After Stumbling From CVE To CVE Will Linux Get A Kill Switch?

May 16, 2026 by Maya Posch 23 Comments

For the few people who have spent the past weeks living under a security rock, the Linux kernel has found itself the subject of multiple severe bugs in the form of Copy Fail and Dirty Frag, both of which allow for privilege escalation. They’ve made many people very upset, and also potentially put many thousands of systems at risk of exploitation. Worse is that system managers are generally left to twiddle their thumbs while waiting for patches to be rolled out. This is where NVIDIA engineer [Sasha Levin] has proposed a ‘kill switch’ for affected kernel functions.

The basic concept seems rather simple, with this feature merely intercepting a call to the affected function and instead returning a predefined return value. This makes it less extreme than hitting a general SCRAM button on the entire kernel, and could theoretically allow the affected systems to keep running until the patched kernel becomes available.

A disadvantage of this is that it obviously modifies the kernel, patching it in-memory so that you need to reboot the system to clear it. Another potential disadvantage is that it opens a potentially massive attack vector, with people in the Cybersecurity sub-Reddit roundly rejecting the idea. Amidst all the other anxious conversions there is also the concern that this particular patch was at least partially generated by an LLM (Claude Opus 4.7) , so one may hope that if it does gets merged into mainline it’ll at least be properly vetted by multiple pairs of well-caffeinated human eyes.

Fixing A Cotton Candy Vending Machine

May 16, 2026 by Maya Posch 5 Comments

Cotton candy is probably the best way to eat pure sugar, which makes having your very own cotton candy vending machine to automate making it a bit of a dream. The machine that [Block’s Retro Repairs] got should therefore make him very happy, but unfortunately it was bought as defective. After digging into the machine in an earlier video, this time around there’s some actual success and proper cotton candy to enjoy.

The PCB with the rather frayed temperature sensor. (Credit: Block's Retro Repairs, YouTube) — The PCB with the rather frayed temperature sensor. (Credit: Block’s Retro Repairs, YouTube)

The way that cotton candy is made involves spinning thin threads of sugar, which are created by the heating and rapid crystallization of the sweet stuff. Unfortunately this machine wasn’t even really extruding sugar any more, so it had to get a deep clean to remove probably years of crusty buildup. After this things still weren’t working right, although cranking up the temperature on the induction heated head improved the results somewhat.

To really fix the machine, this head with its clearly dodgy thermocouple had to be disassembled. This revealed that said sensor was looking rather frayed, potentially shorting out against the aluminium head and likely not in the entirely right position any more. After adding some insulation back and making sure that the thermocouple was located closer to the top of the head, it was time for more testing.

Repairing the thermocouple seems to have fixed most ills, with still some calibration of the temperature required, but finally resulting in fancy shaped cotton candy in its myriad of colors. Along with the looming hazard of potentially acquiring Type II diabetes from all the testing, there was still a problem involving the remote management feature of this Red Rabbit machine.

These $6,000 vending machines do feature an Android 7-based software with a Rockchip SoC and access to a lot of settings via its large touch screen, but features such as setting prices for the products are locked away via a remote account. The machine was sadly still linked to someone else’s account, and so far Red Rabbit support had not responded to any documentation, repair help or account unlinking requests. This has left the machine in somewhat of a pickle.

It was possible to dump the software of the machine, which can be fetched from Archive.org, so if anyone would like to pitch in and break this remote lock, that would be very welcome. It’s also considered to replace the cash reader with a simple button or so, but where’s the fun in that?

Continue reading “Fixing A Cotton Candy Vending Machine” →

Automating Window Shades With Home Assistant

May 14, 2026 by Maya Posch 12 Comments

Most people love window shades, but many dislike the tedium of having to open and close them over the course of each day. While there are automation options here, if you’re in a rental place like [Rooster Robotics], then you’d prefer something less intrusive, as well as less cloud-bound. This is basically why he opted to build his own solution from scratch to open and close roller shades via Home Assistant.

