This Week In Security: Browser Exploits, Play Protect, And Turn ON Your Firewall!

October 20, 2023 by Jonathan Bennett 5 Comments

Google Chrome has done a lot of work on JavaScript performance, pushing the V8 engine to more and more impressive feats. Recently, that optimization has one more piece, the Maglev compiler, which sits between Sparkplug and TurboFan, as a mid-tier optimization step. With a Just In Time (JIT) system, the time saving of code optimization steps has to be carefully weighed against the time costs, and Maglev is another tool in that endless hunt for speed. And with anything this complicated, there’s the occasional flaw found in the system. And of course, because we’re talking about it here, it’s a security vulnerability that results in Remote Code Execution (RCE).

The trick is to use Maglev’s optimization against it. Set up a pair of classes, such that B extends A. Calling new B() results in an attempt to use the constructor from A. Which works, because the compiler checks to make sure that the constructors match before doing so. There’s another way to call a constructor in JS, something like Reflect.construct(B, [], Array);. This calls the B constructor, but indicates that the constructor should return an Array object. You may notice, there’s no array in the A class below. Tricking the compiler into using the parent class constructor in this fashion results in the array being uninitialized, and whatever happens to be in memory will set the length of the array. Continue reading “This Week In Security: Browser Exploits, Play Protect, And Turn ON Your Firewall!” →

You’ve Got Mail: Grilled, Scrambled, And Other Delicious Stamps

October 19, 2023 by Kristina Panos 8 Comments

Well, we’re just zipping right through this series, no? So far we’ve looked at various postal machines and how they work to flip mail around, cancel the postage, and sort it, all in a matter of seconds. We explored the first automated post office and found out why it was a failure, and we learned why it all depends on ZIP code. Now, it’s finally time for some really fun stuff: the stamp trivia.

Now I’m no philatelist by any standard, though I do have a few hundred stamps strewn about the house. The danger in philately is that you learn all sorts of cool things about stamps and their history, and you just want to buy more and more of them. So let’s go!

Continue reading “You’ve Got Mail: Grilled, Scrambled, And Other Delicious Stamps” →

2023 Hackaday Supercon Badge: Welcome To The Vectorscope

October 18, 2023 by Elliot Williams 48 Comments

This year, the Supercon badge goes analog! (Or at least fakes it pretty convincingly.) Taking inspiration from the phosphor scopes of yesteryear, the 2023 Vectorscope badge is part analog audio playground, part art project, and all about prototyping. Who doesn’t like the warm glow and lovely green fade of an old Tektronix tube scope? That’s what we’re after.

Conceptually, the badge is two separate devices in one. Most obvious is the vectorscope, which takes in voltages in the 0 V – 3 V range and plots them out in X-Y mode in glorious fake-phosphor effect on the lovely round IPS screen. We’ve also tied an audio amplifier to the Y input that plays whatever waveform you’re watching.

But you don’t have to bring your own waveforms with you – the other half of the badge is an arbitrary programmable waveform generator that drives two channels. Off the bat, it’s configurable with the front panel controls, so you’re obviously invited to make Lissajous figures and store them in the program memories.

Combining the two halves lets you draw in voltages and time, but not until you connect them together, naturally. You see, this isn’t an analog simulation – it’s the programmable equivalent of the real deal, courtesy of the AK4619 ADC/DAC. Voltages go out on one set of pins and come back in on the other.

And you get to play around with these voltages in through-hole space too, because we’ve included a very generous prototyping board for your analog explorations. Does this instantly suggest a curve tracer to you? Be our guest! Other forms of analog video-mangling? We want to see what you come up with. Make an audio filter and watch it work on the screen in front of your very eyes.

Of course we’re not leaving you code monkeys out in the cold. MicroPython puts the “programming” in the programmable waveform generator. If you’re not content with the four stock waveforms, you’re invited to write your own. And this is where it gets artsy.

