Thanks For Hackaday Europe!

March 22, 2025 by Elliot Williams 10 Comments

We just got back from Hackaday Europe last weekend, and we’re still coming down off the high. It was great to be surrounded by so many crazy, bright, and crazy-bright folks all sharing what they are pouring their creative energy into. The talks were great, and the discussions and impromptu collaborations have added dramatically to our stack of to-do projects. (Thanks?) Badges were hacked, stories were shared, and a good time was had by all.

At the event, we were approached by someone who wanted to know if we could replicate something like Hackaday Europe in a different location, one where there just isn’t as vibrant a hacking scene. And the answer, of course, was maybe, but probably not.

It’s not that we don’t try to put on a good show, bring along fun schwag, and schedule up a nice location. But it’s the crowd of people who attend who make a Hackaday event a Hackaday event. Without you all, it just wouldn’t work.

So in that spirit, thanks to everyone who attended, and who brought along their passions and projects! It was great to see you all, and we’ll do it again soon.

Hackaday Podcast Episode 313: Capacitor Plague, Wireless Power, And Tiny Everything

March 21, 2025 by Jenny List 3 Comments

We’re firmly in Europe this week on the Hackaday podcast, as Elliot Williams and Jenny List are freshly returned from Berlin and Hackaday Europe. A few days of mingling with the Hackaday community, going through mild panic over badges and SAOs, and enjoying the unique atmosphere of that city.

After discussing the weekend’s festivities we dive right into the hacks, touching on the coolest of thermal cameras, wildly inefficient but very entertaining wireless power transfer, and a restrospective on the capacitor plague from the early 2000s. Was it industrial espionage gone wrong, or something else? We also take a moment to consider spring PCB cnnectors, as used by both one of the Hackaday Europe SAOs, and a rather neat PCB resistance decade box, before looking at a tryly astounding PCB blinky that sets a new miniaturisation standard.

In our quick roundup the standouts are a 1970s British kit synthesiser and an emulated 6502 system written in shell script, and in the can’t-miss section we look at a new contender fro the smallest microcontroller, and the posibility that a century of waste coal ash may conceal a fortune in rare earth elements.

Follow the link below, to listen along!

Want the podcast in MP3? Get it in MP3!

Continue reading “Hackaday Podcast Episode 313: Capacitor Plague, Wireless Power, And Tiny Everything” →

This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And Paragon

March 21, 2025 by Jonathan Bennett 4 Comments

Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially means automatic builds of a project. Time to make a release? CI run. A commit was pushed? CI run. For some projects, even pull requests trigger a CI run. It’s particularly handy when the project has a test suite that can be run inside the CI process.

Doing automated builds may sound straightforward, but the process includes checking out code, installing build dependencies, doing a build, determining if the build succeeded, and then uploading the results somewhere useful. Sometimes this even includes making commits to the repo itself, to increment a version number for instance. For each step there are different approaches and interesting quirks for every project. Github handles this by maintaining a marketplace of “actions”, many of which are community maintained. Those are reusable code snippets that handle many CI processes with just a few options.

One other element to understand is “secrets”. If a project release process ends with uploading to an AWS store, the process needs an access key. Github stores those secrets securely, and makes them available in Github Actions. Between the ability to make changes to the project itself, and the potential for leaking secrets, it suddenly becomes clear why it’s very important not to let untrusted code run inside the context of a Github Action.

And this brings us to what happened last Friday. One of those community maintained actions, tj-actions/changed-files, was modified to pull an obfuscated Python script and run it. That code dumps the memory of the Github runner process, looks for anything there tagged with isSecret, and writes those values out to the log. The log, that coincidentally, is world readable for public repositories, so printing secrets to the log exposes them for anyone that knows where to look.

Researchers at StepSecurity have been covering this, and have a simple search string to use: org:changeme tj-actions/changed-files Action. That just looks for any mention of the compromised action. It’s unclear whether the compromised action was embedded in any other popular actions. The recommendation is to search recent Github Action logs for any mention of changed-files, and start rotating secrets if present. Continue reading “This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And Paragon” →

Linux Fu: A Warp Speed Prompt

March 20, 2025 by Al Williams 26 Comments

If you spend a lot of time at the command line, you probably have either a very basic prompt or a complex, information-dense prompt. If you are in the former camp, or you just want to improve your shell prompt, have a look at Starship. It works on the most common shells on most operating systems, so you can use it everywhere you go, within reason. It has the advantage of being fast and you can also customize it all that you want.

What Does It Look Like?

It is hard to explain exactly what the Starship prompt looks like. First, you can customize it almost infinitely, so there’s that. Second, it adapts depending on where you are. So, for example, in a git-controlled directory, you get info about the git status unless you’ve turned that off. If you are in an ssh session, you’ll see different info than if you are logged in locally.

However, here’s a little animation from their site that will give you an idea of what you might expect: Continue reading “Linux Fu: A Warp Speed Prompt” →

FLOSS Weekly Episode 825: Open Source CI With Semaphore

March 19, 2025 by Jonathan Bennett No comments

This week, Jonathan Bennett and Ben Meadors talk to Darko Fabijan about Semaphore, the newly Open Sourced Continuous Integration solution! Why go Open, and how has it gone so far? Watch to find out!

Continue reading “FLOSS Weekly Episode 825: Open Source CI With Semaphore” →

From The Ashes: Coal Ash May Offer Rich Source Of Rare Earth Elements

March 19, 2025 by Dan Maloney 42 Comments

For most of history, the world got along fine without the rare earth elements. We knew they existed, we knew they weren’t really all that rare, and we really didn’t have much use for them — until we discovered just how useful they are and made ourselves absolutely dependent on them, to the point where not having them would literally grind the world to a halt.

This dependency has spurred a search for caches of rare earth elements in the strangest of places, from muddy sediments on the sea floor to asteroids. But there’s one potential source that’s much closer to home: coal ash waste. According to a study from the University of Texas Austin, the 5 gigatonnes of coal ash produced in the United States between 1950 and 2021 might contain as much as $8.4 billion worth of REEYSc — that’s the 16 lanthanide rare earth elements plus yttrium and scandium, transition metals that aren’t strictly rare earths but are geologically associated with them and useful in many of the same ways. Continue reading “From The Ashes: Coal Ash May Offer Rich Source Of Rare Earth Elements” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Cheesy Keyboard

March 18, 2025 by Kristina Panos 4 Comments

Let’s just kick things off in style with the fabulously brutalist Bayleaf wireless split from [StunningBreadfruit30], shall we? Be sure to check out the wonderful build log/information site as well for the full details.

Image by [StunningBreadfruit30] via reddit

Here’s the gist: this sexy split grid of beautiful multi-jet fusion (MJF) keycaps sits on top of Kailh PG1316S switches. The CNC-machined aluminium enclosure hides nice!nano boards with a sweet little dip in each one that really pull the keyboard together.

For the first serious custom build, [StunningBreadfruit30] wanted a polished look and finish, and to that I say wow, yes; good job, and nod enthusiastically as I’m sure you are. Believe it or not, [StunningBreadfruit30] came into this with no CAD skills at all. But it was an amazing learning experience overall, and an even better version is in the works.

I didn’t read the things. Is it open-source? It’s not, at least not at this time. But before you get too-too excited, remember that it cost $400 to build, and that doesn’t even count shipping or the tools that this project necessitated purchasing. However, [StunningBreadfruit30] says that it may be for sale in the future, although the design will have an improved sound profile and ergonomics. There’s actually a laundry list of ideas for the next iteration. Continue reading “Keebin’ With Kristina: The One With The Cheesy Keyboard” →