Hackaday Podcast 234: Machines On Fire, Old Kinect New Kinect, And Birth Of The Breadboard

September 1, 2023 by Tom Nardi 6 Comments

It might sound like a joke, but this week, Elliot Williams and Tom Nardi start things off by asking how you keep a Polish train from running. Like always, the answer appears to be a properly modulated radio signal. After a fiery tale about Elliot’s burned beans, the discussion moves over to the adventure that is home CNC ownership, the final chapter in the saga of the Arecibo Telescope, and the unexpected longevity of Microsoft’s Kinect. Then it’s on to the proper way to cook a PCB, FFmpeg in the browser, and a wooden cyberdeck that’s worth carrying around. Finally, they’ll go over the next generation of diode laser engravers, and take a look back at the origins of the lowly breadboard.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download it yourself. You don’t need the cloud!

Continue reading “Hackaday Podcast 234: Machines On Fire, Old Kinect New Kinect, And Birth Of The Breadboard” →

This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack

September 1, 2023 by Jonathan Bennett 6 Comments

Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice something odd about those two vulnerabilities, but I promise the 2020 date is only the tip of the iceberg here.

Let’s start with PostgreSQL. That vulnerability was only present in version 12.2, which released in February of 2020, and was fixed with the 12.3 release in May of that same year. The problem is a stack buffer overflow, which doesn’t seem to enable code execution, but does cause a denial of service situation. To trigger the bug? Repeatedly send the PostgreSQL daemon the SIGHUP signal.

If you’re familiar with Linux signals, that might sound odd. See, the SIGHUP signal technically indicates the end of a user session, but most daemons use it to indicate a restart or reload request. And to send this signal, a user has to have elevated privileges — elevated enough to simply stop the daemon altogether. Put simply, it’s not a security vulnerability, just a minor bug.

And now on to curl — This one is just bizarre. The issue is a integer overflow in the --retry-delay argument, which specifies in seconds how often curl should retry a failing download. The value is multiplied by 1000 to convert to milliseconds, resulting in an overflow for very large values. The result of that overflow? A smaller value for the retry delay.

[Daniel Stenberg] makes the point that this tale is a wonderful demonstration of the brokenness of the CVE system and NVD’s handling of it. And in this case, it’s hard not to see this as negligence. We have to work really hard to construct a theoretical scenario where this bug could actually be exploited. The best I’ve been able to come up with is an online download tool, where the user can specify part of the target name and a timeout. If that tool had a check to ensure that the timeout was large enough to avoid excess traffic, this bug could bypass that check. Should we be assigning CVEs for that sort of convoluted, theoretical attack?

But here’s the thing, that attack scenario should rate something like a CVSS of 4.8 at absolute worst. NVD assigned this a 9.8. There’s no way you can squint at this bug hard enough to legitimately rank it that severe. At the time of writing, the NVD lists this as “UNDERGOING REANALYSIS”.
Continue reading “This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack” →

Logic Analyzers: Tapping Into Raspberry Pi Secrets

August 31, 2023 by Arya Voronova 45 Comments

Today, I’d like to highlight a tool that brings your hacking skills to a whole new level, and does that without breaking the bank – in fact, given just how much debugging time you can save, how many fun pursuits you can unlock, and the numerous features you can add, this might be one of the cheapest tools you will get. Whether it’s debugging weird problems, optimizing your code, probing around a gadget you’re reverse-engineering, or maybe trying to understand someone’s open-source library, you are likely missing out a lot if you don’t have a logic analyzer on hand!

It’s heartbreaking to me that some hackers still don’t know the value that a logic analyzer brings. Over and over again, tactical application of a logic analyzer has helped me see an entirely different perspective on something I was hacking on, and that’s just the thing I’d like to demonstrate today.

Diving In

A logic analyzer has a number of digital inputs, and it continuously reads the state of these digital inputs, sending them to your computer or showing them on a screen – it’s like a logic-level-only oscilloscope. If you have an I2C bus with one MCU controlling a sensor, connect a logic analyzer to the clock and data pins, wire up the ground, launch the logic analyzer software on your computer, and see what’s actually happening.

For instance, have you ever noticed the ID_SC and ID_SD pins on the Raspberry Pi GPIO connector? Are you wondering what they’re for? Don’t you want to check what actually happens on these pins? Let’s do that right now! Continue reading “Logic Analyzers: Tapping Into Raspberry Pi Secrets” →

Retro Gadgets: The 1974 Breadboard Project

August 29, 2023 by Al Williams 36 Comments

It is hard to imagine experimenting with electronics without the ubiquitous solderless breadboard. We are sure you have a few within arm’s reach. The little plastic wonders make it easy to throw together a circuit, try it, and then tear it down again. But, surprisingly, breadboards of that type haven’t always been around, and — for a while — they were also an expensive item. Maybe that’s what motivated [R. G. Cooper] to build Slip-n-Clip — his system for quickly building circuits that he published in a 1974 edition of the magazine Elementary Electronics.

