Hack The Cloud!

The obvious rants against software or services “in the cloud” are that you don’t own it, your data isn’t on your own hard drive, or that, when the interwebs are down, you just can’t get your work done. But the one that really grinds my gears is that, at least for many cloud services, you just can’t play around with them. Why does that matter? Well, as a hacker type, of course, I like to fool around, but more deeply, I feel that this invitation to play around is what’s going to grow up the next generation of hackers. Openness matters not just for now, but also for the future.

Of course, it’s unfair to pin all of this on the cloud. There are plenty of services with nice open APIs that let you play around with their systems as much as you want — witness the abundance of amusing things you can do with Twitter or Twitch. Still, every day seems to bring another formerly-open API that gets bought up by some wealthy company and shut down. I built a nice “is it going to rain today” display out of a meter-long WS2812 strip and an ESP8266, but Dark Sky API got bought up by Apple and is going dark soon (tee-hee!) leaving me thinking of how I’m going to get easy weather data in the next few months.

Whisper your tip in our earOr take my e-mail annunciator. I wrote a little script that, when I have new mail that’s work related or from my wife (read: important), it displays the subject line on a VFD that I have perched on my monitor. This works with Gmail, which I have to use for work, because they support IMAP so at least I can do cool things with the mail once it reaches my server. But can I do anything with Google Groups, which we use for the Hackaday Tip Line? Fat chance!

So there’s good “cloud” and there’s bad “cloud”. Good cloud is open cloud. Good cloud invites you to play, to innovate, and to come up with the right solutions for yourself. Good cloud gives you access to your data. Good cloud is hackable cloud. Let’s see more of that.

Ham Radio Needs To Embrace The Hacker Community Now More Than Ever

As many a radio amateur will tell you, ham radio is a hobby with as many facets as there are radio amateurs. It should be an exciting and dynamic place to be, but as those who venture forth into it sometimes sadly find out, it can be anything but. Tightly-knit communities whose interests lie in using $1,000 stations to chase DX (long-distance contacts), an advancing age profile, and a curious fascination of many amateurs with disaster communications. It’s something [Robert V. Bolton, KJ7NZL] has sounded off about in an open letter to the amateur radio community entitled “Ham Radio Needs To Embrace The Hacker Community Now More Than Ever“.

In it he laments that the influx in particular of those for whom disaster preparedness is the reason for getting a licence is to blame for amateur radio losing its spark, and he proposes that the hobby should respond by broadening its appeal in the direction of the hacker community. The emphasis should move from emergency communications, he says, and instead topics such as software defined radio and digital modes should be brought to the fore. Finally he talks about setting up hacker specific amateur radio discussion channels, to provide a space in which the talk is tailored to our community.

Given our experience of the amateur radio community we’d be bound to agree with him. The hobby offers unrivalled opportunity for analogue, mixed-signal, digital, and software tinkering in the finest tradition of the path set by the early radio amateurs around a hundred years ago, yet it sometimes seems to have lost its way for people like us. It’s something put into words a few years ago by our colleague Dan Maloney, and if you’re following [KJ7NZL]’s path you could do worse than read Dan’s long-running $50 ham series from the start.

Via Hacker News.

Header image: Unknown author, Public domain.

Recreating Lord Nikon’s Laptop From Hackers

The outlandish computers from 1995’s Hackers are easily one of the most memorable elements of the iconic cult classic. In the film, each machine is customized to reflect the individual hacker that operates it, and feature everything from spray painted camouflage paint schemes to themed boot animations based on the owner’s personal iconography. But what might not be so obvious is that the real-life props took a considerable amount of hardware hacking before they were ready for their big-screen debut.

A group of dedicated Hackers fans have created a website to document, and ideally recreate, all the custom work that went into the various pieces of tech featured in the film. As explained by [Nandemoguy], the group’s latest triumph is a screen-accurate build of Lord Nikon’s laptop. The final product not only looks just like the machine used in the film, but thanks to the internal Raspberry Pi, is far more powerful than the original computer would have been.

Unless you’re on the team over at HackersCurator.com, you might not know that the laptops in the film were handmade chimeras that combined the external cases of various PCs with (usually) the internals of an Apple Powerbook 180c. Why the prop masters of the film would have gone through so much trouble to create the character’s computers is not immediately clear, but if we had to guess, presumably it was due to the requirements of the over-the-top graphical interfaces that are featured so heavily in the film.

