Hackaday Columns

4663 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast 077: Secret Life Of SD Cards, Mining Minecraft’s Secret Seed, BadPower Is Bad, And Sailing A Sea Of Neon

July 24, 2020 by 3 Comments

Hackaday editors Mike Szczys and Elliot Williams are deep in the hacks this week. What if making your own display matrix meant a microcontroller board for every pixel? That’s the gist of this incredible neon display. There’s a lot of dark art poured into the slivers of microSD cards and this week saw multiple hacks digging into the hidden test pads of these devices. You’ve heard of Folding@Home, but what about Minecraft@Home, the effort to find world seeds from screenshots. And when USB chargers have exposed and rewritable firmware, what could possibly go wrong?

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 077: Secret Life Of SD Cards, Mining Minecraft’s Secret Seed, BadPower Is Bad, And Sailing A Sea Of Neon”

This Week In Security: Iran’s ITG18, ProcMon For Linux, And Garbage Collection Fail

July 24, 2020 by 4 Comments

Even top-tier security professionals make catastrophic mistakes, and this time it was the operators at Iran’s ITG18. We’re once again talking about the strange shadowy world of state sponsored hacking. This story comes from the IBM X-Force Incident Response Intelligence Services (IRIS). I suspect a Deadpool fan must work at IBM, but that’s beside the point.

A server suspected to be used by ITG18 was incorrectly configured, and when data and training videos were stored there, that data was publicly accessible. Among the captured data was records of compromised accounts belonging to US and Greek military personnel.

The training videos also contained a few interesting tidbits. If a targeted account used two factor authentication, the attacker was to make a note and give up on gaining access to that account. If a Google account was breached, the practice was to start with Google Takeout, the service from Google that allows downloading all the data Google has collected related to that account. Yoiks. Continue reading “This Week In Security: Iran’s ITG18, ProcMon For Linux, And Garbage Collection Fail”

Hands-On: Wireless Login With The New Mooltipass Mini BLE Secure Password Keeper

July 23, 2020 by 34 Comments

Remembering passwords is one of those things which one just cannot seem to escape. At the very least, we all need to remember a single password: namely the one for unlocking a password manager. These password managers come in a wide variety of forms and shapes, from software programs to little devices which one carries with them. The Mooltipass Mini BLE falls into the latter category: it is small enough to comfortably fit in a hand or pocket, yet capable of remembering all of your passwords.

Heading into its crowdfunding campaign, the Mooltipass Mini BLE is an evolution of the Mooltipass Mini device, which acts as a USB keyboard by default, entering log-in credentials for you. With the required browser extension installed, this process can also be automated when browsing to a known website. Any new credentials can also be saved automatically this way.

Where the Mooltipass Mini BLE differs from the original is in that it also adds a Bluetooth (BLE) mode, enabling it to be used easily with any BLE-capable device, including laptops and smartphones, without having to dig around for a USB cable and/or OTG adapter.

I have already been using the original Mooltipass Mini for a while, and the Mooltipass team was kind enough to send me a prototype Mooltipass Mini BLE for evaluation and comparison. Let’s take a look.

Continue reading “Hands-On: Wireless Login With The New Mooltipass Mini BLE Secure Password Keeper”

Linux Fu: Keep In Sync

July 23, 2020 by 28 Comments

Once upon a time, computers were very expensive and you were lucky to have shared access to one computer. While that might seem to be a problem, it did have one big advantage: all of your files were on that computer.

Today, we all probably have at least a desktop and one laptop. Your phone is probably a pretty good computer by most standards. You might have multiple computers and a smattering of tablets. So what do you do to keep your files accessible everywhere? Why not run your own peer-to-peer synchronization service? Your files are always under your control and encrypted in motion. There’s no central point of failure. You can do it with one very slick piece of Open Source software called syncthing. It runs on Windows, Linux, Mac, BSD, and Solaris. There are also Android clients. We haven’t tested it, but one caveat is that the unofficial iOS support sounds a little spotty.

