You Wouldn’t Steal A Font…

In the 2000s, the DVD industry was concerned about piracy, in particular the threat to their business model presented by counterfeit DVDs and downloadable movies. Their response was a campaign which could be found embedded into the intro sequences of many DVDs of the era, in which an edgy font on a black background began with “You wouldn’t steal a car.. “. It was enough of a part of the background noise of popular culture that it has become a meme in the 2020s, reaching many people with no idea of its origins. Now in a delicious twist of fate, it has been found that the font used in the campaign was itself pirated. Someone should report them.

The font in question is FF Confidential, designed by [Just van Rossum], whose brother [Guido] you may incidentally know as the originator of the Python programming language. The font in the campaign isn’t FF Confidential though, as it turns out it’s XBAND Rough, a pirated copy of the original. What a shame nobody noticed this two decades ago.

It’s a bit of fun to delight in an anti-piracy campaign being caught using a dodgy font, but if this story serves to tell us anything it’s that the web of modern intellectual property is so labyrinthine as to be almost impossible to navigate without coming a cropper somewhere. Sadly the people caught out in this case would be the last to call for reform of the intellectual property environment, but as any sane heads would surely agree, such reform is overdue.

If copyright gives you a headache, here’s our take on it.

This Week In Security: XRP Poisoned, MCP Bypassed, And More

Researchers at Aikido run the Aikido Intel system, an LLM security monitor that ingests the feeds from public package repositories, and looks for anything unusual. In this case, the unusual activity was five rapid-fire releases of the xrpl package on NPM. That package is the XRP Ledger SDK from Ripple, used to manage keys and build crypto wallets. While quick point releases happen to the best of developers, these were odd, in that there were no matching releases in the source GitHub repository. What changed in the first of those fresh releases?

The most obvious change is the checkValidityOfSeed() function added to index.ts. That function takes a string, and sends a request to a rather odd URL, using the supplied string as the ad-referral header for the HTML request. The name of the function is intended to blend in, but knowing that the string parameter is sent to a remote web server is terrifying. The seed is usually the root of trust for an individual’s cryptocurrency wallet. Looking at the actual usage of the function confirms, that this code is stealing credentials and keys.

The releases were made by a Ripple developer’s account. It’s not clear exactly how the attack happened, though credential compromise of some sort is the most likely explanation. Each of those five releases added another bit of malicious code, demonstrating that there was someone with hands on keyboard, watching what data was coming in.

The good news is that the malicious releases only managed a total of 452 downloads for the few hours they were available. A legitimate update to the library, version 4.2.5, has been released. If you’re one of the unfortunate 452 downloads, it’s time to do an audit, and rotate the possibly affected keys. Continue reading “This Week In Security: XRP Poisoned, MCP Bypassed, And More”

Revivification: a Room with cymbals and plinth

Posthumous Composition Being Performed By The Composer

Alvin Lucier was an American experimental composer whose compositions were arguably as much science experiments as they were music. The piece he is best known for, I Am Sitting in a Room, explored the acoustics of a room and what happens when you amplify the characteristics that are imparted on sound in that space by repeatedly recording and playing back the sound from one tape machine to another. Other works have employed galvanic skin response sensors, electromagnetically activated piano strings and other components that are not conventionally used in music composition.

Undoubtedly the most unconventional thing he’s done (so far) is to perform in an exhibit at The Art Gallery of Western Australia in Perth which opened earlier this month. That in itself would not be so unconventional if it weren’t for the fact that he passed away in 2021. Let us explain.

Continue reading “Posthumous Composition Being Performed By The Composer”

Clickspring’s Experimental Archaeology: Concentric Thin-Walled Tubing

It’s human nature to look at the technological achievements of the ancients — you know, anything before the 1990s — and marvel at how they were able to achieve precision results in such benighted times. How could anyone create a complicated mechanism without the aid of CNC machining and computer-aided design tools? Clearly, it was aliens.

Or, as [Chris] from Click Spring demonstrates by creating precision nesting thin-wall tubing, it was human beings running the same wetware as what’s running between our ears but with a lot more patience and ingenuity. It’s part of his series of experiments into how the craftsmen of antiquity made complicated devices like the Antikythera mechanism with simple tools. He starts by cleaning up roughly wrought brass rods on his hand-powered lathe, followed by drilling and reaming to create three tubes with incremental precision bores. He then creates matching pistons for each tube, with an almost gas-tight enough fit right off the lathe.