At any rate, the replica created by [Nandemoguy] is built in much the same way. At least for the parts you can see on the outside, anyway. He goes through the considerable case modifications required to replace the original keyboard on the Toshiba Satellite T1850 with a Powerbook keyboard, which as you might have guessed, has been converted into a USB HID device with a Teensy microcontroller. He even cuts the ports off the back of the Mac’s motherboard and glues them in place around the backside of the machine. But everything else, including the LCD, is all new hardware. After all, who really wants to go through all that trouble just to have a fancy Powerbook 180c in 2019?

Even if you weren’t a fan of Hackers, the level of detail and effort put into this build it absolutely phenomenal. It’s interesting to see the parallels between this replica and the burgeoning cyberdeck scene; it seems like with a Teensy, a Raspberry Pi, and enough Bondo, anything can be turned into a functional computer.

Continue reading “Recreating Lord Nikon’s Laptop From Hackers

Hackaday Links: August 11, 2019

By the time this goes to press, DEFCON 27 will pretty much be history. But badgelife continues, and it’d be nice to have a way of keeping track of all the badges offered. Martin Lebel stepped up to the challenge with a DEF CON 27 badgelife tracker. He’s been tracking the scene since March, and there are currently more than 170 badges, tokens, and shitty add-ons listed. Gotta catch ’em all!

Nice tease, Reuters. We spotted this story about the FAA signing off on beyond-visual-line-of-sight, or BVLOS, operation of a UAV. The article was accompanied by the familiar smiling Amazon logo, leading readers to believe that fleets of Amazon Prime Air drones would surely soon darken the skies with cargoes of Huggies and Tide Pods across the US. It turns out that the test reported was conducted by the University of Alaska Fairbanks along an oil pipeline in the Last Frontier state, and was intended to explore medical deliveries and pipeline surveillance for the oil industry. The only mention of Amazon was that the company reported they’d start drone deliveries in the US “in months.” Yep.

Ever wonder what it takes to get your widget into the market? Between all the testing and compliance requirements, it can be a real chore. Nathaniel tipped us off to a handy guide written by his friend Skippy that goes through the alphabet soup of agencies and regulations needed to get a product to market – CE, RoHS, WEEE, LVD, RED, CE for EMC. Take care of all that paperwork and you’ll eventually get a DoC and be A-OK.

A French daredevil inventor made the first crossing of the English Channel on a hoverboard on Sunday. Yes, we know it’s not an “actual” hoverboard, but it’s as close as we’re going to get with the physics we have access to right now, and being a stand-upon jet engine powered by a backpack full of fuel, it qualifies as pretty awesome. The report says it took him a mere 20 minutes to make the 22-mile (35-km) crossing.


We had a grand time last week around the Hackaday writing crew’s secret underground lair with this delightful Hackaday-Dilbert mashup-inator. Scroll down to the second item on the page and you’ll see what appears to be a standard three-panel Dilbert strip; closer inspection reveals that the text has been replaced by random phrases scraped from a single Hackaday article. It looks just like a Dilbert strip, and sometimes the text even makes sense with what’s going on in the art. We’d love to see the code behind this little gem. The strip updates at each page load, so have fun.

And of course, the aforementioned secret headquarters is exactly what you’d picture – a dark room with rows of monitors scrolling green text, each with a black hoodie-wearing writer furiously documenting the black arts of hacking. OpenIDEO, the “open innovation practice” of global design company IDEO, has issued a challenge to “reimagine a more compelling and relatable visual language for cybersecurity.” In other words, no more scrolling random code and no more hoodies. Do you have kinder, gentler visual metaphors for cybersecurity? You might win some pretty decent prizes for your effort to “represent different terms and ideas in the cybersecurity space in an accessible and compelling way.”

Look Like A Movie Hacker

On the old original Star Trek series, they bought some futuristic salt and pepper shakers to use on an episode. The problem is they didn’t look like salt and pepper shakers, so they used normal ones instead and turned the strange-looking ones into Dr. McCoy’s medical instruments. This demonstrates the value of looking like what you claim to be. So sure, you are a super skillful hacker, but if you are sitting in front of a normal looking computer desktop, how can anyone tell? After all, in the movies, hackers use exotic flashy user interfaces, right? Now thanks to eDEX-UI, you can look like a movie hacker if you use Windows, Linux, or the Mac.

As you might expect, the program isn’t very efficient or practical, but it does actually do something. In addition to a load of system information about the CPU and network, there’s a shell, a file manager, and an onscreen keyboard, too. The app uses Electron and — on Linux — AppImage, but for a toy program like this, that may not be a problem.

