Hackaday Columns

4626 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

SCADA Security Hack Chat

July 12, 2021 by 18 Comments

Join us on Wednesday, July 14 at noon Pacific for the SCADA Security Hack Chat with Éireann Leverett!

As a society, we’ve learned a lot of hard lessons over the last year and a half or so. But one of the strongest lessons we’ve faced is the true fragility of our infrastructure. The crumbling buildings and bridges and their tragic consequences are one thing, but along with attacks on the food and energy supply chains, it’s clear that our systems are at the most vulnerable as their complexity increases.

And boy are we good at making complex systems. In the United States alone, millions of miles of cables and pipelines stitch the country together from one coast to the other, much of it installed in remote and rugged places. Such far-flung systems require monitoring and control, which is the job of supervisory control and data acquisition, or SCADA, systems. These networks have grown along with the infrastructure, often in a somewhat ad hoc manner, and given their nature they can be tempting targets for threat actors.

Finding ways to secure such systems is very much on Éireann Leverett’s mind. As a Senior Risk Researcher at the University of Cambridge, he knows about the threats to our infrastructure and works to find ways to mitigate them. His book Solving Cyber Risk lays out a framework for protecting IT infrastructure in general. For this Hack Chat, Éireann will be addressing the special needs of SCADA systems, and how best to protect these networks. Drop by with your questions about infrastructure automation, mitigating cyber risks, and what it takes to protect the endless web of pipes and wires we all need to survive.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 14 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Hackaday Links Column Banner

Hackaday Links: July 11, 2021

July 11, 2021 by 5 Comments

Well, at least the acronym will stay the same. It looks like black is the new blue for Windows 11, as the BSOD screen gets its first makeover in years. It’s an admittedly minor change, since the on-screen text is virtually identical to the BSOD from recent versions of Windows 10, and the new death-knell even sports the same frowny-face emoji and QR code. Really, the white-on-black color scheme is the only major difference we can see — even the acronym will stay the same. It’s not really that newsworthy, we suppose, although it does make us miss the extremely busy BSODs from back in the Windows NT days.

As the semiconductor shortage continues, manufacturers are getting desperate to procure the parts they need to make their products. And if there’s one thing as certain as death and taxes, it’s that desperation provides opportunity to criminals. A thread over on EEVBlog details an encounter one company had with an alleged scammer, who sent an unsolicited offer to them for a large number of ordinarily hard-to-find microprocessors at a good price. Wisely, the company explored the offer in some depth and found that “Brian” (the representative who contacted them) is actually named Nick Martin and, according to an article on the Electronic Resellers Association International (ERAI) website, is apparently associated with a number of fraudulent operations. Their list of allegedly fraudulent deals made by Mr. Martin stretches back to 2018 and totals over $300,000 of ill-gotten gain.

Last year, friend-of-Hackaday and laser artist Seb Lee-Delisle spent a lot of time and effort getting together an amazing interactive laser light show for the night skies of cities in the UK. Laser Light City, with powerful lasers mounted on the tops of tall buildings, was a smashing success that brought a little cheer into what was an otherwise dreadful time. But we have to admit that the videos and other materials covering Laser Light City left us wanting more — something like that, with a far-flung installation on rooftops and the ability for audience members to control it all from their phone, really needs a deeper “how it works” treatment. Thankfully, Seb has released a video that dives into the nuts and bolts of the show, including a look at ludicrously powerful lasers with beams that can still be seen in broad daylight.

Continue reading “Hackaday Links: July 11, 2021”

You Can’t Fix What You Can’t Measure

July 10, 2021 by 13 Comments

Last year, as my Corona Hobby™, I took up RC plane flying. I started out with discus-launched gliders, and honestly that’s still my main love, but there’s only so much room for hackery in planes that are designed to be absolutely minimum weight and maximum performance; these are the kind of planes that notice an extra half gram in the tail. So I’ve also built a few crude workhorse planes — the kind of things that you could slap a 60 g decade-old GoPro on and it won’t even really notice. Some have ended their lives in trees, but most have been disassembled and reincarnated — the electronics live on in the next body.

The journey has been really fun. I’ve learned about aerodynamics, gotten an excuse to put together a 4-axis hot-wire CNC styrofoam cutter, and covered everything in sight with carbon fiber tow, which is cheaper than you might think but makes the plane space-age. My current workhorse has bolted on an IMU, GPS, and a minimal Ardupilot setup, though I have yet to really put it through its paces. What’s holding me back is the video link — it just won’t work reliably further than a few hundred meters, and I certainly don’t trust it to get out of line-of-sight.

My suspicion is that the crappy antennas I have are holding me back, which of course is an encouragement to DIY, but measuring antennas in the 5.8 GHz band is tricky. I’d love to just be able to buy one of the cheap vector analyzers that we’ve covered in the past — anyone can make an antenna when they can see what they’re doing — but they top out at 2.4 GHz or lower. No dice. I’m blind in 5.8 GHz.

