The White House Memory Safety Appeal Is A Security Red Herring

February 29, 2024 by Maya Posch 107 Comments

In the Holy Programming Language Wars, the lingua franca of system programming – also known as C – is often lambasted for being unsecure, error-prone, and plagued with more types of behavior that are undefined than ones that are defined by the C standards. Many programming languages were said to be ‘C killers’, yet C is still alive today. That didn’t stop the US White House’s Office of the National Cyber Director (ONCD) from putting out a report in which both C and C++ got lambasted for being ‘unsafe’ when it came to memory management.

The full report (PDF) is pretty light on technical details, while citing only blog posts by Microsoft and Google as its ‘expert sources’. The claim that memory safety issues are the primary cause of CVEs is not substantiated, or at least ignores the severity of CVEs when looking at the CISA statistics for active exploits. Beyond this call for ‘memory safety’, the report then goes on to effectively call for more testing and validation, while kicking in doors that were opened back in the 1970s already with the Steelman requirements and the High Order Language Working Group (HOLWG) of 1975.

What truly is the impact and factual basis of the ONCD report?

Continue reading “The White House Memory Safety Appeal Is A Security Red Herring” →

Want To Learn Binary? Draw Space Invaders!

February 24, 2024 by Elliot Williams 6 Comments

This was the week that I accidentally taught my nearly ten-year-old son binary. And I didn’t do it on purpose, I swear.

It all started innocently enough. He had a week vacation, and on one of those days, we booked him a day-course for kids at our local FabLab. It was sold as a “learn to solder” class, and the project they made was basically a MiniPOV: eight LEDs driven by a museum-piece AVR ATtiny2313. Blinking lights make a pattern in your persistence of vision as you swipe it back and forth.

The default pattern was a heart, which is nice enough. But he wanted to get his own designs in there, and of course he knows that I know how to flash the thing with new code. So I got him to solder on an ISP header and start drawing patterns on grids of graph paper while I got the toolchain working and updated some of the 2000’s-era code so it would compile.

There’s absolutely no simpler way to get your head around binary than to light up a row of LEDs, and transcribing the columns of his fresh pixel art into ones and zeros was just the motivation he needed. We converted the first couple rows into their decimal equivalents, but it was getting close to dinner time, so we cheesed out with the modern 0b00110100 format for the rest. This all happened quite organically; “unintentional parenting” is what we call it.

While we were eating dinner, I got the strangest sense of deja vu. When I was around ten or eleven, my own father told me about the custom fonts for the Okidata 24-pin printer at his lab, because he needed me out of his hair for a while, and I set out to encode all of the Hobbit runes for it. (No comment.) He must have handed me a piece of graph paper explained how it goes, and we had a working rune font by evening. That was probably how I learned about binary as well.

Want to teach someone binary? Give them a persistence of vision toy, or a dot-matrix printer.

(Art is from a much older POV project: Trakr POV — a hack of an old kids’ toy to make a long-exposure POV image. But it looks cool, and it gets the point across.)

Ask Hackaday: What’s In Your Garage?

February 23, 2024 by Al Williams 29 Comments

No matter what your hack of choice is, most of us harbor a secret fantasy that one day, we will create something world-changing, right? For most of us, that isn’t likely, but it does happen. A recent post from [Rohit Krishnan] points out that a lot of innovation happens in garages by people who are more or less like us.

He points out that Apple, Google, and HP all started in garages. So did Harley Davidson. While it wasn’t technically a garage, the Wright brothers were in a bicycle workshop, which is sort of a garage for bikes. Even Philo Farnsworth started out in a garage. Of course, all of those were a few years ago, too. Is it too late to change the world from your workbench?

Basement

We’d argue basements are at least as important (although in southern Texas, they call garages Lone Star basements since no one has proper basements). The real point of the article, though, isn’t the power of the garage. Rather, it is the common drive and spirit of innovators to do whatever it takes to make their vision a reality. A few hundred bucks and an oddball space has given birth to many innovations.

Continue reading “Ask Hackaday: What’s In Your Garage?” →

Wireless All The Things!

February 17, 2024 by Elliot Williams 48 Comments

Neither Tom Nardi nor I are exactly young anymore, and we can both remember a time when joysticks were actually connected with wires to the computer or console, for instance. Back then, even though wireless options were on the market, you’d still want the wired version if it was a reaction-speed game, because wireless links just used to be too slow.

Somehow, in the intervening years, and although we never even really noticed the transition as such, everything has become wireless. And that includes our own hacker projects. Sure, the ESP8266 and other WiFi-capable chips made a big difference, but I still have a soft spot in my heart for the nRF24 chipset, which made at least point-to-point wireless affordable and easy. Others will feel the same about ZigBee, but the point stands: nothing has wires anymore, except to charge back up.

