Hackaday Links: November 10, 2024

November 10, 2024 by Dan Maloney 21 Comments

Fair warning, while the first item this week has no obvious connection to hacking, when 43 Rhesus monkeys escape from a lab, it’s just something that needs to be discussed. The tiny primates broke free from Alpha Genesis, a primate research facility in South Carolina. The monkey jailbreak seems to have occurred sometime on Wednesday, shortly after which the sheriff of Beaufort County was notified to be on the lookout for the tribe. Luckily, none of the animals has been used in any kind of infectious disease research, so this likely won’t be the origin story for anything apocalyptic. At least some of the animals were quickly located, doing their monkey thing in the woods and getting to swing from real trees for probably the first time in their lives. Alpha Genesis employees are trying to lure the monkeys back to captivity with food, but we suspect they’re too smart for that. They’ll probably come back on their own recognizance or when they get bored and realize that the real world isn’t all they thought it would be. When it’s all done we’d love to hear details about the breakout; was it something the monkeys got together and planned, or did one of the humans mess up?

Continue reading “Hackaday Links: November 10, 2024” →

The Badge Hacks Of Supercon

November 9, 2024 by Elliot Williams 4 Comments

We just got home from Supercon and well, it was super. It was great to see everyone, and meet a whole bunch of new folks to boot! The talks were great, and you can see a good half of them already on the Hackaday YouTube channel, so for that you didn’t even have to be there.

The badge hacks were, as with most years, out of this world. I’ll admit that my cheeks were sore from laughing so much after emceeing it this year, due in no small part to two hilarious AI projects, both of which were also righteous hacks in addition to full-on comedy routines. A group of six programmers got all of their hacks working together, and the I2C-to-MQTT bridge had badges blinking in sync even in the audience. You want blinkies? We had blinkies.

But the hack that warmed everyones’ hearts was “I figured it out” by [Connie]. Before this weekend, she had never coded MicroPython and didn’t know anything about I2C. But yet by Sunday afternoon, she made a sweet spiral animation on the LED wheel, and blinked the RGBs in the touchwheel.

What I love about the Hackaday audience is that, when the chips are down, someone doing something new for the first time is valued as much as some of the more showy work done by more experienced programmers. Hacking is also about learning and pushing out boundaries after all. The shouts for “I figured it out” were louder than any others in the graphics hacks category, it took home a prize, and I was smiling from ear to ear.

Hackaday can learn from this too. [Connie]’s hack definitely shows the need for another badge-hack category, first timers, because we absolutely should recognize first tries. There was also a strong petition / protest from people who had worked new hacks onto previous year’s badges – like [Andy] and [koppanyh]’s addition of bit-banged I2C to the Voja 4 badge from two years ago, and [Instant Arcade]’s Polar Pacman, which he named “Ineligible for this Competition” in protest. Touche.

We’re stoked to learn new things, see new hacks, and basically just catch up with everything folks did over the weekend. We can’t wait to see what you’re up to next year!

Hackaday Podcast Episode 295: Circuit Graver, Zinc Creep, And Video Tubes

November 8, 2024 by Dan Maloney 1 Comment

With Superconference 2024 in the books, Dan joined Elliot, fresh off his flight back from Pasadena, to look through the week (or two) in hacks. It was a pretty good crop, too, despite all the distractions and diversions. We checked out the cutest little quadruped, a wireless antenna for wireless communications, a price-tag stand-in for paper calendars, and a neat way to test hardware and software together.

We take the closest look yet at why Arecibo collapsed, talk about Voyager’s recent channel-switching glitch, and find out how to put old Android phones back in action. There’s smear-free solder paste application, a Mims-worthy lap counter, and a PCB engraver that you’ve just got to see. We wrap things up with a look at Gentoo and pay homage to the TV tubes of years gone by — the ones in the camera, for the TV sets.

Download the zero-calorie MP3.

Continue reading “Hackaday Podcast Episode 295: Circuit Graver, Zinc Creep, And Video Tubes” →

This Week In Security: Linux VMs, Real AI CVEs, And Backscatter TOR DoS

November 8, 2024 by Jonathan Bennett 4 Comments

Steve Ballmer famously called Linux “viral”, with some not-entirely coherent complaints about the OS. In a hilarious instance of life imitating art, Windows machines are now getting attacked through malicious Linux VM images distributed through phishing emails.

