Hackaday Columns

4657 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast 023: Everything Breaks… Raspberry Pi, ADS-B, Hackaday Website, And Automotive Airbags

June 14, 2019 by 1 Comment

Mike Szczys and Elliot Williams talk news and great hacks from the past seven days. Sad word this week as Maker Media, the company behind Make Magazine and Maker Faire, have closed their doors. There seems to be a lot of news about broken hardware and software to discuss, with ADS-B problems grounding hundreds of flights in the US, Hackaday itself having a site outage, the Raspberry Pi 3 B+ can be bricked with a really easy mistake, and Lewin wrote a great overview of the Takata airbag debacle. Don’t worry there are still plenty of hacks as we look at old computers that sing, microcontrollers that chiptune, beat boxes that are actually boxes, and some very neat cartridge hacks for NES and Arduboy.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 023: Everything Breaks… Raspberry Pi, ADS-B, Hackaday Website, And Automotive Airbags”

This Week In Security: Use Emacs, Crash A Windows Server, And A Cryptocurrency Heist

June 14, 2019 by 5 Comments

It looks like Al was right, we should all be using Emacs. On the 4th of June, [Armin Razmjou] announced a flaw in Vim that allowed a malicious text file to trigger arbitrary code execution. It’s not every day we come across a malicious text file, and the proof of concept makes use of a clever technique — escape sequences hide the actual payload. Printing the file with cat returns “Nothing here.” Cat has a “-v” flag, and that flag spills the secrets of our malicious text file. For simplicity, we’ll look at the PoC that doesn’t include the control characters. The vulnerability is Vim’s modeline function. This is the ability to include editor options in a text file. If a text file only works with 80 character columns, a modeline might set “textwidth=80”. Modeline already makes use of a sandbox to prevent the most obvious exploits, but [Armin] realized that the “:source!” command could run the contents of a file outside that sandbox. “:source! %” runs the contents of the current file — the malicious text file.

:!uname -a||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="

Taking this apart one element at a time, the “:!” is the normal mode command to run something in the shell, so the rest of the line is what gets run. “uname -a” is the arbitrary command, benign in this case. Up next is the OR operator, “||” which fully evaluates the first term first, and only evaluates what comes after the operator if the first term returns false. In this case, it’s a simple way to get the payload to run even though the rest of the line is garbage, as far as bash is concerned. “vi:” informs Vim that we have a modeline string. “:fen” enables folding, and “:fdm=expr” sets the folding method to use an expression. This feature is usually used to automatically hide lines matching a regular expression. “:fde=” is the command to set the folding expression. Here’s the exploit, the folding expression can be a function like “execute()” or “assert_fails()”, which allows calling the :source! command. This pops execution out of the sandbox, and begins executing the text file inside vim, just as if a user were typing it in from the keyboard. Continue reading “This Week In Security: Use Emacs, Crash A Windows Server, And A Cryptocurrency Heist”

Hackaday Superconference: Rob Ryan Silva On Designing For Developing Environments

June 13, 2019 by 2 Comments

Throughout the six years of the Hackaday Prize we have seen a stream of projects tackling all manner of applications and challenges. Many of them have a goal of addressing issues faced by people in developing countries, and this was the topic upon which Rob Ryan Silva spoke at the Hackaday Superconference.

Rob’s perspective is an interesting one: he runs the maker lab at Development Alternatives Incorporated, or DAI, who are best described as a specialist contractor in the international development sector. Thus while many of the Prize entrants are hardware hackers who have become involved in development related projects, he is a development specialist who has made the opposite journey to becoming a hardware hacker.

Join me below for the video of Rob’s talk and a deep dive into it. Also of note, tickets for the 2019 Hackaday Superconference are now available, the Call for Proposals is now open, and of course, the 2019 Hackaday Prize is ready for your entry! Okay, now onto Rob’s talk.

Continue reading “Hackaday Superconference: Rob Ryan Silva On Designing For Developing Environments”

Perovskites: Not Just For Solar Cells Anymore

June 13, 2019 by 21 Comments

If you’ve been around long enough, you’ll know there’s a long history of advances in materials science that get blown far out of proportion by both the technical and the popular media. Most of the recent ones seem to center on the chemistry of carbon, particularly graphene and nanotubes. Head back a little in time and superconductors were all the rage, and before that it was advanced ceramics, semiconductors, and synthetic diamonds. There’s always some new miracle material to be breathlessly and endlessly reported on by the media, with hopeful tales of how one or the other will be our salvation from <insert catastrophe du jour here>.

