This Week In Security: Footguns, Bing Worms, And Gogs

November 22, 2024 by Jonathan Bennett 5 Comments

The world of security research is no stranger to the phenomenon of not-a-vulnerability. That’s where a security researcher finds something interesting, reports it to the project, and it turns out that it’s something other than a real security vulnerability. There are times that this just means a researcher got over-zealous on reporting, and didn’t really understand what was found. There is at least one other case, the footgun.

A footgun is a feature in a language, library, or tool that too easily leads to catastrophic mistake — shooting ones self in the foot. The main difference between a footgun and a vulnerability is that a footgun is intentional, and a vulnerability is not. That line is sometimes blurred, so an undocumented footgun could also be a vulnerability, and one possible solution is to properly document the quirk. But sometimes the footgun should really just be eliminated. And that’s what the article linked above is about. [Alex Leahu] takes a look at a handful of examples, which are not only educational, but also a good exercise in thinking through how to improve them.

Continue reading “This Week In Security: Footguns, Bing Worms, And Gogs” →

USB-C For Hackers: Reusing Cables

November 21, 2024 by Arya Voronova 83 Comments

Your project needs a cable, and since USB-C cables are omnipresent now, it’s only natural to want to reuse them for your evil schemes. Ever seen USB 3.0 cables used for PCIe link carrying duty? It’s because USB 3.0 cables are built to a reasonably high standard, both sockets and cables are easy to find, and they’re cheap. Well, USB-C cables beat USB 3.0 cables by all possible metrics.

Let’s go through USB-C cable reuse in great detail, and see just what exactly you get when you buy either a gas station C-C USB 2.0 cable, or, the fanciest all-features-supported 240 W Thunderbolt cable that money can buy. Looking for a cable to cut, or something to pass a seriously high-speed link? You’re reading the right article.

The Omnipresent Cables

USB-A to USB-C cables are the least interesting. They’re equivalent to a microUSB to USB-A cable, except there’s a resistor on the USB-C plug, connected from VBUS to one of the CC pins. That’s it. The cable contains four conductors, there’s really not much new. Save these cables for all the devices still built without the 5.1 kΩ resistors.

Now, a USB-C to USB-C cable – let’s say, 60 W max, the default USB-C cable capability. If your cable says anything less than 60 W, say, “2 A” or “15 W”, that’s a lie – it can handle 60 W no problem, all USB-C to C cables can do 60 W. This cable is also cool – for one, it has five conductors; GND, VBUS, D+, D-, and CC. Two of them (GND and VBUS) are guaranteed to be thick enough to carry 3 A without much voltage drop if any, too!

Continue reading “USB-C For Hackers: Reusing Cables” →

FLOSS Weekly Episode 810: A Rising Wallet Pays For All Boats

November 20, 2024 by Jonathan Bennett 2 Comments

This week, Jonathan Bennett, Randal Schwartz, and Aaron Newcomb chat about Linux, the challenges with using system modules like the Raspberry Pi, challenges with funding development, and more!

Continue reading “FLOSS Weekly Episode 810: A Rising Wallet Pays For All Boats” →

Boss Byproducts: Calthemites Are Man-Made Cave Dwellers

November 20, 2024 by Kristina Panos 6 Comments

Some lovely orange calthemite flowstone colored so by iron oxide from rusting steel reinforcing. Image via Wikipedia

At this point, we’ve learned about man-made byproducts and nature-made byproducts. But how about one that’s a little of both? I’m talking about calthemites, which are secondary deposits that form in those man-made caves such as parking garages, mines, and tunnels.

Calthemites grow both on and under these structures in forms that mimic natural cave speleothems like stalactites, stalagmites, flowstone, and so on. They are often the result of an hyperalkalinic solution of pH 9-14 seeping through a concrete structure to the point of coming into contact with the air on the underside. Here, carbon dioxide in the air facilitates the necessary reactions to secondarily deposit calcium carbonate.

