News

3612 Articles

2023 Hackaday Supercon: Cory Doctorow Signs On As Keynote Speaker

October 25, 2023 by 9 Comments

As if you weren’t already excited enough about the speakers and events that will be part of this year’s Hackaday Supercon, today we can finally reveal that journalist, activist, author, technologist, and all around geek Cory Doctorow will be presenting the keynote address on Saturday morning.

Cory has always been an outspoken supporter of digital freedom, from helping develop OpenCola in 2001 as a way to explain the concepts behind free and open source software, to his more recent work at the Electronic Frontier Foundation. He’s made his novels available for purchase directly from his personal website in DRM-free file formats, and he’s even developed a habit of releasing some of them for free under the Creative Commons license. The hacker ethos is strong with this one.

Over the last year, he’s been particularly vocal about what he calls Enshittification — the inevitable decay of any online service where the users are, whether they realize it or not, the product. It’s a concept that’s perfectly exemplified by the ongoing slow-motion implosion of Twitter, and Reddit’s increasingly hostile treatment of its community. Cory explains that one of the signposts on this particular journey is when user-created tools, such as web scrapers or bots, are banned by the powers that be. Reverse engineering, especially when it can uncover a way out of the Walled Garden, is strictly forbidden.

Luckily, there’s a way out. Cory will be delivering his talk An Audacious Plan to Halt the Internet’s Enshittification and Throw It Into Reverse, not only to those who will be physically attending Supercon, but to the entire Hackaday community via our live YouTube stream of the event. It’s a presentation that’s critically important to an audience such as ours — while nearly anyone with an Internet connection can appreciate the problem he’s describing, hackers and makers are in a unique position to actually do something about it. Following the principles Cory will detail in his talk, we can build services and networks that actually respect their users rather than treating them like the enemy.

It Won’t Be Long Now

By the time this post hits the front page of Hackaday, there will be slightly more than a week to go before several hundred of our best friends descend on the city of Pasadena for Supercon. We recently unveiled the Vectorscope badge, dropped two posts listing off all of this year’s presenters, and offered up a list of fascinating workshops. The stage is now officially set for what we consider, as humbly as possible, to be the greatest gathering of hardware hackers, builders, engineers, and enthusiasts in the world. Check out the schedule and plan your Supercon ahead of time.

Tickets for the 2023 Hackaday Supercon are, perhaps unsurprisingly, completely sold out. But you can still add your name to the wait list on Eventbrite, which will put you in the running to grab any returned tickets should somebody have to back out at the last minute. Failing that, there’s always 2024.

Featured Image: Copyright Julia Galdo and Cody Cloud (JUCO), www.jucophoto.com/, CC BY-SA 2.0

2023 Hackaday Supercon: The Rest Of The Talks

October 19, 2023 by 2 Comments

The 2023 Hackaday Superconference is only two weeks away, and we’re happy to announce the second half of the slate. As always, this is a great mix of well-known Hackaday faces, and folks we haven’t yet met. Whether they’re fixing up the Apollo Guidance Computer, building their own airplanes, trapping rubidium atoms, or teaching robots to sail, this is another super interesting round of talks.

Tickets are sold out, the badges are almost done, and we’re in the home stretch! We can smell the tacos from here. If you’re joining us, we hope you’re excited. If you’re not able to, we’ll stream as much as we can.

All that remains is the mystery of the keynote speaker.  Stay tuned! Continue reading “2023 Hackaday Supercon: The Rest Of The Talks”

Daily Inspections Keep Your Spitfire In Tip-Top Shape

October 18, 2023 by 22 Comments

What ho, chaps? Look, we know this is a bally nuisance and all, but those desk jockeys at HQ want us all to watch this film about daily insepction of your Spitfire. No Vera and no Greta in this one, more’s the pity, but it is jolly important. We all know that our Spitfires are complicated buckets of bolts, but those kites won’t stay in the air if we don’t maintain them. Yes, the boring stuff, like purging the fuel system of water and refueling outside of the hanger. And, yes, Captain Molesworth, that means putting out that cigar while the tech boys are topping off your tank. Now shut up and watch the film we’ve placed below the break, what?

