Hackaday Columns

4551 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Links Column Banner

Hackaday Links: October 6, 2024

October 6, 2024 by 22 Comments

Remember that time a giant cylindrical aquarium in a Berlin hotel bar catastrophically failed and left thousands of fish homeless? We sure do, and further recall that at the time, we were very curious about the engineering details of how this structure failed so spectacularly. At the time, we were sure there’d be plenty of follow-up on that score, but life happened and we forgot all about the story. Luckily, a faithful reader named Craig didn’t, and he helpfully ran down a few follow-up articles that came out last year that are worth looking at.

The first is from prosecutors in Berlin with a report offering three possibilities: that the adhesive holding together the acrylic panels of the aquarium failed; that the base of the tank was dented during recent refurbishment; or that the aquarium was refilled too soon after the repairs, leading to the acrylic panels drying out. We’re a little confused by that last one just from an intuitive standpoint, but each of these possibilities seems hand-wavy enough that the report’s executive summary could have been “Meh, Scheiße happens.”

Continue reading “Hackaday Links: October 6, 2024”

Where Is The End Of DIY?

October 5, 2024 by 72 Comments

Al and I were talking on the podcast about Dan Maloney’s recent piece on how lead and silver are refined and about the possibility of anyone fully understanding a modern cellphone. This lead to Al wondering at the complexity of the constructed world in which we live: If you think hard enough about anything around you right now, you’d probably be able to recreate about 0% of it again from first principles.

Smelting lead and building a cellphone are two sides of coin, in my mind. The process of getting lead out of galena is simple enough to comprehend, but it’s messy and dangerous in practice. Cellphones, on the other hand, are so monumentally complex that I’d wager that no single person could even describe all of the parts in sufficient detail to reproduce them. That’s why they’re made by companies with hundreds of engineers and decades of experience with the tech – the only way to build a cellphone is to split the complicated task into many subsystems.

Smelting lead is a bad DIY project because it’s simple in principle, but prohibitive in practice. Building a cellphone from the ground up is incomprehensible in principle, but ironically entirely doable in practice if you’re willing to buy into some abstractions.

Indeed, last week we saw a nearly completely open-source build of a simple smartphone, and the secret to making it work is knowing the limits of DIY. The cell modem, for instance, is a black box. It’s an abstract device that you can feed data to and read data from, and it handles the radio parts of the phone that would take forever to design from scratch. But you don’t need to understand its inner workings to use it. Knowing where the limits of DIY are in your project, where you’re willing to accept the abstraction and move on, can be critical to getting it done.

Of course, in an ideal world, you’d want the cell modem to be like smelting lead – something that’s possible to understand in principle but just not worth DIYing in practice. And of course, there are some folks out there who hack on cell modem firmware and others who could do the radio engineering. But despite my strong DIY urges, I’d have to admit that the essential complexity of the module simply makes it worth treating as a black box. It’s very probably the practical limit of DIY.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 291: Walking In Space, Lead In The Earth, And Atoms Under The DIY Microscope

October 4, 2024 by 2 Comments

What have you missed on Hackaday this week? Elliot Williams and Al Williams compare notes on their favorites from the week, and you are invited. The guys may have said too much about the Supercon badge this year — listen in for a few hints about what it will be about.

For hacks, you’ll hear about scanning tunneling microscopes, power management for small Linux systems, and lots of inertial measurement units. The guys talked about a few impossible hacks for consumer electronics, from hacking a laptop, to custom cell phones.

Of course, there are plenty more long-form articles of the week, including a brief history of what can go wrong on a spacewalk and how to get the lead out (of the ground). Don’t forget to take a stab at the What’s That Sound competition and maybe score a sweet Hackaday Podcast T-shirt.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Use this link to teleport a DRM-free MP3 to your location.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 291: Walking In Space, Lead In The Earth, And Atoms Under The DIY Microscope”

This Week In Security: Zimbra, DNS Poisoning, And Perfctl

October 4, 2024 by 6 Comments

Up first this week is a warning for the few of us still brave enough to host our own email servers. If you’re running Zimbra, it’s time to update, because CVE-2024-45519 is now being exploited in the wild.

That vulnerability is a pretty nasty one, though thankfully requires a specific change from default settings to be exposed. The problem is in postjournal. This logging option is off by default, but when it’s turned on, it logs incoming emails. One of the fields on an incoming SMTP mail object is the RCPT TO: field, with the recipients made of the to, cc, and bcc fields. When postjournal logs this field, it does so by passing it as a bash argument. That execution wasn’t properly sanitized, and wasn’t using a safe call like execvp(). So, it was possible to inject commands using the $() construction.

