The Big List Of Naughty Strings Helps Find Those User Input Problems

Any software that accepts user input must take some effort to sanitize incoming data, lest unexpected and unwelcome things happen. Here to make that easier is the Big List of Naughty Strings, an evolving list of edge cases, unusual characters, script-injection fragments, and all-around nonstandard stuff aimed at QA testers, developers, and the curious. It’s a big list that has grown over the years, and every piece of it is still (technically) just a string.

These strings have a high probability of surfacing any problems with handling user input. They won’t necessarily break anything, but they may cause unexpected things to happen and help point out any issues that need fixing. After all, many attacks hinge on being able to send unexpected inputs that don’t get properly sanitized.

Finding bad inputs is not always entirely straightforward, but at least the Big List of Naughty Strings is available in a variety of formats to make it easy to use. [Max Woolf] has been maintaining the list for years, but if you haven’t heard of it yet and think it might come in useful, now’s the time to give it a look. Now you can help ensure your system can handle things like someone registering a company named ; DROP TABLE “COMPANIES”;– LTD.

Diff Tool Knows What You Mean

We will admit to not being particularly artistic, but we do remember an art teacher telling us that sometimes it is better to draw what isn’t there instead of what’s there — a concept known as negative space. [Wilfred] makes a similar point when explaining his “fantastic diff” tool called, appropriately, difftastic. He points out that when comparing two programs, the goal isn’t so much to determine what changed, but rather what stayed the same. The more you can identify as the same, the less you have to show as a change.

The tool compares source code in a smart way, assisted by tree-sitter which has many different languages already parsed, at least well enough for this purpose. According to [Wilfred’s] post the tool supports 44 different languages ranging from bash and YAML, Verilog to VHDL, and C++ to Rust, among others.

Continue reading “Diff Tool Knows What You Mean”

The Filamentmeter: For When You Absolutely Want To Count Every Meter Used

[ArduinoNmore] took an interesting approach to designing a counter intended to accurately display how many meters of filament a 3D printer has used. The Filamentmeter looks a little bit like a 3D printed handheld tally counter (or lap counter) but instead of a button to advance each digit, the readout represents how many meters of filament have gone through the extruder.

Driving the digit rotation from the extruder motor itself means that even retractions are accounted for.

At first glance it may look like there is a motor hidden inside, or that the device is somehow sensing the filament directly. But it’s actually the movement of the extruder motor that drives the device. A small spur gear attached to the printer’s extruder drives a series of gears that advance the digits. This means that retractions  — small reverses of the extruder motor during printing — are properly accounted for in the total, which is a nice touch.

[ArduinoNmore] designed this for the Ender 3, and the Filamentmeter relies on a specific extruder design and orientation to work properly. Of course, since it’s 3D printed, modifying the design for your own purposes should be pretty straightforward.

Curious? The design is being sold for a few bucks, and there is a free test piece one can print and use to confirm whether the design will work before mashing the buy button. Non-free printable 3D models can be a world of buyer beware, but test pieces and solid documentation are good ways to give buyers confidence in your work.

The insides of the unit are really quite intricate, with a clockwork-type elegance to them. You can see it all in the short video, embedded below.

Continue reading “The Filamentmeter: For When You Absolutely Want To Count Every Meter Used”

Motorcycle Builder Makes Downhill Mountain Bike

[Allen Millyard] is a premier British motorcycle builder. In these circles he is widely regarded and his custom motorcycles are nearly world-famous. But when his son took up downhill mountain biking, he decided to put his skills building a different type of vehicle. This is the Millyard MR001, one of the most unique mountain bikes ever built thanks to some design choices that solve many problems otherwise inherent in bicycles.

Perhaps the most immediately striking design of this bike is the aluminum space frame, a lightweight but extremely strong frame necessary for the high speeds and stresses of downhill mountain biking. Upon closer inspection, however, the sealed drivetrain warrants further inspection. Unlike most mountain bikes with gears, this one eliminates the typical derailleur which hangs below the rear gears. The gears are instead above the pedals in front of the rear tire, are completely sealed eliminating the maintenance requirements of a typical bike, and are designed in such a way that they can be shifted without the bike moving.

