Hackaday Columns

4122 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Dating App, WooCommerce, And OpenSSH

July 21, 2023 by 4 Comments

Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort of database this was, or how exactly it was accessed. But the result is 2.3 million exposed records, containing email address, photos — sometimes explicit, and more. Apparently also exposed were server backups and logs.

The good news here is that once [Jeremiah Fowler] discovered the database door unlocked and hanging open, he made a disclosure, and the database was secured. We can only hope that it wasn’t discovered by any bad actors in the meantime. The app has now disappeared from the Google Play store, and had just a bit of a sketchy air about it.

WooCommerce Under Siege

Back in March, CVE-2023-28121 was fixed in the WooCommerce plugin for WordPress. The issue here is an authentication bypass that allows an unauthenticated user to commandeer other user accounts.

Within a few months, working exploits had been derived from the details of the patch plugging the hole. It wasn’t hard. A function for determining the current user was explicitly trusting the contents of the X-WCPAY-PLATFORM-CHECKOUT-USER request header. Set that value in a request sent to the server, and ding, you’re administrator.

And now the cows are coming home to roost. Active exploitation started in earnest on July 14, and the folks at Wordfence clocked a staggering 1.3 million exploitation attempts on the 16th. What’s particularly interesting is that the Wordfence data gathering system saw a huge increase in requests for the readme.txt file that indicates the presence of the WooCommerce plugin on a WordPress site. These requests were observed before the attacks got started, making for an interesting early warning system. Continue reading “This Week In Security: Dating App, WooCommerce, And OpenSSH”

TV Typewriter Remembered

July 20, 2023 by 22 Comments

With the recent passing of Don Lancaster, I took a minute to reflect on how far things have come in a pretty short period of time. If you somehow acquired a computer in the early 1970s, it was probably some discarded DEC, HP, or Data General machine. A few people built their own, but that was a stout project with no microprocessor chips readily available. When machines like the Mark-8 and, more famously, the Altair appeared, the number of people with a “home computer” swelled — relatively speaking — and it left a major problem: What kind of input/output device could you use?

An ad from Kilobaud offered you a ready-to-go, surely refurbished, ASR33 for $840

At work, you might have TeleType. Most of those were leased, and the price tag of a new one was somewhere around $1,000. Remember, too, that $1,000 in 1975 was a small fortune. Really lucky people had video terminals, but those were often well over $1,500, although Lear Siegler introduced one at the $1,000 price, and it became wildly successful. Snagging a used terminal was not very likely, and surplus TeleType equipment was likely of the 5-bit Baudot variety — not unusable, but not the terminal you really wanted.

A lot of the cost of a video terminal was the screen. Yet nearly everyone had a TV, and used TVs have always been fairly cheap, too. That’s where Don Lancaster came in. His TV Typewriter Cookbook was the bible for homebrew video displays. The design influenced the Apple 1 computer and spawned a successful kit for a company known as Southwest Technical Products. For around $300 or so, you could have a terminal that uses your TV for output. Continue reading “TV Typewriter Remembered”

Hackaday Prize 2023: Meet The Assistive Tech Finalists

July 19, 2023 by 8 Comments

If you’re still toiling away at your entry for the Gearing Up Challenge of the 2023 Hackaday Prize, don’t panic! No, you haven’t lost track of time — due to some technical difficulties we had to delay the final judging for the Assistive Tech Challenge that ended May 30th.

Today we’re pleased to announce that all the votes are in, and we’re ready to unveil the ten projects that our panel of judges felt best captured the spirit of this very important challenge. Each of these projects will take home $500 and move on to the final round of judging. There are few more noble pursuits than using your talents to help improve the lives of others, so although we could only pick ten finalists, we’d like to say a special thanks to everyone who entered this round.

Continue reading “Hackaday Prize 2023: Meet The Assistive Tech Finalists”

Discussing The Finer Points Of Space-Worthy Software

July 17, 2023 by 28 Comments

At the dawn of the Space Race, when computers were something that took up whole rooms, satellites and probes had to rely on analog electronics to read from their various sensors and transmit the resulting data to the ground. But it wasn’t long before humanity’s space ambitions outgrew these early systems, which lead to vast advancements in space-bound digital computers in support of NASA’s Gemini and Apollo programs. Today, building a spacecraft without an onboard computer (or even multiple redundant computers) is unheard of. Even the smallest of CubeSats is likely running Linux on a multi-core system.

