Slider

4365 Articles

Hackaday Podcast Episode 282: Saildrones, A New Classic Laptop, And SNES Cartridges Are More Than You Think

August 2, 2024 by 1 Comment

In this episode, the CrowdStrike fiasco has Hackaday Editors Elliot Williams and Tom Nardi pondering the fragility of our modern infrastructure. From there the discussion moves on to robotic sailboats, the evolving state of bespoke computers, and the unique capabilities of the Super Nintendo cartridge. You’ll also hear about cleaning paintings with lasers, the advantages of electronic word processors, stacking 3D printed parts, and the joys of a nice data visualization. They’ll wrap the episode up by marveling at the techniques required to repair undersea fiber optic cables, and the possibilities (and frustrations) of PCB panelization using multiple designs.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

As always, the Hackaday Podcast is available in DRM-free MP3 for offline listening.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 282: Saildrones, A New Classic Laptop, And SNES Cartridges Are More Than You Think”

This Week In Security: Echospoofing, Ransomware Records, And Github Attestations

August 2, 2024 by 5 Comments

It’s a bit of bitter irony, when a security product gets used maliciously, to pull off the exact attack it was designed to prevent. Enter Proofpoint, and the EchoSpoofing attack. Proofpoint offers an email security product, filtering spam and malicious incoming emails, and also handling SPF, DKIM, and DMARC headers on outgoing email. How does an external service provide those email authentication headers?

One of the cardinal sins of running an email server is to allow open relaying. That’s when anyone can forward email though an SMTP server without authentication. What we have here is two nearly open relays, that wound up with spoofed emails getting authenticated just like the real thing. The first offender is Microsoft’s Office365, which seems to completely skip checking for email spoofing when using SMTP relaying from an allowed IP address. This means a valid Office365 account allows sending emails as any address. The other half relies on the way Proofpoint works normally, accepting SMTP traffic from certain IP addresses, and adding the authentication headers to those emails. There’s an option in Proofpoint to add the Microsoft Office 365 servers to that list, and apparently quite a few companies simply select that option.

The end result is that a clever spammer can send millions of completely legitimate looking emails every day, that look very convincing even to sophisticated users. At six months of activity, averaging three millions emails a day, this campaign managed just over half a billion malicious emails from multiple high-profile domains.

The good news here is that Proofpoint and Guardio discovered the scheme, and worked with Microsoft to develop the X-OriginatorOrg header that is now applied to every email sent from or through the Office365 servers. This header marks the account tenant the email belongs to, giving vendors like Proofpoint a simple way to determine email validity. Continue reading “This Week In Security: Echospoofing, Ransomware Records, And Github Attestations”

Polaroid In An Instant

July 31, 2024 by 23 Comments

Edwin Land, were he alive, would hate this post. He wanted to be known for this scientific work and not for his personal life. In fact, upon his death, he ordered the destruction of all his personal papers. However, Land was, by our definition, a hacker, and while you probably correctly associate him with the Polaroid camera, that turns out to be only part of the story.

Land in 1977

It was obvious that Land was intelligent and inquisitive from an early age. At six, he blew all the fuses in the house. He was known for taking apart clocks and appliances. When his father forbade him from tearing apart a phonograph, he reportedly replied that nothing would deter him from conducting an experiment. We imagine many Hackaday readers have similar childhood stories.

Optics

He was interested in optics, and at around age 13, he became interested in using polarized light to reduce headlight glare. The problem was that one of the best polarizing crystals known — herapathite — was difficult to create in a large size. Herapathite is a crystalline form of iodoquinine sulfate studied in the 1800s by William Herapath, who was unable to grow large sizes of the crystal. Interestingly, one of Herapath’s students noticed the crystals formed when adding iodine to urine from dogs that were given quinine.

Land spent a year at Harvard studying physics, but he left and moved to New York. He continued trying to develop a way to make large, practical, light-polarizing crystals. At night, he would sneak into labs at Columbia University to conduct experiments.

