Hackaday Columns

3955 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256

March 29, 2024 by 1 Comment

The Linux command wall is a hold-over from the way Unix machines used to be used. It’s an abbreviation of Write to ALL, and it was first included in AT&T Unix, way back in 1975. wall is a tool that a sysadmin can use to send a message to the terminal session of all logged-in users. So far nothing too exciting from a security perspective. Where things get a bit more interesting is the consideration of ANSI escape codes. Those are the control codes that moves the cursor around on the screen, also inherited from the olden days of terminals.

The modern wall binary is actually part of util-linux, rather than being a continuation of the old Unix codebase. On many systems, wall runs as a setgid, so the behavior of the system binary really matters. It’s accepted that wall shouldn’t be able to send control codes, and when processing a message specified via standard input, those control codes get rejected by the fputs_careful() function. But when a message is passed in on the command line, as an argument, that function call is skipped.

This allows any user that can send wall messages to also send ANSI control codes. Is that really a security problem? There are two scenarios where it could be. The first is that some terminals support writing to the system clipboard via command codes. The other, more creative issue, is that the output from running a binary could be overwritten with arbitrary text. Text like:
Sorry, try again.
[sudo] password for jbennett:

You may have questions. Like, how would an attacker know when such a command would be appropriate? And how would this attacker capture a password that has been entered this way? The simple answer is by watching the list of running processes and system log. Many systems have a command-not-found function, which will print the failing command to the system log. If that failing command is actually a password, then it’s right there for the taking. Now, you may think this is a very narrow attack surface that’s not going to be terribly useful in real-world usage. And that’s probably pretty accurate. It is a really fascinating idea to think through, and definitively worth getting fixed. Continue reading “This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256”

Fictional Computers: Colossus And Guardian

March 28, 2024 by 27 Comments

We can learn a lot by looking at how writers and filmmakers imagine technology. While some are closer than others, there are some definite lessons like never make a killer computer without an off switch you can reach. We are especially interested in how computers appear in books, movies, and TV shows, and so in Computers of Fiction, we want to remember with you some of our favorites. This time, we are thinking about the 1970 movie Colossus: The Forbin Project. There were actually two computers: the titular Colossus, which was an American computer, and the Guardian, a similar Soviet computer.

The Story

In the United States, Dr. Forbin has created a supercomputer deep under a mountain. Colossus, the computer, is put in charge of the nuclear arsenal to eliminate human error in the defense of the country. Colossus gathered intelligence, analyzed it, and was able to launch its own missiles.

Colossus realizes there is another system.

Shortly after activation, however, the computer reaches a startling conclusion: “WARN: THERE IS ANOTHER SYSTEM.” It provides coordinates in the Soviet Union. That system is a similar system called Guardian. The computers decide they want to talk to each other. The President decides to allow it, hoping to learn more about the Soviet’s secret computer. The Soviets agree, too, presumably for the same reason. You can watch the original trailer below.

Continue reading “Fictional Computers: Colossus And Guardian”

Retrotechtacular: TOPS Runs The 1970s British Railroad

March 27, 2024 by 29 Comments

How do you make the trains run on time? British Rail adopted TOPS, a computer system born of IBM’s SAGE defense project, along with work from Standford and Southern Pacific Railroad. Before TOPS, running the railroad took paper. Lots of paper, ranging from a train’s history, assignments, and all the other bits of data required to keep the trains moving. TOPS kept this data in real-time on computer screens all across the system. While British Rail wasn’t the only company to deploy TOPS, they were certainly proud of it and produced the video you can see below about how the system worked.

There are a lot of pictures of old big iron and the narrator says it has an “immense storage capacity.”  The actual computers in question were a pair of IBM System/370 mainframes that each had 4 MB of RAM. There were also banks of 3330 disk drives that used removable disk packs of — gasp — between 100 and 200 MB per pack.

As primitive and large as those disk drives were, they pioneered many familiar-sounding technologies. For example, they used voice coils, servo tracking, MFM encoding, and error-correcting encoding.

