Hackaday Columns

4120 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: LastPass Shoe Drops, Keys Lost, And Train Whistles Attack

September 8, 2023 by 8 Comments

There has been a rash of cryptocurrency thefts targeting some unexpected victims. Over $35 million has been drained from just over 150 individuals, and the list reads like a who’s-who of the least likely to fall for the normal crypto scams. There is a pattern that has been noticed, that almost all of them had a seed phrase stored in LastPass this past November when the entire LastPass database was breached.

The bulletproof security of the LastPass system depends in part on the rate limiting of authenticating with the LastPass web service. Additionally, accounts created before security improvements in 2018 may have had master passwords shorter than 12 characters, and the hash iterations on those accounts may have been set distressingly low. Since attackers have had unrestricted access to the database, they’ve been able to run offline attacks against accounts with very low iterations, and apparently that approach has been successful.

Microsoft’s Signing Key

You may remember a story from a couple months ago, where Microsoft found the Chinese threat group, Storm-0558, forging authentication tokens using a stolen signing key. There was a big open question at that point, as to how exactly an outside group managed to access such a signing key.

This week we finally get the answer. A crash log from 2021 unintentionally included the key, and Microsoft’s automated redaction system didn’t catch it. That crash dump was brought into development systems, and an engineer’s account was later accessed by Storm-0558. That key should not have worked for enterprise accounts, but a bug in a Microsoft key validation allowed the consumer systems key to work for enterprise accounts. Those issues have been fixed, but after quite a wild ride. Continue reading “This Week In Security: LastPass Shoe Drops, Keys Lost, And Train Whistles Attack”

2023 Cyberdeck Challenge: The Best Decks On The Net

September 7, 2023 by 2 Comments

It was an easy decision to run a Cyberdeck Challenge in 2023 — after all, it was far and away one of our most popular contests from last year. But what was much harder was sorting out the incredible array of bespoke computers that readers have been sending in for the last few months.

Our judges have painstakingly whittled down the list of entries to get our top three winners, each of which will be awarded $150 in credit from the good folks over at DigiKey. But there were simply too many fantastic custom computers in the running to let everyone else go home empty-handed, so we’ve decided to also break out some $50 Tindie gift cards for the decks that best exemplified this year’s special categories.

Without further ado, let’s take a tour through the judge’s top picks for this year’s Cyberdeck Challenge!

Continue reading “2023 Cyberdeck Challenge: The Best Decks On The Net”

Road Salt? Bah! New Roadway Material Promises A Better Solution To Snow And Ice

September 6, 2023 by 68 Comments

If you’ve ever lived somewhere it gets properly cold, you’ll know that winter’s icy grasp brings the inevitable challenge of keeping roadways safe. While road salt and gritting have long been the go-to solutions, their detrimental environmental impact and the potential for infrastructure degradation are well-documented.

However, a game-changing new development might just offer a brighter, greener solution. Just imagine it—roads that stay ice free without requiring regular attention. 

Continue reading “Road Salt? Bah! New Roadway Material Promises A Better Solution To Snow And Ice”

Jenny’s Daily Drivers: Raspberry Pi Desktop

September 5, 2023 by 31 Comments

One of the more exciting prospects upon receiving one of the earliest Raspberry Pi boards back in 2012 was that it was a fully-functional desktop computer in the palm of your hand. In those far-off days, the Debian OS distro for the board wasn’t even yet called Raspbian, but it would run a full-on desktop on your TV and you could use it after a fashion to browse the web or do wordprocessing. It wasn’t in any way fast, but it was usable enough to be more than a novelty. I’ve said before on these pages that the Raspberry Pi folks’ key product is their OS rather than their computers. While they rarely have the fastest or highest spec hardware, you can depend on Raspberry Pi OS being updated and supported through the life of the board unlike many of their competitors. I can download their latest OS image and still run it on that 2012 board, which to me ranks as a very laudable achievement.

The OS They Don’t Really Tell You About

Screenshot of the first i386 Pi desktop
The background image may have changed since the first release back in 2016, but the UI hasn’t.

Raspberry Pi OS doesn’t run on any other ARM single board computers but their own, but it’s not quite accurate to say that it only runs on Raspberry Pi hardware. Since 2016 when it was launched as PIXEL, the folks in Cambridge have also maintained a PC version for 32-bit i386 computers, now called Raspberry Pi Desktop. It may be the Pi product they don’t talk about much, but  you can still find it on their downloads page.

