Slider

4576 Articles

Hackaday Links Column Banner

Hackaday Links: March 16, 2025

March 16, 2025 by No comments

“The brickings will continue until the printer sales improve!” This whole printer-bricking thing seems to be getting out of hand with the news this week that a firmware update caused certain HP printers to go into permanent paper-saver mode. The update was sent to LaserJet MFP M232-M237 models (opens printer menu; checks print queue name; “Phew!) on March 4, and was listed as covering a few “general improvements and bug fixes,” none of which seem very critical. Still, some users reported not being able to print at all after the update, with an error message suggesting printing was being blocked thanks to non-OEM toner. This sounds somewhat similar to the bricked Brother printers we reported on last week (third paragraph).

Continue reading “Hackaday Links: March 16, 2025”

Hackaday Podcast Episode 312: Heart Attacks, The Speed Of Light, And Self-balancing

March 14, 2025 by 2 Comments

Elliot does the podcast on the road to Supercon Europe, and Al is in the mood for math and nostalgia this week. Listen in and find out what they were reading on Hackaday this week.

The guys talked about the ESP-32 non-backdoor and battery fires. Then it was on to the hacks.

Self-balancing robots and satellite imaging were the appetizers, but soon they moved on to Kinect cameras in the modern day. Think you can’t travel at the speed of light? Turns out that maybe you already are.

Did you know there was a chatbot in 1957? Well, sort of. For the can’t miss stories: watches monitor your heart and what does the number e really mean?

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3 and stream it on the big speakers.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 312: Heart Attacks, The Speed Of Light, And Self-balancing”

You Know Pi, But Do You Really Know E?

March 14, 2025 by 22 Comments

Pi Day is here! We bet that you know that famous constant to a few decimal points, and you could probably explain what it really means: the ratio of a circle’s circumference to its diameter. But what about the constant e? Sure, you might know it is a transcendental number around 2.72 or so. You probably know it is the base used for natural logarithms. But what does it mean?

The poor number probably needed a better agent. After all, pi is a fun name, easy to remember, with a distinctive Greek letter and lots of pun potential. On the other hand, e is just a letter. Sometimes it is known as Euler’s number, but Leonhard Euler was so prolific that there is also Euler’s constant and a set of Euler numbers, none of which are the same thing. Sometimes, you hear it called Napier’s constant, and it is known that Jacob Bernoulli discovered the number, too. So, even the history of this number is confusing.

But back to math, the number e is the base rate of growth for any continually growing process. That didn’t help? Well, consider that many things grow or decay through growth. For example, a bacteria culture might double every 72 hours. Or a radioactive sample might decay a certain amount per century. Continue reading “You Know Pi, But Do You Really Know E?”

This Week In Security: The X DDoS, The ESP32 Basementdoor, And The CamelCase RCE

March 14, 2025 by 9 Comments

We would be remiss if we didn’t address the X Distributed Denial of Service (DDoS) attack that’s been happening this week. It seems like everyone is is trying to make political hay out of the DDoS, but we’re going to set that aside as much as possible and talk about the technical details. Elon made an early statement that X was down due to a cyberattack, with the source IPs tracing back to “the Ukraine area”.

The latest reporting seems to conclude that this was indeed a DDoS, and a threat group named “Dark Storm” has taken credit for the attack. Dark Storm does not seem to be of Ukrainian origin or affiliation.

We’re going to try to read the tea leaves just a bit, but remember that about the only thing we know for sure is that X was unreachable for many users several times this week. This is completely consistent with the suspected DDoS attack. The quirk of modern DDoS attacks is that the IP addresses on the packets are never trustworthy.

There are two broad tactics used for large-scale DDoS attacks, sometimes used simultaneously. The first is the simple botnet. Computers, routers, servers, and cameras around the world have been infected with malware, and then remote controlled to create massive botnets. Those botnets usually come equipped with a DDoS function, allowing the botnet runner to task all the bots with sending traffic to the DDoS victim IPs. That traffic may be UDP packets with spoofed or legitimate source IPs, or it may be TCP Synchronization requests, with spoofed source IPs.