Despite the bike being built in 2007, it still includes plenty of features that still aren’t widely adopted in mountain biking. It’s also nearly completely silent thanks to the custom drivetrain, and [Allen] reports that it still sneaks up on other mountain bikers as a result. This is essentially the opposite problem of another bike we’ve seen around.

Continue reading “Motorcycle Builder Makes Downhill Mountain Bike”

The Internet Without The Computer: 1990s Style

We think of the Internet extending to small devices as a modern trend, but it actually is a good example of how everything makes a circle. Today, we want the network to connect to our thermostat and our toaster. But somewhere between the year 1990 and the year 2010, there was a push to make the Internet accessible to the majority of people who didn’t own a computer. The prototypical device, in our mind, was Microsoft’s ill-fated WebTV, but a recent video from [This Does Not Compute] reminded us of another entry in that race: The Audrey from 3COM. Check out the video, below.

Many devices, like the WebTV, wanted to take over your TV set to save on a display. That doesn’t sound bad today, but you have to remember, the typical TV set in those days was not the high-resolution digital monster you have today, so the experience of surfing the Web on one was suboptimal. The Audrey actually had a cute little screen and a compact keyboard.

Continue reading “The Internet Without The Computer: 1990s Style”

Bootstrapping The Old Fashioned Way

The PDP-11, the Altair 8800, and the IMSAI 8080 were some of the heroes of the computer revolution, and they have something in common — front panel switches, and a lot of them. You probably have a fuzzy idea about those switches, maybe from reading Levy’s Hackers, where the painful process of toggling in programs is briefly described. But how exactly does it work? Well thanks to [Dave Plummer] of Dave’s Garage, now we have a handy tutorial. The exact computer in question is a reproduction of the IMSAI 8080, the computer made famous by a young Matthew Broderick in Wargames. [Dave] managed to score the reproduction and a viewer saved him the time of assembly.

The example program is a Larson Scanner, AKA making an strip of lights push a pulse of light across the strip. [Dave] starts with the Assembly code, a scant 11 lines, and runs it through an assembler available online. That gives us machine code, but there’s no hex keypad for input, so we need those in 8-bit binary bytes. To actually program the machine, you set the address switches to your start-of-program location, and the data switches to your first byte. The “deposit” switch sets that byte, while the “deposit next” switch increments the address and then stores the value. It means you don’t have to key in an address for each instruction, just the data. Get to the end of the program, confirm the address is set to the start, and flick run. Hope you toggled everything in correctly. If so, you’re rewarded with a friendly scanner so reminiscent of 80s TV shows. Stick around after the break to see the demonstration!
Continue reading “Bootstrapping The Old Fashioned Way”

Ultra-Thin Rubber Parts Made With A 3D Printed Plug

We generally think of 3D printed components as being hard bits of plastic, because for the most part, that’s what we’ve got loaded up in our desktop machines. But outside of the normal PLA, PETG, and ABS, you can also print with various flexible filaments such as TPU. This can be handy for producing custom seals, or rugged enclosures.

But what if you want to make very thin rubberized parts? In that case, the 0.4 mm nozzle on most desktop machines will be your limiting factor. But not so with the method [Daniel Bauen] demonstrates in his latest Engineerable video. The trick here is that the printer isn’t producing the final product — it’s making a water-soluble plug that has been slightly undersized for the application at hand.

Once the plug has been printed, [Daniel] sprays it with several coats of Plasti Dip. This builds up a rubberized coating on the printed part, and once it’s reached the desired thickness, the whole thing gets tossed into an ultrasonic cleaner to break up the filament. What you’re left with is a silicone-like part that has the same shape as your original print, but is far thinner than anything you could have extruded normally.

So what is [Daniel] looking to accomplish with this technique? We’ll admit the shape of the object is rather suggestive, but in that case, the dimensions just leave us with more questions than answers. Perhaps we’ll learn more in the next video, which we’re told will see the plugs get dipped into latex.

If subtractive manufacturing is more your speed, you can always freeze a sheet of rubber and use a CNC to cut custom parts out of it.

Continue reading “Ultra-Thin Rubber Parts Made With A 3D Printed Plug”