This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
Hackaday editors Mike Szczys and Elliot Williams ogle the greatest hacks from the past 168 hours. Did you know that Mars Rover didn’t get launched into space all alone? Nestled in it’s underbelly is a two-prop helicopter that’s a fascinating study in engineering for a different world. Fingerprinting audio files isn’t a special trick reserved for Shazam, you can do it just as easily with an ESP32. A flaw in the way Bluetooth COVID tracing frameworks chirp out their anonymized hashes means they’re not as perfectly anonymized as planned. And you’re going to love these cool ways to misuse items from those massive parts catalogs.
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Honeypots are an entertaining way to learn about new attacks. A simulated vulnerable system is exposed to the internet, inviting anyone to try to break into it. Rather than actually compromising a deployed device, and attacker just gives away information about how they would attack the real thing. A honeypot run by 360Netlab found something interesting back in April: an RCE attack against QNAP NAS devices. The vulnerability is found in the logout endpoint, which takes external values without properly sanitizing them. These values are used as part of an snprintf statement, and then executed with a system() call. Because there isn’t any sanitization, special characters like semicolons can be injected into the final command to be run, resulting in a trivial RCE.
QNAP has released new firmware that fixes the issue by replacing the system() call with execv(). This change means that the shell isn’t part of the execution process, and the command injection loses its bite. Version 4.3.3 was the first firmware release to contain this fix, so if you run a QNAP device, be sure to go check the firmware version. While this vulnerability was being used in the wild, there doesn’t seem to have been a widespread campaign exploiting it.
Linux has changed. Originally inspired by Unix, there were certain well understood but not well enforced rules that everyone understood. Programs did small things and used pipes to communicate. X Windows servers didn’t always run on your local machine. Nothing in /usr contributed to booting up the system.
These days, we have systemd controlling everything. If you run Chrome on one display, it is locked to that display and it really wants that to be the local video card. And moving /usr to another partition will easily prevent you from booting up, unless you take precautions. I moved /usr and I lived to tell about it. If you ever need to do it, you’ll want to hear my story.
A lot of people are critical of systemd — including me — but really it isn’t systemd’s fault. It is the loss of these principles as we get more programmers and many of them are influenced by other systems where things work differently. I’m not just ranting, though. I recently had an experience that brought all this to mind and, along the way, I learned a few things about the modern state of the boot process. The story starts with a friend giving me an Intel Compute Stick. But the problems I had were not specific to that hardware, but rather how modern Linux distributions manage their start-up process.
I admit: a few years of prototyping without easy machine shop access really whets my tastebuds for turning metal chips. But all that time spent away from proper machine tools has also pushed me to re-imagine part catalogs, something I see almost every day. Without any precision metalworking tools handy, stock mechanical parts have become my supplement for complexity. And so a former dogma to machine-everything-thyself has been transformed into a hunt for that already-made-part-that-does-it-for-you.
But with part catalogs featuring tens of thousands of purpose-built parts, I started reimagining some of them for other misdeeds. And after a few years spent reinventing use cases for some of these parts, I’m about ready to tell you how to misuse them properly. So today I’d like to show you some of my favorite mechanical part B-sides, so to speak. These are ordinary parts in unorthodox places–something you surely won’t find in the datasheet! Now let’s have a look. Continue reading “The B-Sides: Curious Uses Of Off-the-Shelf Parts”→
It was with considerable interest last month that I set out to track down where in the world there are still factories making tubes. My research found them in Slovakia, Russia, and China, and it’s fairly certain I didn’t find all the manufacturers by any means. There appeared to be a whole class of mundane tubes still in production that weren’t to be found on their glossy websites. A glance at any outlet through which Chinese modules can be bought will find this type of tube in small audio amplifier projects, and some of them can be astoundingly cheap. When faced with cheap electronics of course I’m tempted to buy some, so I parted with about £10 ($12.50) and bought myself a kit for a two-tube device described as a stereo preamplifier and headphone amplifier.
An Unusual Tube Choice For Audio
What I received for my tenner was a press-seal bag with a PCB and a pile of components, and not much else. No instructions, which would have been worrisome were the board not clearly marked with the value of each component. The circuit was on the vendor’s website and is so commonly used for these sort of kits that it can be found all over the web — a very conventional twin common-cathode amplifier using a pair of 6J1 miniature pentodes, and powered through a +25 V and -25 V supply derived from a 12 VAC input via a voltage multiplier and regulator circuit. It has a volume potentiometer, two sets of phono sockets for input and output, and the slightly naff addition of a blue LED beneath each tube socket to impart a blue glow. I think I’ll pass on that component.
The 6J1 seems to be ubiquitous throughout the Chinese kits, which is surprising when you understand that it’s not an audio tube at all. Instead it’s a small-signal VHF amplifier, a rough equivalent of the European EF95, and would be much more at home in an FM radio receiver or turret TV tuner from the 1950s. I can only assume that somewhere in China there’s a tube factory tooled up for radio tube production that is targeting this market, because another tube you will see in audio power amplifier kits is the FU32 or QQV03-20 in European parlance, a large power beam tetrode that might have been found in a 1950s military radio transmitter. Still just as if you were to use an RF transistor in an audio circuit it would give good account of itself, so it is with an RF tube. There is no reason a 6J1 won’t do an acceptable job in a circuit such as this one.