Jacob Killelea

As such, software development has now become part an integral part of spacecraft design — from low-level code that’s responsible for firing off emergency systems to the 3D graphical touchscreen interfaces used by the crew to navigate the craft. But as you might expect, the stakes here are higher than any normal programming assignment. If your code locks up here on Earth, it’s an annoyance. If it locks up on a lunar lander seconds before it touches down on the surface, it could be the end of the mission.

To get a bit more insight into this fascinating corner of software development, we invited Jacob Killelea to host last week’s
Software for Satellites Hack Chat. Jacob is an engineer with a background in both aero and thermodynamics, control systems, and life support. He’s written code for spacecraft destined for the Moon, and perhaps most importantly, is an avid reader of Hackaday.

Continue reading “Discussing The Finer Points Of Space-Worthy Software”

Hackaday Links Column Banner

Hackaday Links: July 16, 2023

July 16, 2023 by 26 Comments

Last week, we noted an attempt to fix a hardware problem with software, which backfired pretty dramatically for Ford when they tried to counter the tendency for driveshafts to fall out of certain of their cars by automatically applying the electric parking brake.

This week, the story is a little different, but still illustrates how software and hardware can interact unpredictably, especially in the automotive space. The story centers on a 2015 Optima recall for a software update for the knock sensor detection system. We can’t find the specifics, but if this recall on a similar Kia model in the same model year range and a class-action lawsuit are any indication, the update looks like it would have made the KSDS more sensitive to worn connecting rod damage, and forced the car into “limp home mode” to limit damage to the engine if knocking is detected.

A clever solution to a mechanical problem? Perhaps, but because the Kia owner in the story claims not to have received the snail-mail recall notice, she got no warning when her bearings started wearing out. Result: a $6,000 bill for a new engine, which she was forced to cover out of pocket. Granted, this software fix isn’t quite as egregious as Ford’s workaround for weak driveshaft mounting bolts, and there may very well have been a lack of maintenance by the car’s owner. But if you’re a Kia mechanical engineer, wouldn’t your first instinct have been to fix the problem causing the rod bearings to wear out, rather than papering over the problem with software?

Continue reading “Hackaday Links: July 16, 2023”

Sweet Hacks

July 15, 2023 by 6 Comments

While talking about a solar powered portable Bluetooth speaker project on the podcast, I realized that I have a new category of favorite hacks: daily-use hacks.

If you read Hackaday long enough, you’ll start to categorize everything. There are the purely technical hacks, beautiful hacks, minimalist hacks, maximalist hacks, and then the straight-up oddball hacks. Sometimes what strikes us is the beauty of the execution. Sometimes it’s clever choice of parts that were designed to do exactly the right thing, and simply watching them do their job well is satisfying, and other times we like to see parts fooled into doing something they have no right to.

While I really like the above speaker build because it’s beautiful, and because it uses a clever choice of audio amplifier to work with the supercapacitors’ wild voltage swings, what really struck me about the project is that [Jamie Matthews] has been using it every day for the last nine months. It’s on his desk and he uses it to listen to music.

That’s a simple feat in a way, but it’s a powerful one. Some of my absolutely favorite projects of my own are similar – they are ones that I use all the time. Not the cliche “life hack”, which are usually like a clever way to peel a grapefruit, but rather hacks that become part of daily life. So look around you, and if you’re anything like me, you’ll find a number of these “daily driver” hacks. And if you do, celebrate them.

(And maybe even send ’em in to the tips line to share!)

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Ask Hackaday: Learn Assembly First, Last, Or Never?

July 14, 2023 by 153 Comments

A few days ago, I ran into an online post where someone pointed out the book “Learn to Program with Assembly” and asked if anyone had ever learned assembly language as a first programming language. I had to smile because, if you are a certain age, your first language may well have been assembly, even if it was assembly for machines that never existed.

Of course, that was a long time ago. It is more likely, these days, if you are over 40, you might have learned BASIC first. Go younger, and you start skewing towards Java, Javascript, or even C. It got me thinking, though: should people learn assembly, and if so, when?

Continue reading “Ask Hackaday: Learn Assembly First, Last, Or Never?”