Hackaday Columns

3973 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast Episode 265: Behind The Epic SSH Hack, 1980s Cyber Butler, The Story Of Season 7

April 5, 2024 by No comments

This week, Editor-in-Chief Elliot Williams and Kristina Panos convened once again to give the lowdown on this week’s best hacks. First up in the news — it’s giga-sunset time for Gigaset IoT devices, which simultaneously became paperweights on March 29th. And all that Flipper Zero panic? It has spread to Australia, but still remains exactly that: panic.

Then it’s on to What’s That Sound. Kristina failed again, although she was in the right neighborhood. Can you get it? Can you figure it out? Can you guess what’s making that sound? If you can, and your number comes up, you get a special Hackaday Podcast t-shirt.

Then it’s on to the hacks, beginning with the terrifying news of an xz backdoor. From there, we marvel at a 1980s ‘butler in a box’ — a voice-activated home automation system — and at the idea of LoRa transmissions without a radio. Finally, we discuss why you don’t want to piss off Trekkies, and whether AI has any place in tech support.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 265: Behind The Epic SSH Hack, 1980s Cyber Butler, The Story Of Season 7”

This Week In Security: XZ, ATT, And Letters Of Marque

April 5, 2024 by 11 Comments

The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, and we have a much better idea of what the injected payload does.

One of the first findings to note is that the backdoor doesn’t allow a user to log in over SSH. Instead, when an SSH request is signed with the right authentication key, one of the certificate fields is decoded and executed via a system() call. And this makes perfect sense. An SSH login leaves an audit trail, while this backdoor is obviously intended to be silent and secret.

It’s interesting to note that this code made use of both autotools macros, and the GNU ifunc, or Indirect FUNCtions. That’s the nifty feature where a binary can include different versions of a function, each optimized for a different processor instruction set. The right version of the function gets called at runtime. Or in this case, the malicious version of that function gets hooked in to execution by a malicious library. Continue reading “This Week In Security: XZ, ATT, And Letters Of Marque”

Ultimate Power: Lithium-Ion Batteries In Series

April 4, 2024 by 52 Comments

At some point, the 3.6 V of a single lithium ion battery just won’t do, and you’ll absolutely want to stack LiIon cells in series. When you need high power, you’ve either got to increase voltage or current, and currents above say 10 A require significantly beefed up components. This is how you’re able to charge your laptop from your USB-C powerbank, for instance.

Or maybe you just need higher voltages, and don’t feel like using a step-up converter, which brings along with it some level of inefficiency. Whatever your reasons, it’s time to put some cells into series. Continue reading “Ultimate Power: Lithium-Ion Batteries In Series”

FLOSS Weekly Episode 777: Asterisk — Wait, Faxes?

April 3, 2024 by 9 Comments

This week Jonathan Bennett and David Ruggles sit down with Joshua Colp to talk about Asterisk! That’s the Open Source phone system software you already interact with without realizing it. It started as a side project to run the phones for Linux Support Services, and it turned out working on phone systems was more fun than supporting Linux. The project grew, and in the years since has landed at Sangoma, where Joshua holds the title of Asterisk Project Lead.

Asterisk is used in call centers, business phone systems, and telecom appliances around the world. But how does it handle faxes, WebRTC, and stopping spam calls? Just kidding on that last one, still an unsolved problem.

Continue reading “FLOSS Weekly Episode 777: Asterisk — Wait, Faxes?”

PCB Design Review: Tinysparrow, A Module For CAN Hacking Needs

April 3, 2024 by 21 Comments

I enjoy seeing modules that can make designing other devices easier, and when I did a call for design reviews, [enp6s0] has submitted one such board to us. It’s a module called TinySparrow (GitHub), that helps you build your own vehicle ECUs and any other CAN-enabled things. With a microcontroller, plenty of GPIOs, a linear regulator and a CAN transceiver already onboard, this board has more than enough kick for anyone in hobbyist-range automotive space – and it’s surprisingly tiny!

You could build a lot of things around this module – a CAN bus analyzer or sniffer, a custom peripheral for car dashes, or even a full-blown ECU. You can even design any hardware for a robot or a piece of industrial technology that uses CAN for its backbone – we’ve all seen a few of those! It’s a great board, but it uses six layers. We’ll see if we can do something about that here.

