Bats Can No Longer Haunt Apple VR Headsets Via Web Exploit

June 26, 2024 by 33 Comments

Bug reporting doesn’t usually have a lot of visuals. Not so with the visionOS bug [Ryan Pickren] found, which fills a user’s area with screeching bats after visiting a malicious website. Even better, closing the browser doesn’t get rid of them! Better still? Doesn’t need to be bats, it could be spiders. Fun!

The bug has been fixed, but here’s how it worked: the Safari browser build for visionOS allowed a malicious website to fill the user’s 3D space with animated objects without interaction or permission. The code to trigger this is remarkably succinct, and is actually a new twist on an old feature: Apple AR Quick Look, an HTML-based feature for rendering 3D augmented reality content in Safari.

How about spiders, instead?

Leveraging this old feature is what lets an untrusted website launch an arbitrary number of animated 3D objects — complete with sound — into a user’s virtual space without any interaction from the user whatsoever. The icing on the cake is that Quick Look is a separate process, so closing Safari doesn’t get rid of the pests.

Providing immersive 3D via a web browser is a valuable way to deliver interactive content on both desktops and VR headsets; a good example is the fantastic virtual BBC Micro which uses WebXR. But on the Apple Vision Pro the user is always involved and there are privacy boundaries that corral such content. Things being launched into a user’s space in an interaction-free way is certainly not intended behavior.

The final interesting bit about this bug (or loophole) was that in a way, it defied easy classification and highlights a new sort of issue. While it seems obvious from a user experience and interface perspective that a random website spawning screeching crawlies into one’s personal space is not ideal, is this a denial-of-service issue? A privilege escalation that technically isn’t? It’s certainly unexpected behavior, but that doesn’t really capture the potential psychological impact such bugs can have. Perhaps the invasion of personal space and user boundaries will become a quantifiable aspect of bugs in these new platforms. What fun.

screenshot of the code defining a hid descriptor by using essentially macros for common descriptor types

Coupling STM32 And Linux? Consider HID Over I2C

June 26, 2024 by 25 Comments

If you’re pairing a tiny Linux computer to a few peripherals — perhaps you’re building a reasonably custom Pi-powered device — it’s rightfully tempting to use something like an STM32 for all your low-level tasks, from power management to reading keyboard events.

Now, in case you were wondering how to tie the two together, consider HID over I2C, it’s a standardized protocol with wide software and peripheral support, easily implementable and low-power. What’s more, [benedekkupper] gives you an example STM32 project with a detailed explanation on how you too can benefit from the protocol.

There are several cool things about this project. For a start, its code is generic enough that it will port across the entire STM32 lineup nicely. Just change the pin definitions as needed, compile it, flash it onto your devboard and experiment away. Need to change the descriptors? The hid-rdf library used lets you define a custom descriptor super easily, none of that building a descriptor from scratch stuff, and it even does compile-time verification of the descriptor!

The project has been tested with a Raspberry Pi 400, and [benedekkupper] links a tutorial on quickly adding your I2C-HID device on an Linux platform; all you need is DeviceTree support. Wondering what’s possible with HID? We’ve seen hackers play with HID aplenty here, and hacking on the HID standard isn’t just for building keyboards. It can let you automate your smartphone, reuse a laptop touchpad or even a sizeable Wacom input surface, liberate extra buttons on gamepads, or build your own touchscreen display.

All About CRTs

June 25, 2024 by 76 Comments

For old-timers, CRTs — cathode ray tubes — were fixtures as kids sat in front of TVs watching everything from Howdy Doody to Star Trek. But there’s at least one generation that thinks TVs and computer monitors are flat. If that describes you, you might enjoy [The 8-Bit Guy’s] coverage of how CRTs work in the video below.

CRTs were heavy, took high voltage, and had a dangerous vacuum inside, so we really don’t miss them. The phosphor on the screen had a tendency to “burn in” if you showed the same image over and over. We don’t miss that either.

Continue reading “All About CRTs”

Paul Allen’s Living Computers Museum And Labs To Be Auctioned

June 25, 2024 by 20 Comments

After the Living Computers museum in Seattle closed like so many museums and businesses in 2020 with the pandemic, there were many who feared that it might not open again. Four years later this fear has become reality, as the Living Computers: Museum + Labs (LCM+L, for short) entire inventory is being auctioned off. This occurs only 12 years after the museum and associated educational facilities were opened to the public. Along with Allen’s collection at the LCM+L, other items that he had been collecting until his death in 2018 will also be auctioned at Christie’s, for a grand total of 150 items in the Gen One: Innovations from the Paul G. Allen Collection.

In 2022 Allen’s art collection had seen the auction block, but this time it would seem that the hammer has come for this museum. Unique about LCM+L was that it featured vintage computing systems that visitors could interact with and use much like they would have been used back in the day, rather than being merely static display pieces, hence the ‘living computers’ part. Although other vintage computing museums in the US and elsewhere now also allow for such interactive displays, it’s sad to see the only major vintage computing museum in Washington State vanish.

Hopefully the items being auctioned will find loving homes, ideally at other museums and with collectors who aren’t afraid to keep the educational spirit of LCM+L alive.

