abandonware

5 Articles

This Week In Security: Footguns, Bing Worms, And Gogs

November 22, 2024 by 4 Comments

The world of security research is no stranger to the phenomenon of not-a-vulnerability. That’s where a security researcher finds something interesting, reports it to the project, and it turns out that it’s something other than a real security vulnerability. There are times that this just means a researcher got over-zealous on reporting, and didn’t really understand what was found. There is at least one other case, the footgun.

A footgun is a feature in a language, library, or tool that too easily leads to catastrophic mistake — shooting ones self in the foot. The main difference between a footgun and a vulnerability is that a footgun is intentional, and a vulnerability is not. That line is sometimes blurred, so an undocumented footgun could also be a vulnerability, and one possible solution is to properly document the quirk. But sometimes the footgun should really just be eliminated. And that’s what the article linked above is about. [Alex Leahu] takes a look at a handful of examples, which are not only educational, but also a good exercise in thinking through how to improve them.

Continue reading “This Week In Security: Footguns, Bing Worms, And Gogs”

Old Spotify Car Thing Hacks Gain New Attention

May 30, 2024 by 24 Comments

If you haven’t heard by now, Spotify is shutting down support for their “Car Thing” on December 9th of this year. Once that happens the automotive media player will officially be useless, with users being advised to literally throw them in the trash come December 10th. Call it an early Christmas present from your friends at the multi-billion dollar streaming company.

Surely the hardware hacking community can do a bit better than that. As it turns out, there’s actually been a fair amount of hacking and research done on the Car Thing, it’s just that most of it happened a couple years back when the device first hit the market. Things stagnated a bit in the intervening years, but now that the clock is ticking, there’s far more interest in cracking open the gadget and seeing what else we can do with it.

[lmore377]’s Car Thing macropad hack from 2022.
The car-thing-reverse-engineering repository on GitHub has a wealth of hardware and software information, and has been something of a rallying point for others who have been poking around inside the device. Unsurprisingly, the Car Thing runs Linux, and with relatively minor work you can gain U-Boot and UART access. With just 512 MB of RAM and a Amlogic S905D2 chip that’s similar to what powers the Radxa Zero, it’s not exactly a powerhouse. Then again, we’ve seen plenty of awesome projects done with less.

If you’re more into the step-by-step approach, security researcher [Nolen Johnson] did a write-up about getting access to the Car Thing’s internal Linux system back in 2022 that’s certainly worth a look. As you’d imagine, there’s also a few YouTube videos out there that walk the viewer through gaining access to the hardware. This one from [Dinosaur Talks Tech] not only provides a good overview of how to get into the system, but covers flashing modified versions of the stock firmware to unlock various features and tweaking the internal Linux OS.

Interestingly enough, while we’ve seen plenty of homebrew hardware players for Spotify over the years, this is the first time the Car Thing has ever crossed our path. Something tells us though that this isn’t the last time we’ll hear about this forlorn Linux gadget.

Continue reading “Old Spotify Car Thing Hacks Gain New Attention”

Hacking Headaches: Keeping A Neurostimulator Working

June 13, 2023 by 11 Comments

We’ve heard a ton of stories over the years about abandoned technology — useful widgets, often cloud-based, that attracted an early and enthusiastic following, only to have the company behind the tech go bankrupt or decide to end operations for business reasons, which effectively bricks hundreds or perhaps millions of otherwise still-usable devices. Now imagine that happening to your brain.

[Markus Möllmann-Bohle] doesn’t have to imagine it, because he’s living it. [Markus] suffers from chronic cluster headaches, an often debilitating condition that leaves a person with intractable pain. Having lived with these headaches since 1987, and treating them with medications with varying degrees of success, [Markus] was finally delivered from his personal hell by a sphenopalatine ganglion (SPG) neuromodulator. The device consists of an unpowered stimulator implanted under the cheekbone that’s wired into the SPG, a bundle of nerves that supply the sinuses, nasal mucosa, tear glands, and many other structures in the face.

To reverse a cluster headache, [Markus] applies an external transmitter to the side of his face, which powers the implant and directs it to stimulate the SPG with low-frequency impulses, which interferes with a reflex loop that causes the symptoms associated with a cluster headache. [Markus] has been using the implant for years, but now its manufacturer has rolled up operations, leaving him with a transmitter in need of maintenance and the possibility of facing his debilitating headaches once again.

The video below shows [Markus]’s workaround, which essentially amounts to opening up the device and swapping in a new LiPo battery pack. [Markus], an electrical engineer by training, admits it’s not exactly a major hack, but it’s keeping him going for now. But he’s clearly worried because eventually, something will happen to that transmitter that’s beyond his skills to repair.

There’s cause for hope, though, as the intellectual property of the original implant company has been purchased by an outfit called Realeve, with the intention to continue support. That would be a lifesaver for [Markus] and everyone relying on this technology to live a normal life, so here’s hoping there’s no need for future hacking heroics. But as the video below details, there is a lot of neurotechnology out there, and the potential for having that bricked by a corporate decision has to be terrifying to the people who depend on them. Continue reading “Hacking Headaches: Keeping A Neurostimulator Working”

PC Classics, Right In Your Browser With EmuOS

May 6, 2023 by 11 Comments

[Emupedia]’s work to preserve computer history by way of making classic and abandoned games and software as accessible as possible is being done in a handy way: right in your browser with EmuOS.

A few moments of BIOS startup kicks off EmuOS right in a browser window.

Doing things this way has powerful “Just Works” energy. Visit that link in a modern browser and in no time at all you’ll be looking at a Windows 95 (or Windows 98, or Windows ME) desktop, filled with a ton of shortcuts to pre-installed and ready-to-run classic software. Heck, you can even keep it simple and be playing the original Microsoft Solitaire in no time flat. There is also a whole ton of DOS software waiting to be fired up, just double-click the DOSBox icon, and browse a huge list. The project is still in development, so not everything works, but the stuff that does is awfully slick.

Here’s some additional background that goes into more detail about the project and its capabilities, but if you’d prefer to just click around to explore, here’s the main link again (and here’s a list of mirrors.)

If OS emulation is your thing, don’t miss emulating the IBM PC on an ESP32 microcontroller. And if you’re more into lesser-known vintage operating systems, how about re-inventing PalmOS to run on x86 architecture?

Hackaday Links Column Banner

Hackaday Links: December 18, 2022

December 18, 2022 by 27 Comments

By now everyone has probably seen the devastation wrought by the structural failure of what was once the world’s largest free-standing cylindrical aquarium. The scale of the tank, which until about 5:50 AM Berlin time on Friday graced the lobby of the Raddison Blu hotel, was amazing — 16 meters tall, 12 meters in diameter, holding a million liters of saltwater and some 1,500 tropical fish. The tank sat atop a bar in the hotel lobby and was so big that it even had an elevator passing up through the middle of it.

But for some reason, the tank failed catastrophically, emptying its contents into the hotel lobby and spilling the hapless fish out into the freezing streets of Berlin. No humans were killed by the flood, which is miraculous when you consider the forces that were unleashed here. Given the level of destruction, the displaced hotel guests, and the fact that a €13 million structure just up and failed, we’re pretty sure there will be a thorough analysis of the incident. We’re pretty interested in why structures fail, so we’ll be looking forward to finding out the story here.

Continue reading “Hackaday Links: December 18, 2022”