This Week In Security: Blast-RADIUS, Gitlab, And Plormbing

July 12, 2024 by Jonathan Bennett 6 Comments

The RADIUS authentication scheme, short for “Remote Authentication Dial-In User Service”, has been widely deployed for user authentication in all sorts of scenarios. It’s a bit odd, in that individual users authenticate to a “RADIUS Client”, sometimes called a Network Access Server (NAS). In response to an authentication request, a NAS packages up the authentication details, and sends it to a central RADIUS server for verification. The server then sends back a judgement on the authentication request, and if successful the user is authenticated to the NAS/client.

The scheme was updated to its current form in 1994, back when MD5 was considered a cryptographically good hash. It’s been demonstrated that MD5 has problems, most notably a chosen-prefix collision attack demonstrated in 2007. The basis of this collision attack is that given two arbitrary messages, it is possible to find a pair of values that, when appended to the end of those messages, result in matching md5 hashes for each combined message. It turns out this is directly applicable to RADIUS.
Continue reading “This Week In Security: Blast-RADIUS, Gitlab, And Plormbing” →

FLOSS Weekly Episode 791: It’s All About Me!

July 10, 2024 by Jonathan Bennett 1 Comment

This week David Ruggles chats with Jonathan Bennett about his origin story! What early core memory does Jonathan pin his lifelong computer hobby on? And how was a tense meeting instrumental to Jonathan’s life outlook? And how did Jonathan manage to score a squashable brain toy from an equipment manufacturer? Watch the whole show to find out!

Continue reading “FLOSS Weekly Episode 791: It’s All About Me!” →

Supercon 2023: Why More Hackers Should Earn Their Wings

July 10, 2024 by Tom Nardi 14 Comments

Hacking has taken on many different meanings over the years, but if you’re here reading these words, we’ll assume your definition is pretty close to ours. To hack is to explore and learn, to find new and (hopefully) better ways of doing things. Or at least, that’s part of it. The other part is to then take what you learned and share it with others. Do that enough, and soon you’ll find yourself part of a community of like-minded individuals — which is where things really start getting interesting.

Here at Hackaday the objects of our attention are, with the occasional exception, electronic devices of some sort or another. Perhaps an old piece of gear that needs a modern brain transplant, or a misbehaving consumer gadget that could benefit from the addition of an open source firmware. But just as there are different ways to interpret the act of hacking, there’s plenty of wiggle room when it comes to what you can hack on.

In his talk during the 2023 Hackaday Supercon, Tom Mloduchowski makes the case that more hackers should be getting involved with aviation. No, we’re not talking about flying drones, though he does cover that during the presentation. This is the real deal. Whether you want to take a quick joyride in a small plane, become a professional pilot, or even build and operate your own experimental aircraft, this talk covers it all.

Continue reading “Supercon 2023: Why More Hackers Should Earn Their Wings” →

Supercon Call For Proposals Extended: July 16th

July 9, 2024 by Elliot Williams 4 Comments

Ever since the first Supercon, people have submitted talk proposals at the very last minute, and some even in the minutes after the last minute. We know how it is – we are fully licensed procrastineers ourselves. So with an eye toward tradition, we’re extending the Call for Speakers and the Call for Workshops one more week, until July 16th.

The Hackaday Superconference is really and truly our favorite event of the year. It’s small, but not too small. The ideas everyone brings with them, however, are big. It’s like the absolute best of Hackaday live and in person. If you’re looking for a place to give a technical talk, or just to regale us all with the trials and triumphs of hacking, you won’t find a more receptive audience anywhere. Plus, presenters get in free.

In other news, [Voja] has an alpha version of the badge finished, so all that’s left is 90% of the work disguised as 10%. Some people have asked for clues, and what we’ll say at this point is that “Simple Add Ons have underutilized I2C pins”.

Expect tickets to go on sale in the next weeks – early bird tickets sell out fast. Keep your eyes on Hackaday for the announcement post when it goes live. Or, you can skip straight to the front of the line by giving a talk. But you can’t give a talk if you don’t submit your proposal first. Get on it now, because we’re not going to extend the CFP twice!

