Hackaday Podcast Episode 295: Circuit Graver, Zinc Creep, And Video Tubes

With Superconference 2024 in the books, Dan joined Elliot, fresh off his flight back from Pasadena, to look through the week (or two) in hacks. It was a pretty good crop, too, despite all the distractions and diversions. We checked out the cutest little quadruped, a wireless antenna for wireless communications, a price-tag stand-in for paper calendars, and a neat way to test hardware and software together.

We take the closest look yet at why Arecibo collapsed, talk about Voyager’s recent channel-switching glitch, and find out how to put old Android phones back in action. There’s smear-free solder paste application, a Mims-worthy lap counter, and a PCB engraver that you’ve just got to see. We wrap things up with a look at Gentoo and pay homage to the TV tubes of years gone by — the ones in the camera, for the TV sets.

Download the zero-calorie MP3.

Continue reading “Hackaday Podcast Episode 295: Circuit Graver, Zinc Creep, And Video Tubes”

This Week In Security: Linux VMs, Real AI CVEs, And Backscatter TOR DoS

Steve Ballmer famously called Linux “viral”, with some not-entirely coherent complaints about the OS. In a hilarious instance of life imitating art, Windows machines are now getting attacked through malicious Linux VM images distributed through phishing emails.

This approach seems to be intended to fool any anti-malware software that may be running. The VM includes the chisel tool, described as “a fast TCP/UDP tunnel, transported over HTTP, secured via SSH”. Now that’s an interesting protocol stack. It’s an obvious advantage for an attacker to have a Linux VM right on a target network. As this sort of virtualization does require hardware virtualization, it might be worth disabling the virtualization extensions in BIOS if they aren’t needed on a particular machine.

AI Finds Real CVE

We’ve talked about some rather unfortunate use of AI, where aspiring security researchers asked an LLM to find vulnerabilities in a project like curl, and then completely wasted a maintainer’s time on those bogus reports. We happened to interview Daniel Stenberg on FLOSS Weekly this week, and after he recounted this story, we mused that there might be a real opportunity to use LLMs to find vulnerabilities, when used as a way to direct fuzzing, and when combined with a good test suite.

And now, we have Google Project Zero bringing news of their Big Sleep LLM project finding a real-world vulnerability in SQLite. This tool was previously called Project Naptime, and while it’s not strictly a fuzzer, it does share some similarities. The main one being that both tools take their educated guesses and run that data through the real program code, to positively verify that there is a problem. With this proof of concept demonstrated, it’s sure to be replicated. It seems inevitable that someone will next try to get an LLM to not only find the vulnerability, but also find an appropriate fix. Continue reading “This Week In Security: Linux VMs, Real AI CVEs, And Backscatter TOR DoS”

Ask Hackaday: How Much Would You Stake On An Online Retailer

On the bench where this is being written, there’s a Mitutoyo vernier caliper. It’s the base model with a proper vernier scale, but it’s beautifully made, and it’s enjoyable to see younger hardware hackers puzzle over how to use it. It cost about thirty British pounds a few years ago, but when it comes to quality metrology instruments that’s really cheap. The sky really is the limit for those in search of ultimate accuracy and precision. We can see then why this Redditor was upset when the $400 Mitutoyo they ordered from Amazon turned out to be nothing of the sort. We can’t even call it a fake, it’s just a very cheap instrument stuffed oddly, into a genuine Mitutoyo box.

Naturally we hope they received a refund, but it does raise the question when buying from large online retailers; how much are we prepared to risk? We buy plenty of stuff from AliExpress in out community, but in that case the slight element of chance which comes with random Chinese manufacture is offset by the low prices. Meanwhile the likes of Amazon have worked hard to establish themselves as trusted brands, but is that misplaced? They are after all simply clearing houses for third party products, and evidently have little care for what’s in the box. The £30 base model caliper mentioned above is an acceptable punt, but at what point should we go to a specialist and pay more for some confidence in the product?

