Hackaday Columns

4621 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Zero Days, Notarized Malware, Jedi Mind Tricks, And More

September 4, 2020 by 5 Comments

Honeypots are an entertaining way to learn about new attacks. A simulated vulnerable system is exposed to the internet, inviting anyone to try to break into it. Rather than actually compromising a deployed device, and attacker just gives away information about how they would attack the real thing. A honeypot run by 360Netlab found something interesting back in April: an RCE attack against QNAP NAS devices. The vulnerability is found in the logout endpoint, which takes external values without properly sanitizing them. These values are used as part of an snprintf statement, and then executed with a system() call. Because there isn’t any sanitization, special characters like semicolons can be injected into the final command to be run, resulting in a trivial RCE.

QNAP has released new firmware that fixes the issue by replacing the system() call with execv(). This change means that the shell isn’t part of the execution process, and the command injection loses its bite. Version 4.3.3 was the first firmware release to contain this fix, so if you run a QNAP device, be sure to go check the firmware version. While this vulnerability was being used in the wild, there doesn’t seem to have been a widespread campaign exploiting it.

Continue reading “This Week In Security: Zero Days, Notarized Malware, Jedi Mind Tricks, And More”

Linux Fu: Moving /usr

September 3, 2020 by 83 Comments

Linux has changed. Originally inspired by Unix, there were certain well understood but not well enforced rules that everyone understood. Programs did small things and used pipes to communicate. X Windows servers didn’t always run on your local machine. Nothing in /usr contributed to booting up the system.

These days, we have systemd controlling everything. If you run Chrome on one display, it is locked to that display and it really wants that to be the local video card. And moving /usr to another partition will easily prevent you from booting up, unless you take precautions. I moved /usr and I lived to tell about it. If you ever need to do it, you’ll want to hear my story.

A lot of people are critical of systemd — including me — but really it isn’t systemd’s fault. It is the loss of these principles as we get more programmers and many of them are influenced by other systems where things work differently. I’m not just ranting, though. I recently had an experience that brought all this to mind and, along the way, I learned a few things about the modern state of the boot process. The story starts with a friend giving me an Intel Compute Stick. But the problems I had were not specific to that hardware, but rather how modern Linux distributions manage their start-up process.

Continue reading “Linux Fu: Moving /usr”

The B-Sides: Curious Uses Of Off-the-Shelf Parts

September 2, 2020 by 44 Comments

I admit: a few years of prototyping without easy machine shop access really whets my tastebuds for turning metal chips. But all that time spent away from proper machine tools has also pushed me to re-imagine part catalogs, something I see almost every day. Without any precision metalworking tools handy, stock mechanical parts have become my supplement for complexity. And so a former dogma to machine-everything-thyself has been transformed into a hunt for that already-made-part-that-does-it-for-you.

But with part catalogs featuring tens of thousands of purpose-built parts, I started reimagining some of them for other misdeeds. And after a few years spent reinventing use cases for some of these parts, I’m about ready to tell you how to misuse them properly. So today I’d like to show you some of my favorite mechanical part B-sides, so to speak. These are ordinary parts in unorthodox places–something you surely won’t find in the datasheet! Now let’s have a look. Continue reading “The B-Sides: Curious Uses Of Off-the-Shelf Parts”

That Elusive Valve Amp Sound, For Not A Lot! (There Has To Be A Catch)

September 1, 2020 by 54 Comments

It was with considerable interest last month that I set out to track down where in the world there are still factories making tubes. My research found them in Slovakia, Russia, and China, and it’s fairly certain I didn’t find all the manufacturers by any means. There appeared to be a whole class of mundane tubes still in production that weren’t to be found on their glossy websites. A glance at any outlet through which Chinese modules can be bought will find this type of tube in small audio amplifier projects, and some of them can be astoundingly cheap. When faced with cheap electronics of course I’m tempted to buy some, so I parted with about £10 ($12.50) and bought myself a kit for a two-tube device described as a stereo preamplifier and headphone amplifier.

