Day: October 22, 2021

Vacuum Forming With 3D Printed Buck Tutorial

October 22, 2021 by 9 Comments

[Matterhackers] has a nice video tutorial on using vacuum forming to create plastic items. Sure, you have a 3D printer, but vacuum forming has some advantages if you are making thin and flexible items quickly. But don’t feel bad. The master item in the process is from a 3D printer. Like a mold, the forming won’t produce a duplicate of the master, called a buck. Rather, the buck provides something like a die that the plastic wraps around.

While obvious vacuum-formed items include such things as take-out food containers and plastic blister packaging for retail items, you can also make more substantial items. Apparently, all theStar Wars movies in the original trilogy used vacuum forming to create stormtrooper armor.

Continue reading “Vacuum Forming With 3D Printed Buck Tutorial”

ua-parser-js compromised

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised

October 22, 2021 by 26 Comments

Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter?

In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.

For better or worse, repositories of code are now available to do even the smallest of functions so that a developer doesn’t have to write the function from scratch. One such registry is npm (Node Package Manager), who organize a collection of contributed libraries written in JavaScript. One only need to use npm to include a library in their code, and all of the functions of that code are available to the developer. One such example is ua-parser-js which is a User Agent Parser written in JavaScript. This library makes it easy for developers to find out the type of device and software being used to access a web page.

On October 22 2021, the developer of ua-parser-js found that attackers had uploaded a version of his software that contained malware for both Linux and Windows computers. The malicious versions were found to steal data (including passwords and Chrome cookies, perhaps much more) from computers or run a crypto-currency miner. This prompted GitHub to issue a Critical Severity Security Advisory.

What makes this compromise so dangerous is that ua-parser-js is considered to be part of a supply chain, and has been adopted even by Facebook for use in some of its customer facing software. The developer of ua-parser-js has already secured his GitHub account and uploaded new versions of the package that are clean. If you have any software that uses this library, make sure you’ve got the latest version!

Of course this is by no means a unique occurrence. Last month Maya Posch dug into growing issues that come from some flaws of trust in package management systems. The art for that article is a house of cards, an apt metaphor for a system that is only as stable as the security of each and every package being built upon.

3D Printer Cuts Metal

October 22, 2021 by 19 Comments

Every now and then we’ll see a 3D printer that can print an entire house out of concrete or print an entire rocket out of metal. But usually, for our budget-friendly hobbyist needs, most of our 3D printers will be printing small plastic parts. If you have patience and a little bit of salt water, though, take a look at this 3D printer which has been modified to cut parts out of any type of metal, built by [Morlock] who has turned a printer into a 5-axis CNC machine.

Of course, this modification isn’t 3D printing metal. It convers a 3D printer’s CNC capabilities to turn it into a machining tool that uses electrochemical machining (ECM). This process removes metal from a work piece by passing an electrode over the metal in the presence of salt water to corrode the metal away rapidly. This is a remarkably precise way to cut metal without needing expensive or heavy machining tools which uses parts that can easily be 3D printed or are otherwise easy to obtain. By using the 3D printer axes and modifying the print bed to be saltwater-resistant, metal parts of up to 3 mm can be cut, regardless of the type of metal used. [Morlock] also added two extra axes to the cutting tool, allowing it to make cuts in the metal at odd angles.

Using a 3D printer to perform CNC machining like this is an excellent way to get the performance of a machine tool without needing to incur the expense of one. Of course, it takes some significant modification of a 3D printer but it doesn’t need the strength and ridigity that you would otherwise need for a standard CNC machine in order to get parts out of it with acceptable tolerances. If you’re interested in bootstraping one like that using more traditional means, though, we recently featured a CNC machine that can be made from common materials and put together for a minimum of cost.

Continue reading “3D Printer Cuts Metal”

Vizio In Hot Water Over Smart TV GPL Violations

October 22, 2021 by 70 Comments

As most anyone in this community knows, there’s an excellent chance that any consumer product on the market that’s advertised as “smart” these days probably has some form of Linux running under the hood. We’re also keenly aware that getting companies to hold up their end of the bargain when it comes to using Linux and other GPL licensed software in their products, namely releasing their modified source, isn’t always as cut and dried as it should be.

Occasionally these non-compliant companies will get somebody so aggravated that they actually try to do something about it, which is where smart TV manufacturer Vizio currently finds itself. The Software Freedom Conservancy (SFC) recently announced they’re taking the Irvine, California based company to court over their repeated failures to meet the requirements of the GPL while developing their Linux-powered SmartCast TV firmware. In addition to the Linux kernel, the SFC also claims Vizio is using modified versions of various other GPL and LGPL protected works, such as U-Boot, bash, gawk, tar, glibc, and ffmpeg.