While there’s no denying that each of these materials has led to huge advancements in science, industry, and the quality of life for billions, the development cycle from lab to commercialization is generally a tad slower than the press would have one believe. And so when a new material starts to gain traction in the headlines, as perovskites have recently, we feel like it’s a good opportunity to take a close look, to try to smooth out the ups and downs of the hype curve and manage expectations.

Continue reading “Perovskites: Not Just For Solar Cells Anymore”

Blacksmithing For The Uninitiated: Your First Time At The Anvil

June 12, 2019 by 27 Comments

For the past few months we’ve been running this series of Blacksmithing For The Uninitiated posts, exploring the art of forge work for a novice. It’s based upon my experience growing up around a working blacksmith’s business and becoming an enthusiastic if somewhat inexpert smith, and so far we’ve spent our time looking at the equipment you might expect to need were you embarking on your own blacksmith work. Having assembled by now a basic forge of our own it’s now time to fire it up and take to the anvil for our first bit of smithing.

Lighting a forge is easy enough. Some people do it with a gas torch, but I break a piece of firewood into sticks using a hammer with the fuller set in the hardy hole on the anvil as an impromptu splitter. Making a small fire by lighting some paper under my pile of sticks placed on the hearth next to the tuyere I start the blower and then pile coke on top of the resulting conflagration. After about ten minutes I will have a satisfying roar and a heap of glowing coals, and as they burn there will be some slag collecting in the bottom of the fire that I will eventually need to rake out. Continue reading “Blacksmithing For The Uninitiated: Your First Time At The Anvil”

BioSentinel Mission Aims To Put Yeast Into Deep Space

June 11, 2019 by 19 Comments

It’s a truly exciting time for space enthusiasts. Humanity is finally shaking itself out of the half-century-long doldrums of deep space exploration and planning a return to the Moon and a push to Mars. Yes, exciting things have happened since the glory days of Apollo. We’ve reached out into the outer planets, drilled holes in asteroids, and made tracks across the face of Mars in an improbably durable rover. We’ve built magnificent space telescopes, created a permanent space station to replace a couple of temporary ones, and put an intricate constellation of satellites into service.

Those are all laudable achievements, but not a single living creature has intentionally achieved approached Earth escape velocity since three astronauts and five mice did it aboard Apollo 17 at 3:46 AM on December 7, 1972. Since then, we’ve all been stuck down here at the bottom of Earth’s gravity well, with only a lucky few of us getting a tease of what space travel is really like with low Earth orbit (LEO) missions.

But if NASA has its way, and certain difficulties with launch vehicles can be ironed out, in 2020 Earthlings will once again slip the surly bonds and make a trip to deep space. Of course those Earthlings will just be cultures of yeast carried into orbit around the Sun on a cubesat, but it’s a start, and it’s a good bet that more complex organisms won’t be far behind.

Continue reading “BioSentinel Mission Aims To Put Yeast Into Deep Space”

Windows 10 Goes To Shell

June 10, 2019 by 51 Comments

Windows 10 — the operating system people love to hate or hate to love. Even if you’re a Linux die-hard, it is a fair bet that your workplace uses it and that you have friends and family members that need help forcing you to use Windows at least some times. If you prefer a command line — or even just find a place where you have to use the command line, you might find the classic Windows shell a bit anemic. Some of that’s the shell’s fault, but some of it is the Windows console which is — sort of — the terminal program that runs various Windows text-based programs. If you have the creator update channel on Windows 10, though, there have been some recent improvements to the console and the Linux system that will eventually trickle down to the mainstream users.

What’s New?

So what’s new? According to Microsoft, they’ve improved the call interface to make the following things work correctly (along with “many others”):

  • Core tools: apt, sed, grep, awk, top, tmux, ssh, scp, etc.
  • Shells: Bash, zsh, fish, etc.
  • Dev tools: vim, emacs, nano, git, gdb, etc.
  • Languages & platforms: Node.js & npm, Ruby & Gems, Java & Maven, Python & Pip, C/C++, C# &
  • .NET Core & Nuget, Go, Rust, Haskell, Elixir/Erlang, etc.
  • Systems & Services: sshd, Apache, lighttpd, nginx, MySQL, PostgreSQL

The changes to the console are mostly surrounding escape sequences, colors, and mouse support. The API changes included things like allowing certain non-administrative users to create symlinks. We’ve made X Windows work with Windows (using a third-party X server) and Microsoft acknowledges that it has been done. However, they still don’t support it officially.

Continue reading “Windows 10 Goes To Shell”