Measurement Is Science

I was watching Ben Krasnow making iron nitride permanent magnets and was struck by the fact that about half of the video was about making a magnetometer – a device for measuring and characterizing the magnet that he’d just made. This is really the difference between doing science and just messing around: if you want to test or improve on a procedure, you have to be able to measure how well it works.

When he puts his home-made magnet into the device, Ben finds out that he’s made a basically mediocre magnet, compared with samples out of his amply stocked magnet drawer. But that’s a great first data point, and more importantly, the magnetometer build gives him a way of gauging future improvements.

Of course there’s a time and a place for “good enough is good enough”, and you can easily spend more time building the measurement apparatus for a particular project than simply running the experiment, but that’s not science. Have you ever gone down the measurement rabbit hole, spending more time validating or characterizing the effect than you do on producing it in the first place?

Hackaday Podcast Episode 325: The Laugh Track Machine, DIY USB-C Power Cables, And Plastic Punches

This week, Hackaday’s Elliot Williams and Al Williams caught up after a week-long hiatus. There was a lot to talk about, including clocks, DIY USB cables, and more.

In Hackaday news, the 2025 Pet Hacks Contest is a wrap. Winners will be announced soon, so stay tuned. Meanwhile, how’d you like a free ticket to attend Supercon? Well, free if you submit a talk and get accepted. November is right around the corner, so get those talks ready.

Hackaday is a big fan of the NOAA Polar sats, and it looks like they are on their last figurative legs. The agency has left them up for now, but won’t be keeping them in shape, and if they misbehave, they may be neutralized for safety.

Since Elliot was off, Al supplied the sound, and in a bout of karma, Elliot had to do the guessing this week. How’d he do? Not bad, but there’s room to do better. If you do better, there could be a coveted Hackaday Podcast T-shirt in your future.

Moving on the hacks, the guys were interested in magnets, clocks, cables, 3D printed machine tools, and even old moonbase proposals. For the can’t miss articles, Al took the bifecta, since Elliot picked a piece on the machine that generated laugh tracks in the latter part of the 20th century and Al shamelessly picked his own article about the role of British ham radio operators during WWII.

Miss anything? Check out the links below and catch up. As always, drop a comment and tell us what you think about the week in Hackaday.

Download in DRM-free MP3 unencrypted and oxygen-free.

Continue reading “Hackaday Podcast Episode 325: The Laugh Track Machine, DIY USB-C Power Cables, And Plastic Punches”

This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down

Meshtastic just released an eye-watering 9.5 CVSS CVE, warning about public/private keys being re-used among devices. And I’m the one that wrote the code. Not to mention, I triaged and fixed it. And I’m part of Meshtastic Solutions, the company associated with the project. This is is the story of how we got here, and a bit of perspective.

First things first, what kind of keys are we talking about, and what does Meshtastic use them for? These are X25519 keys, used specifically for encrypting and authenticating Direct Messages (DMs), as well as optionally for authorizing remote administration actions. It is, by the way, this remote administration scenario using a compromised key, that leads to such a high CVSS rating. Before version 2.5 of Meshtastic, the only cryptography in place was simple AES-CTR encryption using shared symmetric keys, still in use for multi-user channels. The problem was that DMs were also encrypted with this channel key, and just sent with the “to” field populated. Anyone with the channel key could read the DM.

I re-worked an old pull request that generated X25519 keys on boot, using the rweather/crypto library. This sentence highlights two separate problems, that both can lead to unintentional key re-use. First, the keys are generated at first boot. I was made painfully aware that this was a weakness, when a user sent an email to the project warning us that he had purchased two devices, and they had matching keys out of the box. When the vendor had manufactured this device, they flashed Meshtastic on one device, let it boot up once, and then use a debugger to copy off a “golden image” of the flash. Then every other device in that particular manufacturing run was flashed with this golden image — containing same private key. sigh

Continue reading “This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down”

Hacker Tactic: ESD Diodes

A hacker’s view on ESD protection can tell you a lot about them. I’ve seen a good few categories of hackers neglecting ESD protection – there’s the yet-inexperienced ones, ones with a devil-may-care attitude, or simply those of us lucky to live in a reasonably humid climate. But until we’re able to control the global weather, your best bet is to befriend some ESD diodes before you get stuck having to replace a microcontroller board firmly soldered into your PCB with help of 40 through-hole pin headers.

Humans are pretty good at generating electric shocks, and oftentimes, you’ll shock your hardware without even feeling the shock yourself. Your GPIOs will feel it, though, and it can propagate beyond just the input/output pins inside your chip. ESD events can be a cause of “weird malfunctions”, sudden hardware latchups, chips dying out of nowhere mid-work – nothing to wish for.

Worry not, though. Want to build hardware that survives? Take a look at ESD diodes, where and how to add them, where to avoid them, and the parameters you want to keep in mind. Oh and, I’ll also talk about all the fancy ways you can mis-use ESD diodes, for good and bad alike!

Continue reading “Hacker Tactic: ESD Diodes”

ZPUI Could Be Your Tiny Embedded GUI

One of the most frustrating things to me is looking at a freshly-flashed and just powered up single board computer. My goal with them is always getting to a shell – installing packages, driving GPIOs, testing my proof of concept code, adjusting the device tree to load peripheral drivers. Before I can do any of that, I need shell access, and getting there can be a real hassle.

Time after time, I’ve struggled trying to get to a shell on an SBC. For best results, you’d want to get yourself a keyboard, monitor, and an Ethernet cable. Don’t have those, or there’s no space to place them? Maybe a UART connection will work for you – unless it’s broken or misconfigured. Check your pinouts twice. Sure, nowadays you can put WiFi credentials into a text file in /boot/ – but good luck figuring out the IP address, or debugging any mistakes you might make formatting the file. Nowadays, Pi 4 and 5 expose a USB gadget connection on the USB-C port, and that helps… unless you’re already powering the Pi from that port. There’s really no shortage of failure modes here.

If you put a Pi on your network and it goes offline, you generally just don’t know what happened unless you reboot it, which can make debugging into a living hell. I’ve dealt with single-board computers mounted above fiberglass lifted ceilings, fleets of Pi boards at workshops I organized, pocket-carried Pi boards, and at some point, I got tired of it all. A hacker-aimed computer is meant to be accessible, not painful.

Continue reading “ZPUI Could Be Your Tiny Embedded GUI”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Gaming Typewriter

Can you teach an old typewriter new tricks? You can, at least if you’re [maniek-86]. And a word to all you typewriter fanatics out there — this Optima SP 26 was beyond repair, lacking several internal parts.

A sleek typewriter with a monitor and a mouse.
Image by [maniek-86] via reddit
But the fully available keyboard was a great start for a gaming typewriter. So [maniek-86] crammed in some parts that were just laying around unused, starting with a micro-ATX motherboard.

But let’s talk about the keyboard. It has a standard matrix, which [maniek-86] hooked up to an Arduino Lenoardo. Although the keyboard has a Polish layout, [maniek-86] remapped it to English-US layout.

As you’ll see in the photos of the internals, this whole operation required careful Tetris-ing of the components to avoid overheating and ensure the cover could go back on.

The graphics were a bit of a challenge, since the motherboard had no PCI-E x16 slot. To address this, [maniek-86] used a riser cable, probably connected to a PCI-E x1 slot with an adapter, in order to use an NVIDIA GT 635 GPU. It can’t run AAA games at 4k, but you can bet that it’ll play Minecraft, Fortnite, or Dota 2 just fine.

Continue reading “Keebin’ With Kristina: The One With The Gaming Typewriter”