Slider

4485 Articles

Hackaday Podcast Episode 295: Circuit Graver, Zinc Creep, And Video Tubes

November 8, 2024 by 1 Comment

With Superconference 2024 in the books, Dan joined Elliot, fresh off his flight back from Pasadena, to look through the week (or two) in hacks. It was a pretty good crop, too, despite all the distractions and diversions. We checked out the cutest little quadruped, a wireless antenna for wireless communications, a price-tag stand-in for paper calendars, and a neat way to test hardware and software together.

We take the closest look yet at why Arecibo collapsed, talk about Voyager’s recent channel-switching glitch, and find out how to put old Android phones back in action. There’s smear-free solder paste application, a Mims-worthy lap counter, and a PCB engraver that you’ve just got to see. We wrap things up with a look at Gentoo and pay homage to the TV tubes of years gone by — the ones in the camera, for the TV sets.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Download the zero-calorie MP3.

Continue reading “Hackaday Podcast Episode 295: Circuit Graver, Zinc Creep, And Video Tubes”

This Week In Security: Linux VMs, Real AI CVEs, And Backscatter TOR DoS

November 8, 2024 by 4 Comments

Steve Ballmer famously called Linux “viral”, with some not-entirely coherent complaints about the OS. In a hilarious instance of life imitating art, Windows machines are now getting attacked through malicious Linux VM images distributed through phishing emails.

This approach seems to be intended to fool any anti-malware software that may be running. The VM includes the chisel tool, described as “a fast TCP/UDP tunnel, transported over HTTP, secured via SSH”. Now that’s an interesting protocol stack. It’s an obvious advantage for an attacker to have a Linux VM right on a target network. As this sort of virtualization does require hardware virtualization, it might be worth disabling the virtualization extensions in BIOS if they aren’t needed on a particular machine.

AI Finds Real CVE

We’ve talked about some rather unfortunate use of AI, where aspiring security researchers asked an LLM to find vulnerabilities in a project like curl, and then completely wasted a maintainer’s time on those bogus reports. We happened to interview Daniel Stenberg on FLOSS Weekly this week, and after he recounted this story, we mused that there might be a real opportunity to use LLMs to find vulnerabilities, when used as a way to direct fuzzing, and when combined with a good test suite.

And now, we have Google Project Zero bringing news of their Big Sleep LLM project finding a real-world vulnerability in SQLite. This tool was previously called Project Naptime, and while it’s not strictly a fuzzer, it does share some similarities. The main one being that both tools take their educated guesses and run that data through the real program code, to positively verify that there is a problem. With this proof of concept demonstrated, it’s sure to be replicated. It seems inevitable that someone will next try to get an LLM to not only find the vulnerability, but also find an appropriate fix. Continue reading “This Week In Security: Linux VMs, Real AI CVEs, And Backscatter TOR DoS”

Mechanisms: Tension Control Bolts

November 7, 2024 by 54 Comments

If there’s an enduring image of how large steel structures used to be made, it’s probably the hot riveting process. You’ve probably seen grainy old black-and-white films of a riveting gang — universally men in bib overalls with no more safety equipment than a cigarette, heating rivets to red heat in a forge and tossing them up to the riveters with a pair of tongs. There, the rivet is caught with a metal funnel or even a gloved hand, slipped into a waiting hole in a flange connecting a beam to a column, and beaten into submission by a pair of men with pneumatic hammers.

Dirty, hot, and dangerous though the work was, hot riveted joints were a practical and proven way to join members together in steel structures, and chances are good that any commercial building that dates from before the 1960s or so has at least some riveted joints. But times change and technology marches on, and riveted joints largely fell out of fashion in the construction trades in favor of bolted connections. Riveting crews of three or more men were replaced by a single ironworker making hundreds of predictable and precisely tensioned connections, resulting in better joints at lower costs.

Bolted joints being torqued to specs with an electric wrench might not have the flair of red-hot rivets flying around the job site, but they certainly have a lot of engineering behind them. And as it turns out, the secret to turning bolting into a one-person job is mostly in the bolt itself.

Continue reading “Mechanisms: Tension Control Bolts”

FLOSS Weekly Episode 808: Curl – Gotta Download ’em All

November 6, 2024 by 9 Comments

This week, Jonathan Bennett and Randal Schwartz chat with Daniel Stenberg about curl! How many curl installs are there?! What’s the deal with CVEs? How has curl managed to not break its ABI for 18 years straight? And how did Daniel turn all this into a career instead of just a hobby? Watch to find out!

