Hackaday Columns

4566 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Get Over Your Fears

October 24, 2020 by 23 Comments

Some projects are just too complex, that’s for sure. But I’d be willing to bet that some things you think are too difficult actually aren’t, and it may be that all you need to get over your personal hurdle is a good demonstration. Here come three cases in point.

I was looking at the new Raspberry Pi Compute Module last weekend. They have a whole bunch of high-speed traces: things like Gigabit Ethernet, HDMI, and those crazy-fast SDI serial camera interfaces. I have no experience in high-speed design and layout at all, and frankly it gives me the willies. But the Raspberries also shipped me an IO demo board, and concomitant KiCAD design files, with the review board. Looking at it, they were just wires — maybe pairwise length-matched and impedance controlled — but also just wires. Opening up the KiCAD board file and clicking on the traces just like I do with my own designs, I’m a lot less scared. That was a revelation for me.

In a great writeup of his experience building ten different Linux single-board-computers from scratch, Jay Carlson had a similar effect on me. I would never have considered breaking out the hotplate for some CPU-and-DRAM action, and I’ve never had to lay out a PCB with a high density BGA chip before either. I’m not quite into Dunning-Kruger territory yet; I still have a healthy respect for the layout intricacies in fanning out a tight BGA CPU into a DRAM. But Jay’s frank assessments of what is easy and what is hard make it all seem within the realm of the doable.

As Mike and I were talking on the podcast about Jay’s work, Mike came clean about his fear of BGAs. I’ve done enough reflow-plate soldering, with parts that have a lead pitch that’s a factor of two finer than the 0.8 mm pitch BGAs in question, so it doesn’t seem implausible to me. And I’m 100% sure Mike could pull it off too, but he is in need of a BGA guru. Any good hobbyist videos out there?

Being a nerdy type, I’m much more focused on the knowledge and the inspiration, but maybe the courage is equally important — at least I think I undervalue it. I don’t need to lay out HDMI lines, or build a from-scratch Linux box, but I am no longer afraid that I couldn’t, and that’s because I’ve seen detailed examples of fellow hackers who’ve done the same. I might not get it right on the first shot, but I’m not afraid to try, and I wouldn’t have said the same before looking over other folks’ shoulders. Forza e corragio!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 090: DIY Linux SBC, HDMI CEC, Fake Bluepills, And SCARA Arms

October 23, 2020 by 2 Comments

Hackaday editors Elliot Williams and Mike Szczys chat about our favourite hacks from the past week. We start off with a bit of news of the Bennu asteroid and the new Raspberry Pi Compute Module. We drive ourselves crazy trying to understand how bobbin holders on sewing machines work, all while drooling over the mechanical brilliance of a bobbin-winding build. SCARA is the belt and pulley champion of robot arms and this week’s example cleverly uses redundant bearings for better precision. And we wrap up the show looking in on longform articles about the peppering of microcontrollers found on the Bluepill and wondering what breakthroughs are left to be found for internal combustion.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 090: DIY Linux SBC, HDMI CEC, Fake Bluepills, And SCARA Arms”

This Week In Security: Too Little Too Late, And Other Stories

October 23, 2020 by 2 Comments

Microsoft has just announced a way to disable JScript in Internet Explorer. This would have been very useful a few years ago, to proactively prevent problems found in the now-ancient JScript engine, which ran their own slightly different version of standard JavaScript. Even though IE is no longer under active development, it still receives security updates. JScript, on the other hand, is basically done. If you’re one of the 1.06% that still use IE, then go flip the switch to protect yourself from additional JScript vulnerabilities.

Zerologon and Samba?

Samba is an open source re-implemenation of Microsoft’s SMB protocol. There’s a clever term that describes the reality of this situation: “Bug for bug compatibility”. Remember Zerologon, the flaw where a security token’s generation could be manipulated to vastly reduce the key space? Samba follows the specification, and therefore suffers from the same issue, though it seems to be unusual to actually run Samba in a vulnerable configuration.

Other implementations cannot say the same. QNAP in particular has been bitten by Zerologon when configured as a domain controller. What’s not clear is whether QNAP is running Samba on the NAS products, or if this is yet another vulnerable implementation. Either way, go update your devices. Continue reading “This Week In Security: Too Little Too Late, And Other Stories”

Clacker Hacker: Popping A Cap In A Brother EP43 Thermal Typewriter

October 22, 2020 by 27 Comments

A few months ago, I fell down the internet rabbit hole known as Ted Munk’s typewriter site. I don’t remember if I just saw this Brother EP43 typewriter for sale and searched for information about them, or went looking for one after reading about them. Either way, the result is the same — I gained a typewriter.

Now I’m not really a typewriter collector or anything, and this is my first word processor typewriter. When it arrived from Goodwill, I anxiously popped four ‘C’ cells in and hoped for the best. It made a print head noise, so that was a good sign. But almost immediately after that, there was a BANG! and then a puff of smoke wafted out from the innards. My tiny typewriter was toast. Continue reading “Clacker Hacker: Popping A Cap In A Brother EP43 Thermal Typewriter”

Google Meddling With URLs In Emails, Causing Security Concerns

October 21, 2020 by 58 Comments

Despite the popularity of social media, for communication that actually matters, e-mail reigns supreme. Crucial to the smooth operation of businesses worldwide, it’s prized for its reliability. Google is one of the world’s largest e-mail providers, both with its consumer-targeted Gmail product as well as G Suite for business customers [Jeffrey Paul] is a user of the latter, and was surprised to find that URLs in incoming emails were being modified by the service when fetched via the Internet Message Access Protocol (IMAP) used by external email readers.

