Hackaday Columns

4441 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast Episode 270: A Cluster Of Microcontrollers, A Rocket Engine From Scratch, And A Look Inside Voyager

May 10, 2024 by No comments

Join Hackaday Editors Elliot Williams and Tom Nardi as they get excited over the pocket-sized possibilities of the recently announced 2024 Business Card Challenge, and once again discuss their picks for the most interesting stories and hacks from the last week. There’s cheap microcontrollers in highly parallel applications, a library that can easily unlock the world of Bluetooth input devices in your next project, some gorgeous custom flight simulator buttons that would class up any front panel, and an incredible behind the scenes look at how a New Space company designs a rocket engine from the ground up.

Stick around to hear about the latest 3D printed gadget that all the cool kids are fidgeting around with, a brain-computer interface development board for the Arduino, and a WWII-era lesson on how NOT to use hand tools. Finally, learn how veteran Hackaday writer Dan Maloney might have inadvertently kicked off a community effort to digitize rare documentation for NASA’s Voyager spacecraft.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download your very own copy of the podcast right about here.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 270: A Cluster Of Microcontrollers, A Rocket Engine From Scratch, And A Look Inside Voyager”

This Week In Security: TunnelVision, Scarecrows, And Poutine

May 10, 2024 by 9 Comments

There’s a clever “new” attack against VPNs, called TunnelVision, done by researchers at Leviathan Security. To explain why we put “new” in quotation marks, I’ll just share my note-to-self on this one written before reading the write-up: “Doesn’t using a more specific DHCP route do this already?” And indeed, that’s the secret here: in routing, the more specific route wins. I could not have told you that DHCP option 121 is used to set extra static routes, so that part was new to me. So let’s break this down a bit, for those that haven’t spent the last 20 years thinking about DHCP, networking, and VPNs.

So up first, a route is a collection of values that instruct your computer how to reach a given IP address, and the set of routes on a computer is the routing table. On one of my machines, the (slightly simplified) routing table looks like:

# ip route
default via 10.0.1.1 dev eth0
10.0.1.0/24 dev eth0

The first line there is the default route, where “default” is a short-hand for 0.0.0.0/0. That indicate a network using the Classless Inter-Domain Routing (CIDR) notation. When the Internet was first developed, it was segmented into networks using network classes A, B, and C. The problem there was that the world was limited to just over 2.1 million networks on the Internet, which has since proven to be not nearly enough. CIDR came along, eliminated the classes, and gave us subnets instead.

In CIDR notation, the value after the slash is commonly called the netmask, and indicates the number of bits that are dedicated to the network identifier, and how many bits are dedicated to the address on the network. Put more simply, the bigger the number after the slash, the fewer usable IP addresses on the network. In the context of a route, the IP address here is going to refer to a network identifier, and the whole CIDR string identifies that network and its size.

Back to my routing table, the two routes are a bit different. The first one uses the “via” term to indicate we use a gateway to reach the indicated network. That doesn’t make any sense on its own, as the 10.0.1.1 address is on the 0.0.0.0/0 network. The second route saves the day, indicating that the 10.0.1.0/24 network is directly reachable out the eth0 device. This works because the more specific route — the one with the bigger netmask value, takes precedence.

The next piece to understand is DHCP, the Dynamic Host Configuration Protocol. That’s the way most machines get an IP address from the local network. DHCP not only assigns IP addresses, but it also sets additional information via numeric options. Option 1 is the subnet mask, option 6 advertises DNS servers, and option 3 sets the local router IP. That router is then generally used to construct the default route on the connecting machine — 0.0.0.0/0 via router_IP.

Remember the problem with the gateway IP address belonging to the default network? There’s a similar issue with VPNs. If you want all traffic to flow over the VPN device, tun0, how does the VPN traffic get routed across the Internet to the VPN server? And how does the VPN deal with the existence of the default route set by DHCP? By leaving those routes in place, and adding more specific routes. That’s usually 0.0.0.0/1 and 128.0.0.0/1, neatly slicing the entire Internet into two networks, and routing both through the VPN. These routes are more specific than the default route, but leave the router-provided routes in place to keep the VPN itself online.

And now enter TunnelVision. The key here is DHCP option 121, which sets additional CIDR notation routes. The very same trick a VPN uses to override the network’s default route can be used against it. Yep, DHCP can simply inform a client that networks 0.0.0.0/2, 64.0.0.0/2, 128.0.0.0/2, and 192.0.0.0/2 are routed through malicious_IP. You’d see it if you actually checked your routing table, but how often does anybody do that, when not working a problem?

There is a CVE assigned, CVE-2024-3661, but there’s an interesting question raised: Is this a vulnerability, and in which component? And what’s the right solution? To the first question, everything is basically working the way it is supposed to. The flaw is that some VPNs make the assumption that a /1 route is a bulletproof way to override the default route. The solution is a bit trickier. Continue reading “This Week In Security: TunnelVision, Scarecrows, And Poutine”

Ask Hackaday: Do You Calibrate Your Instruments?

May 9, 2024 by 54 Comments

Like many of you, I have a bench full of electronic instruments. The newest is my Rigol oscilloscope, only a few years old, while the oldest is probably my RF signal generator that dates from some time in the early 1950s. Some of those instruments have been with me for decades, and have been crucial in the gestation of countless projects.

If I follow the manufacturer’s recommendations then just like that PAT tester I should have them calibrated frequently. This process involves sending them off to a specialised lab where their readings are compared to a standard and they are adjusted accordingly, and when they return I know I can trust their readings. It’s important if you work in an industry where everything must be verified, for example I’m certain the folks down the road at Airbus use meticulously calibrated instruments when making assemblies for their aircraft, because there is no room for error in a safety critical application at 20000 feet.