The system isn’t really what you would think of as a breadboard today, but it was effective and certainly cheap to build. The biggest problem? It wasn’t something you’d use with DIP ICs. But in the early 1970s, you might not be building very much with ICs, and the ones you used might be in oddball transistor-like packages. Things were strange in the 70s!

A Brief History of Breadboards

In the very old days, people built radios and such on wooden substrates that were actually bread-cutting boards. That’s where the name came from. It was common to draw a diagram with the physical layout you had in mind, glue it to the board, and use it as a guide for building and troubleshooting. Wood was easy to drill and cut. A nail or a thumbtack would make dandy terminals. Probably the last time we saw that done was about a dozen years ago in Make Magazine. Even then, it was only a novelty — few people still build circuits like this, but you can see how [Colin] did it in the video below.

Continue reading “Retro Gadgets: The 1974 Breadboard Project” →

Maker Faire Hannover: The Right Way To Do It

August 28, 2023 by Jenny List 16 Comments

On these pages we bring you plenty of reports from events, most of which are from the hacker or hardware communities. These can be great fun to attend, but they’re not the only game in town when looking at things adjacent to our community. At what you might describe as the consumer end of the market there are the Maker Faires, which bring a much more commercial approach to a tech event. While so many of us are in Germany for Chaos Communication Camp there’s a maker faire ideally placed to drop in on the way back. We took the trip to Hannover, a large and rather pleasant city just off the Berlin to Amsterdam motorway roughly central to the top half of the country. It’s got one of the German emissions zones so without the green tax sticker in the car we took a park-and-ride on one of their clean and efficient trams to alight a short walk from the congress centre.

Plenty To See, And It’s Not All For Kids

An array of European electronic conference badges on show

Outside, a working forge

Face it, we all want a clock like this one!

Vintage test equipment

You may know Bitluni from many featured projects here.

A group of Germans who maintain a 1990s TV studio.

Hackaday’s first post, courtesy of the Wayback Machine and Makerspace Minden.

Continue reading “Maker Faire Hannover: The Right Way To Do It” →

Hackaday Links: August 27, 2023

August 27, 2023 by Dan Maloney 26 Comments

We mentioned last week how robotaxi provider Cruise was having a no-good, very bad week, after one of their driverless taxis picked a fight with a semi, and it was revealed that amorous San Franciscans were taking advantage of the privacy afforded by not having a driver in the front seat. It appears that we weren’t the only ones to notice all the bad news, since California’s Department of Motor Vehicles issued an order to the company to cut its robotaxi fleet in half. The regulatory move comes after a recent Cruise collision with a fire truck, which injured a passenger in the taxi. Curiously, the DMV order stipulates that Cruise can only operate 50 vehicles during the day, while allowing 150 vehicles at night. We’d have thought the opposite would make more sense, since driving at night is generally more difficult than during daylight hours. But perhaps the logic is that the streets are less crowded at night, whereas daytime is a more target-rich environment.

Continue reading “Hackaday Links: August 27, 2023” →

Hackaday Prize 2023: Jumperless, The Jumperless Jumperboard

August 25, 2023 by Dave Rowntree 9 Comments

Jumperless is a jumperless breadboard with multicolored LED visualization of signals in real-time. Sounds like magic? This beautifully executed entry to the 2023 Hackaday Prize by [Kevin Santo Cappuccio] uses a boatload of CH446Q analog switch ICs to perform the interconnect between the Raspberry Pi Pico header and the jumper board (or breadboard if you prefer.)

This will add some significant resistance, but for low currents and digital logic levels, this should not be a major concern. Additionally, there are two DAC channels and four ADC channels to help break out of the digital world, which could make for some very interesting non-trivial applications.

The visualization of the Pico header signals is solved neatly with a tiny wishbone-shaped PCB that is reverse-mounted to the back of the main board to illuminate upwards. The masking of the labels is done by using copper to mask off the individual signals and solder mask to draw in the legends. This PCB-level hacking is simply wonderful to see. The PCBs are designed with KiCAD, the design files for which you can find here. It appears however that [Kevin] needed to have the spring clips for the jumper board custom-made, so you’d need to contact them if you needed to get some for a build.

On the software side of things, [Kevin] currently recommends using Wokwi, to run the Arduino stack applications and to perform the signal routing to the virtual jumper board. You can follow how it works internally here. A Python-based bridge application runs on the host computer, which takes care of programming the interconnects as they are constructed, which looking at the demo in the embedded video, appears to ‘just work.’

One word of caution though — the bridge app uses Python requests and Beautiful Soup to scrape the Wowki project page, which could potentially make it vulnerable to getting out-of-sync with updates, so hopefully [Kevin] will keep track of this and keep them in sync.

Need some breadboarding tips? We got you covered. Talking of bread, here’s an 8-bit TTL breadboard-based CPU in a breadbin.

Continue reading “Hackaday Prize 2023: Jumperless, The Jumperless Jumperboard” →