that causes a line to wrap will require you to change all the other lines to match. Sometimes text isn’t even text at all, but images. It largely depends on how the creator made the PDF to begin with. Continue reading “Linux Fu: PDF For Penguins”

Microfluidics For Biohacking Hack Chat

July 5, 2021 by 2 Comments

Join us on Wednesday, July 7 at noon Pacific for the Microfluidics for Biohacking Hack Chat with Krishna Sanka!

“Microfluidics” sounds like a weird and wonderful field, but one that doesn’t touch regular life too much. But consider that each time you fire up an ink-jet printer, you’re putting microfluidics to work, as nanoliter-sized droplets of ink are spewed across space to impact your paper at exactly the right spot.

Ink-jets may be mundane, but the principles behind them are anything but. Microfluidic mechanisms have found their way into all sorts of products and processes, with perhaps the most interesting uses being leveraged to explore and exploit the microscopic realms of life. Microfluidics can be used to recreate some of the nanoscale biochemical reactions that go on in cells, and offer not only new ways to observe the biological world, but often to manipulate it. Microfluidics devices range from “DNA chips” that can rapidly screen drug candidates against thousands of targets, to devices that can rapidly screen clinical samples for exposure to toxins or pathogens.

There are a host of applications of microfluidics in biohacking, and Krishna Sanka is actively working to integrate the two fields. As an engineering graduate student, his focus is open-source, DIY microfluidics that can help biohackers up their game, and he’ll stop by the Hack Chat to run us through the basics. Come with your questions about how — and why — to build your own microfluidics devices, and find out how modern biohackers are learning to “go with the flow.”

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 7 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

[Featured image: Cooksey/NIST]

Hackaday Links Column Banner

Hackaday Links: July 4, 2021

July 4, 2021 by 9 Comments

With rescue and recovery efforts at the horrific condo collapse in Florida this week still underway, we noted with interest some of the technology being employed on the site. Chief among these was a contribution of the Israeli Defense Force (IDF), whose secretive Unit 9900 unveiled a 3D imaging system to help locate victims trapped in the rubble. The pictures look very much like the 3D “extrusions” that show up on Google Maps when you zoom into a satellite view and change the angle, but they were obviously built up from very recent aerial or satellite photos that show the damage to the building. The idea is to map where parts of the building — and unfortunately, the building’s occupants — ended up in the rubble pile, allowing responders to concentrate their efforts on the areas most likely to hold victims. The technology, which was developed for precision targeting of military targets, has apparently already located several voids in the debris that weren’t obvious to rescue teams. Here’s hoping that the system pays off, and that we get to learn a little about how it works.

Radio enthusiasts, take note: your hobby may just run you afoul of authorities if you’re not careful. That seems to be the case for one Stanislav Stetsenko, a resident of Crimea who was arrested on suspicion of treason this week. Video of the arrest was posted which shows the equipment Stetsenko allegedly used to track Russian military aircraft on behalf of Ukraine: several SDR dongles, a very dusty laptop running Airspy SDR#, an ICOM IC-R6 portable communications receiver, and various maps and charts. In short, it pretty much looks like what I can see on my own desk right now. We know little of the politics around this, but it does give one pause to consider how non-technical people view those with technical hobbies.

If you could choose a superpower to suddenly have, it really would take some careful consideration. Sure, it would be handy to shoot spider webs or burst into flames, but the whole idea of some kind of goo shooting out of your wrists seems gross, and what a nuisance to have to keep buying new clothes after every burn. Maybe just teaching yourself a new sense, like echolocation, would be a better place to start. And as it turns out, it’s not only possible for humans to echolocate, but it’s actually not that hard to learn. Researchers used a group of blind and sighted people for the test, ranging in age from 21 to 79 years, and put them through a 10-week training program to learn click-based echolocation. After getting the basics of making the clicks and listening for the returns in an anechoic chamber, participants ran through a series of tasks, like size and orientation discrimination of objects, and virtual navigation. The newly minted echolocators were also allowed out into the real world to test their skills. Three months after the study, the blind participants had mostly retained their new skill, and most of them were still using it and reported that it had improved their quality of life.

As with everything else he’s involved with, Elon Musk has drawn a lot of criticism for his Starlink satellite-based internet service. The growing constellation of satellites bothers astronomers, terrestrial ISPs are worried the service will kill their business model, and the beta version of the Starlink dish has been shown to be flakey in the summer heat. But it’s on equipment cost where Musk has taken the most flak, which seems unfair as the teardowns we’ve seen clearly show that the phased-array antenna in the Starlink dish is being sold for less than it costs to build. But still, Musk is assuring the world that Starlink home terminals will get down in the $250 to $300 range soon, and that the system could have 500,000 users within a year. There were a couple of other interesting insights, such as where Musk sees Starlink relative to 5G, and how he’s positioning Starlink to provide backhaul services to cellular companies.

Well, this is embarrassing. Last week, we mentioned that certain unlucky users of an obsolete but still popular NAS device found that their data had disappeared, apparently due to malefactors accessing the device over the internet and forcing a factory reset. Since this seems like something that should require entering a password, someone took a look at the PHP script for the factory restore function and found that a developer had commented out the very lines that would have performed the authentication:

    function get($urlPath, $queryParams=null, $ouputFormat='xml'){
//        if(!authenticateAsOwner($queryParams))
//        {
//            header("HTTP/1.0 401 Unauthorized");
//            return;
//        }

It’s not clear when the PHP script was updated, but support for MyBook Live was dropped in 2015, so this could have been a really old change. Still, it was all the hacker needed to get in and wreak havoc; interestingly, the latest attack may be a reaction to a three-year-old exploit that turned many of these devices into a botnet. Could this be a case of hacker vs. hacker?