Slider

4358 Articles

Neutrino Hunters Hack Chat

January 15, 2024 by 1 Comment

Join us on Wednesday, January 17 at noon Pacific for the Neutrino Hunters Hack Chat with Patrick Allison!

It’s a paradox of science that the biggest of equipment is needed to study the smallest of phenomena. The bestiary of subatomic particles often requires the power and dimension of massive accelerators to produce, and caverns crammed with racks full of instruments to monitor their brief but energetic lives. Neutrinos, though, are different. These tiny, nearly massless, neutral particles are abundant in the extreme, zipping through space from sources both natural and artificial and passing through normal matter like it isn’t even there.

That poses a problem: how do you study something that doesn’t interact with the stuff you can make detectors out of? There are tricks that neutrino hunters use, and most of them use very, VERY big instruments to do it. Think enormous tanks of ultrapure water or a cubic kilometer of Antarctic ice, filled with photomultiplier tubes to watch for the slightest glimmer of Cherenkov radiation as a neutrino passes by.

join-hack-chatNeutrino hunting is some of the biggest of Big Science, and getting all the parts to work together takes some special engineering. Patrick Allison has been in the neutrino business for decades, both as a physicist and as the designated guru who keeps all the electronics humming. He’ll join us on the Hack Chat to talk about the neutrino hunting trade, and what it takes to keep the data flowing.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, January 17 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Featured image: Daderot, CC0, via Wikimedia Commons

Solar Chimneys: Viable Energy Solution Or A Lot Of Hot Air?

January 15, 2024 by 89 Comments

We think of the power we generate as coming from all these different kinds of sources. Oil, gas, coal, nuclear, wind… so varied! And yet they all fundamentally come down to moving a gas through a turbine to actually spin up a generator and make some juice. Even some solar plants worked this way, using the sun’s energy to heat water into steam to spin some blades and keep the lights on.

A solar updraft tower works along these basic principles, too, but in a rather unique configuration. It’s not since the dawn of the Industrial Age that humanity went around building lots of big chimneys, and if this technology makes good sense, we could be due again. Let’s find out how it works and if it’s worth all the bluster, or if it’s just a bunch of hot air.

Continue reading “Solar Chimneys: Viable Energy Solution Or A Lot Of Hot Air?”

Hackaday Podcast Episode 251: Pluto, Pinball, Speedy Surgery, And DIY GPS

January 5, 2024 by 7 Comments

Welcome to 2024! This time around, Elliot and Dan ring in a new year of awesome hacks with quite an eclectic mix. We kick things off with a Pluto pity party and find out why the tiny ex-planet deserved what it got. What do you do if you need to rename a bunch of image files? You rope a local large-language model in for the job, of course. We’ll take a look at how pinball machines did their thing before computers came along, take a fractal dive into video feedback, and localize fireworks with a fleet of Raspberry Pi listening stations. Ever wonder what makes a GPS receiver tick? The best way to find out might be to build one from scratch. Looking for some adventure? A ride on an electroluminescent surfboard might do, or perhaps a DIY “Vomit Comet” trip would be more your style. And make sure you stick around for our discussion on attempts to optimize surgery efficiency, and our look back at 2023’s top trends in the hardware world.

 

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 251: Pluto, Pinball, Speedy Surgery, And DIY GPS”

This Week In Security: Bitwarden, Reverse RDP, And Snake

January 5, 2024 by 10 Comments

This week, we finally get the inside scoops on some old stories, starting with the Bitwarden Windows Hello problem from last year. You may remember, Bitwarden has an option to use Windows Hello as a vault unlock option. Unfortunately, the Windows credential API doesn’t actually encrypt credentials in a way that requires an additional Windows Hello verification to unlock. So a derived key gets stored to the credential manager, and can be retrieved through a simple API call. No additional biometrics needed. Even with the Bitwarden vault locked and application closed.

There’s another danger, that doesn’t even require access to the the logged-in machine. On a machine that is joined to a domain, Windows backs up those encryption keys to the Domain Controller. The encrypted vault itself is available on a domain machine over SMB by default. A compromised domain controller could snag a bitwarden vault without ever even running code on the target machine. The good news is that this particular problem with Bitwarden and Windows Hello is now fixed, and has been since version 2023.10.1.

Reverse RDP Exploitation

We normally think about the Remote Desktop Protocol as dangerous to expose to the internet. And it is. Don’t put your RDP service online. But reverse RDP is the idea that it might also be dangerous to connect an RDP client to a malicious server. And of course, multiple RDP implementations have this problem. There’s rdesktop, FreeRDP, and Microsoft’s own mstsc that all have vulnerabilities relating to reverse RDP.