All right, all right, wake up at the back there. I heard you snoring, Peason. The bally Germans could hear you snoring. I know that wasn’t Errol Flynn, but this stuff is damned essential. You may be pilots, but you all rely on those people you just saw. Your lives depend on the riggers, armorers, instrument repairers, and others. While you are out carousing, these men are taking your plane apart and ensuring the engine is running smoother than the legs of the barmaid at the Dog & Duck. Every time one of you chaps calls Bingo Fuel, you get home because some chap checked your fuel gauge was accurate. Every time one of you glances at the Rate of Climb indicator to judge an intercept, you are relying on the chap who tested and zeroed it while you were snoring in your bunk, sleeping off last nights debauch. So, don’t forget that you are part of a team. You may be full of dauntless spirit  up there, but you won’t get anywhere without those chaps on the ground.

Now, let’s talk about tonight’s mission…

Continue reading “Daily Inspections Keep Your Spitfire In Tip-Top Shape”

National Research Council laboratories in Ottawa

Canada Abruptly Ends Official Time Signal

October 13, 2023 by 47 Comments

In a sudden move that was noted not only by Canadian media, but also international media channels, the National Research Council Time Signal that was broadcast by Canadian Broadcasting Corporation (CBC) on CBC Radio One since November 5 1939 was turned off on October 9th, after eighty-four years, one world war, countless generations, and the rise of modern technology. Although perhaps obsolete by today’s standards, this 15 to 60 second long broadcast at 13:00 Eastern Time every single day has been a constant in the life of Canadians, whether they tuned into local radio, or (increasingly) via Internet radio.

The NRC Time Signal consisted out of a series of 800 Hz sinewave ‘beeps’ followed by a second-long signal to indicate the top of the hour. Back in the day this was extremely useful to sync one’s clocks, watches and other time-keeping devices to. Yet between the transmission delays caused by Internet radio and the increased availability of NTP and other time sources on modern-day devices, the signal’s main use appears to have become a nostalgic reminder of what once was a constant of each and every day.

In this regard the public response to the rather unceremonious decommissioning without prior announcement was rather predictable. After all, even if it wasn’t that useful, why throw out something that is more recognizable than any other radio jingle for generations of Canadians?

Top image: National Research Council laboratories in Ottawa.

This Week In Security: Curl Reveal, Rapid Reset DDoS, And Libcue

October 13, 2023 by 17 Comments

Curl gave us all a big warning that a severe security problem had been found in that code-base. Given the staggering number of Curl installs around the world, we held our collective breath and waited for the bombshell to drop this Wednesday. It turns out, it’s not quite as bad as feared — so long as you don’t have a SOCKS proxy.

In hindsight, shipping a heap overflow in code installed in over twenty billion instances is not an experience I would recommend. — Daniel Stenberg

The trouble started when the SOCKS5 proxy support was converted to a non-blocking implementation. It’s a win for libcurl to work on requests asynchronously, but refactoring code and new features always runs a bit of risk. SOCKS5 proxying has some quirks, like allowing DNS resolution to happen locally or at the proxy. The new async code starts out with:

bool socks5_resolve_local =
(proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE;

First off, unnecessary ternary is unnecessary. But note that this local variable gets set by the proxytype. If that’s CURLPROXY_SOCKS5_HOSTNAME, then it uses remote resolution. But inherited from old code is a check for a hostname that is too long for a SOCKS request (255 bytes). This code converts back to local resolution in this case.

The important detail here is that this function is now a state machine, that potentially runs multiple times for a single request, to achieve that asynchronous execution. The check for a too-long hostname only happens during the initialization state. Copying the hostname into the buffer happens in a different state. If setting up the connection takes enough time, the function will return and be executed again when something has changed. The ternary check runs again, but not the hostname-too-long. So if set to do remote resolution with a long enough host name, execution slips through this edge case, and the long hostname is copied into a too-small buffer.

It’s safe to assume that this heap overflow can result in arbitrary code execution. The fix has landed in 8.4.0, after being present for 1,315 days. [Daniel] goes ahead and gets ahead of the inevitable suggestion that Curl should be written in rust or another memory-safe language. Curl was started before those alternatives existed, and there is a very slow effort to move portions of the project to memory-safe languages. And you’re welcome to help out. Continue reading “This Week In Security: Curl Reveal, Rapid Reset DDoS, And Libcue”

Hackaday Superconference 2023: Workshops Announced, Get Tickets Now!