You can upload your own repetitive waveforms to the onboard direct digital synth routine, but why stop there? We’ve left most of the processing power of the underlying RP2040 untouched, for you to use. And four buttons on the front panel let you store and play back your code, so you have space to stash your demos, and a sweet joystick with a custom keycap gives you control.

Continue reading “2023 Hackaday Supercon Badge: Welcome To The Vectorscope” →

Linux Fu: Deep Git Rebasing

October 17, 2023 by Al Williams 22 Comments

If you spend much time helping people with word processor programs, you’ll find that many people don’t really use much of the product. They type, change fonts, save, and print. But cross-references? Indexing? Largely, those parts of the program go unused. I’ve noticed the same thing with Git. We all use it constantly. But do we? You clone a repo. Work on it. Maybe switch branches and create a pull request. That’s about 80% of what you want to do under normal circumstances. But what if you want to do something out of the ordinary? Git is very flexible, but you do have to know the magic incantations.

For example, suppose you mess up a commit message — we never do that, of course, but just pretend. Or you accidentally added a file you didn’t want in the commit. Git has some very useful ways to deal with situations like this, especially the interactive rebase.

Continue reading “Linux Fu: Deep Git Rebasing” →

The Pros And Cons Of Hydrofoils

October 17, 2023 by Lewin Day 24 Comments

Hydrofoils have fascinated naval architects and marine designers for years. Fitted with underwater wings, these designs traverse the waters at great speed with a minimum of drag. As with many innovative technologies, though, the use of hydrofoils is riddled with challenges that often offset the vast benefits they offer.

While hydrofoils promise a better marine transportation experience, their adoption hasn’t been smooth sailing. In this article, we’ll dive deep into the potential and pitfalls of hydrofoil designs, and look at the unique niches this technology serves today.

Continue reading “The Pros And Cons Of Hydrofoils” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Tile-Based Macropad

October 16, 2023 by Kristina Panos 8 Comments

Prolific Hackaday.io member [Michael Gardi] has hit upon the biggest problem with making reprogrammable macro pads — the legend situation. What do you do when the whole point is that the keys can so easily be changed?

There are a couple of options: blank keycaps and memorization, re-legendable keycaps, and little screens instead of keycaps. Surely there has to be another way, and [Michael] has discovered one: a tile-based system of descriptors.

As you can see, the labels are removable 3D-printed tiles that swap out with ease thanks to tiny magnets. But these aren’t just tidy labels. Inserting a new label automatically changes the macro! Each tile holds a “simple numeric value” which maps it to a macro when inserted and detected by a Hall effect sensor. I can’t wait to hear these tiles click in action during a demo video, which I can only hope is forthcoming.

Continue reading “Keebin’ With Kristina: The One With The Tile-Based Macropad” →

Satellite Hunting Hack Chat

October 16, 2023 by Dan Maloney 3 Comments

Rescheduled — note new date!

Join us on Wednesday, October 18 at noon Pacific for the Satellite Hunting Hack Chat with Scott Tilley!

From the very first beeps of Sputnik, space has primarily been the domain of nations. It makes sense — for the most part, it takes the resources of a nation to get anything of appreciable size up out of the gravity well we all live in, but more importantly, space is the highest of high ground, and the high ground has always been a place of advantage to occupy. And so a lot of the hardware we’ve sent upstairs in the last 70 years has been in the national interest of this or that country.

A lot of these satellites are — or were, at least — top secret stuff, with classified payloads, poorly characterized orbits, and unknown communications protocols. This can make tracking them from the ground a challenge, but one that’s worth undertaking. Scott Tilley has been hunting for satellites for years, writing about his exploits on the Riddles in the Sky blog and sometimes being featured on Hackaday. After recently putting his skills to work listening in on a solar observation satellite as its orbit takes it close to Earth again, we asked him to stop by the Hack Chat to share what he’s learned about hunting for satellites, both long-lost and intentionally hidden. Join us as we take a virtual trip into orbit to find out just what’s going on up there.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, October 18 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.