Modules like TinySparrow will make your PCBs cheaper while ordering, too! Thanks to the carefully routed microcontroller and the CAN transmitter, whatever board you design around this chip definitely wouldn’t need six layers like this one does – and, unlike designing your own board, you can use someone’s well-tested and tailored libraries and reference circuits!

With TinySparrow, you save a lot of time, effort and money whenever you want to design a car or industrial accessory. After looking at the board files, my proposal for helping today’s board is – like last time – to make its production cheaper, so that more people can get this board into their hands if the creator ever does try and manufacture it. I also have some tips to make future improvements on this design easier, and make it more friendly for its userbase.

Continue reading “PCB Design Review: Tinysparrow, A Module For CAN Hacking Needs”

Giant Sails Actually Help Cargo Ships Save Fuel, And The Planet In Turn

April 2, 2024 by 81 Comments

Shipping is not a clean business. The global economy is fueled by trade, and much of that trade involves hauling product from point A to point B. A great deal of that product goes by water. Shipping it around uses a great deal of fuel, and creates a great deal of greenhouse gas emissions. It’s bad for the environment, and it’s costly for shipping companies.

Any gain in efficiency can be an edge in this regard, and beneficial for the planet to boot. Now, it appears that good old fashioned sails  might just be the tool that companies need to clean up their fleets. And it’s not some theory—real world numbers back it up!

Where The Wind Takes You

Sea transport has been branded as a significant contributor to global greenhouse gas emissions, accounting for about 3% of the total. Shipping companies in turn are under increasing pressure to innovate and adapt, both for the good of the planet and their own coffers. It’s perhaps a small blessing that saving fuel and slashing emissions go hand in hand, and companies are desperate for any technology that can deliver on those goals.

Enter the WindWings, a revolutionary “wind assisted propulsion” concept developed by BAR Technologies. In partnership with ocean freight firm Cargill, these radical sails were installed aboard the Pyxis Ocean, a Kamsarmax bulk carrier chartered from Mitsubishi. These aren’t the canvas and rope constructs of yore . Instead, they’re a set of towering metal sails that stand 123 feet tall, designed to harness the wind’s power and propel the massive bulk carrier across the oceans. Continue reading “Giant Sails Actually Help Cargo Ships Save Fuel, And The Planet In Turn”

How Star Trek Breached The Defences Of A Major Broadcaster

April 1, 2024 by 39 Comments

Back in 2020 in the brief lull between COVID lockdowns in the UK, I found myself abruptly on the move, with a very short time indeed to move my possessions into storage. As I was going through the accumulated electronic detritus of over four decades, I happened upon a grey box with some wires hanging out of it, and more than a few memories. This was a Sky VideoCrypt decoder, and the wires were part of the so-called “Season” interface to attach it to the serial port of a PC. It had this modification in the hope of catching some unauthorised free satellite TV, and in its day this particular hack caused some headaches for the broadcaster.

When More Than 4 Channels Was A Novelty

Patrick Stewart, as Captain Jean-Luc Picard. Composite image, via Wikimedia commons.
Break encryption? This man can make it so. Stefan Kühn, CC BY-SA 3.0.

In the 1980s and early 1990s, there was very little in the way of digital broadcasting on either satellites or terrestrial networks, almost everything on TV was sent out as standard definition analogue video. The four terrestrial channels where I grew up were all free-to-air, and if you had a satellite dish you could point it at any one of a variety of satellites and receive more free-to-air channels if you didn’t mind most of them being in German. Premium satellite programming was encrypted though, either through a range of proprietary analogue schemes, or for the British broadcaster Sky’s offering, through their VideoCrypt system. This used a 64 kB buffer to store each line of video, and rotate it round any one of 256 points along its length, resulting in an unintelligible picture.

Sky was the UK’s big gorilla of premium broadcasters, a role they kept for many years, and which was only eroded by the advent of streaming services. As such they snapped up exclusive first access to much of the most desirable content of the day, restricting it to only their British pay-to-subscribe customers. A viewer in the UK who grumbled about Star Trek Next Generation not being on the BBC could at least cough up for Sky, but if they didn’t have a British address they were out of luck. It was in this commercial decision, whether it was based upon business or on licensing, that Sky unwittingly sowed the seeds of Videocrypt’s demise.

 

Continue reading “How Star Trek Breached The Defences Of A Major Broadcaster”