According to the SFC press release, the group isn’t looking for any monetary damages. They simply want Vizio to do what’s required of them as per the GPL and release the SmartCast source code, which they hope will allow for the development of an OpenWrt-like replacement firmware for older Vizio smart TVs. This is particularly important as older models will often stop receiving updates, and in many cases, will no longer be able to access all of the services they were advertised as being able to support. Clearly the SFC wants this case to be looked at as part of the larger Right to Repair debate, and given the terrible firmware we’ve seen some of these smart TVs ship with, we’re inclined to agree.

Now of course, we’ve seen cases like this pop up in the past. But what makes this one unique is that the SFC isn’t representing one of the developers who’s software has been found to be part of Vizio’s SmartCast, they’re actually the plaintiff. By taking the position of a consumer who has purchased a Vizio product that included GPL software, the SFC is considered a third-party beneficiary, and they are merely asking the court to be given what’s due to them under the terms of the license.

As firm believers in the open source movement, we have zero tolerance for license violators. Vizio isn’t some wide-eyed teen, randomly copying code they found from GitHub without understanding the implications. This is a multi-billion dollar company that absolutely should know better, and we’ll be happy to see them twist in the wind a bit before they’re ultimately forced to play by the rules.

Testing 3D Printed Cutting Blades Is Scary Work

October 22, 2021 by 15 Comments

[Ivan Miranda] comes from a land where the shops close on Sundays. Thus, when he found himself in need of a cutting blade, he realised he would have to build his own, or simply wait. He elected to do the former, and we get to enjoy the journey. (Video, embedded below.)

His first attempt was to cut a wooden plank with a 3D-printed cutting blade fitted to a mitre saw. After setting up the mitre saw to cut while he was at a safe distance, [Ivan] elected to test the blade. Alas, it simply melted, and the wood was barely scratched, so [Ivan] went back to the drawing board.

His second attempt was to CNC mill an aluminium blade, which was a full 6 mm thick. The saw needed some modifications to the saw to fit properly, but it was able to cut wood without major drama!

Returning to the 3D-printed concept, [Ivan] suspected reducing the surface speed of the cutting disc could reduce friction-induced heating. This would allow the 3D-printed blade to cut wood without melting, in theory. To achieve this, he built his own basic drop saw using a steel frame and a brushless motor. With a little water spray, and careful control of speed and pressure, the blade was able to slowly chew through a plank of wood. Afterwards, the teeth were almost completely worn down.

The fact is, 3D-printed blades are usually going to be too soft to do any real useful work. However, it’s fun to watch, and that’s good enough for us. If you want something more useful though, consider building your own knives.

Continue reading “Testing 3D Printed Cutting Blades Is Scary Work”

Retrotechtacular: This 15th-Century Siege Cannon Might Kill You Instead Of The Target

October 22, 2021 by 10 Comments

For a happy weekend away in early September, I joined a few of my continental friends for the NewLine event organised by Hackerspace Gent in Belgium. You may have seen some of the resulting write-ups here, and for me the trip is as memorable for the relaxing weekend break it gave me in a mediaeval city as it is for the content of the talks and demonstrations. We took full advantage of the warm weather to have some meals out on café terraces, and it was on the way to one of them that my interest was captured by something unexpected. There at the end of the street was a cannon, not the normal-size cannon you’ll see tastefully arranged around historical military sites the world over, but a truly massive weapon. I had stumbled upon Dulle Griet, one of very few surviving super-sized 15th century siege cannons. It even had a familiar feel to it, being a sister to the very similar Mons Meg at Edinburgh Castle in Scotland.

Continue reading “Retrotechtacular: This 15th-Century Siege Cannon Might Kill You Instead Of The Target”

Hackaday Podcast 141: LowFER Badges, Outrun Clocks, Dichroic Lamps, And Piano Action

October 22, 2021 by No comments

Hackaday editors Mike and Elliot Williams catch up on a week’s worth of hacks. It turns out there are several strange radio bands that don’t require a license, and we discuss this weekend’s broadcast where you can listen in. It’s unlikely you’ve ever seen the website check-box abused quite like this: it’s the display for playing Doom! Just when you thought you’d seen all the ESP32’s tricks it gets turned into a clock styled after Out Run. Mike geeks out over how pianos work, we’re both excited to have Jeremy Fielding giving a Keynote talk at Remoticon, and we wrap things up with a chat about traffic rules in space.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (50 MB)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 141: LowFER Badges, Outrun Clocks, Dichroic Lamps, And Piano Action”