October 12, 2023 by 4 Comments

Last week, we announced just half of our fantastic slate of talks for Supercon. This week, we’re opening up the workshops. The workshops are small, hands-on opportunities to build something or learn something, lead by an expert in the field. Workshops sell out fast, so register now if you’re interested.

And stay tuned for the next round of talk reveals next week! And maybe even the badge reveal?

Andy Geppert
Weave Your Own Core Memory – Core16!

This workshop provides you with the opportunity to weave your own core memory! Using 16 authentic ferrite core bits and 16 RGB LEDs, you can play tic-tac-toe, paint with a magnetic stylus, and create your own interactive experiences. Andy Geppert will guide you through the assembly of Core16. The Core16 kit is the little brother of the Core64 kit. The smaller Core16 kit reduces assembly time/cost, enabling more people to experience the challenge and satisfaction of creating their own core memory.

Travis Foss
Presented by DigiKey: Introduction and expansion of the XRP Robotics Platform

In this workshop you will be able to get your hands on the new XRP (Experiential Robotics Platform) and take the basics a step further with a few additional parts. Along with the base kit, participants will have the opportunity to install a RGB twist encoder, a LCD screen, and a buzzer to create a setup that will allow the user to choose a program onboard without being tethered to a computer.

Becky Button
How to Make a Custom Guitar Pedal

Musical effects are for everybody! Join this workshop and get hands-on experience assembling and programming your musical effects pedals. Walk away from this workshop with the capability of integrating multiple musical effects into 1 device and reprogramming the pedal with any effects you want!

Daniel Lindmark
From Zero to Git: 1 Hour Hardware Git Bootcamp

In this workshop, you will learn all about basic git operations, including how to download and install the client, setting up a repo, synching changes, and much more. Learn how to navigate common issues and take advantage of a live FAQ during the workshop.

Jazmin Hernandez
Solder and Learn How to Use Your Own Anti-Skimmer (HunterCat)

Have you ever been vulnerable to data theft? Do you fear using your bank card in ATMs or even in a restaurant? Protect your information from potential skimmers in this workshop while you learn to solder some components of your anti-skimmer/magnetic stripe clone detectors. By the end of the workshop, you’ll have a device to insert before using your bank card to check for potential issues.

Matt Venn
Tiny Tapeout – Demystifying Microchip Design and Manufacture

In this workshop, you can design and manufacture your own chip on an ASIC. You will learn the basics of digital logic, how semiconductors are made, the skills needed to use an online digital design tool for simulation, and how to create the GDS file for manufacturing. Participants will also have the option to submit their designs to be manufactured as part of the Tiny Tapeout project.

You can’t attend the workshops without attending Supercon, so get your tickets!  (As we write, there are only ten more…)

 

Meshtastic And Owntracks To Kick Your Google Habit

October 11, 2023 by 20 Comments

I have an admission to make. I have a Google addiction. Not the normal addiction — I have a problem with Google Maps, and the timeline feature. I know, I’m giving my location data to Google, who does who-knows-what-all with it. But it’s convenient to have an easy way to share location with my wife, and very useful to track my business related travel for each month. What we could really use is a self-hosted, open source system to track locations and display location history. And for bonus points, let’s include some extra features, like the ability to track vehicles, kids, and pets that aren’t carrying a dedicated Internet connection.

You can read the title — you know where we’re going with this. We’re setting up an Owntracks service, and then tying it to Meshtastic for off-Internet usability. The backbone that makes this work is MQTT, a network message bus that has really found its niche in the Home Assistant project among others. It’s a simple protocol, where clients send brief messages labeled by topic, and can also subscribe to specific topics. For this little endeavor we’ll use the Mosquito MQTT broker.

One of the nice things about MQTT is that the messages are all text strings, and often take the form of JSON. When trying to get two applications to talking using a shared MQTT server, there may need to be a bit of translation. One application may label a field latitude, and the other shortens it to lat. The glue code to put these together is often known as an MQTT translator, or sometimes an MQTT bridge. This is a program that listens to a given topic, ingests each message, and sends it back to the MQTT server in a different format and topic name.

The last piece is Owntracks, which has a recorder project, which pulls locations from the MQTT server, and stores it locally. Then there’s Owntracks Frontend, which is a much nicer user interface, with some nice features like viewing movement a day at a time. Continue reading “Meshtastic And Owntracks To Kick Your Google Habit”