An Unusual Tube Choice For Audio

What I received for my tenner was a press-seal bag with a PCB and a pile of components, and not much else. No instructions, which would have been worrisome were the board not clearly marked with the value of each component. The circuit was on the vendor’s website and is so commonly used for these sort of kits that it can be found all over the web — a very conventional twin common-cathode amplifier using a pair of 6J1 miniature pentodes, and powered through a +25 V and -25 V supply derived from a 12 VAC input via a voltage multiplier and regulator circuit. It has a volume potentiometer, two sets of phono sockets for input and output, and the slightly naff addition of a blue LED beneath each tube socket to impart a blue glow. I think I’ll pass on that component.

The 6J1 seems to be ubiquitous throughout the Chinese kits, which is surprising when you understand that it’s not an audio tube at all. Instead it’s a small-signal VHF amplifier, a rough equivalent of the European EF95, and would be much more at home in an FM radio receiver or turret TV tuner from the 1950s. I can only assume that somewhere in China there’s a tube factory tooled up for radio tube production that is targeting this market, because another tube you will see in audio power amplifier kits is the FU32 or QQV03-20 in European parlance, a large power beam tetrode that might have been found in a 1950s military radio transmitter. Still just as if you were to use an RF transistor in an audio circuit it would give good account of itself, so it is with an RF tube. There is no reason a 6J1 won’t do an acceptable job in a circuit such as this one.

Continue reading “That Elusive Valve Amp Sound, For Not A Lot! (There Has To Be A Catch)”

Start Me Up: What Has The Windows 95 Desktop Given Us 25 Years Later?

August 31, 2020 by 103 Comments

We’ve had something of an anniversary of late, and it’s one that will no doubt elicit a variety of reactions from our community. It’s now 25 years ago that Windows 95 was launched, the operating system that gave the majority of 1990s PC users their first taste of a desktop-based GUI and a 32-bit operating system.

To the strains of the Rolling Stones’ Start me up, Microsoft execs including Bill Gates himself jubilantly danced on stage at the launch of what was probably to become the company’s defining product, perhaps oblivious to the line “You make a grown man cry” which maybe unwittingly strayed close to the user experience when faced with some of the software’s shortcomings.

Its security may seem laughable by the standards of today and the uneasy marriage of 16-bit DOS underpinning a 32-bit Windows operating system was clunky even in its heyday, but perhaps now is the best time to evaluate it unclouded by technical prejudice. What can we see of Windows 95 in the operating systems we use today, and thus from that can we ask the question: What did Windows 95 get right? Continue reading “Start Me Up: What Has The Windows 95 Desktop Given Us 25 Years Later?”

Hackaday Links Column Banner

Hackaday Links: August 30, 2020

August 30, 2020 by 12 Comments

Tech history is rife with examples of bizarre product demos, but we’ve got to think that Elon Musk’s Neuralink demo this week will have to rank up there with the weirdest of them. Elon’s job here was to sell the proposition that having a quarter-sized plug removed from your skull by a surgical robot and having it plunge 1,024 tiny wires into your gray matter will be totally normal and something that all the cool kids will be doing someday. We watched the 14-minute supercut of the demo, which went on for considerably longer than that due to the realities of pig wrangling, and we remain unsold on the technology. Elon selling it as “a Fitbit in your skull, with tiny wires” probably didn’t help, nor did the somewhat terrifying appearance of the surgical robot needed to do the job. On the other hand, Gertrude the Bionic Pig seemed none the worse for her implant, which was reportedly wired to her snout and sending data wirelessly. The demonstration of reading joint positions directly from the brain was honestly pretty neat. If you want to dive deeper into Neuralink, check out Maya’s great article that separates fact from science fiction.