The details of the attack are known, and researchers are seeing early exploratory attempts to exploit this vulnerability. At least one of these campaigns is attempting to install webshells, so at least some of those attempts have teeth. The attack seems to be less reliable when coming from outside of the trusted network, which is nice, but not something to rely on.

New Tool Corner

What is that binary doing on your system? Even if you don’t do any security research, that’s a question you may ask yourself from time to time. A potential answer is WhoYouCalling. The wrinkle here is that WYC uses the Windows Event Tracing mechanism to collect the network traffic strictly from the application in question. So it’s a Windows only application for now. What you get is a packet capture from a specific executable and all of its children processes, with automated DNS capture to go along. Continue reading “This Week In Security: Zimbra, DNS Poisoning, And Perfctl”

Supercon 2023: [Cory Doctorow] With An Audacious Plan To Halt The Internet’s Enshittification And Throw It Into Reverse

October 3, 2024 by 69 Comments

Those of us old enough to remember BBS servers or even rainbow banners often go down the nostalgia hole about how the internet was better “back in the day” than it is now as a handful of middlemen with a stranglehold on the way we interact with information, commerce, and even other people. Where’s the disintermediated future we were promised? More importantly, can we make a “new good web” that puts users first? [Cory Doctorow] has a plan to reverse what he’s come to call enshittification, or the lifecycle of the extractionist tech platform, and he shared it with us as the Supercon 2023 keynote.

As [Doctorow] sees it, there’s a particular arc to every evil platform’s lifecycle. First, the platform will treat its users fairly and provide enough value to accumulate as many as possible. Then, once a certain critical mass is reached, the platform pivots to exploiting those users to sell them out to the business customers of the platform. Once there’s enough buy-in by business customers, the platform squeezes both users and businesses to eke out every cent for their investors before collapsing in on itself.

Doctorow tells us, “Enshittification isn’t inevitable.” There have been tech platforms that rose and fell without it, but he describes a set of three criteria that make the process unavoidable.

  1. Lack of competition in the market via mergers and acquisitions
  2. Companies change things on the back end (“twiddle their knobs”) to improve their fortunes and have a united, consolidated front to prevent any lawmaking that might constrain them
  3. Companies then embrace tech law to prevent new entrants into the market or consumer rights (see: DMCA, etc.)

Continue reading “Supercon 2023: [Cory Doctorow] With An Audacious Plan To Halt The Internet’s Enshittification And Throw It Into Reverse”

FLOSS Weekly Episode 803: Unconferencing With OggCamp

October 2, 2024 by 3 Comments

This week Jonathan Bennett and and Simon Phipps chat with Gary Williams about OggCamp! It’s the Free Software and Free culture unconference happening soon in Manchester! What exactly is an unconference? How long has OggCamp been around, and what should you expect to see there? Listen to find out!

Continue reading “FLOSS Weekly Episode 803: Unconferencing With OggCamp”

Retrotechtacular: Another Thing Your TV No Longer Needs

October 2, 2024 by 23 Comments

As Hackaday writers we don’t always know what our colleagues are working on until publication time, so we all look forward to seeing what other writers come up with. This week it was [Al Williams] with “Things Your TV No Longer Needs“, a range of gadgets from the analogue TV era, now consigned to the history books. On the bench here is a device that might have joined them, so in taking a look at it now it’s by way of an addendum to Al’s piece.

When VHF Was Not Enough

In a Dutch second-had store while on my hacker camp travels this summer, I noticed a small grey box. It was mine for the princely sum of five euros, because while I’d never seen one before I was able to guess exactly what it was. The “Super 2” weighing down my backpack was a UHF converter, a set-top box from before set-top boxes, and dating from the moment around five or six decades ago when that country expanded its TV broadcast network to include the UHF bands. If your TV was VHF it couldn’t receive the new channels, and this box was the answer to connecting your UHF antenna to that old TV.

It’s a relatively small plastic case about the size of a chunky paperback book, on the front of which is a tuning knob and scale in channels and MHz, on the top of which are a couple of buttons for VHF and UHF, and on the back are a set of balanced connectors for antennas and TV set. It’s mains powered, so there’s a mains lead with an older version of the ubiquitous European mains plug. Surprisingly it comes open with a couple of large coin screws on the underside, so it’s time to take a look inside. Continue reading “Retrotechtacular: Another Thing Your TV No Longer Needs”