A CRT Monitor From An Obsolete Logic Analyzer

The designers of older equipment that contained a CRT monitor rarely made the effort to design their own driver and deflection circuitry. Instead they were more likely to buy an off  the shelf assembly from a monitor manufacturer, and simply supply it with their video. [TomV] has an old HP 16500A logic analyzer, and in it he found a Sony monitor chassis. With a quest for a microfiche service manual and a bit of reverse engineering, he was able to hook it up to a VGA port and use it as an extension monitor for his laptop.

The monitor chassis is a Sony CHM-9001-00, which sports their 10″ Trinitron tube. These were among the very best CRT tubes of the day, making it the type of module 1990s hacker would have been very pleased to get their hands on. Here in 2022 a look at the monitor’s 40-pin connector reveals a standard RGB interface which the service manual confirms is within the voltage range to be driven from a VGA output. A Thinkpad X220 is pressed into service, with a 576 by 360 pixel at 60 Hz video mode defined, and there we have it, a modern desktop on an obsolete piece of test equipment.

The intended destination for this monitor is a small arcade cabinet, so it needed to be independent of the HP chassis. The required 120 VDC supply comes from an inverter designed for solar battery charging, which balked at the inrush current from the monitor when fed with 12 V. Increasing the supply voltage on the low voltage side solved that, leading to a very serviceable monitor. We have no use for one, but we’d be lying if we said we didn’t want one.

Perhaps you may have wondered, what made Trinitrons so good?

This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis

If you use PHP, you likely use the Composer tool for managing dependencies, at least indirectly. And the good folks at SonarSource found a nasty, potential supply chain attack in this tool, when used in the Packagist repository. The problem is the support for arbitrary README filenames. When a package update shows up on Packagist, that service uses a Version Control Service (VCS) like Git or Mercurial to pull the specified readme location. That pull operation is subject to argument injection. Name your branch --help, and Git will happily run the help argument instead of doing the pull intended. In the case of Git commands, our intrepid researchers were unable to weaponize the issue to achieve code execution.

Composer also supports projects that use Mercurial as their VCS, and Mercurial has a --config option that has… interesting potential. It allows redefining a Mecurial command as a script snippet. So a project just has to contain a malicious payload.sh, and the readme set to --config=alias.cat=!hg cat -r : payload.sh|sh;,txt. For those keeping track at home, the vulnerability is that this cursed string of ugly is accepted by Composer as a valid filename. This uses the --config trick to redefine cat as a bit of script that executes the payload. It ends in .txt because that is a requirement of Composer.

So let’s talk about what this little hack could have been used for, or maybe still used for on an unpatched, private install of Packagist. This is an unattended attack that jumps straight to remote script execution — on an official package repository. If discovered and used for evil, this would have been a massive supply chain attack against PHP deployments. Instead, thanks to SonarSource, it was discovered and disclosed privately back in April. The official Packagist repo at packagist.org was fixed the day after disclosure, and a CVE and updated packages went out six days later. Great work all around.
Continue reading “This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis”

Five-Foot Keyboard Lays It All On The Line

We would bet that among the most technologically-inclined of our readership, there are plenty of hunt-and-peck typists. Because of course, typing quickly and from the home row has nothing to do with intelligence, and everything to do with practice and rote muscle memorization. But what if the keyboard was all home row?

That’s right — Google Japan (translated) is back at it with another joke peripheral that happens to be 100% real and open-source. Whether you want to keep your distance from others while you toil at the coffee shop, or really, really want to get into the pair programming thing, this is the keyboard for you. While the prototype was a whopping seven feet long (or wide, whatever), the final version is shorter and friendlier, and can double as a walking stick on those outdoor sanity breaks with the addition of a protective shoe.

As with their mug keyboard, we appreciate the work that went into making this keyboard real just as much as the joke itself. Our favorite factoid has to be that this is made up of 17 different circuit boards, including the control board. Be sure to check out the fairly hilarious promo video after the break.

Continue reading “Five-Foot Keyboard Lays It All On The Line”

Have 3D Printer, Will Travel

We keep hearing that the desktop computer is dying — everyone wants a mobile device like a laptop, a tablet, or a big horkin’ phone. We suppose [eponra] wants the same thing for 3D printers, since he’s provided plans for “flatpack” a portable 3D printer that can fit in a spool box.

