Hardware: It’s Made Of Software!

December 23, 2023 by Elliot Williams 17 Comments

We had the opportunity to add a new feature to our lineup: the FLOSS Weekly podcast. It’s a very long running series that covers the goings on in the free, libre, and open-source software world. It’s been co-hosted by our own [Jonathan Bennett] for quite a while now, and when This Week in Tech announced that they wanted to cancel it, [Jonathan] asked if he could keep it running over here at Hackaday.

Hackaday is hardware, though. Why would we be hosting a podcast on open software? It’s no secret that a bunch of us are open-source software fans in general here at Hackaday, but take a quick inventory of the various open projects that you use to make and hack your hardware. We use open-source compilers, libraries, and flashing tools to handle the firmware we write on open-source text editors. Heck, half of the time we even program microcontrollers in the open-source MicroPython. We design PCBs in the open-source KiCAD, do CAD/CAM in FreeCAD, and don’t even get me started in the open-source software and firmware underlying the entire 3D printing ecology. Reverse engineering? Free software, from Wireshark straight through to Ghidra.

All of this is to say, that even while we’re making or breaking hardware, we’re using open-source software to do it. So, if you’re interested in peeking behind the curtain, give the FLOSS Weekly a listen.

Hackaday Podcast Episode 249: Data By Laser And Parachute, Bluetooth Hacks, Google’s Gotta Google

December 22, 2023 by Tom Nardi 6 Comments

‘Twas the podcast before Christmas, and all through the house, the best hacks of the week are dancing around Elliot and Tom’s heads like sugar-plums. Whatever that means.

I’d just like to interject for a moment. What you’re referring to as Christmas is, in fact, Happy/Holidays.

Before settling their brains in for a long winter’s nap, they’ll talk about the open source software podcast that now calls Hackaday home, the latest firmware developments for Google’s Stadia controller, high-definition cat videos from space, and upgrades for the surprisingly old-school battery tech that powers the Toyota Prius.

Out on the lawn, expect a clatter about the the state-of-the-art in DIY camera technology, the acoustic properties of hot chocolate, and a storage media from the 1990s that even Al Williams had never heard of.

Finally, after tearing open the shutters and throwing up the sash, the episode wraps up with a discussion about wiring techniques that let you leave the soldering iron at home, and the newest chapter in the long history of transferring data via parachute. Miniature sleigh and eight tiny reindeer sold separately.

Download the gift you really want this year: this week’s podcast in DRM-free MP3.

Continue reading “Hackaday Podcast Episode 249: Data By Laser And Parachute, Bluetooth Hacks, Google’s Gotta Google” →

This Week In Security: Terrapin, Seized Unseized, And Autospill

December 22, 2023 by Jonathan Bennett 5 Comments

There’s a new SSH vulnerability, Terrapin (pdf paper), and it’s got the potential to be nasty — but only in an extremely limited circumstance. To understand the problem, we have to understand what SSH is designed to do. It replaces telnet as a tool to get a command line shell on a remote computer. Telnet send all that text in the clear, but SSH wraps it all inside a public-key encrypted tunnel. It was designed to safely negotiate an unfriendly network, which is why SSH clients are so explicit about accepting new keys, and alerting when a key has changed.

SSH uses a sequence counter to detect Man-in-the-Middle (MitM) shenanigans like packet deletion, replay, or reordering. That sequence isn’t actually included in the packet, but is used as part of the Message Authentication Check (MAC) of several encryption modes. This means that if a packet is removed from the encrypted tunnel, the MAC fails on the rest of the packets, triggering a complete connection reset. This sequence actually starts at zero, with the first unencrypted packet sent after the version banners are exchanged. In theory, this means that an attacker fiddling with packets in the pre-encryption phase will invalidate the entire connection as well. There’s just one problem.

The innovation from the Terrapin researchers is that an attacker with MitM access to the connection can insert a number of benign messages in the pre-encryption phase, and then silently drop the first number of messages in the encrypted phase. Just a little TCP sequence rewriting for any messages between, and neither the server nor client can detect the deception. It’s a really interesting trick — but what can we do with it?

For most SSH implementations, not much. The 9.6 release of OpenSSH addresses the bug, calling it cryptographically novel, but noting that the actual impact is limited to disabling some of the timing obfuscation features added to release 9.5.

