Hackaday Columns

4657 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming

November 13, 2020 by 9 Comments

Git’s Large File System is a reasonable solution to a bit of a niche problem. How do you handle large binary files that need to go into a git repository? It might be pictures or video that is part of a project’s documentation, or even a demonstration dataset. Git-lfs’s solution is to replace the binary files with a text-based pointer to where the real file is hosted. That’s not important to understanding this vulnerability, though. The problem is that git-lfs will call the main git binary as part of its operation, and when it does so, the full path is not used. On a Unix system, that’s not a problem. The $PATH variable is used to determine where to look for binaries. When git is run, /usr/bin/git is automagically run. On a Windows system, however, executing a binary name without a path will first look in the current directory, and if a matching executable file is not found, only then will the standard locations be checked.

You may already see the problem. If a repository contains a git.exe, git.bat, or another git.* file that Windows thinks is executable, git-lfs will execute that file instead of the intended git binary. This means simply checking out a malicious repository gets you immediate code execution. A standard install of git for Windows, prior to 2.29.2.2, contains the vulnerable plugin by default, so go check that you’re updated!

Then remember that there’s one more wrinkle to this vulnerability. How closely do you check the contents of a git download before you run the next git command? Even with a patched git-lfs version, if you clone a malicious repository, then run any other git command, you still run the local git.* file. The real solution is pushing the local directory higher up the path chain. Continue reading “This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming”

Tech Hidden In Plain Sight: Gas Pumps

November 12, 2020 by 67 Comments

Ask someone who isn’t technically inclined how a TV signal works or how a cell phone works, or even how a two-way switch in a hall light works and you are likely to get either a blank stare or a wildly improbable explanation. But there are some things so commonplace that even the most tech-savvy of us don’t bother thinking about. One of these things is the lowly gas pump.

Gas pumps are everywhere and it’s a safe bet to assume everyone reading this has used one at some point, most of use on a regular basis. But what’s really going on there?

Most of it is pretty easy to figure out. As the name implies, there must be a pump. There’s some way to tell how much is pumping and how much it costs and, today, some way to take the payment. But what about the automatic shut off? It isn’t done with some fancy electronics, that mechanism dates back decades. Plus, we’re talking about highly combustible materials, there has to be more to it then just a big tank of gas and a pump. Safety is paramount and, experientially, we don’t hear about gas stations blowing up two or three times a day, so there must be some pretty stout safety features. Let’s pay homage to those silent safety features and explore the tricks of the gasoline trade.

Continue reading “Tech Hidden In Plain Sight: Gas Pumps”

Spacing Out: A Big Anniversary, Starlink Failures Plummet, Lunar Cellphones, And A Crewed Launch

November 11, 2020 by 32 Comments

After a couple of months away we’re returning with our periodic roundup of happenings in orbit, as we tear you away from Star Trek: Discovery and The Mandalorian, and bring you up to date with some highlights from the real world of space. We’ve got a launch to look forward to this week, as well as a significant anniversary.

Continue reading “Spacing Out: A Big Anniversary, Starlink Failures Plummet, Lunar Cellphones, And A Crewed Launch”

Retrotechtacular: Shake Hands With Danger

November 10, 2020 by 42 Comments

OK, you’re going to have to engage your safety squints and sit back to enjoy this one: a classic bit of safety propaganda from US heavy-equipment manufacturer Caterpillar from 1980 entitled “Shake Hands with Danger.”

Actually, you’ll probably need to engage your schlock filters for this 23-minute film too, as both the writing and the theme song are pretty hard to take. The film is one of those “Scared Straight” attempts to show just how horrifically wrong things can go both in the field and in the shop when working on anything made of stuff stronger than human flesh and bone. And in that regard, the film is highly effective — we found ourselves getting a bit queasy at a few points, with the poor dude who got his hand sucked into a bench grinder being both terrifying and relatable. [Three-Finger Joe] indeed.

Now, you might take exception with the acting, but as you watch all these vignettes, keep in mind that these are all old-school stunts — that’s actually a gigantic D9 bulldozer they crashed, and that brake chamber explosion really blew out that truck’s windows. They did a great job making the potential consequences of a moment’s thoughtlessness sickeningly vivid. Especially that arm-in-the-linkages scene. Ugh.

Whatever way you practice the hacking arts, stay safe out there. And don’t “Shake Hands with Danger.”