Continue reading “Polaroid In An Instant”

Undersea Cable Repair

July 30, 2024 by 6 Comments

The bottom of the sea is a mysterious and inaccessible place, and anything unfortunate enough to slip beneath the waves and into the briny depths might as well be on the Moon. But the bottom of the sea really isn’t all that far away. The average depth of the ocean is only about 3,600 meters, and even at its deepest, the bottom is only about 10 kilometers away, a distance almost anyone could walk in a couple of hours.

Of course, the problem is that the walk would be straight down into one of the most inhospitable environments our planet has to offer. Despite its harshness, that environment is home to hundreds of undersea cables, all of which are subject to wear and tear through accidents and natural causes. Fixing broken undersea cables quickly and efficiently is a highly specialized field, one that takes a lot of interesting engineering and some clever hacks to pull off.

Continue reading “Undersea Cable Repair”

Hacker Tactic: Multi-Design Panels

July 29, 2024 by 11 Comments

Last time, we talked about single-PCB-design panels, all the cool aspects of it, including some cost savings and handling convenience. Naturally, you might wonder, and many did – can you put multiple different PCBs on a single panel? The answer is “yes, without a doubt!” The tool we used last time, KiKit, will not be as helpful here, so we’ll be looking elsewhere.

Making multi-PCB panels can help you save money, naturally, but it can also make your assembly a whole lot easier, and it can bring you hacking to a whole new level. It sure helped with mine! You might have already learned that some fabs scoff at multi-design panels and add surcharges. Well, you’ll be delighted to learn that there are more hacker-friendly fabs out there, too.

Developing PCBs In Bulk

So far, I’ve worked on about 300 different PCB designs, with half of them available in my monorepo. I’ve assembled and tested just about half of these. You might guess that this would cost a lot of money, and that assembly would take a fair bit of time, but I have some tricks up my sleeve. For a start, you can easily order PCBs 10-12 times more cheaply if you do multi-panel.

Continue reading “Hacker Tactic: Multi-Design Panels”

An Antenna To Throw You For A Loop

July 29, 2024 by 27 Comments

It is one of Murphy’s laws, we think, that you can’t get great things when you need them. Back in the heyday of shortwave broadcasting, any of us would have given a week’s pay for even a low-end receiver today. Digital display? Memory? Digital filtering? These days, you have radios, and they aren’t terribly expensive, but there isn’t much to listen to. Making matters worse, it isn’t easy these days to string wires around in your neighborhood for a variety of reasons. Maybe you don’t have a yard, or you have deed restrictions, or your yard lacks suitable space or locations. This problem is so common that there are a crop of indoor antennas that seem attractive. Since I don’t often tune in shortwave and I don’t want to have to reset my antenna after every storm, I decided to look at the Tecsun AN-48X along with a YouLoop clone from China. Let’s start with the Tecsun. Continue reading “An Antenna To Throw You For A Loop”

Hackaday Links Column Banner

Hackaday Links: July 28, 2024

July 28, 2024 by 14 Comments

What is this dystopia coming to when one of the world’s largest tech companies can’t find a way to sufficiently monetize a nearly endless stream of personal data coming from its army of high-tech privacy-invading robots? To the surprise of almost nobody, Amazon is rolling out a paid tier to their Alexa service in an attempt to backfill the $25 billion hole the smart devices helped dig over the last few years. The business model was supposed to be simple: insinuate an always-on listening device into customers’ lives to make it as easy as possible for them to instantly gratify their need for the widgets and whatsits that Amazon is uniquely poised to deliver, collecting as much metadata along the way as possible; multiple revenue streams — what could go wrong? Apparently a lot, because the only thing people didn’t do with Alexa was order stuff. Now Amazon is reportedly seeking an additional $10 a month for the improved AI version of Alexa, which will be on top of the ever-expanding Amazon Prime membership fee, currently at an eye-watering $139 per year. Whether customers bite or not remains to be seen, but we think there might be a glut of Echo devices on the second-hand market in the near future. We hate to say we told you so, but — ah, who are we kidding? We love to say we told you so.

Continue reading “Hackaday Links: July 28, 2024”