The joke about the cloud — that it’s just other people’s servers — is on point here. Some people don’t like their files sitting on a third-party server. Even if your files are encrypted or you don’t care, you still have the problem of what happens if you can’t reach the server — may be on an airplane with no WiFi — or the server goes down. Sure, Google and Microsoft don’t go dark very often, but they can and do. Even if you build your own cloud, it runs on your servers. Syncthing is serverless: it simply makes sure that all files are up-to-date on all your end devices. Continue reading “Linux Fu: Keep In Sync”

Beyond Printf(): Better Logging Practices For Faster Debugging

July 21, 2020 by 27 Comments

All of us who do some programming know that logging is a time-tested way to output messages about the internal state of our code. With varying degrees of adjustable granularity, these messages allow us to keep track of not only the state of the application, but also its overall health. When things do end up going FUBAR, these log messages are usually the first thing we look at as a software equivalent of a Flight Data Recorder in an airplane.

Spending some time and care in not only designing the logging system, but also in deciding what should be logged and at what level, can make our future self appreciate life a lot more. We’re all familiar with the practice of ‘printf-debugging’, where logging is added as part of the usual post-crash autopsy as one tries to figure out what exactly went wrong. It’s one way of doing it, and eventually it works, but we can do much better.

People are lazy, and you’re only going to stick to good logging practices if they are at least as easy if not easier than sprinkling printf() statement throughout the code. Yet at the same time we want to be able to handle things like log levels and newlines without too much extra typing. The most successful logging libraries are built with this

Continue reading “Beyond Printf(): Better Logging Practices For Faster Debugging”

There’s An Engineer In Germany I’d Like A Word With; Tale Of A Crumbling Volkswagen Lock

July 20, 2020 by 149 Comments

In common with quite a few in the hardware hacking community, I have a fondness for older vehicles. My “modern” ride is an older vehicle by today’s standards, a Volkswagen Polo 6N made in the late 1990s. It’s by my estimation a Good Car, having transported me reliably back and forth across the UK and Europe for several years.

Last week though, it let me down. Outside the church in a neighbouring village the driver’s door lock failed, leaving me with my igniton key stuck in the door, and a mildly embarrassing phone call to my dad to bring the Torx driver required to remove the assembly and release it. I am evidently not 1337 enough, I don’t carry a full set of Torx bits with me everywhere I go. The passenger side lock has never worked properly while I’ve had the car, and this is evidently my cue to sort it all out.

Continue reading “There’s An Engineer In Germany I’d Like A Word With; Tale Of A Crumbling Volkswagen Lock”

Ubuntu Update Hack Chat

July 20, 2020 by 18 Comments

Join us on Wednesday, July 22 at noon Pacific for the Ubuntu Update Hack Chat with Rhys Davies and Alan Pope!

Everyone has their favorite brands, covering everything from the clothes they wear to the cars they drive. We see brand loyalty informing all sorts of acquisition decisions, not only in regular consumer life but in technology, too. Brand decisions sort people into broad categories like Mac versus PC, or iPhone versus Android, and can result in spirited discussions of the relative merits of one choice over the others. It’s generally well-intentioned, even if it gets a bit personal sometimes.

Perhaps no choice is more personal in hacker circles than which Linux distribution to use. There are tons to choose from, each with their various features and particular pros and cons. Ubuntu has become a very popular choice for Linux aficionados, attracting more than a third of the market. Canonical is the company behind the Debian-based distro, providing editions that run on the desktop, on servers, and on a variety of IoT devices, as well as support and services for large-scale users.

To fill us in on what’s new in the world of Ubuntu, Canonical product manager Rhys Davies and developer advocate Alan Pope will stop by the Hack Chat this week. They’ll be ready to answer all your questions about the interesting stuff that’s going on with Ubuntu, including the recently announced Ubuntu Appliances, easy to install, low maintenance images for Raspberry Pis and PCs that are built for security and simplicity. We’ll also talk about snaps, desktops, and whatever else crops up.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 22 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Ubuntu Update Hack Chat”