Hackaday Columns

4534 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Ask Hackaday: Does Your Car Need An Internet Killswitch?

October 1, 2019 by 103 Comments

Back in the good old days of carburetors and distributors, the game was all about busting door locks and hotwiring the ignition to boost a car. Technology rose up to combat this, you may remember the immobilizer systems that added a chip to the ignition key without which the vehicle could not be started. But alongside antitheft security advances, modern vehicles gained an array of electronic controls covering everything from the entertainment system to steering and brakes. Combine this with Bluetooth, WiFi, and cellular connectivity — it’s unlikely you can purchase a vehicle today without at least one of these built in — and the attack surface has grown far beyond the physical bounds of bumpers and crumple zones surrounding the driver.

Cyberattackers can now compromise vehicles from the comfort of their own homes. This can range from the mundane, like reading location data from the navigation system to more nefarious exploits capable of putting motorists at risk. It raises the question — what can be done to protect these vehicles from unscrupulous types? How can we give the user ultimate control over who has access to the data network that snakes throughout their vehicle? One possible solution I’m looking at today is the addition of internet killswitches.

Continue reading “Ask Hackaday: Does Your Car Need An Internet Killswitch?”

Alternative Photography Hack Chat

September 30, 2019 by 3 Comments

Join us on Wednesday, October 2 at noon Pacific for the Alternative Photography Hack Chat with Pierre-Loup Martin!

It seems like the physics of silicon long ago replaced the chemistry of silver as the primary means of creating photographs, to the point where few of us even have film cameras anymore, and home darkrooms are a relic of the deep past. Nobody doubts that the ability to snap a quick photo or even to create a work of photographic genius with a tiny device that fits in your pocket is a wonder of the world, but still, digital photographs can lack some of the soul of film photography.

Recapturing the look of old school photography is a passion for a relatively small group of dedicated photographers, who ply their craft with equipment and chemistries that haven’t been in widespread use for a hundred years. The tools of this specialty trade are hard to come by commercially, so practitioners of alternate photographic processes are by definition hackers, making current equipment bend to the old ways. Pierre-Loup is one such artist, working with collodion plateshacked large-format cameras, pinholes camera, and chemicals and processes galore –  anything that lets him capture a unique image. His photographs are eerie, with analog imperfections that Photoshop would have a hard time creating.

Join us as Pierre-Loup takes us on a tour through the world of alternative photography. We’ll look at the different chemistries used in alternative photography, the reasons why anyone would want to try it, and the equipment needed to pull it off. Photography was always a hack, until it wasn’t; Pierre-Loup will show us how he’s trying to put some soul back into it.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, October 2 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Here’s Your First Look At The Talks Of The 2019 Hackaday Superconference

September 27, 2019 by 21 Comments

The ultimate hardware conference returns this November as the Hackaday Superconference springs to life in Pasadena, California. It is our pleasure to announce the first set of accepted speakers who have confirmed their appearances at Supercon. This reveal is only the tip of the iceberg, so keep your eye on Hackaday as we continue to reveal the rest of the exemplary talks and workshops that make up this year’s conference.

However, don’t wait to get your ticket. Yes, we sell out every year, but the pace of ticket sales has been much faster this year and soon they will all be gone. Don’t miss out, as you can see from the small sample below, Supercon will be packed with amazing people and you need to be one of them!

The Talks (Part One of Many)


  • Matthias Balwierz aka bitluni

    Multimedia Fun with the Esp32

    The ESP32 microcontroller is a beast! Everyone knows that already. Composite video and VGA are common now. But a few years ago these capabilities weren’t obvious. This talk will recap the journey of squeezing out every possible bit of performance to generate audio and video with the least amount of additional components. It’s a detail-packed discussion of the projects I’ve documented on my YouTube channel bitluni’s lab.


  • Sarah Kaiser

    Hacking Quantum Key Distribution Hardware or How I Learned to Stop Worrying and Burn Things with Lasers

    Quantum devices are the next big addition to the general computing and technology landscape. However, just like classical hardware, quantum hardware can be hacked. I will share some of my (successful) attempts to break the security of quantum key distribution hardware with the biggest laser I could find!


  • Mohit Bhoite

    Building Free-Formed Circuit Sculptures

    I’ll be talking about building free-formed circuit sculptures, and how anyone with the right tools can get involved in this art form. We’ll explore ways to make these sculptures interact with the environment around them or with the user.


  • Thea Flowers

    Creating a Sega-Inspired Hardware Synthesizer from the Ground Up.

    What makes the Sega Genesis sound chip unique? I’ll share some short history about why the Genesis happened at a very specific moment to have this sort of chip. I’ll talk about designing and building a synthesizer around it and the challenges I encountered by trying to do this as my first hardware project.


