Hackaday Columns

4578 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Retrotechtacular: The Drama Of Metal Forming

May 29, 2021 by 22 Comments

It may seem overwrought, but The Drama of Metal Forming actually is pretty dramatic.

This film is another classic of mid-century corporate communications that was typically shown in schools, which the sponsor — in this case Shell Oil — seeks to make a point about the inevitable march of progress, and succeeds mainly in showing children and young adults what lay in store for them as they entered a working world that needed strong backs more than anything.

Despite the narrator’s accent, the factories shown appear to be in England, and the work performed therein is a brutal yet beautiful ballet of carefully coordinated moves. The sheer power of the slabbing mills at the start of the film is staggering, especially when we’re told that the ingots the mill is slinging about effortlessly weigh in at 14 tons apiece. Seeing metal from the same ingots shooting through the last section of a roller mill at high speed before being rolled into coils gives one pause, too; the catastrophe that would result if that razor-sharp and red-hot metal somehow escaped the mill doesn’t bear imagining. Similarly, the wire drawing process that’s shown later even sounds dangerous, with the sound increasing in pitch to a malignant whine as the die diameter steps down and the velocity of the wire increases.

There are the usual charming anachronisms, such as the complete lack of safety gear and the wanton disregard for any of a hundred things that could instantly kill you. One thing that impressed us was the lack of hearing protection, which no doubt led to widespread hearing damage. Those were simpler times, though, and the march of progress couldn’t stop for safety gear. Continue reading “Retrotechtacular: The Drama Of Metal Forming”

Living Robots: Revisiting BEAM

May 29, 2021 by 40 Comments

You’re hit by the global IC shortage, reduced to using stone knives and bearskins, but you still want to make something neat? It’s time to revisit BEAM robots.

Biology, electronics, aesthetics, and mechanics — Mark Tilden came up with the idea of minimalist electronic creatures that, through inter-coupled weak control systems and clever mechanical setups, could mimic living bugs. And that’s not so crazy if you think about how many nerves something like a cockroach or an earthworm have. Yet their collection of sensors, motors, and skeletons makes for some pretty interesting behavior.

My favorite BEAM bots have always been the solar-powered ones. They move slowly or infrequently, but also inexorably, under solar power. In that way, they’re the most “alive”. Part of the design trick is to make sure they stay near their food (the sun) and don’t get stuck. One of my favorite styles is the “photovore” or “photopopper”, because they provide amazing bang for the buck.

Back in the heyday of BEAM, maybe 15 years ago, solar cells were inefficient and expensive, circuits for using their small current were leaky, and small motors were tricky to come by. Nowadays, that’s all changed. Power harvesting circuits leak only nano-amps, and low-voltage MOSFETs can switch almost losslessly. Is it time to revisit the BEAM principles? I’d wager you’d put the old guard to shame, and you won’t even need any of those newfangled microcontroller thingies, which are out of stock anyway.

If you make something, show us!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 120: Chip Shortage, VGA Glitching, Truly Owning Roku, And Omniballs

May 28, 2021 by 4 Comments

Hackaday editors Elliot Williams and Mike Szczys recount a week of awesome hacks. One you might have missed involves a Roku-based smart TV that was rooted and all secrets laid bare for the sole purpose of making an Ambilight setup work with it. We take a look at a creative blade-tracking system for a scrollsaw CNC project, and a robot arm that brings non-flat layers to 3D printing and envisions composite material printing. There’s a great template for video glitching using inexpensive VGA to CGA converter boards, cleanly squeezed into a nice enclosure. We are a bit giddy for the omniwheel robot designs [James Bruton] has been showing off. And we finish out the show with a great conversation happening this week on Hackaday: people from throughout the community share how the chip shortage is affecting their projects.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (Weighing in around 55 MB.)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 120: Chip Shortage, VGA Glitching, Truly Owning Roku, And Omniballs”

This Week In Security: M1RACLES, The Full Half-Double, And Patch Gaps

May 28, 2021 by 10 Comments

We occasionally make fun of new security vulnerabilities that have a catchy name and shiny website. We’re breaking new ground here, though, in covering a shiny website that makes fun of itself. So first off, this is a real vulnerability in Apple’s brand-new M1 chip. It’s got CVE-2021-30747, and in some very limited cases, it could be used for something malicious. The full name is M1ssing Register Access Controls Leak EL0 State, or M1RACLES. To translate that trying-too-hard-to-be-clever name to English, a CPU register is left open to read/write access from unprivileged userspace. It happens to be a two-bit register that doesn’t have a documented purpose, so it’s perfect for smuggling data between processes.