Continue reading “FLOSS Weekly Episode 808: Curl – Gotta Download ’em All”

Supercon 2023: Restoring The Apollo Guidance Computer

November 6, 2024 by 17 Comments

Humans first visited the Moon in 1969.  The last time we went was 1972, over 50 years ago. Back then, astronauts in the Apollo program made their journeys in spacecraft that relied on remarkably basic electronics that are totally unsophisticated compared to what you might find in an expensive blender or fridge these days. Core among them was the Apollo Guidance Computer, charged with keeping the craft on target as it travelled to its destination and back again.

Marc Verdiell, also known as CuriousMarc, is a bit of a dab hand at restoring old vintage electronics. Thus, when it came time to restore one of these rare and storied guidance computers, he was ready and willing to take on the task. Even better, he came to the 2023 Hackaday Supercon to tell us how it all went down!

Continue reading “Supercon 2023: Restoring The Apollo Guidance Computer”

What Happens If You Speedrun Making A CPU?

November 6, 2024 by 28 Comments

Usually, designing a CPU is a lengthy process, especially so if you’re making a new ISA too. This is something that can take months or even years before you first get code to run. But what if it wasn’t? What if one were to try to make a CPU as fast as humanly possible? That’s what I asked myself a couple weeks ago.

Left-to-right: Green, orange and red rectangle with 1:2 aspect ratio. Each rectangle further right has 4x the area of its neighbor on the left.
Relative ROM size. Left: Stovepipe, center: [Ben Eater]’s, right: GR8CPU Rev. 2
Enter the “Stovepipe” CPU (I don’t have an explanation for that name other than that I “needed” one). Stovepipe’s hardware was made in under 4 hours, excluding a couple small bugfixes. I started by designing the ISA, which is the simplest ISA I ever made. Instead of continuously adding things to make it more useful, I removed things that weren’t strictly necessary until I was satisfied. Eventually, all that was left were 8 major opcodes and a mere 512 bits to represent it all. That is far less than GR8CPU (8192 bit), my previous in this class of CPU, and still less than [Ben Eater]’s breadboard CPU (2048 bit), which is actually less flexible than Stovepipe. All that while taking orders of magnitude less time to create than either larger CPU. How does that compare to other CPUs? And: How is that possible?
Continue reading “What Happens If You Speedrun Making A CPU?”

Ubiquitous Successful Bus: Hacking USB 2 Hubs

November 5, 2024 by 28 Comments

We’ve been recently looking into USB 2.0 – the ubiquitous point-to-point communications standard. USB 2 is completely different from USB 3, the blue-connector next-generation USB standard. For instance, USB 2 is a full-duplex pseudo-differential bus, and it’s not AC-coupled. This makes USB2 notoriously difficult to galvanically isolate, as opposed to USB 3.  On the other hand, USB 2 is a lot easier to incorporate into your projects. And perhaps the best way to do so is to implement a USB hub.

USB 2 hubs are, by now, omnipresent. it doesn’t cost much to add to your board, and you truly have tons of options. The standard option is 4-port hubs – one uplink port to your host, four downlink ports to your devices. If you only have two or three devices, you might be tempted to look for a hub IC with a lower amount of ports, but it’s not worth bothering – just use a 4-port chip, and stock up on them.

What about 7-port chips? You will see those every now and then – but take a close look at the datasheet. Some of them will be two 4-port chips inside a single package, with four of the ports bottlenecked compared to the three other ports – watch out! Desktop 7-port hubs are basically guaranteed to use two 4-port ICs, too, so, again, watch out for bottlenecks. lsusb -t will help you determine the hub’s structure in case you don’t want to crack its case open, thankfully.

Recommendations? I use SL2.1 chips – they’re available in an SO16 package, very unproblematic, to-the-point pinout and easily hand-solderable. CH334 is a close contender, but watch out because there are different variants of this chip that differ by both package and pinout, so if you’re buying a chip with a certain letter, you will want to stick to it. Not just that, be careful – different variants run out at different rates, so if you lock yourself into a CH334 variant, consider stocking up on it. Continue reading “Ubiquitous Successful Bus: Hacking USB 2 Hubs”