Broadcasting GPS On The Local Network To Help Geoclue Find You

May 8, 2026 by 5 Comments

Rather than having users go through the inconvenience of having to punch in their current location, an increasing number of applications and websites use location services that can pin-point the current location of a user to within a certain number of meters or kilometers.

Unfortunately, [Evert Pot] found that with the demise of the Mozilla Location Service (MLS) in 2024, accuracy of the Linux Geoclue service had dropped to a resolution of about 25 km. Since a LAN tends to not move around a lot, this seemed like the perfect time to help Geoclue out with a local GPS server.

All that Geoclue looks for on the LAN is an mDNS service identifying as _nmea-0183._tcp that responds with the GPS coordinates as network packets containing an ASCII payload encoded using the NMEA 0183 standard. With this knowledge [Evert] was then able to quickly put together a Python-based server that simply blasts the static GPS coordinates of the LAN in question.

With the service running, Gnome Maps and Firefox with Google Maps both displayed the right location down to the house, as can be seen in the screenshots. With the same LAN service and a Mac system there was no such luck with Apple Maps unless Location Services was turned off, though presumably Apple uses its own equivalent to MLS.

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

May 8, 2026 by 8 Comments

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and a new vulnerability in a RPC function which allows similar overwriting of the page cache.

Both vulnerabilities manipulate the Linux page cache where data from disk is stored for rapid access. The kernel will always prefer the cached version of a file, which means that anything that is able to manipulate the contents of the cache can effectively replace the contents of the file. Both of the vulnerabilities leverage a similar mechanism – picking a binary which is flagged to run as root, such as su, and replacing the contents that would prompt for the users password with a launcher to immediately run a shell.

Like CopyFail, DirtyFrag requires the ability to execute code on the target in the first place, but turning almost any code or command execution vulnerability in any network service into root raises the impact significantly, allowing an attacker to break out of containers and privilege environments, or establish a persistent presence in the system when the original vulnerabilities are discovered and closed.

The previous mitigations to block specific kernel modules related to CopyFail are not sufficient to block the new vulnerabilities. At the time of writing this, there are no available patches from the distributions, however the vulnerable kernel modules can be temporarily disabled.

CopyFail added to KEV

CISA (the United States cyber security agency) has added CopyFail to the KEV, or Known Exploited Vulnerabilities list. Attacks on the KEV have been observed under active exploitation, which in the case of CopyFail is hardly a surprise.

The KEV is designed as a tool to allow security teams in government and commercial industry to prioritize the highest risk vulnerabilities – or at least give another source of data to point at when you say “we really need to patch this now”.

Prolonged Ubuntu DDOS

On the heels of the CopyFail vulnerability impacting almost all distributions, Ubuntu has had to face a prolonged distributed denial-of-service (DDoS) attack against the main infrastructure. Ars Technica reported at the beginning of the attack, and after several days, services appear to be restored. In the meantime, core services such as package updates, core repositories, and even the Ubuntu and Canonical websites were largely unreachable.

An Iraqi group claims responsibility for the attack, but it is unclear if they were the actual perpetrators – or why. The timing with the CopyFail vulnerability seems like an opportune moment to cause chaos by taking the update mechanisms of a major distribution offline, but in the era of modern Internet behavior, it could also just have been a Tuesday.

Continue reading “This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools”

The ESP8266 Gets An OS, And It’s Familiar

May 8, 2026 by 14 Comments

A couple weeks back we brought you news of KernelUNO, a command line shell and very simple operating system for the Arduino Uno. It’s a neat idea, so it’s hardly surprising to see someone port it to another microcontroller and add more features.

Here’s [hery-torrado], with KernelESP for the ESP8266, which takes the original idea and adds a web console, scheduled jobs, sensor rules, scripting, NTP, and a JSON API. The networking using the ESP’s built-in WiFi takes the original and makes it significantly more useful.

It’s worth suggesting that the ability to call URLs with GET data to pass things to APIs would be useful on a networked processor too, but this is already so well featured it seems rude to ask for more. Yet again though, this project has given a new life to an old chip, and we think it has a way further to go. Perhaps a port to the ESP32 would allow it to reach its full potential, or maybe for a ridiculously cheap and powerful platform, the CH32 series of chips. We look forward to see what more will come from KernelUNO.

Our original coverage can be read here.

A black and yellow robot dog stands in the middle of the floor, with a GoPro camera mounted on its back. A picture-in-picture view in the bottom left corner shows the view from the camera.

An Improved Robot Dog For Senior Design

May 8, 2026 by 6 Comments

[Aaed Musa] has been building robot dogs for a long time now, so it was only natural that he would make one for the senior design project of his mechanical engineering degree. Since this meant working with potential customers, the requirements were somewhat more stringent than for previous dogs, but [Aaed] and his team were able to deliver CARA 2.0, their most agile, versatile robot yet.