Hack All The Things, Get All The Schematics

July 8, 2024 by Arya Voronova 32 Comments

When I was growing up, about 4 or 5 years old, I had an unorthodox favourite type of reading material: service manuals for my dad’s audio equipment. This got to the point that I kept asking my parents for more service manuals, and it became a running joke in our family for a bit. Since then, I’ve spent time repairing tech and laptops in particular as a way of earning money, hanging out at a flea market in the tech section, then spending tons of time at our hackerspace. Nowadays, I’m active in online hacker groups, and I have built series of projects closely interlinked with modern-day consumer-facing tech.

Twenty three years later, is it a wonder I have a soft spot in my heart for schematics? You might not realize this if you’re only upcoming in the hardware hacking scene, but device schematics, whichever way you get them, are a goldmine of information you can use to supercharge your projects, whether you’re hacking on the schematic-ed device itself or not. What’s funny is, not every company wants their schematics to be published, but it’s ultimately helpful for the company in question, anyway.

If you think it’s just about repair – it’s that, sure, but there’s also a number of other things you might’ve never imagined you can do. Still, repair is the most popular one.
Continue reading “Hack All The Things, Get All The Schematics” →

Hackaday Links: July 7, 2024

July 7, 2024 by Dan Maloney 7 Comments

Begun, the Spectrum Wars have. First, it was AM radio getting the shaft (last item) and being yanked out of cars for the supposed impossibility of peaceful coexistence with ~~rolling broadband EMI generators~~ EVs. That battle has gone back and forth for the last year or two here in the US, with lawmakers even getting involved at one point (first item) by threatening legislation to make terrestrial AM radio available in every car sold. We’re honestly not sure where it stands now in the US, but now the Swiss seem to be entering the fray a little up the dial by turning off all their analog FM broadcasts at the end of the year. This doesn’t seem to be related to interference — after all, no static at all — but more from the standpoint of reclaiming spectrum that’s no longer turning a profit. There are apparently very few analog FM receivers in use in Switzerland anymore, with everyone having switched to DAB+ or streaming to get their music fix, and keeping FM transmitters on the air isn’t cheap, so the numbers are just stacked against the analog stations. It’s hard to say if this is a portent of things to come in other parts of the world, but it certainly doesn’t bode well for the overall health of terrestrial broadcasting. “First they came for AM radio, and I did nothing because I’m not old enough to listen to AM radio. But then they came for analog FM radio, and when I lost my album-oriented classic rock station, I realized that I’m actually old enough for AM.”

Continue reading “Hackaday Links: July 7, 2024” →

Halfway Between Inspiration And Engineering

July 6, 2024 by Elliot Williams 7 Comments

We see a lot of hacks where the path to success is pretty obvious, if maybe strewn with all sorts of complications, land-mines, and time-sinks. Then we get other hacks that are just totally out-of-the-box. Maybe the work itself isn’t so impressive, or even “correct” by engineering standards, but the inner idea that’s so crazy it just might work shines through.

This week, for instance, we saw an adaptive backlight LED TV modification that no engineer would ever design. Whether it was just the easiest way out, or used up parts on hand, [Mousa] cracked the problem of assigning brightnesses to the LED backlights by taking a tiny screen, playing the same movie on it, pointing it at an array of light sensors, and driving the LEDs inside his big TV off of that. No image processing, no computation, just light hitting LDRs. It’s mad, and it involves many, many wires, but it gets the job done.

Similarly, we saw an answer to the wet-3D-filament problem that’s as simple as it could possibly be: basically a tube with heated, dry air running through it that the filament must pass through on it’s way to the hot end. We’ve seen plenty of engineered solutions to damp filament, ranging from an ounce of prevention in the form of various desiccant storage options, to a pound of cure – putting the spools in the oven to bake out. We’re sure that drying filament inline isn’t the right way to do it, but we’re glad to see it work. The idea is there when you need it.

Not that there’s anything wrong with the engineering mindset. Quite the contrary: most often taking things one reasonable step at a time, quantifying up all the unknowns, and thinking through the path of least resistance gets you to the finish line of your project faster. But we still have to admire the off-the-wall hacks, where the way that makes the most sense isn’t always the most beautiful way to go. It’s a good week on Hackaday when we get both types of projects in even doses.