Slider

4687 Articles

Hackaday Links Column Banner

Hackaday Links: June 29, 2025

June 29, 2025 by 5 Comments

In today’s episode of “AI Is Why We Can’t Have Nice Things,” we feature the Hertz Corporation and its new AI-powered rental car damage scanners. Gone are the days when an overworked human in a snappy windbreaker would give your rental return a once-over with the old Mark Ones to make sure you hadn’t messed the car up too badly. Instead, Hertz is fielding up to 100 of these “MRI scanners for cars.” The “damage discovery tool” uses cameras to capture images of the car and compares them to a model that’s apparently been trained on nothing but showroom cars. Redditors who’ve had the displeasure of being subjected to this thing report being charged egregiously high damage fees for non-existent damage. To add insult to injury, if renters want to appeal those charges, they have to argue with a chatbot first, one that offers no path to speaking with a human. While this is likely to be quite a tidy profit center for Hertz, their customers still have a vote here, and backlash will likely lead the company to adjust the model to be a bit more lenient, if not outright scrapping the system.

Continue reading “Hackaday Links: June 29, 2025”

This Week In Security: MegaOWNed, Store Danger, And FileFix

June 27, 2025 by 7 Comments

Earlier this year, I was required to move my server to a different datacenter. The tech that helped handle the logistics suggested I assign one of my public IPs to the server’s Baseboard Management Controller (BMC) port, so I could access the controls there if something went sideways. I passed on the offer, and not only because IPv4 addresses are a scarce commodity these days. No, I’ve never trusted a server’s built-in BMC. For reasons like this MegaOWN of MegaRAC, courtesy of a CVSS 10.0 CVE, under active exploitation in the wild.

This vulnerability was discovered by Eclypsium back in March and it’s a pretty simple authentication bypass, exploited by setting an X-Server-Addr header to the device IP address and adding an extra colon symbol to that string. Send this along inside an HTTP request, and it’s automatically allowed without authentication. This was assigned CVE-2024-54085, and for servers with the BMC accessible from the Internet, it scores that scorching 10.0 CVSS.

We’re talking about this now, because CISA has added this CVE to the official list of vulnerabilities known to be exploited in the wild. And it’s hardly surprising, as this is a near-trivial vulnerability to exploit, and it’s not particularly challenging to find web interfaces for the MegaRAC devices using tools like Shodan and others.

There’s a particularly ugly scenario that’s likely to play out here: Embedded malware. This vulnerability could be chained with others, and the OS running on the BMC itself could be permanently modified. It would be very difficult to disinfect and then verify the integrity of one of these embedded systems, short of physically removing and replacing the flash chip. And malware running from this very advantageous position very nearly have the keys to the kingdom, particularly if the architecture connects the BMC controller over the PCIe bus, which includes Direct Memory Access.

This brings us to the really bad news. These devices are everywhere. The list of hardware that ships with the MegaRAC Redfish UI includes select units from “AMD, Ampere Computing, ASRock, ARM, Fujitsu, Gigabyte, Huawei, Nvidia, Supermicro, and Qualcomm”. Some of these vendors have released patches. But at this point, any of the vulnerable devices on the Internet, still unpatched, should probably be considered compromised. Continue reading “This Week In Security: MegaOWNed, Store Danger, And FileFix”

Announcing The 2025 Hackaday One Hertz Challenge

June 26, 2025 by 48 Comments

It’s about time! Or maybe it’s about time’s reciprocal: frequency. Whichever way you see it, Hackaday is pleased to announce, just this very second, the 2025 One Hertz Challenge over on Hackaday.io. If you’ve got a device that does something once per second, we’ve got the contest for you. And don’t delay, because the top three winners will each receive a $150 gift certificate from this contest’s sponsor: DigiKey.

What will you do once per second? And how will you do it? Therein lies the contest! We brainstormed up a few honorable mention categories to get your creative juices flowing.

  • Timelords: How precisely can you get that heartbeat? This category is for those who prefer to see a lot of zeroes after the decimal point.
  • Ridiculous: This category is for the least likely thing to do once per second. Accuracy is great, but absurdity is king here. Have Rube Goldberg dreams? Now you get to live them out.
  • Clockwork: It’s hard to mention time without thinking of timepieces. This category is for the clockmakers among you. If your clock ticks at a rate of one hertz, and you’re willing to show us the mechanism, you’re in.
  • Could Have Used a 555: We knew you were going to say it anyway, so we made it an honorable mention category. If your One Hertz project gets its timing from the venerable triple-five, it belongs here.

We love contests with silly constraints, because you all tend to rise to the challenge. At the same time, the door is wide open to your creativity. To enter, all you have to do is document your project over on Hackaday.io and pull down the “Contests” tab to One Hertz to enter. New projects are awesome, but if you’ve got an oldie-but-goodie, you can enter it as well. (Heck, maybe use this contest as your inspiration to spruce it up a bit?)

Time waits for no one, and you have until August 19th at 9:00 AM Pacific time to get your entry in. We can’t wait to see what you come up with.

Field Guide To The North American Weigh Station

June 26, 2025 by 35 Comments

A lot of people complain that driving across the United States is boring. Having done the coast-to-coast trip seven times now, I can’t agree. Sure, the stretches through the Corn Belt get a little monotonous, but for someone like me who wants to know how everything works, even endless agriculture is fascinating; I love me some center-pivot irrigation.

One thing that has always attracted my attention while on these long road trips is the weigh stations that pop up along the way, particularly when you transition from one state to another. Maybe it’s just getting a chance to look at something other than wheat, but weigh stations are interesting in their own right because of everything that’s going on in these massive roadside plazas. Gone are the days of a simple pull-off with a mechanical scale that was closed far more often than it was open. Today’s weigh stations are critical infrastructure installations that are bristling with sensors to provide a multi-modal insight into the state of the trucks — and drivers — plying our increasingly crowded highways.

Continue reading “Field Guide To The North American Weigh Station”

The Tao Of Bespoke Electronics

June 25, 2025 by 60 Comments

If you ever look at projects in an old magazine and compare them to today’s electronic projects, there’s at least one thing that will stand out. Most projects in “the old days” looked like something you built in your garage. Today, if you want to make something that rivals a commercial product, it isn’t nearly as big of a problem.

Dynamic diode tester from Popular Electronics (July 1970)

For example, consider the picture of this project from Popular Electronics in 1970. It actually looks pretty nice for a hobby project, but you’d never expect to see it on a store shelf.

Even worse, the amount of effort required to make it look even this good was probably more than you’d expect. The box was a standard case, and drilling holes in a panel would be about the same as it is today, but you were probably less likely to have a drill press in 1970.

But check out the lettering! This is a time before inkjet and laser printers. I’d guess these are probably “rub on” letters, although there are other options. Most projects that didn’t show up in magazines probably had Dymo embossed lettering tape or handwritten labels.

Continue reading “The Tao Of Bespoke Electronics”

The Rise And The Fall Of The Mail Chute

June 25, 2025 by 17 Comments

As the Industrial Age took the world by storm, city centers became burgeoning hubs of commerce and activity. New offices and apartments were built higher and higher as density increased and skylines grew ever upwards. One could live and work at height, but this created a simple inconvenience—if you wanted to send any mail, you had to go all the way down to ground level.

In true American fashion, this minor inconvenience would not be allowed to stand. A simple invention would solve the problem, only to later fall out of vogue as technology and safety standards moved on. Today, we explore the rise and fall of the humble mail chute.

Continue reading “The Rise And The Fall Of The Mail Chute”