Hackaday Podcast Episode 291: Walking In Space, Lead In The Earth, And Atoms Under The DIY Microscope

October 4, 2024 by Al Williams 2 Comments

What have you missed on Hackaday this week? Elliot Williams and Al Williams compare notes on their favorites from the week, and you are invited. The guys may have said too much about the Supercon badge this year — listen in for a few hints about what it will be about.

For hacks, you’ll hear about scanning tunneling microscopes, power management for small Linux systems, and lots of inertial measurement units. The guys talked about a few impossible hacks for consumer electronics, from hacking a laptop, to custom cell phones.

Of course, there are plenty more long-form articles of the week, including a brief history of what can go wrong on a spacewalk and how to get the lead out (of the ground). Don’t forget to take a stab at the What’s That Sound competition and maybe score a sweet Hackaday Podcast T-shirt.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Use this link to teleport a DRM-free MP3 to your location.

Continue reading “Hackaday Podcast Episode 291: Walking In Space, Lead In The Earth, And Atoms Under The DIY Microscope” →

This Week In Security: Zimbra, DNS Poisoning, And Perfctl

October 4, 2024 by Jonathan Bennett 6 Comments

Up first this week is a warning for the few of us still brave enough to host our own email servers. If you’re running Zimbra, it’s time to update, because CVE-2024-45519 is now being exploited in the wild.

That vulnerability is a pretty nasty one, though thankfully requires a specific change from default settings to be exposed. The problem is in postjournal. This logging option is off by default, but when it’s turned on, it logs incoming emails. One of the fields on an incoming SMTP mail object is the RCPT TO: field, with the recipients made of the to, cc, and bcc fields. When postjournal logs this field, it does so by passing it as a bash argument. That execution wasn’t properly sanitized, and wasn’t using a safe call like execvp(). So, it was possible to inject commands using the $() construction.

The details of the attack are known, and researchers are seeing early exploratory attempts to exploit this vulnerability. At least one of these campaigns is attempting to install webshells, so at least some of those attempts have teeth. The attack seems to be less reliable when coming from outside of the trusted network, which is nice, but not something to rely on.

New Tool Corner

What is that binary doing on your system? Even if you don’t do any security research, that’s a question you may ask yourself from time to time. A potential answer is WhoYouCalling. The wrinkle here is that WYC uses the Windows Event Tracing mechanism to collect the network traffic strictly from the application in question. So it’s a Windows only application for now. What you get is a packet capture from a specific executable and all of its children processes, with automated DNS capture to go along. Continue reading “This Week In Security: Zimbra, DNS Poisoning, And Perfctl” →

Supercon 2023: [Cory Doctorow] With An Audacious Plan To Halt The Internet’s Enshittification And Throw It Into Reverse

October 3, 2024 by Navarre Bartz 69 Comments

Those of us old enough to remember BBS servers or even rainbow banners often go down the nostalgia hole about how the internet was better “back in the day” than it is now as a handful of middlemen with a stranglehold on the way we interact with information, commerce, and even other people. Where’s the disintermediated future we were promised? More importantly, can we make a “new good web” that puts users first? [Cory Doctorow] has a plan to reverse what he’s come to call enshittification, or the lifecycle of the extractionist tech platform, and he shared it with us as the Supercon 2023 keynote.

As [Doctorow] sees it, there’s a particular arc to every evil platform’s lifecycle. First, the platform will treat its users fairly and provide enough value to accumulate as many as possible. Then, once a certain critical mass is reached, the platform pivots to exploiting those users to sell them out to the business customers of the platform. Once there’s enough buy-in by business customers, the platform squeezes both users and businesses to eke out every cent for their investors before collapsing in on itself.

Doctorow tells us, “Enshittification isn’t inevitable.” There have been tech platforms that rose and fell without it, but he describes a set of three criteria that make the process unavoidable.

Lack of competition in the market via mergers and acquisitions
Companies change things on the back end (“twiddle their knobs”) to improve their fortunes and have a united, consolidated front to prevent any lawmaking that might constrain them
Companies then embrace tech law to prevent new entrants into the market or consumer rights (see: DMCA, etc.)

Continue reading “Supercon 2023: [Cory Doctorow] With An Audacious Plan To Halt The Internet’s Enshittification And Throw It Into Reverse” →

Polaris Dawn, And The Prudence Of A Short Spacewalk

October 3, 2024 by Tom Nardi 39 Comments

For months before liftoff, the popular press had been hyping up the fact that the Polaris Dawn mission would include the first-ever private spacewalk. Not only would this be the first time anyone who wasn’t a professional astronaut would be opening the hatch of their spacecraft and venturing outside, but it would also be the first real-world test of SpaceX’s own extravehicular activity (EVA) suits. Whether you considered it a billionaire’s publicity stunt or an important step forward for commercial spaceflight, one thing was undeniable: when that hatch opened, it was going to be a moment for the history books.

