News

3618 Articles

ChatGPT & Me. ChatGPT Is Me!

May 16, 2025 by 64 Comments

For a while now part of my email signature has been a quote from a Hackaday commenter insinuating that an article I wrote was created by a “Dumb AI”. You have my sincerest promise that I am a humble meatbag scribe just like the rest of you, indeed one currently nursing a sore shoulder due to a sporting injury, so I found the comment funny in a way its writer probably didn’t intend. Like many in tech, I maintain a skepticism about the future role of large-language-model generative AI, and have resisted the urge to drink the Kool-Aid you will see liberally flowing at the moment.

Hackaday Is Part Of The Machine

As you’ll no doubt be aware, these large language models work by gathering a vast corpus of text, and doing their computational tricks to generate their output by inferring from that data. They can thus create an artwork in the style of a painter who receives no reward for the image, or a book in the voice of an author who may be struggling to make ends meet. From the viewpoint of content creators and intellectual property owners, it’s theft on a grand scale, and you’ll find plenty of legal battles seeking to establish the boundaries of the field.

Anyway, once an LLM has enough text from a particular source, it can do a pretty good job of writing in that style. ChatGPT for example has doubtless crawled the whole of Hackaday, and since I’ve written thousands of articles in my nearly a decade here, it’s got a significant corpus of my work. Could it write in my style? As it turns out, yes it can, but not exactly. I set out to test its forging skill. Continue reading “ChatGPT & Me. ChatGPT Is Me!”

This Week In Security: Lingering Spectre, Deep Fakes, And CoreAudio

May 16, 2025 by 5 Comments

Spectre lives. We’ve got two separate pieces of research, each finding new processor primitives that allow Spectre-style memory leaks. Before we dive into the details of the new techniques, let’s quickly remind ourselves what Spectre is. Modern CPUs use a variety of clever tricks to execute code faster, and one of the stumbling blocks is memory latency. When a program reaches a branch in execution, the program will proceed in one of two possible directions, and it’s often a value from memory that determines which branch is taken. Rather than wait for the memory to be fetched, modern CPUs will predict which branch execution will take, and speculatively execute the code down that branch. Once the memory is fetched and the branch is properly evaluated, the speculatively executed code is rewound if the guess was wrong, or made authoritative if the guess was correct. Spectre is the realization that incorrect branch prediction can change the contents of the CPU cache, and those changes can be detected through cache timing measurements. The end result is that arbitrary system memory can be leaked from a low privileged or even sandboxed user process.

In response to Spectre, OS developers and CPU designers have added domain isolation protections, that prevent branch prediction poisoning in an attack process from affecting the branch prediction in the kernel or another process. Training Solo is the clever idea from VUSec that branch prediction poisoning could just be done from within the kernel space, and avoid any domain switching at all. That can be done through cBPF, the classic Berkeley Packet Filter (BPF) kernel VM. By default, all users on a Linux system can run cBPF code, throwing the doors back open for Spectre shenanigans. There’s also an address collision attack where an unrelated branch can be used to train a target branch. Researchers also discovered a pair of CVEs in Intel’s CPUs, where prediction training was broken in specific cases, allowing for a wild 17 kB/sec memory leak.

Continue reading “This Week In Security: Lingering Spectre, Deep Fakes, And CoreAudio”

Work, Eat, Sleep, Repeat: Become A Human Tamagotchi

May 12, 2025 by 10 Comments

When [Terence Grover] set out to build a Tamagotchi-inspired simulator, he didn’t just add a few modern tweaks. He ditched the entire concept and rebuilt it from the ground up. Forget cute wide-eyed blobby animals and pixel-poop. This Raspberry Pi-powered project ditches nostalgia in favour of brutal realism: inflation, burnout, capitalism, and the occasional existential crisis. Think Sims meets cyberpunk, rendered charmingly in Python on a low-res RGB LED matrix.

Instead of hunger and poop meters, this dystopian pet juggles Maslow’s hierarchy: hunger, rest, safety, social life, esteem, and money. Players make real-life-inspired decisions like working, socialising, and going into education – each affecting the stats in logical (and often unfair) ways. No free lunch here: food requires money, money requires mind-numbing labour, and labour tanks your rest. You can even die of overwork à la Amazon warehouse. The UI and animation logic are all hand-coded, and there’s a working buzzer, pixel-perfect sprite movement, and even mini-games to simulate job repetition.

It’s equal parts social commentary and pixel art fever dream. While we have covered Tamagotchi recreations some time ago, this one makes you the needy survivor. Want your own dystopia in 64×32? Head over to [Terence Grover]’s Github and fork the full open source code. We’ll be watching. The Tamagotchi certainly is.

Continue reading “Work, Eat, Sleep, Repeat: Become A Human Tamagotchi”

Antique Mill Satisfies Food Cravings

May 9, 2025 by 16 Comments

Everyone knows what its like to get a hankering for a specific food. In [Attoparsec]’s case, he wanted waffles. Not any waffles would do, though; he needed waffles in the form of a labyrinth. Those don’t exist, so he had to machine his own waffle maker.

Antique pantograph mill
When computers were the size of rooms, these stood in where we’d use CNC today.

