Linux Fu: Where’s That Darn File?

January 17, 2024 by Al Williams 20 Comments

Disk storage has exploded in the last 40 years. These days, even a terabyte drive is considered small. There is one downside, though. The more stuff you have, the harder it is to find it. Linux provides numerous tools to find files when you can’t remember their name. Each has plusses and minuses, and choosing between them is often difficult.

Definitions

Different tools work differently to find files. There are several ways you might look for a file:

Find a file if you know its name but not its location.
Find a file when you know some part of its name.
Find a file that contains something.
Find a file with certain attributes (e.g., larger than 100 kB)

You might combine these, too. For example, it is reasonable to query all PDF files created in the last week that are larger than 100 kB.

There are plenty of different types of attributes. Some file systems support tags, too. So, you might have a PERSONAL tag to mark files that apply to you personally. Unfortunately, tool support for tags is somewhat lacking, as you’ll see later.

Another key point is how up-to-date your search results are. If you sift through terabytes of files for each search, that will be slow. If you keep an index, that’s fast, but the index will quickly be out of date. Do you periodically refresh the index? Do you watch the entire file system for changes and then update the index? Different tools do it differently. Continue reading “Linux Fu: Where’s That Darn File?” →

Ask Hackaday: Why Are Self-Checkouts Failing?

January 16, 2024 by Al Williams 260 Comments

Most people who read Hackaday have positive feelings about automation. (Notice we said most.) How many times have you been behind someone in a grocery store line waiting for them to find a coupon, or a cashier who can’t make change without reading the screen and thought: “There has to be a better way.” The last few years have seen that better way, but now, companies are deciding the grass isn’t greener after all. The BBC reports that self-checkouts have been a “spectacular failure.” That led us to wonder why that should be true.

As a concept, everyone loves it. Stores can hire fewer cashiers. Customers, generally, like having every line open and having a speedy exit from the store. The problem is, it hasn’t really panned out that way. Self-checkout stations frequently need maintenance, often because it can’t figure out that you put something in the bag. Even when they work flawlessly, a customer might have an issue or not understand what to do. Maybe you’ve scanned something twice and need one of them backed off. Then, there are the age-restricted products that require verification. So now you have to hire a crew of not-cashiers to work at the automated not-register. Sure, you can have one person cover many registers, but when one machine is out of change, another won’t print a receipt, and two people are waiting for you to verify their beer purchase, you are back to waiting. Next thing you know, there’s a line.

Continue reading “Ask Hackaday: Why Are Self-Checkouts Failing?” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Really Snazzy Folding Keyboard

January 16, 2024 by Kristina Panos 4 Comments

Sometimes you just have to throw your hat in the ring, and throw it hard. Here is [mkdxdx]’s rockin’ EVH 5150-esque take on the keyboard business. The Mriya foldable keyboard aims to be and sport a number of things, and it does all of them in great style. I could totally see my fingers flying over this thing somewhere in the wild, with robots fighting in the distance.

I have to say I really like the fact that [mkdxdx] uses thumb keys here for what I can only assume are Enter, Space, and Backspace. It’s a nice compromise between compactness and ergonomics. I also really like the totally impractical but quite cool-looking connector that runs between the top and bottom.

If the color scheme looks familiar, you’re probably remembering [mkdxdx]’s first-place-winning entry into the 2023 Cyberdeck Contest. This RP2040-based keyboard might just end up as part of a larger project, but it’s already an outstanding peripheral. We can’t wait to see the next phase, should there be one for this keyboard.

Continue reading “Keebin’ With Kristina: The One With The Really Snazzy Folding Keyboard” →

Neutrino Hunters Hack Chat

January 15, 2024 by Dan Maloney 1 Comment

Join us on Wednesday, January 17 at noon Pacific for the Neutrino Hunters Hack Chat with Patrick Allison!

It’s a paradox of science that the biggest of equipment is needed to study the smallest of phenomena. The bestiary of subatomic particles often requires the power and dimension of massive accelerators to produce, and caverns crammed with racks full of instruments to monitor their brief but energetic lives. Neutrinos, though, are different. These tiny, nearly massless, neutral particles are abundant in the extreme, zipping through space from sources both natural and artificial and passing through normal matter like it isn’t even there.

That poses a problem: how do you study something that doesn’t interact with the stuff you can make detectors out of? There are tricks that neutrino hunters use, and most of them use very, VERY big instruments to do it. Think enormous tanks of ultrapure water or a cubic kilometer of Antarctic ice, filled with photomultiplier tubes to watch for the slightest glimmer of Cherenkov radiation as a neutrino passes by.