But if you happened to have been watching the live stream of the big event earlier this month, you’d be forgiven for finding the whole thing a bit…abrupt. After years of training and hundreds of millions of dollars spent, crew members Jared Isaacman and Sarah Gillis both spent less than eight minutes outside of the Dragon capsule. Even then, you could argue that calling it a spacewalk would be a bit of a stretch.

Neither crew member ever fully exited the spacecraft, they simply stuck their upper bodies out into space while keeping their legs within the hatch at all times. When it was all said and done, the Dragon’s hatch was locked up tight less than half an hour after it was opened.

Likely, many armchair astronauts watching at home found the whole thing rather anticlimactic. But those who know a bit about the history of human spaceflight probably found themselves unable to move off of the edge of their seat until that hatch locked into place and all crew members were back in their seats.

Flying into space is already one of the most mindbogglingly dangerous activities a human could engage in, but opening the hatch and floating out into the infinite black once you’re out there is even riskier still. Thankfully the Polaris Dawn EVA appeared to go off without a hitch, but not everyone has been so lucky on their first trip outside the capsule.

Continue reading “Polaris Dawn, And The Prudence Of A Short Spacewalk” →

FLOSS Weekly Episode 803: Unconferencing With OggCamp

October 2, 2024 by Jonathan Bennett 3 Comments

This week Jonathan Bennett and and Simon Phipps chat with Gary Williams about OggCamp! It’s the Free Software and Free culture unconference happening soon in Manchester! What exactly is an unconference? How long has OggCamp been around, and what should you expect to see there? Listen to find out!

Continue reading “FLOSS Weekly Episode 803: Unconferencing With OggCamp” →

Retrotechtacular: Another Thing Your TV No Longer Needs

October 2, 2024 by Jenny List 23 Comments

As Hackaday writers we don’t always know what our colleagues are working on until publication time, so we all look forward to seeing what other writers come up with. This week it was [Al Williams] with “Things Your TV No Longer Needs“, a range of gadgets from the analogue TV era, now consigned to the history books. On the bench here is a device that might have joined them, so in taking a look at it now it’s by way of an addendum to Al’s piece.

When VHF Was Not Enough

In a Dutch second-had store while on my hacker camp travels this summer, I noticed a small grey box. It was mine for the princely sum of five euros, because while I’d never seen one before I was able to guess exactly what it was. The “Super 2” weighing down my backpack was a UHF converter, a set-top box from before set-top boxes, and dating from the moment around five or six decades ago when that country expanded its TV broadcast network to include the UHF bands. If your TV was VHF it couldn’t receive the new channels, and this box was the answer to connecting your UHF antenna to that old TV.

It’s a relatively small plastic case about the size of a chunky paperback book, on the front of which is a tuning knob and scale in channels and MHz, on the top of which are a couple of buttons for VHF and UHF, and on the back are a set of balanced connectors for antennas and TV set. It’s mains powered, so there’s a mains lead with an older version of the ubiquitous European mains plug. Surprisingly it comes open with a couple of large coin screws on the underside, so it’s time to take a look inside. Continue reading “Retrotechtacular: Another Thing Your TV No Longer Needs” →

Mining And Refining: Lead, Silver, And Zinc

October 2, 2024 by Dan Maloney 16 Comments

If you are in need of a lesson on just how much things have changed in the last 60 years, an anecdote from my childhood might suffice. My grandfather was a junk man, augmenting the income from his regular job by collecting scrap metal and selling it to metal recyclers. He knew the current scrap value of every common metal, and his garage and yard were stuffed with barrels of steel shavings, old brake drums and rotors, and miles of copper wire.

But his most valuable scrap was lead, specifically the weights used to balance car wheels, which he’d buy as waste from tire shops. The weights had spring steel clips that had to be removed before the scrap dealers would take them, which my grandfather did by melting them in a big cauldron over a propane burner in the garage. I clearly remember hanging out with him during his “melts,” fascinated by the flames and simmering pools of molten lead, completely unconcerned by the potential danger of the situation.

Fast forward a few too many decades and in an ironic twist I find myself living very close to the place where all that lead probably came from, a place that was also blissfully unconcerned by the toxic consequences of pulling this valuable industrial metal from tunnels burrowed deep into the Bitterroot Mountains. It didn’t help that the lead-bearing ores also happened to be especially rich in other metals including zinc and copper. But the real prize was silver, present in such abundance that the most productive silver mine in the world was once located in a place that is known as “Silver Valley” to this day. Together, these three metals made fortunes for North Idaho, with unfortunate side effects from the mining and refining processes used to win them from the mountains.

Continue reading “Mining And Refining: Lead, Silver, And Zinc” →