Hackaday Columns

4280 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Malicious Rollback, WHOIS, And More

September 13, 2024 by 4 Comments

It’s time to talk about Microsoft’s patch Tuesday, and the odd vulnerability rollback that happened. CVE-2024-43491 has caught some attention, as it’s a 9.8 on the CVSS scale, is under active exploitation, and results in Remote Code Execution (RCE). Yikes, it sounds terrible!

First off, what actually happened? The official statement is that “build version numbers crossed into a range that triggered a code defect”. We don’t know the exact details, but it’s something like an unsigned integer that was interpreted as a signed integer. A build number could have rolled over 32767, and what was intended to be 32768 or higher suddenly became −32767. Lots of “if greater than or equal” logic breaks down in that situation. Because of a logic flaw like this, certain versions of Windows 10 were unintentionally opting out of some historical security fixes.

And that’s where the high CVSS score and active exploitation descriptor comes from. This is simply the highest score of the resurgent flaws, and an acknowledgement that they have been exploited in the past. The good news is that this only applies to Windows 10 build 1507, so either the original install without any of the major updates installed, or one of the Windows 10 Enterprise Long-Term Servicing Branch (LTSB) versions. It seems that the March 2024 monthly security update introduced the problem, and it wasn’t fixed until this month’s updates. Continue reading “This Week In Security: Malicious Rollback, WHOIS, And More”

FLOSS Weekly Episode 800: Champagning The Ladybird Browser

September 11, 2024 by 5 Comments

This week Jonathan Bennett and Aaron Newcomb chat with Andreas Kling about Ladybird, the new browser in development from the ground up. It was started as part of SerenityOS, and has since taken on a life of its own. How much of the web works on it? How many people are working on the project? And where’s the download button? Listen to find out!

Continue reading “FLOSS Weekly Episode 800: Champagning The Ladybird Browser”

Supercon 2023: Aleksa Bjelogrlic Dives Into Circuits That Measure Circuits

September 11, 2024 by 10 Comments

Oscilloscopes are one of our favorite tools for electronics development. They make the hidden dances of electrons visually obvious to us, and give us a clear understanding of what’s actually going on in a circuit.

The question few of us ever ask is, how do they work? Most specifically—how do you design a circuit that’s intended to measure another circuit? Aleksa Bjelogrlic has pondered that very idea, and came down to explain it all to us at the 2023 Hackaday Supercon.

Continue reading “Supercon 2023: Aleksa Bjelogrlic Dives Into Circuits That Measure Circuits”

Assessing The Energy Efficiency Of Programming Languages

September 10, 2024 by 67 Comments

Programming languages are generally defined as a more human-friendly way to program computers than using raw machine code. Within the realm of these languages there is a wide range of how close the programmer is allowed to get to the bare metal, which ultimately can affect the performance and efficiency of the application. One metric that has become more important over the years is that of energy efficiency, as datacenters keep growing along with their power demand. If picking one programming language over another saves even 1% of a datacenter’s electricity consumption, this could prove to be highly beneficial, assuming it weighs up against all other factors one would consider.

There have been some attempts over the years to put a number on the energy efficiency of specific programming languages, with a paper by Rui Pereira et al. from 2021 (preprint PDF) as published in Science of Computer Programming covering the running a couple of small benchmarks, measuring system power consumption and drawing conclusions based on this. When Hackaday covered the 2017 paper at the time, it was with the expected claim that C is the most efficient programming language, while of course scripting languages like JavaScript, Python and Lua trailed far behind.

With C being effectively high-level assembly code this is probably no surprise, but languages such as C++ and Ada should see no severe performance penalty over C due to their design, which is the part where this particular study begins to fall apart. So what is the truth and can we even capture ‘efficiency’ in a simple ranking?

Continue reading “Assessing The Energy Efficiency Of Programming Languages”

Supercon 2023: Ben Combee And The Hacker’s Guide To Audio/Video Formats

September 9, 2024 by 8 Comments

Media formats have come a long way since the early days of computing. Once upon a time, the very idea of even playing live audio was considered a lofty goal, with home computers instead making do with simple synthesizer chips instead. Eventually, though, real audio became possible, and in turn, video as well.

