Hackaday Podcast Episode 304: Glitching The RP2350, Sim Sim Sim, And A Scrunchie Clock

January 17, 2025 by Dan Maloney 1 Comment

It’s podcast time again, and this week Dan sat down with Elliot for a look back at all the cool hacks we’ve written about. We started off talking about Hackaday Europe, which is coming up in March — seems unlikely that it’s just around the corner, but there it is. There’s also good news: the Hack Chat is back, and we started things off with a bang as Eben Upton stopped by to talk all things Pi. Separately, we talked about fault injection attacks, including how to find the hidden cup of 0xC0FFEE in an RP2350.

We saw a very cool piece of LED jewelry that does a fluid simulation, a direct conversion radio that’s all laid out in front of you, and the scrunchiest mechanical digital clock you’ll ever see. We saw blinkenlights for blinkenlights’ sake, all the ways to put threads in your prints, and how to ditch to coax and wire up your antennas with Cat 6 cable. Plus, it’s an Al Williams twofer in the Can’t-Miss Articles, with a look back at life before GPS and how you can tune into digital ham radio, no radio required.

Download the zero-calorie MP3.

Continue reading “Hackaday Podcast Episode 304: Glitching The RP2350, Sim Sim Sim, And A Scrunchie Clock” →

This Week In Security: Rsync, SSO, And Pentesting Mushrooms

January 17, 2025 by Jonathan Bennett 14 Comments

Up first, go check your machines for the rsync version, and your servers for an exposed rsync instance. While there are some security fixes for clients in release 3.4.0, the buffer overflow in the server-side rsync daemon is the definite standout. The disclosure text includes this bit of nightmare fuel: “an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on.”

A naive search on Shodan shows a whopping 664,955 results for rsync servers on the Internet. Red Hat’s analysis gives us a bit more information. The checksum length is specified by the remote client, and an invalid length isn’t properly rejected by the server. The effect is that an attacker can write up to 48 bytes into the heap beyond the normal checksum buffer space. The particularly dangerous case is also the default: anonymous access for file retrieval. Red Hat has not identified a mitigation beyond blocking access.

If you run servers or forward ports, it’s time to look at ports 873 and 8873 for anything listening. And since that’s not the only problem fixed, it’s really just time to update to rsync 3.4.0 everywhere you can. While there aren’t any reports of this being exploited in the wild, it seems like attempts are inevitable. As rsync is sometimes used in embedded systems and shipped as part of appliances, this particular bug threatens to have quite the long tail. Continue reading “This Week In Security: Rsync, SSO, And Pentesting Mushrooms” →

FLOSS Weekly Episode 816: Open Source AI

January 15, 2025 by Jonathan Bennett No comments

This week, Jonathan Bennett and Aaron Newcomb chat with Simon Phipps and Stefano Maffulli about Open Source AI. Why did we need a new definition? Has it been controversial? And why did OSI step into this particular conversation?

Continue reading “FLOSS Weekly Episode 816: Open Source AI” →

Hackaday Europe 2025 Tickets On Sale, And CFP Extended Until Friday

January 14, 2025 by Elliot Williams 6 Comments

We’re opening up shop for Hackaday Europe, so get your tickets now! We’ve managed to get the ticket price down a bit this year, so you can join in all the fun for $145. And if you’re reading this right now, snap up one of the $75 early bird tickets as fast as you can.

Hackaday Europe is going down again in Berlin this year, on March 15th and 16th at MotionLab. It’s going to be a day and a half of presentations, lightning talks, badge hacking, workshops, and more. This is where Hackaday hangs out in person, and it’s honestly just a great time – if your idea of a great time is trading favorite PCB design tricks, crafting crufty code, and generally trading tales of hardware derring-do.

In short, it’s the best of Hackaday, live and in person. Throughout the weekend, all the meals are catered, we’ve got live music at night, and the soldering irons will be warmed up for you. It’s going to be great!

If you’re in town on Friday the 14th, we’ll be meeting up in the evening to get together over some pre-event food and drink, sponsored by Crowd Supply. It’s a nice opportunity to break the ice, get to know the people you’re going to be spending the next 48 hours with, and just mingle without missing that great talk or wonderful workshop. Continue reading “Hackaday Europe 2025 Tickets On Sale, And CFP Extended Until Friday” →

Raspberry Pi Hack Chat With Eben Upton

January 13, 2025 by Dan Maloney 18 Comments

Join us on Wednesday, January 15 at noon Pacific for the Raspberry Pi Hack Chat with Eben Upton!

The Hack Chat has been on an extended hiatus, but we’re back for 2025 and coming strong out of the gate! We’ve been trying to get Raspberry Pi co-founder and CEO Eben Upton on the chat for a while, but there was that whole thing of taking the company public that probably distracted him a wee bit. That’s fine though, because we know he loves getting in the trenches with the hacker community and talking about the things we all love to talk about. It’s not often that you get a chance for a one-on-one like this, so make sure you join us with all your Pi-related questions.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, January 15 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

[Image credit: Sniper Zeta, CC BY-SA 4.0]

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Holey And Wholly Expensive Keyboard

January 13, 2025 by Kristina Panos 10 Comments

An Ultimate Hacking Keyboard (UHK) with DIY rainbow keycaps. — Image by [jwr] via reddit

The Ultimate Hacking Keyboard (UHK) line is, as the name suggests, a great choice for a lot of people. They’re each a toe-dip into the ergonomic waters with their split-ability and those beginner thumb clusters.

However, [jwr] was not completely satisfied and decided to make a custom set of keycaps. The idea was to create ‘caps without the “annoyingly abrasive texture of PBT”, that are larger than average for larger-than-average fingers. Finally, [jwr] wanted the Function row to tower over the number row a little, so these have a taller profile.

So, what are they made of? The look kind rubbery, don’t they? They are cast of pigmented polyurethane resin. First, [jwr] designed five molds in Fusion360, one for each row. Then it was time to machine master molds via CNC in foam tooling board. These were filled with silicone along with 3D-printed inserts, which produced silicone molds for casting keycaps four at a time in resin.

Continue reading “Keebin’ With Kristina: The One With The Holey And Wholly Expensive Keyboard” →

Hackaday Links: January 12, 2025

January 12, 2025 by Dan Maloney 5 Comments

The big news story of the week of course has been the wildfires in California, which as of Saturday have burned over 30,000 acres, destroyed 12,000 structures, caused 150,000 people to evacuate, and killed eleven people. Actually, calling them wildfires underplays the situation a bit because there are places where they’ve clearly become firestorms, burning intensely enough to create their own winds, consuming everything in their path in a horrific positive feedback loop. We’ve even seen fire tornados caught on video. We’ve got quite a few connections to the affected area, both personally and professionally, not least of which are all our Supplyframe colleagues in Pasadena, who are under immediate threat from the Eaton fire. We don’t know many details yet, but we’ve heard that some have lost homes. We’ve also got friends at the Jet Propulsion Labs, which closed a few days ago to all but emergency personnel. The fire doesn’t seem to have made it down the mountain yet, but it’s very close as of Saturday noon.

Continue reading “Hackaday Links: January 12, 2025” →