Jerry Carr, NASA astronaut and commander of the third and final crewed Skylab mission, passed away this week at the age of 88. Carr’s Skylab 4 mission was record-breaking in 1974, with the three astronauts living and working in the orbiting workshop for 84 days. The mission contributed a vast amount of information on space medicine and the human factors of long-duration spaceflight. Carr retired from NASA in 1977 and had a long career as an engineer and entrepreneur. It’s sad to lose yet another of the dwindling number of heroes remaining from NASA’s manned-flight heyday.

Speaking of spaceflight, the closest most of us DIYers can get to space is likely courtesy of a helium-filled balloon. If you’ve ever considered sending something — or someone — aloft, you’ll find this helium balloon calculator an invaluable tool. Just plug in the weight of your payload, select from a few common balloon sizes, and the calculator will tell you how many you need and how much gas it will take to fill them. It’s got a second section that tells you how many more balloons it’ll take to get to a certain altitude, should merely getting off the ground not be enough for you.

If 2020 has proven anything, it’s that time is, at best, a negotiable concept. Improbably, September is only a day away, after an August that somehow took forever to go by in the blink of an eye. With that in mind,  October is OSHWA’s Open Hardware Month, with this year’s theme being “Label and Certify”. We’re a little bit in love with the Open Hardware Facts generator, which takes your open-source hardware, software, and documentation license and generates a USDA “Nutrition Facts”-style label for your product. They’ve also added tools to make it easier to get OSHWA certification for your project.

And finally, what would it be like to pilot a giant exoskeleton? Like, a 9,000 pound (4,100 kg), quadrupedal all-terrain beast of a mech? Turns out you can (theoretically) find out for yourself courtesy of Furrion Exo-Bionics and their monster mech, dubbed Prosthesis. The machine has been in development for a long time, with the vision of turning mech racing into the next big thing in sports entertainment. Their Alpha Mech Pilot Training Program will allow mere mortals to learn how to pilot Prosthesis at the company’s proving ground in British Columbia. Details are sparse, so caveat emptor, but it sure looks like fun.

Impossibilities And 3D Printing

August 29, 2020 by 43 Comments

This week our own [Donald Papp] wrote a thought-provoking piece on buying and selling 3D-printer models. His basic point: if you don’t know what you’re getting until you’ve purchased it, and there’s no refund policy, how can you tell if your money is being well spent? It’s a serious problem for these nascent markets, because when customers aren’t satisfied they won’t come back.

It got me thinking about my own experience, albeit with all of the free 3D models out there. They are a supremely mixed bag, and even though you’re not paying for the model, you’re paying in printing time, filament, and effort. It pays to be choosy, and all of [Donald]’s suggestions hold in the “free” market as well.

Failenium Falcon. Image by Johannes

Only download models that have been printed at least once, have decent documentation about things like layer height, filament type, and support, and to the best of your abilities, be critical about the ability to fabricate the part at all. Fused-deposition printers can only print on top of previous layers, and have a distinct grain, so you need to watch out for overhangs and print orientation. With resin printers, you need to be careful about trapped volumes of uncured resin. You want to be sure that the modeler at least took these considerations into account.

But when your parts have strength requirements, fits, and tolerances, it gets even worse. There’s almost no way a designer can know if you’re overextruding on your first layers or not. Different slicers handle corners differently, making inner surfaces shrink to varying degrees. How can the designer work around your particular situation?

My personal answer is open-source. Whenever possible, I prefer models in OpenSCAD. If you download an STL with ten M8 bolt holes, you could widen them all in a modeling program, but if you’ve got the source code, it’s as easy as changing a single variable. Using the source plays to the customizability of 3D printing, which is perhaps its strongest suit, in my mind. Nobody knows exactly how thick your desk is but you, after all. Making a headphone hook that’s customizable is key.

So even if the markets for 3D prints can solve the reliability problems, through customer reviews or requirements of extensive documentation, they’ll never be able to solve the one-size-fits-nobody issue. Open source fixes this easily. Sell me the source, not the STL!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!