The Dark Arts – Remote File Inclusion

July 31, 2017 by 26 Comments

In the waning hours of 2010, a hacking group known as Lulzsec ran rampant across the Internet, leaving a path of compromised servers, a trail of defaced home pages, leaked emails, and login information in their wake. They were eventually busted via human error, and the leader of the group becoming an FBI informant. This handful of relatively young hackers had made a huge mess of things. After the digital dust had settled – researches, journalists, and coders began to dissect just how these seemingly harmless group of kids were able to harness so much power and control over the World Wide Web. What they found was not only eye-opening to web masters and coders, but shined a light on just how vulnerable all of our data was for everyone to see. It ushered in an era of renewed focus on security and how to write secure code.

In this Dark Arts series, we have taken a close look at the primary techniques the Luzsec hackers used to gain illegal access to servers. We’ve covered two them – SQL injection (SQLi) and cross-site scripting (XSS). In this article, we’ll go over the final technique called remote file inclusion (RFI).

DISCLAIMER: Fortunately, the surge of security-minded coding practices after the fall of Lulzsec has (for the most part) removed these vulnerabilities from the Internet as a whole. These techniques are very dated and will not work on any server that is maintained and/or behind a decent firewall, and your IP will probably get flagged and logged for trying them out. But feel free to set up a server at home and play around. Continue reading “The Dark Arts – Remote File Inclusion”

Beautiful Rocketeer Jetpack Replica Boasts Impressive Metalwork

July 31, 2017 by 8 Comments

Fans of the Rocketeer comic book and movie franchise will be familiar with its hero’s 1930s-styled rocket backpack.  It’s an intricate construction of complex streamlined curves, that has inspired many recreations over the years.

Most Rocketeer jetpacks are made from plastic, foam, and other lightweight materials that will be familiar to cosplayers and costumers. But [David Guyton]’s one is different, he’s made it from sheet steel.

The attraction in his video is not so much the finished pack, though that is an impressive build. Instead it’s the workmanship, nay, the craftsmanship, as he documents every stage of the metalwork involved. The panel beating tools of a sheet metalworker’s trade are surprisingly simple, and it’s tempting to think as you watch: “I could do that!”. But behind the short video clips and apparent speed of the build lies many hours of painstaking work and a huge amount of skill. Some of us will have tried this kind of sheet work, few of us will have taken it to this level.

The video is below the break, it takes us through the constituent parts of the build, including at the end some of the engine details which are cast in resin. Watch it with a sense of awe!

Continue reading “Beautiful Rocketeer Jetpack Replica Boasts Impressive Metalwork”

Failing Infrastructure And The Lessons It Teaches

July 31, 2017 by 64 Comments

Infrastructure seems so permanent and mundane that most of us never give it a second thought. Maintenance doesn’t make for a flashy news story, but you will frequently find a nagging story on the inside pages of the news cycle discussing the slowly degrading, crumbling infrastructure in the United States.

If not given proper attention, it’s easy for these structures to fall into a state of disrepair until one suddenly, and often catastrophically, fails. We’ve already looked at a precarious dam situation currently playing out in California, and although engineers have that situation under control for now, other times we haven’t been so lucky. Today we’ll delve into a couple of notable catastrophic failures and how they might be avoided in future designs.

Gaining Weight While Delaying Repairs

Most of us take infrastructure for granted every day. Power lines, roads, pipelines, and everything else have a sense of permanence and banality that can’t be easily shaken. Sadly, this reality shattered for most people in Minneapolis, Minnesota in August 2007.

Continue reading “Failing Infrastructure And The Lessons It Teaches”

Worried About Running Out Of Filament Mid-Print? Join It!

July 31, 2017 by 21 Comments

If you’ve ever cringed over throwing away any printer filament you know wouldn’t cover your next small part — let alone an overnight print — you may appreciate [starlino]’s method for joining two spools of filament together.