The comments to the video helpfully point out that technically his point about there not being commercial options with a forced remote account ‘feature’ is false, as the Aqara Roller Shade Driver E1 for example is just a regular Zigbee device which can be used with a wide range of home automation ecosystems. That said, it’s always nice to have your own device that you fully control.

Of course, these devices are deceptively simple, as you still have to somehow know how far open the curtain is, which is also useful if you just want to open the curtain a certain amount. The other issue is the need to have the motor parallel with the wall unless you enjoy having a big wart sticking out from the wall.

Solving the first issue was attempted with a Hall effect sensor, and the second with angled gearing. With some refinements this led to a functioning design, allowing the development of a custom PCB with an ESP32-S3 module for WiFi control. In the final design the Hall effect sensor and magnets were replaced with an AS5600 magnetic rotatory position sensor that requires just one magnet and offers a much higher resolution.

Currently the design files are not available, but [Rooster Robotics] has indicated that they are looking at open sourcing the files in the future.

Continue reading “Automating Window Shades With Home Assistant” →

Testing Giant Fire Darts From The Mary Rose

May 13, 2026 by Maya Posch 10 Comments

Fire arrow versus the recreated fire dart. (Credit: Tod's Workshop, YouTube) — Fire arrow versus the recreated fire dart. (Credit: Tod’s Workshop, YouTube)

The Mary Rose was a carrack in the English Tudor Navy of King Henry VIII that fought in multiple battles during the 16th century before it was sunk in 1545. After its wreck was located in 1971 and raised in 1982 the ship and all the items contained within the partially preserved hull became the focus of intense study. Among these items are the weaponry found, including the cannons, but also massive darts that seemed to have been designed for an incendiary payload. Recently [Tod’s Workshop] collaborated with others to test these presumed incendiary darts.

Although fire arrows have been around for a while, seeing what appears to be super-sized versions of these is somewhat unusual, but could make sense in taking out enemy ships of the time. The main questions are how you would even fire them, and how effective they would be. Were the darts thrown by hand from e.g. the crow’s nest, or fired from a cannon?

The reproduction darts used are based on the recovered remnants of the original darts, with an incendiary mixture inside a pitch-covered cloth covering. This mixture would be ignited by wooden fuses after a set amount of time, at which point the resulting fire would be basically impossible to put out. Obviously, this also means that if you were to throw one of these darts, it can absolutely not fall onto your own ship.

First tested was throwing the dart by hand, which seems like it would clear the ship. Of course, the three recovered darts were found near a rather special cannon that appeared to be both a miscast and angled upwards. Whether that cannon was used for launching apparently somewhat experimental darts is hard to say, but it can be tested. Sadly, lacking a full-sized black powder cannon a scale model dart was fired using compressed air.

From that scale test it’s clear that at full charge the dart would disintegrate due to the rapid acceleration, but a ‘soft’, or reduced, charge could work against nearby targets. Once the dart lodges itself into the enemy ship’s structure, it would definitely cause severe damage as further tests in the video demonstrate. Having a salvo of these fire darts fired at you from a nearby ship would definitely make for a pretty bad day.

Continue reading “Testing Giant Fire Darts From The Mary Rose“ →

Y-zipper: 3D Printing Flexible–Rigid Transition Mechanism For Rapid And Reversible Assembly

May 13, 2026 by Maya Posch 20 Comments

Along with Velcro, zippers have become an integral part of every day life, being a quick and easy way to usually temporarily join fabric together. Which isn’t to say that you cannot do more with the basic zipper concept, including using them to turn floppy 2D shapes into rigid 3D ones, such as with the Y-zipper concept proposed and demonstrated by [Jiaji Li] et al.

Although not a fully new idea, the Y-zipper is compared with a range of similar mechanisms that do not feature the same abilities, including the standard zipper ease of zipping up, the possibility of having curved geometry and automatic actuation.

Plus there is that the Y-zipper is designed from the start to be 3Dprinted, while still following the same basic pattern of interlocking teeth that the slider mechanism alternately pushes together or pulls apart.

