Hackaday Columns

4425 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Linux Fu: VPN For Free With SSH

November 23, 2020 by 44 Comments

If you see a lot of banner ads on certain websites, you know that without a Virtual Private Network (VPN), hackers will quickly ravage your computer and burn down your house. Well, that seems to be what they imply. In reality, though, there are two main reasons you might want a VPN connection. You can pay for a service, of course, but if you have ssh access to a computer somewhere on the public Internet, you can set up your own VPN service for no additional cost.

The basic idea is that you connect to a remote computer on another network and it makes it look like all your network traffic is local to that network. The first case for this is to sidestep or enhance security. For example, you might want to print to a network printer without exposing that printer to the public Internet. While you are at the coffee shop you can VPN to your network and print just like you were a meter away from the printer at your desk. Your traffic on the shop’s WiFi will also be encrypted.

The second reason is to hide your location from snooping. For example, if you like watching the BBC videos but you live in Ecuador, you might want to VPN to a network in the UK so the videos are not blocked. If your local authorities monitor and censor your Internet, you might also want your traffic coming from somewhere else.

Continue reading “Linux Fu: VPN For Free With SSH”

Hackaday Links Column Banner

Hackaday Links: November 22, 2020

November 22, 2020 by 6 Comments

Remember DSRC? If the initialism doesn’t ring a bell, don’t worry — Dedicated Short-Range Communications, a radio service intended to let cars in traffic talk to each other, never really caught on. Back in 1999, when the Federal Communications Commission set aside 75 MHz of spectrum in the 5.9-GHz band, it probably seemed like a good idea — after all, the flying cars of the future would surely need a way to communicate with each other. Only about 15,000 vehicles in the US have DSRC, and so the FCC decided to snatch back the whole 75-MHz slice and reallocate it. The lower 45 MHz will be tacked onto the existing unlicensed 5.8-GHz band where WiFi now lives, providing interesting opportunities in wireless networking. Fans of chatty cars need not fret, though — the upper 30 MHz block is being reallocated to a different Intelligent Transportation System Service called C-V2X, for Cellular Vehicle to Everything, which by its name alone is far cooler and therefore more likely to succeed.

NASA keeps dropping cool teasers of the Mars 2020 mission as the package containing the Perseverance rover hurtles across space on its way to a February rendezvous with the Red Planet. The latest: you can listen to the faint sounds the rover is making as it gets ready for its date with destiny. While we’ve heard sounds from Mars before — the InSight lander used its seismometer to record the Martian windPerseverance is the first Mars rover equipped with actual microphones. It’s pretty neat to hear the faint whirring of the rover’s thermal management system pump doing its thing in interplanetary space, and even cooler to think that we’ll soon hear what it sounds like to land on Mars.

Speaking of space, back at the beginning of 2020 — you know, a couple of million years ago — we kicked off the Hack Chat series by talking with Alberto Caballero about his “Habitable Exoplanets” project, a crowd-sourced search for “Earth 2.0”. We found it fascinating that amateur astronomers using off-the-shelf gear could detect the subtle signs of planets orbiting stars half a galaxy away. We’ve kept in touch with Alberto since then, and he recently tipped us off to his new SETI Project. Following the citizen-science model of the Habitable Exoplanets project, Alberto is looking to recruit amateur radio astronomers willing to turn their antennas in the direction of stars similar to the Sun, where it just might be possible for intelligent life to have formed. Check out the PDF summary of the project which includes the modest technical requirements for getting in on the SETI action.

Continue reading “Hackaday Links: November 22, 2020”

Why You Need To Finish

November 21, 2020 by 31 Comments

Mike and I were talking about an interesting smart-glasses hack on the podcast. This was one of those projects where, even if you don’t need a pair of glasses with LEDs on them to help you navigate around, you just couldn’t help but marvel at a lot of the little design choices made throughout.

For instance, I love the way the flex PCB is made to do double duty by wrapping around the battery and forming a battery holder. This struck me as one of those quintessential hacks that only occurs to you because you need it. Necessity is the mother of invention, and all that. There was a problem, how to fit a battery holder in the tiny space, and a set of resources that included a flex PCB substrate. Cleverly mashing that all together ended up with a novel solution. This wouldn’t occur to you if you were just sitting at the beach; you’d have to be designing something electronic, space-constrained, and on a flex PCB to come up with this.

Mike made an offhand comment about how sometimes you just need to finish a project for the good ideas and clever solutions that you’ll come up with along the way, and I think this battery holder example drives that point home. I can’t count the number of my projects that may or may not have been dumb in retrospect, but along the way I came up with a little trick that I’ll end up using in many further projects, outliving the original application.

Finishing up a project on principle is a reasonable goal just on its own. But when the process of seeing something to conclusion is the generator of new and interesting challenges and solutions, it’s even more valuable. So if you’re stuck on a project, and not sure you want to take it all the way, consider if the journey itself could be the destination, and look at it as an opportunity to come up with that next long-lasting trick.

Bad News: Arecibo

If you read the newsletter last week, you heard me wondering aloud if the damage to Arecibo Observatory had crossed the threshold into where it’s no longer economically viable to keep it running, and the sad news has just come in and the battle for Arecibo has been lost. We said we’d shed a tear, and here we are. Sic transit gloria mundi. Here’s hoping something cooler replaces it!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Ask Hackaday: What Tools Do You Really Need For A Life On The Road?

