This Week In Security: ClamAV, The AMD Leak, And The Unencrypted Power Grid

January 24, 2025 by 10 Comments

Cisco’s ClamAV has a heap-based buffer overflow in its OLE2 file scanning. That’s a big deal, because ClamAV is used to scan file attachments on incoming emails. All it takes to trigger the vulnerability is to send a malicious file through an email system that uses ClamAV.

The exact vulnerability is a string termination check that can fail to trigger, leading to a buffer over-read. That’s a lot better than a buffer overflow while writing to memory. That detail is why this vulnerability is strictly a Denial of Service problem. The memory read results in process termination, presumably a segfault for reading protected memory. There are Proof of Concepts (PoCs) available, but so far no reports of the vulnerability being used in the wild.
Continue reading “This Week In Security: ClamAV, The AMD Leak, And The Unencrypted Power Grid”

Setting The Stage For Open Source Sonar Development

January 24, 2025 by 19 Comments

At Hackaday, we see community-driven open source development as the great equalizer. Whether it’s hardware or software —  if there’s some megacorp out there trying to sell you something, you should have the option to go with a comparable open source version. Even if the commercial offering is objectively superior, it’s important that open source alternatives always exist, or else its the users themselves that end up becoming the product before too long.

So we were particularly excited when [Neumi] wrote in to share his Open Echo project, as it contains some very impressive work towards democratizing the use of sonar. Over the years we’ve seen a handful of underwater projects utilize sonar in some form or another, but they have always simply read the data from a commercial, and generally expensive, unit. But Open Echo promises to delete the middle-man, allowing for cheaper and more flexible access to bathymetric data.

Continue reading “Setting The Stage For Open Source Sonar Development”

Laser-Cut Metal Endoskeleton Beefs Up 3D Prints

January 24, 2025 by 24 Comments

There are limits to what you can do with an FDM printer to make your parts stronger. It really comes down to adding more plastic, like increasing wall thickness or boosting up the infill percentage. Other than that, redesigning the part to put more material where the part is most likely to fail is about the only other thing you can do. Unless, of course, you have access to a fiber laser cutter that can make internal metal supports for your prints.

As [Paul] explains it, this project stemmed from an unfortunate episode where a printed monitor stand failed, sending the LCD panel to its doom. He had taken care to reinforce that part by filling it with fiberglass resin, but to no avail. Unwilling to risk a repeat with a new tablet holder, he decided to test several alternative methods for reinforcing parts. Using a 100 W fiber laser cutter, he cut different internal supports from 0.2 mm steel shim stock. In one case he simply sandwiched the support between two half-thickness brackets, while in another he embedded the steel right into the print. He also made two parts that were filled with epoxy resin, one with a steel support embedded and one without.

The test setup was very simple, just a crane scale to measure the force exerted by pulling down on the part with his foot; crude, but effective. Every reinforced part performed better than a plain printed part with no reinforcement, but the clear winner was the epoxy-filled part with a solid-metal insert. Honestly, we were surprised at how much benefit such a thin piece of metal offered, even when it was directly embedded into the print during a pause.

Not everyone has access to a fiber laser cutter, of course, so this method might not be for everyone. In that case, you might want to check out other ways to beef up your prints, including just splitting them in two.

Continue reading “Laser-Cut Metal Endoskeleton Beefs Up 3D Prints”

A Second Rare Atari Cabinet 3D Printed

January 23, 2025 by 5 Comments

Last year we covered the creation of a 3D-printed full-size replica of an original Computer Space arcade machine, the legendary first glimmer from what would become Atari, one of the most famous names in gaming. The flowing exuberance of glitter-finished fibreglass made these machines instantly recognisable. Not so well known though is that there was a second cabinet in a similar vein from Atari. Space Race is most often seen in a conventional wooden cabinet, but there were a limited number of early examples made in an asymetric angular take on the same fibreglass recipe as Computer Space. They’re super rare, but that hasn’t stopped a replica being made by the same team and documented in a pair of videos by [RMC – The Cave].