We’ve had something of an anniversary of late, and it’s one that will no doubt elicit a variety of reactions from our community. It’s now 25 years ago that Windows 95 was launched, the operating system that gave the majority of 1990s PC users their first taste of a desktop-based GUI and a 32-bit operating system.
To the strains of the Rolling Stones’ Start me up, Microsoft execs including Bill Gates himself jubilantly danced on stage at the launch of what was probably to become the company’s defining product, perhaps oblivious to the line “You make a grown man cry” which maybe unwittingly strayed close to the user experience when faced with some of the software’s shortcomings.
Its security may seem laughable by the standards of today and the uneasy marriage of 16-bit DOS underpinning a 32-bit Windows operating system was clunky even in its heyday, but perhaps now is the best time to evaluate it unclouded by technical prejudice. What can we see of Windows 95 in the operating systems we use today, and thus from that can we ask the question: What did Windows 95 get right? Continue reading “Start Me Up: What Has The Windows 95 Desktop Given Us 25 Years Later?”→
Tech history is rife with examples of bizarre product demos, but we’ve got to think that Elon Musk’s Neuralink demo this week will have to rank up there with the weirdest of them. Elon’s job here was to sell the proposition that having a quarter-sized plug removed from your skull by a surgical robot and having it plunge 1,024 tiny wires into your gray matter will be totally normal and something that all the cool kids will be doing someday. We watched the 14-minute supercut of the demo, which went on for considerably longer than that due to the realities of pig wrangling, and we remain unsold on the technology. Elon selling it as “a Fitbit in your skull, with tiny wires” probably didn’t help, nor did the somewhat terrifying appearance of the surgical robot needed to do the job. On the other hand, Gertrude the Bionic Pig seemed none the worse for her implant, which was reportedly wired to her snout and sending data wirelessly. The demonstration of reading joint positions directly from the brain was honestly pretty neat. If you want to dive deeper into Neuralink, check out Maya’s great article that separates fact from science fiction.
Jerry Carr, NASA astronaut and commander of the third and final crewed Skylab mission, passed away this week at the age of 88. Carr’s Skylab 4 mission was record-breaking in 1974, with the three astronauts living and working in the orbiting workshop for 84 days. The mission contributed a vast amount of information on space medicine and the human factors of long-duration spaceflight. Carr retired from NASA in 1977 and had a long career as an engineer and entrepreneur. It’s sad to lose yet another of the dwindling number of heroes remaining from NASA’s manned-flight heyday.
Speaking of spaceflight, the closest most of us DIYers can get to space is likely courtesy of a helium-filled balloon. If you’ve ever considered sending something — or someone — aloft, you’ll find this helium balloon calculator an invaluable tool. Just plug in the weight of your payload, select from a few common balloon sizes, and the calculator will tell you how many you need and how much gas it will take to fill them. It’s got a second section that tells you how many more balloons it’ll take to get to a certain altitude, should merely getting off the ground not be enough for you.
If 2020 has proven anything, it’s that time is, at best, a negotiable concept. Improbably, September is only a day away, after an August that somehow took forever to go by in the blink of an eye. With that in mind, October is OSHWA’s Open Hardware Month, with this year’s theme being “Label and Certify”. We’re a little bit in love with the Open Hardware Facts generator, which takes your open-source hardware, software, and documentation license and generates a USDA “Nutrition Facts”-style label for your product. They’ve also added tools to make it easier to get OSHWA certification for your project.
And finally, what would it be like to pilot a giant exoskeleton? Like, a 9,000 pound (4,100 kg), quadrupedal all-terrain beast of a mech? Turns out you can (theoretically) find out for yourself courtesy of Furrion Exo-Bionics and their monster mech, dubbed Prosthesis. The machine has been in development for a long time, with the vision of turning mech racing into the next big thing in sports entertainment. Their Alpha Mech Pilot Training Program will allow mere mortals to learn how to pilot Prosthesis at the company’s proving ground in British Columbia. Details are sparse, so caveat emptor, but it sure looks like fun.
What I received for my tenner was a press-seal bag with a PCB and a pile of components, and not much else. No instructions, which would have been worrisome were the board not clearly marked with the value of each component. The circuit was on the vendor’s website and is so commonly used for these sort of kits that it can be found all over the web — a very conventional twin common-cathode amplifier using a pair of 6J1 miniature pentodes, and powered through a +25 V and -25 V supply derived from a 12 VAC input via a voltage multiplier and regulator circuit. It has a volume potentiometer, two sets of phono sockets for input and output, and the slightly naff addition of a blue LED beneath each tube socket to impart a blue glow. I think I’ll pass on that component.
