Hackaday Columns

4111 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Terrapin, Seized Unseized, And Autospill

December 22, 2023 by 5 Comments

There’s a new SSH vulnerability, Terrapin (pdf paper), and it’s got the potential to be nasty — but only in an extremely limited circumstance. To understand the problem, we have to understand what SSH is designed to do. It replaces telnet as a tool to get a command line shell on a remote computer. Telnet send all that text in the clear, but SSH wraps it all inside a public-key encrypted tunnel. It was designed to safely negotiate an unfriendly network, which is why SSH clients are so explicit about accepting new keys, and alerting when a key has changed.

SSH uses a sequence counter to detect Man-in-the-Middle (MitM) shenanigans like packet deletion, replay, or reordering. That sequence isn’t actually included in the packet, but is used as part of the Message Authentication Check (MAC) of several encryption modes. This means that if a packet is removed from the encrypted tunnel, the MAC fails on the rest of the packets, triggering a complete connection reset. This sequence actually starts at zero, with the first unencrypted packet sent after the version banners are exchanged. In theory, this means that an attacker fiddling with packets in the pre-encryption phase will invalidate the entire connection as well. There’s just one problem.

The innovation from the Terrapin researchers is that an attacker with MitM access to the connection can insert a number of benign messages in the pre-encryption phase, and then silently drop the first number of messages in the encrypted phase. Just a little TCP sequence rewriting for any messages between, and neither the server nor client can detect the deception. It’s a really interesting trick — but what can we do with it?

For most SSH implementations, not much. The 9.6 release of OpenSSH addresses the bug, calling it cryptographically novel, but noting that the actual impact is limited to disabling some of the timing obfuscation features added to release 9.5.

Continue reading “This Week In Security: Terrapin, Seized Unseized, And Autospill”

Displays We Love Hacking: SPI And I2C

December 21, 2023 by 17 Comments

I’ve talked about HD44780 displays before – they’ve been a mainstay of microcontroller projects for literal decades. In the modern hobbyist world, there’s an elephant in the room – the sheer variety of I2C and SPI displays you can buy. They’re all so different, some are LCD and some are OLED, some have a touchscreen layer and some don’t, some come on breakouts and some are a bare panel. No matter which one you pick, there are things you deserve to know.

These displays are exceptionally microcontroller-friendly, they require hardly any GPIOs, or none extra if you already use I2C. They’re also unbelievably cheap, and so tiny that you can comfortably add one even if you’re hurting for space. Sure, they require more RAM and a more sophisticated software library than HD44780, but with modern microcontrollers, this is no problem at all. As a result, you will see them in almost every project under the sun.

What do you need for those? What are the requirements to operate one? What kind of tricks can you use with them? Let’s go through the main aspects.

Continue reading “Displays We Love Hacking: SPI And I2C”

FLOSS Weekly Episode 762: Spilling The Tea

December 20, 2023 by 8 Comments

Editor’s Note: We’re excited to announce that Hackaday is the new home of FLOSS Weekly, a long-running podcast about free, libre, and open-source software! The TWiT network hosted the podcast for an incredible seventeen years, but due to some changes on their end, they recently had to wind things down. They were gracious enough to let us pick up the torch, with Jonathan Bennett now taking over hosting duties.

Tune in every Wednesday for a new episode, featuring interviews with developers and project leaders, coverage of the free/libre software you use everyday (maybe without even knowing it), and the latest Open Source news.

This week Jonathan Bennett and Simon Phipps talk with Neal Gompa of Fedora, CentOS, openSUSE and more. The conversation starts off with asking Neal how he went from working on a minor project 11 years ago, to being the lead of KDE on Fedora. How does a company properly sponsor Open Source development? Neal speaks from his experience at Red Hat and other places, to give some really interesting answers.

The crew move on to what happened at Red Hat with CentOS, and why just maybe it was a good thing. Is the age of a company a good indicator of how they will treat Open Source? Is CentOS Stream the best thing to happen to Red Hat Enterprise Linux? What was it like to be at Red Hat during that time? How does a company manage the tension between sales and engineering? We cover this and more!

Continue reading “FLOSS Weekly Episode 762: Spilling The Tea”

Animated gif of large 1950s computer spitting out a sheet of paper.

Retrotechtacular: 1960s Doc Calls Computers The Universal Machine

December 20, 2023 by 5 Comments

It’s weird to think that an abacus would have still been used sixty years ago, or so posits the documentary series The Computer and the Mind of Man. This six part series originally aired on San Francisco local television station KQED in 1962, a time where few people outside of academia had even stood next to such a device.

Episode 3 titled “The Universal Machine” was dedicated to teaching the public how a computer can enhance every type of business provided humans can sufficiently describe it in coded logic. Though mainly filtered through IBM’s perspective as the company was responsible for funding the set of films; learning how experts of the time contextualized the computer’s potential was illuminating.

Continue reading “Retrotechtacular: 1960s Doc Calls Computers The Universal Machine”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With All The LEGO

December 20, 2023 by 3 Comments

It seems like mechanical keyboard enthusiasts are more spoiled for choice with each passing day. But as broad as the open source pool has become, there’s still no perfect keyboard for everyone. So, as people innovate toward their own personal endgame peripherals and make them open source, the pool just grows and grows.

Image by [Bo Yao] via Hackaday.IO
This beautiful addition to the glittering pool — [Bo Yao]’s Carpenter Tau keyboard — is meant to provide an elegant option at a particular intersection where no keyboards currently exist — the holy trinity of open source, programmable, and tri-mode connectivity: wired, Bluetooth, and 2.4 GHz.

Come for the lovely wooden everything, and stay for the in-depth logs as [Bo Yao] introduces the project and its roots, reviews various options for the controller, discusses the manufacture of the wooden parts, and creates the schematic for the 61-key version. Don’t want to build one yourself? It’ll be on Crowd Supply soon enough.

Continue reading “Keebin’ With Kristina: The One With All The LEGO”

Australia Bans Engineered Stone, Workers Elsewhere Demand The Same

December 19, 2023 by 199 Comments

Engineered stone, also known as artificial stone or composite stone, has become a popular material in the construction and design industries due to its aesthetic appeal and durability. It’s become the go-to solution for benchtops in particular, with modern kitchens and bathrooms heavily featuring engineered stone in this way.

However, this seemingly innocuous material harbors a dark side, posing significant health risks to workers involved in its manufacturing and installation. The hazards associated with engineered stone have gone unnoticed for some time, but the toll is adding up, and calls for action grow louder. Let’s examine why engineered stone is so harmful, and explore the measures being taken across the world to curtail or even ban its use.

Continue reading “Australia Bans Engineered Stone, Workers Elsewhere Demand The Same”

Ask Hackaday: What Do You Do When You Can’t Solder?

December 18, 2023 by 93 Comments

Ah, soldering. It’s great for sticking surface mount parts to a PCB, and it’s really great for holding component legs in a plated through-hole. It also does a pretty great job of holding two spliced wires together.

With that said, it can be a bit of a fussy process. There are all manner of YouTube videos and image tutorials on the “properest” way to achieve this job. Maybe it’s the classic Lineman’s Splice, maybe it’s some NASA-approved method, or maybe it’s one of those ridiculous ones where you braid all the copper strands together, solder it all up, and then realize you’ve forgotten to put the heat shrink on first.

Sure, soldering’s all well and good. But what about some of the other ways to join a pair of wires?

Continue reading “Ask Hackaday: What Do You Do When You Can’t Solder?”