Hackaday Columns

4112 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast Episode 255: Balloon On The Moon, Nanotech Goblets, And USB All The Way

February 2, 2024 by 13 Comments

This week, Dan joined Elliot for a review of the best and brightest hacks of the week in Episode 0xFF, which both of us found unreasonably exciting; it’s a little like the base-2 equivalent of watching the odometer flip over to 99,999. If you know, you know. We had quite a bumper crop of coolness this week, which strangely included two artifacts from ancient Rome: a nanotech goblet of colloidal gold and silver, and a perplexing dodecahedron that ends up having a very prosaic explanation — probably. We talked about a weird antenna that also defies easy description, saw a mouse turned into the world’s worst camera, and learned how 3D-printed signs are a whole lot easier than neon, and not half bad looking either. As always, we found time to talk about space, like the legacy of Ingenuity and whatever became of inflatable space habitats. Back on Earth, there’s DIY flux, shorts that walk you up the mountain, and more about USB-C than you could ever want to know.

And don’t forget that to celebrate Episode 256 next week, we’ll be doing a special AMA segment where we’ll get all the regular podcast crew together to answer your questions about life, the universe, and everything. If you’ve got a burning question for Elliot, Tom, Kristina, Al, or Dan, put it down in the comment section and we’ll do our best to extinguish it.

 

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 255: Balloon On The Moon, Nanotech Goblets, And USB All The Way”

This Week In Security: Glibc, Ivanti, Jenkins, And Runc

February 2, 2024 by 4 Comments

There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems nearly impossible to exploit. The vulnerability relies on a very long program name, which can overflow an internal buffer. No binaries are going to have a name longer than 1024 bytes, so there’s no problem, right?

Let’s talk about argv. That’s the list of arguments that gets passed into the main() function of every Linux binary when it launches. The first string in that list is the binary name — except that’s a convention, and not particularly enforced anywhere. What really happens is that the execve() system call sets that list of strings. The first argument can be anything, making this an attacker-controlled value. And it doesn’t matter what the program is trying to write to the log, because the vulnerability triggers simply by writing the process name to a buffer.

There is a one-liner to test for a vulnerable Glibc:

exec -a "`printf '%0128000x' 1`" /usr/bin/su < /dev/null

and the Qualys write-up indicates that it can be used for an escalation of privilege attack. The good news is this seems to be a local-only attack. And on top of that, a pair of other lesser severity issues were found and fixed in glibc while fixing this one.
Continue reading “This Week In Security: Glibc, Ivanti, Jenkins, And Runc”

Polynesian Wayfinding Traditions Let Humans Roam The Pacific Ocean

February 1, 2024 by 24 Comments

Polynesian cultures have a remarkable navigational tradition. It stands as a testament to human ingenuity and an intimate understanding of nature. Where Western cultures developed maps and tools to plot courses around the world, the Polynesian tradition is more about using human senses and pattern-finding skills to figure out where one is, and where one might be going.

Today, we’ll delve into the unique techniques of Polynesian navigation, exploring how keen observation of the natural world enabled pioneers to roam far and wide across the breadth of the Pacific.

Continue reading “Polynesian Wayfinding Traditions Let Humans Roam The Pacific Ocean”

FLOSS Weekly Episode 768: Open Source Radio

January 31, 2024 by 8 Comments

This week Jonathan Bennett and Doc Searls talk with Tony Zeoli about Netmix and the Radio Station WordPress plugin. The story starts with the Netmix startup, one of the first places doing Internet music in the 1990s. That business did well enough to get bought out just before the Dot Com bubble burst in 2000. Today, Tony runs the Radio Station plugin, which is all about putting a station’s show schedule on a WordPress site.

In the process, the trio covers Internet radio history, the licensing complications around radio and streaming, the state of local radio, and more. Is there a long term future for radio? Does Creative Commons solve the licensing mess? Is AI going to start eating radio, too? All this and more!

Continue reading “FLOSS Weekly Episode 768: Open Source Radio”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Typewriter Orchestra

January 31, 2024 by 2 Comments

Have you ever wished you had more control over what goes into a kit keyboard build? Like, a whole lot more control? Well, that’s the idea behind the Akruvia 12×4 Playground by [iketsj].

Image by [iketsj] via YouTube

This is a 48-key ortholinear keyboard, but other than that, it’s a complete blank slate. The kit includes the PCB, diodes, RGB LEDs, and Kailh Choc V1 hot swap sockets, which is really the only choice you don’t have in the matter.

All the rest is up to you, thanks to a generous prototyping area that wraps around three sides of the keys. Bring your own microcontroller and anything else that sounds useful, like displays, rotary encoders, gesture sensors, pointing devices, you name it.
You could even magnetically link a macro pad to one side, as [iketsj] teases in the intro video. [iketsj] has made the kit available through links on their website, and you’ll find a product guide there as well.

Continue reading “Keebin’ With Kristina: The One With The Typewriter Orchestra”

Human-Interfacing Devices: The Descriptor Heist

January 30, 2024 by 9 Comments

Today, we’ll build our own input devices. And they will be easy to create and write firmware for, they will work perfectly, and they will be cross-platform. We can do that with help of the Human Interface Device (HID) standard, and by way of introduction, so that you never get confused by what a “descriptor” means, and we’ll build our own HID device — a Human Interface Device device. The way we build them won’t require reading specifications – instead, I’ll teach your how to steal HID descriptors from existing devices, tweak them for our purposes, and use them in our devices to harness the power of HID.

For decades now, it’s been possible to build a HID mouse or keyboard by using a library or two, and it’s been a godsend for hackers all around the world. However, these libraries are typically confined to a certain template and inflexible, and we hackers often go outside of what’s expected. HID allows for much more than a simple keyboard or a mouse. That’s why today we’re building a touchscreen – something not yet covered online or by libraries.

HID lets you build devices that are friendly. They don’t need drivers, they are plug and play, and they do what you expect them to do. At its core, the HID standard is as simple as is ubiquitous. You can tunnel HID over USB, Bluetooth, I2C, and modern-day operating systems support all three of these. Today, let’s go through the basics of HID, and then build a USB touchscreen out of a SPI-connected resistive touchscreen, with help of the usual RP2040+MicroPython combo. I will also give you a toolkit for how to debug a Human Interface Device device as thoroughly as possible – specifically on Linux, showing all the HID debug and introspection capabilities that Linux gives you. But it’ll work on Windows too through the beauty of standardization.

Continue reading “Human-Interfacing Devices: The Descriptor Heist”

Tech In Plain Sight: Escalators

January 29, 2024 by 36 Comments

If you are designing a building and need to move many people up or down, you probably will at least consider an escalator. In fact, if you visit most large airports these days, they even use a similar system to move people without changing their altitude. We aren’t sure why the name “slidewalk” never caught on, but they have a similar mechanism to an escalator. Like most things, we don’t think much about them until they don’t work. But they’ve been around a long time and are great examples of simple technology we use so often that it has become invisible.

Of course, there’s always the elevator. However, the elevator can only service one floor at a time, and everyone else has to wait. Plus, a broken elevator is useless, while a broken escalator is — for most failures — just stairs.

Continue reading “Tech In Plain Sight: Escalators”