But on my bench? Not so much, nobody is likely to face danger if my frequency counter has drifted by a few Hz. Continue reading “Ask Hackaday: Do You Calibrate Your Instruments?”

FLOSS Weekly Episode 782: Nitric — In Search Of The Right Knob

May 8, 2024 by No comments

This week Jonathan Bennett and David Ruggles chat with Rak Siva and Steve Demchuck to talk about Nitric! That’s the Infrastructure from Code framework that makes it easy to use a cloud back-end in your code, using any of multiple providers, in multiple programming languages.

The group chatted about the role and form of good documentation, as well as whether a Contributor License Agreement is ever appropriate, and what a good CLA would actually look like. Don’t miss it!
Continue reading “FLOSS Weekly Episode 782: Nitric — In Search Of The Right Knob”

Displays We Love Hacking: LVDS And EDP

May 8, 2024 by 23 Comments

There are times when tiny displays no longer cut it. Whether you want to build a tablet or reuse some laptop displays, you will eventually deal with LVDS and eDP displays. To be more exact, these are displays that want you to use either LVDS or eDP signaling to send a picture.

Of the two, LVDS is the older standard for connecting displays, and eDP is the newer one. In fact, eDP has mostly replaced LVDS for things like laptop and tablet displays. Nevertheless, you will still encounter both of these in the wild, so let’s start with LVDS.

The name “LVDS” actually comes from the LVDS signaling standard (Low-Voltage Differential Signaling), which is a fairly generic data transfer standard over differential pairs, just like RS485. Using LVDS signaling for embedded display purposes is covered by a separate standard called FPD-Link, and when people say “LVDS”, what they’re actually talking about is FPD-Link. In this article, I will also use LVDS while actually talking about FPD-Link. Barely anyone uses FPD-Link except some datasheets, and I’ll use “LVDS” because that’s what people actually use. It’s just that you deserve to know the distinction so that you’re not confused when someone mentions LVDS when talking about, say, industrial machinery.

Both LVDS and eDP run at pretty high frequencies – they’re commonly used for color displays with pretty large resolutions, so speed can no longer be a constraint. eDP, as a successor technology, is a fair bit more capable, but LVDS doesn’t pull punches either – if you want to make a 1024 x 768 color LCD panel work, you will use LVDS, sometimes parallel RGB – at this point, SPI just won’t cut it. There’s a lot of overlap – and that’s because LVDS is basically parallel RGB, but serialized and put onto diffpairs. Let me show you how that happened, and why it’s cool.

Continue reading “Displays We Love Hacking: LVDS And EDP”

The 2024 Business Card Challenge Starts Now

May 7, 2024 by 22 Comments

If you want to make circuits for a living, what better way to impress a future employer than to hand them a piece of your work to take home? But even if you’re just hacking for fun, you can still turn your calling into your calling card.

We are inviting you to submit your coolest business card hacks for us all to admire, and the top three entries will win a $150 DigiKey shopping spree.  If your work can fit on a business card, create a project page for it over on Hackaday.io and enter it in the 2024 Business Card Contest. Share your tiny hacks!

To enter, create a project for your hacked business card over at Hackaday IO, and then enter it into the 2024 Business Card Challenge by selecting the pulldown on the left. It’s that easy.

Continue reading “The 2024 Business Card Challenge Starts Now”

Retrotechtacular: How Not To Use Hand Tools

May 6, 2024 by 48 Comments

Whatever you’re doing with your hand tools, by the US Army’s lights, you’re probably doing it wrong. That seems to be the “Green Machine’s” attitude on pliers and screwdrivers, at least, the main stars of this 1943 War Department training film on the horrors of tool abuse.

As kitschy as the film might be, they weren’t wrong. That’s especially true about the dreaded slip-joint pliers, which seem to find their way onto everyone’s list of unloved tools and are shown being used for their true purpose — turning nuts and bolt heads from hexagons into circles. Once that gore is wrapped up, we’re treated to the proper uses of pliers, including the fascinating Bernard-style parallel jaw pliers. We can recall these beauties kicking around the bottom of Dad’s tool kit and being entranced by the mechanism used to keep the jaws parallel and amplify the force applied. Sadly, those pliers are long gone now; Tubalcain did a great review of these pliers a few years back if you need a refresher.

A selection of screwdrivers gets the same treatment, complete with dire warnings against using them as prybars and chisels. Also against the Army Way is using the wrong size screwdriver for the job, lest you strip the head of the screw or break the tool itself. It has to be said that the Plomb Tool Company of Los Angeles, which produced the film, made some fantastic-looking screwdrivers back in the day. The square shanks on some of those straight screwdrivers are enormous, and the wooden handles look so much more comfortable than the greebled-up plastic nonsense manufacturers seem to favor these days. Also interesting is the reference to the new-fangled Phillips screw, not to mention the appearance of a Yankee-style spiral ratcheting screwdriver, another of Dad’s prized acquisitions that thankfully is still around to this day.

What strikes us about these military training films is how many of them were produced. No subject seemed too mundane to get a training film made about it, and so many were made that one is left wondering how there was any time left for soldiering after watching all these films. But really, it’s not much different today, when we routinely pull up a random YouTube video to get a quick visual demo of how to do something we’ve never tried before. The medium may have changed, but visual learning is still a thing.

Continue reading “Retrotechtacular: How Not To Use Hand Tools”