Day: April 25, 2025

This Week In Security: XRP Poisoned, MCP Bypassed, And More

April 25, 2025 by 7 Comments

Researchers at Aikido run the Aikido Intel system, an LLM security monitor that ingests the feeds from public package repositories, and looks for anything unusual. In this case, the unusual activity was five rapid-fire releases of the xrpl package on NPM. That package is the XRP Ledger SDK from Ripple, used to manage keys and build crypto wallets. While quick point releases happen to the best of developers, these were odd, in that there were no matching releases in the source GitHub repository. What changed in the first of those fresh releases?

The most obvious change is the checkValidityOfSeed() function added to index.ts. That function takes a string, and sends a request to a rather odd URL, using the supplied string as the ad-referral header for the HTML request. The name of the function is intended to blend in, but knowing that the string parameter is sent to a remote web server is terrifying. The seed is usually the root of trust for an individual’s cryptocurrency wallet. Looking at the actual usage of the function confirms, that this code is stealing credentials and keys.

The releases were made by a Ripple developer’s account. It’s not clear exactly how the attack happened, though credential compromise of some sort is the most likely explanation. Each of those five releases added another bit of malicious code, demonstrating that there was someone with hands on keyboard, watching what data was coming in.

The good news is that the malicious releases only managed a total of 452 downloads for the few hours they were available. A legitimate update to the library, version 4.2.5, has been released. If you’re one of the unfortunate 452 downloads, it’s time to do an audit, and rotate the possibly affected keys. Continue reading “This Week In Security: XRP Poisoned, MCP Bypassed, And More”

Revivification: a Room with cymbals and plinth

Posthumous Composition Being Performed By The Composer

April 25, 2025 by 15 Comments

Alvin Lucier was an American experimental composer whose compositions were arguably as much science experiments as they were music. The piece he is best known for, I Am Sitting in a Room, explored the acoustics of a room and what happens when you amplify the characteristics that are imparted on sound in that space by repeatedly recording and playing back the sound from one tape machine to another. Other works have employed galvanic skin response sensors, electromagnetically activated piano strings and other components that are not conventionally used in music composition.

Undoubtedly the most unconventional thing he’s done (so far) is to perform in an exhibit at The Art Gallery of Western Australia in Perth which opened earlier this month. That in itself would not be so unconventional if it weren’t for the fact that he passed away in 2021. Let us explain.

Continue reading “Posthumous Composition Being Performed By The Composer”

Clickspring’s Experimental Archaeology: Concentric Thin-Walled Tubing

April 25, 2025 by 32 Comments

It’s human nature to look at the technological achievements of the ancients — you know, anything before the 1990s — and marvel at how they were able to achieve precision results in such benighted times. How could anyone create a complicated mechanism without the aid of CNC machining and computer-aided design tools? Clearly, it was aliens.

Or, as [Chris] from Click Spring demonstrates by creating precision nesting thin-wall tubing, it was human beings running the same wetware as what’s running between our ears but with a lot more patience and ingenuity. It’s part of his series of experiments into how the craftsmen of antiquity made complicated devices like the Antikythera mechanism with simple tools. He starts by cleaning up roughly wrought brass rods on his hand-powered lathe, followed by drilling and reaming to create three tubes with incremental precision bores. He then creates matching pistons for each tube, with an almost gas-tight enough fit right off the lathe.

Getting the piston fit to true gas-tight precision came next, by lapping with a jeweler’s rouge made from iron swarf recovered from the bench. Allowed to rust and ground to a paste using a mortar and pestle, the red iron oxide mixed with olive oil made a dandy fine abrasive, perfect for polishing the metal to a high gloss finish. Making the set of tubes concentric required truing up the bores on the lathe, starting with the inner-most tube and adding the next-largest tube once the outer diameter was lapped to spec.

Easy? Not by a long shot! It looks like a tedious job that we suspect was given to the apprentice while the master worked on more interesting chores. But clearly, it was possible to achieve precision challenging today’s most exacting needs with nothing but the simplest tools and plenty of skill. Continue reading “Clickspring’s Experimental Archaeology: Concentric Thin-Walled Tubing”