Most of us would have run this off on a CNC, but [Attoparsec] isn’t into CNCing–manual machining is his hobby, and he’s not interested in getting into another one, no matter how much more productive he admits it might make him. We can respect that. After a bit of brain sweat thinking of different ways to cut out the labyrinth shape, he has the opportunity to pick up an antique Deckle pantograph mill.

These machines were what shops used to do CNC before the ‘computer numeric’ part was a thing. By tracing out a template (which [Attoparsec] 3D prints, so he’s obviously no Luddite) complex shapes can be milled with ease. Complex shapes like a labyrnthine wafflemaker. Check out the full video below; it’s full of all sorts of interesting details about the machining process and the tools involved.

If you don’t need to machine cast iron, but are interested in the techniques seen here, a wooden pantorouter might be more your speed than a one-tonne antique. If you have a hankering for waffles but would rather use CNC, check out these design tips to help you get started. If pancakes are more your style, why not print them?

Shoutout to [the gambler] for sending this into the tip line. We think he struck the jackpot on this one. If you have a tip, don’t be shy. Continue reading “Antique Mill Satisfies Food Cravings”

This Week In Security: Encrypted Messaging, NSO’s Judgement, And AI CVE DDoS

May 9, 2025 by 3 Comments

Cryptographic messaging has been in the news a lot recently. Like the formal audit of WhatsApp (the actual PDF). And the results are good. There are some minor potential problems that the audit highlights, but they are of questionable real-world impact. The most consequential is how easy it is to add additional members to a group chat. Or to put it another way, there are no cryptographic guarantees associated with adding a new user to a group.

The good news is that WhatsApp groups don’t allow new members to read previous messages. So a user getting added to a group doesn’t reveal historic messages. But a user added without being noticed can snoop on future messages. There’s an obvious question, as to how this is a weakness. Isn’t it redundant, since anyone with the permission to add someone to a group, can already read the messages from that group?

That’s where the lack of cryptography comes in. To put it simply, the WhatsApp servers could add users to groups, even if none of the existing users actually requested the addition. It’s not a vulnerability per se, but definitely a design choice to keep in mind. Keep an eye on the members in your groups, just in case. Continue reading “This Week In Security: Encrypted Messaging, NSO’s Judgement, And AI CVE DDoS”

This Week In Security: AirBorne, EvilNotify, And Revoked RDP

May 2, 2025 by 2 Comments

This week, Oligo has announced the AirBorne series of vulnerabilities in the Apple Airdrop protocol and SDK. This is a particularly serious set of issues, and notably affects MacOS desktops and laptops, the iOS and iPadOS mobile devices, and many IoT devices that use the Apple SDK to provide AirPlay support. It’s a group of 16 CVEs based on 23 total reported issues, with the ramifications ranging from an authentication bypass, to local file reads, all the way to Remote Code Execution (RCE).

AirPlay is a WiFi based peer-to-peer protocol, used to share or stream media between devices. It uses port 7000, and a custom protocol that has elements of both HTTP and RTSP. This scheme makes heavy use of property lists (“plists”) for transferring serialized information. And as we well know, serialization and data parsing interfaces are great places to look for vulnerabilities. Oligo provides an example, where a plist is expected to contain a dictionary object, but was actually constructed with a simple string. De-serializing that plist results in a malformed dictionary, and attempting to access it will crash the process.

Another demo is using AirPlay to achieve an arbitrary memory write against a MacOS device. Because it’s such a powerful primative, this can be used for zero-click exploitation, though the actual demo uses the music app, and launches with a user click. Prior to the patch, this affected any MacOS device with AirPlay enabled, and set to either “Anyone on the same network” or “Everyone”. Because of the zero-click nature, this could be made into a wormable exploit. Continue reading “This Week In Security: AirBorne, EvilNotify, And Revoked RDP”

Single-Board Z80 Computer Draws Inspiration From Picasso

May 1, 2025 by 19 Comments

Picasso and the Z80 microprocessor are not two things we often think about at the same time. One is a renowned artist born in the 19th century, the other, a popular CPU that helped launch the microcomputer movement. And yet, the latter has come to inspire a computer based on the former. Meet the RC2014 Mini II Picasso!

As [concretedog] tells the story, what you’re fundamentally looking at is an RC2014 Mini II. As we’ve discussed previously, it’s a single-board Z80 retrocomputer that you can use to do fun things like run BASIC, Forth, or CP/M. However, where it gets kind of fun is in the layout. It’s the same fundamental circuitry as the RC2014, but it’s been given a rather artistic flair. The ICs are twisted this way and that, as are the passive components; even some of the resistors are dancing all over the top of one another. The kit is a limited edition, too, with each coming with a unique combination of colors where the silkscreen and sockets and LED are concerned. Kits are available via Z80Kits for those interested.

We love a good artistic PCB design; indeed, we’ve supported the artform heavily at Supercon and beyond. It’s neat to see the RC2014 designers reminding us that components need not live on a rigid grid; they too can dance and sway and flop all over the place like the eyes and or nose on a classic Picasso.

It’s weird, though; in a way, despite the Picasso inspiration, the whole thing ends up looking distinctly of the 1990s. In any case, if you’re cooking up any such kooky builds of your own, modelled after Picasso or any other Spanish master, don’t hesitate to notify the tipsline.