Slider

4865 Articles

Where Is The End Of DIY?

October 5, 2024 by 72 Comments

Al and I were talking on the podcast about Dan Maloney’s recent piece on how lead and silver are refined and about the possibility of anyone fully understanding a modern cellphone. This lead to Al wondering at the complexity of the constructed world in which we live: If you think hard enough about anything around you right now, you’d probably be able to recreate about 0% of it again from first principles.

Smelting lead and building a cellphone are two sides of coin, in my mind. The process of getting lead out of galena is simple enough to comprehend, but it’s messy and dangerous in practice. Cellphones, on the other hand, are so monumentally complex that I’d wager that no single person could even describe all of the parts in sufficient detail to reproduce them. That’s why they’re made by companies with hundreds of engineers and decades of experience with the tech – the only way to build a cellphone is to split the complicated task into many subsystems.

Smelting lead is a bad DIY project because it’s simple in principle, but prohibitive in practice. Building a cellphone from the ground up is incomprehensible in principle, but ironically entirely doable in practice if you’re willing to buy into some abstractions.

Indeed, last week we saw a nearly completely open-source build of a simple smartphone, and the secret to making it work is knowing the limits of DIY. The cell modem, for instance, is a black box. It’s an abstract device that you can feed data to and read data from, and it handles the radio parts of the phone that would take forever to design from scratch. But you don’t need to understand its inner workings to use it. Knowing where the limits of DIY are in your project, where you’re willing to accept the abstraction and move on, can be critical to getting it done.

Of course, in an ideal world, you’d want the cell modem to be like smelting lead – something that’s possible to understand in principle but just not worth DIYing in practice. And of course, there are some folks out there who hack on cell modem firmware and others who could do the radio engineering. But despite my strong DIY urges, I’d have to admit that the essential complexity of the module simply makes it worth treating as a black box. It’s very probably the practical limit of DIY.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

HackFest Enschede: The Type Of Indoor Event We Wanted All Along

October 4, 2024 by 6 Comments

I’m sitting at a table writing this in the centre of a long and cavernous industrial building, the former print works of a local newspaper, I’m surrounded by hardware and software hackers working at their laptops, around me is a bustling crowd admiring a series of large projects on tables along the walls, and the ambient sound is one of the demoscene, chiptunes, 3D-printed guitars, and improbably hurdy-gurdy music. Laser light is playing on the walls, and even though it’s quite a journey from England to get here, I’m home. This is Hackfest Enschede, a two-day event in the Eastern Dutch city which by my estimation has managed the near-impossible feat of combining the flavour of both a hacker event and a maker faire all in one, causing the two distinct crowds to come together.

The Best Of Both Worlds, In One Place

To give an idea of what’s here it’s time for a virtual trip round the hall. I’ll start with the music, aside from the demosceners there’s Printstruments with a range of 3D-printedmusical instruments, and Nerdy Gurdy, as you may have guessed, that hacker hurdy-gurdy I mentioned. This is perhaps one of few places I could have seen a spontaneous jam session featuring a 3D-printed bass and a laser-cut hurdy-gurdy. Alongside them were the Eurorack synthesisers of Sound Force, providing analogue electronic sounds aplenty. Continue reading “HackFest Enschede: The Type Of Indoor Event We Wanted All Along”

Hackaday Podcast Episode 291: Walking In Space, Lead In The Earth, And Atoms Under The DIY Microscope

October 4, 2024 by 2 Comments

What have you missed on Hackaday this week? Elliot Williams and Al Williams compare notes on their favorites from the week, and you are invited. The guys may have said too much about the Supercon badge this year — listen in for a few hints about what it will be about.

For hacks, you’ll hear about scanning tunneling microscopes, power management for small Linux systems, and lots of inertial measurement units. The guys talked about a few impossible hacks for consumer electronics, from hacking a laptop, to custom cell phones.

Of course, there are plenty more long-form articles of the week, including a brief history of what can go wrong on a spacewalk and how to get the lead out (of the ground). Don’t forget to take a stab at the What’s That Sound competition and maybe score a sweet Hackaday Podcast T-shirt.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Use this link to teleport a DRM-free MP3 to your location.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 291: Walking In Space, Lead In The Earth, And Atoms Under The DIY Microscope”

This Week In Security: Zimbra, DNS Poisoning, And Perfctl

October 4, 2024 by 6 Comments

Up first this week is a warning for the few of us still brave enough to host our own email servers. If you’re running Zimbra, it’s time to update, because CVE-2024-45519 is now being exploited in the wild.

That vulnerability is a pretty nasty one, though thankfully requires a specific change from default settings to be exposed. The problem is in postjournal. This logging option is off by default, but when it’s turned on, it logs incoming emails. One of the fields on an incoming SMTP mail object is the RCPT TO: field, with the recipients made of the to, cc, and bcc fields. When postjournal logs this field, it does so by passing it as a bash argument. That execution wasn’t properly sanitized, and wasn’t using a safe call like execvp(). So, it was possible to inject commands using the $() construction.

