Microsoft’s New Agentic Web Protocol Stumbles With Path Traversal Exploit

August 7, 2025 by Maya Posch 11 Comments

If the term ‘NLWeb’ first brought to mind an image of a Dutch internet service provider, you’re probably not alone. What it actually is – or tries to become – is Microsoft’s vision of a parallel internet protocol using which website owners and application developers can integrate whatever LLM-based chatbot they desire. Unfortunately for Microsoft, the NLWeb protocol just suffered its first major security flaw.

The flaw is an absolute doozy, involving a basic path traversal vulnerability that allows an attacker to use appropriately formatted URLs to traverse the filesystem of the remote, LLM-hosting, system to extract keys and other sensitive information. Although Microsoft patched it already, no CVE was assigned, while raising the question of just how many more elementary bugs like this may be lurking in the protocol and associated software.

As for why a website or application owner might be interested in NLWeb, the marketing pitch appears to be as an alternative to integrating a local search function. This way any website or app can have their own ChatGPT-style search functionality that is theoretically restricted to just their website, instead of chatbot-loving customers going to the ChatGPT or equivalent site to ask their questions there.

Even aside from the the strong ‘solution in search of a problem’ vibe, it’s worrying that right from the outset it seems to introduce pretty serious security issues that suggest a lack of real testing, never mind a strong ignorance of the fact that a lack of user input sanitization is the primary cause for widely exploited CVEs. Unknown is whether GitHub Copilot was used to write the affected codebase.

Teardown Of A Persil Smartwash Smart Laundry Detergent Ball

August 7, 2025 by Maya Posch 37 Comments

How to make doing laundry more smart, depending on your perspective. (Credit: Zerobrain, YouTube)

Ever since the invention of washing machines, the process of doing laundry has become rather straightforward. Simply toss the dirty laundry into the machine, fill up the detergent, and let the preset program handle the rest. This of course has not prevented companies from coming up with ways to add more complexity to doing laundry, with Henkel’s Smartwash technology the latest example, as demonstrated by German YouTube channel [ZeroBrain] with a complete teardown.

Henkel is the owner of detergent brands like Persil and Somat, with the Smartwash ball supposedly offering ‘smart’ dosing of detergent for washing machines, with naturally a smartphone app with intrusive localization to personalize the laundry experience. Sadly the video is only in German, but the language of teardowns is universal.

Continue reading “Teardown Of A Persil Smartwash Smart Laundry Detergent Ball” →

A Repeater For WWVB

August 7, 2025 by Bryan Cockfield 11 Comments

For those living in the continental US who, for whatever reason, don’t have access to an NTP server or a GPS device, the next best way to make sure the correct time is known is with the WWVB radio signal. Transmitting out of Colorado, the 60-bit 1 Hz signal reaches all 48 states in the low-frequency band and is a great way to get a clock within a few hundred nanoseconds of the official time. But in high noise situations, particularly on the coasts or in populated areas these radio-based clocks might miss some of the updates. To keep that from happening [Mike] built a repeater for this radio signal.

The repeater works by offloading most of the radio components to an Arduino. The microcontroller listens to the WWVB signal and re-transmits it at a lower power to the immediate area, in this case no further than a few inches away or enough to synchronize a few wristwatches. But it has a much better antenna for listening to WWVB so this eliminates the (admittedly uncommon) problem of [Mike]’s watches not synchronizing at least once per day. WWVB broadcasts a PWM signal which is easy for an Arduino to duplicate, but this one needed help from a DRV8833 amplifier to generate a meaningfully strong radio signal.

Although there have been other similar projects oriented around the WWVB signal, [Mike]’s goal for this was to improve the range of these projects so it could sync more than a single timekeeping device at a time as well as using parts which are more readily available and which have a higher ease of use. We’d say he’s done a pretty good job here, and his build instructions cover almost everything even the most beginner breadboarders would need to know to duplicate it on their own.

2025 One Hertz Challenge: The Easy Way To Make A Nixie Tube Clock

August 7, 2025 by Lewin Day 3 Comments

Let’s say you want to build a Nixie clock. You could go out and find some tubes, source a good power supply design, start whipping up a PCB, and working on a custom enclosure. Or, you could skip all that, and just follow [Simon]’s example instead.

The trick to building a Nixie clock fast is quite simple — just get yourself a frequency counter that uses Nixie tubes for the display. [Simon] sourced a great example from American Machine and Foundry, also known as AMF, the company most commonly associated with America’s love of bowling.