The technical details here aren’t terribly interesting. It’s all variations on the theme of not properly checking remote data from the server, and hence either reading or writing past internal buffers. This results in various forms of information leaks and code executions problems. What’s interesting is the different responses to the findings, and then [Eyal Itkin]’s takeaway about how security researchers should approach vulnerability disclosure.

So first up, Microsoft dismissed a vulnerability as unworthy of servicing. And then proceeded to research it internally, and present it as a novel attack without properly attributing [Eyal] for the original find. rdesktop contained quite a few of these issues, but were able to fix the problem in a handful of months. FreeRDP fixed some issues right away, in what could be described as a whack-a-mole style process, but a patch was cooked up that would actually address the problem at a deeper level: changing an API value from the unsigned size_t to a signed ssize_t. That change took a whopping 2 years to actually make it out to the world in a release. Why so long? Continue reading “This Week In Security: Bitwarden, Reverse RDP, And Snake”

The World Of Web Browsers Is In A Bad Way

January 4, 2024 by 115 Comments

There once was a man who invented a means for publishing scientific documents using hypertext. He made his first documents available from his NeXT cube, and a lot of the academics who saw them thought it was a great idea. They took the idea, expanded it, and added graphics, and pretty soon people who weren’t scientists wanted to use it too. It became the Next Big Thing, and technology companies new and old wanted a piece of the pie.

You all know the next chapter of this story. It’s the mid 1990s, and Microsoft, having been caught on the back foot after pursuing The Microsoft Network as a Compuserve and AOL competitor, did an about-turn and set out to conquer the Web. Their tool of choice was Microsoft Internet Explorer 3, which since it shipped with Windows 95 and every computer that mattered back then came with Windows 95, promptly entered a huge battle with Netscape’s Navigator browser. Web standards were in their infancy so the two browsers battled each other by manipulating the underlying technologies on which the Web relied. Microsoft used their “Embrace and extend” strategy to try to Redmondify everything, and Netscape got lost in the wilderness with Netscape 4, a browser on which nightmarish quirks were the norm. By the millennium it was Internet Explorer that had won the battle, and though some of the more proprietary Microsoft web technologies had fallen by the wayside, we entered the new decade in a relative monoculture. Continue reading “The World Of Web Browsers Is In A Bad Way”

FLOSS Weekly Episode 764: You Have To Be Pretty Cynical

January 3, 2024 by 8 Comments

This week Jonathan Bennett and Katherine Druckman talk with benny Vasquez, chair of AlmaLinux, all about the weird road we’ve been on with Enterprise Linux distributions, and how that’s landed us here, where we have AlmaLinux, Rocky Linux, and multiple other Red Hat downstream distros. What’s the difference between those projects, and why does it matter?

Projects need more than just developers. How do you keep members doing documentation, bug hunting, outreach, and even graphic design plugged in and feeling like part of the team? How do you walk the narrow line between the different directions a project can drift, setting up your community for long term success? And where’s the most surprising place benny has found AlmaLinux running? And why is benny’s first name never capitalized? Give this week’s show a listen to find out!

Continue reading “FLOSS Weekly Episode 764: You Have To Be Pretty Cynical”

A Few Reasonable Rules For The Responsible Use Of New Technology

January 3, 2024 by 96 Comments

If there’s one thing which probably unites all of Hackaday’s community, it’s a love of technology. We live to hear about the very latest developments before anyone else, and the chances are for a lot of them we’ll all have a pretty good idea how they work. But if there’s something which probably annoys a lot of us the most, it’s when we see a piece of new technology misused. A lot of us are open-source enthusiasts not because we’re averse to commercial profit, but because we’ve seen the effects of monopolistic practices distorting the market with their new technologies and making matters worse, not better. After all, if a new technology isn’t capable of making the world a better place in some way, what use is it?

It’s depressing then to watch the same cycle repeat itself over and over, to see new technologies used in the service of restrictive practices for short-term gain rather than to make better products. We probably all have examples of new high-tech products that are simply bad, that are new technology simply for the sake of marketing, and which ultimately deliver something worse than what came before, but with more bling. Perhaps the worst part is the powerlessness,  watching gullible members of the public lapping up something shiny and new that you know to be flawed, and not being able to do anything about it.

Here at Hackaday though, perhaps there is something I can do about it. I don’t sit in any boardroom that matters but I do have here a soapbox on which to stand, and from it I can talk to you, people whose work takes you into many fascinating corners of the tech industry and elsewhere. If I think that new technologies are being used irresponsibly to create bad products, at least I can codify how that might be changed. So here are my four Rules For The Responsible Use Of New Technology, each with some examples. They should each be self-evident, and I hope you’ll agree with me. Continue reading “A Few Reasonable Rules For The Responsible Use Of New Technology”