Hackaday Columns

4554 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Embedded Python: MicroPython Toolkits

August 5, 2024 by 22 Comments

Last time, I talked about how MicroPython is powerful and deserving of a place in your toolkit, and it made for a lively discussion. I’m glad to see that overall, MicroPython has indeed been getting the recognition it deserves – I’ve built a large number of wonderful projects with it, and so have people I’ve shown it to!

Sometimes I see newcomers dissatisfied with MicroPython, because the helper tools they initially pick don’t suit it well. For instance, they try and start out with a regular serial terminal application that doesn’t fit the MicroPython constraints, or a general IDE that requires a fair bit of clicking around every time you need to run your code. In particular, I’d make sure that you know your options no matter whether you prefer GUI or commandline – both have seriously nice tools for MicroPython use!

The main problem to be solved with MicroPython is that you have a single serial port that everything happens through – both file upload and also debugging. For ESP8266/32-based boards, it’s a physical serial port, and for chips like RP2040 and ESP32-S* where a hardware USB peripheral is available, it’s a virtual one – which makes things harder because the virtual port might get re-enumerated every now and then, possibly surprising your terminal application. If you want to upload a program of yours, you need to free up the serial port, and to see the program’s output, you will need to reopen that port immediately after – not a convenient thing to do if you’re using something like PuTTy.

So, using MicroPython-friendly software is a must for a comfortable hacking experience. What are your options? Continue reading “Embedded Python: MicroPython Toolkits”

Hackaday Links Column Banner

Hackaday Links: August 4, 2024

August 4, 2024 by 8 Comments

Good news, bad news for Sun watchers this week, as our star launched a solar flare even bigger than the one back in May that gave us an amazing display of aurora that dipped down into pretty low latitudes. This was a big one; where the earlier outburst was only an X8.9 class, the one on July 23 was X14. That sure sounds powerful, but to put some numbers to it, the lower end of the X-class exceeds 10-4 W/m2 of soft X-rays. Numbers within the class designate a linear increase in power, so X2 is twice as powerful as X1. That means the recent X14 flare was about five times as powerful as the May flare that put on such a nice show for us. Of course, this all pales in comparison to the strongest flare of all time, a 2003 whopper that pegged the needle on satellite sensors at X17 but was later estimated at X45.

Continue reading “Hackaday Links: August 4, 2024”

How About Privacy and Hackability?

August 3, 2024 by 32 Comments

Many smart electric meters in the US use the 900 MHz band to broadcast their usage out to meter readers as they walk the neighborhood. [Jeff Sandberg] used an RTL-SDR dongle and some software to integrate this data into his own home automation system, which lets him keep track of his home’s power usage.

Half of the comment section was appalled that the meters broadcast this data in the clear, and these readers thought this data should be encrypted even if the reach is limited to the home-owner’s front yard. But that would have stopped [Jeff] from accessing his own data as well, and that would be a shame. So there’s clearly a tradeoff in play here.

We see this tradeoff in a lot of hardware devices as well – we want to be able to run our firmware on them, but we don’t want criminals to do the same. We want the smart device to work with the cloud service, but to also work with our own home automation system if we have one. And we want to be able to listen in to our smart meters, but don’t necessarily want others to do so.

The solution here is as easy as it is implausible that it will get implemented. If the smart meters transmitted encrypted, each with their own individual password, then everyone would win. The meter reader would have a database of passwords linked to meter serial numbers or addresses, and the home owner could just read it off of a sticker, optimally placed on each unit. Privacy and usability would be preserved.

