Hackaday Columns

4112 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Links Column Banner

Hackaday Links: January 28, 2024

January 28, 2024 by 16 Comments

From the “No good deed goes unpunished” files, this week came news of a German programmer who probably wishes he had selected better clients. According to Heise Online (English translation), a freelance programmer — referred to only as “defendant” in the article — was retained by a company to look into a database problem in their system. His investigation revealed that the customer’s database was being filled with log messages from a third-party service called Modern Solution GmbH & Co. KG. over a MySQL connection to a remote server. Assuming this connection was dedicated for his client’s use, the programmer looked at the executable used to make the connection with a text editor, which revealed a password in plain text. Upon connecting to the remote database, he found that it not only contained data for all of Modern Solution’s customers, but also data for all the end users of their customers.

Realizing he’d unintentionally wandered into verboten territory, the programmer immediately backed out and contacted Modern Solutions. They quickly fixed the issue, and then just as quickly reported him to the police. Their “investigation” revealed that the programmer had “decompiled” the executable to obtain the password, in violation of German law. The judge agreed, stating that merely looking at and using the password constituted a criminal offense, regardless of intent and despite the fact that Modern Solution had provided the password to the programmer’s client when they sold them the software. The upshot of all of this nonsense? A €3,000 fine for the programmer, if the verdict stands on appeal. It could have been worse, though; German law allows for up to three years in prison for such offenses.

Continue reading “Hackaday Links: January 28, 2024”

In Praise Of “Simple” Projects

January 27, 2024 by 9 Comments

When I start off on a “simple” project, experience shows that it’s got about a 10% chance of actually remaining simple. Sometimes it’s because Plan A never works out the way I think it will, due to either naivety or simply the random blockers that always get in the way and need surmounting. But a decent percentage of the time, it’s because something really cool happens along the way. Indeed, my favorite kind of “simple” projects are those that open up your eyes to a new world of possibilities or experiments that, taken together, are nothing like simple anymore.

Al Williams and I were talking about water rockets on the podcast the other day, and I realized that this was a perfect example of an open-ended simple project. It sounds really easy: you put some water in a soda bottle, pressurize it a bit with air, and then let it go. Water gets pushed down, bottle flies up. Done?

Oh no! The first step into more sophistication is the aerodynamics. But honestly, if you make something vaguely rocket-shaped with fins, it’ll probably work. Then you probably need a parachute release mechanism. And then some data logging? An accelerometer and barometer? A small video camera? That gets you to the level of [ARRO]’s work that spawned our discussion.

But it wasn’t ten minutes into our discussion that Al had already suggested making the pressure vessel with carbon fiber and doctoring the water mix to make it denser. You’d not be surprised that these and other elaborations have been tried out. Or you could go multi-stage, or vector-thrust, or…

In short, water rockets are one of those “simple” projects. You can get one basically working in a weekend day, and then if you’re so inclined, you could spend an entire summer of weekends chasing down the finer points, building larger and larger tubes, and refining payloads. What’s your favorite “simple” project?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 254: AI, Hijack Guy, And Water Rockets Fly

January 26, 2024 by 1 Comment

This week Hackaday Editors Elliot Williams and Al Williams chew the fat about the Haier IOT problem, and all other top Hackaday stories of the week. Want to prove your prowess at C programming? Take a quiz! Or marvel at some hairy display reverse engineering or 3D-printed compressor screws. On the lighter side, there’s an immense water rocket.

After Al waxes nostalgic about the world of DOS Extenders and extended memory, the guys talk about detective work: First detecting AI-written material, and finally, a great detective story about using science to finally (maybe) crack the infamous DB Cooper hijacking case.

Follow along with the links below. Don’t forget to tell us what you think about this episode in the comments!

Here’s a string of bits containing the podcast that looks suspiciously like an MP3!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 254: AI, Hijack Guy, And Water Rockets Fly”

This Week In Security: MOAB, Microsoft, And Printers

January 26, 2024 by 15 Comments

This week, news has broken of the Mother of All Breaches, MOAB. It’s 12 terabytes and 26 billion records, averaging about 500 bytes each. Now note that a record here is likely not a discrete email address, but simply a piece of data — a row on the database.

Now before we all lose our minds over this, there’s an important detail to take note of: These aren’t new leaks. This is a compilation of leaks, and as far as researchers have checked, there aren’t any new leaks disclosed here. This was someone’s database of accumulated leak data, accidentally re-leaked via an unsecured database. [Troy Hunt] goes so far as to speculate that it could be from a breach search service, which sounds pretty plausible.