  • Helen Leigh

    Sound Hacking and Music Technologies

    I will explore the ways in which music is influenced by making and hacking, including a whistle-stop tour of some key points in music hacking history. This starts with 1940s Musique Concrete and Daphne Oram’s work on early electronic music at the BBC, and blossoms into the strange and wonderful projects coming out of the modern music hacker scenes, including a pipe organ made of Furbies, a sound art marble run, robotic music machines and singing plants.


  • Adam Zeloof

    Thermodynamics for Electrical Engineers: Why Did My Board Melt (And How Can I Prevent It)?

    In this presentation I will provide circuit designers with the foundation they need to consider thermal factors in their designs. Heat transfers through on-board components and knowing how to characterize this means we can choose the right heat sink for any application. Learn about free simulation tools that can be used to perform these analyses and boost your knowledge of thermodynamics and heat transfer (although those who are already familiar with the subject will find some utility in it as well).


  • Samy Kamkar

    FPGA Glitching & Side Channel Attacks

    I will explore some of the incredible work that has been done by researchers, academics, governments, and the nefarious in the realm of side channel analysis. We’ll inspect attacks that were once secret and costly, but now accessible to all of us using low cost hardware such as FPGAs. We’ll learn how to intentionally induce simple yet powerful faults in modern systems such as microcontrollers.


  • Daniel Samarin

    Debugging Electronics: You Can’t Handle the Ground Truth!

    Root-causing quickly is all about having the right tools, having the right infrastructure in place, and knowing how to use them. Is it the firmware, the circuit, a bad crimp, or backlash in the gears? I will outline strategies for finding out what the issue is, so that you can focus on fixing the right thing.

You Miss It, You’ll Miss It

If there’s any way you can make it to Supercon in person, you should. One of the two talk stages will be live-streamed, and the other recorded, but there is no substitute for hanging out with these eight awesome people, plus five hundred of our closest friends. Anyone who’s made it to the conference before can tell you that the intimate atmosphere is packed with opportunities to meet new people, connect with those you’ve only seen on the internet, and learn about the newest developments happening in the world of hardware creation. See you in November!

Hackaday Podcast 037: Two Flavors Of Robot Dog, Hacks That Start As Fitness Trackers, Clocks That Wound Themselves, And Helicopter Chainsaws

September 27, 2019 by No comments

Hackaday Editors Mike Szczys and Elliot Williams take a look at the latest hacks from the past week. We keep seeing awesome stuff and find ourselves wanting to buy cheap welders, thermal camera sensors, and CNC parts. There was a meeting of the dog-shaped robots at ICRA and at least one of them has super-fluid movements. We dish on 3D printed meat, locking up the smartphones, asynchronous C routines, and synchronized clocks.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 037: Two Flavors Of Robot Dog, Hacks That Start As Fitness Trackers, Clocks That Wound Themselves, And Helicopter Chainsaws”

This Week In Security: Patch Monday Mysteries, CentOS 8 And CentOS Stream, Russian Surveillance, And CSRF

September 27, 2019 by 5 Comments

So first off this week is something of a mystery. Microsoft released an out-of-cycle patch for Internet Explorer. The exploitability assessment from Microsoft indicates that this bug is under active exploitation, but not many details are available. Let’s take a look at what information has been released, and see what we can learn.

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

It’s a remote code execution vulnerability, it affects Internet Explorer, it’s in the scripting engine, and it happens due to objects in memory being mishandled. We could take some guesses, but later in this document we’re given a few other clues. The workaround is to disable jscript.dll, and the impact is limited, as jscript9.dll is the default JavaScript engine. jscript.dll is apparently a legacy JavaScript engine that a website can request.

“Jscript” is what Microsoft called their shameless copy implementation of JavaScript. The older jscript.dll seems to be present in newer versions of Internet Explorer for compatibility reasons. So it’s a problem in how the older JavaScript library handles objects. Any website can request this legacy engine, so the attack vector is basically unlimited.

The urgency implied by the out-of-cycle patch, combined with the otherwise eery silence surrounding this patch, suggests this 0-day was possibly being used in a targeted attack. We hope the details will eventually be revealed.

CentOS 8 and CentOS Stream

CentOS 8 was released this week, the community repackage of Red Hat Enterprise Linux (RHEL) 8. In 2014, Red Hat announced that CentOS was officially becoming a Red Hat sponsored project. This week, CentOS Stream was also announced.

The Fedora distribution has long served as a test-bed for upcoming RHEL releases, with RHEL 8 being based on Fedora 28. CentOS Stream will serve as a “midstream” distribution, a rolling release that pulls updates from Fedora, and will eventually become future RHEL/CentOS releases. It remains to be seen exactly how far ahead of the main CentOS distribution Stream will stay. A long-standing problem with CentOS is that by the time a release hits end-of-life, some of the software versions are very old. Even though security fixes are quickly backported to these older versions, there are security issues that arise as a result. For example, CentOS 7 contains PHP 5.4 with no official path to installing a newer version of PHP. WordPress now requires PHP 5.6.20 as the oldest supported PHP version. Red Hat may backport fixes to PHP 5.4, but that doesn’t help the out-of-date installs of WordPress, running on otherwise up-to-date CentOS machines.

