Hackaday Columns

4566 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Eric Weinhoffer Covers Enclosure Design And Manufacturing Tech During Hackaday Prize Mentor Session

August 9, 2019 by 1 Comment

Eric Weinhoffer has had plenty of experience in the product design arena, and this hard-earned knowledge is readily apparent in his mentor session for The Hackaday Prize. These serve to link up Prize entrants with industry experts in order to help them take their projects into production. You still have time to get in on the 2019 Hackaday Prize which is accepting entries until August 25th.

Eric’s work as a Prototype Engineer at Bolt stands him in good stead to deliver valuable advice on manufacturing techniques and prototyping. With projects as diverse as CNC milling machiness and ISS payloads under his belt, Eric was able to help out these entrants with a series of tricky problems that will be familiar to anyone who has tried to take a project out of the lab and into the market.

Let’s take a look at the projects and the advice that were shared during this session.

Continue reading “Eric Weinhoffer Covers Enclosure Design And Manufacturing Tech During Hackaday Prize Mentor Session”

Hackaday Podcast 030: Seven Years Of RTL-SDR, 3D Printing Optimized For The Eye, Sega Audiophile, Swimming In Brighteners

August 9, 2019 by 3 Comments

Hackaday Editors Mike Szczys and Elliot Williams curate the awesome hacks from the past week. On this episode, we marvel about the legacy RTL-SDR has had on the software-defined radio scene, turn a critical ear to 16-bit console audio hardware, watch generative algorithms make 3D prints beautiful, and discover why printer paper is so very, very bright white.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 030: Seven Years Of RTL-SDR, 3D Printing Optimized For The Eye, Sega Audiophile, Swimming In Brighteners”

This Week In Security: SWAPGS, Malicious Shaders, More IOS Woes, And WPA3

August 9, 2019 by 19 Comments

I’m sure you’ve heard of Spectre, which was the first of many speculative execution vulnerabilities found in modern processors. A new one just popped up this week. At Blackhat on Tuesday, CVE-2019-1125 was announced by Bitdefender as SWAPGS.

SWAPGS is an x86_64 instruction that is intended for use in context switching, that is when execution is transferred from a user-space program back into the kernel. Specifically, SWAPGS swaps the value of the GS register so that it refers to either a memory location in the running application, or a location in the kernel’s space. An unprivileged program can attempt to call this instruction and leak kernel memory contents as a result of the processor speculatively executing the instruction (this is similar to Spectre). Even though the instruction will ultimately not be executed, because a userspace program doesn’t have sufficient privilege to do so, the contents of the system cache have already been sufficiently altered, and an attack could feasibly leverage this to read arbitrary kernel memory.

While the initial reports have mentioned both AMD and Intel products, AMD has released a statement:

AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.

Patches for Windows and Linux have been released, and Red Hat has an informative write-up on the vulnerability. I would have reviewed Bitdefender’s whitepaper on the vulnerability, but rather than make it freely available, they have opted to require a name and email address. While I would like to see their work, I refuse to sell my contact information in exchange for access.

A Malicious Shader?

This is the first time I can remember hearing of a malicious pixel shader. Cisco Talos announced a set of vulnerabilities targeting VMware and NVIDIA graphics drivers.

Shaders are specialized programs that run on a video card, and are generally used to apply effects like blur, lighting, bump mapping, and more. Most of the graphical improvements in the last few years of gaming is a result of shaders.

Talos researchers were specifically looking at how to compromise a VM Hyper-visor from inside a guest OS, and they discovered that when a host provides 3d acceleration to the guest, shaders are passed directly through to the system drivers without verification. Because the NVIDIA drivers are also vulnerable, this could allow a malicious program on the host to run arbitrary code on the hypervisor.

While this is troubling enough, the topper is that a malicious shader could potentially be run via WebGL. Taken together, this represents a real danger where simply loading a malicious WebGL enabled page could compromise not only a conventional machine, but could also compromise the bare-metal OS even when run on a guest instance.

Both NVIDIA and VMware have already released driver updates that fixes the flaw, so go update!

iOS Problems

Natalie Silvanovich of Google’s Project Zero released a set of 5 iOS vulnerabilities on Wednesday the 7th. These are not garden variety bugs, but so-called “zero click” problems where no user interaction is required for exploit.

The first exploit, for example, is a spoofed visual voicemail message. Visual voicemail notifications are sent as specially formatted text messages and contain information about the message and the address of an IMAP server to connect to and download the message. That information can be spoofed, leading a device to try to download a message from an IMAP server in the control of an attacker. From that point, finding a bug in the iOS IMAP handling code was relatively easy.