But what of the formats in which we store this media? Today, there are so many—from MP3s to MP4s, old-school AVIs to modern *.h264s. Senior software engineer Ben Combee came down to the 2023 Hackaday Supercon to give us all a run down of modern audio and video formats, and how they’re best employed these days.

Continue reading “Supercon 2023: Ben Combee And The Hacker’s Guide To Audio/Video Formats”

Hackaday Links Column Banner

Hackaday Links: September 8, 2024

September 8, 2024 by 13 Comments

OK, sit down, everyone — we don’t want you falling over and hurting yourself when you learn the news that actually yes, your phone has been listening to your conversations all along. Shocking, we know, but that certainly seems to be what an outfit called Cox Media Group (CMG) does with its “Active Listening” software, according to a leaked slide deck that was used to pitch potential investors. The gist is that the software uses a smartphone’s microphone to listen to conversations and pick out keywords that it feeds to its partners, namely Google, Facebook, and Amazon so that they can target you with directed advertisements. Ever have an IRL conversation about something totally random only to start seeing references to that subject pop up where they never did before? We sure have, and while “relationship mining” seemed like a more parsimonious explanation back in 2017, the state of tech makes eavesdropping far more plausible today. Then there’s the whole thing of basically being caught red-handed. The Big Three all huffed and puffed about how they were shocked, SHOCKED to learn that this was going on, with reactions ranging from outright denial of ever partnering with CMG to quietly severing their relationship with the company. So much for years of gaslighting on this.

Continue reading “Hackaday Links: September 8, 2024”

Fun And Failure

September 7, 2024 by 20 Comments

My sister is a beekeeper, or maybe a meta-beekeper. She ends up making more money by breeding and selling new queen bees to other beekeepers than she does by selling honey, but that doesn’t mean that she doesn’t also process the sweet stuff from time to time. She got a free steam-heated oscillating hot knife, used for cutting the waxy caps off of the tops of the cells before spinning the combs down to extract honey, and she thought it might be easier to use than her trusty hand-held electric hot knife.

The oscillating knife, which was built something like a century ago, hadn’t been used in decades. All of the grease had turned to glue, and the large v-belt wheel that made it go was hard to turn by hand, and the motor was missing anyway. So she gave it to my father and me as a project. How could we resist?

We found the original manual on the Internet, which said that it would run from any 1/2 hp motor, or could be optionally driven by a takeoff wheel from a tractor – unfortunately not an option in my sister’s honey house. But we did find a 3/4 hp bench grinder at Harbor Freight that conveniently fit inside the case, and bought the smallest v-belt pulley wheel that would fit the grinder’s arbor. We thought we were geniuses, but when we hooked it all up, it just stalled.

We spent more than a few hours taking the mechanism apart. It was basically an eccentric shaft with a bearing on the end, and the bearing ran back and forth in the groove of a sliding mechanism that the knife blade attached to. As mentioned above, everything was gunked, so we took it all apart. The bearing was seized, so we freed that up by getting the sand out of the balls. The bearing couldn’t move freely in the slide either, but we filed that down until it just moved freely without noticeable play. We added grease from this century, and reassembled it. It turned fine by hand.

But with the belt and motor attached, the mechanism still had just enough friction to stall out the motor. Of course we wrapped some rope around the shaft and pull-started it, and it made a hell of a racket, nearly vibrated itself off the table, and we could see that the marvelous zinc-coated frame that held it all together was racking under the tension. It would require a wholly new housing to be viable, and we hadn’t even figured out a source of steam to heat the knife.

In short, it was more trouble than it was worth. So we packed up the bench grinder in the original container, and returned it no-worse-for-wear to the Freight. But frankly, we had a fantastic time playing around with a noble machine from a long-gone past. We got it “working” even if that state was unworkable, and we were only out the cost of the small v-belt pulley. Who says all of your projects have to be a success to be fun?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!