Hackaday Columns

4659 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

DSP Spreadsheet: The Goertzel Algorithm Is Fourier’s Simpler Cousin

November 13, 2020 by 30 Comments

You probably have at least a nodding familiarity with the Fourier transform, a mathematical process for transforming a time-domain signal into a frequency domain signal. In particular, for computers, we don’t really have a nice equation so we use the discrete version of the transform which takes a series of measurements at regular intervals. If you need to understand the entire frequency spectrum of a signal or you want to filter portions of the signal, this is definitely the tool for the job. However, sometimes it is more than you need.

For example, consider tuning a guitar string. You only need to know if one frequency is present or if it isn’t. If you are decoding TouchTones, you only need to know if two of eight frequencies are present. You don’t care about anything else.

A Fourier transform can do either of those jobs. But if you go that route you are going to do a lot of math to compute things you don’t care about just so you can pick out the one or two pieces you do care about. That’s the idea behind the Goertzel. It is essentially a fast Fourier transform algorithm stripped down to compute just one frequency band of interest.  The math is much easier and you can usually implement it faster and smaller than a full transform, even on small CPUs.

Continue reading “DSP Spreadsheet: The Goertzel Algorithm Is Fourier’s Simpler Cousin”

Hackaday Podcast 093: Hot And Fast Raspberry Pi, Dr. Seuss Drone, M&M Mass Meter, And FPGA Tape Backup

November 13, 2020 by No comments

Hackaday editors Mike Szczys and Elliot Williams wrangle the epic hacks that crossed our screens this week. Elliot ran deep on overclocking all three flavors of the Raspberry Pi 4 this week and discovered that heat sinks rule the day. Mike exposes his deep love of candy-coated chocolates while drooling over a machine that can detect when the legume is missing from a peanut M&M. Core memory is so much more fun when LEDs come to play, one tiny wheel is the power-saving secret for a very strange multirotor drone, and there’s more value in audio cassette data transfer than you might think — let this FPGA show you how it’s done.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~70 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 093: Hot And Fast Raspberry Pi, Dr. Seuss Drone, M&M Mass Meter, And FPGA Tape Backup”

This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming

November 13, 2020 by 9 Comments

Git’s Large File System is a reasonable solution to a bit of a niche problem. How do you handle large binary files that need to go into a git repository? It might be pictures or video that is part of a project’s documentation, or even a demonstration dataset. Git-lfs’s solution is to replace the binary files with a text-based pointer to where the real file is hosted. That’s not important to understanding this vulnerability, though. The problem is that git-lfs will call the main git binary as part of its operation, and when it does so, the full path is not used. On a Unix system, that’s not a problem. The $PATH variable is used to determine where to look for binaries. When git is run, /usr/bin/git is automagically run. On a Windows system, however, executing a binary name without a path will first look in the current directory, and if a matching executable file is not found, only then will the standard locations be checked.

You may already see the problem. If a repository contains a git.exe, git.bat, or another git.* file that Windows thinks is executable, git-lfs will execute that file instead of the intended git binary. This means simply checking out a malicious repository gets you immediate code execution. A standard install of git for Windows, prior to 2.29.2.2, contains the vulnerable plugin by default, so go check that you’re updated!

Then remember that there’s one more wrinkle to this vulnerability. How closely do you check the contents of a git download before you run the next git command? Even with a patched git-lfs version, if you clone a malicious repository, then run any other git command, you still run the local git.* file. The real solution is pushing the local directory higher up the path chain. Continue reading “This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming”

Tech Hidden In Plain Sight: Gas Pumps

November 12, 2020 by 67 Comments

Ask someone who isn’t technically inclined how a TV signal works or how a cell phone works, or even how a two-way switch in a hall light works and you are likely to get either a blank stare or a wildly improbable explanation. But there are some things so commonplace that even the most tech-savvy of us don’t bother thinking about. One of these things is the lowly gas pump.

Gas pumps are everywhere and it’s a safe bet to assume everyone reading this has used one at some point, most of use on a regular basis. But what’s really going on there?

