Day: February 11, 2022

A Most Unconventional Lego Walker

February 11, 2022 by 15 Comments

Lego Technic is a wonderful thing, making it easy to toy around with all manner of complicated mechanical assemblies without needing to do any difficult fabrication. [touthomme] recently posted one such creation to Reddit – a walker design that is rather unconventional.

The design dispenses with individually-actuated legs entirely. Instead, the two front legs are joined by an axle which pivots the legs about the body, which is shaped like an oval track. The rear legs are the same. A motorized carriage then travels along the oval track. When the weighted carriage reaches the front of the oval track, it forces the body to tip forwards, pivoting around the front legs and flipping the entire body over, swinging the rear legs forwards to become the front. The cycle then repeats again.

The flipping design, inspired by a toy, is something you wouldn’t expect to see in nature, as few to no animals have evolved mechanisms capable of continual rotation like this. It’s also unlikely to be a particularly efficient way of getting around, and the design would certainly struggle to climb stairs.

Some may claim the method of locomotion is useless, but we don’t like to limit our imaginations in that way. If you can think of a situation in which this walker design would be ideal, let us know in the comments. Alternatively, consider other walking designs for your own builds.  Video after the break.

Continue reading “A Most Unconventional Lego Walker”

This Week In Security: Zimbra, Lockbit 2, And Hacking NK

February 11, 2022 by 9 Comments

Unknown attackers have been exploiting a 0-day attack against the Zimbra e-mail suite. Researchers at Volexity first discovered the attack back in December of last year, detected by their monitoring infrastructure. It’s a cross-site scripting (XSS) exploit, such that when opening a malicious link, the JavaScript running on the malicious page can access a logged-in Zimbra instance. The attack campaign uses this exploit to grab emails and attachments and upload them to the attackers. Researchers haven’t been able to positively identify what group is behind the attacks, but a bit of circumstantial evidence points to a Chinese group. That evidence? Time zones. The attacker requests all use the Asia/Hong_Kong time zone, and the timing of all the phishing emails sent lines up nicely with a work-day in that time zone.

Zimbra has responded, confirming the vulnerability and publishing a hotfix for it. The campaign seems to have been targeted specifically against European governments, and various media outlets. If you’re running a Zimbra instance, make sure you’re running at least 8.8.15.1643980846.p30-1.

LockBit 2.0

Because security professionals needed something else to keep us occupied, the LockBit ransomware campaign is back for a round two. This is another ransomware campaign run in the as-a-Service pattern — RAAS. LockBit 2 has caught enough attention, that the FBI has published a FLASH message (PDF) about it. That’s the FBI Liaison Alert System, in the running for the worst acronym. (Help them figure out what the “H” stands for in the comments below!)

Like many other ransomware campaigns, LockBit has a list of language codes that trigger a bail on execution — the Eastern European languages you would expect. Ransomware operators have long tried not to poison their own wells by hitting targets in their own back yards. This one is being reported as also having a Linux module, but it appears that is limited to VMWare ESXi virtual machines. A series of IoCs have been published, and the FBI are requesting any logs, ransom notes, or other evidence possibly related to this campaign to be sent to them if possible. Continue reading “This Week In Security: Zimbra, Lockbit 2, And Hacking NK”

DIY Nanoleaf LED Panels Offer Peace Of Mind

February 11, 2022 by 14 Comments

Nanoleaf light panels are a popular product for creating glowing geometric designs on walls. However, for those that like to avoid IoT devices that integrate with big cloud services, they’re not ideal, and involve compromising on one’s privacy, somewhat. [Viktor] decided to build something of his own instead to avoid this problem.

The design is that of an equilateral triangle, which allows the panels to tesselate well. Each panel consists of two 3D printed parts. The black PLA base holds the WS2812B LED strips, cabling, and ESP8266 controller, while a white PLA cover goes over the top, which acts as a diffuser to spread the light from the individual LEDs. Each triangle contains 24 LEDs, and six triangles together consume around 1.6 amps when in use.

The benefit of the system is that it’s not controlled from a company’s cloud system, which can be shutdown at any time. [Viktor’s] setup runs entirely independently, and can be controlled from a simple web page. Plus, there’s nothing stopping him from modifying the code to use the panels for any purpose; commercial products like Nanoleaf don’t offer anywhere near the flexibility of building your own.

We’ve seen others build their own smart lighting with similar techniques before, too. Video after the break.

Continue reading “DIY Nanoleaf LED Panels Offer Peace Of Mind”

Tilting At Windmills Nine Bits At A Time

February 11, 2022 by 18 Comments

In the old days — we are talking like the 1960s and 1970s — computers were often built for very specific purposes using either discrete logic or “bit slice” chips. Either way, more bits meant more money so frequently these computers were made with just enough bits to meet a required precision. We don’t think that was what was on [Mad Ned’s] mind, though, when he decided to implement a 9-bit CPU called QIXOTE-1 on an FPGA.

Like many hobby projects, this one started with an FPGA board in search of a problem. At first, [Ned] had a plan to create a custom computer along with a custom language to then produce a video game. A quick search on the Internet led to that being a common enough project with one guy that we’ve talked about here on Hackaday before knocking it out of the park.

[Ned] then thought about just doing a no-software video game. Too late to be the first to do that. Not to be deterred, he decided to duplicate the PDP-8. Whoops. That’s been done before, too. Wanting something original, he finally decided on a custom CPU. Since bytes are usually — if not technically — 8 bits, this CPU calls its 9-bit words nonads and uses octal which maps nicely to three digits per nonad.

This first post talks about the story behind the CPU and gives a short overview of its capabilities, but we are waiting for future posts to show more of what’s behind the curtain in what [Ned] calls “Holy Nonads, Part 010.”

The downside to doing a custom CPU is you have to build your own tools. You can always, of course, duplicate something and steal your toolchain. Or go universal.