There was yet another release of credentials late last week that hasn’t attracted as much attention, but seems to represent a much bigger issue. The Naz.api data set isn’t a breach where a company was hacked, and their entire user database was stolen. Instead, this one is combination of a credential stuffing list and stealer logs.

Credential stuffing is basically a smarter brute force attack, where the credentials from one breach are tried on multiple other sites. Such a list is just the results where guesses were successful. The really interesting bit is that this dataset seems to include stealer logs. Put simply, that’s the results of malware that scrapes victim machines for credentials.

Naz.api has over 70 million unique email addresses, and it looks like about a third of them are new, at least according to the Haveibeenpwned dataset. Now that’s significant, though not really worthy of the MOAB title, either. Continue reading “This Week In Security: MOAB, Microsoft, And Printers”

Displays We Love Hacking: Parallel RGB

January 25, 2024 by 8 Comments

You might have seen old display panels, from 3″ to 10″, with 40-pin FFC connectors where every pin seems to be used for some data signal. We call these displays parallel RGB, or TTL RGB, or DPI, and you can find them in higher-power MCU, Raspberry Pi, and other Linux SBC projects. You deserve to know what to do with those – let’s take a look.

The idea is simple – this interface requires you to constantly send a stream of pixels to the display, and you need to send those pixels through a parallel bus. You can send up to 8 bits per color channel per pixel, which makes for 24 bits, and the 24-bit mode is indeed the standard, but in practice, many parallel RGB implementations don’t bother with more than 5-6 bits of color – two common kinds of parallel RGB links are RGB565 and RGB666. The parallel RGB interface is a very straightforward approach to sending pixels to your display, and in many cases, you can also convert parallel RGB to LVDS or VGA interfaces relatively easily!

If you’re new to it, the easiest way you can drive a parallel RGB display is from a Raspberry Pi, where the parallel RGB interface is known as DPI. This is how 800 x 480 display Pi HATs like the Pimoroni HyperPixel work – they use up almost all of the GPIOs on your Pi, but you get a reasonably high-resolution display with a low power footprint, and you don’t need any intermediate ICs either. FPGAs and some higher-grade MCUs also often have parallel RGB output capability, and surely, someone could even use the RP2040 PIO as well!

Throughout the last decade, parallel RGB has been used less and less, but you will still encounter it – maybe you’re working with an old game console like the PSP and would like to put new guts into it, maybe you’re playing with some tasty display that uses parallel RGB, or maybe you’d like to convert parallel RGB into something else while treating it with respect! Let’s go through what makes parallel RGB tick, what tools you have got to work with it, and a few tips and tricks. Continue reading “Displays We Love Hacking: Parallel RGB”

FLOSS Weekly Episode 767: Owntracks, Are We There Yet?

January 24, 2024 by 2 Comments

This week Jonathan Bennett and Jeff Massie talk with JP Mens about Owntracks, the collection of programs that lets you take back control of your own location data. It’s built around the simple idea of taking position data from a mobile phone or other data source, sending it over MQTT to a central server, and logging that data to a simple data store.

From there, you can share it as trips, mark points of interest, play back your movement in a web browser, and more. And because it’s just JSON inside MQTT, it’s pretty trivial to make a connector to interface with other projects, like Home Assistant. We’ve even covered the process!

Continue reading “FLOSS Weekly Episode 767: Owntracks, Are We There Yet?”

Ask Hackaday: What About Imperfect Features?

January 24, 2024 by 24 Comments

Throughout the last few years’ time, I’ve been seeing sparks of an eternal discussion here and there. It’s a nuanced one, but if I could summarize, it’s about different feature development strategies we can follow to design things, especially if they’re aimed at a larger market. Specifically – when adding a feature, how complete and perfect should it be?

A while back, I read a Mastodon thread about VLC not implementing backwards per-frame skipping. At the surface level, it’s about an indignant user asking – what’s the deal with VLC not having a “go back a frame” button? A ton of video players have this feature implemented. There’s a forum thread linked, and, reading it could leave you with a good few conflicting emotions. Here’s a recap.

In what appears to be one of multiple threads asking about a ‘previous frame’ button in VLC, there’s an 82-post discussion involving multiple different VLC developers. The users’ argument is that it appears to be clearly technically possible to add a ‘previous frame’ button in practice, and the developers’ argument is that it’s technologically complex to implement in some cases – for certain formats, even impossible to implement! Let’s go into the developers’ stated reasoning in more details, then – here’s what you can find in the thread, to the best of my ability.

Continue reading “Ask Hackaday: What About Imperfect Features?”