Metal 3D Printing Gets Really Fast (and Really Ugly)

February 17, 2024 by 8 Comments

The secret to cranking out a furniture-sized metal frame in minutes is Liquid Metal Printing (LMP), demonstrated by researchers at the Massachusetts Institute of Technology. They’ve demonstrated printing aluminum frames for tables and chairs, which are perfectly solid and able to withstand post-processing like drilling and milling.

The system heats aluminum in a graphite crucible, and the molten metal is gravity-fed through a ceramic nozzle and deposited into a bed of tiny 100-micron glass beads. The beads act as both print bed and support structure, allowing the metal to cool quickly without really affecting the surface. Molten aluminum is a harsh material to work with, so both the ceramic nozzle material and the glass beads to fill the print bed were selected after a lot of testing.

This printing method is fast and scalable, but sacrifices resolution. Ideally, the team would love to make a system capable of melting down recycled aluminum to print parts with. That would really be something new and interesting when it comes to manufacturing.

The look of the printed metal honestly reminds us a little of CandyFab from [Windell Oskay] and [Lenore Edman] at Evil Mad Scientist, which was a 3D printer before hobbyist 3D printers or kits were really a thing. CandyFab worked differently — it used hot air to melt sugar together one layer at a time — but the end result has a similar sort of look to it. Might not be pretty, but hey, looks aren’t everything.

(Update: see it in action in this video, which is also embedded just below. Thanks [CityZen] for sharing in the comments!)

Continue reading “Metal 3D Printing Gets Really Fast (and Really Ugly)”

Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5

February 16, 2024 by 2 Comments

Hackaday Editors Elliot Williams and Tom Nardi discuss all the week’s best and most interesting hacks and stories, starting with Canada’s misguided ban on the Flipper Zero for being too spooky. From there they’ll look at the state-of-the-art in the sub-$100 3D printer category, Apple’s latest “Right to Repair” loophole, running UNIX on the NES (and how it’s different from Japan’s Famicom), and the latency of various wireless protocols.

After singing the praises of the new Bus Pirate 5, discussion moves on to embedded Linux on spacecraft, artfully lifting IC pins, and the saga of the blue LED. Finally you’ll hear the how and why behind electrical steel, and marvel at a Mach 10 missile that (luckily) never needed to be used.

Grab a copy for yourself if you want to listen offline.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5”

This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!

February 16, 2024 by 7 Comments

Reading through a vulnerability report about ClamAV, I came across a phrase that filled me with dread: “The file name is not sanitized”. It’s a feature, VirusEvent, that can be enabled in the ClamnAV config. And that configuration includes a string formatting function, where the string includes %v and %s, which gets replaced with a detected virus name and the file name from the email. And now you see the problem, I hope: The filename is attacker supplied input.

Where this really gets out of hand is what ClamAV does with this string. execle("/bin/sh", "sh", "-c", buffer_cmd, NULL, env). So let’s talk defensive program design for a minute. When it comes to running a secondary command, there are two general options, system() and the exec*() family of system calls. system() is very simple to use. It pauses execution of the main process and asks the operating system to run a string, just as if the user had typed that command into the shell. While this is very convenient to use, there is a security problem if any of that command string is user-supplied. All it takes is a semicolon or ampersand to break assumptions and inject a command.

To the rescue comes exec(). It’s a bit more complicated to use, requiring the programmer to manually call fork() and wait(). But it’s not running the command via the shell. exec() executes a program directly, totally eliminating the potential for command injection! Except… oops.

Yeah, exec() and related calls don’t offer any security protections when you use them to execute /bin/sh. I suspect the code was written this way to allow running a script without specifying /bin/sh in the config. The official fix was to disable the filename format character, and instead supply it as an environment variable. That certainly works, and that fix is available in 1.0.5, 1.2.2, and 1.3.0.

The real danger here is that we have another case where some hardware appliance manufacturer has used ClamAV for email filtering, and uses this configuration by default. That’s how we get orders from CISA to unplug your hardware, because it’s already compromised. Continue reading “This Week In Security: Filename Not Sanitized, MonikerLink, And Snap Attack!”

Electrical Steel: The Material At The Heart Of The Grid

February 15, 2024 by 32 Comments

When thoughts turn to the modernization and decarbonization of our transportation infrastructure, one imagines it to be dominated by exotic materials. EV motors and wind turbine generators need magnets made with rare earth metals (which turn out to be not all that rare), batteries for cars and grid storage need lithium and cobalt, and of course an abundance of extremely pure silicon is needed to provide the computational power that makes everything work. Throw in healthy pinches of graphene, carbon fiber composites and ceramics, and minerals like molybdenum, and the recipe starts looking pretty exotic.