While there are other methods to track how much filament you’re using, this method removes some of the guesswork. First, snip the ends of the filament on a diagonal — as close to the same angle as possible. Cover both ends with shrink wrap tubing — 2mm tubing for 1.75mm filament for example — ensuring that the two ends overlap inside the wrap. Tape the filament to a heat resistant mat with Kapton tape, leaving exposed the joint between the two filaments. A temperature sensor may help you to find your filament’s melting point, or you can experiment as necessary to get a feel for it.

Melt the filament inside the tubing with a hot air soldering station or heat gun and cool it down promptly with a few blasts from an air duster. All that’s left is to cut the filament free of the tape and shrink wrap, scraping away any excess so as to prevent printer jams. Done! Now, back to printing! Check out the tutorial video after the break.nning

Continue reading “Worried About Running Out Of Filament Mid-Print? Join It!”

Listen To Your Fermentation To Monitor Its Progress

July 31, 2017 by 9 Comments

If you are a wine, beer, or cider maker, you’ll know the ritual of checking for fermentation. As the yeast does its work of turning sugar into alcohol, carbon dioxide bubbles froth on the surface of your developing brew, and if your fermentation container has an airlock, large bubbles pass through the water within it on a regular basis. Your ears become attuned to the regular “Plop… plop… plop” sound they make, and from their interval you can tell what stage you have reached.

[Chris] automated this listening for fermentation bubbles, placing a microphone next to his airlock and detecting amplitude spikes through two techniques: one using an FFT algorithm and the other a bandpass filter. Both techniques yielded similar graphs for fermentation activity over time.

He has a few ideas for improvement, but notes that his system is vulnerable to external noises. There is also an admission that using light to detect bubbles might be a more practical solution as we have shown you more than once with other projects, but as with so many projects on these pages, it is the joy of the tech as much as the practicality that matters.

Fishing For AirPods With Magnets

July 30, 2017 by 35 Comments

Note to self: if you’re going to hack at 4 in the morning, have a plan to deal with the inevitable foul ups. Like being able to whip up an impromptu electromagnetic crane to retrieve an AirPod dropped out a window.

Apartment dweller [Tyler Efird]’s tale of woe began with a wee-hours 3D print in need of sanding. Leaning out his third-story window to blow off some dust, he knocked one AirPod free and gravity did the rest. With little light to search by and a flight to catch, the wayward AirPod sat at the bottom of a 10-foot shaft below his window, keeping company with a squad of spiders for two weeks. Unwilling to fork over $69 and wait a month and a half for a replacement, [Tyler] set about building a recovery device. A little magnet wire wound onto a bolt, a trashed 100-foot long Ethernet cable, and a DC bench supply were all he needed to eventually fish up the AirPod. And no spiders were harmed in the making of this hack.

Need to lift something a little heavier than an AirPod? A beefy microwave oven transformer electromagnet might be the thing for you. And confused about how magnets even work in the first place? Check out our primer on magnetism.

Continue reading “Fishing For AirPods With Magnets”

False Claims On Kickstarter: What’s New?

July 30, 2017 by 56 Comments

Kickstarter and its ilk seem like the Wild West when it comes to claims of being “The world’s most (Insert feature here) device!” It does add something special when you can truly say you have the world record for a device though, and [MellBell Electronics] are currently running a Kickstarter claiming the worlds smallest Arduino compatible board called Pico.

We don’t want to knock them too much, they seem like a legit Kickstarter campaign who have at time of writing doubled their goal, but after watching their promo video, checking out their Kickstarter, and around a couple of minutes research, their claim of being the world’s smallest Arduino-compatible board seems to have been debunked. The Pico measures in at an impressive 0.6 in. x 0.6 in. with a total area of 0.36 sq.in. which is nothing to be sniffed at, but the Nanite 85 which we wrote up back in 2014 measures up at around 0.4 in. x  0.7in. with a total area of around 0.28 sq.in.. In this post-fact, fake news world we live in, does it really matter? Are we splitting hairs? Or are the Pico team a little fast and loose with facts and the truth?

There may be smaller Arduino compatible boards out there, and this is just a case study between these two. We think when it comes to making bold claims like “worlds smallest” or something similar perhaps performing a simple Google search just to be sure may be an idea.

Continue reading “False Claims On Kickstarter: What’s New?”