November 20, 2020 by 45 Comments

How do you dispose of an old hard drive? Inventive stories about heat and flame or industrial shredders will no doubt appear in the comments, but for me I just dismantle them and throw the various parts into the relevant scrap bins at my hackerspace. The magnets end up stuck to a metal door frame, and I’m good to go. So a week or so ago when I had a few ancient drives from the 1990s to deal with, I sat down only to find my set of Torx and Allen drivers was missing. I was back to square one.

What A Missing Tool Tells You About Necessities

Clint Eastwood always seemed to have just what he needed, why can I never manage it! Produzioni Europee Associati, Public domain.
Clint Eastwood always seemed to have just what he needed, why can I never manage it! Produzioni Europee Associati, Public domain.

Life deals an odd hand, sometimes. One never expects to find oneself homeless and sofa-surfing, nearly all possessions in a container on a farm somewhere. But here I am, and somewhere in one of those huge blue plastic removal crates is my driver set, alongside the other detritus of an engineer scribe’s existence. It’s all very well to become a digital nomad with laptop and hotspot when it comes to writing, but what has the experience taught me about doing the same as a solderer of fortune when it comes to hardware? My bench takes up several large removal crates and there is little chance of my carrying that much stuff around with me, so what makes the cut? Evidently not the tools for hard drive evisceration, so I had to borrow the set of a hackerspace friend to get the job done. Continue reading “Ask Hackaday: What Tools Do You Really Need For A Life On The Road?”

Hackaday Podcast 094: Fake Sun, Hacked Super Mario, Minimum Viable Smart Glasses, And 3D Printers Can’t Do That

November 20, 2020 by 3 Comments

Hackaday editors Elliot Williams and Mike Szczys traverse the hackerscape looking for the best the internet had to offer last week. Nintendo has released the new Game & Watch handheld and it’s already been hacked to run custom code. Heading into the darkness of winter, this artificial sun build is one not to miss… and a great way to reuse a junk satellite dish. We’ve found a pair of smartglasses that are just our level of dumb. And Tom Nardi cracks open some consumer electronics to find a familiar single-board computer doing “network security”.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~60 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 094: Fake Sun, Hacked Super Mario, Minimum Viable Smart Glasses, And 3D Printers Can’t Do That”

This Week In Security: SAD DNS, Incident Documentation Done Well, And TCL Responds

November 20, 2020 by 6 Comments

One of the big stories from the past few days is the return of DNS cache poisoning. The new attack has been dubbed SADDNS, and the full PDF whitepaper is now available. When you lookup a website’s IP address in a poisoned cache, you get the wrong IP address.

This can send you somewhere malicious, or worse. The paper points out that DNS has suffered a sort of feature creep, picking up more and more responsibilities. The most notable use of DNS that comes to mind is LetsEncrypt using DNS as the mechanism to prove domain ownership, and issue HTTPS certificates.

DNS Cache poisoning is a relatively old attack, dating from 1993. The first iteration of the attack was simple. An attacker that controlled an authoritative DNS server could include extra DNS results, and those extra results would be cached as if they came from an authoritative server. In 1997 it was realized that the known source port combined with a non-random transaction ID made DNS packet spoofing rather trivial. An attacker simply needs to spoof a DNS response with the appropriate txID, at the appropriate time to trick a requester into thinking it’s valid. Without the extra protections of TCP connections, this was an easy task. The response was to randomize the txID in each connection.

I have to take a moment to talk about one of my favorite gotchas in statistics. The Birthday paradox. The chances that two randomly selected people share a birthday is 1 in 365. How many people have to be in a room together to get a 50% chance of two of them sharing a birthday? If you said 182, then you walked into the paradox. The answer is 23. Why? Because we’re not looking for a specific birthday, we’re just looking for a collision between dates. Each non-matching birthday that walks into the room provides another opportunity for the next one to match.

This is the essence of the DNS birthday attack. An attacker would send a large number of DNS requests, and then immediately send a large number of spoofed responses, guessing random txIDs. Because only one collision is needed to get a poisoned cache, the chances of success go up rapidly. The mitigation was to also randomize the DNS source port, so that spoof attempts had to have both the correct source port and txID in the same attempt. Continue reading “This Week In Security: SAD DNS, Incident Documentation Done Well, And TCL Responds”

Easy IoT Logging Options For The Beginner

November 19, 2020 by 20 Comments

If a temperature sensor takes a measurement in the woods but there’s nobody around to read it, is it hot out? 

If you’ve got a project that’s collecting data, you might have reasons to put it online. Being able to read your data from anywhere has its perks, after all, and it’s key to building smarter interconnected systems, too. Plus, you can tell strangers the humidity in your living room while you’re out at the pub, and they’ll be really impressed.

Taking the leap into the Internet of Things can be daunting however, with plenty of competing services and options from the basic to the industrial-strength available. Today, we’re taking a look at two options for logging data online that are accessible to the beginner. Continue reading “Easy IoT Logging Options For The Beginner”