Hackaday Podcast Episode 283: Blinding Lasers, LEDs, And ETs

Hackaday Editors Elliot Williams and Al Williams reflect on the fact that, as humans, we have–at most–two eyes and no warp drives. While hacking might not be the world’s most dangerous hobby, you do get to work with dangerous voltages, temperatures, and frickin’ lasers. Light features prominently, as the guys talk about LED data interfaces, and detecting faster-than-light travel.

There’s also a USB sniffer, abusing hot glue, and some nostalgia topics ranging from CRT graphics to Apollo workstations (which have nothing directly to do with NASA). The can’t miss articles this week cover hacking you and how you make the red phone ring in the middle of a nuclear war.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

As always, please download the file to archive in your doomsday bunker.

Continue reading “Hackaday Podcast Episode 283: Blinding Lasers, LEDs, And ETs”

This Week In Security: GhostWrite, Localhost, And More

You may have heard some scary news about RISC-V CPUs. There’s good news, and bad news, and the whole thing is a bit of a cautionary tale. GhostWrite is a devastating vulnerability in a pair of T-Head XuanTie RISC-V CPUs. There are also unexploitable crashes in another T-Head CPU and the QEMU soft core implementation. These findings come courtesy of a group of researchers at the CISPA Helmholtz Center for Information Security in Germany. They took at look at RISC-V cores, and asked the question, do any of these instructions do anything unexpected? The answer, obviously, was “yes”.

Undocumented instructions have been around just about as long as we’ve had Van Neumann architecture processors. The RISC-V ISA put a lampshade on that reality, and calls them “vendor specific custom ISA extensions”. The problem is that vendors are in a hurry, have limited resources, and deadlines wait for no one. So sometimes things make it out the door with problems. To find those problems, CISPA researchers put together a test framework is called RISCVuzz, and it’s all about running each instruction on multiple chips, and watching for oddball behavior. They found a couple of “halt-and-catch-fire” problems, but the real winner (loser) is GhostWrite.

Now, this isn’t a speculative attack like Meltdown or Spectre. It’s more accurate to say that it’s a memory mapping problem. Memory mapping helps the OS keep programs independent of each other by giving them a simplified memory layout, doing the mapping from each program to physical memory in the background. There are instructions that operate using these virtual addresses, and one such is vs128.v. That instruction is intended to manipulate vectors, and use virtual addressing. The problem is that it actually operates directly on physical memory addresses, even bypassing cache. That’s not only memory, but also includes hardware with memory mapped addresses, entirely bypassing the OS. This instruction is the keys to the kingdom. Continue reading “This Week In Security: GhostWrite, Localhost, And More”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The KiCad Plugin

A low-profile split keyboard with a sliding, round track pad on each half.
Image by [fata1err0r81] via reddit
The most striking feature of the Tenshi keyboard has to be those dual track pads. But then you notice that [fata1err0r81] managed to sneak in two extra thumb keys on the left, and that those are tilted for comfort and ease of actuation.

The name Tenshi means ‘angel’ in Japanese, and creator [fata1err0r81] says that the track pads are the halos. Each one slides on a cool 3D-printed track that’s shaped like a half dovetail joint, which you can see it closer in this picture.

Tenshi uses a pair of RP2040 Zeros as controllers and runs QMK firmware. The track pads are 40 mm each and come from Cirque. While the Cirques have been integrated into QMK, the pull request for ZMK has yet to be merged in. And about those angled keys — [fata1err0r81] says they tried risers, but the tilting feels like less effort. Makes total sense to me, but then again I’m used to a whole keyboard full of tilted keys.

Continue reading “Keebin’ With Kristina: The One With The KiCad Plugin”

FLOSS Weekly Episode 795: Liferay, Now We’re Thinking With Portals

This week Jonathan Bennett and Doc Searls chat with Olaf Kock and Dave Nebinger about Liferay! That’s a Java project that started as an implementation of a web portal, and has turned into a very flexible platform for any sort of web application. How has this Open Source project turned into a very successful business? And how is it connected to most iconic children’s educational show of all time? Listen to find out!