Do note that this is an undocumented register. If it turns out that it actually does something important, this vulnerability could get more serious in a hurry. Until then, thinking of it as a two-bit vulnerability seems accurate. For now, however, the most we have to worry about is that two processes can use this to pass information back and forth. This isn’t like Spectre or Rowhammer where one process is reading or writing to an unrelated process, but both of them have to be in on the game.

The discoverer, [Hector Martin], points out one example where this could actually be abused: to bypass permissions on iOS devices. It’s a clever scenario. Third party keyboards have always been just a little worrying, because they run code that can see everything you type, passwords included. The long-standing advice has been to never use such a keyboard, if it asks for network access permissions. Apple has made this advice into a platform rule — no iOS keyboards get network access. What if a device had a second malicious app installed, that did have Internet access permissions? With a covert data channel, the keyboard could shuffle keystrokes off to its sister app, and get your secrets off the device.

So how much should you care about CVE-2021-30747? Probably not much. The shiny site is really a social experiment to see how many of us would write up the vulnerability without being in on the joke. Why go to the hassle? Apparently it was all an excuse to make this video, featuring the appropriate Bad Apple!! music video.

Half-Double’ing Down on Rowhammer

A few days ago, Google announced the details of Half-Double, and the glass is definitely Half-Double full with all the silly puns that come to mind. The concept is simple: If Rowhammer works because individual rows of ram are so physically close together, does further miniaturization enable attacks against bits two rows away? The answer is a qualified yes.

Quick refresher, Rowhammer is an attack first demonstrated against DDR3 back in 2014, where rapid access to one row of memory can cause bit-flip errors in the neighboring row. Since then, there have been efforts by chip manufacturers to harden against Rowhammer, including detection techniques. At the same time, researchers have kept advancing the art through techniques like Double-Sided Rowhammer, randomizing the order of reads, and attempts to synchronize the attack with the ram’s refresh intervals. Half-Double is yet another way to overcome the protections built into modern ram chips.

We start by specifying a particular ram row as the victim (V). The row right beside it will be the near aggressor row (N), and the next row over we call the far aggressor row (F). A normal Rowhammer attack would simply alternate between reading from the near aggressor and a far-off decoy, rapidly toggling the row select line, which degrades the physical charge in neighboring bits. The Half-Double attack instead alternates between the far aggressor and a decoy row for 1000 cycles, and then reads from the near aggressor once. This process is repeated until the victim row has a bit flip, which often happens within a few dozen iterations. Because the hammering isn’t right beside the victim row, the built-in detection applies mitigations to the wrong row, allowing the attack to succeed in spite of the mitigations.

More Vulnerable Windows Servers

We talked about CVE-2021-31166 two weeks ago, a wormable flaw in Windows’ http.sys driver. [Jim DeVries] started wondering something as soon as he heard about the CVE. Was Windows Remote Management, running on port 5985, also vulnerable? Nobody seemed to know, so he took matters into hiis own hands, and confirmed that yes, WinRM is also vulnerable to this flaw. From what I can tell, this is installed and enabled by default on every modern Windows server.

And far from his optimistic assertion that surely no-one would expose that to the Internet… It’s estimated that there over 2 million IPs doing just that.

More Ransomware

On the ransomware front, there is an interesting story out of The Republic of Ireland. The health system there was hit by Conti ransomware, and the price for decryption set at the equivalent of $20 million. It came as a surprise, then, when a decryptor was freely published. There seems to be an ongoing theme in ransomware, that the larger groups are trying to manage how much attention they draw. On the other hand, this ransomware attack includes a threat to release private information, and the Conti group is still trying to extort money to prevent it. It’s an odd situation, to be sure.

Inside Baseball for Security News

I found a series of stories and tweets rather interesting, starting with the May Android updates at the beginning of the month. [Liam Tung] at ZDNet does a good job laying out the basics. First, when Google announced the May Android updates, they pointed out four vulnerabilities as possibly being actively exploited. Dan Goodin over at Ars Technica took umbrage with the imprecise language, calling the announcement “vague to the point of being meaningless”.

Shane Huntley jumped into the fray on Twitter, and hinted at the backstory behind the vague warning. There are two possibilities that really make sense here. The first is that exploits have been found for sale somewhere, like a hacker forum. It’s not always obvious if an exploit has indeed been sold to someone using it. The other possibility given is that when Google was notified about the active exploit, there was a requirement that certain details not be shared publicly. So next time you see a big organization like Google hedge their language in an obvious and seemingly unhelpful way, it’s possible that there’s some interesting situation driving that language. Time will tell.