Thanks to [adistuder] for the tip.

Top image: A roughly 180° panorama of the “conditioned” room of the Living Computer Museum, Seattle, Washington, USA. Taken in 2014. (Credit: Joe Mabel)

3D Scanning, Phone Edition

June 25, 2024 by 16 Comments

It seems to make sense. If you have a 3D printer, you might wish you could just scan some kind of part and print it — sort of like a 3D photocopier. Every time we think about this, though, we watch a few videos and are instantly disappointed by the results, especially with cheap scanners. If you go the hardware route, even cheap is relative. However, you can — in theory — put an app on your phone to do the scanning. Some of the apps are free, and some have varying costs, but, again, it seems like a lot of work for an often poor result. So we were very interested in the video from [My 3D Print Lab] where he uses his phone and quite a few different apps and objectively compares them.

Unsurprisingly, one of the most expensive packages that required a monthly or annual subscription created an excellent scan. He didn’t print from it, though, because it would not let you download any models without a fee. The subject part was an ornate chess piece, and the program seems to have captured it nicely. He removed the background and turntable he was using with no problems.

Other apps didn’t fare as well, either missing some of the parts or failing to omit background elements. You may have to do some post-processing. Some of the other expensive options have free trials or other limits, but you can at least try them for free. One of the free trials let you do three free scans, but each scan took about 8 hours to process.

Continue reading “3D Scanning, Phone Edition”

Showing a Raspberry Pi 4 board connected to an ESP32 devboard using jumper wires for the purposes of this project

ESP-Hosted Turns ESP32 Into Linux WiFi/BT Adapter

June 25, 2024 by 24 Comments

While we are used to USB WiFi adapters, embedded devices typically use SDIO WiFi cards, and for good reasons – they’re way more low-power, don’t take up a USB port, don’t require a power-sipping USB hub, and the SDIO interface is widely available. However, SDIO cards and modules tend to be obscure and proprietary beyond reason. Enter ESP-Hosted – Espressif’s firmware and driver combination for ESP32 (press release)(GitHub), making your ESP32 into a WiFi module for either your Linux computer (ESP-Hosted-NG) or MCU (ESP-Hosted-FG). In particular, ESP-Hosted-NG his turns your SPI- or SDIO-connected ESP32 (including -S2/S3/C2/C3/C6 into a WiFi card, quite speedy and natively supported by the Linux network stack, as opposed to something like an AT command mode.

We’ve seen this done with ESP8266 before – repurposing an ESP8089 driver from sources found online, making an ESP8266 into a $2 WiFi adapter for something like a Pi. The ESP-Hosted project is Espressif-supported, and it works on the entire ESP32 lineup, through an SDIO or even SPI interface! It supports 802.11b/g/n and even Bluetooth, up to BLE5, either over an extra UART channel or the same SDIO/SPI channel; you can even get BT audio over I2S. If you have an SPI/SDIO port free and an ESP32 module handy, this might just be the perfect WiFi card for your Linux project!

There are some limitations – for instance, you can’t do AP mode in the NG (Linux-compatible) version. Also, part of the firmware has blobs in it, but a lot of the firmware and all of the driver are modifiable in case you need your ESP32 to do even more than Espressif has coded in – this is not fully open-source firmware, but it’s definitely way more than the Broadcom’s proprietary onboard Raspberry Pi WiFi chip. There’s plenty of documentation, and even some fun features like raw transport layer access. Also, of note is that this project supports ESP32-C6, which means you can equip your project with a RISC-V-based WiFi adapter.

Title image from [zhichunlee].

Injection Molding Using A 3D Printer

June 25, 2024 by 15 Comments

Recently [Stefan] of CNC Kitchen took a gander at using his gaggle of 3D printers to try injection molding (IM). Although the IM process generally requires metal molds and specialized machinery, 3D printers can be used for low-volume IM runs which is enough for limited production runs and prototyping before committing to producing expensive IM molds. In the case of [Stefan], he followed Form Labs’ guidance to produce molds from glass-infused Rigid 10K resin (heat deflection temperature of 218 °C). These molds are very rigid, as the ceramic-like noise when [Stefan] taps two together attests to.

Injection molded bolt, with imperfections on the head. (Credit: Stefan, CNC Kitchen)

The actual injection process is where things get more hairy for [Stefan], as he attempts to push the clamped-shut mold against the nozzle of the FDM printer to inject the molten plastic, rather than using an IM press. With PLA at standard extrusion temperature the plastic barely gets into the mold before solidifying, however. Following this, higher temperatures, different materials (PETG, TPU) and high flow-rate extruders are attempted, with varying results.

Many of the struggles would seem to be due to poor mold design, rather than fundamental issues with using an FDM. The Form Labs document details some of the basics, such as opening up the injection gate (to decrease pressure inside the mold), adding air vents to improve flow and so on. Commentators to the video with professional experience point out many of these issues as well, along with the benefits of preheating the mold.

With the caveat that most of the challenge is in making a good mold, we’ve even injection molding done with nothing more exotic than a hot glue gun. If you’ve got a friend, or a long enough lever, you can even inject the plastic by hand.

Continue reading “Injection Molding Using A 3D Printer”