This issue isn’t just limited to electric meters. Indeed, think of all of the data that is being sent out from or about you, and what percentage of it is not encrypted and should be, but also about what data is sent out encrypted that you could use access to. The solution is to put you in control of the encryption, by selecting a password or having access to one that’s set for you. Because after all, if it’s your data, it should be your data: private and usable.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 282: Saildrones, A New Classic Laptop, And SNES Cartridges Are More Than You Think

August 2, 2024 by 1 Comment

In this episode, the CrowdStrike fiasco has Hackaday Editors Elliot Williams and Tom Nardi pondering the fragility of our modern infrastructure. From there the discussion moves on to robotic sailboats, the evolving state of bespoke computers, and the unique capabilities of the Super Nintendo cartridge. You’ll also hear about cleaning paintings with lasers, the advantages of electronic word processors, stacking 3D printed parts, and the joys of a nice data visualization. They’ll wrap the episode up by marveling at the techniques required to repair undersea fiber optic cables, and the possibilities (and frustrations) of PCB panelization using multiple designs.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

As always, the Hackaday Podcast is available in DRM-free MP3 for offline listening.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 282: Saildrones, A New Classic Laptop, And SNES Cartridges Are More Than You Think”

This Week In Security: Echospoofing, Ransomware Records, And Github Attestations

August 2, 2024 by 5 Comments

It’s a bit of bitter irony, when a security product gets used maliciously, to pull off the exact attack it was designed to prevent. Enter Proofpoint, and the EchoSpoofing attack. Proofpoint offers an email security product, filtering spam and malicious incoming emails, and also handling SPF, DKIM, and DMARC headers on outgoing email. How does an external service provide those email authentication headers?

One of the cardinal sins of running an email server is to allow open relaying. That’s when anyone can forward email though an SMTP server without authentication. What we have here is two nearly open relays, that wound up with spoofed emails getting authenticated just like the real thing. The first offender is Microsoft’s Office365, which seems to completely skip checking for email spoofing when using SMTP relaying from an allowed IP address. This means a valid Office365 account allows sending emails as any address. The other half relies on the way Proofpoint works normally, accepting SMTP traffic from certain IP addresses, and adding the authentication headers to those emails. There’s an option in Proofpoint to add the Microsoft Office 365 servers to that list, and apparently quite a few companies simply select that option.

The end result is that a clever spammer can send millions of completely legitimate looking emails every day, that look very convincing even to sophisticated users. At six months of activity, averaging three millions emails a day, this campaign managed just over half a billion malicious emails from multiple high-profile domains.

The good news here is that Proofpoint and Guardio discovered the scheme, and worked with Microsoft to develop the X-OriginatorOrg header that is now applied to every email sent from or through the Office365 servers. This header marks the account tenant the email belongs to, giving vendors like Proofpoint a simple way to determine email validity. Continue reading “This Week In Security: Echospoofing, Ransomware Records, And Github Attestations”

Programming Ada: Implementing The Lock-Free Ring Buffer

August 1, 2024 by 20 Comments

In the previous article we looked at designing a lock-free ring buffer (LFRB) in Ada, contrasting and comparing it with the C++-based version which it is based on, and highlighting the Ada way of doing things. In this article we’ll cover implementing the LFRB, including the data request task that the LFRB will be using to fill the buffer with. Accompanying the LFRB is a test driver, which will allow us to not only demonstrate the usage of the LFRB, but also to verify the correctness of the code.

This test driver is uncomplicated: in the main task it sets up the LFRB with a 20 byte buffer, after which it begins to read 8 byte sections. This will trigger the LFRB to begin requesting data from the data request task, with this data request task setting an end-of-file (EoF) state after writing 100 bytes. The main task will keep reading 8-byte chunks until the LFRB is empty. It will also compare the read byte values with the expected value, being the value range of 0 to 99.

Continue reading “Programming Ada: Implementing The Lock-Free Ring Buffer”

FLOSS Weekly Episode 794: Release Them All With JReleaser

July 31, 2024 by No comments

This week Jonathan Bennett and Katherine Druckman chat with Andres Almiray about JReleaser, the Java release automation tool that’s for more than just Java, and more than just releases. What was the original inspiration for the tool? And how does JReleaser help avoid a string of commits trying to fix GitHub Actions? Listen to find out!

Continue reading “FLOSS Weekly Episode 794: Release Them All With JReleaser”