News

3649 Articles

The Antonov An-225 Seems To Have Been Destroyed After All

March 3, 2022 by 49 Comments

Something that probably unites most Hackaday readers is a love of machines, particularly unique or interesting ones. In the world of aircraft for example, we’ve run several stories about those which push the edges of the size envelope, be they the Hughes Hercules troop carrier, the Scaled Composites Stratolifter space launcher, or the Antonov An-225 Mriya cargo plane. This last machine has been in the news for all the wrong reasons over the last few days, with reports emerging that it may have been destroyed in the fighting around its base at Hostomel near Kyiv. There has been some uncertainty around this news as it has alternately been claimed to have been destroyed or to have miraculously survived, but now a set of photographs have emerged showing what appears to be the An-225 burning in its damaged hangar.

The An-225 is a unique aircraft not only in the sense that there is no other model quite like it, but also because it was manufactured for the special purpose of being the transport carrier of the Soviet Union’s Buran space shuttle, and thus only one airframe was completed. Its characteristic twin tail served to avoid the turbulence that would have resulted from a Buran mounted on top of its enormous fuselage, and the six engine configuration required to move such a behemoth was in part the clue to identifying it in the photograph. Those readers who were lucky enough to see it take off or land in person will attest to its impressive physical presence, while the rest of us remain sad to have missed that chance.

It seems crass to talk about the destruction of an aircraft when compared to the scale of the unfolding tragedy in Ukraine, but we think perhaps our British and French readers who grew up with Concorde in the sky will understand the power of such a machine as a source of pride. We hope that the Antonov company will return to the design of huge cargo aircraft in peacetime, and Ukranians can again have pride in a monster aircraft that the rest of us will drive for miles just to watch taking off or landing.

The issue of which aircraft is the world’s largest can be a complex one, as we’ve explored in the past.

Header image: Vasiliy Koba, CC BY-SA 4.0.

Where Do You Want To Go Today? Perhaps To A Linux With A Familiar Interface?

March 2, 2022 by 72 Comments

Sometimes we cover works of extreme technological merit here at Hackaday, other times we cover interesting projects that while they might not lie at the bleeding edge are interesting enough that they deserve a wider audience. Sometimes though, we bring you something in this field simply because it amuses us and we think it will you too. Such is the case with [Bryan Lunduke]’s look at making a Linux desktop look like Windows 95. And lest you think that it might be yet another skin to make Windows users transition to Linux a bit easier, the aim and result is to make it look exactly like Microsoft’s mid-90s desktop.

Underneath it all is the relatively familiar xUbuntu distribution, with a deliciously troll-worthy project called Chicago95 atop it. This takes some existing Windows 95 theme and icon projects, and adds GTK themes, an MS-DOS shell theme, the ability to install those cheesy ’90s Plus! themes, and a Microsoft Office 95 theme for LibreOffice. It really does deliver an experience very close to the Redmond original.

So, what’s the point here in 2022? In the first instance it’s an excellent opportunity to troll open-source enthusiast friends with a crusty laptop seemingly running ’95 and showing YouTube videos on Netscape Navigator 3. But beyond the jokes there is a serious use for it. There may be many criticisms that can be leveled at Windows 95, but it’s safe to say that its GUI was a significant success whose echoes can be found in many desktops here in 2022. There are a huge number of people in the world who are completely at home in a Windows 95 environment who might struggle with a Linux desktop, and this gives them a way to be immediately productive.  Would you give your grandmother a Linux box with this desktop?

Neon, Ukraine, And The Global Semiconductor Industry

February 27, 2022 by 34 Comments

On our news feeds and TV channels at the moment are many stories concerning the war in Ukraine, and among them is one which may have an effect on the high-tech industries. It seems that a significant percentage of the world’s neon gas is produced in Ukrainian factories, and there is concern among pundits and electronics manufacturers that a disruption of this supply could be a further problem for an industry already reeling from the COVID-related chip shortage. It’s thus worth taking a quick look at the neon business from an engineering perspective to perhaps make sense of some of those concerns.

As most readers will know from their high school chemistry lessons, neon is one of the so-called inert gasses, sitting in the column at the extreme right of the Periodic table. It occurs in nature as a small percentage of the air we breathe and is extracted from the air by fractional distillation of the liquid phase. The important point from the above sentences is that the same neon is all around us in the air as there is in Ukraine, in other words, there is no strategic neon mine in the Ukrainian countryside about to be overrun by the Russian invaders.

So why do we source so much neon from Ukraine, if we’re constantly breathing the stuff in and out everywhere else in the world? Since the air separation industry is alive and well worldwide for the production of liquid nitrogen and oxygen as well as the slightly more numerous inert gasses, we’re guessing that the answer lies in economics. It’s a bit harder to extract neon from air than it is argon because there is less of it in the air. Since it can be brought for a reasonable cost from the Ukrainians who have made it their business to extract it, there is little benefit in American or Western European companies trying to compete. Our take is that if the supply of Ukrainian neon is interrupted there may be a short period of neon scarcity. After that, air extraction companies will quite speedily install whatever extra plant they need in order to service the demand. If that’s your area of expertise, we’d love to hear from you in the comments.

