Slider

4371 Articles

Solar Chimneys: Viable Energy Solution Or A Lot Of Hot Air?

January 15, 2024 by 89 Comments

We think of the power we generate as coming from all these different kinds of sources. Oil, gas, coal, nuclear, wind… so varied! And yet they all fundamentally come down to moving a gas through a turbine to actually spin up a generator and make some juice. Even some solar plants worked this way, using the sun’s energy to heat water into steam to spin some blades and keep the lights on.

A solar updraft tower works along these basic principles, too, but in a rather unique configuration. It’s not since the dawn of the Industrial Age that humanity went around building lots of big chimneys, and if this technology makes good sense, we could be due again. Let’s find out how it works and if it’s worth all the bluster, or if it’s just a bunch of hot air.

Continue reading “Solar Chimneys: Viable Energy Solution Or A Lot Of Hot Air?”

Hackaday Podcast Episode 251: Pluto, Pinball, Speedy Surgery, And DIY GPS

January 5, 2024 by 7 Comments

Welcome to 2024! This time around, Elliot and Dan ring in a new year of awesome hacks with quite an eclectic mix. We kick things off with a Pluto pity party and find out why the tiny ex-planet deserved what it got. What do you do if you need to rename a bunch of image files? You rope a local large-language model in for the job, of course. We’ll take a look at how pinball machines did their thing before computers came along, take a fractal dive into video feedback, and localize fireworks with a fleet of Raspberry Pi listening stations. Ever wonder what makes a GPS receiver tick? The best way to find out might be to build one from scratch. Looking for some adventure? A ride on an electroluminescent surfboard might do, or perhaps a DIY “Vomit Comet” trip would be more your style. And make sure you stick around for our discussion on attempts to optimize surgery efficiency, and our look back at 2023’s top trends in the hardware world.

 

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 251: Pluto, Pinball, Speedy Surgery, And DIY GPS”

This Week In Security: Bitwarden, Reverse RDP, And Snake

January 5, 2024 by 10 Comments

This week, we finally get the inside scoops on some old stories, starting with the Bitwarden Windows Hello problem from last year. You may remember, Bitwarden has an option to use Windows Hello as a vault unlock option. Unfortunately, the Windows credential API doesn’t actually encrypt credentials in a way that requires an additional Windows Hello verification to unlock. So a derived key gets stored to the credential manager, and can be retrieved through a simple API call. No additional biometrics needed. Even with the Bitwarden vault locked and application closed.

There’s another danger, that doesn’t even require access to the the logged-in machine. On a machine that is joined to a domain, Windows backs up those encryption keys to the Domain Controller. The encrypted vault itself is available on a domain machine over SMB by default. A compromised domain controller could snag a bitwarden vault without ever even running code on the target machine. The good news is that this particular problem with Bitwarden and Windows Hello is now fixed, and has been since version 2023.10.1.

Reverse RDP Exploitation

We normally think about the Remote Desktop Protocol as dangerous to expose to the internet. And it is. Don’t put your RDP service online. But reverse RDP is the idea that it might also be dangerous to connect an RDP client to a malicious server. And of course, multiple RDP implementations have this problem. There’s rdesktop, FreeRDP, and Microsoft’s own mstsc that all have vulnerabilities relating to reverse RDP.

The technical details here aren’t terribly interesting. It’s all variations on the theme of not properly checking remote data from the server, and hence either reading or writing past internal buffers. This results in various forms of information leaks and code executions problems. What’s interesting is the different responses to the findings, and then [Eyal Itkin]’s takeaway about how security researchers should approach vulnerability disclosure.

So first up, Microsoft dismissed a vulnerability as unworthy of servicing. And then proceeded to research it internally, and present it as a novel attack without properly attributing [Eyal] for the original find. rdesktop contained quite a few of these issues, but were able to fix the problem in a handful of months. FreeRDP fixed some issues right away, in what could be described as a whack-a-mole style process, but a patch was cooked up that would actually address the problem at a deeper level: changing an API value from the unsigned size_t to a signed ssize_t. That change took a whopping 2 years to actually make it out to the world in a release. Why so long? Continue reading “This Week In Security: Bitwarden, Reverse RDP, And Snake”

The World Of Web Browsers Is In A Bad Way

January 4, 2024 by 115 Comments

There once was a man who invented a means for publishing scientific documents using hypertext. He made his first documents available from his NeXT cube, and a lot of the academics who saw them thought it was a great idea. They took the idea, expanded it, and added graphics, and pretty soon people who weren’t scientists wanted to use it too. It became the Next Big Thing, and technology companies new and old wanted a piece of the pie.