Continue reading “FLOSS Weekly Episode 795: Liferay, Now We’re Thinking With Portals”

On Carbon Fiber Types And Their Carcinogenic Risks

Initially only seeing brief popular use as the filament in incandescent lighting, carbon fibers (CF) experienced a resurgence during the 20th century as part of composite materials that are lighter and stronger than materials like steel and aluminium, for use in aircraft, boats and countless more applications. This rising popularity has also meant that the wider population is now exposed to fragments of CF, both from using CF-based products as well as from mechanically processing CF materials during (hobby) projects.

It is this popularity that has also led to the addition of short CF sections to FDM 3D printing filaments, where they improve the mechanical properties of the printed parts. However, during subsequent mechanical actions such as sanding, grinding, and cutting, CF dust is created and some fraction of these particles are small enough to be respirable. Of these, another fraction will bypass the respiratory system’s dust clearing mechanisms, to end up deep inside the lungs. This raises the question of whether CF fragments can be carcinogenic, much like the once very popular and very infamous example of asbestos mineral fibers.

Continue reading “On Carbon Fiber Types And Their Carcinogenic Risks”

Tickets For Supercon 2024 Go On Sale Now!

Tickets for the 2024 Hackaday Supercon are on sale now! Go and get yours while they’re still hot. True-Believer Tickets are half-price at $148 (plus fees), and when that pile of 100 is gone, regular admission is $296 (plus fees).

Come join us on November 1st-3rd in sunny Pasadena, CA, for three days of talks, demos, badge hacking, workshops, and the sort of miscellaneous hardware shenanigans that make Hackaday Hackaday! If you’ve never been to a Supercon, now is the best time to check that off your bucket list. And if you’re a seven-time veteran, we’re stoked to see you again. Supercon is like a year’s worth of posts in one weekend. You don’t want to miss it.

Friday, November 1st, is our chill-out day. You can roll in as soon as the doors open in the morning, get your badge and some bagels, and get down to hacking. Or you can start socializing early. Or, as it almost always happens, both at once. We’ll have food and music and even a few workshops, but for the most part, Fridays are what you all make of them. And we love it that way.

Talks start up on Saturday on both stages, along with the soldering contest and an alley full of hackers. We’ll close out the evening with a special celebration, but more on that in a minute.

On Sunday, in addition to the usual slate of talks, we’ve set aside a big block of time for Lightning Talks. These are seven-minute quickies where you get to tell the bigger Hackaday community what you’re up to. A short talk like this forces you to condense the story down to its essence while giving tons of people their fifteen minutes of fame in half the time! If you’ve got a Lightning Talk that you’d like to present, let us know! We’ll try to fit in everyone we can.

Wrapping up Sunday evening, we’ll give you a chance to show off whatever badge hacks you’ve been working on over the weekend. We love the badge hacking demo because it allows us to see a wide (and wild) range of projects, all of which were put together in record time. Whether funny, flashy, or phenomenal, we want to see what you’ve been up to. Continue reading “Tickets For Supercon 2024 Go On Sale Now!”

Embedded Python: MicroPython Toolkits

Last time, I talked about how MicroPython is powerful and deserving of a place in your toolkit, and it made for a lively discussion. I’m glad to see that overall, MicroPython has indeed been getting the recognition it deserves – I’ve built a large number of wonderful projects with it, and so have people I’ve shown it to!

Sometimes I see newcomers dissatisfied with MicroPython, because the helper tools they initially pick don’t suit it well. For instance, they try and start out with a regular serial terminal application that doesn’t fit the MicroPython constraints, or a general IDE that requires a fair bit of clicking around every time you need to run your code. In particular, I’d make sure that you know your options no matter whether you prefer GUI or commandline – both have seriously nice tools for MicroPython use!

The main problem to be solved with MicroPython is that you have a single serial port that everything happens through – both file upload and also debugging. For ESP8266/32-based boards, it’s a physical serial port, and for chips like RP2040 and ESP32-S* where a hardware USB peripheral is available, it’s a virtual one – which makes things harder because the virtual port might get re-enumerated every now and then, possibly surprising your terminal application. If you want to upload a program of yours, you need to free up the serial port, and to see the program’s output, you will need to reopen that port immediately after – not a convenient thing to do if you’re using something like PuTTy.

So, using MicroPython-friendly software is a must for a comfortable hacking experience. What are your options? Continue reading “Embedded Python: MicroPython Toolkits”