Getting the piston fit to true gas-tight precision came next, by lapping with a jeweler’s rouge made from iron swarf recovered from the bench. Allowed to rust and ground to a paste using a mortar and pestle, the red iron oxide mixed with olive oil made a dandy fine abrasive, perfect for polishing the metal to a high gloss finish. Making the set of tubes concentric required truing up the bores on the lathe, starting with the inner-most tube and adding the next-largest tube once the outer diameter was lapped to spec.

Easy? Not by a long shot! It looks like a tedious job that we suspect was given to the apprentice while the master worked on more interesting chores. But clearly, it was possible to achieve precision challenging today’s most exacting needs with nothing but the simplest tools and plenty of skill. Continue reading “Clickspring’s Experimental Archaeology: Concentric Thin-Walled Tubing”

Adding An Atari Joystick Port To TheC64 USB Joystick

“TheC64” is a popular recreation of the best selling computer of all time, the original Commodore 64. [10p6] enjoys hacking on this platform, and recently whipped up a new mod — adding a 9-pin Atari joystick connector for convenience.

When it comes to TheC64 units, they ship with joysticks that look retro, but aren’t. These joysticks actually communicate with the hardware over USB. [10p6]’s hack was to add an additional 9-pin Atari joystick connector into the joystick itself. It’s a popular mod amongst owners of TheC64 and the C64 Mini. All one needs to do is hook up a 9-pin connector to the right points on the joystick’s PCB. Then, it effectively acts as a pass-through adapter for hooking up other joysticks to the system.

While this hack could have been achieved by simply chopping away at the plastic housing of the original joystick, [10p6] went a tidier route. Instead, the joystick was granted a new 3D printed base that had a perfect mounting spot for the 9-pin connector. Clean!

We’ve seen some great hacks from [10p6] lately, like the neat reimagined “C64C” build that actually appears in this project video, too.

Continue reading “Adding An Atari Joystick Port To TheC64 USB Joystick”

An illustration of two translucent blue hands knitting a DNA double helix of yellow, green, and red base pairs from three colors of yarn. Text in white to the left of the hands reads: "Evo 2 doesn't just copy existing DNA -- it creates truly new sequences not found in nature that scientists can test for useful properties."

LLMs Coming For A DNA Sequence Near You

While tools like CRISPR have blown the field of genome hacking wide open, being able to predict what will happen when you tinker with the code underlying the living things on our planet is still tricky. Researchers at Stanford hope their new Evo 2 DNA generative AI tool can help.

Trained on a dataset of over 100,000 organisms from bacteria to humans, the system can quickly determine what mutations contribute to certain diseases and what mutations are mostly harmless. An “area we are hopeful about is using Evo 2 for designing new genetic sequences with specific functions of interest.”

To that end, the system can also generate gene sequences from a starting prompt like any other LLM as well as cross-reference the results to see if the sequence already occurs in nature to aid in predicting what the sequence might do in real life. These synthetic sequences can then be made using CRISPR or similar techniques in the lab for testing. While the prospect of building our own Moya is exciting, we do wonder what possible negative consequences could come from this technology, despite the hand-wavy mention of not training the model on viruses to “to prevent Evo 2 from being used to create new or more dangerous diseases.”

We’ve got you covered if you need to get your own biohacking space setup for DNA gels or if you want to find out more about powering living computers using electricity. If you’re more curious about other interesting uses for machine learning, how about a dolphin translator or discovering better battery materials?

3D Printing A Useful Fixturing Tool

When you start building lots of something, you’ll know the value of accurate fixturing. [Chris Borge] learned this the hard way on a recent mass-production project, and decided to solve the problem. How? With a custom fixturing tool! A 3D printed one, of course.

Chris’s build is simple enough. He created 3D-printed workplates covered in a grid of specially-shaped apertures, each of which can hold a single bolt. Plastic fixtures can then be slotted into the grid, and fastened in place with nuts that thread onto the bolts inserted in the base. [Chris] can 3D print all kinds of different plastic fixtures to mount on to the grid, so it’s an incredibly flexible system.

3D printing fixtures might not sound the stoutest way to go, but it’s perfectly cromulent for some tasks. Indeed, for [Chris]’s use case of laser cutting, the 3D printed fixtures are more than strong enough, since the forces involved are minimal. Furthermore, [Chris] aided the stability of the 3D-printed workplate by mounting it on a laser-cut wooden frame filled with concrete. How’s that for completeness?

We’ve seen some other great fixturing tools before, too. Video after the break.

Continue reading “3D Printing A Useful Fixturing Tool”