Continue reading “Retrotechtacular: Shake Hands With Danger”

Linux Fu: Send In The (Cloud) Clones

November 10, 2020 by 17 Comments

Storing data “in the cloud” — even if it is your own server — is all the rage. But many cloud solutions require you to access your files in a clumsy way using a web browser. One day, operating systems will incorporate generic cloud storage just like any other file system. But by using two tools, rclone and sshfs, you can nearly accomplish this today with a little one-time setup. There are a few limitations, but, generally, it works quite well.

It is a story as old as computing. There’s something new. Using it is exotic and requires special techniques. Then it becomes just another part of the operating system. If you go back far enough, programmers had to pull specific records from mass storage like tapes, drums, or disks and deblock data. Now you just open a file or a database. Cameras, printers, audio, and even networking once were special devices that are now commonplace. If you use Windows, for example, OneDrive is well-supported. But if you use another service, you may or may not have an easy option to just access your files as a first-class file system.

The rclone program is the Swiss Army knife of cloud storage services. Despite its name, it doesn’t have to synchronize a local file store to a remote service, although it can do that. The program works with a dizzying array of cloud storage providers and it can do simple operations like listing and copying files. It can also synchronize, as you’d expect. However, it also has an experimental FUSE filesystem that lets you mount a remote service — with varying degrees of success.

What’s Supported?

If you don’t like using someone like Google or Amazon, you can host your own cloud. In that case, you can probably use sshfs to mount a file using ssh, although rclone can also do that. There are also cloud services you can self-host like OwnCloud and NextCloud. A Raspberry Pi running Docker can easily stand up one of these in a few minutes and rclone can handle these, too.

Continue reading “Linux Fu: Send In The (Cloud) Clones”

Learning SDR And DSP Hack Chat

November 9, 2020 by No comments

Join us on Wednesday, November 11th at noon Pacific for Learning SDR and DSP Hack Chat with Marc Lichtman!

“Revolution” is a term thrown about with a lot less care than it probably should be, especially in fields like electronics. It’s understandable, though — the changes to society that have resulted from the “Transistor Revolution” or the “PC Revolution” or more recently, the “AI Revolution” have been transformative, often for good and sometimes for ill. The common thread, though, is that once these revolutions came about, nothing was ever the same afterward.

Such is the case with software-defined radio (SDR) and digital signal processing (DSP). These two related fields may not seem as transformative as some of the other electronic revolutions, but when you think about it, they really have transformed the world of radio communications. SDR means that complex radio transmitters and receivers, no longer have to be implemented strictly in hardware as a collection of filters, mixers, detectors, and amplifiers; instead, they can be reduced to a series of algorithms running on a computer.

Teamed with DSP, SDR has resulted in massive shifts in the RF field, with powerful, high-bandwidth radio links being built into devices almost as an afterthought. But the concepts can be difficult to wrap one’s head around, at least when digging beyond the basics and really trying to learn how SDR and DSP work. Thankfully, Dr. Marc Lichtman, an Adjunct Professor at the University of Maryland, literally wrote the book on the subject. “PySDR: A Guide to SDR and DSP using Python” is a fantastic introduction to SDR and DSP that’s geared toward those looking to learn how to put SDR and DSP to work in practical systems. Dr. Lichtman will stop by the Hack Chat to talk about his textbook, to answer your questions on how best to learn about SDR and DSP, and to discuss what the next steps are once you conquer the basics.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, November 11 at 12:00 PM Pacific time. If time zones baffle you as much as us, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

[Banner image credit: Dsimic, CC BY-SA 4.0, via Wikimedia Commons]

Continue reading “Learning SDR And DSP Hack Chat”

Product Review: The TinySA, A Shirt-Pocket Sized Spectrum Analyzer

November 9, 2020 by 39 Comments

I suppose most of us have had the experience of going to the mailbox and seeing that telltale package in the white plastic bag, the sign that something has just arrived from China. This happened to me the other day, and like many of you it was one of those times when I puzzled to myself: “I wonder what I bought this time?”

With so many weeks or months between the time of your impulsive click on the “Buy Now” button on AliExpress or eBay and the slow boat from China actually getting the package to your door, it’s easy enough to forget what exactly each package contains. And with the price of goods so low, the tendency to click and forget is all the easier. That’s not necessarily a good thing, but I like surprises as much as the next person, so I was happy to learn that I was now the owner of a tinySA spectrum analyzer. Time for a look at what this little thing can do.

Continue reading “Product Review: The TinySA, A Shirt-Pocket Sized Spectrum Analyzer”