Most of it is pretty easy to figure out. As the name implies, there must be a pump. There’s some way to tell how much is pumping and how much it costs and, today, some way to take the payment. But what about the automatic shut off? It isn’t done with some fancy electronics, that mechanism dates back decades. Plus, we’re talking about highly combustible materials, there has to be more to it then just a big tank of gas and a pump. Safety is paramount and, experientially, we don’t hear about gas stations blowing up two or three times a day, so there must be some pretty stout safety features. Let’s pay homage to those silent safety features and explore the tricks of the gasoline trade.

Continue reading “Tech Hidden In Plain Sight: Gas Pumps”

Spacing Out: A Big Anniversary, Starlink Failures Plummet, Lunar Cellphones, And A Crewed Launch

November 11, 2020 by 32 Comments

After a couple of months away we’re returning with our periodic roundup of happenings in orbit, as we tear you away from Star Trek: Discovery and The Mandalorian, and bring you up to date with some highlights from the real world of space. We’ve got a launch to look forward to this week, as well as a significant anniversary.

Continue reading “Spacing Out: A Big Anniversary, Starlink Failures Plummet, Lunar Cellphones, And A Crewed Launch”

Retrotechtacular: Shake Hands With Danger

November 10, 2020 by 42 Comments

OK, you’re going to have to engage your safety squints and sit back to enjoy this one: a classic bit of safety propaganda from US heavy-equipment manufacturer Caterpillar from 1980 entitled “Shake Hands with Danger.”

Actually, you’ll probably need to engage your schlock filters for this 23-minute film too, as both the writing and the theme song are pretty hard to take. The film is one of those “Scared Straight” attempts to show just how horrifically wrong things can go both in the field and in the shop when working on anything made of stuff stronger than human flesh and bone. And in that regard, the film is highly effective — we found ourselves getting a bit queasy at a few points, with the poor dude who got his hand sucked into a bench grinder being both terrifying and relatable. [Three-Finger Joe] indeed.

Now, you might take exception with the acting, but as you watch all these vignettes, keep in mind that these are all old-school stunts — that’s actually a gigantic D9 bulldozer they crashed, and that brake chamber explosion really blew out that truck’s windows. They did a great job making the potential consequences of a moment’s thoughtlessness sickeningly vivid. Especially that arm-in-the-linkages scene. Ugh.

Whatever way you practice the hacking arts, stay safe out there. And don’t “Shake Hands with Danger.”

Continue reading “Retrotechtacular: Shake Hands With Danger”

Linux Fu: Send In The (Cloud) Clones

November 10, 2020 by 17 Comments

Storing data “in the cloud” — even if it is your own server — is all the rage. But many cloud solutions require you to access your files in a clumsy way using a web browser. One day, operating systems will incorporate generic cloud storage just like any other file system. But by using two tools, rclone and sshfs, you can nearly accomplish this today with a little one-time setup. There are a few limitations, but, generally, it works quite well.

It is a story as old as computing. There’s something new. Using it is exotic and requires special techniques. Then it becomes just another part of the operating system. If you go back far enough, programmers had to pull specific records from mass storage like tapes, drums, or disks and deblock data. Now you just open a file or a database. Cameras, printers, audio, and even networking once were special devices that are now commonplace. If you use Windows, for example, OneDrive is well-supported. But if you use another service, you may or may not have an easy option to just access your files as a first-class file system.

The rclone program is the Swiss Army knife of cloud storage services. Despite its name, it doesn’t have to synchronize a local file store to a remote service, although it can do that. The program works with a dizzying array of cloud storage providers and it can do simple operations like listing and copying files. It can also synchronize, as you’d expect. However, it also has an experimental FUSE filesystem that lets you mount a remote service — with varying degrees of success.

What’s Supported?

If you don’t like using someone like Google or Amazon, you can host your own cloud. In that case, you can probably use sshfs to mount a file using ssh, although rclone can also do that. There are also cloud services you can self-host like OwnCloud and NextCloud. A Raspberry Pi running Docker can easily stand up one of these in a few minutes and rclone can handle these, too.

Continue reading “Linux Fu: Send In The (Cloud) Clones”