The Patch Gap

The term has been around since at least 2005, but it seems like we’re hearing more and more about patch gap problems. The exact definition varies, depending on who is using the term, and what product they are selling. A good working definition is the time between a vulnerability being public knowledge and an update being available to fix the vulnerability.

There are more common reasons for patch gaps, like vulnerabilities getting dropped online without any coordinated disclosure. Another, more interesting cause is when an upstream problem gets fixed and publicly announced, and it takes time to get the fix pulled in. The example in question this week is Safari, and a fix in upstream WebKit. The bug in the new AudioWorklets feature is a type confusion that provides an easy way to do audio processing in a background thread. When initializing a new worker thread, the programmer can use their own constructor to build the thread object. The function that kicks off execution doesn’t actually check that it’s been given a proper object type, and the object gets cast to the right type. Code is executed as if it was correct, usually leading to a crash.

The bug was fixed upstream shortly after a Safari update was shipped. It’s thought that Apple ran with the understanding that this couldn’t be used for an actual RCE, and therefore hadn’t issued a security update to fix it. The problem there is that it is exploitable, and a PoC exploit has been available for a week. As is often the case, this vulnerability would need to be combined with at least one more exploit to overcome the security hardening and sandboxing built into modern browsers.

There’s one more quirk that makes this bug extra dangerous, though. On iOS devices, when you download a different browser, you’re essentially running Safari with a different skin pasted on top. As far as I know, there is no way to mitigate against this bug on an iOS device. Maybe be extra careful about what websites you visit for a few days, until this get fixed.

Via Ars Technica

History Of Closed Captions: Entering The Digital Era

May 27, 2021 by 42 Comments

When you want to read what is being said on a television program, movie, or video you turn on the captions. Looking under the hood to see how this text is delivered is a fascinating story that stared with a technology called Closed Captions, and extended into another called Subtitles (which is arguably the older technology).

I covered the difference between the two, and their backstory, in my previous article on the analog era of closed captions. Today I want to jump into another fascinating chapter of the story: what happened to closed captions as the digital age took over? From peculiar implementations on disc media to esoteric decoding hardware and a baffling quirk of HDMI, it’s a fantastic story.

There were some great questions in the comments section from last time, hopefully I have answered most of these here. Let’s start with some of the off-label uses of closed captioning and Vertical Blanking Interval (VBI) data.

Continue reading “History Of Closed Captions: Entering The Digital Era”

Teardown: RADICA I-Racer

May 26, 2021 by 3 Comments

Long before the Oculus Rift and HTC Vive came along, some of the biggest names in gaming tried to develop practical stereoscopic displays. These early attempts at virtual reality (VR) were hindered by the technical limitations of their time, and most never progressed beyond the prototype stage. Of the ones that did make it to retail shelves, none managed to stick around for very long. The best known example is Nintendo’s Virtual Boy, which ended up being a financial disaster upon its release in 1995 and some regard as the gaming giant’s greatest blunder.

Despite these public failures, Radica still felt compelled to throw their hat into the ring. Best known for their line of relatively simplistic LCD handheld games, the company produced several rudimentary stereoscopic stand-alone titles in the late 1990s to try and cash in on the VR fad. Among the later entries in this series was 1999’s NASCAR i-Racer, which at least externally, looks quite a bit like modern VR headset.

Featuring a head-mounted stereoscopic display, a handheld controller, force feedback, and integrated headphones, you’d certainly be forgiven for thinking the i-Racer was ahead of its time. But its reliance on the primitive LCD technology that put Radica on the map, combined with the need to keep the game as cheap as possible, keeps the experience planted firmly in the 1990s. But perhaps there’s something we can do about that.

Continue reading “Teardown: RADICA I-Racer”

Getting Started With Aluminum Extrusions

May 25, 2021 by 64 Comments

T-slot extrusions used to be somewhat mysterious, but today they are quite common thanks to their use in many 3D printers. However, it is one thing to assemble a kit with some extrusions and another thing to design your own creations with the material. If you ever had a Play-Doh Fun Factory as a kid, then you know about extrusions. You push some material out through a die to make a shape. Of course, aluminum extrusions aren’t made from modeling clay, but usually 6105-T5 aluminum. Oddly, there doesn’t seem to be an official standard, but it is so common that there’s usually not much variation between different vendors.

We use extrusions to create frames for 3D printers, laser cutters, and CNC machines. But you can use it anywhere you need a sturdy and versatile frame. There seems to be a lot of people using them, for example, to build custom fixtures inside vans. If you need a custom workbench, a light fixture, or even a picture frame, you can build anything you like using extrusions. Continue reading “Getting Started With Aluminum Extrusions”