This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
The UK has the answer to all our IoT problems: banning bad default passwords. Additionally, the new UK law requires device makers to provide contact info for vulnerability disclosures, as well as a requirement to advertise vulnerability fix schedules. Is this going to help the security of routers, cameras, and other devices? Maybe a bit.
I would argue that default passwords are in themselves the problem, and complexity requirements only nominally help security. Why? Because a good default password becomes worthless once the password, or algorithm leaks. Let’s lay out some scenarios here. First is the static default password. Manufacturer X makes device Y, and sets the devices to username/password admin/new_Complex_P@ssword1!. Those credentials make it onto a default password list, and any extra security is lost.
What about those devices that have a different, random-looking password for each device? Those use an algorithm to derive that password from the MAC address and/or serial number. That may help the situation, but the algorithm can be retrieved from the firmware, and most serial numbers are predictable in one way or another. This approach is better, but not a silver bullet.
So what would a real solution to the password problem look like? How about no default password at all, but no device functionality until the new password passes a cracklib complexity and uniqueness check. I have seen a few devices that do exactly this. The requirement for a disclosure address is a great idea, which we’ve talked about before regarding the similar EU legislation.
This week Jonathan Bennett and Doc Searls sit down with Mathias Buus Madsen and Paolo Ardoino of Holepunch, to talk about the Pear Runtime and the Keet serverless peer-to-peer platform. What happens when you take the technology built for BitTorrent, and apply it to a messaging app? What else does that allow you to do? And what’s the secret to keeping the service running even after the servers go down?
In the previous installment in this series we looked at how to set up an Ada development environment, and how to compile and run a simple Ada application. Building upon this foundation, we will now look at how to create more complex applications, along with how to parse and use arguments passed to Ada applications on the command line (CLI). After all, passing flags and strings to CLI applications when we launch them is a crucial part of user interaction, as well as when automating systems as is the case with system services.
The way that a program is built-up is also essential, as well-organized code eases maintenance and promotes code reusability through e.g. modularity. In Ada you can organize subprograms (i.e. functions and procedures) in a declarative fashion as stand-alone units, as well as embed subprograms in other subprograms. Another option is packages, which roughly correspond to C++ namespaces, while tagged types are the equivalent of classes. In the previous article we already saw the use of a package, when we used the Ada.Text_IO package to output text to the CLI. In this article we’ll look at how to write our own alongside handling command line input, after a word about the role of the binding phase during the building of an Ada application.
If you ever wondered just what it takes to build a modern device like a phone, you should have come to last year’s Supercon and talked with [Jose Angel Torres]. He’s an engineer whose passion into investigating what makes modern devices tick is undeniable, and he tells us all about where his forays have led so far – discovering marvels that a Western hacker might not be aware of.
Six years ago, he has moved to China, having previously been responsible for making sure that their Chinese subcontractors would manufacture things in the right ways. Turns out, doing that while being separated by an ocean set up more than just the timezone barriers – they were communicating between different worlds.
[Jose] tells us of having learned Chinese on the spot, purely from communicating with people around him, and it’s no wonder he’s had the motivation! What he’s experienced is being at the heart of cycle of hardware life, where devices are manufactured, taken apart and rebuilt anew. Here’s how he tapped into that cycle, and where he’s heading now.
Home automation is huge right now in consumer electronics, but despite the wide availability of products on the market, hackers and makers are still spinning up their own solutions. It could be because their situations are unique enough that commercial offerings wouldn’t cut it, or perhaps they know how cheaply many automation tasks can be implemented with today’s microcontrollers. Still others go the DIY route because they’re worried about the privacy implications of pushing such a system into the cloud.
Seeing how many of you were out there brewing bespoke automation setups gave us the idea for this year’s Home Sweet Home Automation contest, which just wrapped up last week. We received more than 80 entries for this one, and the competition was fierce. Judging these contests is always exceptionally difficult, as nearly every entry is a standout accomplishment in its own way.