Of course, I do have one way in, and that’s tapping into the received signal strength indicator (RSSI) of a dedicated 5.8 GHz receiver, and just testing antennas out in practice, but that only gives a sort of loose better-worse indication. More capacitance or more inductance? Plates closer together or further apart? Try it out and see, I guess, but it’s time-consuming.

Moral of the story: don’t take measurement equipment for granted. Imagine trying to build an analog circuit without a voltmeter, or to debug something digital without a logic probe. Sometimes the most important tool is the one that lets you see the problem in the first place.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 126: Cable 3D-Scanner, Tesla Charger Robot, Ultrasonic Anemometer, And A Zoetrope

July 9, 2021 by No comments

Hackaday editors Elliot Williams and Mike Szczys dive into a week of exceptional hacks. Tip-top of the list has to be the precision measuring instrument that uses a cable spooling mechanism. There’s news that the Starlink base station firmware has been dumped and includes interesting things like geofencing for the developer modes. We saw a garage robot that will plug in your electric vehicle if you’re the forgetful sort. And we close up by talking about heavier-than-air helium airships and China’s Mars rover.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (55 MB or so.)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 126: Cable 3D-Scanner, Tesla Charger Robot, Ultrasonic Anemometer, And A Zoetrope”

This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!

July 9, 2021 by 29 Comments

For the second time, Microsoft has attempted and failed to patch the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We warned you about this last week, but a few more details are available now. The original reporter, [Yunhai Zhang] confirms our suspicions, stating on Twitter that “it seems that they just test with the test case in my report”.

Microsoft has now shipped an out-of-band patch to address the problem, with the caveat that it’s known not to be a perfect fix, but should eliminate the RCE element of the vulnerability. Except … if the server in question has the point and print feature installed, it’s probably still vulnerable. And to make it even more interesting, Microsoft says they have already seen this vulnerability getting exploited in the wild. Continue reading “This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!”

Tech Hidden In Plain Sight: Cruise Control

July 8, 2021 by 29 Comments

The advent of the microcontroller changed just about everything. Modern gadgets often have a screen-based interface that may hide dozens or hundreds of functions that would have been impractical and confusing to do with separate buttons and controls. It also colors our thinking of what is possible. Imagine if cars didn’t have cruise control and someone asked you if it were possible. Of course. Monitor the speed and control the gas using a PID algorithm. Piece of cake, right? Except cruise control has been around since at least 1948. So how did pre-microcontroller cruise control work? Sure, in your modern car it might work just like you think. But how have we had seventy-plus years of driving automation?

A Little History

A flyball governor from a US Navy training film.

Controlling the speed of an engine is actually not a very new idea. In the early 1900s, flyball governors originally designed for steam engines could maintain a set speed. The idea was that faster rotation caused the balls would spread out, closing the fuel or air valve while slower speeds would let the balls get closer together and send more fuel or air into the engine.

The inventor of the modern cruise control was Ralph Teetor, a prolific inventor who lost his sight as a child. Legend has it that he was a passenger in a car with his lawyer driving and grew annoyed that the car would slow down when the driver was talking and speed up when he was listening. That was invented in 1948 and improved upon over the next few years.

Continue reading “Tech Hidden In Plain Sight: Cruise Control”

Electric Land Speed Racing Can Be Lightning Fast

July 8, 2021 by 4 Comments

Land speed racing is a pursuit of ultimate speed above all else. Most cars typically run on huge, flat salt pans, and racers run flat out for miles in a straight line, attempting to push their machines to the limit. Like most motorsports, the history of land speed racing has traditionally been centred around internal combustion, but electric racers have long been out there chasing land speed records as well.

The Need For Speed

At the most famous land speed trials, such as Bonneville’s Speed Week, speed runs take place over miles and miles of open salt, with timing traps along the way to determine competitor’s speeds. These tracks are long enough that acceleration is of little concern, which is of great benefit to electric runners. Additionally, only one or two runs is required to set a record. This means that heavy batteries aren’t always needed, as the distance a competitor must travel is short, and even if the batteries are heavy, it doesn’t excessively affect top speed.

With an eye to that, land speed competitors in electric classes are typically classified into weight classes. This is due to the fact that bigger, heavier battery packs can deliver more current, and thus potentially have a performance advantage over lighter vehicles. Thus, typical classes run by most salt flats competitions involve the E1 class, which allows for vehicles under 1100 lbs, the E2 class, for vehicles up to 2200 lbs, and the E3 class, which is for anything 2200 lbs and above. The FIA also publish their own set of classes, again separated by weight, though to a much more granular degree.

Procedures for setting records vary depending on the venue and the record in question. Local records at salt venues like El Mirage can typically be broken with a single run faster than the standing record, while Bonneville Speed Week competitors must set a higher average speed across two runs on two consecutive days. FIA records differ again, and are perhaps the most stringent, requiring competitors to set a faster average across two runs in opposite directions, set within an hour of each other, to attempt to minimise the effect of wind on the result. Things can sometimes get confusing, as many FIA records, for example, are set at the Bonneville salt flats, but not actually in Speed Week competition or by Speed Week rules. Continue reading “Electric Land Speed Racing Can Be Lightning Fast”