Open Database Shares Resin 3D Printing Settings

May 13, 2022 by Lewin Day 3 Comments

3D printing is much like CNC milling or welding or just about any physical manufacturing process, in that good results fundamentally come down to having the right settings. In an effort to aid those working in the resin printing space, [Adam Bute] has put together a community database of resin printing settings.

The site has sections relevant to a variety of resin 3D printers, sorted by manufacturer. Those eager to find the right settings for their given resin and printer merely need to click through and look up the appropriate data. The settings are crowdsourced, provided by manufacturers, community members, and users of [Adam]’s Maker Trainer website.

While it’s still important to run validation tests on a resin printer to get the best results, having a community-sourced list of settings can help users get up and running much more quickly than they otherwise might. It appears that community contributions can’t directly be made yet, but we suspect such a feature is in the works.

We’ve seen similar material databases before for melty-plastic printers, and those have proven to be valuable to the community. We’re sure this resin database will be received in much the same way. If you know about other great resources for printing tips and tricks, do drop us a line!

This Week In Security: F5 Twitter PoC, Certifried, And Cloudflare Pages Pwned

May 13, 2022 by Jonathan Bennett 7 Comments

F5’s BIG-IP platform has a Remote Code Execution (RCE) vulnerability: CVE-2022-1388. This one is interesting, because a Proof of Concept (PoC) was quickly reverse engineered from the patch and released on Twitter, among other places.

Let's drop CVE-2022-1388 PoC pic.twitter.com/MmyvQGL6eO

— 416e6e61 (@AnnaViolet20) May 9, 2022

HORIZON3.ai researcher [James Horseman] wrote an explainer that sums up the issue nicely. User authentication is handled by multiple layers, one being a Pluggable Authentication Modules (PAM) module, and the other internally in a Java class. In practice this means that if the PAM module sees an X-F5-Auth-Token, it passes the request on to the Java code, which then validates the token to confirm it as authentic. If a request arrives at the Java service without this header, and instead the X-Forwarded-Host header is set to localhost, the request is accepted without authentication. The F5 authentication scheme isn’t naive, and a request without the X-F5-Auth-Token header gets checked by PAM, and dropped if the authentication doesn’t check out.

So where is the wiggle room that allows for a bypass? Yet another HTTP header, the Connection header. Normally this one only comes in two varieties, Connection: close and Connection: keep-alive. Really, this header is a hint describing the connection between the client and the edge proxy, and the contents of the Connection header is the list of other headers to be removed by a proxy. It’s essentially the list of headers that only apply to the connection over the internet. Continue reading “This Week In Security: F5 Twitter PoC, Certifried, And Cloudflare Pages Pwned” →

Barely HDMI Display Gets A Steampunk-Inspired Enclosure

May 13, 2022 by Dan Maloney 21 Comments

It’s an interesting question: What does one do for a follow-up to building the world’s worst HDMI display? Simple — stick it in a cool steampunk-inspired case and call it a day.

That seems to have been [mitxela]’s solution, and please don’t take our assessment as a knock on either the original build or this follow-up. [mitxela] himself expresses a bit of wonder at the attention garnered by his “rather stupid project,” which used the I2C interface in an HDMI interface to drive a tiny monochrome OLED screen. Low refresh rate, poor resolution — it has everything you don’t want in a display, but was still a cool hack that deserved the attention it got.

The present work, which creates an enclosure for the dodgy display, is far heavier on metalworking than anything else, as the video below reveals. The display itself goes in a small box that’s machined from brass, while the HDMI plug gets a sturdy-looking brass housing that makes the more common molded plastic plug look unforgivably flimsy — hot glue notwithstanding. Connecting the two is a flexible stalk, allowing it to plug into a computer’s HDMI port and giving the user the flexibility to position the nearly useless display where it can be seen best.

But again, we may be too harsh in our judgment; while DOOM is basically unplayable on the tiny display, “Bad Apple!!” is quite watchable, especially when accompanied by [mitxela]’s servo-controlled MIDI music box. And since when has usability been a criterion for judging a hack’s coolness, anyway?

Continue reading “Barely HDMI Display Gets A Steampunk-Inspired Enclosure” →

Tetris Clock Gets Talkative Upgrade

May 13, 2022 by Lewin Day 2 Comments

Tetris is arguably one of the most popular video games of all time, and its famous bricks have become cultural icons in themselves, as seen in this clock build from [The Electronic Engineer].

The web interface allows the various sound options to be easily configured.

The basic concept of the Tetris clock is that falling bricks stick together in the shape of numbers to display the time. In this case, the clock is based on the version created by [Brian Lough] which we featured previously. It relies on an RGB LED matrix as a display.

However, the build has had a few upgrades courtesy of [The Electronic Engineer]. With the help of an I2S audio breakout board, the clock can play sounds at various times of day. It’s currently set up with clips from various cartoons announcing lunch and coffee break times. There’s also a web interface added in for configuration purposes, and some text tickers too.

It’s fun to see a popular open project get some upgrades as others dive in to build their own version. We’ve seen some other fun Tetris clocks before, too. Continue reading “Tetris Clock Gets Talkative Upgrade” →