As necessary as they are, all these exotic materials are worthless without a foundation of more familiar materials, ones that humans have been extracting and exploiting for eons. Mine all the neodymium you want, but without materials like copper for motor and generator windings, your EV is going nowhere and wind turbines are just big lawn ornaments. But just as important is iron, specifically as the alloy steel, which not only forms the structural elements of nearly everything mechanical but also appears in the stators and rotors of motors and generators, as well as the cores of the giant transformers that the electrical grid is built from.

Not just any steel will do for electrical use, though; special formulations, collectively known as electrical steel, are needed to build these electromagnetic devices. Electrical steel is simple in concept but complex in detail, and has become absolutely vital to the functioning of modern society. So it pays to take a look at what electrical steel is and how it works, and why we’re going nowhere without it.

Continue reading “Electrical Steel: The Material At The Heart Of The Grid”

Inputs Of Interest: The Svalboard Could Be Your Salvation

February 14, 2024 by 12 Comments

You know, sometimes dreams really do come true. When I told you about the DataHand keyboard almost four years ago, I never imagined I’d ever get to lay my hands on anything even remotely like it, between the original price point and the fact that they really, really hold their value. But thanks to [Morgan Venable], creator of the Svalboard, I can finally tell you what it’s like to type with your digits directionalized.

If you don’t recall, the DataHand was touted to be a total revolution in typing for RSI sufferers. It debuted in 1993 for a hefty price tag of about $1,500 — pretty far out of reach of the average consumer, but well within the budgets of the IT departments of companies who really wanted to keep their workers working. You want minimum finger travel? It doesn’t get more minimal than this concept of a d-pad plus the regular down action for each finger.

The Svalboard aims to be the new and improved solution for something that barely exists anymore, but still has a devoted following. Although the DataHand was built on a gantry and adjustable using knobs, the smallest fit possible on the thing is still rather big. Conversely, the Svalboard is fully customizable to suit any size hand and fingertip.

Continue reading “Inputs Of Interest: The Svalboard Could Be Your Salvation”

Sprint: The Mach 10 Magic Missile That Wasn’t Magic Enough

February 13, 2024 by 75 Comments

Defending an area against incoming missiles is a difficult task. Missiles are incredibly fast and present a small target. Assuming you know they’re coming, you have to be able to track them accurately if you’re to have any hope of stopping them. Then, you need some kind of wonderous missile of your own that’s fast enough and maneuverable enough to take them out.

It’s a task that at times can seem overwhelmingly impossible. And yet, the devastating consequences of a potential nuclear attack are so great that the US military had a red hot go anyway. In the 1970s, America’s best attempt to thwart incoming Soviet ICBMs led to the development of the Sprint ABM—a missile made up entirely of improbable numbers.

Continue reading “Sprint: The Mach 10 Magic Missile That Wasn’t Magic Enough”

Hands On: Bus Pirate 5

February 12, 2024 by 26 Comments

If you’ve been involved with electronics and hardware hacking for awhile, there’s an excellent chance you’ve heard of the Bus Pirate. First introduced on the pages of Hackaday back in 2008 by creator Ian Lesnet, the open hardware multi-tool was designed not only as away to easily tap into a wide array of communication protocols, but to provide various functions that would be useful during hardware development or reverse engineering. The Bus Pirate could talk to your I2C and SPI devices, while also being able to measure frequencies, check voltages, program chips, and even function as a logic analyzer or oscilloscope.

Bus Pirate 3, circa 2012

The Bus Pirate provided an incredible number of tools at a hobbyist-friendly price, and it wasn’t long before the device became so popular that it achieved a milestone which only a few hardware hacking gadgets can boast: its sales started to get undercut by cheap overseas clones. Of course, as an open hardware device, this wasn’t really a problem. If other companies wanted to crank out cheap Bus Pirates, that’s fine. It freed Ian up to research a next-generation version of the device.

But it turns out that was easier said than done. It’s around this point that the Bus Pirate enters what might be considered its Duke Nukem Forever phase. It took 15 years to release the sequel to 1996’s Duke Nukem 3D because the state-of-the-art in video games kept changing, and the developers didn’t want to be behind the curve. Similarly, Ian and his team spent years developing and redeveloping versions of the Bus Pirate that utilized different hardware platforms, such as the STM32 and ICE40 FPGA. But each time, there would be problems sourcing components, or something newer and more interesting would be released.

But then in 2021 the Raspberry Pi Pico hit the scene, and soon after, the bare RP2040 chip. Not only were the vast I/O capabilities of the new microcontroller a perfect fit for the Bus Pirate, but the chip was cheap and widely available. Finally, after years of false starts, the Bus Pirate 5 was born.

I was able to grab one of the first all-new Bus Pirates off the production line in January, and have been spending the last week or so playing around with it. While there’s definitely room for improvement on the software side of things, the hardware is extremely promising, and I’m very excited to be see how this new chapter in the Bus Pirate story plays out.

Continue reading “Hands On: Bus Pirate 5”