Based on conversations with potential customers, [Aaed] and his team aimed for a price around $1,000 USD, a weight under 20 pounds, and a durable design. Like the original CARA, this used capstan drives to actuate the joints, which reduced costs. The drives were printed in resin and powered by brushless drone motors. These motors were designed for speed, not torque, so the team had to rewind them with more wire, an ordeal which paid off by roughly tripling the torque. As far as durability, one joint motor was tested by running it continuously back and forth, and it lasted for over 1,000 hours without obvious damage.

Since the joints don’t contain any absolute encoders, each motor has to home on startup by extending to its limit, as detected by a rise in motor current. As a happy side effect, this creates a lifelike stretching motion on startup. Compared to the earlier iteration, CARA 2.0 takes shorter, quicker steps, and thanks to angled step movements can turn much more quickly. In testing, it originally skewed to the left, which turned out to be due to an asymmetric leg design. Once corrected, CARA 2.0 could walk in straight lines, walk sideways, turn in place, crouch, jump, and keep its balance on an inclined surface. It didn’t quite make the price goal, but $1,450 is still cheap for such a capable robot dog, and it reached every other customer requirement. Most importantly, all the team graduated.

For another take on a capstan-powered robot dog, check out Stanley. We’ve also taken a look at TOPS, one of [Aaed]’s earlier designs.

Continue reading “An Improved Robot Dog For Senior Design”

The Montgomery Ward Gasoline-Powered Clothes Iron

May 7, 2026 by 15 Comments

Before the advent of electricity in the home made electrically-heated clothes irons a possibility, ironing was a cumbersome process, with self-heated irons being an arguable improvement over solid (so-called sad) irons that required heating in an external heat source like a stove or fire. These self-heating irons used a variety of fuels, with the one featured on the [Our Own Devices] YouTube channel using gasoline for fuel, making it technically a gasoline-powered clothes iron.

The used gasoline form is LSR, which is commonly referred to as naphtha and is also sold as camping fuel today. In addition to the gasoline version a kerosene-powered version was also sold, so you had to better make sure you refueled your iron with the right fuel.

After pouring in fresh fuel you have to prime it by pushing the plunger a couple of times, before igniting the burner with a lit match via a hole in the side while opening the fuel valve. If you did things right, the iron will now be heating up. In a sense this makes it effectively like a camping stove, with also many of the same caveats, with such irons gaining a reputation for starting fires and causing bodily harm.

Due to decaying seals this iron in the video wasn’t fired up, but it was disassembled to show the internal components, along with a comparison of the kerosene version. Inside is a kind of crude carburetor that mixes air in with the fuel to get a combustible fuel-air mix, along with plenty of soot to attest to this iron having been regularly used.

Although electrical irons eventually removed all need for gasoline-powered irons, they were still used in mostly rural settings until the 1950s. Reading the Wikipedia entry on clothes irons makes one rather glad that these days we can iron our clothes without all the fuss and significant risk of accidents of these old irons.

Continue reading “The Montgomery Ward Gasoline-Powered Clothes Iron”

An LLM From “Scratch”

May 7, 2026 by 9 Comments

Reading a book about bowling is not the same as actually bowling. If that resonates with you and you want to learn more about large language models, check out the LLM From Scratch project. The hands-on workshop lets you use a Mac, Linux, or Windows PC running Python and common libraries like numpy and torch to build your own bare-bones LLM.

The project takes inspiration from nanoGPT but scales it down so you can train the model in around an hour on a typical computer. It will use an Apple or NVIDIA GPU, if available.

Continue reading “An LLM From “Scratch””

How To Avoid Failed Screw Holes In 3D Printed Parts

May 7, 2026 by 19 Comments

Screws are useful fasteners for 3D prints, but the effectiveness of a screw (not to mention the ease or hassle of insertion) depends on the hole itself. This comprehensive guide on how to design screw holes in 3D printed parts takes guesswork out by providing reference tables as well as useful general tips.

The guide provides handy tables saying exactly how big to design a hole depending on screw type, material (PLA, PETG, or high-flow PETG) and whether the hole is printed in a vertical or horizontal orientation. This takes the guesswork out of screw hole design.

There’s no reason to guess the right size of hole for a screw, just refer to some handy tables.

The reason for different numbers is because multiple (but predictable) variables affect a 3D-printed hole’s final dimensions. Shrinkage, filament properties, and printing orientation can all measurably affect small features like screw holes; accounting for these is the difference between a good fit, and cracking or stripping.

In addition to the tables, there are loads of other useful tips. Designing lead-ins makes screws easier to insert and engage, and while increasing walls is an easy way to add strength it’s also possible to use 3D-printed microfeatures which are more resistant to distortion and don’t depend on slicer settings. There’s even suggested torque amounts for different screw and material types.

Sure, the most reliable way to get a hole of a known size is to drill it out yourself. But that’s an extra step, and drill bits aren’t always at hand in the desired sizes. The guide shows that it is entirely possible to print an ideal screw hole by taking a few variables into account.

If your design calls for screws, be sure to check it out and see if there’s anything you can use in your own designs.