It’s a question worth pondering as we hit the “Buy now” button without thinking. What’s your view? Let us know in the comments. Meanwhile, we can all be caught with our online purchases.

Thanks [JohnU] for the tip.

2023 Hackaday Supercon: One Year Of Progress For Project Boondock Echo

Do you remember the fourth-place winner in the 2022 Hackaday Prize? If it’s slipped your mind, that’s okay—it was Boondock Echo. It was a radio project that aimed to make it easy to record and playback conversations from two-way radio communications. The project was entered via Hackaday.io, the judges dug it, and it was one of the top projects of that year’s competition.

The project was the brainchild of Mark Hughes and Kaushlesh Chandel. At the 2023 Hackaday Supercon, Mark and Kaushlesh (KC) came back to tell us all about the project, and how far it had come one year after its success in the 2022 Hackaday Prize.

Continue reading “2023 Hackaday Supercon: One Year Of Progress For Project Boondock Echo”

FLOSS Weekly Episode 808: Curl – Gotta Download ’em All

This week, Jonathan Bennett and Randal Schwartz chat with Daniel Stenberg about curl! How many curl installs are there?! What’s the deal with CVEs? How has curl managed to not break its ABI for 18 years straight? And how did Daniel turn all this into a career instead of just a hobby? Watch to find out!

Continue reading “FLOSS Weekly Episode 808: Curl – Gotta Download ’em All”

Supercon 2023: Restoring The Apollo Guidance Computer

Humans first visited the Moon in 1969.  The last time we went was 1972, over 50 years ago. Back then, astronauts in the Apollo program made their journeys in spacecraft that relied on remarkably basic electronics that are totally unsophisticated compared to what you might find in an expensive blender or fridge these days. Core among them was the Apollo Guidance Computer, charged with keeping the craft on target as it travelled to its destination and back again.

Marc Verdiell, also known as CuriousMarc, is a bit of a dab hand at restoring old vintage electronics. Thus, when it came time to restore one of these rare and storied guidance computers, he was ready and willing to take on the task. Even better, he came to the 2023 Hackaday Supercon to tell us how it all went down!

Continue reading “Supercon 2023: Restoring The Apollo Guidance Computer”

Ubiquitous Successful Bus: Hacking USB 2 Hubs

We’ve been recently looking into USB 2.0 – the ubiquitous point-to-point communications standard. USB 2 is completely different from USB 3, the blue-connector next-generation USB standard. For instance, USB 2 is a full-duplex pseudo-differential bus, and it’s not AC-coupled. This makes USB2 notoriously difficult to galvanically isolate, as opposed to USB 3.  On the other hand, USB 2 is a lot easier to incorporate into your projects. And perhaps the best way to do so is to implement a USB hub.

USB 2 hubs are, by now, omnipresent. it doesn’t cost much to add to your board, and you truly have tons of options. The standard option is 4-port hubs – one uplink port to your host, four downlink ports to your devices. If you only have two or three devices, you might be tempted to look for a hub IC with a lower amount of ports, but it’s not worth bothering – just use a 4-port chip, and stock up on them.

What about 7-port chips? You will see those every now and then – but take a close look at the datasheet. Some of them will be two 4-port chips inside a single package, with four of the ports bottlenecked compared to the three other ports – watch out! Desktop 7-port hubs are basically guaranteed to use two 4-port ICs, too, so, again, watch out for bottlenecks. lsusb -t will help you determine the hub’s structure in case you don’t want to crack its case open, thankfully.

Recommendations? I use SL2.1 chips – they’re available in an SO16 package, very unproblematic, to-the-point pinout and easily hand-solderable. CH334 is a close contender, but watch out because there are different variants of this chip that differ by both package and pinout, so if you’re buying a chip with a certain letter, you will want to stick to it. Not just that, be careful – different variants run out at different rates, so if you lock yourself into a CH334 variant, consider stocking up on it. Continue reading “Ubiquitous Successful Bus: Hacking USB 2 Hubs”