5 vulnerabilities have been fixed in iOS updates. There is a 6th vulnerability, CVE-2019-8641, that has yet to be fixed. While a few hints about this problem are given, the details have been withheld until an update has been released to fully fix the problem. One could be a bit cynical and point out that it’s the Google research team announcing these flaws. While there is certainly a self-serving angle to consider, it’s much better for iOS and consumers if flaws are fixed and publicized, rather than kept secret and sold to an offensive security vendor.

One more iOS story is Apple Bleee. Bluetooth Low Energy is an extremely useful communication protocol, allowing Apple devices to perform many of their seemingly magic functionality. The downside is that to make the magic happen, iOS devices are constantly sending BLE signals, probing for other devices. The researchers at Hexway realized that these signals leak lots of data about your device, potentially including your phone number.

iOS uses a SHA256 hash of the device’s phone number as an identifier when using AirDrop. A SHA256 is still a reasonably secure one-way hash, so there’s no problem, right? The clever realization is that while the hash is secure, and the output space is too large to attack, the input space is small enough to be manageable. An attacker could target the most common area codes in their area, limiting the target space further. From there, the SHA256 hashes for all valid numbers can be pre-calculated and stored in a lookup table.

More WPA3 Problems

We’ve discussed Dragonblood, a WPA3 analysis project. A new problem has been identified, a timing analysis attack that leaks information about the internal state of the encryption algorithm.

Espionage On Display As GCHQ Hosts A Temporary Exhibit

August 6, 2019 by 23 Comments

At the top of the British electronic intelligence agency is the Government Communications Headquarters (GCHQ), a very public entity whose circular building can easily be found by any inquisitive soul prepared to drive just off the A40 in Cheltenham which is about two hours west of London. But due to the nature of its work it is also one of the most secretive of UK agencies, from which very little public information is released. With over a century of history behind it and with some truly groundbreaking inventions under its belt it is rumoured to maintain a clandestine technology museum that would rewrite a few history books and no doubt fascinate the Hackaday readership.

Perhaps the most famous of all its secrets was the wartime Colossus, the first all-electronic stored program digital computer, which took an unauthorised book in the 1970s to bring to public attention. Otherwise its historical artifacts have been tantalisingly out-of-reach, hinted at but never shown.

A temporary exhibition at the Science Museum in London then should be a must-visit for anyone with an interest in clandestine technology. Top Secret: From ciphers to cyber security occupies the basement gallery, and includes among other exhibits a fascinating selection of artifacts from the Government agency. On a trip to London I met up with a friend, and we went along to take a look.

Continue reading “Espionage On Display As GCHQ Hosts A Temporary Exhibit”

Kickstarter Hack Chat

August 5, 2019 by No comments

Join us on Wednesday, August 7th at noon Pacific for the Kickstarter Hack Chat with Beau Ambur and Clarissa Redwine!

For many of us, magic things happen on our benches. We mix a little of this, one of those, and a couple of the other things, and suddenly the world has the Next Big Thing. Or does it? Will it ever see the light of day? Will you ever build a community around your project so that the magic can escape the shop and survive the harsh light of the marketplace? And perhaps most importantly, will you be able to afford to bring your project to market?

Crowdfunding is often the answer to these questions and more, and Kickstarter is one of the places where hackers can turn their project into a product. Beau and Clarissa, both outreach leads for the crowdfunding company, will stop by the Hack Chat to answer all your questions about getting your project off the bench and into the marketplace. Join us as we discuss everything from building a community that’s passionate enough about your idea to fund it, to the right way to share your design story.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, August 7 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

SpaceX Clips Dragon’s Wings After Investigation

August 5, 2019 by 120 Comments

When the SpaceX Dragon spacecraft reached orbit for the first time in 2010, it was a historic achievement. But to qualify for NASA’s Commercial Orbital Transportation Services (COTS) program, the capsule also needed to demonstrate that it could return safely to Earth. Its predecessor, the Space Shuttle, had wings that let it glide home and land like a plane. But in returning to the classic capsule design of earlier spacecraft, SpaceX was forced to rely on a technique not used by American spacecraft since the 1970s: parachutes and an ocean splashdown.