The frequency counter does one thing, it counts the number of pulses in a second. Thus, if you squirt the right number of pulses to represent the time — say, 173118 pulses to represent 5:31 PM and 18 seconds — the frequency counter effectively becomes a clock. To achieve this, [Simon] just hooked an ESP32 up to the frequency counter and programmed it to get the current time from an NTP time server. It then spits out a certain number of pulses every second corresponding to the current time. The frequency counter displays the count… and there you have your Nixie clock!

It’s quick, dirty, and effective, and a sweet entry to our 2025 One Hertz Challenge. We’ve had some other great entries, too, like this nifty hexadecimal Unix clock, and even some non-horological projects, too!

Continue reading “2025 One Hertz Challenge: The Easy Way To Make A Nixie Tube Clock” →

The 64-Degree Egg, And Other Delicious Variants

August 7, 2025 by Lewin Day 43 Comments

Many of us have boiled an egg at some point or another in our lives. The conventional technique is relatively straightforward—get the water boiling, drop the egg in, and leave it for a certain period of time based on the desired consistency. If you want the yolk soft, only leave it in for a few minutes, and if you want it hard, go longer.

Ultimately, though, this is a relatively crude system for controlling the consistency of the final product. If you instead study the makeup of the egg, and understand how it works, you can elicit far greater control over the texture and behavior of your egg with great culinary benefits.

Continue reading “The 64-Degree Egg, And Other Delicious Variants” →

Buying Large LiFePO4 Batteries: How Cheap Is Too Cheap?

August 7, 2025 by Maya Posch 42 Comments

It’s a well-known factoid that batteries keep getting cheaper while capacity increases. That said, as with any market that is full of people who are hunting for that ‘great deal’, there are also many shady sellers who will happily sell you a product that could be very dangerous. Especially in the case of large LiFePO₄ (LFP) batteries, considering the sheer amount of energy they can contain. Recently [Will Prowse] nabbed such a $125, 100 Ah battery off Amazon that carries no recognizable manufacturer or brand name.

If this battery works well, it could be an amazing deal for off-grid and solar-powered applications. Running a battery of tests on the battery, [Will] found that the unit’s BMS featured no over-current protection, happily surging to 400 A, with only over-temperature protection keeping it from melting down during a discharge scenario. Interestingly, under-temperature charge protection also worked on the unit.

After a (safe) teardown of the battery the real discoveries began, with a row of missing cells, the other cells being re-sleeved and thus likely salvaged or rejects. Fascinatingly, another YouTuber did a similar test and found that their (even cheaper) unit was of a much lower capacity (88.9 Ah) than [Will]’s with 98 Ah and featured a completely different BMS to boot. Their unit did however feature something of a brand name, though it’s much more likely that these are all just generic LFP batteries that get re-branded by resellers.

What this means is that these LFP batteries may be cheap, but they come with cells that are likely to be of questionable quality, featuring a BMS that plays it fast and loose with safety. Although [Will] doesn’t outright say that you shouldn’t use these batteries, he does recommend that you install a fuse on it to provide some semblance of over-current protection. Keeping a fire extinguisher at hand might also be a good idea.

Continue reading “Buying Large LiFePO4 Batteries: How Cheap Is Too Cheap?” →

VRML And The Dream Of Bringing 3D To The World Wide Web

August 7, 2025 by Maya Posch 17 Comments

You don’t have to be a Snow Crash or Tron fan to be familiar with the 3D craze that characterized the rise of the Internet and the World Wide Web in particular. From phrases like ‘surfing the information highway’ to sectioning websites as if to represent 3D real-life equivalents or sorting them by virtual streets like Geocities did, there has always been a strong push to make the Internet a more three-dimensional experience.

This is perhaps not so strange considering that we humans are ourselves 3D beings used to interacting in a 3D world. Surely we could make this fancy new ‘Internet’ technology do something more futuristic than connect us to text-based BBSes and serve HTML pages with heavily dithered images?

Enter VRML, the Virtual Reality Modelling Language, whose 3D worlds would surely herald the arrival of a new Internet era. Though neither VRML nor its successor X3D became a hit, they did leave their marks and are arguably the reason why we have technologies like WebGL today.

Continue reading “VRML And The Dream Of Bringing 3D To The World Wide Web” →