Just like the earlier project, a start was made with a 3D model. In this case an owner of a real cabinet was found, who ran off a not-very-good scan with a mobile phone. This was then used as the basis for a much better model, and the various pieces were printed. Using all manner of reel ends gave the assembled cabinet a coat of many colours look, but after a coat of filler, paint, and then glitter lacquer, you would never know. Electronics come courtesy of modern emulation hardware and a Sony CCTV monitor, and the joysticks were made from a mixture of common hardware and 3D prints. Both the videos are below the break, and you’ll now no doubt also want to see the original project..

Continue reading “A Second Rare Atari Cabinet 3D Printed”

Trap Naughty Web Crawlers In Digestive Juices With Nepenthes

January 23, 2025 by 44 Comments

In the olden days of the WWW you could just put a robots.txt file in the root of your website and crawling bots from search engines and kin would (generally) respect the rules in it. These days, however, we have especially web crawlers from large language model (LLM) companies happily ignoring such signs on the lawn before proceeding to hover up every scrap of content on websites. Naturally this makes a lot of people very angry, but what can you do about it? The answer by [Aaron B] is Nepenthes, described on the project page as a ‘tar pit for catching web crawlers’.

More commonly known as ‘pitcher plants’, nepenthes is a genus of carnivorous plants that use a fluid-filled cup to trap insects and small critters unfortunate enough to slip & slide down into it. In the case of this Lua-based project the idea is roughly the same. Configured as a trap behind a web server (e.g. /nepenthes), any web crawler that accesses it will be presented with an endless number of (randomly generated) pages with many URLs to follow. Page generating is deliberately quite slow to not soak up significant CPU time, while still giving the LLM scrapers plenty of random nonsense to chew on.

Considering that these web crawlers deemed adhering to the friendly sign on the lawn beneath them, the least we can do in response, is to hasten model collapse by feeding these LLM scrapers whatever rolls out of a simple (optionally Markov-based) text generator.

An Electric Converted Tractor CAN Farm!

January 23, 2025 by 12 Comments

Last October we showed you a video from [LiamTronix], in which he applied an electric conversion to a 1960s Massey-Ferguson 65 which had seen better days. It certainly seemed ready for light work around the farm, but it’s only now that we get his video showing the machine at work. This thing really can farm!

An MF 65 wasn’t the smallest of 1960s tractors, but by today’s standards it’s not a machine you would expect to see working a thousand acres of wheat. Instead it’s a typical size for a smaller operation, perhaps a mixed farm, a small livestock farm, or in this case a horticulture operation growing pumpkins. In these farms the tractor doesn’t often trail up and down a field for hours, instead it’s used for individual smaller tasks where its carrying or lifting capacity is needed, or for smaller implements. It’s in these applications that we see the electric 65 being tested, as well as some harder work such as hauling a trailer load of bales, or even harrowing a field.

In one sense the video isn’t a hack in itself, for that you need to look at the original build. But it’s important to see how a hack turned out in practice, and this relatively straightforward conversion with a DC motor has we think proven itself to be more than capable of small farm tasks. Its only flaw in the video is a 30 minute running time, something he says he’ll be working on by giving it a larger battery pack. We’d use it on the Hackaday ancestral acres, any time!

Continue reading “An Electric Converted Tractor CAN Farm!”

This QR Code Leads To Two Websites, But How?

January 23, 2025 by 45 Comments

QR codes are designed with alignment and scaling features, not to mention checksums and significant redundancy. They have to be, because you’re taking photos of them with your potato-camera while moving, in the dark, and it’s on a curved sticker on a phone pole.  So it came as a complete surprise to us that [Christian Walther] succeeded in making an ambiguous QR code.

Nerd-sniped by [Guy Dupont], who made them using those lenticular lens overlays, [Christian] made a QR code that resolves to two websites depending on the angle at which it’s viewed. The trick is to identify the cells that are different between the two URLs, for instance, and split them in half vertically and horizontally: making them into a tiny checkerboard. It appears that some QR decoders sample in the center of each target square, and the center will be in one side or the other depending on the tilt of the QR code.

Figuring out the minimal-difference QR code encoding between two arbitrary URLs would make a neat programming exercise. How long before we see these in popular use, like back in the old days when embedding images was fresh? QR codes are fun!

Whether it works is probably phone- and/or algorithm-dependent, so try this out, and let us know in the comments if they work for you.

Thanks [Lacey] for the tip!