The Dragon’s descent under parachute, splashdown, and subsequent successful recovery paved the way for SpaceX to begin a series of resupply missions to the International Space Station that continue to this day. But not everyone at SpaceX was satisfied with their 21st century spacecraft having to perform such an anachronistic landing. At a post-mission press conference, CEO Elon Musk told those in attendance that eventually the Dragon would be able to make a pinpoint touchdown using thrusters and deployable landing gear:

The architecture that you observed today is obviously similar to what was employed in the Apollo era, but the next generation Dragon, the Crew Dragon, we’re actually going to be aiming for a propulsive landing with gear. We’ll still have the parachutes as a backup, but it’s going to be a precision landing, you could literally land on something the size of a helipad propulsively with gear, refuel, and take off again.

But just shy of a decade later, the violent explosion of the first space worthy Crew Dragon has become the final nail in the coffin for Elon’s dream of manned space capsules landing like helicopters. In truth, the future of this particular capability was already looking quite dim given NASA’s preference for a more pragmatic approach to returning their astronauts from space. But Crew Dragon design changes slated to be implemented in light of findings made during the accident report will all but completely remove the possibility of Dragon ever performing a propulsive landing.

Continue reading “SpaceX Clips Dragon’s Wings After Investigation”

Hackaday Links Column Banner

Hackaday Links: August 4, 2019

August 4, 2019 by 22 Comments

Is the hacking community facing a HOPEless future? It may well be, if this report from 2600 Magazine is any indication. The biennial “Hackers On Planet Earth” conference is in serious financial jeopardy after the venue that’s hosted it for years, the Hotel Pennsylvania in Manhattan, announced a three-fold increase in price. Organizers are scrambling to save the conference and they’re asking for the community’s help in brainstorming solutions. Hackaday was at HOPE XI in 2016 and HOPE XII in 2018; let’s HOPE we get to see everyone again in 2020.

If you’ve ever been curious about how a 1970s PROM chip worked, Ken Shirriff has you covered. Or uncovered, as he popped the top off a ceramic MMI 5300 DIP to look at the die within. Closeups of the somewhat cockeyed die reveal its secrets – 1,024 tiny fusible links. Programming was a matter of overloading a particular fuse, turning a 1 into a 0 permanently. It’s a fascinating look at how it used to be done, with Ken’s usual attention to detail in the documentation department.

We had a great Hack Chat this week with Mihir Shah from Royal Circuits. Royal is one of the few quick-turn PCB fabs in the USA, and they specialize in lightning-fast turnaround on bare PCBs and assembled boards. He told us all about this fascinating business, and dropped a link to a side project of his. Called DebuggAR, it’s an augmented reality app that runs on a smartphone and overlays component locations, signal traces, pinouts, and more right over a live image of your board. He’s got a beta going now for iPhone users and would love feedback, so check it out.

With all the cool things you can do with LoRa radios, it’s no wonder that wireless hobbyists have taken to pushing the limits on what the technology can do. The world record distance for a LoRa link was an astonishing 702 km (436 miles). That stood for two years until it was topped, twice in the same day. On July 13th, the record was pushed to 741 km, and a mere five hours later to 766 km. All on a scant 25 mW of power.

Linux distro Manjaro made an unconventional choice regarding which office suite to include, and it’s making some users unhappy. It appears that they’ve dumped LibreOffice from the base install, opting instead to include the closed-source FreeOffice. Worse, FreeOffice doesn’t have support for saving .doc and OpenDocument files; potentially leaving LibreOffice users stranded. Paying for an upgrade to SoftMaker’s Office product can fix that, but that’s hardly free-as-in-beer free. It’s kind of like saying the beer is free, but the mug is an upgrade. UPDATE: It looks like the Manjaro team heard all the feedback and are working on a selector so you can install the office suite of your choice.

Tragic news out of New Hampshire, as amateur radio operator Joe Areyzaga (K1JGA) was killed while trying to dismantle an antenna tower. Local news has coverage with no substantial details, however the hams over on r/amateurradio seem to have the inside line on the cause. It appears the legs of the tower had filled with water over the years, rusting them from the inside out. The tower likely appeared solid to Joe and his friend Mike Rancourt (K1EEE) as they started to climb, but the tower buckled at the weak point and collapsed. K1EEE remains in critical condition after the 40′ (12 m) fall, but K1JGA is now a silent key. The tragedy serves as a reminder to everyone who works on towers to take nothing for granted before starting to climb.

And finally, just for fun, feast your eyes on this movie of the ESA’s Rosetta spacecraft as is makes its flyby of comet 67P/Churyumov–Gerasimenko. It’s stitched together from thousands of images and really makes 67P look like a place, not just a streak of light in the night sky.