As you might imagine, this isn’t going to give you maximum build volume. The printer’s folded down dimensions are 220x210x75mm. The build plate is fairly small at 120x114x144mm. However, it does have a heated bed and an LCD display. One note, though: you do need an external power supply that does not fit in the box. However, [eponra] notes that with an AC-powered bed, it would be possible to get everything in the box.

Continue reading “Have 3D Printer, Will Travel”

Mac 128K Emulator Gets DIY Ceramic Enclosure

Creative technologist [Joselyn McDonald] wanted to hone her ceramic skills by building an iconic Macintosh 128K sculpture, complete with a fully functional operating system.

At first, she was determined to use Processing to create an interface for her sculpture by recreating the UI visually and adding some touch controls. However, she soon abandoned this tedious task after discovering MacintoshPi, which steps you through installing Mac OS 7, 8, and 9 emulators on a Raspberry Pi. [Joselyn] has also installed several retro games, including DOOM II, Carmen Sandiego, and Sim City, thanks to sites like Macintosh Garden and Macintosh Repository. 

Next, [Joselyn] hopes to set it up to display her and her partner’s schedules, and to let friends play around with nostalgic games. This piece was made using hand building, but other cool ceramic techniques like this slip cast dog bowl and this stone 3D printer have us thinking about what other types of enclosures could be built!

Building A Digital Library Of Amateur Radio And Communications

For years the Internet Archive has provided the online community with a breathtaking collection of resources, out of print books, magazines, recordings, software, and any other imaginable digital asset in easily retrievable form. Now with the help of a grant from the Amateur Radio Digital Communications Foundation they are seeking to create a collection that documents amateur radio from its earliest days to the present.

The work will be multi-faceted, and include the print and digital materials we’d expect, as well as personal archives and oral histories from notable radio amateurs. For many of us this will provide a wealth of technical details and insights into taming the ionosphere, but for future historians it will be an invaluable reference on the first century of the hobby.

Amateur radio is perhaps the oldest hardware hacking pursuit of the electronic age, because certainly at the start, radio was electronics. Thus amateur radio’s long history has indirectly given us many of the things we take for granted today. Sure it has its moribund aspects, but we think if it continues to follow the growth of new technology as it has for so many years it will continue to be an exciting pursuit. We look forward to browsing this archive, and we hope to see it grow over the years.

Header image: Lescarboura, Austin C. (Austin Celestin), 1891-, No restrictions.

Rubber Band Behemoth Winds Its Way Toward World Record

Egged on by adoring fans who demanded more aircraft videos, [ProjectAir] has decided to break the world record for rubber band powered aircraft… despite having never built a rubber band powered aircraft. Why rubber band power?

Before little two stroke motors became affordable, and long before electric motors and batteries were remotely possible, there weren’t a lot of options for powering your model aircraft. One technology that really took off was that of rubber band power. By winding a rubber band, it could store enough energy to turn a propeller for a short duration. With a 10 foot model taking the current world record, as you can see in the video below the break [ProjectAir] decided to see if he could beat it.

Rubber Band Powered Free Flight c1915 By Unknown author

Starting with a successful free flight aircraft made of foam board, [ProjectAir] simply scaled it up to an eleven foot wing- one foot larger than the ten foot world record holder. Since there were now eight rubber band motors, a mechanism was created to release the propellers in sync, but this was problematic. Eventually a slightly heavy but solid solution was found.

[ProjectAir] did more testing, more problem solving, and through rapid iterations, he eventually was able to have a successful flight under radio control. His personal goal of a 12 second flight was exceeded, and then Guinness called! They’re interested in certifying his attempt as long as his plane can fly for at least 30 seconds- almost double his current ability. What will he do? Check the video, too, for [ProjectAir]’s challenge to the community to join him in trying to beat the world record. Sounds like fun!

Aside from powering world record attempting radio controlled aircraft, did you know that you can build a rubber band powered refrigerator? It’s true!

Continue reading “Rubber Band Behemoth Winds Its Way Toward World Record”