Here at Hackaday we are saddened beyond words at what has happened in Ukraine, and we hope our Ukrainian readers and those Ukrainian hackers whose work we’ve featured make it through safely. We sincerely hope that this madness can be ended and that we can mention the country in the context of cool hacks again rather than war.

If you are interested in the strategic value of inert gasses, have a read about the global helium supply.

Header image: Lestat (Jan Mehlich), CC BY-SA 3.0.

This Week In Security: Updraft, Termux, And Magento

February 25, 2022 by 7 Comments

One of the most popular WordPress backup plugins, UpdraftPlus, has released a set of updates, x.22.3, that contain a potentially important fix for CVE-2022-23303. This vulnerability exposes existing backups to any logged-in WordPress user. This bug was found by the guys at Jetpack, who have a nice write-up on it. It’s a combination of instances of a common problem — endpoints that lacked proper authentication. The heartbeat function allows any user to access it, and it returns the latest backup nonce.

A cryptographic nonce is a value that’s not exactly a cryptographic secret, but is only used once. In some cases, this is to mitigate replay attacks, or is used as an initialization vector. In the case of UpdraftPlus, the nonce works as a unique identifiers for individual backups. The data leak can be combined with another weak validation in the maybe_download_backup_from_email() function, to allow downloading of a backup. As WordPress backups will contain sensitive information, this is quite the problem. There are no known in-the-wild instances of this attack being used, but as always, update now to stay ahead of the game.

Continue reading “This Week In Security: Updraft, Termux, And Magento”

Homemade Toy Wind Tunnel Blows (Really Well)

February 18, 2022 by 6 Comments

Sometimes a kid wakes up on Christmas morning and runs downstairs, only hoping to see one thing: a shiny new wind tunnel. This past December, that’s exactly what [SparksAndCode]’s son found under beside the tree, complete with a bag of scarves, ping-pong balls, and other fun things to launch through it (in the name of physics, of course).

The real story here starts about a week before Christmas, when [SparksAndCode]’s son was enthralled by a similar device at a science museum. At his wife’s suggestion, [SparksAndCode] got to work designing a and building a wind tunnel with hardware-store parts, his deadline looming ahead. The basic structure of the tunnel is three rods which support plywood collars. The walls are formed by plastic sheets rolled inside the collars to make a tube. Underneath, a Harbor Freight fan supplies a nice, steady stream of air for endless entertainment.

After finding a few bugs during his son’s initial beta testing on Christmas morning, [SparksAndCode] brought the wind tunnel back into the shop for a few tweaks and upgrades, including a mesh cover on the air intake to stop things from getting sucked into the fan. The final result was a very functional (and fun!) column of air. Looking for even more function (but not necessarily less fun)? We’ve got you covered too with this home-built research wind tunnel from a few years back.

Continue reading “Homemade Toy Wind Tunnel Blows (Really Well)”

This Week In Security: Chrome 0-day,Cassandra, And A Cisco PoC

February 18, 2022 by 7 Comments

Running Chrome or a Chromium-based browser? Check for version 98.0.4758.102, and update if you’re not running that release or better. Quick tip, use chrome://restart to trigger an immediate restart of Chrome, just like the one that comes after an update. This is super useful especially after installing an update on Linux, using apt, dnf, or the like.

CVE-2022-0609 is the big vulnerability just patched, and Google has acknowledged that it’s being exploited in the wild. It’s a use-after-free bug, meaning that the application marks a section of memory as returned to the OS, but then accesses that now-invalid memory address. The time gap between freeing and erroneously re-using the memory allows malicious code to claim that memory as its own, and write something unexpected.

Google has learned their lesson about making too many details public too early, and this CVE and associated bug aren’t easily found in in the Chromium project’s source, and there doesn’t seem to be an exploit published in the Chromium code testing suite. Continue reading “This Week In Security: Chrome 0-day,Cassandra, And A Cisco PoC”

Bionic Eyes Go Dark

February 18, 2022 by 49 Comments

If you were blind, having an artificial retinal implant would mean the difference between seeing a few hundred pixels in greyscale and seeing all black, all the time. Imagine that you emerged from this total darkness, enjoyed a few years of mobility and your newfound sense, and then everything goes dark again because the company making the devices abandoned them for financial reasons.

This is a harrowing tale of close-source technology, and how a medical device that relies on proprietary hard- and software essentially holds its users hostage to the financial well-being of the company that produces it. When that company is a brash startup, with plans of making money by eventually pivoting away from retinal implants to direct cortical stimulation — a technology that’s in it’s infancy at best right now — that’s a risky bet to take. But these were people with no other alternative, and the technology is, or was, amazing.

One blind man with an implant may or may not have brain cancer, but claims that he can’t receive an MRI because Second Sight won’t release details about his implant. Those bugs in your eyes? When the firm laid off its rehab therapists, patients were told they weren’t going to get any more software updates.

If we were CEO of SecondSight, we know what we would do with our closed-source software and hardware right now. The company is facing bankruptcy, has lost significant credibility in the medical devices industry, and is looking to pivot away from the Argus system anyway. They have little to lose, and a tremendous amount of goodwill to gain, by enabling people to fix their own eyes.

Thanks to [Adrian], [Ben], [MLewis], and a few other tipsters for getting this one in!