Four images in as many panes. Top left is a fuchsia bottle with a QR code that only shows up on the smartphone screen held above it. Top right image is A person holding a smartphone over a red wristband. The phone displays a QR code on its screen that it sees but is invisible in the visible wavelengths. Bottom left is a closeup of the red wristband in visible light and the bottom right image is the wristband in IR showing the three QR codes embedded in the object.

Fluorescent Filament Makes Object Identification Easier

August 17, 2023 by 14 Comments

QR codes are a handy way to embed information, but they aren’t exactly pretty. New work from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have a new way to produce high contrast QR codes that are invisible. [PDF]

If this sounds familiar, you may remember CSAILs previous project embedding QR codes into 3D prints via IR-transparent filament. This followup to that research increases the detection of the objects by using an IR-fluorescent filament. Another benefit of this new approach is that while the InfraredTags could be any color you wanted as long as it was black, BrightMarkers can be embedded in objects of any color since the important IR component is embedded in traditional filament instead of the other way around.

One of the more interesting applications is privacy-preserving object detection since the computer vision system only “sees” the fluorescent objects. The example given is marking a box of valuables in a home to be detected by interior cameras without recording the movements of the home’s occupants, but the possibilities certainly don’t end there, especially given the other stated application of tactile interfaces for VR or AR systems.

We’re interested to see if the researchers can figure out how to tune the filament to fluoresce in more colors to increase the information density of the codes. Now, go forth and 3D print a snake with snake in a QR code inside!

Continue reading “Fluorescent Filament Makes Object Identification Easier”

Canadian Engineers? They Have A Ring About Them

August 10, 2023 by 100 Comments

How can you spot an engineer? It can be tricky, but it is a little easier in Canada. That’s because many Canadian engineers have been through the Ritual of the Calling of an Engineer and wear an iron or steel ring to symbolize their profession. The ring has a very odd history that originated in 1922 as the brainchild of Professor H. E. T. Haultain. While he may not be a recognizable name, at least one famous person was involved with creating the Ritual.

H. E. T. Haultain

The ring itself has facets on the outer surface, and you wear it on the little finger of your dominant hand. Originally handmade, the ring reminds the wearer of the engineer’s moral, ethical, and professional commitment. In addition to being a visible reminder, the ring is made to drag slightly as you write or draw, as a constant reminder of the engineer’s obligation. With more experience, the ridges wear down, dragging less as you get more experience.

There is a rumor that the first rings were made from the metal of a bridge that collapsed due to poor design, but this appears untrue. The presentation ceremony is understated, with limited attendance and very little publicity.

Continue reading “Canadian Engineers? They Have A Ring About Them”

3D Print Your Own Seiko-Style “Magic Lever” Energy Harvester

August 9, 2023 by 20 Comments

Back in 1956, Seiko created their “magic lever” as an integral part of self-winding mechanical watches, which were essentially mechanical energy harvesters. The magic lever is a type of ratcheting arrangement that ensures a main gear only ever advances in a single direction. [Robert Murray-Smith] goes into detail in this video (here’s a link cued up to 1:50 where he begins discussing the magic lever)

There is a lot of naturally-occuring reciprocal motion in our natural world. That is to say, there is plenty of back-and-forth and side-to-side, but not a lot of round-and-round. So, an effective mechanism for a self-winding watch needed a way to convert unpredictable reciprocal motion into a unidirectional rotary one. The magic lever was one way to do so, and it only has three main parts. [Robert] drew these up into 3D models, which he demonstrates in his video, embedded below.

The 3D models for Seiko’s magic lever are available here, and while it’s fun to play with, [Robert] wonders if it could be integrated into something else. We’ve certainly seen plenty of energy harvesting projects, and while they are mostly electrical, we’ve also seen ideas about how to harvest the energy from falling raindrops.

Continue reading “3D Print Your Own Seiko-Style “Magic Lever” Energy Harvester”

This Week In Security: Zenbleed, Web Integrity, And More!

July 28, 2023 by 9 Comments

Up first is Zenbleed, a particularly worrying speculative execution bug, that unfortunately happens to be really simple to exploit. It leaks data from function like strlen, memcpy, and strcmp. It’s vulnerable from within virtual machines, and potentially from within the browser. The scope is fairly limited, though, as Zenbleed only affects Zen 2 CPUs: that’s the AMD Epyc 7002 series, the Ryzen 3000 series, and some of the Ryzen 4000, 5000, and 7020 series of CPUs, specifically those with the built-in Radeon graphics.

And at the heart of problem is a pointer use-after-free — that happens inside the CPU itself. We normally think of CPU registers as fixed locations on the silicon. But in the case of XMM and YMM registers, there’s actually a shared store of register space, and the individual registers are mapped into that space using a method very reminiscent of pointers.

Continue reading “This Week In Security: Zenbleed, Web Integrity, And More!”