Neutrino hunting is some of the biggest of Big Science, and getting all the parts to work together takes some special engineering. Patrick Allison has been in the neutrino business for decades, both as a physicist and as the designated guru who keeps all the electronics humming. He’ll join us on the Hack Chat to talk about the neutrino hunting trade, and what it takes to keep the data flowing.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, January 17 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Featured image: Daderot, CC0, via Wikimedia Commons

Solar Chimneys: Viable Energy Solution Or A Lot Of Hot Air?

January 15, 2024 by Lewin Day 90 Comments

We think of the power we generate as coming from all these different kinds of sources. Oil, gas, coal, nuclear, wind… so varied! And yet they all fundamentally come down to moving a gas through a turbine to actually spin up a generator and make some juice. Even some solar plants worked this way, using the sun’s energy to heat water into steam to spin some blades and keep the lights on.

A solar updraft tower works along these basic principles, too, but in a rather unique configuration. It’s not since the dawn of the Industrial Age that humanity went around building lots of big chimneys, and if this technology makes good sense, we could be due again. Let’s find out how it works and if it’s worth all the bluster, or if it’s just a bunch of hot air.

Continue reading “Solar Chimneys: Viable Energy Solution Or A Lot Of Hot Air?” →

Hackaday Podcast Episode 251: Pluto, Pinball, Speedy Surgery, And DIY GPS

January 5, 2024 by Dan Maloney 7 Comments

Welcome to 2024! This time around, Elliot and Dan ring in a new year of awesome hacks with quite an eclectic mix. We kick things off with a Pluto pity party and find out why the tiny ex-planet deserved what it got. What do you do if you need to rename a bunch of image files? You rope a local large-language model in for the job, of course. We’ll take a look at how pinball machines did their thing before computers came along, take a fractal dive into video feedback, and localize fireworks with a fleet of Raspberry Pi listening stations. Ever wonder what makes a GPS receiver tick? The best way to find out might be to build one from scratch. Looking for some adventure? A ride on an electroluminescent surfboard might do, or perhaps a DIY “Vomit Comet” trip would be more your style. And make sure you stick around for our discussion on attempts to optimize surgery efficiency, and our look back at 2023’s top trends in the hardware world.

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 251: Pluto, Pinball, Speedy Surgery, And DIY GPS” →

This Week In Security: Bitwarden, Reverse RDP, And Snake

January 5, 2024 by Jonathan Bennett 10 Comments

This week, we finally get the inside scoops on some old stories, starting with the Bitwarden Windows Hello problem from last year. You may remember, Bitwarden has an option to use Windows Hello as a vault unlock option. Unfortunately, the Windows credential API doesn’t actually encrypt credentials in a way that requires an additional Windows Hello verification to unlock. So a derived key gets stored to the credential manager, and can be retrieved through a simple API call. No additional biometrics needed. Even with the Bitwarden vault locked and application closed.

There’s another danger, that doesn’t even require access to the the logged-in machine. On a machine that is joined to a domain, Windows backs up those encryption keys to the Domain Controller. The encrypted vault itself is available on a domain machine over SMB by default. A compromised domain controller could snag a bitwarden vault without ever even running code on the target machine. The good news is that this particular problem with Bitwarden and Windows Hello is now fixed, and has been since version 2023.10.1.

Reverse RDP Exploitation

We normally think about the Remote Desktop Protocol as dangerous to expose to the internet. And it is. Don’t put your RDP service online. But reverse RDP is the idea that it might also be dangerous to connect an RDP client to a malicious server. And of course, multiple RDP implementations have this problem. There’s rdesktop, FreeRDP, and Microsoft’s own mstsc that all have vulnerabilities relating to reverse RDP.

The technical details here aren’t terribly interesting. It’s all variations on the theme of not properly checking remote data from the server, and hence either reading or writing past internal buffers. This results in various forms of information leaks and code executions problems. What’s interesting is the different responses to the findings, and then [Eyal Itkin]’s takeaway about how security researchers should approach vulnerability disclosure.

So first up, Microsoft dismissed a vulnerability as unworthy of servicing. And then proceeded to research it internally, and present it as a novel attack without properly attributing [Eyal] for the original find. rdesktop contained quite a few of these issues, but were able to fix the problem in a handful of months. FreeRDP fixed some issues right away, in what could be described as a whack-a-mole style process, but a patch was cooked up that would actually address the problem at a deeper level: changing an API value from the unsigned size_t to a signed ssize_t. That change took a whopping 2 years to actually make it out to the world in a release. Why so long? Continue reading “This Week In Security: Bitwarden, Reverse RDP, And Snake” →