Continue reading “Retrotechtacular: TOPS Runs The 1970s British Railroad”

The Roller Ship Was Not An Effective Way To Cross The High Seas

March 27, 2024 by 25 Comments

Boats come in all shapes and sizes. We have container ships, oil tankers, old-timey wooden sailing ships, catamarans, trimarans, and all sorts besides. Most are designed with features that give them a certain advantage or utility that justifies their construction for a given application.

The roller ship, on the other hand, has not justified its own repeat construction. Just one example was ever built, which proved unseaworthy and impractical. Let’s explore this nautical oddity and learn about why it didn’t make waves as its inventor may have hoped.

Continue reading “The Roller Ship Was Not An Effective Way To Cross The High Seas”

2024 Hackaday Europe: Workshops Announced, Get Your Tickets

March 26, 2024 by 6 Comments

There are only a few weeks left until Hackaday Europe takes place in Berlin on April 13th and 14th. With only one full day of programming, we simply can’t run as many workshops as we do at Supercon, but what we do have should tickle your fancy. As if that weren’t enough, there will be at least a few other impromptu workshops and activities to distract you from the talks.

If you’re thinking of attending, get your tickets now for both the event and the workshops of your choice. There are only a few left, and workshops sell out like hotcakes.

Continue reading “2024 Hackaday Europe: Workshops Announced, Get Your Tickets”

Retrotechtacular: Build Your Own Dune Buggy, 1970s Style

March 26, 2024 by 21 Comments

The custom car phenomenon is as old as the second-hand car, yet somehow the decades which stick in the mind as their heyday are the 1960s and 1970s. If you didn’t have a dune buggy or a van with outrageously flared arches and an eye-hurting paint job you were nothing in those days — or at least that’s what those of us who were too young to possess such vehicles except as posters on our bedroom walls were led to believe. Periscope Films have put up a period guide from the early 1970s on how to build your own dune buggy, and can we just say it’s got us yearning to drive something just as outrageous?

Of course, auto salvage yards aren’t bursting with Beetles as donor cars in 2024, indeed the accident-damaged model used in the film would almost certainly now be lovingly restored instead of being torn apart to make a dune buggy. We’re taken through the process of stripping and shortening the Beetle floorpan, for which we’re thankful that in 2024 we have decent quality cutting disks, and watching the welder joining thin sheet metal with a stick welder gives us some serious respect for his skills.

Perhaps the part of this video most likely to raise a smile is how it portrays building a car as easy. Anyone who has ever hacked a car to pieces will tell you that’s the easy part, and it’s the building something from the pile of rusty parts which causes so many projects to fail. But given an accident damaged Beetle and a buggy kit in 1972 would we have dug in and given it a try? Of course!

We’ve touched on the Beetle’s hackability in the past, but some of us believe that the crown of most hackable car rests elsewhere.

Continue reading “Retrotechtacular: Build Your Own Dune Buggy, 1970s Style”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Pickle Pi

March 25, 2024 by 1 Comment

Image by [jefmer] via Hackaday.IO
The unstoppable [jefmer] wrote in to alert me to Pickle Pi, their latest Keebin’-friendly creation. Why “Pickle Pi”? Well, the Pi part should be obvious, but the rest comes from the Gherkin 30% ortholinear keyboard [jefmer] built with Gateron Yellows and, unfortunately, second-choice XDA keycaps, as the first batch were stolen off of the porch.

If you’re wondering where the rest of the keys are, they are accessible by holding various keys rather than tapping them. Shift is Shift when tapped held, but becomes Enter when tapped. [jefmer] wrote out their entire project description on the thing in order to break in the Gherkin.

The brains of this acrylic sandwich tablet is a Pi Zero 2, with a Pro Micro for the keyboard controller. Although programs like Ghostwriter and Thonny work fine, Chromium is “painfully slow” due to the RAM limitations of the Pi Zero 2. On the upside, battery life is 7-8 hours depending on usage. Even so, [jefmer] might replace it with a Pi 4 — the current battery pack won’t support a Pi 5.
Continue reading “Keebin’ With Kristina: The One With The Pickle Pi”