Workshop Dust Manifold Spreads The Suction Around

July 26, 2023 by 15 Comments

Let’s say you’re doing lots of woodwork now, and you’ve expanded your workshop with a few big tools. You’re probably noticing the sawdust piling up awfully quick. It would be ideal to have some kind of collection system, but you don’t want to buy a shop vac for every tool. This simple manifold from [Well Done Tips] is the perfect solution for you.

It’s a basic rig at heart, but nonetheless a useful one. It consists of a plywood frame with a shuttle that slides back and forth. The suction hose of your shop vac attaches to the shuttle. Meanwhile, the frame has a series of pipes leading to the dust extraction ports of your various tools around the shop. When you power up a tool, simply slide the manifold to the right position, and you’re good to go. Magnets will hold it in place so it doesn’t get jostled around while you work.

It’s a much cheaper solution than buying a huge dust extraction system that can draw from all your tools at once. If you’re just one person, that’s overkill anyway. This solution is just about sized perfectly for small home operators. Give it a go if you’re tired of sweeping up the mess and coughing your lungs out on the regular. Video after the break.

Continue reading “Workshop Dust Manifold Spreads The Suction Around”

Conductive Gel Has Potential

July 18, 2023 by 24 Comments

There are some technologies first imagined in the Star Trek universe have already come to exist in the modern day. Communicators, tablet computers, and computer voice recognition are nearly as good as seen in the future, and other things like replicators and universal translators are well on their way. Star Trek: Voyager introduced a somewhat ignored piece of futuristic technology, the bio-neural gel pack. Supposedly, the use of an organic gel improved the computer processing power on the starship. This wasn’t explored too much on the series, but [Tom] is nonetheless taking the first steps to recreating this futuristic technology by building circuitry using conductive gel.

[Tom]’s circuitry relies on the fact that salts in a solution can conduct electricity, so in theory filling a pipe or tube with a saline solution should function similarly to a wire. He’s also using xanthan gum to increase viscosity. While the gel mixture doesn’t have quite the conductivity of copper, with a slight increase in the supplied voltage to the circuit it’s easily able to be used to light LEDs. Unlike copper, however, these conductive gel-filled tubes have some unique properties. For example, filling a portion of the tube with conductive gel and the rest with non-conductive mineral oil and pushing and pulling the mixture through the tube allows the gel to move around and engage various parts of a circuit in a way that a simple copper wire wouldn’t be able to do.

In this build specifically, [Tom] is using a long tube with a number of leads inserted into it, each of which correspond to a number on a nixie tube. By moving the conductive gel, surrounded by mineral oil, back and forth through the tube at precise intervals each of the numbers on the nixie tube can be selected for. It’s not yet quite as good as the computer imagined in Voyager but it’s an interesting concept nonetheless, not unlike this working replica of a communicator badge.

Continue reading “Conductive Gel Has Potential”

This Week In Security: Bogus CVEs, Bogus PoCs, And Maybe A Bogus Breach

July 7, 2023 by 3 Comments

It appears we have something of a problem. It’s not really a new problem, and shouldn’t be too surprising, but it did pop up again this week: bogus CVEs. Starting out in the security field? What’s the best way to jump-start a career? Getting a CVE find to your name certainly can’t hurt. And as a result, you get very junior security researchers looking for and reporting novel security vulnerabilities of sometimes dubious quality. Sometimes that process looks a lot like slinging reports against the wall to see what sticks. Things brings us to an odd bug report in the OBS Studio project.

A researcher put together a script to look for possible password exposure on Github projects, and it caught a configuration value named “password” in a .ini file, being distributed in the project source. Obvious credential leak in Git source, right? Except for the little detail that it was in the “locale” folder, and the files were named ca-es.ini, ja-jp.ini, and similar. You may be in on the joke by now, but if not, those are translation strings. It wasn’t leaked credentials, it was various translations of the word “password”. This sort of thing happens quite often, and from the viewpoint of a researcher looking at results from an automated tool, it can be challenging to spend enough time with each result to fully understand the code in question. It looks like this case includes a language barrier, making it even harder to clear up the confusion.

Things took a turn for the worse when a CVE was requested. The CVE Numbering Authority (CNA) that processed the request was MITRE, which issued CVE-2023-34585. It was a completely bogus CVE, and thankfully a more complete explanation from OBS was enough to convince the researcher of his error. That, however, brings us back to CVE-2023-36262, which was published this week. It’s yet another CVE, for the same non-issue, and even pointing at the same GitHub issue where the alleged bug is debunked. There’s multiple fails here, but the biggest disappointment is MITRE, for handing out CVEs twice for the same issue. Shout-out to [Netspooky] on Twitter for spotting this one. Continue reading “This Week In Security: Bogus CVEs, Bogus PoCs, And Maybe A Bogus Breach”