Hackaday Columns

4559 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Institutional Memory, On Paper

May 11, 2024 by 18 Comments

Our own Dan Maloney has been on a Voyager kick for the past couple of years. Voyager, the space probe. As a long-term project, he has been trying to figure out the computer systems on board. He got far enough to write up a great overview piece, and it’s a pretty good summary of what we know these days. But along the way, he stumbled on a couple old documents that would answer a lot of questions.

Dan asked JPL if they had them, and the answer was “no”. Oddly enough, the very people who are involved in the epic save a couple weeks ago would also like a copy. So when Dan tracked the document down to a paper-only collection at Wichita State University, he thought he had won, but the whole box is stashed away as the library undergoes construction.

That box, and a couple of its neighbors, appear to have a treasure trove of documentation about the Voyagers, and it may even be one-of-a-kind. So in the comments, a number of people have volunteered to help the effort, but I think we’re all just going to have to wait until the library is open for business again. In this age of everything-online, everything-scanned-in, it’s amazing to believe that documents about the world’s furthest-flown space probe wouldn’t be available, but so it is!

It makes you wonder how many other similar documents – products of serious work by the people responsible for designing the systems and machines that shaped our world – are out there in the dark somewhere. History can’t capture everything, and it’s down to our collective good judgement in the end. So if you find yourself in a position to shed light on, or scan, such old papers, please do! And then contact some nerd institution like the Internet Archive or the Computer History Museum.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 270: A Cluster Of Microcontrollers, A Rocket Engine From Scratch, And A Look Inside Voyager

May 10, 2024 by No comments

Join Hackaday Editors Elliot Williams and Tom Nardi as they get excited over the pocket-sized possibilities of the recently announced 2024 Business Card Challenge, and once again discuss their picks for the most interesting stories and hacks from the last week. There’s cheap microcontrollers in highly parallel applications, a library that can easily unlock the world of Bluetooth input devices in your next project, some gorgeous custom flight simulator buttons that would class up any front panel, and an incredible behind the scenes look at how a New Space company designs a rocket engine from the ground up.

Stick around to hear about the latest 3D printed gadget that all the cool kids are fidgeting around with, a brain-computer interface development board for the Arduino, and a WWII-era lesson on how NOT to use hand tools. Finally, learn how veteran Hackaday writer Dan Maloney might have inadvertently kicked off a community effort to digitize rare documentation for NASA’s Voyager spacecraft.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download your very own copy of the podcast right about here.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 270: A Cluster Of Microcontrollers, A Rocket Engine From Scratch, And A Look Inside Voyager”

This Week In Security: TunnelVision, Scarecrows, And Poutine

May 10, 2024 by 9 Comments

There’s a clever “new” attack against VPNs, called TunnelVision, done by researchers at Leviathan Security. To explain why we put “new” in quotation marks, I’ll just share my note-to-self on this one written before reading the write-up: “Doesn’t using a more specific DHCP route do this already?” And indeed, that’s the secret here: in routing, the more specific route wins. I could not have told you that DHCP option 121 is used to set extra static routes, so that part was new to me. So let’s break this down a bit, for those that haven’t spent the last 20 years thinking about DHCP, networking, and VPNs.

So up first, a route is a collection of values that instruct your computer how to reach a given IP address, and the set of routes on a computer is the routing table. On one of my machines, the (slightly simplified) routing table looks like:

# ip route
default via 10.0.1.1 dev eth0
10.0.1.0/24 dev eth0

The first line there is the default route, where “default” is a short-hand for 0.0.0.0/0. That indicate a network using the Classless Inter-Domain Routing (CIDR) notation. When the Internet was first developed, it was segmented into networks using network classes A, B, and C. The problem there was that the world was limited to just over 2.1 million networks on the Internet, which has since proven to be not nearly enough. CIDR came along, eliminated the classes, and gave us subnets instead.

In CIDR notation, the value after the slash is commonly called the netmask, and indicates the number of bits that are dedicated to the network identifier, and how many bits are dedicated to the address on the network. Put more simply, the bigger the number after the slash, the fewer usable IP addresses on the network. In the context of a route, the IP address here is going to refer to a network identifier, and the whole CIDR string identifies that network and its size.

Back to my routing table, the two routes are a bit different. The first one uses the “via” term to indicate we use a gateway to reach the indicated network. That doesn’t make any sense on its own, as the 10.0.1.1 address is on the 0.0.0.0/0 network. The second route saves the day, indicating that the 10.0.1.0/24 network is directly reachable out the eth0 device. This works because the more specific route — the one with the bigger netmask value, takes precedence.

The next piece to understand is DHCP, the Dynamic Host Configuration Protocol. That’s the way most machines get an IP address from the local network. DHCP not only assigns IP addresses, but it also sets additional information via numeric options. Option 1 is the subnet mask, option 6 advertises DNS servers, and option 3 sets the local router IP. That router is then generally used to construct the default route on the connecting machine — 0.0.0.0/0 via router_IP.