By modifying the basic straight design of the flat strips, the resulting zipped-up form can take on a distinct bend, as well as turn into a coil or a screw. With a demonstrated joint design it is then possible to join multiple Y-zipper rods together, which could make for an interesting alternative to traditional pop-up tent supports, for example.

Also demonstrated is the use of TPU to create compliant bridges, as well as the direct integration of fabric, to show the versatility of the technology. With the used materials (PLA, TPU) the researchers estimate a maximum viable length of about 3 meters before the printed structures begin to disintegrate.

The Dark Side Of Unitree Robot Dogs

May 12, 2026 by Maya Posch 30 Comments

Arbitrary command execution with the Wi-Fi password. (Credit: Benn Jordan)

Continuing on his quest to expose the dark underbelly of modern technology, [Benn Jordan] recently did a deep-dive into the rise of so-called robot dogs. Although their most striking resemblance with biological dogs is that they also have four legs and generally follow commands, [Benn] found many issues with them that range from safety issues due to limited sensory capabilities, to basic security vulnerabilities, all the way to suspicious network traffic from Unitree’s robot dog firmware.

Although not the only seller of this type of quadruped robot, Unitree Robotics has made a name for itself by offering very capable and yet very cheap products. Their basic quadruped robot costs only a few thousand clams and features Lidar and heaps of processing power, all of which should make it a pretty useful device.

Despite this, [Benn] found that the original task that he’d envisioned for the robot, as in protecting his chickens from uninvited visitors, wouldn’t quite work as the robot is rather blind. The reason for this is the placement of the Lidar below the head, which obscures most of what’s behind and around the robot. Rather than risk trampled chickens and chicks, this plan was thus abandoned.

When digging further into the robot, he found an easy to exploit arbitrary command execution flaw via the Wi-Fi password entry field, a year-old CVE-2025-2894 exploit, as well as highly suspicious traffic to Chinese servers whenever the robot’s software figured that it was not being watched.

Although much of this can be circumvented with hacks, issues like the sensory limitations and general distrust of firmware updates makes using these robots a rather daunting and often ill-advised proposition.

Continue reading “The Dark Side Of Unitree Robot Dogs” →

Trying To Fix A GoPro Hero 10 With A No Camera Input Issue

May 12, 2026 by Maya Posch 4 Comments

In the search for more exciting broken electronics to repair, [Hugh Jeffreys] bought a GoPro Hero 10 for US$100 with an apparently rather common issue of no camera input, along with a cracked display. This particular camera issue is rather obvious, with just darkness where the camera’s input should appear on the display. Since [Hugh] already needed a spare display, he figured that he might as well get an even more broken GoPro Hero 10 for parts.

Another US$40 later, [Hugh] found himself the proud owner of a second GoPro, this one being water damaged and no longer turning on. Getting to the internals requires removing the glued-in display, which is even trickier than with a smartphone. By inserting a thin blade, adding solvents and not prying, you can slowly work it loose.

With two disassembled GoPros it was now possible to swap modules. After a factory reset and firmware update had failed to fix the first GoPro, the camera module from the donor unit was inserted, but this made no difference. Amusingly, after cleaning the water-damaged unit’s PCBs, it was found to be in good working condition, so ultimately the second GoPro was repaired, leaving the ‘no camera input’ issue undiagnosed.

It’s possible that a board-level repair on the first unit can address the original issue, but without schematics this would likely entail a lot of blindly poking around, in the hope of finding a damaged MLCC or other obvious fault. There is also the possibility that this is a firmware issue, with some reporting luck mashing the record button, but others disagree.

Since [Hugh] did do the firmware reset and updating steps, and even inserted a whole new working camera module, it would seem to narrow the problem down to a board-level issue. Whatever the case may be, it’s a frustrating issue with a rather expensive device.

Continue reading “Trying To Fix A GoPro Hero 10 With A No Camera Input Issue” →