Like the ARM version, it’s based on Debian and presents as close as possible to the environment you’d find on your Pi. I’m interested to see whether it still lives up to the claim of being usable on older hardware, so I’ve downloaded a copy and installed it on my trusty 2007 Dell Inspiron 640. It rocks a 1.6 GHz Core Duo with 4 GB of memory and a SATA SSD so it’s not the lowest spec hardware on the block, but by 2023’s standard it represents a giveaway-spec old laptop. Can I use it as a daily driver? Let’s find out! Continue reading “Jenny’s Daily Drivers: Raspberry Pi Desktop”

Hackaday Links Column Banner

Hackaday Links: September 3, 2023

September 3, 2023 by 16 Comments

Right-to-repair has been a hot-button topic lately, with everyone from consumers to farmers pretty much united behind the idea that owning an item should come with a plausible path to getting it fixed if it breaks, or more specifically, that you shouldn’t be subject to prosecution for trying to repair your widget. Not everyone likes right-to-repair, of course — plenty of big corporations want to keep you from getting up close and personal with their intellectual property. Strangely enough, their ranks are now apparently joined by the Church of Scientology, who through a media outfit in charge of the accumulated works of Church founder L. Ron Hubbard are arguing against exemptions to the Digital Millennium Copyright Act (DMCA) that make self-repair possible for certain classes of devices. They apparently want the exemption amended to not allow self-repair of any “software-powered devices that can only be purchased by someone with particular qualifications or training or that use software ‘governed by a license agreement negotiated and executed’ before purchase.

Continue reading “Hackaday Links: September 3, 2023”

Hackaday Prize 2023: Gen5X A Generatively Designed 5-Axis 3D Printer

September 3, 2023 by 29 Comments

[Ric Real] is entering the 2023 Hackaday Prize with the Gen5X, a generatively designed 3D printed five-axis 3D printer. The concept is not a new one, with the type of construction being seen a few times here and there. In addition to the usual three directions of motion, we’re familiar with, with the cartesian bot design, these types of machines add an additional two rotation axes, one which can swing the build platform front and back around the X-axis, and a second that provides rotation around the Z-axis. These combined motions give rise to some very interesting capabilities, outside of our familiar 3D printing design constraints.

As for the generative side of things, this is a largely theoretical idea. Essentially the concept is that the machine’s design can be iteratively updated and optimised for performance to fit into the constraints of available hardware such as motors and other ‘vitamins’ needed to create the next generation of machines. The design files should be parameterised enough such that this optimisation process can be automated, potentially via input from AI, but we suspect we’re a way off from that yet. Whether this project as yet satisfies any of these lofty goals remains to be seen, but do keep an eye on it if you’re so inclined. There is a Fusion 360 project here to dig into, but if you’re not interested in the research side of the project, but just want to build a 5-axis machine to play with, then you can find the project source on the GitHub Page.

If this feels familiar, you’d be on the right track, as we covered at least one other 5D printer recently. We have also touched upon generative design at least once. We’re sure we will see more on this topic in the future.

Continue reading “Hackaday Prize 2023: Gen5X A Generatively Designed 5-Axis 3D Printer”

To Give Is Better Than To Receive

September 2, 2023 by 24 Comments

Better to give a talk at a hacker event, that is. Or in your hackerspace, or even just to a bunch of fellow nerds whenever you can. When you give the talk, don’t be afraid to make it too “easy” to understand. Making a tough topic comprehensible is often the sign that you really understand it, after all, and it’s also a fantastic service to the audience. And also don’t be afraid that your talk isn’t “hard core” enough, because with a diverse enough crowd, there will absolutely be folks for whom it’s still entirely new, and they’ll be thankful.

These were the conclusions I got from talking to a whole range of people at Chaos Communication Camp the weekend before last, and it’s one of the great opportunities when you go to an event like this. At Camp, there were a number of simultaneous stages, and with so many talks that new ones are still being released. That meant that everyone had their chance to say their bit, and many many did.

And that’s great. Because it’s obvious that getting the work done, or diving deep into a particular topic, is part of the hacker experience, but it’s also equally important to share what you’ve gained with the rest of the community. The principle of spreading the knowledge is a cornerstone of our culture, and getting people up to talk about what they’ve learned is the manifestation of this cultural value. If you know something, say something!

Of course, when you’re not at a conference, you could be writing up your hacks and sending them in to the tips line (hint, hint!). That’ll work too.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!