Hackaday Columns

4430 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9

September 27, 2024 by 15 Comments

It looks like there’s finally hope for sane password policies. The US National Institue of Standards and Technology, NIST, has released a draft of SP 800-63-4, the Digital Identity Guideline.

There’s password guidance in there, like “SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords” and “SHALL NOT require users to change passwords periodically.” NIST approved passwords must be at least 8 characters long, with a weaker recommendation of at least 15 characters. Security questions like name of first pet get the axe. And it’s strongly recommended that all ASCII and Unicode characters should be acceptable for passwords.

This is definitely moving in the right direction. NIST guidelines are only binding for government services and contractors, though they do eventually get picked up by banks and other industries. So there’s hope for sane password policies eventually.

Tank Hacking

Researchers at Bitsight are interested in infrastructure security, and they opted to take a closer look at Automatic Tank Gauging (ATG) systems. Those are found at gas stations, as well as any other facility that needs automated monitoring of liquids or gasses in a tank. There is an actual ATG message format, originally designed for RS-232 serial, and woefully unprepared for the interconnected present. The protocol allows for an optional security code, but it maxes out at only six alpha-numeric characters.

Among the vulnerabilities getting announced today, we have a pair of CVSS 10 command injection flaws, a quartet of 9.8 authentication bypass flaws, with one of those being a hardcoded credential — AKA a backdoor. The other CVSS9+ flaw is a SQL injection, with a trio of slightly less serious flaws. Continue reading “This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9”

FLOSS Weekly Episode 802: Emba – Layers Upon Layers Of Bash

September 25, 2024 by 1 Comment

This week Jonathan Bennett and and Randal Schwartz chat with Michael and Benedikt about Emba, the embedded firmware analyzer that finds CVEs and includes the kitchen sink! It does virtualization, binary analysis include version detection, and more. Check it out!

Continue reading “FLOSS Weekly Episode 802: Emba – Layers Upon Layers Of Bash”

2024 Hackaday Superconference Speakers, Round Two

September 25, 2024 by 1 Comment

It’s honestly amazing the range of fascinating talks we have lined up for this year’s Supercon. From art robots that burp and belch to gliders returning from near-space, from hardcore DSP to DIY PCBs, and sketching with machines, Hackaday’s Supercon is like nothing else out there.

And in case you’re already coming, you don’t have a talk slot reserved, but you’ve still got something that you want to say, please sign yourself up for a Lightning Talk! In the spirit of the Lightning, we’ll be taking submissions up to the absolute last minute, and we will fit in as many short talks as possible, but when it does fill up, we’ll be giving priority to those who got in first.

We’ve got one more speaker announce coming up, and of course our keynote speaker and the badge reveal. Supercon will sell out so get your tickets now before it’s too late. So without further ado, here is our next round of stellar speakers!

Continue reading “2024 Hackaday Superconference Speakers, Round Two”

Supercon 2023: The Road To Writing Great Step-by-Step Instructions

September 24, 2024 by 6 Comments

IKEA is known as a purveyor of build-it-yourself flatpack furniture. LEGO is known as a purveyor of build-it-yourself toys. Both are known for their instructions. The latter’s are considered incredibly clear and useful, while the former’s are often derided as arcane and confusing—though the major difference between the two is color printing.

These two companies are great examples of why instructions are important. Indeed, Sonya Vasquez has learned this lesson well, and came down to Supercon 2023 to tell us all about it. Prepare to learn all about how to write great step-by-step instructions that enable greatness and never frustrate the end user.

Continue reading “Supercon 2023: The Road To Writing Great Step-by-Step Instructions”

2024 Hackaday Supercon Workshop Tickets Go On Sale Now

September 24, 2024 by 8 Comments

Our workshop ticket sales go live today at 8 AM PDT! If you’re coming to Supercon, and you’re interested, go get your workshop ticket before they all sell out!

There will be a change to this year’s workshop ticket limits. We heard our community’s feedback, and in the spirit of giving as many people as possible the opportunity to enjoy a workshop, we are limiting sign up to one workshop per attendee. If there are extra tickets by October 18th, we will allow folks to sign up for additional workshops.

If you register for more than one workshop we will refund you the ticket for the others based on the timestamp that you registered for each ticket (leaving only the ticket for the first workshop you registered for). We hope everyone understands our goal is to allow more people to experience a Supercon workshop due to limited space.

And of course, you can’t join in the workshops at Supercon without coming to Supercon. So get your tickets now if you haven’t already.

Stay tuned tomorrow for more speaker announcements!

Continue reading “2024 Hackaday Supercon Workshop Tickets Go On Sale Now”

Hackaday Links Column Banner

Hackaday Links: September 22, 2024

September 22, 2024 by 13 Comments

Thanks a lot, Elon. Or maybe not, depending on how this report that China used Starlink signals to detect low-observable targets pans out. There aren’t a lot of details, and we couldn’t find anything approximating a primary source, but it seems like the idea is based on forward scatter, which is when waves striking an object are deflected only a little bit. The test setup for this experiment was a ground-based receiver listening to the downlink signal from a Starlink satellite while a DJI Phantom 4 Pro drone was flown into the signal path. The drone was chosen because nobody had a spare F-22 or F-35 lying around, and its radar cross-section is about that of one of these stealth fighters. They claim that this passive detection method was able to make out details about the drone, but as with most reporting these days, this needs to be taken with an ample pinch of salt. Still, it’s an interesting development that may change things up in the stealth superiority field.

Continue reading “Hackaday Links: September 22, 2024”

Against Elitism

September 21, 2024 by 104 Comments

A while back we got an anonymous complaint that Hackaday was “elitist”, and that got me thinking. We do write up the hacks that we find the coolest, and that could lead to a preponderance of gonzo projects, or a feeling that something “isn’t good enough for Hackaday”. But I really want to push back against that notion, because I believe it’s just plain wrong.

One of the most important jobs of a Hackaday writer is to find the best parts of a project and bring that to the fore, and I’d like to show you what I mean by example. Take this post from two weeks ago that was nominally about rescuing a broken beloved keyboard by replacing its brain with a modern microcontroller. On its surface, this should be easy – figure out the matrix pinout and wire it up. Flash in a keyboard firmware and you’re done.

Of course we all love a good hardware-rescue story, and other owners of busted Sculpt keyboards will be happy to see it. But there’s something here for the rest of us too! To figure out the keyboard matrix, it would take a lot of probing at a flat-flex cable, so [TechBeret] made a sweet breakout board that pulled all the signals off of the flat-flex and terminated them in nicely labelled wires. Let this be your reminder that making a test rig / jig can make these kind of complicated problems simpler.

Checking the fit with a 3D printed PCB

Once the pinout was figured out, and a working prototype made, it was time to order a neat PCB and box it up. The other great trick was the use of 3D-printed mockups of the PCBs to make sure that they fit inside the case, the holes were all in the right places, and that the flat-flex lay flat. With how easily PCB design software will spit out a 3D model these days, you absolutely should take the ten minutes to verify the physical layout of each revision before sending out your Gerbers.

So was this a 1337 hack? Maybe not. But was it worth reading for these two sweet tidbits, regardless of whether you’re doing a keyboard hack? Absolutely! And that’s exactly the kind of opportunity that elitists shut themselves off from, and it’s the negative aspect of elitism what we try to fight against here at Hackaday.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!