This approach seems to be intended to fool any anti-malware software that may be running. The VM includes the chisel tool, described as “a fast TCP/UDP tunnel, transported over HTTP, secured via SSH”. Now that’s an interesting protocol stack. It’s an obvious advantage for an attacker to have a Linux VM right on a target network. As this sort of virtualization does require hardware virtualization, it might be worth disabling the virtualization extensions in BIOS if they aren’t needed on a particular machine.

AI Finds Real CVE

We’ve talked about some rather unfortunate use of AI, where aspiring security researchers asked an LLM to find vulnerabilities in a project like curl, and then completely wasted a maintainer’s time on those bogus reports. We happened to interview Daniel Stenberg on FLOSS Weekly this week, and after he recounted this story, we mused that there might be a real opportunity to use LLMs to find vulnerabilities, when used as a way to direct fuzzing, and when combined with a good test suite.

And now, we have Google Project Zero bringing news of their Big Sleep LLM project finding a real-world vulnerability in SQLite. This tool was previously called Project Naptime, and while it’s not strictly a fuzzer, it does share some similarities. The main one being that both tools take their educated guesses and run that data through the real program code, to positively verify that there is a problem. With this proof of concept demonstrated, it’s sure to be replicated. It seems inevitable that someone will next try to get an LLM to not only find the vulnerability, but also find an appropriate fix. Continue reading “This Week In Security: Linux VMs, Real AI CVEs, And Backscatter TOR DoS” →

Ask Hackaday: How Much Would You Stake On An Online Retailer

November 8, 2024 by Jenny List 69 Comments

On the bench where this is being written, there’s a Mitutoyo vernier caliper. It’s the base model with a proper vernier scale, but it’s beautifully made, and it’s enjoyable to see younger hardware hackers puzzle over how to use it. It cost about thirty British pounds a few years ago, but when it comes to quality metrology instruments that’s really cheap. The sky really is the limit for those in search of ultimate accuracy and precision. We can see then why this Redditor was upset when the $400 Mitutoyo they ordered from Amazon turned out to be nothing of the sort. We can’t even call it a fake, it’s just a very cheap instrument stuffed oddly, into a genuine Mitutoyo box.

Naturally we hope they received a refund, but it does raise the question when buying from large online retailers; how much are we prepared to risk? We buy plenty of stuff from AliExpress in out community, but in that case the slight element of chance which comes with random Chinese manufacture is offset by the low prices. Meanwhile the likes of Amazon have worked hard to establish themselves as trusted brands, but is that misplaced? They are after all simply clearing houses for third party products, and evidently have little care for what’s in the box. The £30 base model caliper mentioned above is an acceptable punt, but at what point should we go to a specialist and pay more for some confidence in the product?

It’s a question worth pondering as we hit the “Buy now” button without thinking. What’s your view? Let us know in the comments. Meanwhile, we can all be caught with our online purchases.

Thanks [JohnU] for the tip.

2023 Hackaday Supercon: One Year Of Progress For Project Boondock Echo

November 7, 2024 by Lewin Day 2 Comments

Do you remember the fourth-place winner in the 2022 Hackaday Prize? If it’s slipped your mind, that’s okay—it was Boondock Echo. It was a radio project that aimed to make it easy to record and playback conversations from two-way radio communications. The project was entered via Hackaday.io, the judges dug it, and it was one of the top projects of that year’s competition.

The project was the brainchild of Mark Hughes and Kaushlesh Chandel. At the 2023 Hackaday Supercon, Mark and Kaushlesh (KC) came back to tell us all about the project, and how far it had come one year after its success in the 2022 Hackaday Prize.

Continue reading “2023 Hackaday Supercon: One Year Of Progress For Project Boondock Echo” →

FLOSS Weekly Episode 808: Curl – Gotta Download ’em All

November 6, 2024 by Jonathan Bennett 9 Comments

This week, Jonathan Bennett and Randal Schwartz chat with Daniel Stenberg about curl! How many curl installs are there?! What’s the deal with CVEs? How has curl managed to not break its ABI for 18 years straight? And how did Daniel turn all this into a career instead of just a hobby? Watch to find out!

Continue reading “FLOSS Weekly Episode 808: Curl – Gotta Download ’em All” →