These calcium carbonate deposits are usually white, but can be colored red, orange, or yellow thanks to iron oxide. If copper pipes are around, copper oxide can cause calthemites to be blue or green. As pretty as all that sounds, I didn’t find any evidence of these parking garage growths having been turned into jewelry. So there’s your million-dollar idea.

Continue reading “Boss Byproducts: Calthemites Are Man-Made Cave Dwellers” →

Supercon 2024 SAO Petal KiCad Redrawing Project

November 19, 2024 by Chris Lott 5 Comments

Last week I completed the SAO flower badge redrawing task, making a complete KiCad project. Most of the SAO petals are already released as KiCad projects, except for the Petal Matrix. The design features 56 LEDs arranged in eight spiral arms radiating from the center. What it does not feature are straight lines, right angles, nor parts placed on a regular grid.

Importing into KiCad

Circuit Notes for LEDs, Thanks to [spereinabox]

I followed the same procedures as the main flower badge with no major hiccups. This design didn’t have any released schematics, but backing out the circuits was straightforward. It also helped that user [sphereinabox] over on the Hackaday Discord server had rung out the LED matrix connections and gave me his notes.

Grep Those Positons

I first wanted to only read the data from the LEDs for analysis, and I didn’t need the full Kicad + Python scripting for that. Using grep on the PCB file, you get a text file that can be easily parsed to get the numbers. I confirmed that the LED placements were truly as irregular as they looked.

My biggest worry was how obtain and re-apply the positions and angles of the LEDs, given the irregular layout of the spiral arms. Just like the random angles of six SAO connector on the badge board, [Voja] doesn’t disappoint on this board, either. I fired up Python and used Matplotlib to get a visual perspective of the randomness of the placements, as one does. Due to the overall shape of the arms, there is a general trend to the numbers. But no obvious equation is discernable.

Continue reading “Supercon 2024 SAO Petal KiCad Redrawing Project” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Typo

November 18, 2024 by Kristina Panos 15 Comments

Ceci n’est pas une keyboard, sure. But it’s keyboard-adjacent, and how. [Joshua Bemenderfer]’s wrists are tired of moving off the keyboard in order to mouse, and he decided to create a trackball that can sit just below the Space bar. The idea is to get rid of the regular mouse entirely if this works out.

A split keyboard with a DIY trackball beneath the Space bar. — Image by [Joshua Bemenderfer] via Hackaday.IO

And sure, the Ploopy family of open-source mice would welcome him with open arms, but they don’t come cheap. [Joshua]’s plan here is to make something for under $10. Ideally, less than $5.

Starting with an off-the-shelf trackball, the first BOM came in around $25 if you throw in $5 for the 3D printing of the case. [Joshua] added some cheap ceramic bearings to make it better. Since this was still too high, he turned to the internals of cheap mice.

Trial and error has resulted in a 99-cent special from Ali being the idea candidate. There are even cheaper mice to be had, but this one has an ideal layout for doing a bit of surgery. It also requires remapping since [Joshua] is flipping the sensor upside down and using a POM ball on top of it. Now he just needs to figure out how to add buttons and make them split keyboard-friendly.

Continue reading “Keebin’ With Kristina: The One With The Typo” →

Hackaday Links: November 17, 2024

November 17, 2024 by Dan Maloney 18 Comments

A couple of weeks back, we covered an interesting method for prototyping PCBs using a modified CNC mill to 3D print solder onto a blank FR4 substrate. The video showing this process generated a lot of interest and no fewer than 20 tips to the Hackaday tips line, which continued to come in dribs and drabs this week. In a world where low-cost, fast-turn PCB fabs exist, the amount of effort that went into this method makes little sense, and readers certainly made that known in the comments section. Given that the blokes who pulled this off are gearheads with no hobby electronics background, it kind of made their approach a little more understandable, but it still left a ton of practical questions about how they pulled it off. And now a new video from the aptly named Bad Obsession Motorsports attempts to explain what went on behind the scenes.

Continue reading “Hackaday Links: November 17, 2024” →