The other common approach is the reflection or amplification attack. This is where a public server can be manipulated into sending unsolicited traffic to a victim IP. It’s usually DNS, where a short message request can return a much larger response. And because DNS uses UDP, it’s trivial to convince the DNS server to send that larger response to a victim’s address, amplifying the attack.

Put these two techniques together, and you have a botnet sending spoofed requests to servers, that unintentionally send the DDoS traffic on to the target. And suddenly it’s understandable why it’s so difficult to nail down attribution for this sort of attack. It may very well be that a botnet with a heavy Ukrainian presence was involved in the attack, which at the same time doesn’t preclude Dark Storm as the originator. The tea leaves are still murky on this one.

Continue reading “This Week In Security: The X DDoS, The ESP32 Basementdoor, And The CamelCase RCE”

Linux Fu: Use The Source (Command), Luke

March 13, 2025 by 11 Comments

You can argue if bash is a good programming language or not, but you can’t argue that it is a programming language. However, there are a few oddities about it that make it different from most other languages you probably know. For one thing, variables are dynamically scoped. Second, you can easily change variables in an upper scope. This leads to a problem when you want to do something like reset your path:

#!/bin/bash
#: This does NOT work
PATH=/usr/bin:/bin

Well, actually, it does work; it just doesn’t work the way you imagine it might. The key is to realize that when you execute our script (say, resetpath), a new copy of bash runs. It inherits all the variables from your shell. Now the script sets PATH for the new copy of bash. Anything else you run in that script will see your change. But when the script exits, the new copy of bash is gone and the old copy sees the same old PATH it always did.

Continue reading “Linux Fu: Use The Source (Command), Luke”

Pixel Watch 3’s Loss Of Pulse Detection: The Algorithms That Tell Someone Is Dying

March 12, 2025 by 59 Comments

More and more of the ‘smart’ gadgets like watches and phones that we carry around with us these days come with features that we’d not care to ever need. Since these are devices that we strap onto our wrists and generally carry in close proximity to our bodies, they can use their sensors to make an estimation of whether said body is possibly in the process of expiring. This can be due to a severe kinetic event like a car crash, or something more subtle like the cessation of the beating of one’s heart.

There is a fairly new Loss of Pulse Detection (LoPD) feature in Google’s Pixel Watch 3 that recently got US FDA approval, allowing it to be made available in the US after previously becoming available in over a dozen European countries following its announcement in August of 2024. This opt-in feature regularly polls whether it can detect the user’s pulse. If not found, it cascades down a few steps before calling emergency services.

The pertinent question here is always whether it is truly detecting a crisis event, as nobody wants to regularly apologize for a false alert to the overworked person staffing the 911 or equivalent emergency line. So how do you reliably determine that your smart watch or phone should dial emergencies forthwith?

Continue reading “Pixel Watch 3’s Loss Of Pulse Detection: The Algorithms That Tell Someone Is Dying”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Batwing Typewriter

March 11, 2025 by 7 Comments

[Alex] of YouTube channel [EastMakes] wrote into tell me about his fantastic QWERTY ‘hexpansion’ board for the 2024 EMF Tildagon badge, and [Alex], I’m super glad you did. The system works!

Let’s back up a bit. Essentially, the idea is to have a badge that can be used beyond a single camp, with the creation of expansion boards being the other main attraction. Our own [Jenny List] covered the badge in detail back in June 2024 when she got her hands on one.

A pair of hands holds the 2024 EMF Tildagon badge with a QWERTY keyboard Hexpansion built by [EastMakes].
Image by [EastMakes] via YouTube
[Alex] started by importing the Tildagon into Fusion360 and designing a way for the keyboard to attach to it physically. He then modeled the keyboard after the Blackberry types that can be found on Ali using the official EMF buttons established in earlier badges.

This QWERTY hexpansion is based on the RP2040, which is soldered around back and visible through the 3D-printed backplate. In order for the 90°-oriented board to align with the… not-90° connector, [Alex] built a little meander into the PCB.

The default OS on the Tildagon doesn’t know natively what to do with the serial messages from the keyboard, so [Alex] wrote an application that reads them in and decodes them. Be sure to check out the build and walk-through video after the break.

Continue reading “Keebin’ With Kristina: The One With The Batwing Typewriter”