Continue reading “Look Like A Movie Hacker”

BrickerBot Takes Down Your IoT Devices Permanently

There is a new class of virii in town, specifically targeting Internet of Things (IoT) devices. BrickerBot and its variants do exactly as their name says, turning your smart devices into bricks. Someone out there has gotten tired of all the IoT security flaws and has undertaken extreme (and illegal) measures to fix the problem. Some of the early reports have come in from a security company called Radware, who isolated two variants of the virii in their honeypots.

In a nutshell, BrickerBot gains access to insecure Linux-based systems by using brute force. It tries to telnet in using common default root username/password pairs. Once inside it uses shell commands (often provided by BusyBox) to write random data to any mounted drives. It’s as easy as

dd if=/dev/urandom of=/dev/sda1

With the secondary storage wiped, the device is effectively useless. There is already a name for this: a Permanent Denial-of-Service (PDoS) attack.

Now any card carrying Hackaday reader will know that a system taken down like this can be recovered by re-flashing through USB, JTAG, SD, other methods. However, we’re not BrickerBot’s intended audience. We’ve all changed our devices default passwords, right? RIGHT?

For more IoT security, check out Elliot’s excellent article about botnets earlier this year, and its follow-up.

Is Your Child A Hacker?

Parents in Liverpool, UK, are being prepared to spot the signs that their children might be hackers. The Liverpool Echo reports on the launch of a “Hackers To Heroes” scheme targeting youngsters at risk of donning a black hat, and has an expert on hand, one [Vince Warrington], to come up with a handy cut-out-and-keep list. Because you never know when you’re going to need one, and he’s helped the Government so should know what he’s talking about.

Of course, they’re talking about “Hacker” (cybercriminal) while for us the word has much more positive connotations. And it’s yet another piece of ill-informed media scaremongering about technology that probably fits like so many others in the “People are having fun. Something Must Be Done About It!” category. But it’s still something that will probably result in hassle for a few youngsters with an interest in technology, and that’s not encouraging.

The full list is reproduced below, if you’re a parent it seems you will need to watch your children if:

  1. They spend most of their free time alone with their computer
  2. They have few real friends, but talk extensively to online friends about computers
  3. Teachers say the child has a keen interest in computers, almost to the exclusion of all other subjects
  4. They’re online so much it affects their sleeping habits
  5. They use the language of hacking, with terms such as ‘DdoS’ (pronounced D-dos), Dossing, pwnd, Doxing, Bots, Botnets, Cracking, Hash (refers to a type of encryption rather than cannabis), Keylogger, Lulz, Phishing, Spoof or Spoofing. Members of the Anonymous Hackivist group refer to their attacks as ‘Ops’
  6. They refer to themselves and their friends as hackers or script kiddies
  7. They have multiple social media profiles on one platform
  8. They have multiple email addresses
  9. They have an odd sounding nickname (famous ones include MafiaBoy and CyberZeist)
  10. Their computer has a web browser called ToR (The Onion Router) which is used to access hacking forums on the dark web
  11. Monitoring tools you’ve put on the computer might suddenly stop working
  12. They can connect to the wifi of nearby houses (especially concerning if they have no legitimate reason to have the password)
  13. They claim to be making money from online computer games (many hackers get started by trying to break computer games in order to exploit flaws in the game. They will then sell these ‘cheats’ online).
  14. They might know more than they should about parents and siblings, not being able to resist hacking your email or social media
  15. Your internet connection slows or goes off, as their hacker rivals try to take them down
  16. Some circumstantial evidence suggests children with Autism and Asperger’s could be more vulnerable to becoming hackers.

Reading the list, we can’t help wondering how many Hackaday readers would recognise as perfectly normal behaviours from their own formative years. And some of them look ripe for misinterpretation, for example your internet connection slowing down does not automatically mean that little [Jimmy] is selling a billion compromised social media accounts on the Dark Web.

Particularly concerning though is the final association of computer crime with children who are autistic or have Asperger’s Syndrome. Picking on a minority as a scapegoat for a public moral panic is reprehensible, and is not responsible journalism.

Still, you have to laugh. They remembered to include a stock photo of a hacker using a keyboard, but they’ve completely missed the telltale sign of a real hacker, which is of course wr1t1n9 11k3 r341 1337 h4xxx0rzzz.

Via The Register.

Liverpool skyline, G-Man (Public domain) via Wikimedia Commons.