Continue reading “This Week In Security: Terrapin, Seized Unseized, And Autospill” →

Displays We Love Hacking: SPI And I2C

December 21, 2023 by Arya Voronova 17 Comments

I’ve talked about HD44780 displays before – they’ve been a mainstay of microcontroller projects for literal decades. In the modern hobbyist world, there’s an elephant in the room – the sheer variety of I2C and SPI displays you can buy. They’re all so different, some are LCD and some are OLED, some have a touchscreen layer and some don’t, some come on breakouts and some are a bare panel. No matter which one you pick, there are things you deserve to know.

These displays are exceptionally microcontroller-friendly, they require hardly any GPIOs, or none extra if you already use I2C. They’re also unbelievably cheap, and so tiny that you can comfortably add one even if you’re hurting for space. Sure, they require more RAM and a more sophisticated software library than HD44780, but with modern microcontrollers, this is no problem at all. As a result, you will see them in almost every project under the sun.

What do you need for those? What are the requirements to operate one? What kind of tricks can you use with them? Let’s go through the main aspects.

Continue reading “Displays We Love Hacking: SPI And I2C” →

FLOSS Weekly Episode 762: Spilling The Tea

December 20, 2023 by Jonathan Bennett 8 Comments

Editor’s Note: We’re excited to announce that Hackaday is the new home of FLOSS Weekly, a long-running podcast about free, libre, and open-source software! The TWiT network hosted the podcast for an incredible seventeen years, but due to some changes on their end, they recently had to wind things down. They were gracious enough to let us pick up the torch, with Jonathan Bennett now taking over hosting duties.

Tune in every Wednesday for a new episode, featuring interviews with developers and project leaders, coverage of the free/libre software you use everyday (maybe without even knowing it), and the latest Open Source news.

This week Jonathan Bennett and Simon Phipps talk with Neal Gompa of Fedora, CentOS, openSUSE and more. The conversation starts off with asking Neal how he went from working on a minor project 11 years ago, to being the lead of KDE on Fedora. How does a company properly sponsor Open Source development? Neal speaks from his experience at Red Hat and other places, to give some really interesting answers.

The crew move on to what happened at Red Hat with CentOS, and why just maybe it was a good thing. Is the age of a company a good indicator of how they will treat Open Source? Is CentOS Stream the best thing to happen to Red Hat Enterprise Linux? What was it like to be at Red Hat during that time? How does a company manage the tension between sales and engineering? We cover this and more!

Continue reading “FLOSS Weekly Episode 762: Spilling The Tea” →

Animated gif of large 1950s computer spitting out a sheet of paper.

Retrotechtacular: 1960s Doc Calls Computers The Universal Machine

December 20, 2023 by Drew Littrell 5 Comments

It’s weird to think that an abacus would have still been used sixty years ago, or so posits the documentary series The Computer and the Mind of Man. This six part series originally aired on San Francisco local television station KQED in 1962, a time where few people outside of academia had even stood next to such a device.

Episode 3 titled “The Universal Machine” was dedicated to teaching the public how a computer can enhance every type of business provided humans can sufficiently describe it in coded logic. Though mainly filtered through IBM’s perspective as the company was responsible for funding the set of films; learning how experts of the time contextualized the computer’s potential was illuminating.

Continue reading “Retrotechtacular: 1960s Doc Calls Computers The Universal Machine” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With All The LEGO

December 20, 2023 by Kristina Panos 3 Comments

It seems like mechanical keyboard enthusiasts are more spoiled for choice with each passing day. But as broad as the open source pool has become, there’s still no perfect keyboard for everyone. So, as people innovate toward their own personal endgame peripherals and make them open source, the pool just grows and grows.

This beautiful addition to the glittering pool — [Bo Yao]’s Carpenter Tau keyboard — is meant to provide an elegant option at a particular intersection where no keyboards currently exist — the holy trinity of open source, programmable, and tri-mode connectivity: wired, Bluetooth, and 2.4 GHz.

Come for the lovely wooden everything, and stay for the in-depth logs as [Bo Yao] introduces the project and its roots, reviews various options for the controller, discusses the manufacture of the wooden parts, and creates the schematic for the 61-key version. Don’t want to build one yourself? It’ll be on Crowd Supply soon enough.

Continue reading “Keebin’ With Kristina: The One With All The LEGO” →