But the judges forged ahead valiantly, and we now have the top three projects which will be receiving $150 in store credit from the folks at DigiKey.
One of the most basic tools for tinkering with electronics is a multimeter. Today, even a cheap meter has capabilities that would have been either very expensive or unobtainable back in the 1970s. Still, even then, a meter was the most affordable way to do various tasks around the shop. Is this cable open? Are these two wires shorted? What’s the value of this resistor? Is the circuit getting power? Is the line voltage dropping? You can answer all those questions — and many more — with a basic meter. But there’s one thing that hasn’t changed much over the years: probes. That’s a shame because there are a lot of useful options.
The probes that came with your meter probably have much in common with the probes a 1970-era meter had. Yeah, the banana plugs probably have a little plastic cover, and the plastic itself might be a little different. Parts are small these days, so the tips might be a little finer than older probes. But if you sent your probes back in time, few people would notice them.
The Blinders Syndrome
One problem is that those probes are usually good enough. We’ve all clipped an alligator clip to a test probe. I’ve even fashioned super pointy probes out of syringes. Years ago, I bought an expensive kit with many attachments I rarely use, like little hooks and spade lugs. Then, I happened to go down the wrong aisle at Harbor Freight.
Back probes ready for action.
In the automotive section, I noticed a tidy plastic box labeled “22 pc. back probe kit.” I’d never heard the term “back probe,” but it was clearly some sort of wire. It turns out the kit has a bunch of very fine needles on banana jacks and some patch cables to connect them to your meter.
They are “back probes” because you can jam them in the back of connectors next to the wire. There are five colors of needles, and each color set has three items: a straight needle, a bent needle, and a 90-degree bend needle.
I’d never heard of this, and that started me down the rabbit hole of looking at what other exotic probes were out there. If you search the usual sources for “back probe,” you’ll see plenty of variations. There are also tons of inexpensive probe kits with many useful tips for different situations. Like everything, the price was much lower than I had paid for the rarely used kit I bought years ago. The only thing I really use out of that kit are the test hook clips and you can buy those now for a few bucks that just push over your probes.
Choices
Wire-piercing probe works best for larger wires.
You could probably use the needles to stick through insulation, too. But if that’s your goal, they make piercing clip test probes specifically for that purpose. A little plastic holder has a hook for your wire and a needle that threads in to penetrate the wire.
These alligator clips fit over most probes.
I also picked up some little alligator clips that slide over standard 2mm probe tips. These are very handy and prevent you from having to clip a lead to your probe so you can clip the other end to the circuit. However, if you look for a “test lead kit,” you’ll find many options for about $20. One kit had interchangeable probe tips, alligator clips, spades, SMD tweezers, and tiny hooks for IC legs. The alligator clips on the one I bought are the newer style that has a solid insulating body — not the cheap rubbery covers. They feel better and are easier to handle, too.
Breadboarding
Some of the accessories in the test probe kit.
Of course, you can make your own solderless breadboard jumpers, and you’ve probably seen that you can buy jumpers of various kinds. But if you search, you can even find test probes with breadboard wire ends. The other end will terminate in a test hook or alligator clips. You can also get them with banana plugs on the end to plug right into your meter. You can usually find versions with the male pin for a breadboard or a female receptacle for connecting to pins.
Well, it’s official — AI is ruining everything. That’s not exactly news, but learning that LLMs are apparently being used to write scientific papers is a bit alarming, and Andrew Gray, a librarian at University College London, has the receipts. He looked at a cross-section of scholarly papers from 2023 in search of certain words known to show up more often in LLM-generated text, like “commendable”, “intricate”, or “meticulous”. Most of the words seem to have a generally positive tone and feel a little fancier than everyday speech; one rarely uses “lucidly” or “noteworthy” unless you’re trying to sound smart, after all. He found increases in the frequency of appearance of these and other keywords in 2023 compared to 2022, when ChatGPT wasn’t widely available.