The reason? As this experiment comparing the latency of many different wireless connections bears out, wireless data links have just gotten that good, to the point that the latency in the radio is on par with what you’d get over USB. And the relevant software ecosystems have made it easier to go wireless as well. Except for the extra power requirement, and for cases where you need to move a lot of data, there’s almost no reason that any of your devices need wires anymore.

Are you with us? Will you throw down your chains and go wireless?

One Project At A Time, Or A Dozen?

February 10, 2024 by Elliot Williams 34 Comments

We got a bunch of great food for thought in this week’s ask-us-anything on the Hackaday Podcast, and we all chewed happily. Some of my favorite answers came out of the question about how many projects we all take on at once. Without an exception, the answer was “many”. And while not every one of the projects that we currently have started will eventually reach the finish line, that’s entirely different from saying that none of them ever do. On the contrary, Tom Nardi made the case for having a number of irons simultaneously in the fire.

We all get stuck from time to time. That’s just the nature of the beast. The question is whether you knuckle down and try to brute-force power your way through the difficulty, or whether you work around it. A lot of the time, and this was Dan Maloney’s biggest bugaboo, you lack the particular part or component that you had in mind to get the job done. In that situation, sometimes you just have to wait. And what are you going to do while waiting? Work on Project B! (But take good notes of the state of Project A, because that makes it a lot easier to get back into the swing of things when the parts do arrive.)

Al and I both weighed in on the side of necessity, though. Sometimes, no matter how many attractive other projects you’ve got piled up, one just needs to get out the door first. My recent example was our coffee roaster. Before I start a big overhaul, I usually roast a couple days’ worth of the evil bean. And then the clock starts ticking. No roasting equals two unhappy adults in this household, so it’s really not an option. Time pressure like that helps focus the mind on the top-priority project.

But I’m also with Tom. It’s a tremendous luxury to have a handful of projects in process, and be able to hack on one simply because you’re inspired, or in love with the project at that moment. And when the muse calls, the parts arrive, or you finally figure out what was blocking you on Project A, then you can always get back to it.

In Praise Of “Simple” Projects

January 27, 2024 by Elliot Williams 9 Comments

When I start off on a “simple” project, experience shows that it’s got about a 10% chance of actually remaining simple. Sometimes it’s because Plan A never works out the way I think it will, due to either naivety or simply the random blockers that always get in the way and need surmounting. But a decent percentage of the time, it’s because something really cool happens along the way. Indeed, my favorite kind of “simple” projects are those that open up your eyes to a new world of possibilities or experiments that, taken together, are nothing like simple anymore.

Al Williams and I were talking about water rockets on the podcast the other day, and I realized that this was a perfect example of an open-ended simple project. It sounds really easy: you put some water in a soda bottle, pressurize it a bit with air, and then let it go. Water gets pushed down, bottle flies up. Done?

Oh no! The first step into more sophistication is the aerodynamics. But honestly, if you make something vaguely rocket-shaped with fins, it’ll probably work. Then you probably need a parachute release mechanism. And then some data logging? An accelerometer and barometer? A small video camera? That gets you to the level of [ARRO]’s work that spawned our discussion.

But it wasn’t ten minutes into our discussion that Al had already suggested making the pressure vessel with carbon fiber and doctoring the water mix to make it denser. You’d not be surprised that these and other elaborations have been tried out. Or you could go multi-stage, or vector-thrust, or…

In short, water rockets are one of those “simple” projects. You can get one basically working in a weekend day, and then if you’re so inclined, you could spend an entire summer of weekends chasing down the finer points, building larger and larger tubes, and refining payloads. What’s your favorite “simple” project?

Ask Hackaday: What About Imperfect Features?

January 24, 2024 by Arya Voronova 24 Comments

Throughout the last few years’ time, I’ve been seeing sparks of an eternal discussion here and there. It’s a nuanced one, but if I could summarize, it’s about different feature development strategies we can follow to design things, especially if they’re aimed at a larger market. Specifically – when adding a feature, how complete and perfect should it be?

A while back, I read a Mastodon thread about VLC not implementing backwards per-frame skipping. At the surface level, it’s about an indignant user asking – what’s the deal with VLC not having a “go back a frame” button? A ton of video players have this feature implemented. There’s a forum thread linked, and, reading it could leave you with a good few conflicting emotions. Here’s a recap.

In what appears to be one of multiple threads asking about a ‘previous frame’ button in VLC, there’s an 82-post discussion involving multiple different VLC developers. The users’ argument is that it appears to be clearly technically possible to add a ‘previous frame’ button in practice, and the developers’ argument is that it’s technologically complex to implement in some cases – for certain formats, even impossible to implement! Let’s go into the developers’ stated reasoning in more details, then – here’s what you can find in the thread, to the best of my ability.

Continue reading “Ask Hackaday: What About Imperfect Features?” →