This change appears to make it impossible for IMAP users to see the original email without logging into the web interface, it breaks verification of the cryptographic signatures, and it came as a surprise.

Security Matters

A test email sent to verify the edits made by Google’s servers. Top, the original email, bottom, what was received.

For a subset of users, it appears Google is modifying URLs in the body of emails to instead go through their own link-checking and redirect service. This involves actually editing the body of the email before it reaches the user. This means that even those using external clients to fetch email over IMAP are affected, with no way to access the original raw email they were sent.

The security implications are serious enough that many doubted the initial story, suspecting that the editing was only happening within the Gmail app or through the web client. However, a source claiming to work for Google confirmed that the new feature is being rolled out to G Suite customers, and can be switched off if so desired. Reaching out to Google for comment, we were directed to their help page on the topic.

The stated aim is to prevent phishing, with Google’s redirect service including a link checker to warn users who are traveling to potentially dangerous sites. For many though, this explanation doesn’t pass muster. Forcing users to head to a Google server to view the original URL they were sent is to many an egregious breach of privacy, and a security concern to boot. It allows the search giant to further extend its tendrils of click tracking into even private email conversations. For some, the implications are worse. Cryptographically signed messages, such as those using PGP or GPG, are broken by the tool; as the content of the email body is modified in the process, the message no longer checks out with respect to the original signature. Of course, this is the value of signing your messages — it becomes much easier to detect such alterations between what was sent and what was received.

Inadequate Disclosure

Understandably, many were up in arms that the company would implement such a measure with no consultation or warning ahead of time. The content of an email is sacrosanct, in many respects, and tampering with it in any form will always be condemned by the security conscious. If the feature is a choice for the user, and can be turned off at will, then it’s a useful tool for those that want it. But this discovery was a surprise to many, making it hard to believe it was adequately disclosed before roll-out. The question unfolded in the FAQ screenshot above hints at this being part of Google’s A/B test and not applied to all accounts. Features being tested on your email account should be disclosed yet they are not.

Protecting innocent users against phishing attacks is a laudable aim,  and we can imagine many business owners enabling such a feature to avoid phishing attacks. It’s another case where privacy is willingly traded for the idea of security. While the uproar is limited due to the specific nature of the implementation thus far, we would expect further desertion of Google’s email services by the tech savvy if such practices were to spread to the mainstream Gmail product. Regardless of what happens next, it’s important to remember that the email you read may not be the one you were sent, and act accordingly.

Update 30/10/2020: It has since come to light that for G Suite users with Advanced Protection enabled, it may not be possible to disable this feature at all. 

Untethered: Fishing Without Lines

October 20, 2020 by 23 Comments

There’s a laundry list of ways that humans are polluting the earth, and even though it might not look like it from the surface, the oceans seem to bear the brunt of our waste. Some research suggests that plastic doesn’t fully degrade as it ages, but instead breaks down into smaller and smaller bits that will be somewhere the in environment for such a long time it could be characterized in layman’s terms as forever.

Not only does waste of all kinds make its way to the oceans by rivers or simply by outright dumping, but commercial fishing gear is estimated to comprise around 10% of the waste in the great blue seas, and one of the four nonprofits help guide this year’s Hackaday Prize is looking to eliminate some of that waste and ensure it doesn’t cause other problems for marine life. This was the challenge for the Conservation X Labs dream team, three people who were each awarded a $6,000 micro-grant to work full time for two months on the problem.

It isn’t about simply collecting waste in the ocean, but rather about limiting the time that potentially harmful but necessary fishing equipment is in the water in the first place. For this two-month challenge, this team focused on long lines used by professional fishing operations to attach buoys to gear like lobster pots or crab traps. These ropes are a danger to large ocean animals such as whales when they get tangled in them and, if the lines detach from the traps, the traps themselves continue to trap and kill marine life for as long as they are lost underwater. This “ghost gear” is harmful in many different ways, and reducing its time in the water or “soak time” was the goal for the project.

Let’s take a closer look at their work after the break, and we can also see the video report they filed as the project wrapped up.

Continue reading “Untethered: Fishing Without Lines”

Lewis Latimer Drafted The Future Of Electric Light

October 20, 2020 by 40 Comments

These days, we have LED light bulbs that will last a decade. But it wasn’t so long ago that incandescent lamps were all we had, and they burned out after several months. Thomas Edison’s early light bulbs used bamboo filaments that burned out very quickly. An inventor and draftsman named Lewis Latimer improved Edison’s filament by encasing it in cardboard, earning himself a patent the process.

Lewis had a hard early life, but he succeeded in spite of the odds and his lack of formal education. He was a respected draftsman who earned several patents and worked directly with Alexander Graham Bell and Thomas Edison. Although Lewis didn’t invent the light bulb, he definitely made it better and longer-lasting. Continue reading “Lewis Latimer Drafted The Future Of Electric Light”