Hopefully CentOS Stream will provide the much needed middle-ground between the bleeding-edge pace of Fedora, and the frustratingly slow march of CentOS/RHEL.

Russian Surveillance

A Nokia employee accidentally backed up a company drive to his home storage device, which was unintentionally Internet accessible. The data contained on this drive was detailed information on Russia’s SORM (System for Operative Investigative Activities), the government’s wiretapping program. The amount of data revealed is staggering, 1.7 terabytes. Passwords, administrative URLs, and even precise physical locations were included. The breadth of information makes one wonder if it was actually an accident, or if this was intended to be another Snowden style data leak. Just an aside, it’s not clear that the revealed wiretapping effort is as broad or onerous as the one Snowden revealed.

PHPMyAdmin CSRF

Running PHPMyAdmin on one of your servers? You should probably go update it. Version 4.9.1 was released on Saturday the 21st, and contains a fix for CVE-2019-12922. This vulnerability is a Cross Site Request Forgery, or CSRF. A CSRF attack can be as simple as an image link on one site, that links to another site, and triggers an action on that second site. Let’s look at the PHPMyAdmin example:

img src="
http://server/phpmyadmin/setup/index.php?page=servers&mode=remove&id=1";
style="display:none;"

A hidden image will actually trigger an HTTP GET request, which asks for the server’s page, and tries to remove the first entry. If a user is logged in to the PHPMyAdmin server that the link is targeting, the command will silently complete. This is one of the reasons that HTTP GET requests should never make state changes, and only ever retrieve information. An HTTP POST message is much harder to generate in this way, though not impossible.

Review: OSEPP STEM Kit 1, A Beginner’s All-in-One Board Found In The Discount Aisle

September 26, 2019 by 11 Comments

As the name implies, the OSEP STEM board is an embedded project board primarily aimed at education. You use jumper wires to connect components and a visual block coding language to make it go.

I have fond memories of kits from companies like Radio Shack that had dozens of parts on a board, with spring terminals to connect them with jumper wires. Advertised with clickbait titles like “200 in 1”, you’d get a book showing how to wire the parts to make a radio, or an alarm, or a light blinker, or whatever.

The STEM Kit 1 is sort of a modern arduino-powered version of these kits. The board hosts a stand-alone Arduino UNO clone (included with the kit) and also has a host of things you might want to hook to it. Things like the speakers and stepper motors have drivers on board so you can easily drive them from the arduino. You get a bunch of jumper wires to make the connections, too. Most things that need to be connected to something permanently (like ground) are prewired on the PCB. The other connections use a single pin. You can see this arrangement with the three rotary pots which have a single pin next to the label (“POT1”, etc.).

I’m a sucker for a sale, so when I saw a local store had OSEPP’s STEM board for about $30, I had to pick one up. The suggested price for these boards is $150, but most of the time I see them listed for about $100. At the deeply discounted price I couldn’t resist checking it out.

So does an embedded many-in-one project kit like this one live up to that legacy? I spent some time with the board. Bottom line, if you can find a deal on the price I think it’s worth it. At full price, perhaps not. Join me after the break as I walk through what the OSEPP has to offer.

Continue reading “Review: OSEPP STEM Kit 1, A Beginner’s All-in-One Board Found In The Discount Aisle”

Ask Hackaday: What Good Is A Robot Dog?

September 25, 2019 by 63 Comments

It is said that Benjamin Franklin, while watching the first manned flight of a hot air balloon by the Montgolfier brothers in Paris in 1783, responded when questioned as to the practical value of such a thing, “Of what practical use is a new-born baby?” Dr. Franklin certainly had a knack for getting to the heart of an issue.

Much the same can be said for Spot, the extremely videogenic dog-like robot that Boston Dynamics has been teasing for years. It appears that the wait for a production version of the robot is at least partially over, and that Spot (once known as Spot Mini) will soon be available for purchase by “select partners” who “have a compelling use case or a development team that [Boston Dynamics] believe can do something really interesting with the robot,” according to VP of business development Michael Perry.

The qualification of potential purchasers will certainly limit the pool of early adopters, as will the price tag, which is said to be as much as a new car – and a nice one. So it’s not likely that one will show up in a YouTube teardown video soon, so until the day that Dave Jones manages to find one in his magic Australian dumpster, we’ll have to entertain ourselves by trying to answer a simple question: Of what practical use is a robotic dog?

Continue reading “Ask Hackaday: What Good Is A Robot Dog?”