The details of the attack are known, and researchers are seeing early exploratory attempts to exploit this vulnerability. At least one of these campaigns is attempting to install webshells, so at least some of those attempts have teeth. The attack seems to be less reliable when coming from outside of the trusted network, which is nice, but not something to rely on.

New Tool Corner

What is that binary doing on your system? Even if you don’t do any security research, that’s a question you may ask yourself from time to time. A potential answer is WhoYouCalling. The wrinkle here is that WYC uses the Windows Event Tracing mechanism to collect the network traffic strictly from the application in question. So it’s a Windows only application for now. What you get is a packet capture from a specific executable and all of its children processes, with automated DNS capture to go along. Continue reading “This Week In Security: Zimbra, DNS Poisoning, And Perfctl”

Supercon 2023: [Cory Doctorow] With An Audacious Plan To Halt The Internet’s Enshittification And Throw It Into Reverse

October 3, 2024 by 69 Comments

Those of us old enough to remember BBS servers or even rainbow banners often go down the nostalgia hole about how the internet was better “back in the day” than it is now as a handful of middlemen with a stranglehold on the way we interact with information, commerce, and even other people. Where’s the disintermediated future we were promised? More importantly, can we make a “new good web” that puts users first? [Cory Doctorow] has a plan to reverse what he’s come to call enshittification, or the lifecycle of the extractionist tech platform, and he shared it with us as the Supercon 2023 keynote.

As [Doctorow] sees it, there’s a particular arc to every evil platform’s lifecycle. First, the platform will treat its users fairly and provide enough value to accumulate as many as possible. Then, once a certain critical mass is reached, the platform pivots to exploiting those users to sell them out to the business customers of the platform. Once there’s enough buy-in by business customers, the platform squeezes both users and businesses to eke out every cent for their investors before collapsing in on itself.

Doctorow tells us, “Enshittification isn’t inevitable.” There have been tech platforms that rose and fell without it, but he describes a set of three criteria that make the process unavoidable.

  1. Lack of competition in the market via mergers and acquisitions
  2. Companies change things on the back end (“twiddle their knobs”) to improve their fortunes and have a united, consolidated front to prevent any lawmaking that might constrain them
  3. Companies then embrace tech law to prevent new entrants into the market or consumer rights (see: DMCA, etc.)

Continue reading “Supercon 2023: [Cory Doctorow] With An Audacious Plan To Halt The Internet’s Enshittification And Throw It Into Reverse”

Polaris Dawn, And The Prudence Of A Short Spacewalk

October 3, 2024 by 39 Comments

For months before liftoff, the popular press had been hyping up the fact that the Polaris Dawn mission would include the first-ever private spacewalk. Not only would this be the first time anyone who wasn’t a professional astronaut would be opening the hatch of their spacecraft and venturing outside, but it would also be the first real-world test of SpaceX’s own extravehicular activity (EVA) suits. Whether you considered it a billionaire’s publicity stunt or an important step forward for commercial spaceflight, one thing was undeniable: when that hatch opened, it was going to be a moment for the history books.

But if you happened to have been watching the live stream of the big event earlier this month, you’d be forgiven for finding the whole thing a bit…abrupt. After years of training and hundreds of millions of dollars spent, crew members Jared Isaacman and Sarah Gillis both spent less than eight minutes outside of the Dragon capsule. Even then, you could argue that calling it a spacewalk would be a bit of a stretch.

Neither crew member ever fully exited the spacecraft, they simply stuck their upper bodies out into space while keeping their legs within the hatch at all times. When it was all said and done, the Dragon’s hatch was locked up tight less than half an hour after it was opened.

Likely, many armchair astronauts watching at home found the whole thing rather anticlimactic. But those who know a bit about the history of human spaceflight probably found themselves unable to move off of the edge of their seat until that hatch locked into place and all crew members were back in their seats.

Flying into space is already one of the most mindbogglingly dangerous activities a human could engage in, but opening the hatch and floating out into the infinite black once you’re out there is even riskier still. Thankfully the Polaris Dawn EVA appeared to go off without a hitch, but not everyone has been so lucky on their first trip outside the capsule.

Continue reading “Polaris Dawn, And The Prudence Of A Short Spacewalk”

FLOSS Weekly Episode 803: Unconferencing With OggCamp

October 2, 2024 by 3 Comments

This week Jonathan Bennett and and Simon Phipps chat with Gary Williams about OggCamp! It’s the Free Software and Free culture unconference happening soon in Manchester! What exactly is an unconference? How long has OggCamp been around, and what should you expect to see there? Listen to find out!

Continue reading “FLOSS Weekly Episode 803: Unconferencing With OggCamp”