You all know the next chapter of this story. It’s the mid 1990s, and Microsoft, having been caught on the back foot after pursuing The Microsoft Network as a Compuserve and AOL competitor, did an about-turn and set out to conquer the Web. Their tool of choice was Microsoft Internet Explorer 3, which since it shipped with Windows 95 and every computer that mattered back then came with Windows 95, promptly entered a huge battle with Netscape’s Navigator browser. Web standards were in their infancy so the two browsers battled each other by manipulating the underlying technologies on which the Web relied. Microsoft used their “Embrace and extend” strategy to try to Redmondify everything, and Netscape got lost in the wilderness with Netscape 4, a browser on which nightmarish quirks were the norm. By the millennium it was Internet Explorer that had won the battle, and though some of the more proprietary Microsoft web technologies had fallen by the wayside, we entered the new decade in a relative monoculture. Continue reading “The World Of Web Browsers Is In A Bad Way”

FLOSS Weekly Episode 764: You Have To Be Pretty Cynical

January 3, 2024 by 8 Comments

This week Jonathan Bennett and Katherine Druckman talk with benny Vasquez, chair of AlmaLinux, all about the weird road we’ve been on with Enterprise Linux distributions, and how that’s landed us here, where we have AlmaLinux, Rocky Linux, and multiple other Red Hat downstream distros. What’s the difference between those projects, and why does it matter?

Projects need more than just developers. How do you keep members doing documentation, bug hunting, outreach, and even graphic design plugged in and feeling like part of the team? How do you walk the narrow line between the different directions a project can drift, setting up your community for long term success? And where’s the most surprising place benny has found AlmaLinux running? And why is benny’s first name never capitalized? Give this week’s show a listen to find out!

Continue reading “FLOSS Weekly Episode 764: You Have To Be Pretty Cynical”

A Few Reasonable Rules For The Responsible Use Of New Technology

January 3, 2024 by 96 Comments

If there’s one thing which probably unites all of Hackaday’s community, it’s a love of technology. We live to hear about the very latest developments before anyone else, and the chances are for a lot of them we’ll all have a pretty good idea how they work. But if there’s something which probably annoys a lot of us the most, it’s when we see a piece of new technology misused. A lot of us are open-source enthusiasts not because we’re averse to commercial profit, but because we’ve seen the effects of monopolistic practices distorting the market with their new technologies and making matters worse, not better. After all, if a new technology isn’t capable of making the world a better place in some way, what use is it?

It’s depressing then to watch the same cycle repeat itself over and over, to see new technologies used in the service of restrictive practices for short-term gain rather than to make better products. We probably all have examples of new high-tech products that are simply bad, that are new technology simply for the sake of marketing, and which ultimately deliver something worse than what came before, but with more bling. Perhaps the worst part is the powerlessness,  watching gullible members of the public lapping up something shiny and new that you know to be flawed, and not being able to do anything about it.

Here at Hackaday though, perhaps there is something I can do about it. I don’t sit in any boardroom that matters but I do have here a soapbox on which to stand, and from it I can talk to you, people whose work takes you into many fascinating corners of the tech industry and elsewhere. If I think that new technologies are being used irresponsibly to create bad products, at least I can codify how that might be changed. So here are my four Rules For The Responsible Use Of New Technology, each with some examples. They should each be self-evident, and I hope you’ll agree with me. Continue reading “A Few Reasonable Rules For The Responsible Use Of New Technology”

It’s Pronounced GIF

January 2, 2024 by 197 Comments

As the holiday season is upon us and a Hackaday scribe sits protected from the incoming Atlantic storms in her snug eyrie, it’s time for her to consider the basics of her craft. Writing, spelling, and the English language; such matters as why Americans have different English spellings from Brits, but perhaps most important of them all for Hackaday readers; is it “gif”, or is is “jif”? This or the jokey sentence about spellings might be considered obvious clickbait, but instead they’re a handle to descend into the study of language. Just how do we decide the conventions of our language, and should we even care too much about them?

Don’t Believe Everything You Read in School

A picture of an American classroom in 1004
Not everything you learn here is worth holding on to. Harrison Keely, CC BY 4.0.

We are sent to school to Learn Stuff. During that time we are deprived of our liberty as a succession of adults attempt year after year to cram our heads with facts. Some of it we find interesting and other parts not so much, but for the majority of it, we are discouraged from thinking for ourselves and are instead expected to learn by rote a set of fixed curricula.

Thus while writers have to discover for themselves that English is a constantly evolving language through which they can break free of these artificial bounds that school has imposed upon them, far too many people remain afraid to put their head above the linguistic parapet.

The result is that perceived deviations from the rules are jumped upon by those afraid to move with the language, and we even find our own linguistic Holy Wars to fight. The one mentioned above about “gif” versus “jif” is a great example, does it really matter that much whether you pronounce it with a hard “G” because that’s how most people say it, or as though it were a “J” because the creator of the file format said it that way? Not really, because English is an evolving language in the hands of those who speak it, not those of the people who write school books. Continue reading “It’s Pronounced GIF”