Remember the problem with the gateway IP address belonging to the default network? There’s a similar issue with VPNs. If you want all traffic to flow over the VPN device, tun0, how does the VPN traffic get routed across the Internet to the VPN server? And how does the VPN deal with the existence of the default route set by DHCP? By leaving those routes in place, and adding more specific routes. That’s usually 0.0.0.0/1 and 128.0.0.0/1, neatly slicing the entire Internet into two networks, and routing both through the VPN. These routes are more specific than the default route, but leave the router-provided routes in place to keep the VPN itself online.

And now enter TunnelVision. The key here is DHCP option 121, which sets additional CIDR notation routes. The very same trick a VPN uses to override the network’s default route can be used against it. Yep, DHCP can simply inform a client that networks 0.0.0.0/2, 64.0.0.0/2, 128.0.0.0/2, and 192.0.0.0/2 are routed through malicious_IP. You’d see it if you actually checked your routing table, but how often does anybody do that, when not working a problem?

There is a CVE assigned, CVE-2024-3661, but there’s an interesting question raised: Is this a vulnerability, and in which component? And what’s the right solution? To the first question, everything is basically working the way it is supposed to. The flaw is that some VPNs make the assumption that a /1 route is a bulletproof way to override the default route. The solution is a bit trickier. Continue reading “This Week In Security: TunnelVision, Scarecrows, And Poutine”

Ask Hackaday: Do You Calibrate Your Instruments?

May 9, 2024 by 54 Comments

Like many of you, I have a bench full of electronic instruments. The newest is my Rigol oscilloscope, only a few years old, while the oldest is probably my RF signal generator that dates from some time in the early 1950s. Some of those instruments have been with me for decades, and have been crucial in the gestation of countless projects.

If I follow the manufacturer’s recommendations then just like that PAT tester I should have them calibrated frequently. This process involves sending them off to a specialised lab where their readings are compared to a standard and they are adjusted accordingly, and when they return I know I can trust their readings. It’s important if you work in an industry where everything must be verified, for example I’m certain the folks down the road at Airbus use meticulously calibrated instruments when making assemblies for their aircraft, because there is no room for error in a safety critical application at 20000 feet.

But on my bench? Not so much, nobody is likely to face danger if my frequency counter has drifted by a few Hz. Continue reading “Ask Hackaday: Do You Calibrate Your Instruments?”

FLOSS Weekly Episode 782: Nitric — In Search Of The Right Knob

May 8, 2024 by No comments

This week Jonathan Bennett and David Ruggles chat with Rak Siva and Steve Demchuck to talk about Nitric! That’s the Infrastructure from Code framework that makes it easy to use a cloud back-end in your code, using any of multiple providers, in multiple programming languages.

The group chatted about the role and form of good documentation, as well as whether a Contributor License Agreement is ever appropriate, and what a good CLA would actually look like. Don’t miss it!
Continue reading “FLOSS Weekly Episode 782: Nitric — In Search Of The Right Knob”

Displays We Love Hacking: LVDS And EDP

May 8, 2024 by 23 Comments

There are times when tiny displays no longer cut it. Whether you want to build a tablet or reuse some laptop displays, you will eventually deal with LVDS and eDP displays. To be more exact, these are displays that want you to use either LVDS or eDP signaling to send a picture.

Of the two, LVDS is the older standard for connecting displays, and eDP is the newer one. In fact, eDP has mostly replaced LVDS for things like laptop and tablet displays. Nevertheless, you will still encounter both of these in the wild, so let’s start with LVDS.

The name “LVDS” actually comes from the LVDS signaling standard (Low-Voltage Differential Signaling), which is a fairly generic data transfer standard over differential pairs, just like RS485. Using LVDS signaling for embedded display purposes is covered by a separate standard called FPD-Link, and when people say “LVDS”, what they’re actually talking about is FPD-Link. In this article, I will also use LVDS while actually talking about FPD-Link. Barely anyone uses FPD-Link except some datasheets, and I’ll use “LVDS” because that’s what people actually use. It’s just that you deserve to know the distinction so that you’re not confused when someone mentions LVDS when talking about, say, industrial machinery.

Both LVDS and eDP run at pretty high frequencies – they’re commonly used for color displays with pretty large resolutions, so speed can no longer be a constraint. eDP, as a successor technology, is a fair bit more capable, but LVDS doesn’t pull punches either – if you want to make a 1024 x 768 color LCD panel work, you will use LVDS, sometimes parallel RGB – at this point, SPI just won’t cut it. There’s a lot of overlap – and that’s because LVDS is basically parallel RGB, but serialized and put onto diffpairs. Let me show you how that happened, and why it’s cool.

Continue reading “Displays We Love Hacking: LVDS And EDP”

The 2024 Business Card Challenge Starts Now

May 7, 2024 by 22 Comments

If you want to make circuits for a living, what better way to impress a future employer than to hand them a piece of your work to take home? But even if you’re just hacking for fun, you can still turn your calling into your calling card.

We are inviting you to submit your coolest business card hacks for us all to admire, and the top three entries will win a $150 DigiKey shopping spree.  If your work can fit on a business card, create a project page for it over on Hackaday.io and enter it in the 2024 Business Card Contest. Share your tiny hacks!

To enter, create a project for your hacked business card over at Hackaday IO, and then enter it into the 2024 Business Card Challenge by selecting the pulldown on the left. It’s that easy.

Continue reading “The 2024 Business Card Challenge Starts Now”